This bug was fixed in the package linux - 4.4.0-197.229 --------------- linux (4.4.0-197.229) xenial; urgency=medium * xenial/linux: 4.4.0-197.229 -proposed tracker (LP: #1905489) * sha1_ce and sha2_ce modules no longer load on arm64 (LP: #1905336) - SAUCE: Revert "crypto: arm64/sha - avoid non-standard inline asm tricks" * Fails to build on powerpc (LP: #1905475) - powerpc/uaccess-flush: fix corenet64_smp_defconfig build - SAUCE: powerpc/uaccess: only include kup-radix.h on PPC_BOOK3S_64 linux (4.4.0-196.228) xenial; urgency=medium * xenial/linux: 4.4.0-196.228 -proposed tracker (LP: #1905309) * CVE-2020-4788 - SAUCE: powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL - SAUCE: powerpc/64s: move some exception handlers out of line - powerpc/64s: flush L1D on kernel entry - SAUCE: powerpc: Add a framework for user access tracking - powerpc: Implement user_access_begin and friends - powerpc: Fix __clear_user() with KUAP enabled - powerpc/uaccess: Evaluate macro arguments once, before user access is allowed - powerpc/64s: flush L1D after user accesses linux (4.4.0-195.227) xenial; urgency=medium * xenial/linux: 4.4.0-195.227 -proposed tracker (LP: #1903107) * Update kernel packaging to support forward porting kernels (LP: #1902957) - [Debian] Update for leader included in BACKPORT_SUFFIX * Avoid double newline when running insertchanges (LP: #1903293) - [Packaging] insertchanges: avoid double newline * EFI: Fails when BootCurrent entry does not exist (LP: #1899993) - efivarfs: Replace invalid slashes with exclamation marks in dentries. * CVE-2020-14351 - perf/core: Fix race in the perf_mmap_close() function * CVE-2020-25645 - geneve: add transport ports in route lookup for geneve * Xenial update: v4.4.241 upstream stable release (LP: #1902097) - ibmveth: Identify ingress large send packets. - tipc: fix the skb_unshare() in tipc_buf_append() - net/ipv4: always honour route mtu during forwarding - r8169: fix data corruption issue on RTL8402 - ALSA: bebob: potential info leak in hwdep_read() - mm/kasan: print name of mem[set,cpy,move]() caller in report - mm/kasan: add API to check memory regions - compiler.h, kasan: Avoid duplicating __read_once_size_nocheck() - compiler.h: Add read_word_at_a_time() function. - lib/strscpy: Shut up KASAN false-positives in strscpy() - x86/mm/ptdump: Fix soft lockup in page table walker - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() - tcp: fix to update snd_wl1 in bulk receiver fast path - icmp: randomize the global rate limiter - cifs: remove bogus debug code - ima: Don't ignore errors from crypto_shash_update() - EDAC/i5100: Fix error handling order in i5100_init_one() - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call - media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" - media: m5mols: Check function pointer in m5mols_sensor_power - media: omap3isp: Fix memleak in isp_probe - crypto: omap-sham - fix digcnt register handling with export/import - media: tc358743: initialize variable - media: ti-vpe: Fix a missing check and reference count leak - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 - mwifiex: Do not use GFP_KERNEL in atomic context - drm/gma500: fix error check - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() - backlight: sky81452-backlight: Fix refcount imbalance on error - VMCI: check return value of get_user_pages_fast() for errors - tty: serial: earlycon dependency - pty: do tty_flip_buffer_push without port->lock in pty_write - drivers/virt/fsl_hypervisor: Fix error handling path - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error - video: fbdev: sis: fix null ptr dereference - HID: roccat: add bounds checking in kone_sysfs_write_settings() - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() - misc: mic: scif: Fix error handling path - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl - quota: clear padding in v2r1_mem2diskdqb() - net: enic: Cure the enic api locking trainwreck - mfd: sm501: Fix leaks in probe() - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well - nl80211: fix non-split wiphy information - mwifiex: fix double free - net: korina: fix kfree of rx/tx descriptor array - IB/mlx4: Adjust delayed work when a dup is observed - powerpc/pseries: Fix missing of_node_put() in rng_init() - powerpc/icp-hv: Fix missing of_node_put() in success path - mtd: lpddr: fix excessive stack usage with clang - mtd: mtdoops: Don't write panic data twice - ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values - powerpc/tau: Use appropriate temperature sample interval - powerpc/tau: Remove duplicated set_thresholds() call - powerpc/tau: Disable TAU between measurements - perf intel-pt: Fix "context_switch event has no tid" error - kdb: Fix pager search for multi-line strings - powerpc/perf/hv-gpci: Fix starting index value - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier - lib/crc32.c: fix trivial typo in preprocessor condition - vfio/pci: Clear token on bypass registration failure - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() - Input: ep93xx_keypad - fix handling of platform_get_irq() error - Input: omap4-keypad - fix handling of platform_get_irq() error - Input: sun4i-ps2 - fix handling of platform_get_irq() error - KVM: x86: emulating RDPID failure shall return #UD rather than #GP - memory: omap-gpmc: Fix a couple off by ones - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler - powerpc/powernv/dump: Fix race while processing OPAL dump - media: firewire: fix memory leak - media: ati_remote: sanity check for both endpoints - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync - media: exynos4-is: Fix a reference count leak - media: bdisp: Fix runtime PM imbalance on error - media: media/pci: prevent memory leak in bttv_probe - media: uvcvideo: Ensure all probed info is returned to v4l2 - mmc: sdio: Check for CISTPL_VERS_1 buffer size - media: saa7134: avoid a shift overflow - ntfs: add check for mft record size in superblock - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() - scsi: mvumi: Fix error return in mvumi_io_attach() - scsi: target: core: Add CONTROL field for trace events - usb: gadget: function: printer: fix use-after-free in __lock_acquire - udf: Limit sparing table size - udf: Avoid accessing uninitialized data on failed inode read - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() - misc: rtsx: Fix memory leak in rtsx_pci_probe - reiserfs: only call unlock_new_inode() if I_NEW - xfs: make sure the rt allocator doesn't run off the end - usb: ohci: Default to per-port over-current protection - Bluetooth: Only mark socket zapped after unlocking - scsi: ibmvfc: Fix error return in ibmvfc_probe() - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy - rtl8xxxu: prevent potential memory leak - Fix use after free in get_capset_info callback. - tty: ipwireless: fix error handling - ipvs: Fix uninit-value in do_ip_vs_set_ctl() - reiserfs: Fix memory leak in reiserfs_parse_options() - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach - usb: core: Solve race condition in anchor cleanup functions - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() - net: korina: cast KSEG0 address to pointer in kfree - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). - Linux 4.4.241 * Xenial update: v4.4.240 upstream stable release (LP: #1902096) - Bluetooth: MGMT: Fix not checking if BT_HS is enabled - Bluetooth: fix kernel oops in store_pending_adv_report - Bluetooth: Consolidate encryption handling in hci_encrypt_cfm - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` - Bluetooth: Disconnect if E0 is used for Level 4 - media: usbtv: Fix refcounting mixup - USB: serial: option: add Cellient MPL200 card - USB: serial: option: Add Telit FT980-KS composition - staging: comedi: check validity of wMaxPacketSize of usb endpoints found - USB: serial: pl2303: add device-id for HP GC device - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters - reiserfs: Initialize inode keys properly - reiserfs: Fix oops during mount - spi: unbinding slave before calling spi_destroy_queue - crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA - Linux 4.4.240 * Xenial update: v4.4.239 upstream stable release (LP: #1902095) - gpio: tc35894: fix up tc35894 interrupt configuration - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config - net: dec: de2104x: Increase receive ring size for Tulip - rndis_host: increase sleep time in the query-response loop - drivers/net/wan/lapbether: Make skb->protocol consistent with the header - drivers/net/wan/hdlc: Set skb->protocol before transmitting - nfs: Fix security label length not being reset - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() - i2c: cpm: Fix i2c_ram structure - epoll: do not insert into poll queues until all sanity checks are done - epoll: replace ->visited/visited_list with generation count - epoll: EPOLL_CTL_ADD: close the race in decision to take fast path - ep_create_wakeup_source(): dentry name can change under you... - netfilter: ctnetlink: add a range check for l3/l4 protonum - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts - Revert "ravb: Fixed to be able to unload modules" - fbcon: Fix global-out-of-bounds read in fbcon_get_font() - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() - usermodehelper: reset umask to default before executing user process - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse - driver core: Fix probe_count imbalance in really_probe() - perf top: Fix stdio interface input handling with glibc 2.28+ - sctp: fix sctp_auth_init_hmacs() error path - team: set dev->needed_headroom in team_setup_by_port() - net: team: fix memory leak in __team_options_register - mtd: nand: Provide nand_cleanup() function to free NAND related resources - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate - xfrm: clone whole liftime_cur structure in xfrm_do_migrate - net: stmmac: removed enabling eee in EEE set callback - xfrm: Use correct address family in xfrm_state_find - bonding: set dev->needed_headroom in bond_setup_by_slave() - rxrpc: Fix rxkad token xdr encoding - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read() - rxrpc: Fix server keyring leak - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails - Linux 4.4.239 * CVE-2020-12352 - Bluetooth: A2MP: Fix not initializing all members * CVE-2020-0427 - pinctrl: devicetree: Avoid taking direct reference to device name string * Xenial update: v4.4.238 upstream stable release (LP: #1899506) - af_key: pfkey_dump needs parameter validation - KVM: fix memory leak in kvm_io_bus_unregister_dev() - kprobes: fix kill kprobe which has been marked as gone - ftrace: Setup correct FTRACE_FL_REGS flags for module - RDMA/ucma: ucma_context reference leak in error path - mtd: Fix comparison in map_word_andequal() - hdlc_ppp: add range checks in ppp_cp_parse_cr() - tipc: use skb_unshare() instead in tipc_buf_append() - net: add __must_check to skb_put_padto() - ip: fix tos reflection in ack and reset packets - serial: 8250: Avoid error message on reprobe - scsi: aacraid: fix illegal IO beyond last LBA - m68k: q40: Fix info-leak in rtc_ioctl - gma/gma500: fix a memory disclosure bug due to uninitialized bytes - ASoC: kirkwood: fix IRQ error handling - PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out - mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() - mfd: mfd-core: Protect against NULL call-back function pointer - tracing: Adding NULL checks for trace_array descriptor pointer - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock - xfs: fix attr leaf header freemap.size underflow - kernel/sys.c: avoid copying possible padding bytes in copy_to_user - neigh_stat_seq_next() should increase position index - rt_cpu_seq_next should increase position index - seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier - ACPI: EC: Reference count query handlers under lock - tracing: Set kernel_stack's caller size properly - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter - Bluetooth: Fix refcount use-after-free issue - mm: pagewalk: fix termination condition in walk_pte_range() - Bluetooth: prefetch channel before killing sock - skbuff: fix a data race in skb_queue_len() - audit: CONFIG_CHANGE don't log internal bookkeeping as an event - selinux: sel_avc_get_stat_idx should increase position index - scsi: lpfc: Fix RQ buffer leakage when no IOCBs available - drm/omap: fix possible object reference leak - dmaengine: tegra-apb: Prevent race conditions on channel's freeing - media: go7007: Fix URB type for interrupt handling - Bluetooth: guard against controllers sending zero'd events - drm/amdgpu: increase atombios cmd timeout - Bluetooth: L2CAP: handle l2cap config request during open state - media: tda10071: fix unsigned sign extension overflow - tpm: ibmvtpm: Wait for buffer to be set before proceeding - tracing: Use address-of operator on section symbols - serial: 8250_omap: Fix sleeping function called from invalid context during probe - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' - ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor - mm/filemap.c: clear page error before actual read - mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area - KVM: Remove CREATE_IRQCHIP/SET_PIT2 race - bdev: Reduce time holding bd_mutex in sync in blkdev_close() - drivers: char: tlclk.c: Avoid data race between init and interrupt handler - dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion - atm: fix a memory leak of vcc->user_back - phy: samsung: s5pv210-usb2: Add delay after reset - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() - tty: serial: samsung: Correct clock selection logic - ALSA: hda: Fix potential race in unsol event handler - fuse: don't check refcount after stealing page - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int - e1000: Do not perform reset in reset_task if we are already down - printk: handle blank console arguments passed in. - vfio/pci: fix memory leaks of eventfd ctx - perf kcore_copy: Fix module map when there are no modules loaded - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error - ceph: fix potential race in ceph_check_caps - mtd: parser: cmdline: Support MTD names containing one or more colons - x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline - vfio/pci: Clear error and request eventfd ctx after releasing - vfio/pci: fix racy on error and request eventfd ctx - s390/init: add missing __init annotations - batman-adv: bla: fix type misuse for backbone_gw hash indexing - atm: eni: fix the missed pci_disable_device() for eni_init_one() - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets - ALSA: asihpi: fix iounmap in error handler - MIPS: Add the missing 'CPU_1074K' into __get_cpu_type() - tty: vt, consw->con_scrolldelta cleanup - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() - lib/string.c: implement stpcpy - ata: define AC_ERR_OK - ata: make qc_prep return ata_completion_errors - ata: sata_mv, avoid trigerrable BUG_ON - Linux 4.4.238 * *-tools-common packages descriptions have typo "PGKVER" (LP: #1898903) - [Packaging] Fix typo in -tools template s/PGKVER/PKGVER/ * Xenial update: v4.4.237 upstream stable release (LP: #1897602) - ARM: dts: socfpga: fix register entry for timer3 on Arria10 - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA - drivers/net/wan/lapbether: Added needed_tailroom - firestream: Fix memleak in fs_open - drivers/net/wan/lapbether: Set network_header before transmitting - xfs: initialize the shortform attr header padding entry - drivers/net/wan/hdlc_cisco: Add hard_header_len - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled - gcov: Disable gcov build with GCC 10 - iio: adc: mcp3422: fix locking scope - iio: adc: mcp3422: fix locking on error path - iio:light:ltr501 Fix timestamp alignment issue. - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak. - iio:accel:mma8452: Fix timestamp alignment and prevent data leak. - USB: core: add helpers to retrieve endpoints - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() - btrfs: fix wrong address when faulting in pages in the search ioctl - scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem - rbd: require global CAP_SYS_ADMIN for mapping and unmapping - fbcon: remove soft scrollback code - fbcon: remove now unusued 'softback_lines' cursor() argument - vgacon: remove software scrollback support - [Config] updateconfigs for VGACON_SOFT_SCROLLBACK - KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit - video: fbdev: fix OOB read in vga_8planes_imageblit() - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules - usb: Fix out of sync data toggle if a configured device is reconfigured - gcov: add support for GCC 10.1 - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery - SUNRPC: stop printk reading past end of string - rapidio: Replace 'select' DMAENGINES 'with depends on' - i2c: algo: pca: Reapply i2c bus settings after reset - MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT - perf test: Free formats for perf pmu parse test - fbcon: Fix user font detection test at fbcon_resize(). - MIPS: SNI: Fix spurious interrupts - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook - USB: UAS: fix disconnect by unplugging a hub - usblp: fix race between disconnect() and read() - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists - serial: 8250_pci: Add Realtek 816a and 816b - ehci-hcd: Move include to keep CRC stable - powerpc/dma: Fix dma_map_ops::get_required_mask - x86/defconfig: Enable CONFIG_USB_XHCI_HCD=y - Linux 4.4.237 -- Thadeu Lima de Souza Cascardo