Bionic update: upstream stable patchset 2020-03-23

Bug #1868623 reported by Kamal Mostafa
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2020-03-23

                Ported from the following upstream stable releases:
                        v4.14.173, v4.19.107,

       from git://

iwlwifi: pcie: fix rb_allocator workqueue allocation
ext4: fix potential race between online resizing and write operations
ext4: fix potential race between s_flex_groups online resizing and access
ext4: fix potential race between s_group_info online resizing and access
ipmi:ssif: Handle a possible NULL pointer reference
drm/msm: Set dma maximum segment size for mdss
dax: pass NOWAIT flag to iomap_apply
mac80211: consider more elements in parsing CRC
cfg80211: check wiphy driver existence for drvinfo report
qmi_wwan: re-add DW5821e pre-production variant
qmi_wwan: unconditionally reject 2 ep interfaces
net: ena: fix potential crash when rxfh key is NULL
net: ena: fix uses of round_jiffies()
net: ena: add missing ethtool TX timestamping indication
net: ena: fix incorrect default RSS key
net: ena: rss: fix failure to get indirection table
net: ena: rss: store hash function as values and not bits
net: ena: fix incorrectly saving queue numbers when setting RSS indirection table
net: ena: ethtool: use correct value for crc32 hash
net: ena: ena-com.c: prevent NULL pointer dereference
cifs: Fix mode output in debugging statements
cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
sysrq: Restore original console_loglevel when sysrq disabled
sysrq: Remove duplicated sysrq message
net: fib_rules: Correctly set table field when table number exceeds 8 bits
net: phy: restore mdio regs in the iproc mdio driver
nfc: pn544: Fix occasional HW initialization failure
sctp: move the format error check out of __sctp_sf_do_9_1_abort
ipv6: Fix nlmsg_flags when splitting a multipath route
ipv6: Fix route replacement with dev-only route
qede: Fix race between rdma destroy workqueue and link change event
net: sched: correct flower port blocking
ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
audit: fix error handling in audit_data_to_entry()
ACPI: watchdog: Fix gas->access_width usage
KVM: VMX: check descriptor table exits on instruction emulation
HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock
HID: core: fix off-by-one memset in hid_report_raw_event()
HID: core: increase HID report buffer size to 8KiB
tracing: Disable trace_printk() on post poned tests
Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"
HID: hiddev: Fix race in in hiddev_disconnect()
MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'
i2c: altera: Fix potential integer overflow
i2c: jz4780: silence log flood on txabrt
drm/i915/gvt: Separate display reset from ALL_ENGINES reset
usb: charger: assign specific number for enum value
ecryptfs: Fix up bad backport of fe2e082f5da5b4a0a92ae32978f81507ef37ec66
net: netlink: cap max groups which will be considered in netlink_bind()
net: atlantic: fix potential error handling
net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
namei: only return -ECHILD from follow_dotdot_rcu()
mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame()
KVM: SVM: Override default MMIO mask if memory encryption is enabled
KVM: Check for a bad hva before dropping into the ghc slow path
drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()'
kprobes: Set unoptimized flag after unoptimizing code
perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc
mm/huge_memory.c: use head to check huge zero page
mm, thp: fix defrag setting if newline is not used
audit: always check the netlink payload length in audit_receive_msg()
vhost: Check docket sk_family instead of call getname
EDAC/amd64: Set grain per DIMM
net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec
RDMA/core: Fix pkey and port assignment in get_new_pps
RDMA/core: Fix use of logical OR in get_new_pps
kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic
serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE
selftests: fix too long argument
usb: gadget: composite: Support more than 500mA MaxPower
usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
usb: gadget: serial: fix Tx stall after buffer overflow
drm/msm/mdp5: rate limit pp done timeout warnings
drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI
drm/msm/dsi: save pll state before dsi host is powered off
net: ks8851-ml: Remove 8-bit bus accessors
net: ks8851-ml: Fix 16-bit data access
net: ks8851-ml: Fix 16-bit IO operation
watchdog: da9062: do not ping the hw during stop()
s390/cio: cio_ignore_proc_seq_next should increase position index
x86/boot/compressed: Don't declare __force_order in kaslr_64.c
nvme: Fix uninitialized-variable warning
x86/xen: Distribute switch variables for initialization
net: thunderx: workaround BGX TX Underflow issue
cifs: don't leak -EAGAIN for stat() during reconnect
usb: storage: Add quirk for Samsung Fit flash
usb: quirks: add NO_LPM quirk for Logitech Screen Share
usb: core: hub: fix unhandled return by employing a void function
usb: core: hub: do error out if usb_autopm_get_interface() fails
usb: core: port: do error out if usb_autopm_get_interface() fails
vgacon: Fix a UAF in vgacon_invert_region
mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa
fat: fix uninit-memory access for partial initialized inode
arm: dts: dra76x: Fix mmc3 max-frequency
tty:serial:mvebu-uart:fix a wrong return
serial: 8250_exar: add support for ACCES cards
vt: selection, close sel_buffer race
vt: selection, push console lock down
vt: selection, push sel_lock up
x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes
dmaengine: tegra-apb: Fix use-after-free
dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list
dm cache: fix a crash due to incorrect work item cancelling
ARM: dts: ls1021a: Restore MDIO compatible to gianfar
ASoC: topology: Fix memleak in soc_tplg_link_elems_load()
ASoC: intel: skl: Fix pin debug prints
ASoC: intel: skl: Fix possible buffer overflow in debug outputs
ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path
ASoC: dapm: Correct DAPM handling of active widgets during shutdown
RDMA/iwcm: Fix iwcm work deallocation
RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
IB/hfi1, qib: Ensure RCU is locked when accessing list
ARM: imx: build v7_cpu_resume() unconditionally
hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems
dm integrity: fix a deadlock due to offloading to an incorrect workqueue
xhci: handle port status events for removed USB3 hcd
ASoC: topology: Fix memleak in soc_tplg_manifest_load()
ALSA: hda/realtek - Apply quirk for MSI GP63, too
ALSA: hda/realtek - Apply quirk for yet another MSI laptop
USB: core: add endpoint-blacklist quirk
USB: quirks: blacklist duplicate ep on Sound Devices USBPre2
powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery
jbd2: fix ocfs2 corrupt when clearing block group bits
x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF
genirq/irqdomain: Make sure all irq domain flags are distinct
btrfs: reset fs_root to NULL on error in open_ctree
usb: dwc2: Fix in ISOC request length checking
rxrpc: Fix call RCU cleanup using non-bh-safe locks
s390/zcrypt: fix card and queue total counter wrap
ARM: dts: sti: fixup sound frame-inversion for stihxxx-b2120.dtsi
macintosh: therm_windtunnel: fix regression when instantiating devices
HID: alps: Fix an error handling path in 'alps_input_configured()'
hv_netvsc: Fix unwanted wakeup in netvsc_attach()
s390/qeth: vnicc Fix EOPNOTSUPP precedence
net: atlantic: fix use after free kasan warn
sched/fair: Optimize update_blocked_averages()
sched/fair: Fix O(nr_cgroups) in the load balancing path
KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path
KVM: x86: Remove spurious clearing of async #PF MSR
thermal: brcmstb_thermal: Do not use DT coefficients
scsi: megaraid_sas: silence a warning
net: dsa: b53: Ensure the default VID is untagged
s390: make 'install' not depend on vmlinux
s390/qdio: fill SL with absolute addresses
ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master
efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper
efi/x86: Handle by-ref arguments covering multiple pages in mixed mode
scsi: pm80xx: Fixed kernel panic during error recovery for SATA drive
UBUNTU: upstream stable to v4.14.173, v4.19.109

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
description: updated
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.15.0-99.100

linux (4.15.0-99.100) bionic; urgency=medium

  * CVE-2020-11884
    - SAUCE: s390/mm: fix page table upgrade vs 2ndary address mode accesses

 -- Marcelo Henrique Cerri <email address hidden> Wed, 22 Apr 2020 15:31:14 -0300

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers