This bug was fixed in the package linux-oracle - 4.15.0-1027.30~16.04.1 --------------- linux-oracle (4.15.0-1027.30~16.04.1) xenial; urgency=medium * xenial/linux-oracle: 4.15.0-1027.30~16.04.1 -proposed tracker (LP: #1846117) [ Ubuntu: 4.15.0-1027.30 ] * bionic/linux-oracle: 4.15.0-1027.30 -proposed tracker (LP: #1846118) * bionic/linux: 4.15.0-66.75 -proposed tracker (LP: #1846131) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * CVE-2018-21008 - rsi: add fix for crash during assertions * ipv6: fix neighbour resolution with raw socket (LP: #1834465) - ipv6: constify rt6_nexthop() - ipv6: fix neighbour resolution with raw socket * run_netsocktests from net in ubuntu_kernel_selftests failed with X-4.15 (LP: #1842023) - SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c * No sound inputs from the external microphone and headset on a Dell machine (LP: #1842265) - ALSA: hda - Expand pin_match function to match upcoming new tbls - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family * Add -fcf-protection=none when using retpoline flags (LP: #1843291) - SAUCE: kbuild: add -fcf-protection=none when using retpoline flags * Enhanced Hardware Support - Finalize Naming (LP: #1842774) - s390: add support for IBM z15 machines * Bionic update: upstream stable patchset 2019-09-24 (LP: #1845266) - bridge/mdb: remove wrong use of NLM_F_MULTI - cdc_ether: fix rndis support for Mediatek based smartphones - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' - isdn/capi: check message length in capi_write() - net: Fix null de-reference of device refcount - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list - net: phylink: Fix flow control resolution - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR - tipc: add NULL pointer check before calling kfree_rcu - tun: fix use-after-free when register netdev failed - btrfs: compression: add helper for type to string conversion - btrfs: correctly validate compression type - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur" - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist - gpio: fix line flag validation in linehandle_create - gpio: fix line flag validation in lineevent_create - Btrfs: fix assertion failure during fsync and use of stale transaction - genirq: Prevent NULL pointer dereference in resend_irqs() - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl - KVM: x86: work around leak of uninitialized stack contents - KVM: nVMX: handle page fault in vmread - MIPS: VDSO: Prevent use of smp_processor_id() - MIPS: VDSO: Use same -m%-float cflag as the kernel proper - powerpc: Add barrier_nospec to raw_copy_in_user() - drm/meson: Add support for XBGR8888 & ABGR8888 formats - clk: rockchip: Don't yell about bad mmc phases when getting - mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue - PCI: Always allow probing with driver_override - ubifs: Correctly use tnc_next() in search_dh_cookie() - driver core: Fix use-after-free and double free on glue directory - crypto: talitos - check AES key size - crypto: talitos - fix CTR alg blocksize - crypto: talitos - check data blocksize in ablkcipher. - crypto: talitos - fix ECB algs ivsize - crypto: talitos - Do not modify req->cryptlen on decryption. - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking. - firmware: ti_sci: Always request response from firmware - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature" - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table - nvmem: Use the same permissions for eeprom as for nvmem - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us - x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large to fix kexec relocation errors - modules: fix BUG when load module with rodata=n - modules: fix compile error if don't have strict module rwx - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID - powerpc/mm/radix: Use the right page size for vmemmap mapping - USB: usbcore: Fix slab-out-of-bounds bug during device reset - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current - media: tm6000: double free if usb disconnect while streaming - xen-netfront: do not assume sk_buff_head list is empty in error handling - net_sched: let qdisc_put() accept NULL pointer - KVM: coalesced_mmio: add bounds checking - firmware: google: check if size is valid when decoding VPD data - serial: sprd: correct the wrong sequence of arguments - tty/serial: atmel: reschedule TX after RX was started - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds - ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss - s390/bpf: fix lcgr instruction encoding - ARM: OMAP2+: Fix omap4 errata warning on other SoCs - ARM: dts: dra74x: Fix iodelay configuration for mmc3 - s390/bpf: use 32-bit index for tail calls - fpga: altera-ps-spi: Fix getting of optional confd gpio - netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info - NFSv4: Fix return values for nfs4_file_open() - NFSv4: Fix return value in nfs_finish_open() - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105 - qed: Add cleanup in qed_slowpath_start() - ARM: 8874/1: mm: only adjust sections of valid mm structures - batman-adv: Only read OGM2 tvlv_len after buffer len check - r8152: Set memory to all 0xFFs on failed reg reads - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines - netfilter: nf_conntrack_ftp: Fix debug output - NFSv2: Fix eof handling - NFSv2: Fix write regression - kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the first symbol - cifs: set domainName when a domain-key is used in multiuser - cifs: Use kzfree() to zero out the password - ARM: 8901/1: add a criteria for pfn_valid of arm - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) - i2c: designware: Synchronize IRQs when unregistering slave client - perf/x86/intel: Restrict period on Nehalem - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops - amd-xgbe: Fix error path in xgbe_mod_init() - tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at -O2 - tools/power x86_energy_perf_policy: Fix argument parsing - tools/power turbostat: fix buffer overrun - net: seeq: Fix the function used to release some memory in an error handling path - dmaengine: ti: dma-crossbar: Fix a memory leak bug - dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe() - x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation - x86/hyper-v: Fix overflow bug in fill_gva_list() - keys: Fix missing null pointer check in request_key_auth_describe() - iommu/amd: Flush old domains in kdump kernel - iommu/amd: Fix race in increase_address_space() - PCI: kirin: Fix section mismatch warning - floppy: fix usercopy direction - binfmt_elf: move brk out of mmap when doing direct loader exec - tcp: Reset send_head when removing skb from write-queue - tcp: Don't dequeue SYN/FIN-segments from write-queue - media: technisat-usb2: break out of loop at end of buffer - tools: bpftool: close prog FD before exit on showing a single program - netfilter: xt_physdev: Fix spurious error message in physdev_mt_check - ibmvnic: Do not process reset during or after device removal - net: aquantia: fix out of memory condition on rx side * Bionic update: upstream stable patchset 2019-09-18 (LP: #1844558) - ALSA: hda - Fix potential endless loop at applying quirks - ALSA: hda/realtek - Fix overridden device-specific initialization - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre - sched/fair: Don't assign runtime for throttled cfs_rq - drm/vmwgfx: Fix double free in vmw_recv_msg() - xfrm: clean up xfrm protocol checks - PCI: designware-ep: Fix find_first_zero_bit() usage - PCI: dra7xx: Fix legacy INTD IRQ handling - vhost/test: fix build for vhost test - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() - batman-adv: Only read OGM tvlv_len after buffer len check - hv_sock: Fix hang when a connection is closed - powerpc/64: mark start_here_multiplatform as __ref - arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64 - scripts/decode_stacktrace: match basepath using shell prefix operator, not regex - clk: s2mps11: Add used attribute to s2mps11_dt_match - kernel/module: Fix mem leak in module_add_modinfo_attrs - ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL - {nl,mac}80211: fix interface combinations on crypto controlled devices - x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace() - media: stm32-dcmi: fix irq = 0 case - modules: always page-align module section allocations - scsi: qla2xxx: Move log messages before issuing command to firmware - keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h - Drivers: hv: kvp: Fix two "this statement may fall through" warnings - remoteproc: qcom: q6v5-mss: add SCM probe dependency - KVM: x86: hyperv: enforce vp_index < KVM_MAX_VCPUS - KVM: x86: hyperv: consistently use 'hv_vcpu' for 'struct kvm_vcpu_hv' variables - drm/i915: Fix intel_dp_mst_best_encoder() - drm/i915: Rename PLANE_CTL_DECOMPRESSION_ENABLE - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers - drm/atomic_helper: Disallow new modesets on unregistered connectors - Drivers: hv: kvp: Fix the indentation of some "break" statements - Drivers: hv: kvp: Fix the recent regression caused by incorrect clean-up - drm/amd/dm: Understand why attaching path/tile properties are needed - ARM: davinci: da8xx: define gpio interrupts as separate resources - ARM: davinci: dm365: define gpio interrupts as separate resources - ARM: davinci: dm646x: define gpio interrupts as separate resources - ARM: davinci: dm355: define gpio interrupts as separate resources - ARM: davinci: dm644x: define gpio interrupts as separate resources - media: vim2m: use workqueue - media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work - drm/i915: Restore sane defaults for KMS on GEM error load - KVM: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch - Btrfs: clean up scrub is_dev_replace parameter - Btrfs: fix deadlock with memory reclaim during scrub - btrfs: Remove extent_io_ops::fill_delalloc - btrfs: Fix error handling in btrfs_cleanup_ordered_extents - scsi: megaraid_sas: Fix combined reply queue mode detection - scsi: megaraid_sas: Add check for reset adapter bit - media: vim2m: only cancel work if it is for right context - ARC: show_regs: lockdep: re-enable preemption - ARC: mm: do_page_fault fixes #1: relinquish mmap_sem if signal arrives while handle_mm_fault - IB/uverbs: Fix OOPs upon device disassociation - drm/vblank: Allow dynamic per-crtc max_vblank_count - drm/i915/ilk: Fix warning when reading emon_status with no output - mfd: Kconfig: Fix I2C_DESIGNWARE_PLATFORM dependencies - tpm: Fix some name collisions with drivers/char/tpm.h - bcache: replace hard coded number with BUCKET_GC_GEN_MAX - bcache: treat stale && dirty keys as bad keys - KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run - iio: adc: exynos-adc: Add S5PV210 variant - iio: adc: exynos-adc: Use proper number of channels for Exynos4x12 - drm/nouveau: Don't WARN_ON VCPI allocation failures - x86/kvmclock: set offset for kvm unstable clock - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR - mmc: renesas_sdhi: Fix card initialization failure in high speed mode - btrfs: scrub: pass fs_info to scrub_setup_ctx - btrfs: init csum_list before possible free - PCI: qcom: Don't deassert reset GPIO during probe - drm: add __user attribute to ptr_to_compat() - CIFS: Fix error paths in writeback code - CIFS: Fix leaking locked VFS cache pages in writeback retry - drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set - drm/i915: Sanity check mmap length against object size - IB/mlx5: Reset access mask when looping inside page fault handler - kvm: mmu: Fix overflow on kvm mmu page limit calculation - x86/kvm: move kvm_load/put_guest_xcr0 into atomic context - KVM: x86: Always use 32-bit SMRAM save state for 32-bit kernels - cifs: Fix lease buffer length error - ext4: protect journal inode's blocks using block_validity - dm mpath: fix missing call of path selector type->end_io - blk-mq: free hw queue's resource in hctx's release handler - mmc: sdhci-pci: Add support for Intel ICP - mmc: sdhci-pci: Add support for Intel CML - dm crypt: move detailed message into debug level - kvm: Check irqchip mode before assign irqfd - drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2) - drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc - Btrfs: fix race between block group removal and block group allocation - cifs: add spinlock for the openFileList to cifsInodeInfo - IB/hfi1: Avoid hardlockup with flushlist_lock - apparmor: reset pos on failure to unpack for various functions - staging: wilc1000: fix error path cleanup in wilc_wlan_initialize() - scsi: zfcp: fix request object use-after-free in send path causing wrong traces - cifs: Properly handle auto disabling of serverino option - ceph: use ceph_evict_inode to cleanup inode's resource - KVM: x86: optimize check for valid PAT value - KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value - KVM: VMX: Fix handling of #MC that occurs during VM-Entry - KVM: VMX: check CPUID before allowing read/write of IA32_XSS - resource: Include resource end in walk_*() interfaces - resource: Fix find_next_iomem_res() iteration issue - resource: fix locking in find_next_iomem_res() - pstore: Fix double-free in pstore_mkfile() failure path - dm thin metadata: check if in fail_io mode when setting needs_check - drm/panel: Add support for Armadeus ST0700 Adapt - ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips - iommu/iova: Remove stale cached32_node - gpio: don't WARN() on NULL descs if gpiolib is disabled - i2c: at91: disable TXRDY interrupt after sending data - i2c: at91: fix clk_offset for sama5d2 - mm/migrate.c: initialize pud_entry in migrate_vma() - iio: adc: gyroadc: fix uninitialized return code - NFSv4: Fix delegation state recovery - bcache: only clear BTREE_NODE_dirty bit when it is set - bcache: add comments for mutex_lock(&b->write_lock) - virtio/s390: fix race on airq_areas[] - ext4: don't perform block validity checks on the journal inode - ext4: fix block validity checks for journal inodes using indirect blocks - ext4: unsigned int compared against zero - powerpc/tm: Remove msr_tm_active() * Bionic update: upstream stable patchset 2019-09-10 (LP: #1843463) - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context - hv_netvsc: Fix a warning of suspicious RCU usage - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx - Bluetooth: btqca: Add a short delay before downloading the NVM - ibmveth: Convert multicast list size for little-endian system - gpio: Fix build error of function redefinition - drm/mediatek: use correct device to import PRIME buffers - drm/mediatek: set DMA max segment size - cxgb4: fix a memory leak bug - liquidio: add cleanup in octeon_setup_iq() - net: myri10ge: fix memory leaks - lan78xx: Fix memory leaks - vfs: fix page locking deadlocks when deduping files - cx82310_eth: fix a memory leak bug - net: kalmia: fix memory leaks - wimax/i2400m: fix a memory leak bug - ravb: Fix use-after-free ravb_tstamp_skb - kprobes: Fix potential deadlock in kprobe_optimizer() - HID: cp2112: prevent sleeping function called from invalid context - Input: hyperv-keyboard: Use in-place iterator API in the channel callback - Tools: hv: kvp: eliminate 'may be used uninitialized' warning - IB/mlx4: Fix memory leaks - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() - ceph: fix buffer free while holding i_ceph_lock in fill_inode() - KVM: arm/arm64: Only skip MMIO insn once - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer - spi: bcm2835aux: unifying code between polling and interrupt driven code - spi: bcm2835aux: remove dangerous uncontrolled read of fifo - spi: bcm2835aux: fix corruptions for longer spi transfers - net: fix skb use after free in netpoll - net_sched: fix a NULL pointer deref in ipt action - net: stmmac: dwmac-rk: Don't fail if phy regulator is absent - tcp: inherit timestamp on mtu probe - tcp: remove empty skb from write queue in error cases - net: sched: act_sample: fix psample group handling on overwrite - mld: fix memory leak in mld_del_delrec() - x86/boot: Preserve boot_params.secure_boot from sanitizing - tools: bpftool: fix error message (prog -> object) - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure - afs: Fix leak in afs_lookup_cell_rcu() * Bionic update: upstream stable patchset 2019-09-09 (LP: #1843338) - dmaengine: ste_dma40: fix unneeded variable warning - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach - iommu/dma: Handle SG length overflow better - usb: gadget: composite: Clear "suspended" on reset/disconnect - usb: gadget: mass_storage: Fix races between fsg_disable and fsg_set_alt - xen/blkback: fix memory leaks - i2c: rcar: avoid race when unregistering slave client - i2c: emev2: avoid race when unregistering slave client - drm/ast: Fixed reboot test may cause system hanged - usb: host: fotg2: restart hcd after port reset - tools: hv: fix KVP and VSS daemons exit code - watchdog: bcm2835_wdt: Fix module autoload - drm/bridge: tfp410: fix memleak in get_modes() - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value - drm/tilcdc: Register cpufreq notifier after we have initialized crtc - ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term - ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit - net/smc: make sure EPOLLOUT is raised - tcp: make sure EPOLLOUT wont be missed - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n - ALSA: line6: Fix memory leak at line6_init_pcm() error path - ALSA: seq: Fix potential concurrent access to the deleted pool - kvm: x86: skip populating logical dest map if apic is not sw enabled - KVM: x86: Don't update RIP or do single-step on faulting emulation - x86/apic: Do not initialize LDR and DFR for bigsmp - ftrace: Fix NULL pointer dereference in t_probe_next() - ftrace: Check for successful allocation of hash - ftrace: Check for empty hash and comment the race with registering probes - usb-storage: Add new JMS567 revision to unusual_devs - USB: cdc-wdm: fix race between write and disconnect due to flag abuse - usb: chipidea: udc: don't do hardware access if gadget has stopped - usb: host: ohci: fix a race condition between shutdown and irq - usb: host: xhci: rcar: Fix typo in compatible string matching - USB: storage: ums-realtek: Update module parameter description for auto_delink_en - uprobes/x86: Fix detection of 32-bit user mode - mmc: sdhci-of-at91: add quirk for broken HS200 - mmc: core: Fix init of SD cards reporting an invalid VDD range - stm class: Fix a double free of stm_source_device - intel_th: pci: Add support for another Lewisburg PCH - intel_th: pci: Add Tiger Lake support - drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest - VMCI: Release resource if the work is already queued - crypto: ccp - Ignore unconfigured CCP device on suspend/resume - Revert "cfg80211: fix processing world regdomain when non modular" - mac80211: fix possible sta leak - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling - KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long - KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI - NFS: Clean up list moves of struct nfs_page - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() - NFS: Pass error information to the pgio error cleanup routine - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 - i2c: piix4: Fix port selection for AMD Family 16h Model 30h - x86/ptrace: fix up botched merge of spectrev1 fix - Revert "ASoC: Fail card instantiation if DAI format setup fails" - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns - afs: Fix the CB.ProbeUuid service handler to reply correctly - dmaengine: stm32-mdma: Fix a possible null-pointer dereference in stm32_mdma_irq_handler() - omap-dma/omap_vout_vrfb: fix off-by-one fi value - arm64: cpufeature: Don't treat granule sizes as strict - tools: hv: fixed Python pep8/flake8 warnings for lsvmbus - ipv4/icmp: fix rt dst dev null pointer dereference - ALSA: hda - Fixes inverted Conexant GPIO mic mute led - usb: hcd: use managed device resources - lib: logic_pio: Fix RCU usage - lib: logic_pio: Avoid possible overlap for unregistering regions - lib: logic_pio: Add logic_pio_unregister_range() - drm/amdgpu: Add APTX quirk for Dell Latitude 5495 - drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe() - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after- free * New ID in ums-realtek module breaks cardreader (LP: #1838886) // Bionic update: upstream stable patchset 2019-09-09 (LP: #1843338) - USB: storage: ums-realtek: Whitelist auto-delink support * TC filters are broken on Mellanox after upstream stable updates (LP: #1842502) - net/mlx5e: Remove redundant vport context vlan update - net/mlx5e: Properly order min inline mode setup while parsing TC matches - net/mlx5e: Get the required HW match level while parsing TC flow matches - net/mlx5e: Always use the match level enum when parsing TC rule match - net/mlx5e: Don't match on vlan non-existence if ethertype is wildcarded -- Khalid Elmously