Ubuntu
linux package

Xenial update to 4.4.130 stable release

Xenial (16.04)
Bug #1768474

Bug #1768474 reported by Juerg Haefliger on 2018-05-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Xenial	Fix Released	Undecided	Unassigned

Bug Description

SRU Justification

Impact:
   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.130 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.

git://git.kernel.org/

TEST CASE: TBD

   The following patches from the 4.4.130 stable release shall be
   applied:
   * Linux 4.4.130
   * s390/uprobes: implement arch_uretprobe_is_alive()
   * s390/cio: update chpid descriptor after resource accessibility event
   * cdrom: information leak in cdrom_ioctl_media_changed()
   * scsi: mptsas: Disable WRITE SAME
   * ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
   * net: af_packet: fix race in PACKET_{R|T}X_RING
   * tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
   * net: fix deadlock while clearing neighbor proxy table
   * tipc: add policy for TIPC_NLA_NET_ADDR
   * llc: fix NULL pointer deref for SOCK_ZAPPED
   * llc: hold llc_sap before release_sock()
   * sctp: do not check port in sctp_inet6_cmp_addr
   * vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
   * pppoe: check sockaddr length in pppoe_connect()
   * packet: fix bitfield update race
   * team: fix netconsole setup over team
   * team: avoid adding twice the same option to the event list
   * tcp: don't read out-of-bounds opsize
   * llc: delete timers synchronously in llc_sk_free()
   * net: validate attribute sizes in neigh_dump_table()
   * l2tp: check sockaddr length in pppol2tp_connect()
   * KEYS: DNS: limit the length of option strings
   * bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave
   * s390: correct module section names for expoline code revert
   * s390: correct nospec auto detection init order
   * s390: add sysfs attributes for spectre
   * s390: report spectre mitigation via syslog
   * s390: add automatic detection of the spectre defense
   * s390: move nobp parameter functions to nospec-branch.c
   * s390/entry.S: fix spurious zeroing of r0
   * s390: do not bypass BPENTER for interrupt system calls
   * s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
   * s390: introduce execute-trampolines for branches
   * s390: run user space and KVM guests with modified branch prediction
   * s390: add options to change branch prediction behaviour for the kernel
   * s390/alternative: use a copy of the facility bit mask
   * s390: add optimized array_index_mask_nospec
   * s390: scrub registers on kernel entry and KVM exit
   * KVM: s390: wire up bpb feature
   * s390: enable CPU alternatives unconditionally
   * s390: introduce CPU alternatives
   * Revert "ath10k: send (re)assoc peer command when NSS changed"
   * jbd2: fix use after free in kjournald2()
   * ath9k_hw: check if the chip failed to wake up
   * Input: drv260x - fix initializing overdrive voltage
   * r8152: add Linksys USB3GIGV1 id
   * staging: ion : Donnot wakeup kswapd in ion system alloc
   * perf: Return proper values for user stack errors
   * x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
   * cifs: do not allow creating sockets except with SMB1 posix exensions

See original description

Tags:

CVE References

Juerg Haefliger (juergh) on 2018-05-02

Changed in linux (Ubuntu):
status:	New → Invalid

Juerg Haefliger (juergh) on 2018-05-02

description:

updated

Revision history for this message

Juerg Haefliger (juergh) wrote on 2018-05-03:

Skipped the following patch (already applied):
* KVM: s390: wire up bpb feature

Kleber Sacilotto de Souza (kleber-souza) on 2018-05-15

Changed in linux (Ubuntu Xenial):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-06-11:

Download full text (15.1 KiB)

This bug was fixed in the package linux - 4.4.0-128.154

---------------
linux (4.4.0-128.154) xenial; urgency=medium

* linux: 4.4.0-128.154 -proposed tracker (LP: #1772960)

  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.

  * [i915_bpo] Fix flickering issue after panel change (LP: #1770565)
    - drm/i915: Fix iboost setting for DDI with 4 lanes on SKL
    - drm/i915: Name the "iboost bit"
    - drm/i915: Program iboost settings for HDMI/DVI on SKL
    - drm/i915: Move bxt_ddi_vswing_sequence() call into intel_ddi_pre_enable()
      for HDMI
    - drm/i915: Explicitly use ddi buf trans entry 9 for hdmi
    - drm/i915: Split DP/eDP/FDI and HDMI/DVI DDI buffer programming apart
    - drm/i915: Get the iboost setting based on the port type
    - drm/i915: Simplify intel_ddi_get_encoder_port()
    - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2
    - drm/i915: KBL - Recommended buffer translation programming for DisplayPort
    - drm/i915: Ignore OpRegion panel type except on select machines

* [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
- init: fix false positives in W+X checking

* [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
- SAUCE: (no-up) s390: fix rwlock implementation

  * linux < 4.11: unable to use netfilter logging from non-init namespaces
    (LP: #1766573)
    - netfilter: allow logging from non-init namespaces

  * [LTC Test] Ubuntu 18.04: tm_sigreturn failed on P8 compat mode 16.04.04
    guest (LP: #1771439)
    - powerpc: signals: Discard transaction state from signal frames

* QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
- ath10k: update the IRAM bank number for QCA9377

  * i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel
    4.4.0-116-generic (LP: #1752536)
    - ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC

  * Xenial update to 4.4.131 stable release (LP: #1768825)
    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
    - ext4: set h_journal if there is a failure...

This bug was fixed in the package linux - 4.4.0-128.154

---------------
linux (4.4.0-128.154) xenial; urgency=medium

* linux: 4.4.0-128.154 -proposed tracker (LP: #1772960)

* [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
    - init: fix false positives in W+X checking

* [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
    - SAUCE: (no-up) s390: fix rwlock implementation

* linux < 4.11: unable to use netfilter logging from non-init namespaces
    (LP: #1766573)
    - netfilter: allow logging from non-init namespaces

* [LTC Test] Ubuntu 18.04:  tm_sigreturn failed on P8 compat mode 16.04.04
    guest (LP: #1771439)
    - powerpc: signals: Discard transaction state from signal frames

* QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
    - ath10k: update the IRAM bank number for QCA9377

* i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel
    4.4.0-116-generic (LP: #1752536)
    - ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC

* Xenial update to 4.4.131 stable release (LP: #1768825)
    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
    - ext4: set h_journal if there is a failure starting a reserved handle
    - ext4: add validity checks for bitmap block numbers
    - ext4: fix bitmap position validation
    - usbip: usbip_host: fix to hold parent lock for device_attach() calls
    - usbip: vhci_hcd: Fix usb device and sockfd leaks
    - USB: serial: simple: add libtransistor console
    - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
    - USB: serial: cp210x: add ID for NI USB serial console
    - usb: core: Add quirk for HP v222w 16GB Mini
    - USB: Increment wakeup count on remote wakeup.
    - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
    - virtio: add ability to iterate over vqs
    - virtio_console: free buffers after reset
    - drm/virtio: fix vq wait_event condition
    - tty: Don't call panic() at tty_ldisc_init()
    - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
    - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
    - tty: Use __GFP_NOFAIL for tty_ldisc_get()
    - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
    - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
    - ALSA: hda/realtek - Add some fixes for ALC233
    - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
    - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
    - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
    - kobject: don't use WARN for registration failures
    - scsi: sd: Defer spinning up drive while SANITIZE is in progress
    - ARM: amba: Make driver_override output consistent with other buses
    - ARM: amba: Fix race condition with driver_override
    - ARM: amba: Don't read past the end of sysfs "driver_override" buffer
    - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
    - libceph: validate con->state at the top of try_write()
    - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
    - x86/smpboot: Don't use mwait_play_dead() on AMD systems
    - serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init
    - serial: mctrl_gpio: Add missing module license
    - Linux 4.4.131

* Xenial update to 4.4.130 stable release (LP: #1768474) // CVE-2017-5715 //
    CVE-2017-5753
    - SAUCE: s390: print messages for gmb and nobp

* Xenial update to 4.4.130 stable release (LP: #1768474)
    - cifs: do not allow creating sockets except with SMB1 posix exensions
    - x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
    - perf: Return proper values for user stack errors
    - staging: ion : Donnot wakeup kswapd in ion system alloc
    - r8152: add Linksys USB3GIGV1 id
    - Input: drv260x - fix initializing overdrive voltage
    - ath9k_hw: check if the chip failed to wake up
    - jbd2: fix use after free in kjournald2()
    - Revert "ath10k: send (re)assoc peer command when NSS changed"
    - Revert "UBUNTU: SAUCE: s390: print messages for gmb and nobp"
    - Revert "UBUNTU: SAUCE: s390: improve cpu alternative handling for gmb and
      nobp"
    - Revert "s390: add ppa to kernel entry / exit"
    - Revert "s390: introduce CPU alternatives"
    - s390: introduce CPU alternatives
    - s390: enable CPU alternatives unconditionally
    - s390/alternative: use a copy of the facility bit mask
    - s390: add options to change branch prediction behaviour for the kernel
    - s390: scrub registers on kernel entry and KVM exit
    - s390: add optimized array_index_mask_nospec
    - s390: run user space and KVM guests with modified branch prediction
    - s390: introduce execute-trampolines for branches
    - s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
    - s390: do not bypass BPENTER for interrupt system calls
    - s390/entry.S: fix spurious zeroing of r0
    - s390: move nobp parameter functions to nospec-branch.c
    - s390: add automatic detection of the spectre defense
    - [Config] Add CONFIG_EXPOLINE=y and CONFIG_EXPOLINE_AUTO=y
    - s390: report spectre mitigation via syslog
    - s390: add sysfs attributes for spectre
    - s390: correct nospec auto detection init order
    - s390: correct module section names for expoline code revert
    - bonding: do not set slave_dev npinfo before slave_enable_netpoll in
      bond_enslave
    - KEYS: DNS: limit the length of option strings
    - l2tp: check sockaddr length in pppol2tp_connect()
    - net: validate attribute sizes in neigh_dump_table()
    - llc: delete timers synchronously in llc_sk_free()
    - tcp: don't read out-of-bounds opsize
    - team: avoid adding twice the same option to the event list
    - team: fix netconsole setup over team
    - packet: fix bitfield update race
    - pppoe: check sockaddr length in pppoe_connect()
    - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
    - sctp: do not check port in sctp_inet6_cmp_addr
    - llc: hold llc_sap before release_sock()
    - llc: fix NULL pointer deref for SOCK_ZAPPED
    - tipc: add policy for TIPC_NLA_NET_ADDR
    - net: fix deadlock while clearing neighbor proxy table
    - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
    - net: af_packet: fix race in PACKET_{R|T}X_RING
    - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
    - scsi: mptsas: Disable WRITE SAME
    - cdrom: information leak in cdrom_ioctl_media_changed()
    - s390/cio: update chpid descriptor after resource accessibility event
    - s390/uprobes: implement arch_uretprobe_is_alive()
    - Linux 4.4.130
    - SAUCE: s390: Add 'nogmb' kernel parameter

* Xenial update to 4.4.129 stable release (LP: #1768429)
    - media: v4l2-compat-ioctl32: don't oops on overlay
    - parisc: Fix out of array access in match_pci_device()
    - perf intel-pt: Fix overlap detection to identify consecutive buffers
      correctly
    - perf intel-pt: Fix sync_switch
    - perf intel-pt: Fix error recovery from missing TIP packet
    - perf intel-pt: Fix timestamp following overflow
    - radeon: hide pointless #warning when compile testing
    - block/loop: fix deadlock after loop_set_status
    - s390/qdio: don't retry EQBS after CCQ 96
    - s390/qdio: don't merge ERROR output buffers
    - s390/ipl: ensure loadparm valid flag is set
    - getname_kernel() needs to make sure that ->name != ->iname in long case
    - rtl8187: Fix NULL pointer dereference in priv->conf_mutex
    - hwmon: (ina2xx) Fix access to uninitialized mutex
    - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN
    - slip: Check if rstate is initialized before uncompressing
    - lan78xx: Correctly indicate invalid OTP
    - x86/hweight: Get rid of the special calling convention
    - [Config] Remove ARCH_HWEIGHT_CFLAGS
    - x86/hweight: Don't clobber %rdi
    - tty: make n_tty_read() always abort if hangup is in progress
    - ubifs: Check ubifs_wbuf_sync() return code
    - ubi: fastmap: Don't flush fastmap work on detach
    - ubi: Fix error for write access
    - ubi: Reject MLC NAND
    - fs/reiserfs/journal.c: add missing resierfs_warning() arg
    - resource: fix integer overflow at reallocation
    - ipc/shm: fix use-after-free of shm file via remap_file_pages()
    - mm, slab: reschedule cache_reap() on the same CPU
    - usb: musb: gadget: misplaced out of bounds check
    - ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
    - ARM: dts: at91: sama5d4: fix pinctrl compatible string
    - xen-netfront: Fix hang on device removal
    - regmap: Fix reversed bounds check in regmap_raw_write()
    - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
    - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
    - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
    - usb: dwc3: pci: Properly cleanup resource
    - HID: i2c-hid: fix size check and type usage
    - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()
    - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
    - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
    - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
    - HID: Fix hid_report_len usage
    - HID: core: Fix size as type u32
    - ASoC: ssm2602: Replace reg_default_raw with reg_default
    - thunderbolt: Resume control channel after hibernation image is created
    - random: use a tighter cap in credit_entropy_bits_safe()
    - jbd2: if the journal is aborted then don't allow update of the log tail
    - ext4: don't update checksum of new initialized bitmaps
    - ext4: fail ext4_iget for root directory if unallocated
    - RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
    - ALSA: pcm: Fix UAF at PCM release via PCM timer access
    - IB/srp: Fix srp_abort()
    - IB/srp: Fix completion vector assignment algorithm
    - dmaengine: at_xdmac: fix rare residue corruption
    - um: Use POSIX ucontext_t instead of struct ucontext
    - iommu/vt-d: Fix a potential memory leak
    - mmc: jz4740: Fix race condition in IRQ mask update
    - clk: mvebu: armada-38x: add support for 1866MHz variants
    - clk: mvebu: armada-38x: add support for missing clocks
    - clk: bcm2835: De-assert/assert PLL reset signal when appropriate
    - thermal: imx: Fix race condition in imx_thermal_probe()
    - watchdog: f71808e_wdt: Fix WD_EN register read
    - ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc
    - ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
    - ALSA: pcm: Avoid potential races between OSS ioctls and read/write
    - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
    - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
    - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
    - vfio-pci: Virtualize PCIe & AF FLR
    - vfio/pci: Virtualize Maximum Payload Size
    - vfio/pci: Virtualize Maximum Read Request Size
    - ext4: don't allow r/w mounts if metadata blocks overlap the superblock
    - drm/radeon: Fix PCIe lane width calculation
    - ext4: fix crashes in dioread_nolock mode
    - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea()
    - ALSA: line6: Use correct endpoint type for midi output
    - ALSA: rawmidi: Fix missing input substream checks in compat ioctls
    - ALSA: hda - New VIA controller suppor no-snoop path
    - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
    - MIPS: uaccess: Add micromips clobbers to bzero invocation
    - MIPS: memset.S: EVA & fault support for small_memset
    - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
    - MIPS: memset.S: Fix clobber of v1 in last_fixup
    - powerpc/eeh: Fix enabling bridge MMIO windows
    - powerpc/lib: Fix off-by-one in alternate feature patching
    - jffs2_kill_sb(): deal with failed allocations
    - hypfs_kill_super(): deal with failed allocations
    - rpc_pipefs: fix double-dput()
    - Don't leak MNT_INTERNAL away from internal mounts
    - autofs: mount point create should honour passed in mode
    - mm: allow GFP_{FS,IO} for page_cache_read page cache allocation
    - mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
    - ext4: bugfix for mmaped pages in mpage_release_unused_pages()
    - fanotify: fix logic of events on child
    - writeback: safer lock nesting
    - Linux 4.4.129

* CVE-2018-8087
    - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()

* Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in
    DELL XPS 13 9370 with firmware 1.50 (LP: #1763748)
    - SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device

* [Xenial] Kernels OOPS when mwifiex is in AP mode (LP: #1769671)
    - Revert "UBUNTU: SAUCE: mwifiex: do not dereference invalid pointer"
    - Revert "UBUNTU: SAUCE: net/wireless: do not dereference invalid pointer"
    - mwifiex: cfg80211: do not change virtual interface during scan processing

* user space process hung in 'D' state waiting for disk io to complete
    (LP: #1750038)
    - NFS: Use GFP_NOIO for two allocations in writeback

* Acer Swift sf314-52 power button not managed  (LP: #1766054)
    - SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 25 May 2018 15:58:45 +0200

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package