Xenial update: 4.4.196 upstream stable release

Bug #1848598 reported by Connor Kuehl on 2019-10-17
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Connor Kuehl

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* video: ssd1307fb: Start page range at page_offset
* gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
* ipmi_si: Only schedule continuously in the thread in maintenance mode
* clk: qoriq: Fix -Wunused-const-variable
* clk: sirf: Don't reference clk_init_data after registration
* powerpc/rtas: use device model APIs and serialization during LPM
* powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
* powerpc/pseries/mobility: use cond_resched when updating device tree
* pinctrl: tegra: Fix write barrier placement in pmx_writel
* vfio_pci: Restore original state on release
* powerpc/64s/exception: machine check use correct cfar for late handler
* powerpc/pseries: correctly track irq state in default idle
* scsi: core: Reduce memory required for SCSI logging
* mfd: intel-lpss: Remove D3cold delay
* ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
* HID: apple: Fix stuck function keys when using FN
* security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
* fat: work around race with userspace's read via blockdev while mounting
* hypfs: Fix error number left in struct pointer member
* ocfs2: wait for recovering done after direct unlock request
* kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
* ANDROID: binder: remove waitqueue when thread exits.
* ANDROID: binder: synchronize_rcu() when using POLLFREE.
* hso: fix NULL-deref on tty open
* ipv6: drop incoming packets having a v4mapped source address
* net: ipv4: avoid mixed n_redirects and rate_tokens usage
* net: qlogic: Fix memory leak in ql_alloc_large_buffers
* nfc: fix memory leak in llcp_sock_bind()
* sch_dsmark: fix potential NULL deref in dsmark_init()
* xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
* net/rds: Fix error handling in rds_ib_add_one()
* sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
* Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
* smack: use GFP_NOFS while holding inode_smack::smk_lock
* NFC: fix attrs checks in netlink interface
* Linux 4.4.196

       4.4.196 upstream stable release
       from git://git.kernel.org/

Connor Kuehl (connork) on 2019-10-17
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
assignee: nobody → Connor Kuehl (connork)
status: New → Confirmed
Connor Kuehl (connork) on 2019-10-18
description: updated
Changed in linux (Ubuntu Xenial):
status: Confirmed → In Progress
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (18.6 KiB)

This bug was fixed in the package linux - 4.4.0-168.197

---------------
linux (4.4.0-168.197) xenial; urgency=medium

  * CVE-2018-12207
    - KVM: x86: MMU: Encapsulate the type of rmap-chain head in a new struct
    - KVM: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault()
    - KVM: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault()
    - KVM: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed
    - KVM: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage
    - KVM: x86: MMU: Make mmu_set_spte() return emulate value
    - KVM: x86: MMU: Move initialization of parent_ptes out from
      kvm_mmu_alloc_page()
    - KVM: x86: MMU: always set accessed bit in shadow PTEs
    - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to
      link_shadow_page()
    - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page()
    - KVM: x86: simplify ept_misconfig
    - KVM: x86: extend usage of RET_MMIO_PF_* constants
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: i915_bpo: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: i915_bpo: drm/i915/gen8+: Add RC6 CTX corruption WA
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - SAUCE: i915_bpo: drm/i915/gtt: Add read only pages to gen8_pte_encode
    - SAUCE: i915_bpo: drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - SAUCE: i915_bpo: drm/i915/gtt: Disable read-on...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers