Disco update: upstream stable patchset 2019-09-11
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Disco |
Fix Released
|
Undecided
|
Kamal Mostafa |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2019-09-11
Ported from the following upstream stable releases:
v4.19.70, v5.2.12
v4.19.71, v5.2.13
v4.19.72, v5.2.14
from git://git.
dmaengine: ste_dma40: fix unneeded variable warning
nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns
afs: Fix the CB.ProbeUuid service handler to reply correctly
afs: Fix loop index mixup in afs_deliver_
fs: afs: Fix a possible null-pointer dereference in afs_put_read()
afs: Only update d_fsdata if different in afs_d_revalidate()
nvmet-loop: Flush nvme_delete_wq when removing the port
nvme: fix a possible deadlock when passthru commands sent to a multipath device
nvme-pci: Fix async probe remove race
soundwire: cadence_master: fix register definition for SLAVE_STATE
soundwire: cadence_master: fix definitions for INTSTAT0/1
auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach
dmaengine: stm32-mdma: Fix a possible null-pointer dereference in stm32_mdma_
omap-dma/
iommu/dma: Handle SG length overflow better
usb: gadget: composite: Clear "suspended" on reset/disconnect
usb: gadget: mass_storage: Fix races between fsg_disable and fsg_set_alt
xen/blkback: fix memory leaks
arm64: cpufeature: Don't treat granule sizes as strict
i2c: rcar: avoid race when unregistering slave client
i2c: emev2: avoid race when unregistering slave client
drm/ast: Fixed reboot test may cause system hanged
usb: host: fotg2: restart hcd after port reset
tools: hv: fixed Python pep8/flake8 warnings for lsvmbus
tools: hv: fix KVP and VSS daemons exit code
watchdog: bcm2835_wdt: Fix module autoload
drm/bridge: tfp410: fix memleak in get_modes()
scsi: ufs: Fix RX_TERMINATION_
drm/tilcdc: Register cpufreq notifier after we have initialized crtc
net/tls: swap sk_write_space on close
net: tls, fix sk_write_space NULL write when tx disabled
ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set
ipv6: Default fib6_type to RTN_UNICAST when not set
net/smc: make sure EPOLLOUT is raised
tcp: make sure EPOLLOUT wont be missed
ipv4/icmp: fix rt dst dev null pointer dereference
mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n
ALSA: usb-audio: Check mixer unit bitmap yet more strictly
ALSA: line6: Fix memory leak at line6_init_pcm() error path
ALSA: hda - Fixes inverted Conexant GPIO mic mute led
ALSA: seq: Fix potential concurrent access to the deleted pool
ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_
ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604
kvm: x86: skip populating logical dest map if apic is not sw enabled
KVM: x86: Don't update RIP or do single-step on faulting emulation
uprobes/x86: Fix detection of 32-bit user mode
x86/apic: Do not initialize LDR and DFR for bigsmp
ftrace: Fix NULL pointer dereference in t_probe_next()
ftrace: Check for successful allocation of hash
ftrace: Check for empty hash and comment the race with registering probes
usb-storage: Add new JMS567 revision to unusual_devs
USB: cdc-wdm: fix race between write and disconnect due to flag abuse
usb: hcd: use managed device resources
usb: chipidea: udc: don't do hardware access if gadget has stopped
usb: host: ohci: fix a race condition between shutdown and irq
usb: host: xhci: rcar: Fix typo in compatible string matching
USB: storage: ums-realtek: Update module parameter description for auto_delink_en
USB: storage: ums-realtek: Whitelist auto-delink support
mei: me: add Tiger Lake point LP device ID
mmc: sdhci-of-at91: add quirk for broken HS200
mmc: core: Fix init of SD cards reporting an invalid VDD range
stm class: Fix a double free of stm_source_device
intel_th: pci: Add support for another Lewisburg PCH
intel_th: pci: Add Tiger Lake support
typec: tcpm: fix a typo in the comparison of pdo_max_voltage
fsi: scom: Don't abort operations for minor errors
lib: logic_pio: Fix RCU usage
lib: logic_pio: Avoid possible overlap for unregistering regions
lib: logic_pio: Add logic_pio_
drm/amdgpu: Add APTX quirk for Dell Latitude 5495
drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest
drm/i915: Call dma_set_
bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free
bus: hisi_lpc: Add .remove method to avoid driver unbind crash
VMCI: Release resource if the work is already queued
crypto: ccp - Ignore unconfigured CCP device on suspend/resume
Revert "cfg80211: fix processing world regdomain when non modular"
mac80211: fix possible sta leak
mac80211: Don't memset RXCB prior to PAE intercept
mac80211: Correctly set noencrypt for PAE frames
KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers
KVM: PPC: Book3S: Fix incorrect guest-to-
KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
NFS: Clean up list moves of struct nfs_page
NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()
NFS: Pass error information to the pgio error cleanup routine
NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0
i2c: piix4: Fix port selection for AMD Family 16h Model 30h
x86/ptrace: fix up botched merge of spectrev1 fix
mt76: mt76x0u: do not reset radio on resume
Revert "ASoC: Fail card instantiation if DAI format setup fails"
nvmet: Fix use-after-free bug when a port is removed
nvmet-file: fix nvmet_file_flush() always returning an error
nvme-rdma: fix possible use-after-free in connect error flow
nvme: fix controller removal race with scan work
IB/mlx5: Fix implicit MR release flow
dma-direct: don't truncate dma_required_mask to bus addressing capabilities
riscv: fix flush_tlb_range() end address for flush_tlb_page()
drm/scheduler: use job count instead of peek
locking/rwsem: Add missing ACQUIRE to read_slowpath exit when queue is empty
lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop
selftests/bpf: install files test_xdp_vlan.sh
ALSA: hda/ca0132 - Add new SBZ quirk
KVM: x86: hyper-v: don't crash on KVM_GET_
x86/mm/cpa: Prevent large page split when ftrace flips RW on kernel text
usbtmc: more sanity checking for packet size
mmc: sdhci-cadence: enable v4_mode to fix ADMA 64-bit addressing
mmc: sdhci-sprd: fixed incorrect clock divider
mmc: sdhci-sprd: add SDHCI_QUIRK2_
mms: sdhci-sprd: add SDHCI_QUIRK_
mmc: sdhci-sprd: clear the UHS-I modes read from registers
mmc: sdhci-sprd: Implement the get_max_
mmc: sdhci-sprd: add get_ro hook function
drm/i915/dp: Fix DSC enable code to use cpu_transcoder instead of encoder->type
hsr: implement dellink to clean up resources
hsr: fix a NULL pointer deref in hsr_dev_xmit()
hsr: switch ->dellink() to ->ndo_uninit()
Revert "Input: elantech - enable SMBus on new (2018+) systems"
UBUNTU: upstream stable to v4.19.71, v5.2.13
mld: fix memory leak in mld_del_delrec()
net: fix skb use after free in netpoll
net: sched: act_sample: fix psample group handling on overwrite
net_sched: fix a NULL pointer deref in ipt action
net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
tcp: inherit timestamp on mtu probe
tcp: remove empty skb from write queue in error cases
net/rds: Fix info leak in rds6_inc_
x86/boot: Preserve boot_params.
spi: bcm2835aux: unifying code between polling and interrupt driven code
spi: bcm2835aux: remove dangerous uncontrolled read of fifo
spi: bcm2835aux: fix corruptions for longer spi transfers
net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context
netfilter: nf_tables: use-after-free in failing rule with bound set
tools: bpftool: fix error message (prog -> object)
hv_netvsc: Fix a warning of suspicious RCU usage
net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
Bluetooth: btqca: Add a short delay before downloading the NVM
ibmveth: Convert multicast list size for little-endian system
gpio: Fix build error of function redefinition
netfilter: nft_flow_offload: skip tcp rst and fin packets
drm/mediatek: use correct device to import PRIME buffers
drm/mediatek: set DMA max segment size
scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure
scsi: target: tcmu: avoid use-after-free after command timeout
cxgb4: fix a memory leak bug
liquidio: add cleanup in octeon_setup_iq()
net: myri10ge: fix memory leaks
lan78xx: Fix memory leaks
vfs: fix page locking deadlocks when deduping files
cx82310_eth: fix a memory leak bug
net: kalmia: fix memory leaks
ibmvnic: Unmap DMA address of TX descriptor buffers after use
net: cavium: fix driver name
wimax/i2400m: fix a memory leak bug
ravb: Fix use-after-free ravb_tstamp_skb
kprobes: Fix potential deadlock in kprobe_optimizer()
HID: cp2112: prevent sleeping function called from invalid context
x86/boot/
Input: hyperv-keyboard: Use in-place iterator API in the channel callback
Tools: hv: kvp: eliminate 'may be used uninitialized' warning
nvme-multipath: fix possible I/O hang when paths are updated
IB/mlx4: Fix memory leaks
infiniband: hfi1: fix a memory leak bug
infiniband: hfi1: fix memory leaks
selftests: kvm: fix state save/load on processors without XSAVE
selftests/kvm: make platform_info_test pass on AMD
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
ceph: fix buffer free while holding i_ceph_lock in __ceph_
ceph: fix buffer free while holding i_ceph_lock in fill_inode()
KVM: arm/arm64: Only skip MMIO insn once
afs: Fix leak in afs_lookup_
KVM: arm/arm64: VGIC: Properly initialise private IRQ affinity
x86/boot/
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
Revert "r8152: napi hangup fix after disconnect"
r8152: remove calling netif_napi_del
batman-adv: Fix netlink dumping of all mcast_flags buckets
libbpf: fix erroneous multi-closing of BTF FD
libbpf: set BTF FD for prog only when there is supported .BTF.ext data
netfilter: nf_flow_table: fix offload for flows that are subject to xfrm
clk: samsung: Change signature of exynos5_
clk: samsung: exynos5800: Move MAU subsystem clocks to MAU sub-CMU
clk: samsung: exynos542x: Move MSCL subsystem clocks to its sub-CMU
netfilter: nf_flow_table: conntrack picks up expired flows
netfilter: nf_flow_table: teardown flow timeout race
ixgbe: fix possible deadlock in ixgbe_service_
nvme: Fix cntlid validation when not using NVMEoF
RDMA/cma: fix null-ptr-deref Read in cma_cleanup
RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_
gpio: Fix irqchip initialization order
UBUNTU: upstream stable to v4.19.72, v5.2.14
CVE References
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
description: | updated |
Changed in linux (Ubuntu Disco): | |
status: | New → In Progress |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
description: | updated |
Changed in linux (Ubuntu): | |
status: | Confirmed → Invalid |
The following commit has already been applied:
* 0e5d82def1ef net/rds: Fix info leak in rds6_inc_ info_copy( )
- Already applied for CVE-2019-16714