Bug #1847189 “Bad posix clock speculation mitigation backport” : Bugs : linux package : Ubuntu

Tyler Hicks (tyhicks) on 2019-10-08

Changed in linux (Ubuntu Xenial):
status:	New → In Progress
assignee:	nobody → Tyler Hicks (tyhicks)
importance:	Undecided → Medium
Changed in linux (Ubuntu):
status:	In Progress → Invalid
assignee:	Tyler Hicks (tyhicks) → nobody

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2019-10-08:

#1

Fix submitted: https://lists.ubuntu.com/archives/kernel-team/2019-October/104582.html

Kleber Sacilotto de Souza (kleber-souza) on 2019-10-16

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-10-22:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2019-10-22:

#3

I've verified the kernel in xenial-proposed:

tyhicks@sec-xenial-amd64:~$ cat /proc/version_signature
Ubuntu 4.4.0-167.196-generic 4.4.197
tyhicks@sec-xenial-amd64:~$ cat test.c
#include <stdio.h>
#include <time.h>

int main(void)
{
int rc = clock_gettime(10, 0);

if (rc < 0)
perror("clock_gettime");

return rc;
}
tyhicks@sec-xenial-amd64:~$ gcc -o test test.c
tyhicks@sec-xenial-amd64:~$ ./test
clock_gettime: Invalid argument

There's no NULL pointer deref or any other sort of error induced by the test case in the kernel log.

tags:

added: verification-done-xenial
removed: verification-needed-xenial

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-11-12:

#4

Download full text (18.6 KiB)

This bug was fixed in the package linux - 4.4.0-168.197

---------------
linux (4.4.0-168.197) xenial; urgency=medium

  * CVE-2018-12207
    - KVM: x86: MMU: Encapsulate the type of rmap-chain head in a new struct
    - KVM: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault()
    - KVM: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault()
    - KVM: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed
    - KVM: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage
    - KVM: x86: MMU: Make mmu_set_spte() return emulate value
    - KVM: x86: MMU: Move initialization of parent_ptes out from
      kvm_mmu_alloc_page()
    - KVM: x86: MMU: always set accessed bit in shadow PTEs
    - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to
      link_shadow_page()
    - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page()
    - KVM: x86: simplify ept_misconfig
    - KVM: x86: extend usage of RET_MMIO_PF_* constants
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: i915_bpo: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: i915_bpo: drm/i915/gen8+: Add RC6 CTX corruption WA
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - SAUCE: i915_bpo: drm/i915/gtt: Add read only pages to gen8_pte_encode
    - SAUCE: i915_bpo: drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - SAUCE: i915_bpo: drm/i915/gtt: Disable read-on...

This bug was fixed in the package linux - 4.4.0-168.197

---------------
linux (4.4.0-168.197) xenial; urgency=medium

* CVE-2018-12207
    - KVM: x86: MMU: Encapsulate the type of rmap-chain head in a new struct
    - KVM: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault()
    - KVM: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault()
    - KVM: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed
    - KVM: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage
    - KVM: x86: MMU: Make mmu_set_spte() return emulate value
    - KVM: x86: MMU: Move initialization of parent_ptes out from
      kvm_mmu_alloc_page()
    - KVM: x86: MMU: always set accessed bit in shadow PTEs
    - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to
      link_shadow_page()
    - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page()
    - KVM: x86: simplify ept_misconfig
    - KVM: x86: extend usage of RET_MMIO_PF_* constants
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

* CVE-2019-11135
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

* CVE-2019-0154
    - SAUCE: i915_bpo: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: i915_bpo: drm/i915/gen8+: Add RC6 CTX corruption WA
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

* CVE-2019-0155
    - SAUCE: i915_bpo: drm/i915/gtt: Add read only pages to gen8_pte_encode
    - SAUCE: i915_bpo: drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - SAUCE: i915_bpo: drm/i915/gtt: Disable read-only support under GVT
    - SAUCE: i915_bpo: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: i915_bpo: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: i915_bpo: drm/i915/cmdparser: Use binary search for faster register
      lookup
    - SAUCE: i915_bpo: drm/i915/cmdparser: Check reg_table_count before
      derefencing.
    - SAUCE: i915_bpo: drm/i915: Remove Master tables from cmdparser
    - SAUCE: i915_bpo: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: i915_bpo: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: i915_bpo: drm/i915: Allow parsing of unsized batches
    - SAUCE: i915_bpo: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: i915_bpo: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: i915_bpo: drm/i915/cmdparser: Ignore Length operands during command
      matching

linux (4.4.0-167.196) xenial; urgency=medium

* xenial/linux: 4.4.0-167.196 -proposed tracker (LP: #1849051)

* Xenial update: 4.4.197 upstream stable release (LP: #1848780)
    - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
    - s390/topology: avoid firing events before kobjs are created
    - s390/cio: avoid calling strlen on null pointer
    - s390/cio: exclude subchannels with no parent from pseudo check
    - KVM: nVMX: handle page fault in vmread fix
    - ASoC: Define a set of DAPM pre/post-up events
    - powerpc/powernv: Restrict OPAL symbol map to only be readable by root
    - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
    - crypto: qat - Silence smp_processor_id() warning
    - ieee802154: atusb: fix use-after-free at disconnect
    - cfg80211: initialize on-stack chandefs
    - ima: always return negative code for error
    - fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
    - 9p: avoid attaching writeback_fid on mmap with type PRIVATE
    - xen/pci: reserve MCFG areas earlier
    - ceph: fix directories inode i_blkbits initialization
    - drm/amdgpu: Check for valid number of registers to read
    - thermal: Fix use-after-free when unregistering thermal zone device
    - fuse: fix memleak in cuse_channel_open
    - kernel/elfcore.c: include proper prototypes
    - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
    - perf stat: Fix a segmentation fault when using repeat forever
    - crypto: caam - fix concurrency issue in givencrypt descriptor
    - cfg80211: add and use strongly typed element iteration macros
    - cfg80211: Use const more consistently in for_each_element macros
    - nl80211: validate beacon head
    - ASoC: sgtl5000: Improve VAG power and mute control
    - panic: ensure preemption is disabled during panic()
    - [Config] updateconfigs for USB_RIO500
    - USB: rio500: Remove Rio 500 kernel driver
    - USB: yurex: Don't retry on unexpected errors
    - USB: yurex: fix NULL-derefs on disconnect
    - USB: usb-skeleton: fix runtime PM after driver unbind
    - USB: usb-skeleton: fix NULL-deref on disconnect
    - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
    - xhci: Check all endpoints for LPM timeout
    - usb: xhci: wait for CNR controller not ready bit in xhci resume
    - USB: adutux: remove redundant variable minor
    - USB: adutux: fix use-after-free on disconnect
    - USB: adutux: fix NULL-derefs on disconnect
    - USB: adutux: fix use-after-free on release
    - USB: iowarrior: fix use-after-free on disconnect
    - USB: iowarrior: fix use-after-free on release
    - USB: iowarrior: fix use-after-free after driver unbind
    - USB: usblp: fix runtime PM after driver unbind
    - USB: chaoskey: fix use-after-free on release
    - USB: ldusb: fix NULL-derefs on driver unbind
    - serial: uartlite: fix exit path null pointer
    - USB: serial: keyspan: fix NULL-derefs on open() and write()
    - USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
    - USB: serial: option: add Telit FN980 compositions
    - USB: serial: option: add support for Cinterion CLS8 devices
    - USB: serial: fix runtime PM after driver unbind
    - USB: usblcd: fix I/O after disconnect
    - USB: microtek: fix info-leak at probe
    - USB: dummy-hcd: fix power budget for SuperSpeed mode
    - usb: renesas_usbhs: gadget: Do not discard queues in
      usb_ep_set_{halt,wedge}()
    - usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
    - USB: legousbtower: fix slab info leak at probe
    - USB: legousbtower: fix deadlock on disconnect
    - USB: legousbtower: fix potential NULL-deref on disconnect
    - USB: legousbtower: fix open after failed reset request
    - USB: legousbtower: fix use-after-free on release
    - staging: vt6655: Fix memory leak in vt6655_probe
    - iio: adc: ad799x: fix probe error handling
    - iio: light: opt3001: fix mutex unlock race
    - perf llvm: Don't access out-of-scope array
    - CIFS: Gracefully handle QueryInfo errors during open
    - CIFS: Force reval dentry if LOOKUP_REVAL flag is set
    - kernel/sysctl.c: do not override max_threads provided by userspace
    - arm64: capabilities: Handle sign of the feature bit
    - arm64: Rename cpuid_feature field extract routines
    - Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
    - cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
    - CIFS: Force revalidate inode when dentry is stale
    - media: stkwebcam: fix runtime PM after driver unbind
    - tracing: Get trace_array reference for available_tracers files
    - x86/asm: Fix MWAITX C-state hint value
    - Linux 4.4.197
    - [Config] updateconfigs for USB_RIO500

* CVE-2019-17666
    - SAUCE: rtlwifi: Fix potential overflow on P2P code

* Suspend stopped working from 4.4.0-157 onwards (LP: #1844021) // Xenial
    update: 4.4.197 upstream stable release (LP: #1848780)
    - xhci: Increase STS_SAVE timeout in xhci_suspend()

* Ubuntu 16.04.6 - Shared CEX7C cards defined in z/VM guest not established by
    zcrypt device driver (LP: #1848173)
    - SAUCE: s390/zcrypt: CEX7 toleration support

* Xenial update: 4.4.196 upstream stable release (LP: #1848598)
    - video: ssd1307fb: Start page range at page_offset
    - gpu: drm: radeon: Fix a possible null-pointer dereference in
      radeon_connector_set_property()
    - ipmi_si: Only schedule continuously in the thread in maintenance mode
    - clk: qoriq: Fix -Wunused-const-variable
    - clk: sirf: Don't reference clk_init_data after registration
    - powerpc/rtas: use device model APIs and serialization during LPM
    - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this
      function
    - powerpc/pseries/mobility: use cond_resched when updating device tree
    - pinctrl: tegra: Fix write barrier placement in pmx_writel
    - vfio_pci: Restore original state on release
    - powerpc/64s/exception: machine check use correct cfar for late handler
    - powerpc/pseries: correctly track irq state in default idle
    - scsi: core: Reduce memory required for SCSI logging
    - mfd: intel-lpss: Remove D3cold delay
    - ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as
      writes
    - HID: apple: Fix stuck function keys when using FN
    - security: smack: Fix possible null-pointer dereferences in
      smack_socket_sock_rcv_skb()
    - fat: work around race with userspace's read via blockdev while mounting
    - hypfs: Fix error number left in struct pointer member
    - ocfs2: wait for recovering done after direct unlock request
    - kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
    - ANDROID: binder: remove waitqueue when thread exits.
    - ANDROID: binder: synchronize_rcu() when using POLLFREE.
    - hso: fix NULL-deref on tty open
    - ipv6: drop incoming packets having a v4mapped source address
    - net: ipv4: avoid mixed n_redirects and rate_tokens usage
    - net: qlogic: Fix memory leak in ql_alloc_large_buffers
    - nfc: fix memory leak in llcp_sock_bind()
    - sch_dsmark: fix potential NULL deref in dsmark_init()
    - xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
    - net/rds: Fix error handling in rds_ib_add_one()
    - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
    - Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
    - smack: use GFP_NOFS while holding inode_smack::smk_lock
    - NFC: fix attrs checks in netlink interface
    - Linux 4.4.196

* Xenial update: 4.4.195 upstream stable release (LP: #1848589)
    - Revert "Bluetooth: validate BLE connection interval updates"
    - HID: prodikeys: Fix general protection fault during probe
    - HID: lg: make transfer buffers DMA capable
    - HID: logitech: Fix general protection fault caused by Logitech driver
    - HID: hidraw: Fix invalid read in hidraw_ioctl
    - mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
    - crypto: talitos - fix missing break in switch statement
    - net: rds: Fix NULL ptr use in rds_tcp_kill_sock
    - ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
    - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
    - SAUCE: Revert "mac80211: handle deauthentication/disassociation from TDLS
      peer"
    - mac80211: Print text for disassociation reason
    - mac80211: handle deauthentication/disassociation from TDLS peer
    - locking/lockdep: Add debug_locks check in __lock_downgrade()
    - irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
    - f2fs: check all the data segments against all node ones
    - Revert "f2fs: avoid out-of-range memory access"
    - f2fs: fix to do sanity check on segment bitmap of LFS curseg
    - drm: Flush output polling on shutdown
    - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
    - arcnet: provide a buffer big enough to actually receive packets
    - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
    - net/phy: fix DP83865 10 Mbps HDX loopback disable function
    - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
    - sch_netem: fix a divide by zero in tabledist()
    - skge: fix checksum byte order
    - usbnet: ignore endpoints with invalid wMaxPacketSize
    - usbnet: sanity checking of packet sizes and device mtu
    - ALSA: hda: Flush interrupts on disabling
    - ASoC: sgtl5000: Fix charge pump source assignment
    - dmaengine: bcm2835: Print error in case setting DMA mask fails
    - leds: leds-lp5562 allow firmware files up to the maximum length
    - media: dib0700: fix link error for dibx000_i2c_set_speed
    - media: hdpvr: Add device num check and handling
    - sched/fair: Fix imbalance due to CPU affinity
    - sched/core: Fix CPU controller for !RT_GROUP_SCHED
    - x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI
      fails
    - x86/apic: Soft disable APIC before initializing it
    - ALSA: hda - Show the fatal CORB/RIRB error more clearly
    - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in
      build_adc_controls()
    - media: iguanair: add sanity checks
    - base: soc: Export soc_device_register/unregister APIs
    - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
    - ia64:unwind: fix double free for mod->arch.init_unw_table
    - md: don't call spare_active in md_reap_sync_thread if all member devices
      can't work
    - md: don't set In_sync if array is frozen
    - efi: cper: print AER info of PCIe fatal error
    - media: gspca: zero usb_buf on error
    - dmaengine: iop-adma: use correct printk format strings
    - media: omap3isp: Don't set streaming state on random subdevs
    - net: lpc-enet: fix printk format strings
    - media: radio/si470x: kill urb on error
    - media: hdpvr: add terminating 0 at end of string
    - media: saa7146: add cleanup in hexium_attach()
    - media: cpia2_usb: fix memory leaks
    - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
    - media: ov9650: add a sanity check
    - ACPI / CPPC: do not require the _PSD method
    - libtraceevent: Change users plugin directory
    - ACPI: custom_method: fix memory leaks
    - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
    - md/raid1: fail run raid1 array when active disk less than one
    - dmaengine: ti: edma: Do not reset reserved paRAM slots
    - kprobes: Prohibit probing on BUG() and WARN() address
    - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
    - mmc: sdhci: Fix incorrect switch to HS mode
    - libertas: Add missing sentinel at end of if_usb.c fw_table
    - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
    - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
    - btrfs: extent-tree: Make sure we only allocate extents from block groups
      with the same type
    - media: omap3isp: Set device on omap3isp subdevs
    - ALSA: firewire-tascam: handle error code when getting current source of
      clock
    - ALSA: firewire-tascam: check intermediate state of clock status and retry
    - printk: Do not lose last line in kmsg buffer dump
    - fuse: fix missing unlock_page in fuse_writepage()
    - parisc: Disable HP HSC-PCI Cards to prevent kernel crash
    - KVM: x86: always stop emulation on page fault
    - KVM: x86: set ctxt->have_exception in x86_decode_insn()
    - KVM: x86: Manually calculate reserved bits when loading PDPTRS
    - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
    - ASoC: Intel: Fix use of potentially uninitialized variable
    - ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
    - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
    - md/raid6: Set R5_ReadError when there is read failure on parity disk
    - cfg80211: Purge frame registrations on iftype change
    - /dev/mem: Bail out upon SIGKILL.
    - ext4: fix punch hole for inline_data file systems
    - quota: fix wrong condition in is_quota_modification()
    - hwrng: core - don't wait on add_early_randomness()
    - i2c: riic: Clear NACK in tend isr
    - CIFS: Fix oplock handling for SMB 2.1+ protocols
    - ovl: filter of trusted xattr results in audit
    - Btrfs: fix use-after-free when using the tree modification log
    - btrfs: Relinquish CPUs in btrfs_compare_trees
    - Btrfs: fix race setting up and completing qgroup rescan workers
    - Linux 4.4.195

* [Packaging] Support building Flattened Image Tree (FIT) kernels
    (LP: #1847969)
    - [Packaging] add rules to build FIT image
    - [Packaging] force creation of headers directory

* bcache: Performance degradation when querying priority_stats (LP: #1840043)
    - bcache: add cond_resched() in __bch_cache_cmp()

* Add installer support for iwlmvm adapters (LP: #1848236)
    - d-i: Add iwlmvm to nic-modules

* Bad posix clock speculation mitigation backport (LP: #1847189)
    - SAUCE: Fix posix clock speculation mitigation backport

* PM / hibernate: fix potential memory corruption (LP: #1847118)
    - PM / hibernate: memory_bm_find_bit -- tighten node optimisation

* CVE-2019-17056
    - nfc: enforce CAP_NET_RAW for raw sockets

* CVE-2019-17055
    - mISDN: enforce CAP_NET_RAW for raw sockets

* CVE-2019-17054
    - appletalk: enforce CAP_NET_RAW for raw sockets

* CVE-2019-17053
    - ieee802154: enforce CAP_NET_RAW for raw sockets

* CVE-2019-17052
    - ax25: enforce CAP_NET_RAW for raw sockets

* CVE-2019-15098
    - ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()

* arm64: sigaltstack fails with MINSIGSTKSZ for 32-bit processes
    (LP: #1844155)
    - signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
    - arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 06 Nov 2019 09:50:06 +0100

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Ubuntu
linux package

Bad posix clock speculation mitigation backport

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Xenial	Fix Released	Medium	Tyler Hicks

Ubuntulinux package

Bad posix clock speculation mitigation backport

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package