This bug was fixed in the package linux-azure - 4.18.0-1018.18 --------------- linux-azure (4.18.0-1018.18) cosmic; urgency=medium [ Ubuntu: 4.18.0-20.21 ] * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 - Documentation/l1tf: Fix small spelling typo - x86/cpu: Sanitize FAM6_ATOM naming - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - locking/atomics, asm-generic: Move some macros from to a new file - tools include: Adopt linux/bits.h - x86/msr-index: Cleanup bit defines - x86/speculation: Consolidate CPU whitelists - x86/speculation/mds: Add basic bug infrastructure for MDS - x86/speculation/mds: Add BUG_MSBDS_ONLY - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - x86/speculation/mds: Add mds_clear_cpu_buffers() - x86/speculation/mds: Clear CPU buffers on exit to user - x86/kvm/vmx: Add MDS protection when L1D Flush is not active - x86/speculation/mds: Conditionally clear CPU buffers on idle entry - x86/speculation/mds: Add mitigation control for MDS - x86/speculation/mds: Add sysfs reporting for MDS - x86/speculation/mds: Add mitigation mode VMWERV - Documentation: Move L1TF to separate directory - Documentation: Add MDS vulnerability documentation - x86/speculation/mds: Add mds=full,nosmt cmdline option - x86/speculation: Move arch_smt_update() call to after mitigation decisions - x86/speculation/mds: Add SMT warning message - x86/speculation/mds: Fix comment - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off - x86/speculation/mds: Add 'mitigations=' support for MDS * CVE-2017-5715 // CVE-2017-5753 - s390/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639 - powerpc/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 // CVE-2018-3646 - cpu/speculation: Add 'mitigations=' cmdline option - x86/speculation: Support 'mitigations=' cmdline option * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log linux-azure (4.18.0-1017.17) cosmic; urgency=medium * linux-azure: 4.18.0-1017.17 -proposed tracker (LP: #1826166) * [linux-azure] Include mainline commits fc96df16a1ce and ba50bf1ce9a5 in Azure kernel (LP: #1821378) - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels - Drivers: hv: vmbus: Check for ring when getting debug info * [linux-azure] Commit To Improve NVMe Performance (LP: #1819689) - blk-mq: remove the request_list usage [ Ubuntu: 4.18.0-19.20 ] * linux: 4.18.0-19.20 -proposed tracker (LP: #1826171) * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log * autopkgtests run too often, too much and don't skip enough (LP: #1823056) - [Debian] Set +x on rebuild testcase. - [Debian] Skip rebuild test, for regression-suite deps. - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels. - [Debian] make rebuild use skippable error codes when skipping. - [Debian] Only run regression-suite, if requested to. * CVE-2017-5753 - s390/keyboard: sanitize array index in do_kdsk_ioctl - drm/bufs: Fix Spectre v1 vulnerability - drivers/misc/sgi-gru: fix Spectre v1 vulnerability - ipv4: Fix potential Spectre v1 vulnerability - aio: fix spectre gadget in lookup_ioctx - ALSA: emux: Fix potential Spectre v1 vulnerabilities - ALSA: pcm: Fix potential Spectre v1 vulnerability - ip6mr: Fix potential Spectre v1 vulnerability - ALSA: rme9652: Fix potential Spectre v1 vulnerability - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities - KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq() - drm/ioctl: Fix Spectre v1 vulnerabilities - net: core: Fix Spectre v1 vulnerability - phonet: af_phonet: Fix Spectre v1 vulnerability - nfc: af_nfc: Fix Spectre v1 vulnerability - can: af_can: Fix Spectre v1 vulnerability - net: Revert recent Spectre-v1 patches. - char/mwave: fix potential Spectre v1 vulnerability - applicom: Fix potential Spectre v1 vulnerabilities - ipmi: msghandler: Fix potential Spectre v1 vulnerabilities - powerpc/ptrace: Mitigate potential Spectre v1 - cfg80211: prevent speculation on cfg80211_classify8021d() return - ALSA: rawmidi: Fix potential Spectre v1 vulnerability - ALSA: seq: oss: Fix Spectre v1 vulnerability * NULL pointer dereference when using z3fold and zswap (LP: #1814874) - z3fold: fix possible reclaim races * The Realtek card reader does not enter PCIe 1.1/1.2 (LP: #1825487) - misc: rtsx: Enable OCP for rts522a rts524a rts525a rts5260 - SAUCE: misc: rtsx: Fixed rts5260 power saving parameter and sd glitch * headset-mic doesn't work on two Dell laptops. (LP: #1825272) - ALSA: hda/realtek - add two more pin configuration sets to quirk table * CVE-2018-16884 - sunrpc: use SVC_NET() in svcauth_gss_* functions - sunrpc: use-after-free in svc_process_common() * AMD Rome : Minimal support patches (LP: #1816669) - x86: irq_remapping: Move irq remapping mode enum - iommu/amd: Add support for higher 64-bit IOMMU Control Register - iommu/amd: Add support for IOMMU XT mode * sky2 ethernet card don't work after returning from suspension (LP: #1798921) - sky2: Increase D3 delay again * CVE-2019-9500 - brcmfmac: assure SSID length from firmware is limited * CVE-2019-9503 - brcmfmac: add subtype check for event handling in data path * CVE-2019-3882 - vfio/type1: Limit DMA mappings per container * CVE-2019-3887 - KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887) - KVM: x86: nVMX: fix x2APIC VTPR read intercept * CVE-2019-3874 - sctp: use sk_wmem_queued to check for writable space - sctp: implement memory accounting on tx path - sctp: implement memory accounting on rx path * Intel I210 Ethernet card not working after hotplug [8086:1533] (LP: #1818490) - igb: Fix WARN_ONCE on runtime suspend * autofs kernel module missing (LP: #1824333) - [Config] Update autofs4 path in inclusion list * tasks doing write()/fsync() hit deadlock in write_cache_pages() (LP: #1824827) - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock * Pop noise when headset is plugged in or removed from GHS/Line-out jack (LP: #1821290) - ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 - ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO - ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB * mac80211_hwsim unable to handle kernel NULL pointer dereference at0000000000000000 (LP: #1825058) - mac80211_hwsim: Timer should be initialized before device registered * [regression][snd_hda_codec_realtek] repeating crackling noise after 19.04 upgrade (LP: #1821663) - ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist - ALSA: hda - Add two more machines to the power_save_blacklist * systemd cause kernel trace "BUG: unable to handle kernel paging request at 6db23a14" on Cosmic i386 (LP: #1813244) // systemd cause kernel trace "BUG: unable to handle kernel paging request at 6db23a14" on Cosmic i386 (LP: #1813244) - openvswitch: fix flow actions reallocation linux-azure (4.18.0-1016.16) cosmic; urgency=medium * linux-azure: 4.18.0-1016.16 -proposed tracker (LP: #1824841) * The 4.18.0-1015.15 Azure Kernel Panics Due to Missing Commit (LP: #1823805) - scsi: storvsc: Fix a race in sub-channel creation that can cause panic * linux-azure: Add the Catapult FPGA Driver (LP: #1824879) - SAUCE: linux-azure: Include Catapult FPGA PCI driver - [Config] linux-azure: CONFIG_CATAPULT_PCI=m linux-azure (4.18.0-1015.15) cosmic; urgency=medium * linux-azure: 4.18.0-1015.15 -proposed tracker (LP: #1822791) * Upstream Commits Needed for DPDK on Azure (LP: #1812123) - vmbus: keep pointer to ring buffer page - uio: introduce UIO_MEM_IOVA - hv_uio_generic: map ringbuffer phys addr - uio_hv_generic: defer opening vmbus until first use - uio_hv_generic: set callbacks on open - vmbus: pass channel to hv_process_channel_removal - vmbus: split ring buffer allocation from open - vmbus: fix subchannel removal * [Hyper-V] Enable CONFIG_HOTPLUG_CPU in linux-azure (LP: #1821934) - Revert "UBUNTU: [Config] azure: CONFIG_HOTPLUG_CPU=n" [ Ubuntu: 4.18.0-18.19 ] * linux: 4.18.0-18.19 -proposed tracker (LP: #1822796) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts - [Packaging] resync retpoline extraction * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes triggers system hang on i386 (LP: #1812845) - btrfs: raid56: properly unmap parity page in finish_parity_scrub() * [SRU][B/C/OEM]IOMMU: add kernel dma protection (LP: #1820153) - ACPI / property: Allow multiple property compatible _DSD entries - PCI / ACPI: Identify untrusted PCI devices - iommu/vt-d: Force IOMMU on for platform opt in hint - iommu/vt-d: Do not enable ATS for untrusted devices - thunderbolt: Export IOMMU based DMA protection support to userspace - iommu/vt-d: Disable ATS support on untrusted devices * Huawei Hi1822 NIC has poor performance (LP: #1820187) - net-next: hinic: fix a problem in free_tx_poll() - hinic: remove ndo_poll_controller - net-next/hinic: add checksum offload and TSO support - hinic: Fix l4_type parameter in hinic_task_set_tunnel_l4 - net-next/hinic:replace multiply and division operators - net-next/hinic:add rx checksum offload for HiNIC - net-next/hinic:fix a bug in set mac address - net-next/hinic: fix a bug in rx data flow - net: hinic: fix null pointer dereference on pointer hwdev - hinic: optmize rx refill buffer mechanism - net-next/hinic:add shutdown callback - net-next/hinic: replace disable_irq_nosync/enable_irq * [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881) - Fonts: New Terminus large console font - [Config]: enable highdpi Terminus 16x32 font support * [19.04 FEAT] qeth: Enhanced link speed - kernel part (LP: #1814892) - s390/qeth: report 25Gbit link speed * Avoid potential memory corruption on HiSilicon SoCs (LP: #1819546) - iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads * CVE-2017-5715 - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak - x86/speculation: Propagate information about RSB filling mitigation to sysfs - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support - x86/retpoline: Remove minimal retpoline support - x86/speculation: Update the TIF_SSBD comment - x86/speculation: Clean up spectre_v2_parse_cmdline() - x86/speculation: Remove unnecessary ret variable in cpu_show_common() - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() - x86/speculation: Disable STIBP when enhanced IBRS is in use - x86/speculation: Rename SSBD update functions - x86/speculation: Reorganize speculation control MSRs update - sched/smt: Make sched_smt_present track topology - x86/Kconfig: Select SCHED_SMT if SMP enabled - sched/smt: Expose sched_smt_present static key - x86/speculation: Rework SMT state change - x86/l1tf: Show actual SMT state - x86/speculation: Reorder the spec_v2 code - x86/speculation: Mark string arrays const correctly - x86/speculataion: Mark command line parser data __initdata - x86/speculation: Unify conditional spectre v2 print functions - x86/speculation: Add command line control for indirect branch speculation - x86/speculation: Prepare for per task indirect branch speculation control - x86/process: Consolidate and simplify switch_to_xtra() code - x86/speculation: Avoid __switch_to_xtra() calls - x86/speculation: Prepare for conditional IBPB in switch_mm() - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS - x86/speculation: Split out TIF update - x86/speculation: Prevent stale SPEC_CTRL msr content - x86/speculation: Prepare arch_smt_update() for PRCTL mode - x86/speculation: Add prctl() control for indirect branch speculation - x86/speculation: Enable prctl mode for spectre_v2_user - x86/speculation: Add seccomp Spectre v2 user space protection mode - x86/speculation: Provide IBPB always command line options - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb - x86/speculation: Change misspelled STIPB to STIBP - x86/speculation: Add support for STIBP always-on preferred mode - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE * [Ubuntu] vfio-ap: add subsystem to matrix device to avoid libudev failures (LP: #1818854) - s390: vfio_ap: link the vfio_ap devices to the vfio_ap bus subsystem * Kernel regularly logs: Bluetooth: hci0: last event is not cmd complete (0x0f) (LP: #1748565) - Bluetooth: Fix unnecessary error message for HCI request completion * HiSilicon HNS ethernet broken in 4.15.0-45 (LP: #1818294) - net: hns: Fix WARNING when hns modules installed * Lenovo ideapad 330-15ICH Wifi rfkill hard blocked (LP: #1811815) - platform/x86: ideapad: Add ideapad 330-15ICH to no_hw_rfkill * Qualcomm Atheros QCA9377 wireless does not work (LP: #1818204) - platform/x86: ideapad-laptop: Add Ideapad 530S-14ARR to no_hw_rfkill list * fscache: jobs might hang when fscache disk is full (LP: #1821395) - fscache: fix race between enablement and dropping of object * hns3: fix oops in hns3_clean_rx_ring() (LP: #1821064) - net: hns3: add dma_rmb() for rx description * tcm_loop.ko: move from modules-extra into main modules package (LP: #1817786) - [Packaging] move tcm_loop.lo to main linux-modules package * tcmu user space crash results in kernel module hang. (LP: #1819504) - scsi: tcmu: delete unused __wait - scsi: tcmu: track nl commands - scsi: tcmu: simplify nl interface - scsi: tcmu: add module wide block/reset_netlink support * Intel XL710 - i40e driver does not work with kernel 4.15 (Ubuntu 18.04) (LP: #1779756) - i40e: prevent overlapping tx_timeout recover * some codecs stop working after S3 (LP: #1820930) - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec * 4.15 s390x kernel BUG at /build/linux- Gycr4Z/linux-4.15.0/drivers/block/virtio_blk.c:565! (LP: #1788432) - virtio/s390: avoid race on vcdev->config - virtio/s390: fix race in ccw_io_helper() * [SRU][B/B-OEM/C/D] Fix AMD IOMMU NULL dereference (LP: #1820990) - iommu/amd: Fix NULL dereference bug in match_hid_uid * New Intel Wireless-AC 9260 [8086:2526] card not correctly probed in Ubuntu system (LP: #1821271) - iwlwifi: add new card for 9260 series * Add support for MAC address pass through on RTL8153-BD (LP: #1821276) - r8152: Add support for MAC address pass through on RTL8153-BD - r8152: Fix an error on RTL8153-BD MAC Address Passthrough support -- Stefan Bader