Bionic update: upstream stable patchset 2020-02-04

Bug #1861934 reported by Kamal Mostafa on 2020-02-04
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2020-02-04

                Ported from the following upstream stable releases:
                        v4.14.165, v4.19.96,
                        v4.14.166, v4.19.97

       from git://git.kernel.org/

chardev: Avoid potential use-after-free in 'chrdev_open()'
usb: chipidea: host: Disable port power only if previously enabled
ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
ALSA: hda/realtek - Add new codec supported for ALCS1200A
ALSA: hda/realtek - Set EAPD control to default for ALC222
kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail
tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined
HID: Fix slab-out-of-bounds read in hid_field_extract
HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode
can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs
gpiolib: acpi: Turn dmi_system_id table into a generic quirk table
gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism
staging: vt6656: set usb_set_intfdata on driver fail.
USB: serial: option: add ZLP support for 0x1bc7/0x9010
usb: musb: fix idling for suspend after disconnect interrupt
usb: musb: Disable pullup at init
usb: musb: dma: Correct parameter passed to IRQ handler
staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713
HID: hid-input: clear unmapped usages
Input: add safety guards to input_set_keycode()
drm/fb-helper: Round up bits_per_pixel if possible
drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ
staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21
tty: link tty and port before configuring it as console
tty: always relink the port
mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
scsi: bfa: release allocated memory in case of error
rtl8xxxu: prevent leaking urb
arm64: cpufeature: Avoid warnings due to unused symbols
HID: hiddev: fix mess in hiddev_open()
USB: Fix: Don't skip endpoint descriptors with maxpacket=0
phy: cpcap-usb: Fix error path when no host driver is loaded
phy: cpcap-usb: Fix flakey host idling and enumerating of devices
netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen
tracing: Change offset type to s32 in preempt/irq tracepoints
serdev: Don't claim unsupported ACPI serial devices
netfilter: conntrack: dccp, sctp: handle null timeout argument
UBUNTU: upstream stable to v4.14.165, v4.19.96
hidraw: Return EPOLLOUT from hidraw_poll
HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
HID: hidraw, uhid: Always report EPOLLOUT
ethtool: reduce stack usage with clang
fs/select: avoid clang stack usage warning
arm64: don't open code page table entry creation
arm64: mm: Change page table pointer name in p[md]_set_huge()
arm64: Enforce BBM for huge IO/VMAP mappings
arm64: Make sure permission updates happen for pmd/pud
media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
wimax: i2400: fix memory leak
wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
iwlwifi: dbg_ini: fix memory leak in alloc_sgtable
rtc: mt6397: fix alarm register overwrite
RDMA/bnxt_re: Fix Send Work Entry state check while polling completions
ASoC: stm32: spdifrx: fix inconsistent lock state
ASoC: stm32: spdifrx: fix race condition in irq handler
gpio: zynq: Fix for bug in zynq_gpio_restore_context API
iommu: Remove device link to group on failure
gpio: Fix error message on out-of-range GPIO in lookup table
hsr: reset network header when supervision frame is created
cifs: Adjust indentation in smb2_open_file
btrfs: simplify inode locking for RWF_NOWAIT
RDMA/mlx5: Return proper error value
RDMA/srpt: Report the SCSI residual to the initiator
scsi: enclosure: Fix stale device oops with hot replug
scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
xprtrdma: Fix completion wait during device removal
NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn
iio: imu: adis16480: assign bias value only if operation succeeded
mei: fix modalias documentation
clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume
pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call
pinctrl: lewisburg: Update pin list according to v1.1v6
scsi: sd: enable compat ioctls for sed-opal
arm64: dts: apq8096-db820c: Increase load on l21 for SDCARD
af_unix: add compat_ioctl support
compat_ioctl: handle SIOCOUTQNSD
PCI/PTM: Remove spurious "d" from granularity message
powerpc/powernv: Disable native PCIe port management
tty: serial: imx: use the sg count from dma_map_sg
tty: serial: pch_uart: correct usage of dma_unmap_sg
media: ov6650: Fix incorrect use of JPEG colorspace
media: ov6650: Fix some format attributes not under control
media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
media: exynos4-is: Fix recursive locking in isp_video_release()
mtd: spi-nor: fix silent truncation in spi_nor_read()
mtd: spi-nor: fix silent truncation in spi_nor_read_raw()
spi: atmel: fix handling of cs_change set on non-last xfer
rtlwifi: Remove unnecessary NULL check in rtl_regd_init
f2fs: fix potential overflow
rtc: msm6242: Fix reading of 10-hour digit
gpio: mpc8xxx: Add platform device to gpiochip->parent
scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
rseq/selftests: Turn off timeout setting
mips: cacheinfo: report shared CPU map
MIPS: Prevent link failure with kcov instrumentation
dmaengine: k3dma: Avoid null pointer traversal
ioat: ioat_alloc_ring() failure handling.
hexagon: parenthesize registers in asm predicates
hexagon: work around compiler crash
ocfs2: call journal flush to mark journal as empty after journal recovery when mount
s390/qeth: Fix vnicc_is_in_use if rx_bcast not set
drm/ttm: fix start page for huge page check in ttm_put_pages()
drm/ttm: fix incrementing the page pointer for huge pages
crypto: virtio - implement missing support for output IVs
iommu/mediatek: Correct the flush_iotlb_all callback
rtc: brcmstb-waketimer: add missed clk_disable_unprepare
UBUNTU: upstream stable to v4.14.166, v4.19.97

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (44.4 KiB)

This bug was fixed in the package linux - 4.15.0-91.92

---------------
linux (4.15.0-91.92) bionic; urgency=medium

  * bionic/linux: 4.15.0-91.92 -proposed tracker (LP: #1865109)

  * CVE-2020-2732
    - KVM: x86: emulate RDPID
    - KVM: nVMX: Don't emulate instructions in guest mode
    - KVM: nVMX: Refactor IO bitmap checks into helper function
    - KVM: nVMX: Check IO instruction VM-exit conditions

linux (4.15.0-90.91) bionic; urgency=medium

  * bionic/linux: 4.15.0-90.91 -proposed tracker (LP: #1864753)

  * dkms artifacts may expire from the pool (LP: #1850958)
    - [Packaging] autoreconstruct -- manage executable debian files
    - [packaging] handle downloads from the librarian better

linux (4.15.0-90.90) bionic; urgency=medium

  * bionic/linux: 4.15.0-90.90 -proposed tracker (LP: #1864753)

  * vm-segv from ubuntu_stress_smoke_test failed on B (LP: #1864063)
    - Revert "apparmor: don't try to replace stale label in ptrace access check"

linux (4.15.0-89.89) bionic; urgency=medium

  * bionic/linux: 4.15.0-89.89 -proposed tracker (LP: #1863350)

  * [SRU][B/OEM-B] Fix multitouch support on some devices (LP: #1862567)
    - HID: core: move the dynamic quirks handling in core
    - HID: quirks: move the list of special devices into a quirk
    - HID: core: move the list of ignored devices in hid-quirks.c
    - HID: core: remove the absolute need of hid_have_special_driver[]

  * [linux] Patch to prevent possible data corruption (LP: #1848739)
    - blk-mq: silence false positive warnings in hctx_unlock()

  * Add bpftool to linux-tools-common (LP: #1774815)
    - tools/bpftool: fix bpftool build with bintutils >= 2.9
    - bpftool: make libbfd optional
    - [Debian] Remove binutils-dev build dependency
    - [Debian] package bpftool in linux-tools-common

  * Root can lift kernel lockdown via USB/IP (LP: #1861238)
    - Revert "UBUNTU: SAUCE: (efi-lockdown) Add a SysRq option to lift kernel
      lockdown"

  * [Bionic] i915 incomplete fix for CVE-2019-14615 (LP: #1862840) //
    CVE-2020-8832
    - drm/i915: Use same test for eviction and submitting kernel context
    - drm/i915: Define an engine class enum for the uABI
    - drm/i915: Force the switch to the i915->kernel_context
    - drm/i915: Move GT powersaving init to i915_gem_init()
    - drm/i915: Move intel_init_clock_gating() to i915_gem_init()
    - drm/i915: Inline intel_modeset_gem_init()
    - drm/i915: Mark the context state as dirty/written
    - drm/i915: Record the default hw state after reset upon load

  * Bionic update: upstream stable patchset 2020-02-12 (LP: #1863019)
    - xfs: Sanity check flags of Q_XQUOTARM call
    - mfd: intel-lpss: Add default I2C device properties for Gemini Lake
    - powerpc/archrandom: fix arch_get_random_seed_int()
    - tipc: fix wrong timeout input for tipc_wait_for_cond()
    - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
    - crypto: sun4i-ss - fix big endian issues
    - drm/sti: do not remove the drm_bridge that was never added
    - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
    - ALSA: hda: fix unused variable warning
    - apparmor: don't try to replace stale label in ptrace access chec...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers