Bionic update: upstream stable patchset 2019-08-16

Bug #1840520 reported by Kamal Mostafa
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-08-16

                Ported from the following upstream stable releases:
                        v4.14.139, v4.19.67

       from git://

iio: adc: max9611: Fix misuse of GENMASK macro
crypto: ccp - Fix oops by properly managing allocated structures
crypto: ccp - Ignore tag length when decrypting GCM ciphertext
usb: usbfs: fix double-free of usb memory upon submiturb error
usb: iowarrior: fix deadlock on disconnect
sound: fix a memory leak bug
mmc: cavium: Set the correct dma max segment size for mmc_host
mmc: cavium: Add the missing dma unmap when the dma has finished.
loop: set PF_MEMALLOC_NOIO for the worker thread
Input: synaptics - enable RMI mode for HP Spectre X360
lkdtm: support llvm-objcopy
crypto: ccp - Validate buffer lengths for copy operations
crypto: ccp - Add support for valid authsize values less than 16
perf annotate: Fix s390 gap between kernel end and module start
perf db-export: Fix thread__exec_comm()
perf record: Fix module size on s390
usb: host: xhci-rcar: Fix timeout in xhci_suspend()
usb: yurex: Fix use-after-free in yurex_delete
can: rcar_canfd: fix possible IRQ storm on high load
can: peak_usb: fix potential double kfree_skb()
netfilter: nfnetlink: avoid deadlock due to synchronous request_module
vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn
netfilter: Fix rpfilter dropping vrf packets by mistake
netfilter: nft_hash: fix symhash with modulus one
scripts/sphinx-pre-install: fix script for RHEL/CentOS
iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
mac80211: don't warn about CW params when not using them
hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
drm: silence variable 'conn' set but not used
cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
s390/qdio: add sanity checks to the fast-requeue path
ALSA: compress: Fix regression on compressed capture streams
ALSA: compress: Prevent bypasses of set_params
ALSA: compress: Don't allow paritial drain operations on capture streams
ALSA: compress: Be more restrictive about when a drain is allowed
perf tools: Fix proper buffer size for feature processing
perf probe: Avoid calling freeing routine multiple times for same pointer
drbd: dynamically allocate shash descriptor
ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id()
ARM: davinci: fix sleep.S build error on ARMv4
scsi: megaraid_sas: fix panic on loading firmware crashdump
scsi: ibmvfc: fix WARN_ON during event pool release
scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
test_firmware: fix a memory leak bug
tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
perf/core: Fix creating kernel counters for PMUs that override event->cpu
HID: sony: Fix race condition between rumble and device remove.
can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
hwmon: (nct7802) Fix wrong detection of in4 presence
drm/i915: Fix wrong escape clock divisor init for GLK
ALSA: firewire: fix a memory leak bug
ALSA: hda - Don't override global PCM hw info flag
ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457)
mac80211: don't WARN on short WMM parameters from AP
SMB3: Fix deadlock in validate negotiate hits reconnect
smb3: send CAP_DFS capability during session setup
NFSv4: Only pass the delegation to setattr if we're sending a truncate
NFSv4: Fix an Oops in nfs4_do_setattr
KVM: Fix leak vCPU's VMCS value into other pCPU
mwifiex: fix 802.11n/WPA detection
iwlwifi: don't unmap as page memory that was mapped as single
iwlwifi: mvm: fix an out-of-bound access
iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT on version < 41
iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support
iio: cros_ec_accel_legacy: Fix incorrect channel setting
staging: android: ion: Bail out upon SIGKILL when allocating memory.
x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS
usb: typec: tcpm: free log buf memory when remove debug file
usb: typec: tcpm: remove tcpm dir if no children
usb: typec: tcpm: Add NULL check before dereferencing config
netfilter: conntrack: always store window size un-scaled
drm/amd/display: Wait for backlight programming completion in set backlight level
drm/amd/display: use encoder's engine id to find matched free audio device
drm/amd/display: Fix dc_create failure handling and 666 color depths
drm/amd/display: Only enable audio if speaker allocation exists
drm/amd/display: Increase size of audios array
allocate_flower_entry: should check for null deref
s390/dma: provide proper ARCH_ZONE_DMA_BITS value
ALSA: hiface: fix multiple memory leak bugs
UBUNTU: upstream stable to v4.14.139, v4.19.67

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (20.2 KiB)

This bug was fixed in the package linux - 4.15.0-65.74

linux (4.15.0-65.74) bionic; urgency=medium

  * bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403)

  * arm64: large modules fail to load (LP: #1841109)
    - arm64/kernel: kaslr: reduce module randomization range to 4 GB
    - arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419
    - arm64: fix undefined reference to 'printk'
    - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp
    - [config] Remove CONFIG_ARM64_MODULE_CMODEL_LARGE

  * CVE-2018-20976
    - xfs: clear sb->s_fs_info on mount failure

  * br_netfilter: namespace sysctl operations (LP: #1836910)
    - net: bridge: add bitfield for options and convert vlan opts
    - net: bridge: convert nf call options to bits
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()

  * tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756)
    - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE

  * Bionic update: upstream stable patchset 2019-08-30 (LP: #1842114)
    - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
    - MIPS: kernel: only use i8253 clocksource with periodic clockevent
    - mips: fix cacheinfo
    - netfilter: ebtables: fix a memory leak bug in compat
    - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
    - bonding: Force slave speed check after link state recovery for 802.3ad
    - can: dev: call netif_carrier_off() in register_candev()
    - ASoC: Fail card instantiation if DAI format setup fails
    - st21nfca_connectivity_event_received: null check the allocation
    - st_nci_hci_connectivity_event_received: null check the allocation
    - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
    - net: usb: qmi_wwan: Add the BroadMobi BM818 card
    - qed: RDMA - Fix the hw_ver returned in device attributes
    - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
    - netfilter: ipset: Fix rename concurrency with listing
    - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
    - perf bench numa: Fix cpu0 binding
    - can: sja1000: force the string buffer NULL-terminated
    - can: peak_usb: force the string buffer NULL-terminated
    - net/ethernet/qlogic/qed: force the string buffer NULL-terminated
    - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
    - HID: input: fix a4tech horizontal wheel custom usage
    - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL
    - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
    - net: hisilicon: make hip04_tx_reclaim non-reentrant
    - net: hisilicon: fix hip04-xmit never return TX_BUSY
    - net: hisilicon: Fix dma_map_single failed on arm64
    - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
    - libata: add SG safety checks in SFF pio transfers
    - x86/lib/cpu: Address missing prototypes warning
    - drm/vmwgfx: fix memory leak when too many retries have occurred
    - perf ftrace: Fix failure to set cpuma...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers