Cosmic update to 4.18.11 stable release

Bug #1795486 reported by Thadeu Lima de Souza Cascardo on 2018-10-01
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned

Bug Description

    SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.18.11 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

       The following patches from the 4.18.11 stable release shall be applied:

Linux 4.18.11
spi: Fix double IDR allocation with DT aliases
iw_cxgb4: only allow 1 flush on user qps
vmw_balloon: include asm/io.h
sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
ext4, dax: set ext4_dax_aops for dax files
ext4, dax: add ext4_bmap to ext4_dax_aops
ext4: show test_dummy_encryption mount option in /proc/mounts
ext4: don't mark mmp buffer head dirty
ext4: fix online resizing for bigalloc file systems with a 1k block size
ext4: fix online resize's handling of a too-small final block group
ext4: recalucate superblock checksum after updating free blocks/inodes
ext4: avoid arithemetic overflow that can trigger a BUG
ext4: avoid divide by zero fault when deleting corrupted inline directories
ext4: check to make sure the rename(2)'s destination is not freed
tty: vt_ioctl: fix potential Spectre v1
drm/amdgpu: add new polaris pci id
drm: udl: Destroy framebuffer only if it was initialized
drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests
drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement
drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload
drm/nouveau: Fix deadlocks in nouveau_connector_detect()
drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()
drm/nouveau: Only write DP_MSTM_CTRL when needed
drm/nouveau: Reset MST branching unit before enabling
drm/i915/bdw: Increase IPS disable timeout to 100ms
ocfs2: fix ocfs2 read block panic
libata: mask swap internal and hardware tag
Revert "ubifs: xattr: Don't operate on deleted inodes"
scsi: target: iscsi: Use bin2hex instead of a re-implementation
scsi: target: iscsi: Use hex2bin instead of a re-implementation
Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name"
bpf/verifier: disallow pointer subtraction
Revert "rpmsg: core: add support to power domains for devices"
mm: shmem.c: Correctly annotate new inodes for lockdep
mm: disable deferred struct page for 32-bit arches
fork: report pid exhaustion correctly
crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2
ring-buffer: Allow for rescheduling when removing pages
Revert "PCI: Add ACS quirk for Intel 300 series"
spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
xen/netfront: don't bug in case of too many frags
platform/x86: alienware-wmi: Correct a memory leak
platform/x86: dell-smbios-wmi: Correct a memory leak
mtd: rawnand: denali: fix a race condition when DMA is kicked
mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able
ALSA: oxfw: fix memory leak of private data
ALSA: oxfw: fix memory leak of discovered stream formats at error path
ALSA: oxfw: fix memory leak for model-dependent data at error path
ALSA: fireworks: fix memory leak of response buffer at error path
ALSA: firewire-tascam: fix memory leak of private data
ALSA: firewire-digi00x: fix memory leak of private data
ALSA: fireface: fix memory leak in ff400_switch_fetching_mode()
ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping
ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path
ASoC: uapi: fix sound/skl-tplg-interface.h userspace compilation errors
ASoC: rsnd: fixup not to call clk_get/set under non-atomic
ASoC: tas6424: Save last fault register even when clear
ASoC: cs4265: fix MMTLR Data switch control
ASoC: wm9712: fix replace codec to component
NFC: Fix the number of pipes
NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
net: mvpp2: let phylink manage the carrier state
net/ipv6: do not copy dst flags on rt init
ipv6: use rt6_info members when dst is set in rt6_fill_node
bnxt_en: Fix VF mac address regression.
tls: fix currently broken MSG_PEEK behavior
socket: fix struct ifreq size in compat ioctl
net: dsa: mv88e6xxx: Fix ATU Miss Violation
hv_netvsc: fix schedule in RCU context
net/sched: act_sample: fix NULL dereference in the data path
udp6: add missing checks on edumux packet processing
neighbour: confirm neigh entries when ARP packet is received
tls: clear key material from kernel memory when do_tls_setsockopt_conf fails
tls: zero the crypto information from tls_context before freeing
tls: don't copy the key out of tls12_crypto_info_aes_gcm_128
udp4: fix IP_CMSG_CHECKSUM for connected sockets
qmi_wwan: set DTR for modems in forced USB2 mode
pppoe: fix reception of frames with no mac header
net: hp100: fix always-true check for link up state
net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
ipv6: fix possible use-after-free in ip6_xmit()
gso_segment: Reset skb->mac_len after modifying network header

CVE References

tags: added: kernel-stable-tracking-bug
Seth Forshee (sforshee) on 2018-10-05
Changed in linux (Ubuntu):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (60.2 KiB)

This bug was fixed in the package linux - 4.18.0-9.10

---------------
linux (4.18.0-9.10) cosmic; urgency=medium

  * linux: 4.18.0-9.10 -proposed tracker (LP: #1796346)

  * Cosmic update: v4.18.12 upstream stable release (LP: #1796139)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
    - tsl2550: fix lux1_input error in low light
    - misc: ibmvmc: Use GFP_ATOMIC under spin lock
    - vmci: type promotion bug in qp_host_get_user_memory()
    - siox: don't create a thread without starting it
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - power: supply: axp288_charger: Fix initial constant_charge_current value
    - misc: sram: enable clock before registering regions
    - serial: sh-sci: Stop RX FIFO timer during port shutdown
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - iommu/amd: make sure TLB to be flushed before IOVA freed
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - iommu/msm: Don't call iommu_device_{,un}link from atomic context
    - s390/mm: correct allocate_pgste proc_handler callback
    - power: remove possible deadlock when unregistering power_supply
    - drm/amd/display/dc/dce: Fix multiple potential integer overflows
    - drm/amd/display: fix use of uninitialized memory
    - md-cluster: clear another node's suspend_area after the copy is finished
    - cxgb4: Fix the condition to check if the card is T5
    - RDMA/bnxt_re: Fix a couple off by one bugs
    - RDMA/i40w: Hold read semaphore while looking after VMA
    - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
    - IB/core: type promotion bug in rdma_rw_init_one_mr()
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - IB/mlx4: Test port number before querying type.
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - vhost_net: Avoid tx vring kicks during busyloop
    - media: staging/imx: fill vb2_v4l2_buffer field entry
    - IB/mlx5: Fix GRE flow specification
    - include/rdma/opa_addr.h: Fix an endianness issue
    - x86/tsc: Add missing header to tsc_msr.c
    - ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
    - x86/entry/64: Add two more instruction suffixes
    - ARM: dts: ls1021a: Add missing cooling device properties for CPUs
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
      calibration.
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
    - usb: wusbcore: security: cast sizeof to int for comparison
    - ath10k: sdio: use same endpoint id for all packets...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers