Xenial update: 4.4.199 upstream stable release

Bug #1851549 reported by Connor Kuehl on 2019-11-06
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Connor Kuehl

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* scsi: ufs: skip shutdown if hba is not powered
* scsi: megaraid: disable device when probe failed after enabled device
* scsi: qla2xxx: Fix unbound sleep in fcport delete path.
* ARM: OMAP2+: Fix missing reset done flag for am3 and am43
* ARM: dts: am4372: Set memory bandwidth limit for DISPC
* nl80211: fix null pointer dereference
* mips: Loongson: Fix the link time qualifier of 'serial_exit()'
* net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
* namespace: fix namespace.pl script to support relative paths
* loop: Add LOOP_SET_DIRECT_IO to compat ioctl
* net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
* net: bcmgenet: Set phydev->dev_flags only for internal PHYs
* sctp: change sctp_prot .no_autobind with true
* net: avoid potential infinite loop in tc_ctl_action()
* ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
* memfd: Fix locking when tagging pins
* USB: legousbtower: fix memleak on disconnect
* usb: udc: lpc32xx: fix bad bit shift operation
* USB: serial: ti_usb_3410_5052: fix port-close races
* USB: ldusb: fix memleak on disconnect
* USB: usblp: fix use-after-free on disconnect
* USB: ldusb: fix read info leaks
* scsi: core: try to get module before removing device
* ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
* cfg80211: wext: avoid copying malformed SSIDs
* mac80211: Reject malformed SSID elements
* drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
* scsi: zfcp: fix reaction on bit error threshold notification
* mm/slub: fix a deadlock in show_slab_objects()
* xtensa: drop EXPORT_SYMBOL for outs*/ins*
* parisc: Fix vmap memory leak in ioremap()/iounmap()
* CIFS: avoid using MID 0xFFFF
* btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
* memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
* cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
* xen/netback: fix error path of xenvif_connect_data()
* PCI: PM: Fix pci_power_up()
* net: sched: Fix memory exposure from short TCA_U32_SEL
* RDMA/cxgb4: Do not dma memory off of the stack
* Linux 4.4.198
* UBUNTU: upstream stable to v4.4.198
* dm snapshot: use mutex instead of rw_semaphore
* dm snapshot: introduce account_start_copy() and account_end_copy()
* dm snapshot: rework COW throttling to fix deadlock
* dm: Use kzalloc for all structs with embedded biosets/mempools
* sc16is7xx: Fix for "Unexpected interrupt: 8"
* x86/cpu: Add Atom Tremont (Jacobsville)
* scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
* usb: handle warm-reset port requests on hub resume
* exec: load_script: Do not exec truncated interpreter path
* iio: fix center temperature of bmc150-accel-core
* perf map: Fix overlapped map handling
* RDMA/iwcm: Fix a lock inversion issue
* fs: cifs: mute -Wunused-const-variable message
* serial: mctrl_gpio: Check for NULL pointer
* efi/cper: Fix endianness of PCIe class code
* efi/x86: Do not clean dummy variable in kexec path
* fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
* fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
* MIPS: fw: sni: Fix out of bounds init of o32 stack
* NFSv4: Fix leak of clp->cl_acceptor string
* tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
* USB: legousbtower: fix a signedness bug in tower_probe()
* thunderbolt: Use 32-bit writes when writing ring producer/consumer
* fuse: flush dirty data/metadata before non-truncate setattr
* fuse: truncate pending writes on O_TRUNC
* ALSA: bebob: Fix prototype of helper function to return negative value
* UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
* USB: gadget: Reject endpoints with 0 maxpacket value
* USB: ldusb: fix ring-buffer locking
* USB: ldusb: fix control-message timeout
* USB: serial: whiteheat: fix potential slab corruption
* USB: serial: whiteheat: fix line-speed endianness
* HID: Fix assumption that devices have inputs
* HID: fix error message in hid_open_report()
* nl80211: fix validation of mesh path nexthop
* s390/cmm: fix information leak in cmm_timeout_handler()
* llc: fix sk_buff leak in llc_sap_state_process()
* llc: fix sk_buff leak in llc_conn_service()
* bonding: fix potential NULL deref in bond_update_slave_arr
* net: usb: sr9800: fix uninitialized local variable
* sch_netem: fix rcu splat in netem_enqueue()
* sctp: fix the issue that flags are ignored when using kernel_connect
* sctp: not bind the socket in sctp_connect
* xfs: Correctly invert xfs_buftarg LRU isolation logic
* Revert "ALSA: hda: Flush interrupts on disabling"
* Linux 4.4.199
* UBUNTU: upstream stable to v4.4.199

       4.4.199 upstream stable release
       from git://git.kernel.org/

CVE References

Connor Kuehl (connork) on 2019-11-06
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Critical
importance: Critical → Medium
assignee: nobody → Connor Kuehl (connork)
Connor Kuehl (connork) wrote :

These patches were skipped as they have already been applied:

* ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
* rtlwifi: Fix potential overflow on P2P code

Connor Kuehl (connork) on 2019-11-06
description: updated
Connor Kuehl (connork) on 2019-11-14
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (12.8 KiB)

This bug was fixed in the package linux - 4.4.0-170.199

---------------
linux (4.4.0-170.199) xenial; urgency=medium

  * xenial/linux: 4.4.0-170.199 -proposed tracker (LP: #1852306)

  * update ENA driver to version 2.1.0 (LP: #1850175)
    - net: ena: fix: set freed objects to NULL to avoid failing future allocations
    - net: ena: fix swapped parameters when calling
      ena_com_indirect_table_fill_entry
    - net: ena: fix: Free napi resources when ena_up() fails
    - net: ena: fix incorrect test of supported hash function
    - net: ena: fix return value of ena_com_config_llq_info()
    - net: ena: improve latency by disabling adaptive interrupt moderation by
      default
    - net: ena: fix ena_com_fill_hash_function() implementation
    - net: ena: add handling of llq max tx burst size
    - net: ena: ethtool: add extra properties retrieval via get_priv_flags
    - net: ena: replace free_tx/rx_ids union with single free_ids field in
      ena_ring
    - net: ena: arrange ena_probe() function variables in reverse christmas tree
    - net: ena: add newline at the end of pr_err prints
    - net: ena: allow automatic fallback to polling mode
    - net: ena: add support for changing max_header_size in LLQ mode
    - net: ena: optimise calculations for CQ doorbell
    - net: ena: add good checksum counter
    - net: ena: use dev_info_once instead of static variable
    - net: ena: add MAX_QUEUES_EXT get feature admin command
    - net: ena: enable negotiating larger Rx ring size
    - net: ena: make ethtool show correct current and max queue sizes
    - net: ena: allow queue allocation backoff when low on memory
    - net: ena: add ethtool function for changing io queue sizes
    - net: ena: remove inline keyword from functions in *.c
    - net: ena: update driver version from 2.0.3 to 2.1.0
    - net: ena: Fix bug where ring allocation backoff stopped too late
    - Revert "net: ena: ethtool: add extra properties retrieval via
      get_priv_flags"
    - net: ena: don't wake up tx queue when down
    - net: ena: clean up indentation issue

  * Bionic update: upstream stable patchset 2019-08-01 (LP: #1838700) // update
    ENA driver to version 2.1.0 (LP: #1850175)
    - net: ena: gcc 8: fix compilation warning

  * Skip frame when buffer overflow on UVC camera (LP: #1849871)
    - media: uvcvideo: Mark buffer error where overflow

  * CVE-2018-20784
    - sched/fair: Fix infinite loop in update_blocked_averages() by reverting
      a9e7f6544b9c
    - sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list
    - sched/fair: Add tmp_alone_branch assertion
    - sched/fair: Fix insertion in rq->leaf_cfs_rq_list
    - sched/fair: Optimize update_blocked_averages()
    - sched/fair: Fix O(nr_cgroups) in the load balancing path

  * Xenial update: 4.4.200 upstream stable release (LP: #1852110)
    - kbuild: add -fcf-protection=none when using retpoline flags
    - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
    - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe()
      could be uninitialized
    - ASoc: rockchip: i2s: Fix RPM imbalance
    - ARM: dts: logicpd-torpedo-som: Remove tw...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers