Bionic update: upstream stable patchset 2021-08-03
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Kamal Mostafa |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2021-08-03
from git://git.
ALSA: usb-audio: fix rate on Ozone Z90 USB headset
media: dvb-usb: fix wrong definition
Input: usbtouchscreen - fix control-request directions
net: can: ems_usb: fix use-after-free in ems_usb_
usb: gadget: eem: fix echo command packet response issue
USB: cdc-acm: blacklist Heimann USB Appset device
ntfs: fix validity check for file name attribute
iov_iter_
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
ARM: dts: at91: sama5d4: fix pinctrl muxing
btrfs: send: fix invalid path for unlink operations after parent orphanization
btrfs: clear defrag status of a root if starting transaction fails
ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle
ext4: fix kernel infoleak via ext4_extent_header
ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
ext4: remove check for zero nr_to_scan in ext4_es_scan()
ext4: fix avefreec in find_group_orlov
ext4: use ext4_grp_
can: gw: synchronize rcu operations before removing gw job entry
can: peak_pciefd: pucan_handle_
SUNRPC: Fix the batch tasks count wraparound.
SUNRPC: Should wake up the privileged task firstly.
s390/cio: dont call css_wait_
rtc: stm32: Fix unbalanced clk_disable_
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
serial_cs: remove wrong GLOBETROTTER.cis entry
ath9k: Fix kernel NULL pointer dereference during ath_reset_
ssb: sdio: Don't overwrite const buffer if block_write fails
rsi: Assign beacon rate settings to the correct rate_info descriptor field
seq_buf: Make trace_seq_
fuse: check connected before queueing on fpq->io
spi: Make of_register_
spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
spi: spi-topcliff-pch: Fix potential double free in pch_spi_
spi: omap-100k: Fix the length judgment problem
crypto: nx - add missing MODULE_DEVICE_TABLE
media: cpia2: fix memory leak in cpia2_usb_probe
media: cobalt: fix race condition in setting HPD
media: pvrusb2: fix warning in pvr2_i2c_core_done
crypto: qat - check return code of qat_hal_
crypto: qat - remove unused macro in FW loader
media: em28xx: Fix possible memory leak of em28xx struct
media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
media: bt8xx: Fix a missing check bug in bt878_probe
media: st-hva: Fix potential NULL pointer dereferences
media: dvd_usb: memory leak in cinergyt2_fe_attach
mmc: via-sdmmc: add a check against NULL pointer dereference
crypto: shash - avoid comparing pointers to exported functions under CFI
media: dvb_net: avoid speculation from net slot
media: siano: fix device register error path
btrfs: fix error handling in __btrfs_
btrfs: abort transaction if we fail to update the delayed inode
btrfs: disable build on platforms having page size 256K
regulator: da9052: Ensure enough delay time for .set_voltage_
HID: do not use down_interrupti
ACPI: processor idle: Fix up C-state latency if not ordered
hv_utils: Fix passing zero to 'PTR_ERR' warning
lib: vsprintf: Fix handling of number field widths in vsscanf
ACPI: EC: Make more Asus laptops use ECDT _GPE
block_dump: remove block_dump feature in mark_inode_dirty()
fs: dlm: cancel work sync othercon
random32: Fix implicit truncation warning in prandom_
fs: dlm: fix memory leak when fenced
ACPICA: Fix memory leak caused by _CID repair function
ACPI: bus: Call kobject_put() in acpi_init() error path
platform/x86: toshiba_acpi: Fix missing error code in toshiba_
ACPI: tables: Add custom DSDT file as makefile prerequisite
HID: wacom: Correct base usage for capacitive ExpressKey status bits
ia64: mca_drv: fix incorrect array size calculation
media: s5p_cec: decrement usage count if disabled
crypto: ixp4xx - dma_unmap the correct address
crypto: ux500 - Fix error return code in hash_hw_final()
sata_highbank: fix deferred probing
pata_rb532_cf: fix deferred probing
media: I2C: change 'RST' to "RSET" to fix multiple build errors
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
crypto: ccp - Fix a resource leak in an error handling path
pata_ep93xx: fix deferred probing
media: exynos4-is: Fix a use after free in isp_video_release
media: tc358743: Fix error return code in tc358743_probe_of()
media: siano: Fix out-of-bounds warnings in smscore_
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
hwmon: (max31722) Remove non-standard ACPI device IDs
hwmon: (max31790) Fix fan speed reporting for fan7..12
btrfs: clear log tree recovering status if starting transaction fails
spi: spi-sun6i: Fix chipselect/clock bug
crypto: nx - Fix RCU warning in nx842_OF_upd_status
ACPI: sysfs: Fix a buffer overrun problem with description_show()
ocfs2: fix snprintf() checking
net: pch_gbe: Propagate error from devm_gpio_
drm/rockchip: cdn-dp-core: add missing clk_disable_
ehea: fix error return code in ehea_restart_qps()
RDMA/rxe: Fix failure during driver load
drm: qxl: ensure surf.data is ininitialized
wireless: carl9170: fix LEDS build errors & warnings
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
ath10k: Fix an error code in ath10k_
netlabel: Fix memory leak in netlbl_
netfilter: nft_exthdr: check for IPv6 packet before further processing
samples/bpf: Fix the error return code of xdp_redirect's main()
net: ethernet: aeroflex: fix UAF in greth_of_remove
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: ezchip: fix error handling
pkt_sched: sch_qfq: fix qfq_change_class() error path
vxlan: add missing rcu_read_lock() in neigh_reduce()
net: bcmgenet: Fix attaching to PYH failed on RPi 4B
i40e: Fix error handling in i40e_vsi_open
Revert "ibmvnic: remove duplicate napi_schedule call in open function"
Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
writeback: fix obtain a reference to a freeing memcg css
net: sched: fix warning in tcindex_
tty: nozomi: Fix a resource leak in an error handling function
mwifiex: re-fix for unaligned accesses
iio: adis_buffer: do not return ints in irq handlers
iio: accel: bma180: Fix buffer alignment in iio_push_
iio: accel: bma220: Fix buffer alignment in iio_push_
iio: accel: hid: Fix buffer alignment in iio_push_
iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_
iio: accel: stk8312: Fix buffer alignment in iio_push_
iio: accel: stk8ba50: Fix buffer alignment in iio_push_
iio: adc: ti-ads1015: Fix buffer alignment in iio_push_
iio: adc: vf610: Fix buffer alignment in iio_push_
iio: gyro: bmg160: Fix buffer alignment in iio_push_
iio: humidity: am2315: Fix buffer alignment in iio_push_
iio: prox: srf08: Fix buffer alignment in iio_push_
iio: prox: pulsed-light: Fix buffer alignment in iio_push_
iio: prox: as3935: Fix buffer alignment in iio_push_
iio: light: isl29125: Fix buffer alignment in iio_push_
iio: light: tcs3414: Fix buffer alignment in iio_push_
iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_
ASoC: hisilicon: fix missing clk_disable_
Input: hil_kbd - fix error return code in hil_dev_connect()
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
tty: nozomi: Fix the error handling path of 'nozomi_
scsi: FlashPoint: Rename si_flags field
s390: appldata depends on PROC_SYSCTL
eeprom: idt_89hpesx: Put fwnode in matching case during ->probe()
iio: adc: mxs-lradc: Fix buffer alignment in iio_push_
staging: gdm724x: check for buffer overflow in gdm_lte_
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
ASoC: cs42l42: Correct definition of CS42L42_
of: Fix truncation of memory sizes on 32-bit platforms
scsi: mpt3sas: Fix error return value in _scsih_
phy: ti: dm816x: Fix the error handling path in 'dm816x_
extcon: sm5502: Drop invalid register write in sm5502_reg_data
extcon: max8997: Add missing modalias string
configfs: fix memleak in configfs_
leds: as3645a: Fix error return code in as3645a_
leds: ktd2692: Fix an error handling path
mm/huge_memory.c: don't discard hugepage if other processes are mapping it
selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
mmc: vub3000: fix control-request direction
scsi: core: Retry I/O for Notify (Enable Spinup) Required error
drm/mxsfb: Don't select DRM_KMS_FB_HELPER
drm/zte: Don't select DRM_KMS_FB_HELPER
drm/amd/
net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
hugetlb: clear huge pte during flush function on mips platform
atm: iphase: fix possible use-after-free in ia_module_exit()
mISDN: fix possible use-after-free in HFC_cleanup()
atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
net: Treat __napi_
reiserfs: add check for invalid 1st journal block
drm/virtio: Fix double free on probe failure
udf: Fix NULL pointer dereference in udf_symlink function
e100: handle eeprom as little endian
clk: renesas: r8a77995: Add ZA2 clock
clk: tegra: Ensure that PLLU configuration is applied properly
ipv6: use prandom_u32() for ID generation
RDMA/cxgb4: Fix missing error code in create_qp()
dm space maps: don't reset space map allocation cursor when committing
virtio_net: Remove BUG() to avoid machine dead
net: bcmgenet: check return value after calling platform_
net: micrel: check return value after calling platform_
fjes: check return value after calling platform_
selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
xfrm: Fix error reporting in xfrm_state_
wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
wl1251: Fix possible buffer overflow in wl1251_cmd_scan
cw1200: add missing MODULE_DEVICE_TABLE
atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
atm: nicstar: register the interrupt handler in the right place
vsock: notify server to shutdown when client has pending signal
RDMA/rxe: Don't overwrite errno from ib_umem_get()
iwlwifi: mvm: don't change band on bound PHY contexts
sfc: avoid double pci_remove of VFs
sfc: error code if SRIOV cannot be disabled
wireless: wext-spy: Fix out-of-bounds warning
RDMA/cma: Fix rdma_resolve_
Bluetooth: Fix the HCI to MGMT status conversion table
Bluetooth: Shutdown controller after workqueues are flushed or cancelled
Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
sctp: validate from_addr_param return
sctp: add size validation when walking chunks
fscrypt: don't ignore minor_hash when hash is 0
bdi: Do not use freezable workqueue
fuse: reject internal errno
powerpc/barrier: Avoid collision with clang's __lwsync macro
usb: gadget: f_fs: Fix setting of device and driver data cross-references
drm/radeon: Add the missed drm_gem_
pinctrl/amd: Add device HID for new AMD GPIO controller
mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
mmc: core: clear flags before allowing to retune
mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
ata: ahci_sunxi: Disable DIPM
cpu/hotplug: Cure the cpusets trainwreck
ASoC: tegra: Set driver_name=tegra for all machine drivers
qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
ipmi/watchdog: Stop watchdog timer when the current action is 'none'
power: supply: ab8500: Fix an old bug
seq_buf: Fix overflow in seq_buf_
tracing: Simplify & fix saved_tgids logic
ipack/carriers/
dm btree remove: assign new_root only when removal succeeds
media: dtv5100: fix control-request directions
media: zr364xx: fix memory leak in zr364xx_
media: gspca/sq905: fix control-request direction
media: gspca/sunplus: fix zero-length control requests
jfs: fix GPF in diFree
smackfs: restrict bytes count in smk_set_cipso()
KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
tracing: Do not reference char * as a string in histograms
PCI: aardvark: Don't rely on jiffies while holding spinlock
PCI: aardvark: Fix kernel panic during PIO transfer
tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
misc/libmasm/
Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
w1: ds2438: fixing bug that would always get page0
scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
scsi: lpfc: Fix crash when lpfc_sli4_
scsi: core: Cap scsi_host cmd_per_lun at can_queue
tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
fs/jfs: Fix missing error code in lmLogInit()
scsi: iscsi: Add iscsi_cls_conn refcount helpers
scsi: iscsi: Fix shost->max_id use
scsi: qedi: Fix null ref during abort handling
mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
s390/sclp_vt220: fix console name to match device
ALSA: sb: Fix potential double-free of CSP mixer elements
powerpc/ps3: Add dma_mask to ps3_dma_region
gpio: zynq: Check return value of pm_runtime_get_sync
ALSA: ppc: fix error return code in snd_pmac_probe()
selftests/powerpc: Fix "no_handler" EBB selftest
ASoC: soc-core: Fix the error return code in snd_soc_
ALSA: bebob: add support for ToneWeal FW66
usb: gadget: f_hid: fix endianness issue with descriptors
usb: gadget: hid: fix error return code in hid_bind()
powerpc/boot: Fixup device-tree on little endian
backlight: lm3630a: Fix return code of .update_status() callback
ALSA: hda: Add IRQ check for platform_get_irq()
staging: rtl8723bs: fix macro value for 2.4Ghz only device
intel_th: Wait until port is in reset before programming it
i2c: core: Disable client irq on reboot/shutdown
lib/decompress_
pwm: spear: Don't modify HW state in .remove callback
power: supply: ab8500: Avoid NULL pointers
power: supply: max17042: Do not enforce (incorrect) interrupt trigger type
power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
watchdog: Fix possible use-after-free in wdt_startup()
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
watchdog: Fix possible use-after-free by calling del_timer_sync()
watchdog: iTCO_wdt: Account for rebooting on second timeout
x86/fpu: Return proper error codes from user access functions
orangefs: fix orangefs df output.
ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
NFS: nfs_find_
power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
power: supply: ab8500: add missing MODULE_DEVICE_TABLE
pwm: tegra: Don't modify HW state in .remove callback
ACPI: AMBA: Fix resource name in /proc/iomem
ACPI: video: Add quirk for the Dell Vostro 3350
virtio-blk: Fix memory leak among suspend/resume procedure
virtio_net: Fix error handling in virtnet_restore()
virtio_console: Assure used length from device is limited
f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs
PCI/sysfs: Fix dsm_label_
power: supply: rt5033_battery: Fix device tree enumeration
um: fix error return code in slip_open()
um: fix error return code in winch_tramp()
watchdog: aspeed: fix hardware timeout calculation
nfs: fix acl memory leak of posix_acl_create()
ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
x86/fpu: Limit xstate copy size in xstateregs_set()
ALSA: isa: Fix error return code in snd_cmi8330_probe()
NFSv4/pNFS: Don't call _nfs4_pnfs_
hexagon: use common DISCARDS macro
reset: a10sr: add missing of_match_table reference
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
memory: atmel-ebi: add missing of_node_put for loop iteration
rtc: fix snprintf() checking in is_rtc_hctosys()
ARM: dts: r8a7779, marzen: Fix DU clock names
ARM: dts: BCM5301X: Fixup SPI binding
reset: bail if try_module_get() fails
memory: fsl_ifc: fix leak of IO mapping on probe failure
memory: fsl_ifc: fix leak of private memory on probe failure
ARM: dts: am335x: align ti,pindir-
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
mips: always link byteswap helpers into decompressor
mips: disable branch profiling in boot/decompress.o
MIPS: vdso: Invalid GIC access through VDSO
net: bridge: multicast: fix PIM hello router port marking race
ALSA: usb-audio: Fix OOB access at proc output
iio: light: tcs3472: do not free unallocated IRQ
rsi: fix AP mode with WPA failure due to encrypted EAPOL
evm: Execute evm_inode_
evm: fix writing <securityfs>/evm overflow
wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
ssb: Fix error return code in ssb_bus_scan()
brcmfmac: fix setting of station info chains bitmask
ipv6: exthdrs: do not blindly use init_net
i40e: Fix autoneg disabling for non-10GBaseT links
ipv6: fix out-of-bound access in ip6_parse_tlv()
iio: light: tcs3472: Fix buffer alignment in iio_push_
ASoC: rsnd: tidyup loop on rsnd_adg_
visorbus: fix error return code in visorchipset_init()
serial: 8250: Actually allow UPF_MAGIC_
powerpc: Offline CPU in stop_this_cpu()
serial: mvebu-uart: correctly calculate minimal possible baudrate
arm64: dts: marvell: armada-37xx: Fix reg for standard variant of UART
vfio/pci: Handle concurrent vma faults
clocksource/
coresight: tmc-etf: Fix global-
PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
media: subdev: disallow ioctl for saa6588/davinci
PCI: iproc: Fix multi-MSI base vector number allocation
PCI: iproc: Support multi-MSI only on uniprocessor kernel
virtio_net: move tx vq operation under tx queue lock
ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1
ARM: dts: am437x: align ti,pindir-
UBUNTU: upstream stable to v4.14.240, v4.19.198
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu Bionic): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
Changed in linux (Ubuntu): | |
status: | Confirmed → Invalid |
description: | updated |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package linux - 4.15.0-156.163
---------------
linux (4.15.0-156.163) bionic; urgency=medium
* bionic/linux: 4.15.0-156.163 -proposed tracker (LP: #1940162)
* linux (LP: #1940564)
- SAUCE: Revert "scsi: core: Cap scsi_host cmd_per_lun at can_queue"
* fails to launch linux L2 guests on AMD (LP: #1940134) // CVE-2021-3653 CVE-2021- 3653)
- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
(
* fails to launch linux L2 guests on AMD (LP: #1940134)
- SAUCE: Revert "UBUNTU: SAUCE: KVM: nSVM: avoid picking up unsupported bits
from L2 in int_ctl"
linux (4.15.0-155.162) bionic; urgency=medium
* bionic/linux: 4.15.0-155.162 -proposed tracker (LP: #1939833)
* Packaging resync (LP: #1786013) dkms-versions -- update from kernel-versions (main/2021.08.16)
- debian/
* CVE-2021-3656
- SAUCE: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
* CVE-2021-3653
- SAUCE: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
* dev_forward_skb: do not scrub skb mark within the same name space
(LP: #1935040)
- dev_forward_skb: do not scrub skb mark within the same name space
* 'ptrace trace' needed to readlink() /proc/*/ns/* files on older kernels
(LP: #1890848)
- apparmor: fix ptrace read check
* Bionic update: upstream stable patchset 2021-08-03 (LP: #1938824) disconnect( ) fault_in_ readable( ) should do nothing in xarray case locked_ error in mb_find_extent status( ): fix a potential starvation issue in for_slow_ path() inside a lock unprepare( ) on probe error path
- ALSA: usb-audio: fix rate on Ozone Z90 USB headset
- media: dvb-usb: fix wrong definition
- Input: usbtouchscreen - fix control-request directions
- net: can: ems_usb: fix use-after-free in ems_usb_
- usb: gadget: eem: fix echo command packet response issue
- USB: cdc-acm: blacklist Heimann USB Appset device
- ntfs: fix validity check for file name attribute
- iov_iter_
- Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
- ARM: dts: at91: sama5d4: fix pinctrl muxing
- btrfs: send: fix invalid path for unlink operations after parent
orphanization
- btrfs: clear defrag status of a root if starting transaction fails
- ext4: cleanup in-core orphan list if ext4_truncate() failed to get a
transaction handle
- ext4: fix kernel infoleak via ext4_extent_header
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
- ext4: remove check for zero nr_to_scan in ext4_es_scan()
- ext4: fix avefreec in find_group_orlov
- ext4: use ext4_grp_
- can: gw: synchronize rcu operations before removing gw job entry
- can: peak_pciefd: pucan_handle_
TX path
- SUNRPC: Fix the batch tasks count wraparound.
- SUNRPC: Should wake up the privileged task firstly.
- s390/cio: dont call css_wait_
- rtc: stm32: Fix unbalanced clk_disable_
- iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA
as volatile, too
- iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
- iio: ltr501: ltr501_read_ps(): add missing endianness con...