Cosmic update to 4.18.11 stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The 4.18.11 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
TEST CASE: TBD
The following patches from the 4.18.11 stable release shall be applied:
Linux 4.18.11
spi: Fix double IDR allocation with DT aliases
iw_cxgb4: only allow 1 flush on user qps
vmw_balloon: include asm/io.h
sched/fair: Fix vruntime_
ext4, dax: set ext4_dax_aops for dax files
ext4, dax: add ext4_bmap to ext4_dax_aops
ext4: show test_dummy_
ext4: don't mark mmp buffer head dirty
ext4: fix online resizing for bigalloc file systems with a 1k block size
ext4: fix online resize's handling of a too-small final block group
ext4: recalucate superblock checksum after updating free blocks/inodes
ext4: avoid arithemetic overflow that can trigger a BUG
ext4: avoid divide by zero fault when deleting corrupted inline directories
ext4: check to make sure the rename(2)'s destination is not freed
tty: vt_ioctl: fix potential Spectre v1
drm/amdgpu: add new polaris pci id
drm: udl: Destroy framebuffer only if it was initialized
drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
drm/nouveau/
drm/nouveau/
drm/nouveau/
drm/nouveau/
drm/nouveau/
drm/nouveau: Fix deadlocks in nouveau_
drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_
drm/nouveau: Only write DP_MSTM_CTRL when needed
drm/nouveau: Reset MST branching unit before enabling
drm/i915/bdw: Increase IPS disable timeout to 100ms
ocfs2: fix ocfs2 read block panic
libata: mask swap internal and hardware tag
Revert "ubifs: xattr: Don't operate on deleted inodes"
scsi: target: iscsi: Use bin2hex instead of a re-implementation
scsi: target: iscsi: Use hex2bin instead of a re-implementation
Revert "uapi/linux/
bpf/verifier: disallow pointer subtraction
Revert "rpmsg: core: add support to power domains for devices"
mm: shmem.c: Correctly annotate new inodes for lockdep
mm: disable deferred struct page for 32-bit arches
fork: report pid exhaustion correctly
crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2
ring-buffer: Allow for rescheduling when removing pages
Revert "PCI: Add ACS quirk for Intel 300 series"
spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
xen/netfront: don't bug in case of too many frags
platform/x86: alienware-wmi: Correct a memory leak
platform/x86: dell-smbios-wmi: Correct a memory leak
mtd: rawnand: denali: fix a race condition when DMA is kicked
mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able
ALSA: oxfw: fix memory leak of private data
ALSA: oxfw: fix memory leak of discovered stream formats at error path
ALSA: oxfw: fix memory leak for model-dependent data at error path
ALSA: fireworks: fix memory leak of response buffer at error path
ALSA: firewire-tascam: fix memory leak of private data
ALSA: firewire-digi00x: fix memory leak of private data
ALSA: fireface: fix memory leak in ff400_switch_
ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_
ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping
ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path
ASoC: uapi: fix sound/skl-
ASoC: rsnd: fixup not to call clk_get/set under non-atomic
ASoC: tas6424: Save last fault register even when clear
ASoC: cs4265: fix MMTLR Data switch control
ASoC: wm9712: fix replace codec to component
NFC: Fix the number of pipes
NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
net: rtnl_configure_
net: mvpp2: let phylink manage the carrier state
net/ipv6: do not copy dst flags on rt init
ipv6: use rt6_info members when dst is set in rt6_fill_node
bnxt_en: Fix VF mac address regression.
tls: fix currently broken MSG_PEEK behavior
socket: fix struct ifreq size in compat ioctl
net: dsa: mv88e6xxx: Fix ATU Miss Violation
hv_netvsc: fix schedule in RCU context
net/sched: act_sample: fix NULL dereference in the data path
udp6: add missing checks on edumux packet processing
neighbour: confirm neigh entries when ARP packet is received
tls: clear key material from kernel memory when do_tls_
tls: zero the crypto information from tls_context before freeing
tls: don't copy the key out of tls12_crypto_
udp4: fix IP_CMSG_CHECKSUM for connected sockets
qmi_wwan: set DTR for modems in forced USB2 mode
pppoe: fix reception of frames with no mac header
net: hp100: fix always-true check for link up state
net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
ipv6: fix possible use-after-free in ip6_xmit()
gso_segment: Reset skb->mac_len after modifying network header
CVE References
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu): | |
status: | New → Fix Committed |
tags: | added: cscc |
This bug was fixed in the package linux - 4.18.0-9.10
---------------
linux (4.18.0-9.10) cosmic; urgency=medium
* linux: 4.18.0-9.10 -proposed tracker (LP: #1796346)
* Cosmic update: v4.18.12 upstream stable release (LP: #1796139) truncation warnings get_user_ memory( ) to-physical node mapping charge_ current value {,un}link from atomic context display/ dc/dce: Fix multiple potential integer overflows init_one_ mr() try_fmt( ) rdma/opa_ addr.h: Fix an endianness issue ta_authenticati on() respect the output
- crypto: skcipher - Fix -Wstringop-
- iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
- tsl2550: fix lux1_input error in low light
- misc: ibmvmc: Use GFP_ATOMIC under spin lock
- vmci: type promotion bug in qp_host_
- siox: don't create a thread without starting it
- x86/numa_emulation: Fix emulated-
- staging: rts5208: fix missing error check on call to rtsx_write_register
- power: supply: axp288_charger: Fix initial constant_
- misc: sram: enable clock before registering regions
- serial: sh-sci: Stop RX FIFO timer during port shutdown
- uwb: hwa-rc: fix memory leak at probe
- power: vexpress: fix corruption in notifier registration
- iommu/amd: make sure TLB to be flushed before IOVA freed
- Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
- USB: serial: kobil_sct: fix modem-status error handling
- 6lowpan: iphc: reset mac_header after decompress to fix panic
- iommu/msm: Don't call iommu_device_
- s390/mm: correct allocate_pgste proc_handler callback
- power: remove possible deadlock when unregistering power_supply
- drm/amd/
- drm/amd/display: fix use of uninitialized memory
- md-cluster: clear another node's suspend_area after the copy is finished
- cxgb4: Fix the condition to check if the card is T5
- RDMA/bnxt_re: Fix a couple off by one bugs
- RDMA/i40w: Hold read semaphore while looking after VMA
- RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
- IB/core: type promotion bug in rdma_rw_
- media: exynos4-is: Prevent NULL pointer dereference in __isp_video_
- IB/mlx4: Test port number before querying type.
- powerpc/kdump: Handle crashkernel memory reservation failure
- media: fsl-viu: fix error handling in viu_of_probe()
- vhost_net: Avoid tx vring kicks during busyloop
- media: staging/imx: fill vb2_v4l2_buffer field entry
- IB/mlx5: Fix GRE flow specification
- include/
- x86/tsc: Add missing header to tsc_msr.c
- ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
- x86/entry/64: Add two more instruction suffixes
- ARM: dts: ls1021a: Add missing cooling device properties for CPUs
- scsi: target/iscsi: Make iscsit_
buffer size
- thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
calibration.
- scsi: klist: Make it safe to use klists in atomic context
- scsi: ibmvscsi: Improve strings handling
- scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
- usb: wusbcore: security: cast sizeof to int for comparison
- ath10k: sdio: use same endpoint id for all packets...