This bug was fixed in the package linux-dell300x - 4.15.0-1038.43 --------------- linux-dell300x (4.15.0-1038.43) bionic; urgency=medium * bionic/linux-dell300x: 4.15.0-1038.43 -proposed tracker (LP: #1964223) [ Ubuntu: 4.15.0-172.181 ] * CVE-2022-0847 - lib/iov_iter: initialize "flags" in new pipe_buffer * Bionic update: upstream stable patchset 2022-02-11 (LP: #1960681) - Bluetooth: bfusb: fix division by zero in send path - USB: core: Fix bug in resuming hub's handling of wakeup requests - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} - random: fix data race on crng_node_pool - random: fix data race on crng init time - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() - media: uvcvideo: fix division by zero at stream start - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled - Bluetooth: schedule SCO timeouts with delayed_work - Bluetooth: fix init and cleanup of sco_conn.timeout_work - HID: uhid: Fix worker destroying device without any protection - HID: wacom: Ignore the confidence flag when a touch is removed - HID: wacom: Avoid using stale array indicies to read contact count - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() - rtc: cmos: take rtc_lock while reading from CMOS - media: flexcop-usb: fix control-message timeouts - media: mceusb: fix control-message timeouts - media: em28xx: fix control-message timeouts - media: cpia2: fix control-message timeouts - media: s2255: fix control-message timeouts - media: dib0700: fix undefined behavior in tuner shutdown - media: redrat3: fix control-message timeouts - media: pvrusb2: fix control-message timeouts - media: stk1160: fix control-message timeouts - can: softing_cs: softingcs_probe(): fix memleak on registration failure - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails - clk: bcm-2835: Pick the closest clock rate - clk: bcm-2835: Remove rounding up the dividers - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND - media: em28xx: fix memory leak in em28xx_init_dev - Bluetooth: stop proccessing malicious adv data - media: dmxdev: fix UAF when dvb_register_device() fails - crypto: qce - fix uaf on qce_ahash_register_one - tty: serial: atmel: Check return code of dmaengine_submit() - tty: serial: atmel: Call dma_async_issue_pending() - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released - netfilter: bridge: add support for pppoe filtering - arm64: dts: qcom: msm8916: fix MMC controller aliases - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() - serial: amba-pl011: do not request memory region twice - floppy: Fix hang in watchdog when disk is ejected - media: dib8000: Fix a memleak in dib8000_init() - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() - media: si2157: Fix "warm" tuner state detection - sched/rt: Try to restart rt period timer when rt runtime exceeded - media: dw2102: Fix use after free - media: msi001: fix possible null-ptr-deref in msi001_probe() - usb: ftdi-elan: fix memory leak on device disconnect - x86/mce/inject: Avoid out-of-bounds write when setting flags - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() - ppp: ensure minimum packet size in ppp_write() - fsl/fman: Check for null pointer after calling devm_ioremap - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe - tpm: add request_locality before write TPM_INT_ENABLE - can: softing: softing_startstop(): fix set but not used variable warning - can: xilinx_can: xcan_probe(): check for error irq - pcmcia: fix setting of kthread task states - net: mcs7830: handle usb read errors properly - ext4: avoid trim error on fs with small groups - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls - RDMA/hns: Validate the pkey index - powerpc/prom_init: Fix improper check of prom_getprop() - ALSA: oss: fix compile error when OSS_DEBUG is enabled - char/mwave: Adjust io port register size - scsi: ufs: Fix race conditions related to driver data - RDMA/core: Let ib_find_gid() continue search even after empty entry - dmaengine: pxa/mmp: stop referencing config->slave_id - iommu/iova: Fix race between FQ timeout and teardown - ASoC: samsung: idma: Check of ioremap return value - misc: lattice-ecp3-config: Fix task hung when firmware load failed - mips: lantiq: add support for clk_set_parent() - mips: bcm63xx: add support for clk_set_parent() - RDMA/cxgb4: Set queue pair state when being queried - Bluetooth: Fix debugfs entry leak in hci_register_dev() - fs: dlm: filter user dlm messages for kernel locks - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR - usb: gadget: f_fs: Use stream_open() for endpoint files - HID: apple: Do not reset quirks when the Fn key is not found - media: b2c2: Add missing check in flexcop_pci_isr: - mlxsw: pci: Add shutdown method in PCI driver - drm/bridge: megachips: Ensure both bridges are probed before registration - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use - HSI: core: Fix return freed object in hsi_new_client - mwifiex: Fix skb_over_panic in mwifiex_usb_recv() - usb: uhci: add aspeed ast2600 uhci support - floppy: Add max size check for user space request - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() - media: m920x: don't use stack on USB reads - iwlwifi: mvm: synchronize with FW after multicast commands - ath10k: Fix tx hanging - net: bonding: debug: avoid printing debug logs when bond is not notifying peers - bpf: Do not WARN in bpf_warn_invalid_xdp_action() - media: igorplugusb: receiver overflow should be reported - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO - arm64: tegra: Adjust length of CCPLEX cluster MMIO region - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream - iwlwifi: fix leaks/bad data after failed firmware load - iwlwifi: remove module loading failure message - um: registers: Rename function names to avoid conflicts and build problems - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions - ACPICA: Utilities: Avoid deleting the same object twice in a row - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 - btrfs: remove BUG_ON() in find_parent_nodes() - btrfs: remove BUG_ON(!eie) in find_parent_nodes - net: mdio: Demote probed message to debug print - mac80211: allow non-standard VHT MCS-10/11 - dm btree: add a defensive bounds check to insert_at() - dm space map common: add bounds check to sm_ll_lookup_bitmap() - net: phy: marvell: configure RGMII delays for 88E1118 - serial: pl010: Drop CR register reset on set_termios - serial: core: Keep mctrl register state and cached copy in sync - parisc: Avoid calling faulthandler_disabled() twice - powerpc/6xx: add missing of_node_put - powerpc/powernv: add missing of_node_put - powerpc/cell: add missing of_node_put - powerpc/btext: add missing of_node_put - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race - i2c: i801: Don't silently correct invalid transfer size - powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING - i2c: mpc: Correct I2C reset procedure - w1: Misuse of get_user()/put_user() reported by sparse - ALSA: seq: Set upper limit of processed events - MIPS: OCTEON: add put_device() after of_find_device_by_node() - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters - MIPS: Octeon: Fix build errors using clang - scsi: sr: Don't use GFP_DMA - ASoC: mediatek: mt8173: fix device_node leak - power: bq25890: Enable continuous conversion for ADC at charging - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers - serial: Fix incorrect rs485 polarity on uart open - cputime, cpuacct: Include guest time in user time in cpuacct.stat - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds - ext4: make sure quota gets properly shutdown on error - ext4: set csum seed in tmp inode while migrating to extents - ext4: Fix BUG_ON in ext4_bread when write quota data - ext4: don't use the orphan list when migrating an inode - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() - drm/radeon: fix error handling in radeon_driver_open_kms - firmware: Update Kconfig help text for Google firmware - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization - RDMA/hns: Modify the mapping attribute of doorbell to device - RDMA/rxe: Fix a typo in opcode name - powerpc/cell: Fix clang -Wimplicit-fallthrough warning - powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module - parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress - net: axienet: Wait for PhyRstCmplt after core reset - net: axienet: fix number of TX ring slots for available check - netns: add schedule point in ops_exit_list() - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() - dmaengine: at_xdmac: Don't start transactions at tx_submit level - dmaengine: at_xdmac: Print debug message after realeasing the lock - dmaengine: at_xdmac: Fix lld view setting - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition - net_sched: restore "mpu xxx" handling - bcmgenet: add WOL IRQ check - scripts/dtc: dtx_diff: remove broken example from help text - lib82596: Fix IRQ check in sni_82596_probe - mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue - gianfar: simplify FCS handling and fix memory leak - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries - firmware: qemu_fw_cfg: fix kobject leak in probe error path - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows - wcn36xx: Release DMA channel descriptor allocations - tty: serial: uartlite: allow 64 bit address - xfrm: fix a small bug in xfrm_sa_len() - mmc: meson-mx-sdio: add IRQ check - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() - staging: greybus: audio: Check null pointer - Bluetooth: hci_bcm: Check for error irq - ASoC: rt5663: Handle device_property_read_u32_array error codes - rpmsg: Only invoke announce_create for rpdev with endpoints - rpmsg: core: Clean up resources on announce_create failure. - dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK - rtc: pxa: fix null pointer dereference * CVE-2022-0435 - tipc: improve size validations for received domain records * CVE-2022-0492 - cgroup-v1: Require capabilities to set release_agent * CVE-2021-3506 - f2fs: fix to avoid out-of-bounds memory access * Bionic update: upstream stable patchset 2022-02-01 (LP: #1959709) - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() - tracing: Tag trace_percpu_buffer as a percpu pointer - virtio_pci: Support surprise removal of virtio pci device - ieee802154: atusb: fix uninit value in atusb_set_extended_addr - RDMA/core: Don't infoleak GRH fields - mac80211: initialize variable have_higher_than_11mbit - i40e: fix use-after-free in i40e_sync_filters_subtask() - i40e: Fix incorrect netdev's real number of RX/TX queues - ipv6: Check attribute length for RTA_GATEWAY in multipath route - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc - power: reset: ltc2952: Fix use of floating point literals - rndis_host: support Hytera digital radios - phonet: refcount leak in pep_sock_accep - ipv6: Continue processing multipath route even if gateway attribute is invalid - ipv6: Do cleanup if attribute validation fails in multipath route - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate - net: udp: fix alignment problem in udp4_seq_show() - mISDN: change function names to avoid conflicts - usb: mtu3: fix interval value for intr and isoc * Bionic update: upstream stable patchset 2022-01-27 (LP: #1959335) - tee: handle lookup of shm with reference count 0 - platform/x86: apple-gmux: use resource_size() with res - selinux: initialize proto variable in selinux_ip_postroute_compat() - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() - net: usb: pegasus: Do not drop long Ethernet frames - NFC: st21nfca: Fix memory leak in device probe and remove - fsl/fman: Fix missing put_device() call in fman_port_probe - nfc: uapi: use kernel size_t to fix user-space builds - uapi: fix linux/nfc.h userspace compilation errors - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. - binder: fix async_free_space accounting for empty parcels - scsi: vmw_pvscsi: Set residual data length conditionally - Input: appletouch - initialize work before device registration - Input: spaceball - fix parsing of movement data packets - net: fix use-after-free in tw_timer_handler - sctp: use call_rcu to free endpoint - Input: i8042 - add deferred probe support - Input: i8042 - enable deferred probe quirk for ASUS UM325UA - i2c: validate user data in compat ioctl - usb: mtu3: set interval of FS intr and isoc endpoint * Bionic update: upstream stable patchset 2022-01-27 (LP: #1959335) // HID_ASUS should depend on USB_HID in stable v4.15 backports (LP: #1959762) - HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option * Packaging resync (LP: #1786013) - [Packaging] resync getabis -- Kleber Sacilotto de Souza