Disco update: 5.0.17 upstream stable release

Bug #1836577 reported by Stefan Bader on 2019-07-15
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Disco
Medium
Stefan Bader

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       5.0.17 upstream stable release
       from git://git.kernel.org/

The following patches were applied:
* bfq: update internal depth state when queue depth changes
* platform/x86: sony-laptop: Fix unintentional fall-through
* platform/x86: thinkpad_acpi: Disable Bluetooth for some machines
* platform/x86: dell-laptop: fix rfkill functionality
* hwmon: (pwm-fan) Disable PWM if fetching cooling data fails
* hwmon: (occ) Fix extended status bits
* selftests/seccomp: Handle namespace failures gracefully
* kernfs: fix barrier usage in __kernfs_new_node()
* virt: vbox: Sanity-check parameter types for hgcm-calls coming from userspace
* USB: serial: fix unthrottle races
* iio: adc: xilinx: fix potential use-after-free on remove
* iio: adc: xilinx: fix potential use-after-free on probe
* iio: adc: xilinx: prevent touching unclocked h/w on remove
* acpi/nfit: Always dump _DSM output payload
* libnvdimm/namespace: Fix a potential NULL pointer dereference
* HID: input: add mapping for Expose/Overview key
* HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
* HID: input: add mapping for "Toggle Display" key
* libnvdimm/btt: Fix a kmemdup failure check
* s390/dasd: Fix capacity calculation for large volumes
* mac80211: fix unaligned access in mesh table hash function
* mac80211: Increase MAX_MSG_LEN
* cfg80211: Handle WMM rules in regulatory domain intersection
* mac80211: fix memory accounting with A-MSDU aggregation
* nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands
* libnvdimm/security: provide fix for secure-erase to use zero-key
* libnvdimm/pmem: fix a possible OOB access when read and write pmem
* tools/testing/nvdimm: Retain security state after overwrite
* s390/3270: fix lockdep false positive on view->lock
* drm/ttm: fix dma_fence refcount imbalance on error path
* drm/amd/display: extending AUX SW Timeout
* clocksource/drivers/npcm: select TIMER_OF
* clocksource/drivers/oxnas: Fix OX820 compatible
* selftests: fib_tests: Fix 'Command line is not complete' errors
* drm/amdgpu: shadow in shadow_list without tbo.mem.start cause page fault
  in sriov TDR
* mISDN: Check address length before reading address family
* vxge: fix return of a free'd memblock on a failed dma mapping
* qede: fix write to free'd pointer error and double free of ptp
* afs: Unlock pages for __pagevec_release()
* afs: Fix in-progess ops to ignore server-level callback invalidation
* qed: Delete redundant doorbell recovery types
* qed: Fix the doorbell address sanity check
* qed: Fix missing DORQ attentions
* qed: Fix the DORQ's attentions handling
* drm/amd/display: If one stream full updates, full update all planes
* s390/pkey: add one more argument space for debug feature entry
* x86/build/lto: Fix truncated .bss with -fdata-sections
* x86/mm: Prevent bogus warnings with "noexec=off"
* x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
* KVM: nVMX: always use early vmcs check when EPT is disabled
* KVM: fix spectrev1 gadgets
* KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
* tools lib traceevent: Fix missing equality check for strcmp
* perf top: Always sample time to satisfy needs of use of ordered queuing
* ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash
* ocelot: Don't sleep in atomic context (irqs_disabled())
* perf tools: Fix map reference counting
* scsi: aic7xxx: fix EISA support
* slab: store tagged freelist for off-slab slabmgmt
* mm/hotplug: treat CMA pages as unmovable
* mm: fix inactive list balancing between NUMA nodes and cgroups
* init: initialize jump labels before command line option parsing
* drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs
* selftests: netfilter: check icmp pkttoobig errors are set as related
* ipvs: do not schedule icmp errors from tunnels
* netfilter: ctnetlink: don't use conntrack/expect object addresses as id
* netfilter: nf_tables: prevent shift wrap in nft_chain_parse_hook()
* netfilter: nat: fix icmp id randomization
* MIPS: perf: ath79: Fix perfcount IRQ assignment
* IB/mlx5: Fix scatter to CQE in DCT QP creation
* s390: ctcm: fix ctcm_new_device error return code
* drm/sun4i: Set device driver data at bind time for use in unbind
* drm/sun4i: Fix component unbinding and component master deletion
* of_net: Fix residues after of_get_nvmem_mac_address removal
* selftests/net: correct the return value for run_afpackettests
* netfilter: never get/set skb->tstamp
* netfilter: fix nf_l4proto_log_invalid to log invalid packets
* dmaengine: bcm2835: Avoid GFP_KERNEL in device_prep_slave_sg
* gpu: ipu-v3: dp: fix CSC handling
* drm/imx: don't skip DP channel disable for background plane
* ARM: fix function graph tracer and unwinder dependencies
* ARM: 8856/1: NOMMU: Fix CCR register faulty initialization when MPU is disabled
* spi: Micrel eth switch: declare missing of table
* spi: ST ST95HF NFC: declare missing of table
* ceph: handle the case where a dentry has been renamed on outstanding req
* Revert "drm/virtio: drop prime import/export callbacks"
* drm/sun4i: Unbind components before releasing DRM and memory
* Input: snvs_pwrkey - make it depend on ARCH_MXC
* Input: synaptics-rmi4 - fix possible double free
* net: vrf: Fix operation not supported when set vrf mac
* gpio: Fix gpiochip_add_data_with_key() error path
* mm/memory_hotplug.c: drop memory device reference after find_memory_block()
* mm/page_alloc.c: avoid potential NULL pointer dereference
* bpf: only test gso type on gso packets
* net: sched: fix cleanup NULL pointer exception in act_mirr
* net: mvpp2: fix validate for PPv2.1
* drm/rockchip: fix for mailbox read validation.
* cw1200: fix missing unlock on error in cw1200_hw_scan()
* mwl8k: Fix rate_idx underflow
* rtlwifi: rtl8723ae: Fix missing break in switch statement
* Don't jump to compute_result state from check_result state
* bonding: fix arp_validate toggling in active-backup mode
* bridge: Fix error path for kobject_init_and_add()
* dpaa_eth: fix SG frame cleanup
* fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL
  not supplied
* ipv4: Fix raw socket lookup for local traffic
* net: dsa: Fix error cleanup path in dsa_init_module
* net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
* net: macb: Change interrupt and napi enable order in open
* net: seeq: fix crash caused by not set dev.parent
* net: ucc_geth - fix Oops when changing number of buffers in the ring
* packet: Fix error path in packet_init
* selinux: do not report error on connect(AF_UNSPEC)
* tipc: fix hanging clients using poll with EPOLLOUT flag
* vlan: disable SIOCSHWTSTAMP in container
* vrf: sit mtu should not be updated when vrf netdev is the link
* tuntap: fix dividing by zero in ebpf queue selection
* tuntap: synchronize through tfiles array instead of tun->numqueues
* net: phy: fix phy_validate_pause
* flow_dissector: disable preemption around BPF calls
* isdn: bas_gigaset: use usb_fill_int_urb() properly
* drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
* drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
* powerpc/book3s/64: check for NULL pointer in pgd_alloc()
* powerpc/powernv/idle: Restore IAMR after idle
* powerpc/booke64: set RI in default MSR
* virtio_ring: Fix potential mem leak in virtqueue_add_indirect_packed
* PCI: hv: Fix a memory leak in hv_eject_device_work()
* PCI: hv: Add hv_pci_remove_slots() when we unload the driver
* PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary
* f2fs: Fix use of number of devices
* Linux 5.0.17

CVE References

Stefan Bader (smb) on 2019-07-15
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Disco):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Stefan Bader (smb) wrote :

Applied with fuzz 1 (verified): "x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T".

Already applied for bug #1825777: "selftests/net: correct the return value for run_netsocktests".

Already applied for bug #1822871: "arm64/module: ftrace: deal with place relative nature of PLTs".

Already applied for bug #1830815: "RDMA/hns: Bugfix for mapping user db".

description: updated
Changed in linux (Ubuntu Disco):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.0.0-25.26

---------------
linux (5.0.0-25.26) disco; urgency=medium

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

 -- Kleber Sacilotto de Souza <email address hidden> Thu, 01 Aug 2019 12:04:35 +0200

Changed in linux (Ubuntu Disco):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers