Bionic update: upstream stable patchset 2019-09-24

Bug #1845266 reported by Kamal Mostafa on 2019-09-24
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2019-09-24

                Ported from the following upstream stable releases:
                        v4.14.145, v4.19.74
                        v4.14.146, v4.19.75

       from git://git.kernel.org/

bridge/mdb: remove wrong use of NLM_F_MULTI
cdc_ether: fix rndis support for Mediatek based smartphones
ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
isdn/capi: check message length in capi_write()
net: Fix null de-reference of device refcount
net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list
net: phylink: Fix flow control resolution
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
tipc: add NULL pointer check before calling kfree_rcu
tun: fix use-after-free when register netdev failed
btrfs: compression: add helper for type to string conversion
btrfs: correctly validate compression type
Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist
gpio: fix line flag validation in linehandle_create
gpio: fix line flag validation in lineevent_create
Btrfs: fix assertion failure during fsync and use of stale transaction
genirq: Prevent NULL pointer dereference in resend_irqs()
KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
KVM: x86: work around leak of uninitialized stack contents
KVM: nVMX: handle page fault in vmread
MIPS: VDSO: Prevent use of smp_processor_id()
MIPS: VDSO: Use same -m%-float cflag as the kernel proper
powerpc: Add barrier_nospec to raw_copy_in_user()
drm/meson: Add support for XBGR8888 & ABGR8888 formats
clk: rockchip: Don't yell about bad mmc phases when getting
mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
PCI: Always allow probing with driver_override
ubifs: Correctly use tnc_next() in search_dh_cookie()
driver core: Fix use-after-free and double free on glue directory
crypto: talitos - check AES key size
crypto: talitos - fix CTR alg blocksize
crypto: talitos - check data blocksize in ablkcipher.
crypto: talitos - fix ECB algs ivsize
crypto: talitos - Do not modify req->cryptlen on decryption.
crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking.
firmware: ti_sci: Always request response from firmware
drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto
Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table
nvmem: Use the same permissions for eeprom as for nvmem
x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning
ixgbe: Prevent u8 wrapping of ITR value to something less than 10us
x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large to fix kexec relocation errors
modules: fix BUG when load module with rodata=n
modules: fix compile error if don't have strict module rwx
UBUNTU: upstream stable to v4.14.145, v4.19.74
HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report
Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
powerpc/mm/radix: Use the right page size for vmemmap mapping
USB: usbcore: Fix slab-out-of-bounds bug during device reset
phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current
media: tm6000: double free if usb disconnect while streaming
xen-netfront: do not assume sk_buff_head list is empty in error handling
net_sched: let qdisc_put() accept NULL pointer
KVM: coalesced_mmio: add bounds checking
firmware: google: check if size is valid when decoding VPD data
serial: sprd: correct the wrong sequence of arguments
tty/serial: atmel: reschedule TX after RX was started
mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
s390/bpf: fix lcgr instruction encoding
ARM: OMAP2+: Fix omap4 errata warning on other SoCs
ARM: dts: dra74x: Fix iodelay configuration for mmc3
s390/bpf: use 32-bit index for tail calls
fpga: altera-ps-spi: Fix getting of optional confd gpio
netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info
NFSv4: Fix return values for nfs4_file_open()
NFSv4: Fix return value in nfs_finish_open()
NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105
qed: Add cleanup in qed_slowpath_start()
ARM: 8874/1: mm: only adjust sections of valid mm structures
batman-adv: Only read OGM2 tvlv_len after buffer len check
r8152: Set memory to all 0xFFs on failed reg reads
x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
netfilter: nf_conntrack_ftp: Fix debug output
NFSv2: Fix eof handling
NFSv2: Fix write regression
kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the first symbol
cifs: set domainName when a domain-key is used in multiuser
cifs: Use kzfree() to zero out the password
ARM: 8901/1: add a criteria for pfn_valid of arm
sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
i2c: designware: Synchronize IRQs when unregistering slave client
perf/x86/intel: Restrict period on Nehalem
perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops
amd-xgbe: Fix error path in xgbe_mod_init()
tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at -O2
tools/power x86_energy_perf_policy: Fix argument parsing
tools/power turbostat: fix buffer overrun
net: seeq: Fix the function used to release some memory in an error handling path
dmaengine: ti: dma-crossbar: Fix a memory leak bug
dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
x86/hyper-v: Fix overflow bug in fill_gva_list()
keys: Fix missing null pointer check in request_key_auth_describe()
iommu/amd: Flush old domains in kdump kernel
iommu/amd: Fix race in increase_address_space()
PCI: kirin: Fix section mismatch warning
floppy: fix usercopy direction
binfmt_elf: move brk out of mmap when doing direct loader exec
tcp: Reset send_head when removing skb from write-queue
tcp: Don't dequeue SYN/FIN-segments from write-queue
media: technisat-usb2: break out of loop at end of buffer
tools: bpftool: close prog FD before exit on showing a single program
netfilter: xt_physdev: Fix spurious error message in physdev_mt_check
ibmvnic: Do not process reset during or after device removal
net: aquantia: fix out of memory condition on rx side
UBUNTU: upstream stable to v4.14.146, v4.19.75

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (23.3 KiB)

This bug was fixed in the package linux - 4.15.0-66.75

---------------
linux (4.15.0-66.75) bionic; urgency=medium

  * bionic/linux: 4.15.0-66.75 -proposed tracker (LP: #1846131)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2018-21008
    - rsi: add fix for crash during assertions

  * ipv6: fix neighbour resolution with raw socket (LP: #1834465)
    - ipv6: constify rt6_nexthop()
    - ipv6: fix neighbour resolution with raw socket

  * run_netsocktests from net in ubuntu_kernel_selftests failed with X-4.15
    (LP: #1842023)
    - SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c

  * No sound inputs from the external microphone and headset on a Dell machine
    (LP: #1842265)
    - ALSA: hda - Expand pin_match function to match upcoming new tbls
    - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family

  * Add -fcf-protection=none when using retpoline flags (LP: #1843291)
    - SAUCE: kbuild: add -fcf-protection=none when using retpoline flags

  * Enhanced Hardware Support - Finalize Naming (LP: #1842774)
    - s390: add support for IBM z15 machines

  * Bionic update: upstream stable patchset 2019-09-24 (LP: #1845266)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having
      linear-headed frag_list
    - net: phylink: Fix flow control resolution
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - btrfs: compression: add helper for type to string conversion
    - btrfs: correctly validate compression type
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist
    - gpio: fix line flag validation in linehandle_create
    - gpio: fix line flag validation in lineevent_create
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - powerpc: Add barrier_nospec to raw_copy_in_user()
    - drm/meson: Add support for XBGR8888 & ABGR8888 formats
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
    - PCI: Always allow probing with driver_override
    - ubifs: Cor...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers