Xenial update to 4.4.134 stable release

Bug #1775771 reported by Juerg Haefliger on 2018-06-08
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned

Bug Description

SRU Justification

Impact:
   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree
   or a minimally backported form of that patch. The 4.4.134 upstream
   stable stable patch set is now available. It should be included
   in the Ubuntu kernel as well.

   git://git.kernel.org/

TEST CASE: TBD

   The following patches from the 4.4.134 stable release shall be
   applied:

  * Linux 4.4.134
  * s390/ftrace: use expoline for indirect branches
  * kdb: make "mdr" command repeat
  * Bluetooth: btusb: Add device ID for RTL8822BE
  * ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
  * regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()'
  * scsi: lpfc: Fix frequency of Release WQE CQEs
  * scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
  * scsi: lpfc: Fix issue_lip if link is disabled
  * netlabel: If PF_INET6, check sk_buff ip header version
  * selftests/net: fixes psock_fanout eBPF test case
  * perf report: Fix memory corruption in --branch-history mode --branch-history
  * perf tests: Use arch__compare_symbol_names to compare symbols
  * x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified
  * drm/rockchip: Respect page offset for PRIME mmap calls
  * MIPS: Octeon: Fix logging messages with spurious periods after newlines
  * audit: return on memory error to avoid null pointer dereference
  * crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
  * clk: samsung: exynos3250: Fix PLL rates
  * clk: samsung: exynos5250: Fix PLL rates
  * clk: samsung: exynos5433: Fix PLL rates
  * clk: samsung: exynos5260: Fix PLL rates
  * clk: samsung: s3c2410: Fix PLL rates
  * media: cx25821: prevent out-of-bounds read on array card
  * udf: Provide saner default for invalid uid / gid
  * PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
  * serial: arc_uart: Fix out-of-bounds access through DT alias
  * serial: fsl_lpuart: Fix out-of-bounds access through DT alias
  * serial: imx: Fix out-of-bounds access through serial port index
  * serial: mxs-auart: Fix out-of-bounds access through serial port index
  * serial: samsung: Fix out-of-bounds access through serial port index
  * serial: xuartps: Fix out-of-bounds access through DT alias
  * rtc: tx4939: avoid unintended sign extension on a 24 bit shift
  * staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
  * hwrng: stm32 - add reset during probe
  * enic: enable rq before updating rq descriptors
  * clk: rockchip: Prevent calculating mmc phase if clock rate is zero
  * media: em28xx: USB bulk packet size fix
  * dmaengine: pl330: fix a race condition in case of threaded irqs
  * media: s3c-camif: fix out-of-bounds array access
  * media: cx23885: Set subdev host data to clk_freq pointer
  * media: cx23885: Override 888 ImpactVCBe crystal frequency
  * ALSA: vmaster: Propagate slave error
  * x86/devicetree: Fix device IRQ settings in DT
  * x86/devicetree: Initialize device tree before using it
  * usb: gadget: composite: fix incorrect handling of OS desc requests
  * usb: gadget: udc: change comparison to bitshift when dealing with a mask
  * gfs2: Fix fallocate chunk size
  * cdrom: do not call check_disk_change() inside cdrom_open()
  * hwmon: (pmbus/adm1275) Accept negative page register values
  * hwmon: (pmbus/max8688) Accept negative page register values
  * perf/core: Fix perf_output_read_group()
  * ASoC: topology: create TLV data for dapm widgets
  * powerpc: Add missing prototype for arch_irq_work_raise()
  * usb: gadget: ffs: Execute copy_to_user() with USER_DS set
  * usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
  * usb: dwc2: Fix interval type issue
  * ipmi_ssif: Fix kernel panic at msg_done_handler
  * PCI: Restore config space on runtime resume despite being unbound
  * MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
  * xhci: zero usb device slot_id member when disabling and freeing a xhci slot
  * KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
  * i2c: mv64xxx: Apply errata delay only in standard mode
  * ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
  * ACPICA: Events: add a return on failure from acpi_hw_register_read
  * bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
  * zorro: Set up z->dev.dma_mask for the DMA API
  * clk: Don't show the incorrect clock phase
  * cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
  * usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
  * arm: dts: socfpga: fix GIC PPI warning
  * virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
  * ima: Fallback to the builtin hash algorithm
  * ima: Fix Kconfig to select TPM 2.0 CRB interface
  * ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
  * net/mlx5: Protect from command bit overflow
  * selftests: Print the test we're running to /dev/kmsg
  * tools/thermal: tmon: fix for segfault
  * powerpc/perf: Fix kernel address leak via sampling registers
  * powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
  * rtc: hctosys: Ensure system time doesn't overflow time_t
  * hwmon: (nct6775) Fix writing pwmX_mode
  * parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
  * m68k: set dma and coherent masks for platform FEC ethernets
  * powerpc/mpic: Check if cpu_possible() in mpic_physmask()
  * ACPI: acpi_pad: Fix memory leak in power saving threads
  * xen/acpi: off by one in read_acpi_id()
  * btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
  * Btrfs: fix copy_items() return value when logging an inode
  * btrfs: tests/qgroup: Fix wrong tree backref level
  * Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
  * net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
  * rtc: snvs: Fix usage of snvs_rtc_enable
  * sparc64: Make atomic_xchg() an inline function rather than a macro.
  * fscache: Fix hanging wait on page discarded by writeback
  * KVM: VMX: raise internal error for exception during invalid protected mode state
  * sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
  * ocfs2/dlm: don't handle migrate lockres if already in shutdown
  * btrfs: Fix possible softlock on single core machines
  * Btrfs: fix NULL pointer dereference in log_dir_items
  * Btrfs: bail out on error during replay_dir_deletes
  * mm: fix races between address_space dereference and free in page_evicatable
  * mm/ksm: fix interaction with THP
  * dp83640: Ensure against premature access to PHY registers after reset
  * scsi: aacraid: Insure command thread is not recursively stopped
  * cpufreq: CPPC: Initialize shared perf capabilities of CPUs
  * Force log to disk before reading the AGF during a fstrim
  * sr: get/drop reference to device in revalidate and check_events
  * swap: divide-by-zero when zero length swap file on ssd
  * fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
  * x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
  * sh: fix debug trap failure to process signals before return to user
  * net: mvneta: fix enable of all initialized RXQs
  * net: Fix untag for vlan packets without ethernet header
  * mm/kmemleak.c: wait for scan completion before disabling free
  * llc: properly handle dev_queue_xmit() return value
  * net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
  * net/usb/qmi_wwan.c: Add USB id for lt4120 modem
  * net: qmi_wwan: add BroadMobi BM806U 2020:2033
  * ARM: 8748/1: mm: Define vdso_start, vdso_end as array
  * batman-adv: fix packet loss for broadcasted DHCP packets to a server
  * batman-adv: fix multicast-via-unicast transmission with AP isolation
  * selftests: ftrace: Add a testcase for probepoint
  * selftests: ftrace: Add a testcase for string type with kprobe_event
  * selftests: ftrace: Add probe event argument syntax testcase
  * mm/mempolicy.c: avoid use uninitialized preferred_node
  * RDMA/ucma: Correct option size check using optlen
  * perf/cgroup: Fix child event counting bug
  * vti4: Don't override MTU passed on link creation via IFLA_MTU
  * vti4: Don't count header length twice on tunnel setup
  * batman-adv: fix header size check in batadv_dbg_arp()
  * net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
  * sunvnet: does not support GSO for sctp
  * ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
  * workqueue: use put_device() instead of kfree()
  * bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
  * netfilter: ebtables: fix erroneous reject of last rule
  * USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
  * xen: xenbus: use put_device() instead of kfree()
  * fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
  * scsi: sd: Keep disk read-only when re-reading partition
  * scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
  * usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
  * e1000e: allocate ring descriptors with dma_zalloc_coherent
  * e1000e: Fix check_for_link return value with autoneg off
  * watchdog: f71808e_wdt: Fix magic close handling
  * KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
  * selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
  * Btrfs: send, fix issuing write op when processing hole in no data mode
  * xen/pirq: fix error path cleanup when binding MSIs
  * net/tcp/illinois: replace broken algorithm reference link
  * gianfar: Fix Rx byte accounting for ndev stats
  * sit: fix IFLA_MTU ignored on NEWLINK
  * bcache: fix kcrashes with fio in RAID5 backend dev
  * dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
  * virtio-gpu: fix ioctl and expose the fixed status to userspace.
  * r8152: fix tx packets accounting
  * clocksource/drivers/fsl_ftm_timer: Fix error return checking
  * nvme-pci: Fix nvme queue cleanup if IRQ setup fails
  * netfilter: ebtables: convert BUG_ONs to WARN_ONs
  * batman-adv: invalidate checksum on fragment reassembly
  * batman-adv: fix packet checksum in receive path
  * md/raid1: fix NULL pointer dereference
  * media: dmxdev: fix error code for invalid ioctls
  * x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
  * locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
  * regulatory: add NUL to request alpha2
  * smsc75xx: fix smsc75xx_set_features()
  * ARM: OMAP: Fix dmtimer init for omap1
  * s390/cio: clear timer when terminating driver I/O
  * s390/cio: fix return code after missing interrupt
  * powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
  * kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
  * md: raid5: avoid string overflow warning
  * locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
  * usb: musb: fix enumeration after resume
  * drm/exynos: fix comparison to bitshift when dealing with a mask
  * md raid10: fix NULL deference in handle_write_completed()
  * mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
  * NFC: llcp: Limit size of SDP URI
  * ARM: OMAP1: clock: Fix debugfs_create_*() usage
  * ARM: OMAP3: Fix prm wake interrupt for resume
  * ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
  * scsi: qla4xxx: skip error recovery in case of register disconnect.
  * scsi: aacraid: fix shutdown crash when init fails
  * scsi: storvsc: Increase cmd_per_lun for higher speed devices
  * selftests: memfd: add config fragment for fuse
  * usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
  * usb: gadget: fsl_udc_core: fix ep valid checks
  * usb: gadget: f_uac2: fix bFirstInterface in composite gadget
  * ARC: Fix malformed ARC_EMUL_UNALIGNED default
  * scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion()
  * scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
  * scsi: sym53c8xx_2: iterator underflow in sym_getsync()
  * scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
  * scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
  * irqchip/gic-v3: Change pr_debug message to pr_devel
  * locking/qspinlock: Ensure node->count is updated before initialising node
  * tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
  * bcache: return attach error when no cache set exist
  * bcache: fix for data collapse after re-attaching an attached device
  * bcache: fix for allocator and register thread race
  * bcache: properly set task state in bch_writeback_thread()
  * cifs: silence compiler warnings showing up with gcc-8.0.0
  * proc: fix /proc/*/map_files lookup
  * arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
  * RDS: IB: Fix null pointer issue
  * xen/grant-table: Use put_page instead of free_page
  * xen-netfront: Fix race between device setup and open
  * MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
  * bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
  * ACPI: processor_perflib: Do not send _PPC change notification if not ready
  * firmware: dmi_scan: Fix handling of empty DMI strings
  * x86/power: Fix swsusp_arch_resume prototype
  * IB/ipoib: Fix for potential no-carrier state
  * mm: pin address_space before dereferencing it while isolating an LRU page
  * asm-generic: provide generic_pmdp_establish()
  * mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
  * mm/mempolicy: fix the check of nodemask from user
  * ocfs2: return error when we attempt to access a dirty bh in jbd2
  * ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
  * ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
  * ntb_transport: Fix bug with max_mw_size parameter
  * RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
  * powerpc/numa: Ensure nodes initialized for hotplug
  * powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
  * jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
  * HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
  * scsi: fas216: fix sense buffer initialization
  * Btrfs: fix scrub to repair raid6 corruption
  * btrfs: Fix out of bounds access in btrfs_search_slot
  * Btrfs: set plug for fsync
  * ipmi/powernv: Fix error return code in ipmi_powernv_probe()
  * mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
  * kconfig: Fix expr_free() E_NOT leak
  * kconfig: Fix automatic menu creation mem leak
  * kconfig: Don't leak main menus during parsing
  * watchdog: sp5100_tco: Fix watchdog disable bit
  * nfs: Do not convert nfs_idmap_cache_timeout to jiffies
  * dm thin: fix documentation relative to low water mark threshold
  * tools lib traceevent: Fix get_field_str() for dynamic strings
  * perf callchain: Fix attr.sample_max_stack setting
  * tools lib traceevent: Simplify pointer print logic and fix %pF
  * PCI: Add function 1 DMA alias quirk for Marvell 9128
  * tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
  * kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
  * ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
  * ALSA: hda - Use IS_REACHABLE() for dependency on input
  * NFSv4: always set NFS_LOCK_LOST when a lock is lost.
  * firewire-ohci: work around oversized DMA reads on JMicron controllers
  * do d_instantiate/unlock_new_inode combinations safely
  * xfs: remove racy hasattr check from attr ops
  * kernel/signal.c: avoid undefined behaviour in kill_something_info
  * kernel/sys.c: fix potential Spectre v1 issue
  * kasan: fix memory hotplug during boot
  * ipc/shm: fix shmat() nil address after round-down when remapping
  * Revert "ipc/shm: Fix shmat mmap nil-page protection"
  * xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
  * libata: blacklist Micron 500IT SSD with MU01 firmware
  * libata: Blacklist some Sandisk SSDs for NCQ
  * mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
  * ALSA: timer: Fix pause event notification
  * aio: fix io_destroy(2) vs. lookup_ioctx() race
  * affs_lookup(): close a race with affs_remove_link()
  * KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
  * MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
  * MIPS: ptrace: Expose FIR register through FP regset

CVE References

Juerg Haefliger (juergh) on 2018-06-08
Changed in linux (Ubuntu):
status: New → Invalid
Juerg Haefliger (juergh) wrote :

List of previously applied patches:
  * mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
  * bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
  * virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS

Juerg Haefliger (juergh) on 2018-06-08
description: updated
Changed in linux (Ubuntu Xenial):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (29.8 KiB)

This bug was fixed in the package linux - 4.4.0-130.156

---------------
linux (4.4.0-130.156) xenial; urgency=medium

  * linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)

  * CVE-2018-3665 (x86)
    - x86/fpu: Fix early FPU command-line parsing
    - x86/fpu: Fix 'no387' regression
    - x86/fpu: Disable MPX when eagerfpu is off
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix FNSAVE usage in eagerfpu mode
    - x86/fpu: Fix math emulation in eager fpu mode
    - x86/fpu: Fix eager-FPU handling on legacy FPU machines

linux (4.4.0-129.155) xenial; urgency=medium

  * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)

  * Xenial update to 4.4.134 stable release (LP: #1775771)
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - kernel/signal.c: avoid undefined behaviour in kill_something_info
    - xfs: remove racy hasattr check from attr ops
    - do d_instantiate/unlock_new_inode combinations safely
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - dm thin: fix documentation relative to low water mark threshold
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - scsi: fas216: fix sense buffer initialization
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - powerpc/numa: Use ibm,max-associativity-domains to discover possib...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers