This bug was fixed in the package linux - 4.15.0-106.107 --------------- linux (4.15.0-106.107) bionic; urgency=medium * CVE-2020-0543 - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id - SAUCE: x86/cpu: Add 'table' argument to cpu_matches() - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation - SAUCE: x86/speculation: Add Ivy Bridge to affected list linux (4.15.0-103.104) bionic; urgency=medium * bionic/linux: 4.15.0-103.104 -proposed tracker (LP: #1881272) * "BUG: unable to handle kernel paging request" when testing ubuntu_kvm_smoke_test.kvm_smoke_test with B-KVM in proposed (LP: #1881072) - KVM: VMX: Explicitly reference RCX as the vmx_vcpu pointer in asm blobs - KVM: VMX: Mark RCX, RDX and RSI as clobbered in vmx_vcpu_run()'s asm blob linux (4.15.0-102.103) bionic; urgency=medium * bionic/linux: 4.15.0-102.103 -proposed tracker (LP: #1878856) * Packaging resync (LP: #1786013) - update dkms package versions * debian/scripts/file-downloader does not handle positive failures correctly (LP: #1878897) - [Packaging] file-downloader not handling positive failures correctly * Kernel log flood "ceph: Failed to find inode for 1" (LP: #1875884) - ceph: don't check quota for snap inode - ceph: quota: cache inode pointer in ceph_snap_realm * [UBUNTU 18.04] zpcictl --reset - contribution for kernel (LP: #1870320) - s390/pci: Recover handle in clp_set_pci_fn() - s390/pci: Fix possible deadlock in recover_store() * Bionic update: upstream stable patchset 2020-05-12 (LP: #1878256) - drm/edid: Fix off-by-one in DispID DTD pixel clock - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() - drm/qxl: qxl_release use after free - btrfs: fix block group leak when removing fails - btrfs: fix partial loss of prealloc extent past i_size after fsync - mmc: sdhci-xenon: fix annoying 1.8V regulator warning - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter - ALSA: hda/hdmi: fix without unlocked before return - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly - PM: ACPI: Output correct message on target power state - PM: hibernate: Freeze kernel threads in software_resume() - dm verity fec: fix hash block number in verity_fec_decode - RDMA/mlx5: Set GRH fields in query QP on RoCE - RDMA/mlx4: Initialize ib_spec on the stack - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() - iommu/qcom: Fix local_base status check - scsi: target/iblock: fix WRITE SAME zeroing - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system - ALSA: opti9xx: shut up gcc-10 range warning - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl - dmaengine: dmatest: Fix iteration non-stop logic - selinux: properly handle multiple messages in selinux_netlink_send() - ASoC: tas571x: disable regulators on failed probe - ASoC: wm8960: Fix wrong clock after suspend & resume - rxrpc: Fix DATA Tx to disable nofrag for UDP on AF_INET6 socket - xfs: acquire superblock freeze protection on eofblocks scans - cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled - net: fec: set GPR bit on suspend by DT configuration. - ALSA: hda: Keep the controller initialization even if no codecs found - ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported - ALSA: hda: call runtime_allow() for all hda controllers - scsi: qla2xxx: check UNLOADING before posting async work - RDMA/core: Fix race between destroy and release FD object - btrfs: transaction: Avoid deadlock due to bad initialization timing of fs_info::journal_info - mmc: sdhci-msm: Enable host capabilities pertains to R1b response - mmc: meson-mx-sdio: Set MMC_CAP_WAIT_WHILE_BUSY - mmc: meson-mx-sdio: remove the broken ->card_busy() op * Bionic update: upstream stable patchset 2020-05-07 (LP: #1877461) - ext4: fix extent_status fragmentation for plain files - net: ipv4: avoid unused variable warning for sysctl - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static - vti4: removed duplicate log message. - watchdog: reset last_hw_keepalive time at start - scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login - ceph: return ceph_mdsc_do_request() errors from __get_parent() - ceph: don't skip updating wanted caps when cap is stale - pwm: rcar: Fix late Runtime PM enablement - scsi: iscsi: Report unbind session event when the target has