Cosmic update to v4.18.6 stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Seth Forshee |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The v4.18.6 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
TEST CASE: TBD
The following patches from the v4.18.6 stable release shall be applied:
PATCH scripts/kernel-doc
scripts/kernel-doc: Escape all literal braces in regexes
scsi: libsas: dynamically allocate and free ata host
xprtrdma: Fix disconnect regression
mei: don't update offset in write
cifs: add missing support for ACLs in SMB 3.11
CIFS: fix uninitialized ptr deref in smb2 signing
cifs: add missing debug entries for kconfig options
cifs: use a refcount to protect open/closing the cached file handle
cifs: check kmalloc before use
smb3: enumerating snapshots was leaving part of the data off end
smb3: Do not send SMB3 SET_INFO if nothing changed
smb3: don't request leases in symlink creation and query
smb3: fill in statfs fsid and correct namelen
btrfs: use correct compare function of dirty_metadata_
btrfs: don't leak ret from do_chunk_alloc
Btrfs: fix mount failure after fsync due to hard link recreation
Btrfs: fix btrfs_write_inode vs delayed iput deadlock
Btrfs: fix send failure when root has deleted files still open
Btrfs: send, fix incorrect file layout after hole punching beyond eof
hwmon: (k10temp) 27C Offset needed for Threadripper2
bpf, arm32: fix stack var offset in jit
regulator: arizona-ldo1: Use correct device to get enable GPIO
iommu/arm-smmu: Error out only if not enough context interrupts
printk: Split the code for storing a message into the log buffer
printk: Create helper function to queue deferred console handling
printk/nmi: Prevent deadlock when accessing the main log buffer in NMI
kprobes/arm64: Fix %p uses in error messages
arm64: Fix mismatched cache line size detection
arm64: Handle mismatched cache type
arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
arm64: dts: rockchip: corrected uart1 clock-names for rk3328
KVM: arm/arm64: Fix potential loss of ptimer interrupts
KVM: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked
KVM: arm/arm64: Skip updating PMD entry if no change
KVM: arm/arm64: Skip updating PTE entry if no change
s390/kvm: fix deadlock when killed by oom
perf kvm: Fix subcommands on s390
stop_machine: Reflow cpu_stop_
stop_machine: Atomically queue and wake stopper threads
ext4: check for NUL characters in extended attribute's name
ext4: use ext4_warning() for sb_getblk failure
ext4: sysfs: print ext4_super_block fields as little-endian
ext4: reset error code in ext4_find_entry in fallback
ext4: fix race when setting the bitmap corrupted flag
x86/gpu: reserve ICL's graphics stolen memory
platform/x86: wmi: Do not mix pages and kmalloc
platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too
mm: move tlb_table_flush to tlb_flush_mmu_free
mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE
x86/speculation
x86/speculation
x86/speculation
x86/vdso: Fix vDSO build if a retpoline is emitted
x86/process: Re-export start_thread()
KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd
KVM: x86: SVM: Call x86_spec_
fuse: Don't access pipe->buffers without pipe_lock()
fuse: fix initial parallel dirops
fuse: fix double request_end()
fuse: fix unlocked access to processing queue
fuse: umount should wait for all requests
fuse: Fix oops at process_
fuse: Add missed unlock_page() to fuse_readpages_
lib/vsprintf: Do not handle %pO[^F] as %px
udl-kms: change down_interruptible to down
udl-kms: handle allocation failure
udl-kms: fix crash due to uninitialized memory
udl-kms: avoid division
b43legacy/leds: Ensure NUL-termination of LED name string
b43/leds: Ensure NUL-termination of LED name string
ASoC: dpcm: don't merge format from invalid codec dai
ASoC: zte: Fix incorrect PCM format bit usages
ASoC: sirf: Fix potential NULL pointer dereference
ASoC: wm_adsp: Correct DSP pointer for preloader control
soc: qcom: rmtfs-mem: fix memleak in probe error paths
pinctrl: freescale: off by one in imx1_pinconf_
scsi: qla2xxx: Fix stalled relogin
x86/vdso: Fix lsl operand order
x86/nmi: Fix NMI uaccess race against CR3 switching
x86/irqflags: Mark native_restore_fl extern inline
x86/spectre: Add missing family 6 check to microcode check
x86/speculation
hwmon: (nct6775) Fix potential Spectre v1
x86/entry/64: Wipe KASAN stack shadow before rewind_
x86: Allow generating user-space headers without a compiler
s390/mm: fix addressing exception after suspend/resume
s390/lib: use expoline for all bcr instructions
s390: fix br_r1_trampoline for machines without exrl
s390/qdio: reset old sbal_state flags
s390/numa: move initial setup of node_to_cpumask_map
s390/purgatory: Fix crash with expoline enabled
s390/purgatory: Add missing FORCE to Makefile targets
kprobes: Show blacklist addresses as same as kallsyms does
kprobes: Replace %p with other pointer types
kprobes/arm: Fix %p uses in error messages
kprobes: Make list and blacklist root user read only
MIPS: Correct the 64-bit DSP accumulator register size
MIPS: memset.S: Fix byte_fixup for MIPSr6
MIPS: Always use -march=<arch>, not -<arch> shortcuts
MIPS: Change definition of cpu_relax() for Loongson-3
MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
tpm: Return the actual size when receiving an unsupported command
tpm: separate cmd_ready/go_idle from runtime_pm
scsi: mpt3sas: Fix calltrace observed while running IO & reset
scsi: mpt3sas: Fix _transport_
scsi: sysfs: Introduce sysfs_{
scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
iscsi target: fix session creation failure handling
mtd: rawnand: hynix: Use ->exec_op() in hynix_nand_
mtd: rawnand: fsmc: Stop using chip->read_buf()
mtd: rawnand: marvell: add suspend and resume hooks
mtd: rawnand: qcom: wait for desc completion in all BAM channels
clk: rockchip: fix clk_i2sout parent selection bits on rk3399
clk: npcm7xx: fix memory allocation
PM / clk: signedness bug in of_pm_clk_
power: generic-
power: generic-
watchdog: Mark watchdog touch functions as notrace
cdrom: Fix info leak/OOB read in cdrom_ioctl_
x86/dumpstack: Don't dump kernel memory based on usermode RIP
Linux 4.18.6
The following patches from the v4.18.6 stable release had already been applied:
nvme-pci: add a memory barrier to nvme_dbbuf_
s390/pci: fix out of bounds access during irq setup
CVE References
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu): | |
assignee: | nobody → Seth Forshee (sforshee) |
importance: | Undecided → Medium |
status: | New → In Progress |
description: | updated |
description: | updated |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
tags: | added: cscc |
This bug was fixed in the package linux - 4.18.0-8.9
---------------
linux (4.18.0-8.9) cosmic; urgency=medium
* linux: 4.18.0-8.9 -proposed tracker (LP: #1791663)
* Cosmic update to v4.18.7 stable release (LP: #1791660) sdhi_internal_ dmac: mask DMAC interrupts sdhi_internal_ dmac: fix #define RST_RESERVED_BITS allocated_ queue() set q->fq as NULL in the fail case secid_to_ secctx( ) deallocation must not change pkey registers permitted( ) powernv/ pci: Work around races in PCI bridge enabling context_ get() close_all_ ch()
- rcu: Make expedited GPs handle CPU 0 being offline
- net: 6lowpan: fix reserved space for single frames
- net: mac802154: tx: expand tailroom if necessary
- 9p/net: Fix zero-copy path in the 9p virtio transport
- spi: davinci: fix a NULL pointer dereference
- spi: pxa2xx: Add support for Intel Ice Lake
- spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
- spi: cadence: Change usleep_range() to udelay(), for atomic context
- mmc: block: Fix unsupported parallel dispatch of requests
- mmc: renesas_
- mmc: renesas_
- readahead: stricter check for bdi io_pages
- block: fix infinite loop if the device loses discard capability
- block: blk_init_
- block: really disable runtime-pm for blk-mq
- blkcg: Introduce blkg_root_lookup()
- block: Introduce blk_exit_queue()
- block: Ensure that a request queue is dissociated from the cgroup controller
- apparmor: fix bad debug check in apparmor_
- dma-buf: Move BUG_ON from _add_shared_fence to _add_shared_inplace
- libertas: fix suspend and resume for SDIO connected cards
- media: Revert "[media] tvp5150: fix pad format frame height"
- mailbox: xgene-slimpro: Fix potential NULL pointer dereference
- Replace magic for trusting the secondary keyring with #define
- Fix kexec forbidding kernels signed with keys in the secondary keyring to
boot
- powerpc/fadump: handle crash memory ranges array index overflow
- powerpc/64s: Fix page table fragment refcount race vs speculative references
- powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
- powerpc/pkeys: Give all threads control of their key permissions
- powerpc/pkeys: Deny read/write/execute by default
- powerpc/pkeys: key allocation/
- powerpc/pkeys: Save the pkey registers before fork
- powerpc/pkeys: Fix calculation of total pkeys.
- powerpc/pkeys: Preallocate execute-only key
- powerpc/nohash: fix pte_access_
- powerpc64/ftrace: Include ftrace.h needed for enable/disable calls
- powerpc/
- cxl: Fix wrong comparison in cxl_adapter_
- IB/mlx5: Honor cnt_set_id_valid flag instead of set_id
- IB/mlx5: Fix leaking stack memory to userspace
- IB/srpt: Fix srpt_cm_req_recv() error path (1/2)
- IB/srpt: Fix srpt_cm_req_recv() error path (2/2)
- IB/srpt: Support HCAs with more than two ports
- overflow.h: Add arithmetic shift helper
- RDMA/mlx5: Fix shift overflow in mlx5_ib_create_wq
- ib_srpt: Fix a use-after-free in srpt_close_ch()
- ib_srpt: Fix a use-after-free in __srpt_
- RDMA/rxe: Set wqe->status correctly if an unexpected...