Xenial update: 4.4.220 upstream stable release

Bug #1875905 reported by Ian on 2020-04-29
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.4.220 upstream stable release
       from git://git.kernel.org/

The following patches from the 4.4.220 stable release shall be applied:
* bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
* net: vxge: fix wrong __VA_ARGS__ usage
* qlcnic: Fix bad kzalloc null test
* i2c: st: fix missing struct parameter description
* irqchip/versatile-fpga: Handle chained IRQs properly
* selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
* libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
* gfs2: Don't demote a glock until its revokes are written
* x86/boot: Use unsigned comparison for addresses
* locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
* btrfs: remove a BUG_ON() from merge_reloc_roots()
* btrfs: track reloc roots based on their commit root bytenr
* misc: rtsx: set correct pcr_ops for rts522A
* ASoC: fix regwmask
* ASoC: dapm: connect virtual mux with default value
* ASoC: dpcm: allow start or stop during pause for backend
* ASoC: topology: use name_prefix for new kcontrol
* usb: gadget: f_fs: Fix use after free issue as part of queue failure
* usb: gadget: composite: Inform controller driver of self-powered
* ALSA: usb-audio: Add mixer workaround for TRX40 and co
* ALSA: hda: Add driver blacklist
* ALSA: hda: Fix potential access overflow in beep helper
* ALSA: ice1724: Fix invalid access for enumerated ctl items
* ALSA: pcm: oss: Fix regression by buffer overflow fix
* acpi/x86: ignore unspecified bit positions in the ACPI global lock field
* thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
* KEYS: reaching the keys quotas correctly
* irqchip/versatile-fpga: Apply clear-mask earlier
* MIPS: OCTEON: irq: Fix potential NULL pointer dereference
* ath9k: Handle txpower changes even when TPC is disabled
* signal: Extend exec_id to 64bits
* x86/entry/32: Add missing ASM_CLAC to general_protection entry
* KVM: x86: Allocate new rmap and large page tracking when moving memslot
* crypto: mxs-dcp - fix scatterlist linearization for hash
* futex: futex_wake_op, do not fail on invalid op
* xen-netfront: Rework the fix for Rx stall during OOM and network stress
* ALSA: hda: Initialize power_state field properly
* Btrfs: incremental send, fix invalid memory access
* IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush
* scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point
* arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
* ext4: fix a data race at inode->i_blocks
* ocfs2: no need try to truncate file beyond i_size
* s390/diag: fix display of diagnose call statistics
* Input: i8042 - add Acer Aspire 5738z to nomux list
* kmod: make request_module() return an error when autoloading is disabled
* hfsplus: fix crash and filesystem corruption when deleting files
* libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set
* powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
* Btrfs: fix crash during unmount due to race with delayed inode workers
* drm/dp_mst: Fix clearing payload state on topology disable
* ipmi: fix hung processes in __get_guid()
* powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
* misc: echo: Remove unnecessary parentheses and simplify check for zero
* mfd: dln2: Fix sanity checking for endpoints
* net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
* net: ipv6: do not consider routes via gateways for anycast address check
* scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
* jbd2: improve comments about freeing data buffers whose page mapping is NULL
* ext4: fix incorrect group count in ext4_fill_super error message
* ext4: fix incorrect inodes per group in error message
* ASoC: Intel: mrfld: fix incorrect check on p->sink
* ASoC: Intel: mrfld: return error codes when an error occurs
* ALSA: usb-audio: Don't override ignore_ctl_error value from the map
* mac80211_hwsim: Use kstrndup() in place of kasprintf()
* ext4: do not zeroout extents beyond i_disksize
* dm flakey: check for null arg_name in parse_features()
* kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
* x86/mitigations: Clear CPU buffers on the SYSCALL fast path
* tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation
* scsi: sg: add sg_remove_request in sg_common_write
* ALSA: hda: Don't release card at firmware loading error
* video: fbdev: sis: Remove unnecessary parentheses and commented code
* drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
* wil6210: increase firmware ready timeout
* wil6210: fix temperature debugfs
* scsi: ufs: ufs-qcom: remove broken hci version quirk
* wil6210: rate limit wil_rx_refill error
* rtc: pm8xxx: Fix issue in RTC write path
* soc: qcom: smem: Use le32_to_cpu for comparison
* of: fix missing kobject init for !SYSFS && OF_DYNAMIC config
* of: unittest: kmemleak in of_unittest_platform_populate()
* clk: at91: usb: continue if clk_hw_round_rate() return zero
* clk: tegra: Fix Tegra PMC clock out parents
* NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
* ext4: do not commit super on read-only bdev
* percpu_counter: fix a data race at vm_committed_as
* compiler.h: fix error in BUILD_BUG_ON() reporting
* NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
* ext2: fix empty body warnings when -Wextra is used
* iommu/amd: Fix the configuration of GCR3 table root pointer
* fbdev: potential information leak in do_fb_ioctl()
* tty: evh_bytechan: Fix out of bounds accesses
* locktorture: Print ratio of acquisitions, not failures
* mtd: lpddr: Fix a double free in probe()
* mtd: phram: fix a double free issue in error path
* x86/CPU: Add native CPUID variants returning a single datum
* x86/microcode/intel: replace sync_core() with native_cpuid_reg(eax)
* x86/vdso: Fix lsl operand order
* Linux 4.4.220

CVE References

Ian (ian-may) on 2020-04-29
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Ian (ian-may) wrote :

Please note that the following patches have been skipped as they were already applied to xenial/linux:
* KEYS: reaching the keys quotas correctly

The following patch needed some context adjustment:
* KVM: x86: Allocate new rmap and large page tracking when moving memslot

All the other patches applied cleanly.

description: updated
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Xenial):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (31.3 KiB)

This bug was fixed in the package linux - 4.4.0-184.214

linux (4.4.0-184.214) xenial; urgency=medium

  * CVE-2020-0543
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux (4.4.0-181.211) xenial; urgency=medium

  * xenial/linux: 4.4.0-181.211 -proposed tracker (LP: #1881170)

  * CVE-2020-12769
    - spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls

  * I2C bus on Dell Edge Gateway stops working after upgrading to
    Ubuntu-4.4.0-180.210 (LP: #1881124)
    - SAUCE: Revert: Revert "ACPI / LPSS: allow to use specific PM domain during

linux (4.4.0-180.210) xenial; urgency=medium

  * xenial/linux: 4.4.0-180.210 -proposed tracker (LP: #1878873)

  * Xenial update: 4.4.223 upstream stable release (LP: #1878232)
    - mwifiex: fix PCIe register information for 8997 chipset
    - drm/qxl: qxl_release use after free
    - drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
    - staging: rtl8192u: Fix crash due to pointers being "confusing"
    - usb: gadget: f_acm: Fix configfs attr name
    - usb: gadged: pch_udc: get rid of redundant assignments
    - usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock
    - usb: gadget: udc: core: don't starve DMA resources
    - MIPS: Fix macro typo
    - MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[]
    - MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200
    - MIPS: smp-cps: Stop printing EJTAG exceptions to UART
    - MIPS: scall: Handle seccomp filters which redirect syscalls
    - MIPS: BMIPS: BMIPS5000 has I cache filing from D cache
    - MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache
    - MIPS: BMIPS: Pretty print BMIPS5200 processor name
    - MIPS: Fix HTW config on XPA kernel without LPA enabled
    - MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435
    - MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
    - MIPS: Fix BC1{EQ,NE}Z return offset calculation
    - MIPS: perf: Fix I6400 event numbers
    - MIPS: KVM: Fix translation of MFC0 ErrCtl
    - MIPS: SMP: Update cpu_foreign_map on CPU disable
    - MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
    - MIPS: Octeon: Off by one in octeon_irq_gpio_map()
    - bpf, mips: fix off-by-one in ctx offset allocation
    - MIPS: RM7000: Double locking bug in rm7k_tc_disable()
    - mips/panic: replace smp_send_stop() with kdump friendly version in panic
    - ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz
    - ARM: imx: select SRC for i.MX7
    - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl
    - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl
    - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl
    - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/v...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers