Xenial update: 4.4.190 upstream stable release

Bug #1845038 reported by Connor Kuehl on 2019-09-23
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Connor Kuehl

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* usb: iowarrior: fix deadlock on disconnect
* sound: fix a memory leak bug
* x86/mm: Check for pfn instead of page in vmalloc_sync_one()
* x86/mm: Sync also unmappings in vmalloc_sync_all()
* mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
* perf db-export: Fix thread__exec_comm()
* usb: yurex: Fix use-after-free in yurex_delete
* can: peak_usb: fix potential double kfree_skb()
* netfilter: nfnetlink: avoid deadlock due to synchronous request_module
* iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
* mac80211: don't warn about CW params when not using them
* hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
* cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
* s390/qdio: add sanity checks to the fast-requeue path
* ALSA: compress: Fix regression on compressed capture streams
* ALSA: compress: Prevent bypasses of set_params
* ALSA: compress: Be more restrictive about when a drain is allowed
* perf probe: Avoid calling freeing routine multiple times for same pointer
* ARM: davinci: fix sleep.S build error on ARMv4
* scsi: megaraid_sas: fix panic on loading firmware crashdump
* scsi: ibmvfc: fix WARN_ON during event pool release
* tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
* perf/core: Fix creating kernel counters for PMUs that override event->cpu
* can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
* can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
* hwmon: (nct7802) Fix wrong detection of in4 presence
* ALSA: firewire: fix a memory leak bug
* mac80211: don't WARN on short WMM parameters from AP
* SMB3: Fix deadlock in validate negotiate hits reconnect
* smb3: send CAP_DFS capability during session setup
* mwifiex: fix 802.11n/WPA detection
* scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
* sh: kernel: hw_breakpoint: Fix missing break in switch statement
* mm/memcontrol.c: fix use after free in mem_cgroup_iter()
* ALSA: hda - Fix a memory leak bug
* HID: holtek: test for sanity of intfdata
* HID: hiddev: avoid opening a disconnected device
* HID: hiddev: do cleanup in failure of opening a device
* Input: kbtab - sanity check for endpoint type
* Input: iforce - add sanity checks
* net: usb: pegasus: fix improper read if get_registers() fail
* xen/pciback: remove set but not used variable 'old_state'
* irqchip/irq-imx-gpcv2: Forward irq type to parent
* perf header: Fix divide by zero error if f_header.attr_size==0
* perf header: Fix use of unitialized value warning
* libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
* scsi: hpsa: correct scsi command status issue after reset
* ata: libahci: do not complain in case of deferred probe
* kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
* IB/core: Add mitigation for Spectre V1
* ocfs2: remove set but not used variable 'last_hash'
* asm-generic: fix -Wtype-limits compiler warnings
* staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
* staging: comedi: dt3000: Fix rounding up of timer divisor
* USB: core: Fix races in character device registration and deregistraion
* usb: cdc-acm: make sure a refcount is taken early enough
* USB: serial: option: add D-Link DWM-222 device ID
* USB: serial: option: Add support for ZTE MF871A
* USB: serial: option: add the BroadMobi BM818 card
* USB: serial: option: Add Motorola modem UARTs
* Backport minimal compiler_attributes.h to support GCC 9
* include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
* arm64: compat: Allow single-byte watchpoints on all addresses
* Input: psmouse - fix build error of multiple definition
* asm-generic: default BUG_ON(x) to if(x)BUG()
* scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
* RDMA: Directly cast the sockaddr union to sockaddr
* IB/mlx5: Make coding style more consistent
* x86/vdso: Remove direct HPET access through the vDSO
* iommu/amd: Move iommu_init_pci() to .init section
* x86/boot: Disable the address-of-packed-member compiler warning
* net/packet: fix race in tpacket_snd()
* xen/netback: Reset nr_frags before freeing skb
* net/mlx5e: Only support tx/rx pause setting for port owner
* sctp: fix the transport error_count check
* bonding: Add vlan tx offload to hw_enc_features
* Linux 4.4.190
* UBUNTU: [Packaging] update i386 retpoline for get_order

       4.4.190 upstream stable release
       from git://git.kernel.org/

Connor Kuehl (connork) wrote :

Already applied:

* usb: gadget: f_midi: fail if set_alt fails to allocate requests

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Connor Kuehl (connork)
Connor Kuehl (connork) on 2019-09-24
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (15.0 KiB)

This bug was fixed in the package linux - 4.4.0-166.195

---------------
linux (4.4.0-166.195) xenial; urgency=medium

  * xenial/linux: 4.4.0-166.195 -proposed tracker (LP: #1846069)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2017-18232
    - scsi: libsas: direct call probe and destruct

  * CVE-2018-21008
    - rsi: add fix for crash during assertions

  * Xenial update: 4.4.194 upstream stable release (LP: #1845405)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - driver core: Fix use-after-free and double free on glue directory
    - crypto: talitos - check AES key size
    - crypto: talitos - check data blocksize in ablkcipher.
    - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
      GCC9 build warning
    - MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - media: tm6000: double free if usb disconnect while streaming
    - x86/boot: Add missing bootparam that breaks boot on some platforms
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - s390/bpf: use 32-bit index for tail calls
    - NFSv4: Fix return values for nfs4_file_open()
    - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
    - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
      ATM_NICSTAR_USE_IDT77105
    - ARM: 8874/1: mm: only adjust sections of valid mm structures
    - r8152: Set memory to all 0xFFs on failed reg reads
    - x86/apic: Fix arch_dynirq_lower_bound() bug for D...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers