Xenial update: 4.4.217 upstream stable release

Bug #1868629 reported by Khaled El Mously
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned

Bug Description

    SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.4.217 upstream stable release
       from git://git.kernel.org/

Linux 4.4.217
ipv4: ensure rcu_read_lock() in cipso_v4_error()
mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
ARM: 8958/1: rename missed uaccess .fixup section
ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional()
jbd2: fix data races at struct journal_head
signal: avoid double atomic counter increments for user accounting
net: ks8851-ml: Fix IRQ handling and locking
perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag
batman-adv: Don't schedule OGM for disabled interface
batman-adv: Avoid free/alloc race when handling OGM buffer
batman-adv: Only read OGM tvlv_len after buffer len check
batman-adv: Reduce tt_global hash refcnt only for removed entry
batman-adv: Reduce tt_local hash refcnt only for removed entry
batman-adv: Reduce claim hash refcnt only for removed entry
batman-adv: Prevent duplicated tvlv handler
batman-adv: Prevent duplicated global TT entry
batman-adv: Prevent duplicated nc_node entry
batman-adv: Prevent duplicated gateway_node entry
batman-adv: Avoid storing non-TT-sync flags on singular entries too
batman-adv: Fix debugfs path for renamed softif
batman-adv: Fix debugfs path for renamed hardif
batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs
batman-adv: Fix TT sync flags for intermediate TT responses
batman-adv: Avoid race in TT TVLV allocator helper
batman-adv: Fix skbuff rcsum on packet reroute
batman-adv: update data pointers after skb_cow()
batman-adv: Fix internal interface indices types
batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq
batman-adv: fix TT sync flag inconsistencies
batman-adv: Fix rx packet/bytes stats on local ARP reply
batman-adv: Fix transmission of final, 16th fragment
batman-adv: Fix double free during fragment merge error
batman-adv: Add missing refcnt for last_candidate
batman-adv: Fix speedy join in gateway client mode
batman-adv: Free last_bonding_candidate on release of orig_node
batman-adv: Fix reference leak in batadv_find_router
batman-adv: Fix non-atomic bla_claim::backbone_gw access
batman-adv: lock crc access in bridge loop avoidance
batman-adv: Fix orig_node_vlan leak on orig_node_release
batman-adv: Avoid nullptr dereference in dat after vlan_insert_tag
batman-adv: Avoid nullptr dereference in bla after vlan_insert_tag
batman-adv: Clean up untagged vlan when destroying via rtnl-link
batman-adv: Fix ICMP RR ethernet access after skb_linearize
batman-adv: Fix use-after-free/double-free of tt_req_node
batman-adv: fix skb deref after free
batman-adv: Avoid duplicate neigh_node additions
batman-adv: Fix reference counting of vlan object for tt_local_entry
batman-adv: Drop reference to netdevice on last reference
batman-adv: Deactivate TO_BE_ACTIVATED hardif on shutdown
batman-adv: init neigh node last seen field
batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq
batman-adv: Fix unexpected free of bcast_own on add_if error
batman-adv: Avoid endless loop in bat-on-bat netdevice check
batman-adv: Only put orig_node_vlan list reference when removed
batman-adv: Only put gw_node list reference when removed
batman-adv: Fix invalid read while copying bat_iv.bcast_own
efi: Add a sanity check to efivar_store_raw()
ipv6: restrict IPV6_ADDRFORM operation
mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
iommu/vt-d: Ignore devices with out-of-spec domain number
iommu/vt-d: Fix the wrong printing in RHSA parsing
netfilter: cthelper: add missing attribute validation for cthelper
nl80211: add missing attribute validation for channel switch
nl80211: add missing attribute validation for critical protocol indication
iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
efi: Fix a race and a buffer overflow while reading efivars via sysfs
ARC: define __ALIGN_STR and __ALIGN symbols for ARC
KVM: x86: clear stale x86_emulate_ctxt->intercept value
gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
drm/amd/display: remove duplicated assignment to grph_obj_type
iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint
net: fq: add missing attribute validation for orphan mask
bonding/alb: make sure arp header is pulled before accessing it
slip: make slhc_compress() more robust against malicious packets
net: fec: validate the new settings in fec_enet_set_coalesce()
macvlan: add cond_resched() during multicast processing
ipvlan: don't deref eth hdr before checking it's set
ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
ipvlan: egress mcast packets are not exceptional
ipvlan: do not add hardware address of master to its unicast filter list
ipvlan: add cond_resched_rcu() while processing muticast backlog
nfc: add missing attribute validation for vendor subcommand
nfc: add missing attribute validation for SE API
team: add missing attribute validation for array index
team: add missing attribute validation for port ifindex
nl802154: add missing attribute validation for dev_type
nl802154: add missing attribute validation
fib: add missing attribute validation for tun_id
bnxt_en: reinitialize IRQs when MTU is modified
net: nfc: fix bounds checking bugs on "pipe"
r8152: check disconnect status after long sleep
NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Revision history for this message
Khaled El Mously (kmously) wrote :

Skipped:
 - mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (Stefan applied that as a SAUCE patch, but it's basically identical)

Changed in linux (Ubuntu Xenial):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (17.6 KiB)

This bug was fixed in the package linux - 4.4.0-178.208

---------------
linux (4.4.0-178.208) xenial; urgency=medium

  * xenial/linux: 4.4.0-178.208 -proposed tracker (LP: #1870660)

  * CVE-2019-19768
    - blktrace: Protect q->blk_trace with RCU
    - blktrace: fix dereference after null check

  * Multiple Kexec in AWS Nitro instances fail (LP: #1869948)
    - net: ena: Add PCI shutdown handler to allow safe kexec

  * Insert test_bpf module will report 4 failures for ubuntu_bpf_jit on X s390x
    (LP: #1768452)
    - test_bpf: flag tests that cannot be jited on s390

  * Mounting LVM snapshots with xfs can hit kernel BUG in nvme driver
    (LP: #1869229)
    - block: fix bio_will_gap() for first bvec with offset

  * Xenial update: 4.4.217 upstream stable release (LP: #1868629)
    - NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array
    - r8152: check disconnect status after long sleep
    - net: nfc: fix bounds checking bugs on "pipe"
    - bnxt_en: reinitialize IRQs when MTU is modified
    - fib: add missing attribute validation for tun_id
    - nl802154: add missing attribute validation
    - nl802154: add missing attribute validation for dev_type
    - team: add missing attribute validation for port ifindex
    - team: add missing attribute validation for array index
    - nfc: add missing attribute validation for SE API
    - nfc: add missing attribute validation for vendor subcommand
    - ipvlan: add cond_resched_rcu() while processing muticast backlog
    - ipvlan: do not add hardware address of master to its unicast filter list
    - ipvlan: egress mcast packets are not exceptional
    - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
    - ipvlan: don't deref eth hdr before checking it's set
    - macvlan: add cond_resched() during multicast processing
    - net: fec: validate the new settings in fec_enet_set_coalesce()
    - slip: make slhc_compress() more robust against malicious packets
    - bonding/alb: make sure arp header is pulled before accessing it
    - net: fq: add missing attribute validation for orphan mask
    - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn +
      add_taint
    - drm/amd/display: remove duplicated assignment to grph_obj_type
    - gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
    - KVM: x86: clear stale x86_emulate_ctxt->intercept value
    - ARC: define __ALIGN_STR and __ALIGN symbols for ARC
    - efi: Fix a race and a buffer overflow while reading efivars via sysfs
    - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
    - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
    - nl80211: add missing attribute validation for critical protocol indication
    - nl80211: add missing attribute validation for channel switch
    - netfilter: cthelper: add missing attribute validation for cthelper
    - iommu/vt-d: Fix the wrong printing in RHSA parsing
    - iommu/vt-d: Ignore devices with out-of-spec domain number
    - ipv6: restrict IPV6_ADDRFORM operation
    - efi: Add a sanity check to efivar_store_raw()
    - batman-adv: Fix invalid read while copying bat_iv.bcast_own
    - batman-adv: Only p...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers