This bug was fixed in the package linux-raspi2 - 4.4.0-1126.135 --------------- linux-raspi2 (4.4.0-1126.135) xenial; urgency=medium * xenial/linux-raspi2: 4.4.0-1126.135 -proposed tracker (LP: #1852300) * Xenial update: 4.4.200 upstream stable release (LP: #1852110) - raspi2: [Config] CONFIG_HARDEN_BRANCH_PREDICTOR=y [ Ubuntu: 4.4.0-170.199 ] * xenial/linux: 4.4.0-170.199 -proposed tracker (LP: #1852306) * update ENA driver to version 2.1.0 (LP: #1850175) - net: ena: fix: set freed objects to NULL to avoid failing future allocations - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry - net: ena: fix: Free napi resources when ena_up() fails - net: ena: fix incorrect test of supported hash function - net: ena: fix return value of ena_com_config_llq_info() - net: ena: improve latency by disabling adaptive interrupt moderation by default - net: ena: fix ena_com_fill_hash_function() implementation - net: ena: add handling of llq max tx burst size - net: ena: ethtool: add extra properties retrieval via get_priv_flags - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring - net: ena: arrange ena_probe() function variables in reverse christmas tree - net: ena: add newline at the end of pr_err prints - net: ena: allow automatic fallback to polling mode - net: ena: add support for changing max_header_size in LLQ mode - net: ena: optimise calculations for CQ doorbell - net: ena: add good checksum counter - net: ena: use dev_info_once instead of static variable - net: ena: add MAX_QUEUES_EXT get feature admin command - net: ena: enable negotiating larger Rx ring size - net: ena: make ethtool show correct current and max queue sizes - net: ena: allow queue allocation backoff when low on memory - net: ena: add ethtool function for changing io queue sizes - net: ena: remove inline keyword from functions in *.c - net: ena: update driver version from 2.0.3 to 2.1.0 - net: ena: Fix bug where ring allocation backoff stopped too late - Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" - net: ena: don't wake up tx queue when down - net: ena: clean up indentation issue * Bionic update: upstream stable patchset 2019-08-01 (LP: #1838700) // update ENA driver to version 2.1.0 (LP: #1850175) - net: ena: gcc 8: fix compilation warning * Skip frame when buffer overflow on UVC camera (LP: #1849871) - media: uvcvideo: Mark buffer error where overflow * CVE-2018-20784 - sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c - sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list - sched/fair: Add tmp_alone_branch assertion - sched/fair: Fix insertion in rq->leaf_cfs_rq_list - sched/fair: Optimize update_blocked_averages() - sched/fair: Fix O(nr_cgroups) in the load balancing path * Xenial update: 4.4.200 upstream stable release (LP: #1852110) - kbuild: add -fcf-protection=none when using retpoline flags - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized - ASoc: rockchip: i2s: Fix RPM imbalance - ARM: dts: logicpd-torpedo-som: Remove twl_keypad - ARM: mm: fix alignment handler faults under memory pressure - scsi: sni_53c710: fix compilation error - scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE - perf kmem: Fix memory leak in compact_gfp_flags() - scsi: target: core: Do not overwrite CDB byte 1 - of: unittest: fix memory leak in unittest_data_add - MIPS: bmips: mark exception vectors as char arrays - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs - dccp: do not leak jiffies on the wire - net: fix sk_page_frag() recursion from memory reclaim - net: hisilicon: Fix ping latency when deal with high throughput - SAUCE: Revert "net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()" - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() - vxlan: check tun_info options_len properly - net/mlx4_core: Dynamically set guaranteed amount of counters per VF - inet: stop leaking jiffies on the wire - net/flow_dissector: switch to siphash - dmaengine: qcom: bam_dma: Fix resource leak - ARM: 8051/1: put_user: fix possible data corruption in put_user - ARM: 8478/2: arm/arm64: add arm-smccc - ARM: 8479/2: add implementation for arm-smccc - ARM: 8480/2: arm64: add implementation for arm-smccc - ARM: 8481/2: drivers: psci: replace psci firmware calls - ARM: uaccess: remove put_user() code duplication - ARM: Move system register accessors to asm/cp15.h - arm/arm64: KVM: Advertise SMCCC v1.1 - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support - firmware/psci: Expose PSCI conduit - firmware/psci: Expose SMCCC version through psci_ops - arm/arm64: smccc: Make function identifiers an unsigned quantity - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive - arm/arm64: smccc: Add SMCCC-specific return codes - arm/arm64: smccc-1.1: Make return values unsigned long - arm/arm64: smccc-1.1: Handle function result as parameters - ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs - ARM: bugs: prepare processor bug infrastructure - ARM: bugs: hook processor bug checking into SMP and suspend paths - ARM: bugs: add support for per-processor bug checking - ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre - ARM: spectre-v2: harden branch predictor on context switches - ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit - ARM: spectre-v2: harden user aborts in kernel space - ARM: spectre-v2: add firmware based hardening - ARM: spectre-v2: warn about incorrect context switching functions - ARM: spectre-v1: add speculation barrier (csdb) macros - ARM: spectre-v1: add array_index_mask_nospec() implementation - ARM: spectre-v1: fix syscall entry - ARM: signal: copy registers using __copy_from_user() - ARM: vfp: use __copy_from_user() when restoring VFP state - ARM: oabi-compat: copy semops using __copy_from_user() - ARM: use __inttype() in get_user() - ARM: spectre-v1: use get_user() for __get_user() - ARM: spectre-v1: mitigate user accesses - ARM: 8789/1: signal: copy registers using __copy_to_user() - ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state - ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user() - ARM: 8793/1: signal: replace __put_user_error with __put_user - ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit - ARM: 8795/1: spectre-v1.1: use put_user() for __put_user() - ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization - ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc - ARM: make lookup_processor_type() non-__init - ARM: split out processor lookup - ARM: clean up per-processor check_bugs method call - ARM: add PROC_VTABLE and PROC_TABLE macros - ARM: spectre-v2: per-CPU vtables to work around big.Little systems - ARM: ensure that processor vtables is not lost after boot - ARM: fix the cockup in the previous patch - alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP - fs/dcache: move security_d_instantiate() behind attaching dentry to inode - Linux 4.4.200 - updateconfigs for Linux v4.4.200 * Xenial update: 4.4.199 upstream stable release (LP: #1851549) - dm snapshot: use mutex instead of rw_semaphore - dm snapshot: introduce account_start_copy() and account_end_copy() - dm snapshot: rework COW throttling to fix deadlock - dm: Use kzalloc for all structs with embedded biosets/mempools - sc16is7xx: Fix for "Unexpected interrupt: 8" - x86/cpu: Add Atom Tremont (Jacobsville) - scripts/setlocalversion: Improve -dirty check with git-status --no-optional- locks - usb: handle warm-reset port requests on hub resume - exec: load_script: Do not exec truncated interpreter path - iio: fix center temperature of bmc150-accel-core - perf map: Fix overlapped map handling - RDMA/iwcm: Fix a lock inversion issue - fs: cifs: mute -Wunused-const-variable message - serial: mctrl_gpio: Check for NULL pointer - efi/cper: Fix endianness of PCIe class code - efi/x86: Do not clean dummy variable in kexec path - fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() - fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() - MIPS: fw: sni: Fix out of bounds init of o32 stack - NFSv4: Fix leak of clp->cl_acceptor string - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() - USB: legousbtower: fix a signedness bug in tower_probe() - thunderbolt: Use 32-bit writes when writing ring producer/consumer - fuse: flush dirty data/metadata before non-truncate setattr - fuse: truncate pending writes on O_TRUNC - ALSA: bebob: Fix prototype of helper function to return negative value - UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") - USB: gadget: Reject endpoints with 0 maxpacket value - USB: ldusb: fix ring-buffer locking - USB: ldusb: fix control-message timeout - USB: serial: whiteheat: fix potential slab corruption - USB: serial: whiteheat: fix line-speed endianness - HID: Fix assumption that devices have inputs - HID: fix error message in hid_open_report() - nl80211: fix validation of mesh path nexthop - s390/cmm: fix information leak in cmm_timeout_handler() - llc: fix sk_buff leak in llc_sap_state_process() - llc: fix sk_buff leak in llc_conn_service() - bonding: fix potential NULL deref in bond_update_slave_arr - net: usb: sr9800: fix uninitialized local variable - sch_netem: fix rcu splat in netem_enqueue() - sctp: fix the issue that flags are ignored when using kernel_connect - sctp: not bind the socket in sctp_connect - xfs: Correctly invert xfs_buftarg LRU isolation logic - Revert "ALSA: hda: Flush interrupts on disabling" - Linux 4.4.199 * libmbim-proxy using 100% CPU on a Dell Edge Gateway 3002 (LP: #1851347) - USB: cdc-wdm: ignore -EPIPE from GetEncapsulatedResponse * Xenial update: v4.4.198 upstream stable release (LP: #1850454) - scsi: ufs: skip shutdown if hba is not powered - scsi: megaraid: disable device when probe failed after enabled device - scsi: qla2xxx: Fix unbound sleep in fcport delete path. - ARM: OMAP2+: Fix missing reset done flag for am3 and am43 - ARM: dts: am4372: Set memory bandwidth limit for DISPC - nl80211: fix null pointer dereference - mips: Loongson: Fix the link time qualifier of 'serial_exit()' - net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write() - namespace: fix namespace.pl script to support relative paths - loop: Add LOOP_SET_DIRECT_IO to compat ioctl - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 - net: bcmgenet: Set phydev->dev_flags only for internal PHYs - sctp: change sctp_prot .no_autobind with true - net: avoid potential infinite loop in tc_ctl_action() - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid - memfd: Fix locking when tagging pins - USB: legousbtower: fix memleak on disconnect - usb: udc: lpc32xx: fix bad bit shift operation - USB: serial: ti_usb_3410_5052: fix port-close races - USB: ldusb: fix memleak on disconnect - USB: usblp: fix use-after-free on disconnect - USB: ldusb: fix read info leaks - scsi: core: try to get module before removing device - ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting - cfg80211: wext: avoid copying malformed SSIDs - mac80211: Reject malformed SSID elements - scsi: zfcp: fix reaction on bit error threshold notification - mm/slub: fix a deadlock in show_slab_objects() - xtensa: drop EXPORT_SYMBOL for outs*/ins* - parisc: Fix vmap memory leak in ioremap()/iounmap() - CIFS: avoid using MID 0xFFFF - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' - cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown - xen/netback: fix error path of xenvif_connect_data() - PCI: PM: Fix pci_power_up() - net: sched: Fix memory exposure from short TCA_U32_SEL - RDMA/cxgb4: Do not dma memory off of the stack - Linux 4.4.198 * Colour banding in Lenovo G50-80 laptop display (i915) (LP: #1819968) // Xenial update: v4.4.198 upstream stable release (LP: #1850454) - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 [ Ubuntu: 4.4.0-169.198 ] * Incomplete i915 fix for 64-bit x86 kernels (LP: #1852141) // CVE-2019-0155 - SAUCE: drm/i915/cmdparser: Fix jump whitelist clearing [ Ubuntu: 4.4.0-168.197 ] * CVE-2018-12207 - KVM: x86: MMU: Encapsulate the type of rmap-chain head in a new struct - KVM: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault() - KVM: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault() - KVM: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed - KVM: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage - KVM: x86: MMU: Make mmu_set_spte() return emulate value - KVM: x86: MMU: Move initialization of parent_ptes out from kvm_mmu_alloc_page() - KVM: x86: MMU: always set accessed bit in shadow PTEs - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to link_shadow_page() - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page() - KVM: x86: simplify ept_misconfig - KVM: x86: extend usage of RET_MMIO_PF_* constants - KVM: MMU: drop vcpu param in gpte_access - kvm: Convert kvm_lock to a mutex - kvm: x86: Do not release the page inside mmu_set_spte() - KVM: x86: make FNAME(fetch) and __direct_map more similar - KVM: x86: remove now unneeded hugepage gfn adjustment - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation - SAUCE: kvm: Add helper function for creating VM worker threads - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT * CVE-2019-11135 - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts - KVM: x86: use Intel speculation bugs and features as derived in generic x86 code - x86/msr: Add the IA32_TSX_CTRL MSR - x86/cpu: Add a helper function x86_read_arch_cap_msr() - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default - x86/speculation/taa: Add mitigation for TSX Async Abort - x86/speculation/taa: Add sysfs reporting for TSX Async Abort - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled - x86/tsx: Add "auto" option to the tsx= cmdline parameter - x86/speculation/taa: Add documentation for TSX Async Abort - x86/tsx: Add config options to set tsx=on|off|auto - SAUCE: x86/speculation/taa: Call tsx_init() - SAUCE: x86/cpu: Include cpu header from bugs.c - [Config] Disable TSX by default when possible * CVE-2019-0154 - SAUCE: i915_bpo: drm/i915: Lower RM timeout to avoid DSI hard hangs - SAUCE: i915_bpo: drm/i915/gen8+: Add RC6 CTX corruption WA - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA * CVE-2019-0155 - SAUCE: i915_bpo: drm/i915/gtt: Add read only pages to gen8_pte_encode - SAUCE: i915_bpo: drm/i915/gtt: Read-only pages for insert_entries on bdw+ - SAUCE: i915_bpo: drm/i915/gtt: Disable read-only support under GVT - SAUCE: i915_bpo: drm/i915: Rename gen7 cmdparser tables - SAUCE: i915_bpo: drm/i915: Disable Secure Batches for gen6+ - SAUCE: i915_bpo: drm/i915/cmdparser: Use binary search for faster register lookup - SAUCE: i915_bpo: drm/i915/cmdparser: Check reg_table_count before derefencing. - SAUCE: i915_bpo: drm/i915: Remove Master tables from cmdparser - SAUCE: i915_bpo: drm/i915: Add support for mandatory cmdparsing - SAUCE: i915_bpo: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers - SAUCE: i915_bpo: drm/i915: Allow parsing of unsized batches - SAUCE: i915_bpo: drm/i915: Add gen9 BCS cmdparsing - SAUCE: i915_bpo: drm/i915/cmdparser: Add support for backward jumps - SAUCE: i915_bpo: drm/i915/cmdparser: Ignore Length operands during command matching -- Manoj Iyer