been removed - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() - kernel/gcov/fs.c: gcov_seq_next() should increase position index - selftests: kmod: fix handling test numbers above 9 - ipc/util.c: sysvipc_find_ipc() should increase position index - s390/cio: avoid duplicated 'ADD' uevents - pwm: renesas-tpu: Fix late Runtime PM enablement - pwm: bcm2835: Dynamically allocate base - perf/core: Disable page faults when getting phys address - PCI/ASPM: Allow re-enabling Clock PM - mm, slub: restore the original intention of prefetch_freepointer() - cxgb4: fix large delays in PTP synchronization - ipv6: fix restrict IPV6_ADDRFORM operation - macsec: avoid to set wrong mtu - macvlan: fix null dereference in macvlan_device_event() - net: bcmgenet: correct per TX/RX ring statistics - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node - net/x25: Fix x25_neigh refcnt leak when receiving frame - tcp: cache line align MAX_TCP_HEADER - team: fix hang in team_mode_get() - net: dsa: b53: Fix ARL register definitions - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish - vrf: Check skb for XFRM_TRANSFORMED flag - KEYS: Avoid false positive ENOMEM error on key read - ALSA: hda: Remove ASUS ROG Zenith from the blacklist - iio: adc: stm32-adc: fix sleep in atomic context - iio: xilinx-xadc: Fix ADC-B powerdown - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode - fs/namespace.c: fix mountpoint reference counter race - USB: sisusbvga: Change port variable from signed to unsigned - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE - USB: early: Handle AMD's spec-compliant identifiers, too - USB: core: Fix free-while-in-use bug in the USB S-Glibrary - USB: hub: Fix handling of connect changes during sleep - overflow.h: Add arithmetic shift helper - vmalloc: fix remap_vmalloc_range() bounds checks - mm/hugetlb: fix a addressing exception caused by huge_pte_offset - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled - tools/vm: fix cross-compile build - ALSA: usx2y: Fix potential NULL dereference - ALSA: hda/realtek - Add new codec supported for ALC245 - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif - ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices - tpm/tpm_tis: Free IRQ if probing fails - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() - KVM: Check validity of resolved slot when searching memslots - KVM: VMX: Enable machine check support for 32bit targets - tty: hvc: fix buffer overflow during hvc_alloc(). - tty: rocket, avoid OOB access - usb-storage: Add unusual_devs entry for JMicron JMS566 - audit: check the length of userspace generated audit records - ASoC: dapm: fixup dapm kcontrol widget - iwlwifi: pcie: actually release queue memory in TVQM - ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y - powerpc/setup_64: Set cache-line-size based on cache-block-size - staging: comedi: dt2815: fix writing hi byte of analog output - staging: comedi: Fix comedi_device refcnt leak in comedi_open - vt: don't hardcode the mem allocation upper bound - staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default. - staging: vt6656: Fix calling conditions of vnt_set_bss_mode - staging: vt6656: Fix drivers TBTT timing counter. - staging: vt6656: Fix pairwise key entry save. - staging: vt6656: Power save stop wake_up_count wrap around. - cdc-acm: close race betrween suspend() and acm_softint - cdc-acm: introduce a cool down - UAS: no use logging any details in case of ENODEV - UAS: fix deadlock in error handling and PM flushing work - usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() - serial: sh-sci: Make sure status register SCxSR is read in correct sequence - xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT - remoteproc: Fix wrong rvring index computation - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer - binder: take read mode of mmap_sem in binder_alloc_free_page() - usb: dwc3: gadget: Do link recovery for SS and SSP - usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete - iio:ad7797: Use correct attribute_group - nfsd: memory corruption in nfsd4_lock() - i2c: altera: use proper variable to hold errno - net/cxgb4: Check the return from t4_query_params properly - ARM: dts: bcm283x: Disable dsi0 node - perf/core: fix parent pid/tid in task exit events - mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path - bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B - x86: hyperv: report value of misc_features - xfs: fix partially uninitialized structure in xfs_reflink_remap_extent - scsi: target: fix PR IN / READ FULL STATUS for FC - objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings - objtool: Support Clang non-section symbols in ORC dump - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status - arm64: Delete the space separator in __emit_inst - ext4: use matching invalidatepage in ext4_writepage - ext4: increase wait time needed before reuse of deleted inode numbers - ext4: convert BUG_ON's to WARN_ON's in mballoc.c - hwmon: (jc42) Fix name to have no illegal characters - qed: Fix use after free in qed_chain_free - ext4: check for non-zero journal inum in ext4_calculate_overhead - propagate_one(): mnt_set_mountpoint() needs mount_lock - kconfig: qconf: Fix a few alignment issues - loop: Better discard support for block devices - drm/amd/display: Not doing optimize bandwidth if flip pending. - virtio-blk: improve virtqueue error to BLK_STS - scsi: smartpqi: fix call trace in device discovery - net: ipv6: add net argument to ip6_dst_lookup_flow - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup - f2fs: fix to avoid memory leakage in f2fs_listxattr - KVM: VMX: Zero out *all* general purpose registers after VM-Exit - KVM: Introduce a new guest mapping API - kvm: fix compilation on aarch64 - kvm: fix compilation on s390 - kvm: fix compile on s390 part 2 - KVM: Properly check if "page" is valid in kvm_vcpu_unmap - x86/kvm: Introduce kvm_(un)map_gfn() - x86/kvm: Cache gfn to pfn translation - vrf: Fix IPv6 with qdisc and xfrm - net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled - net: dsa: b53: Rework ARL bin logic - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL - mlxsw: Fix some IS_ERR() vs NULL bugs - iio: core: remove extra semi-colon from devm_iio_device_register() macro - iio: st_sensors: rely on odr mask to know if odr can be set - iio: xilinx-xadc: Make sure not exceed maximum samplerate - iwlwifi: mvm: beacon statistics shouldn't go backwards - xhci: prevent bus suspend if a roothub port detected a over-current condition * Bionic update: upstream stable patchset 2020-04-27 (LP: #1875506) - KVM: VMX: fix crash cleanup when KVM wasn't used - amd-xgbe: Use __napi_schedule() in BH context - hsr: check protocol version in hsr_newlink() - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin - net: ipv6: do not consider routes via gateways for anycast address check - net: qrtr: send msgs from local of same id as broadcast - net: revert default NAPI poll timeout to 2 jiffies - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic - jbd2: improve comments about freeing data buffers whose page mapping is NULL - pwm: pca9685: Fix PWM/GPIO inter-operation - ext4: fix incorrect group count in ext4_fill_super error message - ext4: fix incorrect inodes per group in error message - ASoC: Intel: mrfld: fix incorrect check on p->sink - ASoC: Intel: mrfld: return error codes when an error occurs - ALSA: usb-audio: Don't override ignore_ctl_error value from the map - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation - btrfs: check commit root generation in should_ignore_root - mac80211_hwsim: Use kstrndup() in place of kasprintf() - ext4: do not zeroout extents beyond i_disksize - dm flakey: check for null arg_name in parse_features() - kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD - x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE - x86/intel_rdt: Add two new resources for L2 Code and Data Prioritization (CDP) - x86/intel_rdt: Enable L2 CDP in MSR IA32_L2_QOS_CFG - x86/resctrl: Preserve CDP enable over CPU hotplug - x86/resctrl: Fix invalid attempt at removing the default resource group - mm/vmalloc.c: move 'area->pages' after if statement - objtool: Fix switch table detection in .text.unlikely - scsi: sg: add sg_remove_request in sg_common_write - ext4: use non-movable memory for superblock readahead - arm, bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift by 0 - netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type - irqchip/mbigen: Free msi_desc on device teardown - ALSA: hda: Don't release card at firmware loading error - lib/raid6: use vdupq_n_u8 to avoid endianness warnings - video: fbdev: sis: Remove unnecessary parentheses and commented code - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem - clk: Fix debugfs_create_*() usage - Revert "gpio: set up initial state from .get_direction()" - wil6210: increase firmware ready timeout - wil6210: fix temperature debugfs - scsi: ufs: make sure all interrupts are processed - scsi: ufs: ufs-qcom: remove broken hci version quirk - wil6210: rate limit wil_rx_refill error - rpmsg: glink: use put_device() if device_register fail - rtc: pm8xxx: Fix issue in RTC write path - rpmsg: glink: Fix missing mutex_init() in qcom_glink_alloc_channel() - rpmsg: glink: smem: Ensure ordering during tx - wil6210: fix PCIe bus mastering in case of interface down - wil6210: add block size checks during FW load - wil6210: fix length check in __wmi_send - wil6210: abort properly in cfg suspend - rbd: avoid a deadlock on header_rwsem when flushing notifies - rbd: call rbd_dev_unprobe() after unwatching and flushing notifies - of: unittest: kmemleak in of_unittest_platform_populate() - clk: at91: usb: continue if clk_hw_round_rate() return zero - power: supply: bq27xxx_battery: Silence deferred-probe error - clk: tegra: Fix Tegra PMC clock out parents - soc: imx: gpc: fix power up sequencing - rtc: 88pm860x: fix possible race condition - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails - s390/cpuinfo: fix wrong output when CPU0 is offline - powerpc/maple: Fix declaration made after definition - ext4: do not commit super on read-only bdev - include/linux/swapops.h: correct guards for non_swap_entry() - percpu_counter: fix a data race at vm_committed_as - compiler.h: fix error in BUILD_BUG_ON() reporting - KVM: s390: vsie: Fix possible race when shadowing region 3 tables - x86: ACPI: fix CPU hotplug deadlock - drm/amdkfd: kfree the wrong pointer - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() - iommu/vt-d: Fix mm reference leak - ext2: fix empty body warnings when -Wextra is used - ext2: fix debug reference to ext2_xattr_cache - libnvdimm: Out of bounds read in __nd_ioctl() - iommu/amd: Fix the configuration of GCR3 table root pointer - net: dsa: bcm_sf2: Fix overflow checks - fbdev: potential information leak in do_fb_ioctl() - tty: evh_bytechan: Fix out of bounds accesses - locktorture: Print ratio of acquisitions, not failures - mtd: lpddr: Fix a double free in probe() - mtd: phram: fix a double free issue in error path - KEYS: Use individual pages in big_key for crypto buffers - KEYS: Don't write out to userspace while holding key semaphore - keys: Fix proc_keys_next to increase position index - wil6210: ignore HALP ICR if already handled - wil6210: remove reset file from debugfs - ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN. - of: unittest: kmemleak on changeset destroy - of: overlay: kmemleak in dup_and_fixup_symbol_prop() - s390/cpum_sf: Fix wrong page count in error message - f2fs: fix NULL pointer dereference in f2fs_write_begin() * psock_tpacket from the net test in ubuntu_kernel_selftests failed on KVM kernels (LP: #1812176) - selftests/net: skip psock_tpacket test if KALLSYMS was not enabled * Bionic ubuntu ethtool doesn't check ring parameters boundaries (LP: #1874444) - ethtool: Ensure new ring parameters are within bounds during SRINGPARAM * Improve TSC refinement (and calibration) reliability (LP: #1877858) - x86/tsc: Make calibration refinement more robust - x86/tsc: Use CPUID.0x16 to calculate missing crystal frequency * Do not treat unresolved test case in ftrace from ubuntu_kernel_selftests as failure (LP: #1877958) - ftrace/selftest: make unresolved cases cause failure if --fail-unresolved set * Add support for Ambiq micro AM1805 RTC chip (LP: #1876667) - SAUCE: rtc: add am-1805 RTC driver * 'Elan touchpad' not detected on 'Lenovo ThinkBook 15 IIL' (LP: #1861610) - SAUCE: Input: elan_i2c - add more hardware ID for Lenovo laptop * Kdump broken since 4.15.0-65 on secureboot - purgatory cannot load (LP: #1869672) - SAUCE: x86/purgatory: Fix Makefile to prevent undefined symbols -- Kleber Sacilotto de Souza