This bug was fixed in the package linux - 4.4.0-128.154 --------------- linux (4.4.0-128.154) xenial; urgency=medium * linux: 4.4.0-128.154 -proposed tracker (LP: #1772960) * CVE-2018-3639 (x86) - x86/cpu: Make alternative_msr_write work for 32-bit code - x86/bugs: Fix the parameters alignment and missing void - KVM: SVM: Move spec control call after restore of GS - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS - x86/cpufeatures: Disentangle SSBD enumeration - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/speculation: Handle HT correctly on AMD - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL - x86/speculation: Add virtualized speculative store bypass disable support - x86/speculation: Rework speculative_store_bypass_update() - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} - x86/bugs: Expose x86_spec_ctrl_base directly - x86/bugs: Remove x86_spec_ctrl_set() - x86/bugs: Rework spec_ctrl base and mask logic - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD - x86/bugs: Rename SSBD_NO to SSB_NO - KVM: VMX: Expose SSBD properly to guests. * [i915_bpo] Fix flickering issue after panel change (LP: #1770565) - drm/i915: Fix iboost setting for DDI with 4 lanes on SKL - drm/i915: Name the "iboost bit" - drm/i915: Program iboost settings for HDMI/DVI on SKL - drm/i915: Move bxt_ddi_vswing_sequence() call into intel_ddi_pre_enable() for HDMI - drm/i915: Explicitly use ddi buf trans entry 9 for hdmi - drm/i915: Split DP/eDP/FDI and HDMI/DVI DDI buffer programming apart - drm/i915: Get the iboost setting based on the port type - drm/i915: Simplify intel_ddi_get_encoder_port() - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2 - drm/i915: KBL - Recommended buffer translation programming for DisplayPort - drm/i915: Ignore OpRegion panel type except on select machines * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696) - init: fix false positives in W+X checking * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674) - SAUCE: (no-up) s390: fix rwlock implementation * linux < 4.11: unable to use netfilter logging from non-init namespaces (LP: #1766573) - netfilter: allow logging from non-init namespaces * [LTC Test] Ubuntu 18.04: tm_sigreturn failed on P8 compat mode 16.04.04 guest (LP: #1771439) - powerpc: signals: Discard transaction state from signal frames * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345) - ath10k: update the IRAM bank number for QCA9377 * i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel 4.4.0-116-generic (LP: #1752536) - ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC * Xenial update to 4.4.131 stable release (LP: #1768825) - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS - ext4: set h_journal if there is a failure starting a reserved handle - ext4: add validity checks for bitmap block numbers - ext4: fix bitmap position validation - usbip: usbip_host: fix to hold parent lock for device_attach() calls - usbip: vhci_hcd: Fix usb device and sockfd leaks - USB: serial: simple: add libtransistor console - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster - USB: serial: cp210x: add ID for NI USB serial console - usb: core: Add quirk for HP v222w 16GB Mini - USB: Increment wakeup count on remote wakeup. - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio - virtio: add ability to iterate over vqs - virtio_console: free buffers after reset - drm/virtio: fix vq wait_event condition - tty: Don't call panic() at tty_ldisc_init() - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set - tty: Use __GFP_NOFAIL for tty_ldisc_get() - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device - ALSA: hda/realtek - Add some fixes for ALC233 - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. - kobject: don't use WARN for registration failures - scsi: sd: Defer spinning up drive while SANITIZE is in progress - ARM: amba: Make driver_override output consistent with other buses - ARM: amba: Fix race condition with driver_override - ARM: amba: Don't read past the end of sysfs "driver_override" buffer - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio - libceph: validate con->state at the top of try_write() - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds - x86/smpboot: Don't use mwait_play_dead() on AMD systems - serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init - serial: mctrl_gpio: Add missing module license - Linux 4.4.131 * Xenial update to 4.4.130 stable release (LP: #1768474) // CVE-2017-5715 // CVE-2017-5753 - SAUCE: s390: print messages for gmb and nobp * Xenial update to 4.4.130 stable release (LP: #1768474) - cifs: do not allow creating sockets except with SMB1 posix exensions - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() - perf: Return proper values for user stack errors - staging: ion : Donnot wakeup kswapd in ion system alloc - r8152: add Linksys USB3GIGV1 id - Input: drv260x - fix initializing overdrive voltage - ath9k_hw: check if the chip failed to wake up - jbd2: fix use after free in kjournald2() - Revert "ath10k: send (re)assoc peer command when NSS changed" - Revert "UBUNTU: SAUCE: s390: print messages for gmb and nobp" - Revert "UBUNTU: SAUCE: s390: improve cpu alternative handling for gmb and nobp" - Revert "s390: add ppa to kernel entry / exit" - Revert "s390: introduce CPU alternatives" - s390: introduce CPU alternatives - s390: enable CPU alternatives unconditionally - s390/alternative: use a copy of the facility bit mask - s390: add options to change branch prediction behaviour for the kernel - s390: scrub registers on kernel entry and KVM exit - s390: add optimized array_index_mask_nospec - s390: run user space and KVM guests with modified branch prediction - s390: introduce execute-trampolines for branches - s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) - s390: do not bypass BPENTER for interrupt system calls - s390/entry.S: fix spurious zeroing of r0 - s390: move nobp parameter functions to nospec-branch.c - s390: add automatic detection of the spectre defense - [Config] Add CONFIG_EXPOLINE=y and CONFIG_EXPOLINE_AUTO=y - s390: report spectre mitigation via syslog - s390: add sysfs attributes for spectre - s390: correct nospec auto detection init order - s390: correct module section names for expoline code revert - bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave - KEYS: DNS: limit the length of option strings - l2tp: check sockaddr length in pppol2tp_connect() - net: validate attribute sizes in neigh_dump_table() - llc: delete timers synchronously in llc_sk_free() - tcp: don't read out-of-bounds opsize - team: avoid adding twice the same option to the event list - team: fix netconsole setup over team - packet: fix bitfield update race - pppoe: check sockaddr length in pppoe_connect() - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi - sctp: do not check port in sctp_inet6_cmp_addr - llc: hold llc_sap before release_sock() - llc: fix NULL pointer deref for SOCK_ZAPPED - tipc: add policy for TIPC_NLA_NET_ADDR - net: fix deadlock while clearing neighbor proxy table - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets - net: af_packet: fix race in PACKET_{R|T}X_RING - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy - scsi: mptsas: Disable WRITE SAME - cdrom: information leak in cdrom_ioctl_media_changed() - s390/cio: update chpid descriptor after resource accessibility event - s390/uprobes: implement arch_uretprobe_is_alive() - Linux 4.4.130 - SAUCE: s390: Add 'nogmb' kernel parameter * Xenial update to 4.4.129 stable release (LP: #1768429) - media: v4l2-compat-ioctl32: don't oops on overlay - parisc: Fix out of array access in match_pci_device() - perf intel-pt: Fix overlap detection to identify consecutive buffers correctly - perf intel-pt: Fix sync_switch - perf intel-pt: Fix error recovery from missing TIP packet - perf intel-pt: Fix timestamp following overflow - radeon: hide pointless #warning when compile testing - block/loop: fix deadlock after loop_set_status - s390/qdio: don't retry EQBS after CCQ 96 - s390/qdio: don't merge ERROR output buffers - s390/ipl: ensure loadparm valid flag is set - getname_kernel() needs to make sure that ->name != ->iname in long case - rtl8187: Fix NULL pointer dereference in priv->conf_mutex - hwmon: (ina2xx) Fix access to uninitialized mutex - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN - slip: Check if rstate is initialized before uncompressing - lan78xx: Correctly indicate invalid OTP - x86/hweight: Get rid of the special calling convention - [Config] Remove ARCH_HWEIGHT_CFLAGS - x86/hweight: Don't clobber %rdi - tty: make n_tty_read() always abort if hangup is in progress - ubifs: Check ubifs_wbuf_sync() return code - ubi: fastmap: Don't flush fastmap work on detach - ubi: Fix error for write access - ubi: Reject MLC NAND - fs/reiserfs/journal.c: add missing resierfs_warning() arg - resource: fix integer overflow at reallocation - ipc/shm: fix use-after-free of shm file via remap_file_pages() - mm, slab: reschedule cache_reap() on the same CPU - usb: musb: gadget: misplaced out of bounds check - ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property - ARM: dts: at91: sama5d4: fix pinctrl compatible string - xen-netfront: Fix hang on device removal - regmap: Fix reversed bounds check in regmap_raw_write() - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw - usb: dwc3: pci: Properly cleanup resource - HID: i2c-hid: fix size check and type usage - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops - HID: Fix hid_report_len usage - HID: core: Fix size as type u32 - ASoC: ssm2602: Replace reg_default_raw with reg_default - thunderbolt: Resume control channel after hibernation image is created - random: use a tighter cap in credit_entropy_bits_safe() - jbd2: if the journal is aborted then don't allow update of the log tail - ext4: don't update checksum of new initialized bitmaps - ext4: fail ext4_iget for root directory if unallocated - RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device - ALSA: pcm: Fix UAF at PCM release via PCM timer access - IB/srp: Fix srp_abort() - IB/srp: Fix completion vector assignment algorithm - dmaengine: at_xdmac: fix rare residue corruption - um: Use POSIX ucontext_t instead of struct ucontext - iommu/vt-d: Fix a potential memory leak - mmc: jz4740: Fix race condition in IRQ mask update - clk: mvebu: armada-38x: add support for 1866MHz variants - clk: mvebu: armada-38x: add support for missing clocks - clk: bcm2835: De-assert/assert PLL reset signal when appropriate - thermal: imx: Fix race condition in imx_thermal_probe() - watchdog: f71808e_wdt: Fix WD_EN register read - ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc - ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation - ALSA: pcm: Avoid potential races between OSS ioctls and read/write - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation - vfio-pci: Virtualize PCIe & AF FLR - vfio/pci: Virtualize Maximum Payload Size - vfio/pci: Virtualize Maximum Read Request Size - ext4: don't allow r/w mounts if metadata blocks overlap the superblock - drm/radeon: Fix PCIe lane width calculation - ext4: fix crashes in dioread_nolock mode - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() - ALSA: line6: Use correct endpoint type for midi output - ALSA: rawmidi: Fix missing input substream checks in compat ioctls - ALSA: hda - New VIA controller suppor no-snoop path - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device - MIPS: uaccess: Add micromips clobbers to bzero invocation - MIPS: memset.S: EVA & fault support for small_memset - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup - MIPS: memset.S: Fix clobber of v1 in last_fixup - powerpc/eeh: Fix enabling bridge MMIO windows - powerpc/lib: Fix off-by-one in alternate feature patching - jffs2_kill_sb(): deal with failed allocations - hypfs_kill_super(): deal with failed allocations - rpc_pipefs: fix double-dput() - Don't leak MNT_INTERNAL away from internal mounts - autofs: mount point create should honour passed in mode - mm: allow GFP_{FS,IO} for page_cache_read page cache allocation - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() - ext4: bugfix for mmaped pages in mpage_release_unused_pages() - fanotify: fix logic of events on child - writeback: safer lock nesting - Linux 4.4.129 * CVE-2018-8087 - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() * Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in DELL XPS 13 9370 with firmware 1.50 (LP: #1763748) - SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device * [Xenial] Kernels OOPS when mwifiex is in AP mode (LP: #1769671) - Revert "UBUNTU: SAUCE: mwifiex: do not dereference invalid pointer" - Revert "UBUNTU: SAUCE: net/wireless: do not dereference invalid pointer" - mwifiex: cfg80211: do not change virtual interface during scan processing * user space process hung in 'D' state waiting for disk io to complete (LP: #1750038) - NFS: Use GFP_NOIO for two allocations in writeback * Acer Swift sf314-52 power button not managed (LP: #1766054) - SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode -- Stefan Bader