Xenial update: v4.4.238 upstream stable release

Bug #1899506 reported by Kamal Mostafa
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       v4.4.238 upstream stable release
       from git://git.kernel.org/

af_key: pfkey_dump needs parameter validation
KVM: fix memory leak in kvm_io_bus_unregister_dev()
kprobes: fix kill kprobe which has been marked as gone
ftrace: Setup correct FTRACE_FL_REGS flags for module
RDMA/ucma: ucma_context reference leak in error path
mtd: Fix comparison in map_word_andequal()
hdlc_ppp: add range checks in ppp_cp_parse_cr()
tipc: use skb_unshare() instead in tipc_buf_append()
net: add __must_check to skb_put_padto()
ip: fix tos reflection in ack and reset packets
serial: 8250: Avoid error message on reprobe
scsi: aacraid: fix illegal IO beyond last LBA
m68k: q40: Fix info-leak in rtc_ioctl
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
ASoC: kirkwood: fix IRQ error handling
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
mfd: mfd-core: Protect against NULL call-back function pointer
tracing: Adding NULL checks for trace_array descriptor pointer
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
xfs: fix attr leaf header freemap.size underflow
kernel/sys.c: avoid copying possible padding bytes in copy_to_user
neigh_stat_seq_next() should increase position index
rt_cpu_seq_next should increase position index
seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
ACPI: EC: Reference count query handlers under lock
tracing: Set kernel_stack's caller size properly
ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
Bluetooth: Fix refcount use-after-free issue
mm: pagewalk: fix termination condition in walk_pte_range()
Bluetooth: prefetch channel before killing sock
skbuff: fix a data race in skb_queue_len()
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
selinux: sel_avc_get_stat_idx should increase position index
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
drm/omap: fix possible object reference leak
dmaengine: tegra-apb: Prevent race conditions on channel's freeing
media: go7007: Fix URB type for interrupt handling
Bluetooth: guard against controllers sending zero'd events
drm/amdgpu: increase atombios cmd timeout
Bluetooth: L2CAP: handle l2cap config request during open state
media: tda10071: fix unsigned sign extension overflow
tpm: ibmvtpm: Wait for buffer to be set before proceeding
tracing: Use address-of operator on section symbols
serial: 8250_omap: Fix sleeping function called from invalid context during probe
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor
mm/filemap.c: clear page error before actual read
mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
bdev: Reduce time holding bd_mutex in sync in blkdev_close()
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion
atm: fix a memory leak of vcc->user_back
phy: samsung: s5pv210-usb2: Add delay after reset
Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
tty: serial: samsung: Correct clock selection logic
ALSA: hda: Fix potential race in unsol event handler
fuse: don't check refcount after stealing page
USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
e1000: Do not perform reset in reset_task if we are already down
printk: handle blank console arguments passed in.
vfio/pci: fix memory leaks of eventfd ctx
perf kcore_copy: Fix module map when there are no modules loaded
mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
ceph: fix potential race in ceph_check_caps
mtd: parser: cmdline: Support MTD names containing one or more colons
x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
vfio/pci: Clear error and request eventfd ctx after releasing
vfio/pci: fix racy on error and request eventfd ctx
s390/init: add missing __init annotations
batman-adv: bla: fix type misuse for backbone_gw hash indexing
atm: eni: fix the missed pci_disable_device() for eni_init_one()
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
ALSA: asihpi: fix iounmap in error handler
MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
tty: vt, consw->con_scrolldelta cleanup
kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
lib/string.c: implement stpcpy
ata: define AC_ERR_OK
ata: make qc_prep return ata_completion_errors
ata: sata_mv, avoid trigerrable BUG_ON
Linux 4.4.238
UBUNTU: upstream stable to v4.4.238

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
description: updated
Stefan Bader (smb)
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
importance: Undecided → Medium
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (20.5 KiB)

This bug was fixed in the package linux - 4.4.0-197.229

linux (4.4.0-197.229) xenial; urgency=medium

  * xenial/linux: 4.4.0-197.229 -proposed tracker (LP: #1905489)

  * sha1_ce and sha2_ce modules no longer load on arm64 (LP: #1905336)
    - SAUCE: Revert "crypto: arm64/sha - avoid non-standard inline asm tricks"

  * Fails to build on powerpc (LP: #1905475)
    - powerpc/uaccess-flush: fix corenet64_smp_defconfig build
    - SAUCE: powerpc/uaccess: only include kup-radix.h on PPC_BOOK3S_64

linux (4.4.0-196.228) xenial; urgency=medium

  * xenial/linux: 4.4.0-196.228 -proposed tracker (LP: #1905309)

  * CVE-2020-4788
    - SAUCE: powerpc/64s: move some exception handlers out of line
    - powerpc/64s: flush L1D on kernel entry
    - SAUCE: powerpc: Add a framework for user access tracking
    - powerpc: Implement user_access_begin and friends
    - powerpc: Fix __clear_user() with KUAP enabled
    - powerpc/uaccess: Evaluate macro arguments once, before user access is
    - powerpc/64s: flush L1D after user accesses

linux (4.4.0-195.227) xenial; urgency=medium

  * xenial/linux: 4.4.0-195.227 -proposed tracker (LP: #1903107)

  * Update kernel packaging to support forward porting kernels (LP: #1902957)
    - [Debian] Update for leader included in BACKPORT_SUFFIX

  * Avoid double newline when running insertchanges (LP: #1903293)
    - [Packaging] insertchanges: avoid double newline

  * EFI: Fails when BootCurrent entry does not exist (LP: #1899993)
    - efivarfs: Replace invalid slashes with exclamation marks in dentries.

  * CVE-2020-14351
    - perf/core: Fix race in the perf_mmap_close() function

  * CVE-2020-25645
    - geneve: add transport ports in route lookup for geneve

  * Xenial update: v4.4.241 upstream stable release (LP: #1902097)
    - ibmveth: Identify ingress large send packets.
    - tipc: fix the skb_unshare() in tipc_buf_append()
    - net/ipv4: always honour route mtu during forwarding
    - r8169: fix data corruption issue on RTL8402
    - ALSA: bebob: potential info leak in hwdep_read()
    - mm/kasan: print name of mem[set,cpy,move]() caller in report
    - mm/kasan: add API to check memory regions
    - compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
    - compiler.h: Add read_word_at_a_time() function.
    - lib/strscpy: Shut up KASAN false-positives in strscpy()
    - x86/mm/ptdump: Fix soft lockup in page table walker
    - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
    - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling
    - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in
    - tcp: fix to update snd_wl1 in bulk receiver fast path
    - icmp: randomize the global rate limiter
    - cifs: remove bogus debug code
    - ima: Don't ignore errors from crypto_shash_update()
    - EDAC/i5100: Fix error handling order in i5100_init_one()
    - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
    - media: Revert "media: exynos4-is: Add missed check for

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers