Bug #1413992 “Kernel oopses on access to address 0x8 when cdc-ac...” : Bugs : linux package : Ubuntu

Adam Lee (adam8157) on 2015-01-23

Changed in hwe-next:
status:	New → Triaged
importance:	Undecided → High
assignee:	nobody → Adam Lee (adam8157)

Adam Lee (adam8157) on 2015-01-29

Changed in linux (Ubuntu):
status:	Triaged → In Progress

Revision history for this message

Adam Lee (adam8157) wrote on 2015-02-03:

#1

patch "cdc-acm: add sanity checks" added to usb-next

Revision history for this message

Adam Lee (adam8157) wrote on 2015-03-02:

#2

patch has been submitted to kernel-team@

Andy Whitcroft (apw) on 2015-03-03

Changed in linux (Ubuntu):
status:	In Progress → Fix Committed

Luis Henriques (henrix) on 2015-03-23

Changed in linux (Ubuntu Trusty):
status:	New → Fix Committed
Changed in linux (Ubuntu Utopic):
status:	New → Fix Committed

Adam Lee (adam8157) on 2015-03-24

Changed in linux (Ubuntu Trusty):
importance:	Undecided → High
Changed in linux (Ubuntu Utopic):
importance:	Undecided → High
Changed in linux (Ubuntu Trusty):
assignee:	nobody → Adam Lee (adam8157)
Changed in linux (Ubuntu Utopic):
assignee:	nobody → Adam Lee (adam8157)

Revision history for this message

Brad Figg (brad-figg) wrote on 2015-03-26:

#3

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:	added: verification-needed-trusty
tags:	added: verification-needed-utopic

Revision history for this message

Brad Figg (brad-figg) wrote on 2015-03-26:

#4

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-utopic' to 'verification-done-utopic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Adam Lee (adam8157) on 2015-03-27

tags:

added: verification-done-trusty verification-done-utopic
removed: verification-needed-trusty verification-needed-utopic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-04-08:

#5

Download full text (5.9 KiB)

This bug was fixed in the package linux - 3.13.0-49.81

---------------
linux (3.13.0-49.81) trusty; urgency=low

[ Kamal Mostafa ]

* Release Tracking Bug
- LP: #1436016

[ Alex Hung ]

* SAUCE: ACPI / blacklist: blacklist Win8 OSI for HP Pavilion dv6
- LP: #1416940

[ Andy Whitcroft ]

* [Packaging] generate live watchdog blacklists
- LP: #1432837

[ Ben Widawsky ]

* SAUCE: i915_bdw: drm/i915/bdw: enable eDRAM.
- LP: #1430855

[ Chris J Arges ]

* [Config] Add ibmvfc to d-i
- LP: #1416001

[ Seth Forshee ]

* [Config] updateconfigs - enable X86_UP_APIC_MSI

[ Upstream Kernel Changes ]

  * net: add sysfs helpers for netdev_adjacent logic
    - LP: #1410852
  * net: Mark functions as static in core/dev.c
    - LP: #1410852
  * net: rename sysfs symlinks on device name change
    - LP: #1410852
  * btrfs: fix null pointer dereference in clone_fs_devices when name is
    null
    - LP: #1429804
  * cdc-acm: add sanity checks
    - LP: #1413992
  * x86: thinkpad_acpi.c: fixed spacing coding style issue
    - LP: #1417915
  * thinkpad_acpi: support new BIOS version string pattern
    - LP: #1417915
  * net: sctp: fix slab corruption from use after free on INIT collisions
    - LP: #1416506
    - CVE-2015-1421
  * ipv4: try to cache dst_entries which would cause a redirect
    - LP: #1420027
    - CVE-2015-1465
  * x86, mm/ASLR: Fix stack randomization on 64-bit systems
    - LP: #1423757
    - CVE-2015-1593
  * net: llc: use correct size for sysctl timeout entries
    - LP: #1425271
    - CVE-2015-2041
  * net: rds: use correct size for max unacked packets and bytes
    - LP: #1425274
    - CVE-2015-2042
  * Btrfs: clear compress-force when remounting with compress option
    - LP: #1434183
  * ext4: merge uninitialized extents
    - LP: #1430184
  * btrfs: filter invalid arg for btrfs resize
    - LP: #1435441
  * Bluetooth: Add firmware update for Atheros 0cf3:311f
  * Bluetooth: btusb: Add IMC Networks (Broadcom based)
  * Bluetooth: sort the list of IDs in the source code
  * Bluetooth: append new supported device to the list [0b05:17d0]
  * Bluetooth: Add support for Intel bootloader devices
  * Bluetooth: Ignore isochronous endpoints for Intel USB bootloader
  * Bluetooth: Add support for Acer [13D3:3432]
  * Bluetooth: Add support for Broadcom device of Asus Z97-DELUXE
    motherboard
  * Add a new PID/VID 0227/0930 for AR3012.
  * Bluetooth: Add support for Acer [0489:e078]
  * Bluetooth: Add USB device 04ca:3010 as Atheros AR3012
  * x86: mm: move mmap_sem unlock from mm_fault_error() to caller
  * vm: add VM_FAULT_SIGSEGV handling support
  * vm: make stack guard page errors return VM_FAULT_SIGSEGV rather than
    SIGBUS
  * spi/pxa2xx: Clear cur_chip pointer before starting next message
  * spi: dw: Fix detecting FIFO depth
  * spi: dw-mid: fix FIFO size
  * ASoC: wm8960: Fix capture sample rate from 11250 to 11025
  * regulator: core: fix race condition in regulator_put()
  * ASoC: omap-mcbsp: Correct CBM_CFS dai format configuration
  * can: c_can: end pending transmission on network stop (ifdown)
  * nfs: fix dio deadlock when O_DIRECT flag is flipped
  * NFSv4.1: Fix an Oops in nfs41_...

This bug was fixed in the package linux - 3.13.0-49.81

---------------
linux (3.13.0-49.81) trusty; urgency=low

[ Kamal Mostafa ]

* Release Tracking Bug
    - LP: #1436016

[ Alex Hung ]

* SAUCE: ACPI / blacklist: blacklist Win8 OSI for HP Pavilion dv6
    - LP: #1416940

[ Andy Whitcroft ]

* [Packaging] generate live watchdog blacklists
    - LP: #1432837

[ Ben Widawsky ]

* SAUCE: i915_bdw: drm/i915/bdw: enable eDRAM.
    - LP: #1430855

[ Chris J Arges ]

* [Config] Add ibmvfc to d-i
    - LP: #1416001

[ Seth Forshee ]

* [Config] updateconfigs - enable X86_UP_APIC_MSI

[ Upstream Kernel Changes ]

* net: add sysfs helpers for netdev_adjacent logic
    - LP: #1410852
  * net: Mark functions as static in core/dev.c
    - LP: #1410852
  * net: rename sysfs symlinks on device name change
    - LP: #1410852
  * btrfs: fix null pointer dereference in clone_fs_devices when name is
    null
    - LP: #1429804
  * cdc-acm: add sanity checks
    - LP: #1413992
  * x86: thinkpad_acpi.c: fixed spacing coding style issue
    - LP: #1417915
  * thinkpad_acpi: support new BIOS version string pattern
    - LP: #1417915
  * net: sctp: fix slab corruption from use after free on INIT collisions
    - LP: #1416506
    - CVE-2015-1421
  * ipv4: try to cache dst_entries which would cause a redirect
    - LP: #1420027
    - CVE-2015-1465
  * x86, mm/ASLR: Fix stack randomization on 64-bit systems
    - LP: #1423757
    - CVE-2015-1593
  * net: llc: use correct size for sysctl timeout entries
    - LP: #1425271
    - CVE-2015-2041
  * net: rds: use correct size for max unacked packets and bytes
    - LP: #1425274
    - CVE-2015-2042
  * Btrfs: clear compress-force when remounting with compress option
    - LP: #1434183
  * ext4: merge uninitialized extents
    - LP: #1430184
  * btrfs: filter invalid arg for btrfs resize
    - LP: #1435441
  * Bluetooth: Add firmware update for Atheros 0cf3:311f
  * Bluetooth: btusb: Add IMC Networks (Broadcom based)
  * Bluetooth: sort the list of IDs in the source code
  * Bluetooth: append new supported device to the list [0b05:17d0]
  * Bluetooth: Add support for Intel bootloader devices
  * Bluetooth: Ignore isochronous endpoints for Intel USB bootloader
  * Bluetooth: Add support for Acer [13D3:3432]
  * Bluetooth: Add support for Broadcom device of Asus Z97-DELUXE
    motherboard
  * Add a new PID/VID 0227/0930 for AR3012.
  * Bluetooth: Add support for Acer [0489:e078]
  * Bluetooth: Add USB device 04ca:3010 as Atheros AR3012
  * x86: mm: move mmap_sem unlock from mm_fault_error() to caller
  * vm: add VM_FAULT_SIGSEGV handling support
  * vm: make stack guard page errors return VM_FAULT_SIGSEGV rather than
    SIGBUS
  * spi/pxa2xx: Clear cur_chip pointer before starting next message
  * spi: dw: Fix detecting FIFO depth
  * spi: dw-mid: fix FIFO size
  * ASoC: wm8960: Fix capture sample rate from 11250 to 11025
  * regulator: core: fix race condition in regulator_put()
  * ASoC: omap-mcbsp: Correct CBM_CFS dai format configuration
  * can: c_can: end pending transmission on network stop (ifdown)
  * nfs: fix dio deadlock when O_DIRECT flag is flipped
  * NFSv4.1: Fix an Oops in nfs41_walk_client_list
  * Input: i8042 - add noloop quirk for Medion Akoya E7225 (MD98857)
  * mac80211: properly set CCK flag in radiotap
  * nl80211: fix per-station group key get/del and memory leak
  * i2c: s3c2410: fix ABBA deadlock by keeping clock prepared
  * usb-storage/SCSI: blacklist FUA on JMicron 152d:2566 USB-SATA
    controller
  * drm/i915: Only fence tiled region of object.
  * drm/i915: Fix and clean BDW PCH identification
  * drm/i915: BDW Fix Halo PCI IDs marked as ULT.
  * ALSA: seq-dummy: remove deadlock-causing events on close
  * drivers/rtc/rtc-s5m.c: terminate s5m_rtc_id array with empty element
  * drivers: net: cpsw: discard dual emac default vlan configuration
  * can: kvaser_usb: Do not sleep in atomic context
  * can: kvaser_usb: Send correct context to URB completion
  * can: kvaser_usb: Retry the first bulk transfer on -ETIMEDOUT
  * can: kvaser_usb: Fix state handling upon BUS_ERROR events
  * quota: Switch ->get_dqblk() and ->set_dqblk() to use bytes as space
    units
  * rbd: fix rbd_dev_parent_get() when parent_overlap == 0
  * rbd: drop parent_ref in rbd_dev_unprobe() unconditionally
  * dm cache: fix missing ERR_PTR returns and handling
  * dm thin: don't allow messages to be sent to a pool target in READ_ONLY
    or FAIL mode
  * net: cls_bpf: fix size mismatch on filter preparation
  * net: cls_bpf: fix auto generation of per list handles
  * ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos
    too
  * perf: Tighten (and fix) the grouping condition
  * arc: mm: Fix build failure
  * MIPS: IRQ: Fix disable_irq on CPU IRQs
  * Complete oplock break jobs before closing file handle
  * smpboot: Add missing get_online_cpus() in
    smpboot_register_percpu_thread()
  * ASoC: atmel_ssc_dai: fix start event for I2S mode
  * spi: fsl-dspi: Fix memory leak
  * spi: spi-fsl-dspi: Remove usage of devm_kzalloc
  * ALSA: ak411x: Fix stall in work callback
  * lib/checksum.c: fix carry in csum_tcpudp_nofold
  * MIPS: Fix kernel lockup or crash after CPU offline/online
  * gpio: sysfs: fix memory leak in gpiod_export_link
  * gpio: sysfs: fix memory leak in gpiod_sysfs_set_active_low
  * PCI: Add NEC variants to Stratus ftServer PCIe DMI check
  * ASoC: sgtl5000: add delay before first I2C access
  * PCI: Handle read-only BARs on AMD CS553x devices
  * mm: pagewalk: call pte_hole() for VM_PFNMAP during walk_page_range
  * nilfs2: fix deadlock of segment constructor over I_SYNC flag
  * tcp: ipv4: initialize unicast_sock sk_pacing_rate
  * caif: remove wrong dev_net_set() call
  * qlge: Fix qlge_update_hw_vlan_features to handle if interface is down
  * ip6_gre: fix endianness errors in ip6gre_err
  * spi: dw: revisit FIFO size detection again
  * Linux 3.13.11-ckt17
 -- Kamal Mostafa <kamal@canonical.com>   Tue, 24 Mar 2015 11:58:44 -0700

Changed in linux (Ubuntu Trusty):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-04-09:

#6

Download full text (15.4 KiB)

This bug was fixed in the package linux - 3.16.0-34.45

---------------
linux (3.16.0-34.45) utopic; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
- LP: #1435400

[ Andy Whitcroft ]

* [Packaging] generate live watchdog blacklists
- LP: #1432837

[ Chris J Arges ]

* [Config] Add ibmvfc to d-i
- LP: #1416001

[ John Johansen ]

* SAUCE: (no-up): apparmor: fix mediation of fs unix sockets
- LP: #1408833

[ Seth Forshee ]

* [Config] updateconfigs - enable X86_UP_APIC_MSI

[ Upstream Kernel Changes ]

  * cdc-acm: add sanity checks
    - LP: #1413992
  * x86: thinkpad_acpi.c: fixed spacing coding style issue
    - LP: #1417915
  * thinkpad_acpi: support new BIOS version string pattern
    - LP: #1417915
  * powernv: Use _GLOBAL_TOC for opal wrappers
    - LP: #1431196
  * Btrfs: clear compress-force when remounting with compress option
    - LP: #1434183
  * Btrfs: send, don't delay dir move if there's a new parent inode
    - LP: #1434223
  * [media] em28xx: fix em28xx-input removal
    - LP: #1434595
  * [media] em28xx: ensure "closing" messages terminate with a newline
    - LP: #1434595
  * [media] em28xx-input: fix missing newlines
    - LP: #1434595
  * [media] em28xx-core: fix missing newlines
    - LP: #1434595
  * [media] em28xx-audio: fix missing newlines
    - LP: #1434595
  * [media] em28xx-audio: fix missing newlines
    - LP: #1434595
  * [media] em28xx-dvb: fix missing newlines
    - LP: #1434595
  * [media] em28xx-video: fix missing newlines
    - LP: #1434595
  * ARM: pxa: add regulator_has_full_constraints to corgi board file
    - LP: #1434595
  * ARM: pxa: add regulator_has_full_constraints to poodle board file
    - LP: #1434595
  * ARM: pxa: add regulator_has_full_constraints to spitz board file
    - LP: #1434595
  * hx4700: regulator: declare full constraints
    - LP: #1434595
  * HID: input: fix confusion on conflicting mappings
    - LP: #1434595
  * HID: fixup the conflicting keyboard mappings quirk
    - LP: #1434595
  * ARM: dts: tegra20: fix GR3D, DSI unit and reg base addresses
    - LP: #1434595
  * megaraid_sas: disable interrupt_mask before enabling hardware
    interrupts
    - LP: #1434595
  * PCI: Generate uppercase hex for modalias var in uevent
    - LP: #1434595
  * usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN
    - LP: #1434595
  * tty/serial: at91: enable peripheral clock before accessing I/O
    registers
    - LP: #1434595
  * tty/serial: at91: fix error handling in atmel_serial_probe()
    - LP: #1434595
  * axonram: Fix bug in direct_access
    - LP: #1434595
  * btrfs: fix leak of path in btrfs_find_item
    - LP: #1434595
  * ksoftirqd: Enable IRQs and call cond_resched() before poking RCU
    - LP: #1434595
  * TPM: Add new TPMs to the tail of the list to prevent inadvertent change
    of dev
    - LP: #1434595
  * char: tpm: Add missing error check for devm_kzalloc
    - LP: #1434595
  * tpm_tis: verify interrupt during init
    - LP: #1434595
  * tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma
    - LP: #1434595
  * tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send
    - LP: #1434595
  * tpm/tpm_i2c_stm_st33:...

This bug was fixed in the package linux - 3.16.0-34.45

---------------
linux (3.16.0-34.45) utopic; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
    - LP: #1435400

[ Andy Whitcroft ]

* [Packaging] generate live watchdog blacklists
    - LP: #1432837

[ Chris J Arges ]

* [Config] Add ibmvfc to d-i
    - LP: #1416001

[ John Johansen ]

* SAUCE: (no-up): apparmor: fix mediation of fs unix sockets
    - LP: #1408833

[ Seth Forshee ]

* [Config] updateconfigs - enable X86_UP_APIC_MSI

[ Upstream Kernel Changes ]

* cdc-acm: add sanity checks
    - LP: #1413992
  * x86: thinkpad_acpi.c: fixed spacing coding style issue
    - LP: #1417915
  * thinkpad_acpi: support new BIOS version string pattern
    - LP: #1417915
  * powernv: Use _GLOBAL_TOC for opal wrappers
    - LP: #1431196
  * Btrfs: clear compress-force when remounting with compress option
    - LP: #1434183
  * Btrfs: send, don't delay dir move if there's a new parent inode
    - LP: #1434223
  * [media] em28xx: fix em28xx-input removal
    - LP: #1434595
  * [media] em28xx: ensure "closing" messages terminate with a newline
    - LP: #1434595
  * [media] em28xx-input: fix missing newlines
    - LP: #1434595
  * [media] em28xx-core: fix missing newlines
    - LP: #1434595
  * [media] em28xx-audio: fix missing newlines
    - LP: #1434595
  * [media] em28xx-audio: fix missing newlines
    - LP: #1434595
  * [media] em28xx-dvb: fix missing newlines
    - LP: #1434595
  * [media] em28xx-video: fix missing newlines
    - LP: #1434595
  * ARM: pxa: add regulator_has_full_constraints to corgi board file
    - LP: #1434595
  * ARM: pxa: add regulator_has_full_constraints to poodle board file
    - LP: #1434595
  * ARM: pxa: add regulator_has_full_constraints to spitz board file
    - LP: #1434595
  * hx4700: regulator: declare full constraints
    - LP: #1434595
  * HID: input: fix confusion on conflicting mappings
    - LP: #1434595
  * HID: fixup the conflicting keyboard mappings quirk
    - LP: #1434595
  * ARM: dts: tegra20: fix GR3D, DSI unit and reg base addresses
    - LP: #1434595
  * megaraid_sas: disable interrupt_mask before enabling hardware
    interrupts
    - LP: #1434595
  * PCI: Generate uppercase hex for modalias var in uevent
    - LP: #1434595
  * usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN
    - LP: #1434595
  * tty/serial: at91: enable peripheral clock before accessing I/O
    registers
    - LP: #1434595
  * tty/serial: at91: fix error handling in atmel_serial_probe()
    - LP: #1434595
  * axonram: Fix bug in direct_access
    - LP: #1434595
  * btrfs: fix leak of path in btrfs_find_item
    - LP: #1434595
  * ksoftirqd: Enable IRQs and call cond_resched() before poking RCU
    - LP: #1434595
  * TPM: Add new TPMs to the tail of the list to prevent inadvertent change
    of dev
    - LP: #1434595
  * char: tpm: Add missing error check for devm_kzalloc
    - LP: #1434595
  * tpm_tis: verify interrupt during init
    - LP: #1434595
  * tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma
    - LP: #1434595
  * tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send
    - LP: #1434595
  * tpm/tpm_i2c_stm_st33: Add status check when reading data on the FIFO
    - LP: #1434595
  * mmc: sdhci-pxav3: fix unbalanced clock issues during probe
    - LP: #1434595
  * iwlwifi: mvm: validate tid and sta_id in ba_notif
    - LP: #1434595
  * power: gpio-charger: balance enable/disable_irq_wake calls
    - LP: #1434595
  * power: bq24190: Fix ignored supplicants
    - LP: #1434595
  * ARM: DRA7: hwmod: Fix boot crash with DEBUG_LL enabled on UART3
    - LP: #1434595
  * Bluetooth: ath3k: Add support of AR3012 bluetooth 13d3:3423 device
    - LP: #1411193, #1434595
  * Bluetooth: btusb: Add Broadcom patchram support for ASUSTek devices
    - LP: #1434595
  * cfq-iosched: fix incorrect filing of rt async cfqq
    - LP: #1434595
  * smack: fix possible use after frees in task_security() callers
    - LP: #1434595
  * xfs: ensure buffer types are set correctly
    - LP: #1434595
  * xfs: inode unlink does not set AGI buffer type
    - LP: #1434595
  * xfs: set buf types when converting extent formats
    - LP: #1434595
  * xfs: set superblock buffer type correctly
    - LP: #1434595
  * btrfs: set proper message level for skinny metadata
    - LP: #1434595
  * KVM: s390: base hrtimer on a monotonic clock
    - LP: #1434595
  * KVM: s390: avoid memory leaks if __inject_vm() fails
    - LP: #1434595
  * samsung-laptop: Add use_native_backlight quirk, and enable it on some
    models
    - LP: #1434595
  * PCI: Fix infinite loop with ROM image of size 0
    - LP: #1434595
  * USB: cp210x: add ID for RUGGEDCOM USB Serial Console
    - LP: #1434595
  * Bluetooth: Add support for Broadcom BCM20702A1 variant
    - LP: #1434595
  * Bluetooth: Add support for Broadcom BCM20702A0 variants firmware
    download
    - LP: #1434595
  * Bluetooth: btusb: Add support for Dynex/Insignia USB dongles
    - LP: #1434595
  * clk: zynq: Force CPU_2X clock to be ungated
    - LP: #1434595
  * mmc: sdhci-pxav3: Remove checks for mandatory host clock
    - LP: #1434595
  * mmc: sdhci-pxav3: fix race between runtime pm and irq
    - LP: #1434595
  * power_supply: 88pm860x: Fix leaked power supply on probe fail
    - LP: #1434595
  * staging: comedi: comedi_compat32.c: fix COMEDI_CMD copy back
    - LP: #1434595
  * mmc: sdhci-pxav3: fix setting of pdata->clk_delay_cycles
    - LP: #1434595
  * mmc: sdhci-pxav3: Fix SDR50 and DDR50 capabilities for the Armada 38x
    flavor
    - LP: #1434595
  * mmc: sdhci-pxav3: Fix Armada 38x controller's caps according to erratum
    ERR-7878951
    - LP: #1434595
  * ARM: 8284/1: sa1100: clear RCSR_SMR on resume
    - LP: #1434595
  * [media] si2168: define symbol rate limits
    - LP: #1434595
  * nfs: don't call blocking operations while !TASK_RUNNING
    - LP: #1434595
  * USB: add flag for HCDs that can't receive wakeup requests (isp1760-hcd)
    - LP: #1434595
  * USB: fix use-after-free bug in usb_hcd_unlink_urb()
    - LP: #1434595
  * iwlwifi: mvm: always use mac color zero
    - LP: #1434595
  * iwlwifi: pcie: disable the SCD_BASE_ADDR when we resume from WoWLAN
    - LP: #1434595
  * iwlwifi: mvm: fix failure path when power_update fails in add_interface
    - LP: #1434595
  * vt: provide notifications on selection changes
    - LP: #1434595
  * tty: Prevent untrappable signals from malicious program
    - LP: #1434595
  * serial: fsl_lpuart: delete timer on shutdown
    - LP: #1434595
  * serial: fsl_lpuart: avoid new transfer while DMA is running
    - LP: #1434595
  * cpufreq: Set cpufreq_cpu_data to NULL before putting kobject
    - LP: #1434595
  * Bluetooth: btusb: Add support for Lite-On (04ca) Broadcom based,
    BCM43142
    - LP: #1434595
  * nfs41: .init_read and .init_write can be called with valid pg_lseg
    - LP: #1434595
  * [media] lmedm04: Fix usb_submit_urb BOGUS urb xfer, pipe 1 != type 3 in
    interrupt urb
    - LP: #1434595
  * mei: mask interrupt set bit on clean reset bit
    - LP: #1434595
  * mei: me: release hw from reset only during the reset flow
    - LP: #1434595
  * KVM: MIPS: Don't leak FPU/DSP to guest
    - LP: #1434595
  * ALSA: hda - Add the pin fixup for HP Envy TS bass speaker
    - LP: #1434595
  * ALSA: hda - Set up GPIO for Toshiba Satellite S50D
    - LP: #1434595
  * xen/manage: Fix USB interaction issues when resuming
    - LP: #1434595
  * ACPI / video: Add some Samsung models to disable_native_backlight list
    - LP: #1434595
  * ACPI / video: Add disable_native_backlight quirk for Dell XPS15 L521X
    - LP: #1434595
  * ACPI / video: Add disable_native_backlight quirk for Samsung
    730U3E/740U3E
    - LP: #1434595
  * ACPI / video: Add disable_native_backlight quirk for Samsung 510R
    - LP: #1434595
  * KVM: s390: floating irqs: fix user triggerable endless loop
    - LP: #1434595
  * drm/i915: Correct the IOSF Dev_FN field for IOSF transfers
    - LP: #1434595
  * cfq-iosched: handle failure of cfq group allocation
    - LP: #1434595
  * tracing: Fix unmapping loop in tracing_mark_write
    - LP: #1434595
  * fsnotify: fix handling of renames in audit
    - LP: #1434595
  * ring-buffer: Do not wake up a splice waiter when page is not full
    - LP: #1434595
  * blk-mq: fix double-free in error path
    - LP: #1434595
  * drm/radeon: workaround for CP HW bug on CIK
    - LP: #1434595
  * drm/radeon: only enable kv/kb dpm interrupts once v3
    - LP: #1434595
  * NFSv4.1: Fix a kfree() of uninitialised pointers in
    decode_cb_sequence_args
    - LP: #1434595
  * cpufreq: speedstep-smi: enable interrupts when waiting
    - LP: #1434595
  * mm/hugetlb: pmd_huge() returns true for non-present hugepage
    - LP: #1434595
  * mm/hugetlb: take page table lock in follow_huge_pmd()
    - LP: #1434595
  * mm/hugetlb: fix getting refcount 0 page in hugetlb_fault()
    - LP: #1434595
  * mm/hugetlb: add migration/hwpoisoned entry check in
    hugetlb_change_protection
    - LP: #1434595
  * mm/hugetlb: add migration entry check in __unmap_hugepage_range
    - LP: #1434595
  * mm: when stealing freepages, also take pages created by splitting buddy
    page
    - LP: #1434595
  * mm/mmap.c: fix arithmetic overflow in __vm_enough_memory()
    - LP: #1434595
  * mm/nommu.c: fix arithmetic overflow in __vm_enough_memory()
    - LP: #1434595
  * iscsi-target: Drop problematic active_ts_list usage
    - LP: #1434595
  * target: Fix PR_APTPL_BUF_LEN buffer size limitation
    - LP: #1434595
  * mm/compaction: fix wrong order check in compact_finished()
    - LP: #1434595
  * mm/memory.c: actually remap enough memory
    - LP: #1434595
  * mm: hwpoison: drop lru_add_drain_all() in __soft_offline_page()
    - LP: #1434595
  * ALSA: hda - enable mute led quirk for one more hp machine.
    - LP: #1410704, #1434595
  * ARC: fix page address calculation if PAGE_OFFSET != LINUX_LINK_BASE
    - LP: #1434595
  * drm/radeon/dp: Set EDP_CONFIGURATION_SET for bridge chips if necessary
    - LP: #1434595
  * drm/radeon: fix voltage setup on hawaii
    - LP: #1434595
  * ALSA: hdspm - Constrain periods to 2 on older cards
    - LP: #1434595
  * jffs2: fix handling of corrupted summary length
    - LP: #1434595
  * dm mirror: do not degrade the mirror on discard error
    - LP: #1434595
  * dm io: reject unsupported DISCARD requests with EOPNOTSUPP
    - LP: #1434595
  * NFS: struct nfs_commit_info.lock must always point to inode->i_lock
    - LP: #1434595
  * target: Add missing WRITE_SAME end-of-device sanity check
    - LP: #1434595
  * target: Check for LBA + sectors wrap-around in sbc_parse_cdb
    - LP: #1434595
  * Btrfs: fix fsync data loss after adding hard link to inode
    - LP: #1434595
  * Added Little Endian support to vtpm module
    - LP: #1434595
  * fixed invalid assignment of 64bit mask to host dma_boundary for scatter
    gather segment boundary limit.
    - LP: #1434595
  * sg: fix read() error reporting
    - LP: #1434595
  * IB/qib: Do not write EEPROM
    - LP: #1434595
  * EDAC, amd64_edac: Prevent OOPS with >16 memory controllers
    - LP: #1434595
  * MIPS: asm: asmmacro: Replace "add" instructions with "addu"
    - LP: #1434595
  * MIPS: kernel: cps-vec: Replace "addi" with "addiu"
    - LP: #1434595
  * md/raid5: Fix livelock when array is both resyncing and degraded.
    - LP: #1434595
  * locking/rtmutex: Avoid a NULL pointer dereference on deadlock
    - LP: #1434595
  * time: adjtimex: Validate the ADJ_FREQUENCY values
    - LP: #1434595
  * ntp: Fixup adjtimex freq validation on 32-bit systems
    - LP: #1434595
  * dm: fix a race condition in dm_get_md
    - LP: #1434595
  * dm snapshot: fix a possible invalid memory access on unload
    - LP: #1434595
  * cpufreq: s3c: remove incorrect __init annotations
    - LP: #1434595
  * x86, mm/ASLR: Fix stack randomization on 64-bit systems
    - LP: #1434595
  * libceph: assert both regular and lingering lists in __remove_osd()
    - LP: #1434595
  * libceph: change from BUG to WARN for __remove_osd() asserts
    - LP: #1434595
  * libceph: fix double __remove_osd() problem
    - LP: #1434595
  * MIPS: Export FP functions used by lose_fpu(1) for KVM
    - LP: #1434595
  * MIPS: Export MSA functions used by lose_fpu(1) for KVM
    - LP: #1434595
  * kdb: fix incorrect counts in KDB summary command output
    - LP: #1434595
  * blk-throttle: check stats_cpu before reading it from sysfs
    - LP: #1434595
  * debugfs: leave freeing a symlink body until inode eviction
    - LP: #1434595
  * procfs: fix race between symlink removals and traversals
    - LP: #1434595
  * autofs4 copy_dev_ioctl(): keep the value of ->size we'd used for
    allocation
    - LP: #1434595
  * ASoC: mioa701_wm9713: Fix speaker event
    - LP: #1434595
  * gpio: rcar: Fix error path for devm_kzalloc() failure
    - LP: #1434595
  * efi: Small leak on error in runtime map code
    - LP: #1434595
  * clk-gate: fix bit # check in clk_register_gate()
    - LP: #1434595
  * powerpc/kernel: Avoid memory corruption at early stage
    - LP: #1434595
  * pinctrl: pinctrl-imx: don't use invalid value of conf_reg
    - LP: #1434595
  * ALSA: off by one bug in snd_riptide_joystick_probe()
    - LP: #1434595
  * GFS2: Fix crash during ACL deletion in acl max entry check in
    gfs2_set_acl()
    - LP: #1434595
  * net: llc: use correct size for sysctl timeout entries
    - LP: #1434595
  * net: rds: use correct size for max unacked packets and bytes
    - LP: #1434595
  * HID: i2c-hid: Limit reads to wMaxInputLength bytes for input events
    - LP: #1434595
  * fib_trie: Fix /proc/net/fib_trie when CONFIG_IP_MULTIPLE_TABLES is not
    defined
    - LP: #1434595
  * net: sctp: fix race for one-to-many sockets in sendmsg's auto associate
    - LP: #1434595
  * gpio: sysfs: fix gpio attribute-creation race
    - LP: #1434595
  * ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs
    - LP: #1434595
  * IB/core: When marshaling ucma path from user-space, clear unused fields
    - LP: #1434595
  * IB/core: Fix deadlock on uverbs modify_qp error flow
    - LP: #1434595
  * IB/mlx4: Fix wrong usage of IPv4 protocol for multicast attach/detach
    - LP: #1434595
  * IB/iser: Use correct dma direction when unmapping SGs
    - LP: #1434595
  * [media] Si2168: increase timeout to fix firmware loading
    - LP: #1434595
  * staging: comedi: cb_pcidas64: fix incorrect AI range code handling
    - LP: #1434595
  * target: Fix R_HOLDER bit usage for AllRegistrants
    - LP: #1434595
  * target: Avoid dropping AllRegistrants reservation during unregister
    - LP: #1434595
  * target: Allow AllRegistrants to re-RESERVE existing reservation
    - LP: #1434595
  * target: Allow Write Exclusive non-reservation holders to READ
    - LP: #1434595
  * vhost/scsi: potential memory corruption
    - LP: #1434595
  * clk: sunxi: Support factor clocks with N factor starting not from 0
    - LP: #1434595
  * sunxi: clk: Set sun6i-pll1 n_start = 1
    - LP: #1434595
  * HID: wacom: Report ABS_MISC event for Cintiq Companion Hybrid
    - LP: #1434595
  * mm: softdirty: unmapped addresses between VMAs are clean
    - LP: #1434595
  * proc/pagemap: walk page tables under pte lock
    - LP: #1434595
  * ARM: dts: am335x-bone*: usb0 is hardwired for peripheral
    - LP: #1434595
  * sched/rt: Reduce rq lock contention by eliminating locking of
    non-feasible target
    - LP: #1434595
  * caif: remove wrong dev_net_set() call
    - LP: #1434595
  * quota: Store maximum space limit in bytes
    - LP: #1434595
  * Linux 3.16.7-ckt8
    - LP: #1434595
  * btrfs: label should not contain return char
    - LP: #1434528
 -- Luis Henriques <luis.henriques@canonical.com>   Mon, 23 Mar 2015 15:58:49 +0000

Changed in linux (Ubuntu Utopic):
status:	Fix Committed → Fix Released

Adam Lee (adam8157) on 2015-04-09

Changed in linux (Ubuntu):
status:	Fix Committed → Fix Released

Ubuntu
linux package

Kernel oopses on access to address 0x8 when cdc-acm device is inserted with invalid descriptor.

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Affects		Status	Importance	Assigned to
	HWE Next	Fix Released	High	Adam Lee
	Trusty	Fix Released	High	Adam Lee
	Utopic	Fix Released	High	Adam Lee
	Vivid	Fix Released	High	Adam Lee
	linux (Ubuntu)	Fix Released	High	Adam Lee
Nominated for Vivid by Adam Lee
	Trusty	Fix Released	High	Adam Lee
	Utopic	Fix Released	High	Adam Lee

Ubuntulinux package

Kernel oopses on access to address 0x8 when cdc-acm device is inserted with invalid descriptor.

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package