Cosmic update to 4.18.11 stable release

Bug #1795486 reported by Thadeu Lima de Souza Cascardo on 2018-10-01
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description

    SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The 4.18.11 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.



       The following patches from the 4.18.11 stable release shall be applied:

Linux 4.18.11
spi: Fix double IDR allocation with DT aliases
iw_cxgb4: only allow 1 flush on user qps
vmw_balloon: include asm/io.h
sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
ext4, dax: set ext4_dax_aops for dax files
ext4, dax: add ext4_bmap to ext4_dax_aops
ext4: show test_dummy_encryption mount option in /proc/mounts
ext4: don't mark mmp buffer head dirty
ext4: fix online resizing for bigalloc file systems with a 1k block size
ext4: fix online resize's handling of a too-small final block group
ext4: recalucate superblock checksum after updating free blocks/inodes
ext4: avoid arithemetic overflow that can trigger a BUG
ext4: avoid divide by zero fault when deleting corrupted inline directories
ext4: check to make sure the rename(2)'s destination is not freed
tty: vt_ioctl: fix potential Spectre v1
drm/amdgpu: add new polaris pci id
drm: udl: Destroy framebuffer only if it was initialized
drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests
drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement
drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload
drm/nouveau: Fix deadlocks in nouveau_connector_detect()
drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()
drm/nouveau: Only write DP_MSTM_CTRL when needed
drm/nouveau: Reset MST branching unit before enabling
drm/i915/bdw: Increase IPS disable timeout to 100ms
ocfs2: fix ocfs2 read block panic
libata: mask swap internal and hardware tag
Revert "ubifs: xattr: Don't operate on deleted inodes"
scsi: target: iscsi: Use bin2hex instead of a re-implementation
scsi: target: iscsi: Use hex2bin instead of a re-implementation
Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name"
bpf/verifier: disallow pointer subtraction
Revert "rpmsg: core: add support to power domains for devices"
mm: shmem.c: Correctly annotate new inodes for lockdep
mm: disable deferred struct page for 32-bit arches
fork: report pid exhaustion correctly
crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2
ring-buffer: Allow for rescheduling when removing pages
Revert "PCI: Add ACS quirk for Intel 300 series"
spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
xen/netfront: don't bug in case of too many frags
platform/x86: alienware-wmi: Correct a memory leak
platform/x86: dell-smbios-wmi: Correct a memory leak
mtd: rawnand: denali: fix a race condition when DMA is kicked
mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able
ALSA: oxfw: fix memory leak of private data
ALSA: oxfw: fix memory leak of discovered stream formats at error path
ALSA: oxfw: fix memory leak for model-dependent data at error path
ALSA: fireworks: fix memory leak of response buffer at error path
ALSA: firewire-tascam: fix memory leak of private data
ALSA: firewire-digi00x: fix memory leak of private data
ALSA: fireface: fix memory leak in ff400_switch_fetching_mode()
ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping
ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path
ASoC: uapi: fix sound/skl-tplg-interface.h userspace compilation errors
ASoC: rsnd: fixup not to call clk_get/set under non-atomic
ASoC: tas6424: Save last fault register even when clear
ASoC: cs4265: fix MMTLR Data switch control
ASoC: wm9712: fix replace codec to component
NFC: Fix the number of pipes
NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
net: mvpp2: let phylink manage the carrier state
net/ipv6: do not copy dst flags on rt init
ipv6: use rt6_info members when dst is set in rt6_fill_node
bnxt_en: Fix VF mac address regression.
tls: fix currently broken MSG_PEEK behavior
socket: fix struct ifreq size in compat ioctl
net: dsa: mv88e6xxx: Fix ATU Miss Violation
hv_netvsc: fix schedule in RCU context
net/sched: act_sample: fix NULL dereference in the data path
udp6: add missing checks on edumux packet processing
neighbour: confirm neigh entries when ARP packet is received
tls: clear key material from kernel memory when do_tls_setsockopt_conf fails
tls: zero the crypto information from tls_context before freeing
tls: don't copy the key out of tls12_crypto_info_aes_gcm_128
udp4: fix IP_CMSG_CHECKSUM for connected sockets
qmi_wwan: set DTR for modems in forced USB2 mode
pppoe: fix reception of frames with no mac header
net: hp100: fix always-true check for link up state
net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
ipv6: fix possible use-after-free in ip6_xmit()
gso_segment: Reset skb->mac_len after modifying network header

CVE References

tags: added: kernel-stable-tracking-bug
Seth Forshee (sforshee) on 2018-10-05
Changed in linux (Ubuntu):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (60.2 KiB)

This bug was fixed in the package linux - 4.18.0-9.10

linux (4.18.0-9.10) cosmic; urgency=medium

  * linux: 4.18.0-9.10 -proposed tracker (LP: #1796346)

  * Cosmic update: v4.18.12 upstream stable release (LP: #1796139)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
    - tsl2550: fix lux1_input error in low light
    - misc: ibmvmc: Use GFP_ATOMIC under spin lock
    - vmci: type promotion bug in qp_host_get_user_memory()
    - siox: don't create a thread without starting it
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - power: supply: axp288_charger: Fix initial constant_charge_current value
    - misc: sram: enable clock before registering regions
    - serial: sh-sci: Stop RX FIFO timer during port shutdown
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - iommu/amd: make sure TLB to be flushed before IOVA freed
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - iommu/msm: Don't call iommu_device_{,un}link from atomic context
    - s390/mm: correct allocate_pgste proc_handler callback
    - power: remove possible deadlock when unregistering power_supply
    - drm/amd/display/dc/dce: Fix multiple potential integer overflows
    - drm/amd/display: fix use of uninitialized memory
    - md-cluster: clear another node's suspend_area after the copy is finished
    - cxgb4: Fix the condition to check if the card is T5
    - RDMA/bnxt_re: Fix a couple off by one bugs
    - RDMA/i40w: Hold read semaphore while looking after VMA
    - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
    - IB/core: type promotion bug in rdma_rw_init_one_mr()
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - IB/mlx4: Test port number before querying type.
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - vhost_net: Avoid tx vring kicks during busyloop
    - media: staging/imx: fill vb2_v4l2_buffer field entry
    - IB/mlx5: Fix GRE flow specification
    - include/rdma/opa_addr.h: Fix an endianness issue
    - x86/tsc: Add missing header to tsc_msr.c
    - ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
    - x86/entry/64: Add two more instruction suffixes
    - ARM: dts: ls1021a: Add missing cooling device properties for CPUs
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
    - usb: wusbcore: security: cast sizeof to int for comparison
    - ath10k: sdio: use same endpoint id for all packets...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers