This bug was fixed in the package linux - 4.4.0-190.220 --------------- linux (4.4.0-190.220) xenial; urgency=medium * xenial/linux: 4.4.0-190.220 -proposed tracker (LP: #1893431) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * [Hyper-V] VSS and File Copy daemons intermittently fails to start (LP: #1891224) - [Packaging] Bind hv_vss_daemon startup to hv_vss device - [Packaging] bind hv_fcopy_daemon startup to hv_fcopy device * CVE-2019-20811 - net-sysfs: call dev_hold if kobject_init_and_add success * CVE-2020-0067 - f2fs: fix to avoid memory leakage in f2fs_listxattr * CVE-2019-9453 - f2fs: fix to avoid accessing xattr across the boundary * Xenial update: 4.4.233 upstream stable release (LP: #1892822) - media: rc: prevent memory leak in cx23888_ir_probe - ath9k_htc: release allocated buffer if timed out - ath9k: release allocated buffer if timed out - nfs: Move call to security_inode_listsecurity into nfs_listxattr - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() - drm: hold gem reference until object is no longer accessed - f2fs: check memory boundary by insane namelen - f2fs: check if file namelen exceeds max value - ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. - rds: Prevent kernel-infoleak in rds_notify_queue_get() - net/x25: Fix x25_neigh refcnt leak when x25 disconnect - net/x25: Fix null-ptr-deref in x25_disconnect - sh: Fix validation of system call number - net: lan78xx: add missing endpoint sanity check - net: lan78xx: fix transfer-buffer memory leak - mlxsw: core: Increase scope of RCU read-side critical section - mac80211: mesh: Free ie data when leaving mesh - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame - net: ethernet: ravb: exit if re-initialization fails in tx timeout - Revert "i2c: cadence: Fix the hold bit setting" - xen-netfront: fix potential deadlock in xennet_remove() - x86/i8259: Use printk_deferred() to prevent deadlock - random32: update the net random state on interrupt and activity - ARM: percpu.h: fix build error - random: fix circular include dependency on arm64 after addition of percpu.h - random32: remove net_rand_state from the latent entropy gcc plugin - random32: move the pseudo-random 32-bit definitions to prandom.h - ext4: fix direct I/O read error - USB: serial: qcserial: add EM7305 QDL product ID - ALSA: seq: oss: Serialize ioctls - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() - vgacon: Fix for missing check in scrollback handling - mtd: properly check all write ioctls for permissions - net/9p: validate fds in p9_fd_open - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason - cfg80211: check vendor command doit pointer before use - igb: reinit_locked() should be called with rtnl_lock - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent - tools lib traceevent: Fix memory leak in process_dynamic_array_len - binder: Prevent context manager from incrementing ref 0 - ipv4: Silence suspicious RCU usage warning - ipv6: fix memory leaks on IPV6_ADDRFORM path - Revert "vxlan: fix tos value before xmit" - net: lan78xx: replace bogus endpoint lookup - usb: hso: check for return value in hso_serial_common_create() - vxlan: Ensure FDB dump is performed under RCU - Smack: fix use-after-free in smk_write_relabel_self() - tracepoint: Mark __tracepoint_string's __used - udp: drop corrupt packets earlier to avoid data corruption - gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...) - EDAC: Fix reference count leaks - m68k: mac: Don't send IOP message until channel is idle - m68k: mac: Fix IOP status/control register writes - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() - ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() - drm/tilcdc: fix leak & null ref in panel_connector_get_modes - Bluetooth: add a mutex lock to avoid UAF in do_enale_set - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync - video: fbdev: neofb: fix memory leak in neo_scan_monitor() - drm/nouveau: fix multiple instances of reference count leaks - drm/debugfs: fix plain echo to connector "force" attribute - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls - brcmfmac: To fix Bss Info flag definition Bug - iwlegacy: Check the return value of pcie_capability_read_*() - usb: gadget: net2280: fix memory leak on probe error handling paths - bdc: Fix bug causing crash after multiple disconnects - dyndbg: fix a BUG_ON in ddebug_describe_flags - bcache: fix super block seq numbers comparision in register_cache_set() - ACPICA: Do not increment operation_region reference counts for field units - agp/intel: Fix a memory leak on module initialisation failure - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address - console: newport_con: fix an issue about leak related system resources - iio: improve IIO_CONCENTRATION channel type description - leds: lm355x: avoid enum conversion warning - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() - drm/radeon: fix array out-of-bounds read and write issues - scsi: powertec: Fix different dev_id between request_irq() and free_irq() - scsi: eesox: Fix different dev_id between request_irq() and free_irq() - media: firewire: Using uninitialized values in node_probe() - media: exynos4-is: Add missed check for pinctrl_lookup_state() - drm: panel: simple: Fix bpc for LG LB070WV8 panel - mwifiex: Prevent memory corruption handling keys - powerpc/vdso: Fix vdso cpu truncation - PCI/ASPM: Add missing newline in sysfs 'policy' - usb: dwc2: Fix error path in gadget registration - scsi: mesh: Fix panic after host or bus reset - Smack: fix another vsscanf out of bounds - Smack: prevent underflow in smk_set_cipso() - power: supply: check if calc_soc succeeded in pm860x_init_battery - s390/qeth: don't process empty bridge port events - wl1251: fix always return 0 error - net: spider_net: Fix the size used in a 'dma_free_coherent()' call - dlm: Fix kobject memleak - pinctrl-single: fix pcs_parse_pinconf() return value - drivers/net/wan/lapbether: Added needed_headroom and a skb->len check - net/nfc/rawsock.c: add CAP_NET_RAW check. - net: Set fput_needed iff FDPUT_FPUT is set - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 - ALSA: usb-audio: add quirk for Pioneer DDJ-RB - crypto: qat - fix double free in qat_uclo_create_batch_init_list - fs/minix: check return value of sb_getblk() - fs/minix: don't allow getting deleted inodes - fs/minix: reject too-large maximum file size - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 - 9p: Fix memory leak in v9fs_mount - parisc: mask out enable and reserved bits from sba imask - ARM: 8992/1: Fix unwind_frame for clang-built kernels - xen/balloon: fix accounting in alloc_xenballooned_pages error path - xen/balloon: make the balloon wait interruptible - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() - btrfs: only search for left_info if there is no right_info in try_merge_free_space - btrfs: fix memory leaks after failure to lookup checksums during inode logging - powerpc: Fix circular dependency between percpu.h and mmu.h - net: ethernet: stmmac: Disable hardware multicast filter - net: stmmac: dwmac1000: provide multicast filter fallback - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 - bcache: allocate meta data pages as compound pages - mac80211: fix misplaced while instead of if - MIPS: CPU#0 is not hotpluggable - ext2: fix missing percpu_counter_inc - ocfs2: change slot number type s16 to u16 - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler - pseries: Fix 64 bit logical memory block panic - USB: serial: ftdi_sio: make process-packet buffer unsigned - USB: serial: ftdi_sio: clean up receive processing - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx - iommu/vt-d: Enforce PASID devTLB field mask - i2c: rcar: slave: only send STOP event when we have been addressed - clk: clk-atlas6: fix return value check in atlas6_clk_init() - Input: sentelic - fix error return when fsp_reg_write fails - drm/vmwgfx: Fix two list_for_each loop exit tests - nfs: Fix getxattr kernel panic and memory overflow - fs/ufs: avoid potential u32 multiplication overflow - mfd: dln2: Run event handler loop under spinlock - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() - sh: landisk: Add missing initialization of sh_io_port_base - ipv6: check skb->protocol before lookup for nexthop - Linux 4.4.233 -- Stefan Bader