Bionic update: upstream stable patchset 2022-02-11
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Kamal Mostafa |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2022-02-11
from git://git.
Bluetooth: bfusb: fix division by zero in send path
USB: core: Fix bug in resuming hub's handling of wakeup requests
USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_
mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
can: gs_usb: gs_can_
random: fix data race on crng_node_pool
random: fix data race on crng init time
staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_
drm/i915: Avoid bitwise vs logical OR warning in snb_wm_
orangefs: Fix the size of a memory allocation in orangefs_
media: uvcvideo: fix division by zero at stream start
rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
Bluetooth: schedule SCO timeouts with delayed_work
Bluetooth: fix init and cleanup of sco_conn.
HID: uhid: Fix worker destroying device without any protection
HID: wacom: Ignore the confidence flag when a touch is removed
HID: wacom: Avoid using stale array indicies to read contact count
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
rtc: cmos: take rtc_lock while reading from CMOS
media: flexcop-usb: fix control-message timeouts
media: mceusb: fix control-message timeouts
media: em28xx: fix control-message timeouts
media: cpia2: fix control-message timeouts
media: s2255: fix control-message timeouts
media: dib0700: fix undefined behavior in tuner shutdown
media: redrat3: fix control-message timeouts
media: pvrusb2: fix control-message timeouts
media: stk1160: fix control-message timeouts
can: softing_cs: softingcs_probe(): fix memleak on registration failure
shmem: fix a race between shmem_unused_
PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
clk: bcm-2835: Pick the closest clock rate
clk: bcm-2835: Remove rounding up the dividers
wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
media: em28xx: fix memory leak in em28xx_init_dev
Bluetooth: stop proccessing malicious adv data
media: dmxdev: fix UAF when dvb_register_
crypto: qce - fix uaf on qce_ahash_
tty: serial: atmel: Check return code of dmaengine_submit()
tty: serial: atmel: Call dma_async_
media: mtk-vcodec: call v4l2_m2m_
netfilter: bridge: add support for pppoe filtering
arm64: dts: qcom: msm8916: fix MMC controller aliases
drm/amdgpu: Fix a NULL pointer dereference in amdgpu_
drm/radeon/
serial: amba-pl011: do not request memory region twice
floppy: Fix hang in watchdog when disk is ejected
media: dib8000: Fix a memleak in dib8000_init()
media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
media: si2157: Fix "warm" tuner state detection
sched/rt: Try to restart rt period timer when rt runtime exceeded
media: dw2102: Fix use after free
media: msi001: fix possible null-ptr-deref in msi001_probe()
usb: ftdi-elan: fix memory leak on device disconnect
x86/mce/inject: Avoid out-of-bounds write when setting flags
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_
ppp: ensure minimum packet size in ppp_write()
fsl/fman: Check for null pointer after calling devm_ioremap
spi: spi-meson-spifc: Add missing pm_runtime_
tpm: add request_locality before write TPM_INT_ENABLE
can: softing: softing_
can: xilinx_can: xcan_probe(): check for error irq
pcmcia: fix setting of kthread task states
net: mcs7830: handle usb read errors properly
ext4: avoid trim error on fs with small groups
ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
RDMA/hns: Validate the pkey index
powerpc/prom_init: Fix improper check of prom_getprop()
ALSA: oss: fix compile error when OSS_DEBUG is enabled
char/mwave: Adjust io port register size
scsi: ufs: Fix race conditions related to driver data
RDMA/core: Let ib_find_gid() continue search even after empty entry
dmaengine: pxa/mmp: stop referencing config->slave_id
iommu/iova: Fix race between FQ timeout and teardown
ASoC: samsung: idma: Check of ioremap return value
misc: lattice-
mips: lantiq: add support for clk_set_parent()
mips: bcm63xx: add support for clk_set_parent()
RDMA/cxgb4: Set queue pair state when being queried
Bluetooth: Fix debugfs entry leak in hci_register_dev()
fs: dlm: filter user dlm messages for kernel locks
ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
drm/nouveau/
usb: gadget: f_fs: Use stream_open() for endpoint files
HID: apple: Do not reset quirks when the Fn key is not found
media: b2c2: Add missing check in flexcop_pci_isr:
mlxsw: pci: Add shutdown method in PCI driver
drm/bridge: megachips: Ensure both bridges are probed before registration
gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
HSI: core: Fix return freed object in hsi_new_client
mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
usb: uhci: add aspeed ast2600 uhci support
floppy: Add max size check for user space request
media: uvcvideo: Increase UVC_CTRL_
media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
media: m920x: don't use stack on USB reads
iwlwifi: mvm: synchronize with FW after multicast commands
ath10k: Fix tx hanging
net: bonding: debug: avoid printing debug logs when bond is not notifying peers
bpf: Do not WARN in bpf_warn_
media: igorplugusb: receiver overflow should be reported
media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
mmc: core: Fixup storing of OCR for MMC_QUIRK_
arm64: tegra: Adjust length of CCPLEX cluster MMIO region
usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
ath9k: Fix out-of-bound memcpy in ath9k_hif_
iwlwifi: fix leaks/bad data after failed firmware load
iwlwifi: remove module loading failure message
um: registers: Rename function names to avoid conflicts and build problems
jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
ACPICA: Utilities: Avoid deleting the same object twice in a row
ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_
ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
btrfs: remove BUG_ON() in find_parent_nodes()
btrfs: remove BUG_ON(!eie) in find_parent_nodes
net: mdio: Demote probed message to debug print
mac80211: allow non-standard VHT MCS-10/11
dm btree: add a defensive bounds check to insert_at()
dm space map common: add bounds check to sm_ll_lookup_
net: phy: marvell: configure RGMII delays for 88E1118
serial: pl010: Drop CR register reset on set_termios
serial: core: Keep mctrl register state and cached copy in sync
parisc: Avoid calling faulthandler_
powerpc/6xx: add missing of_node_put
powerpc/powernv: add missing of_node_put
powerpc/cell: add missing of_node_put
powerpc/btext: add missing of_node_put
powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
i2c: i801: Don't silently correct invalid transfer size
powerpc/smp: Move setup_profiling
i2c: mpc: Correct I2C reset procedure
w1: Misuse of get_user(
ALSA: seq: Set upper limit of processed events
MIPS: OCTEON: add put_device() after of_find_
i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
MIPS: Octeon: Fix build errors using clang
scsi: sr: Don't use GFP_DMA
ASoC: mediatek: mt8173: fix device_node leak
power: bq25890: Enable continuous conversion for ADC at charging
ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
serial: Fix incorrect rs485 polarity on uart open
cputime, cpuacct: Include guest time in user time in cpuacct.stat
iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
ext4: make sure quota gets properly shutdown on error
ext4: set csum seed in tmp inode while migrating to extents
ext4: Fix BUG_ON in ext4_bread when write quota data
ext4: don't use the orphan list when migrating an inode
crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
drm/radeon: fix error handling in radeon_
firmware: Update Kconfig help text for Google firmware
Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
RDMA/hns: Modify the mapping attribute of doorbell to device
RDMA/rxe: Fix a typo in opcode name
powerpc/cell: Fix clang -Wimplicit-
powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
parisc: pdc_stable: Fix memory leak in pdcs_register_
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
net: axienet: Wait for PhyRstCmplt after core reset
net: axienet: fix number of TX ring slots for available check
netns: add schedule point in ops_exit_list()
libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
dmaengine: at_xdmac: Don't start transactions at tx_submit level
dmaengine: at_xdmac: Print debug message after realeasing the lock
dmaengine: at_xdmac: Fix lld view setting
dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
net_sched: restore "mpu xxx" handling
bcmgenet: add WOL IRQ check
scripts/dtc: dtx_diff: remove broken example from help text
lib82596: Fix IRQ check in sni_82596_probe
mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue
gianfar: simplify FCS handling and fix memory leak
firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
firmware: qemu_fw_cfg: fix kobject leak in probe error path
ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows
wcn36xx: Release DMA channel descriptor allocations
tty: serial: uartlite: allow 64 bit address
xfrm: fix a small bug in xfrm_sa_len()
mmc: meson-mx-sdio: add IRQ check
netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_
staging: greybus: audio: Check null pointer
Bluetooth: hci_bcm: Check for error irq
ASoC: rt5663: Handle device_
rpmsg: Only invoke announce_create for rpdev with endpoints
rpmsg: core: Clean up resources on announce_create failure.
dmaengine: stm32-mdma: fix STM32_MDMA_
rtc: pxa: fix null pointer dereference
UBUNTU: upstream stable to v4.14.263, v4.19.226
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
description: | updated |
Changed in linux (Ubuntu Bionic): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
Changed in linux (Ubuntu): | |
status: | Confirmed → Invalid |
description: | updated |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package linux - 4.15.0-173.182
---------------
linux (4.15.0-173.182) bionic; urgency=medium
* bionic/linux: 4.15.0-173.182 -proposed tracker (LP: #1965552)
* Pick fixup from upstream stable patchset 2022-03-04 to address cert
failure with clock jitter test on NUC7i3DNHE (LP: #1964213)
- Bluetooth: refactor malicious adv data check
linux (4.15.0-172.181) bionic; urgency=medium
* CVE-2022-0847
- lib/iov_iter: initialize "flags" in new pipe_buffer
* Bionic update: upstream stable patchset 2022-02-11 (LP: #1960681) poll_rh_ status start_xmit( ): zero-initialize hf->{flags, reserved} usb_throttlefn( ) latency_ quirk() bufmap_ alloc() timeout_ work huge_shrink and shmem_evict_inode device( ) fails register_ one
- Bluetooth: bfusb: fix division by zero in send path
- USB: core: Fix bug in resuming hub's handling of wakeup requests
- USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_
- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
- can: gs_usb: fix use of uninitialized variable, detach device on reception
of invalid USB data
- can: gs_usb: gs_can_
- random: fix data race on crng_node_pool
- random: fix data race on crng init time
- staging: wlan-ng: Avoid bitwise vs logical OR warning in
hfa384x_
- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_
- orangefs: Fix the size of a memory allocation in orangefs_
- media: uvcvideo: fix division by zero at stream start
- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with
interrupts enabled
- Bluetooth: schedule SCO timeouts with delayed_work
- Bluetooth: fix init and cleanup of sco_conn.
- HID: uhid: Fix worker destroying device without any protection
- HID: wacom: Ignore the confidence flag when a touch is removed
- HID: wacom: Avoid using stale array indicies to read contact count
- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed
bind()
- rtc: cmos: take rtc_lock while reading from CMOS
- media: flexcop-usb: fix control-message timeouts
- media: mceusb: fix control-message timeouts
- media: em28xx: fix control-message timeouts
- media: cpia2: fix control-message timeouts
- media: s2255: fix control-message timeouts
- media: dib0700: fix undefined behavior in tuner shutdown
- media: redrat3: fix control-message timeouts
- media: pvrusb2: fix control-message timeouts
- media: stk1160: fix control-message timeouts
- can: softing_cs: softingcs_probe(): fix memleak on registration failure
- shmem: fix a race between shmem_unused_
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
- clk: bcm-2835: Pick the closest clock rate
- clk: bcm-2835: Remove rounding up the dividers
- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
- media: em28xx: fix memory leak in em28xx_init_dev
- Bluetooth: stop proccessing malicious adv data
- media: dmxdev: fix UAF when dvb_register_
- crypto: qce - fix uaf on qce_ahash_
- tty: ser...