Bug #1847969 “[Packaging] Support building Flattened Image Tree ...” : Bionic (18.04) : Bugs : linux package : Ubuntu

Shrirang Bagul (shrirang-bagul) on 2019-10-14

Changed in linux (Ubuntu Xenial):
status:	New → Confirmed
Changed in linux (Ubuntu Bionic):
status:	New → Confirmed
description:	updated

Shrirang Bagul (shrirang-bagul) on 2019-10-14

description:

updated

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-10-14: Missing required logs.

#1

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1847969

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Shrirang Bagul (shrirang-bagul) on 2019-10-14

Changed in linux (Ubuntu Xenial):
importance:	Undecided → High
Changed in linux (Ubuntu Bionic):
importance:	Undecided → High

Kleber Sacilotto de Souza (kleber-souza) on 2019-10-17

Changed in linux (Ubuntu Xenial):
status:	Confirmed → In Progress
Changed in linux (Ubuntu Bionic):
status:	Confirmed → In Progress
Changed in linux (Ubuntu):
status:	Incomplete → Confirmed

Khaled El Mously (kmously) on 2019-10-18

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-10-22:

#2

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-10-22:

#3

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

Shrirang Bagul (shrirang-bagul) on 2019-11-04

tags:

added: verification-done-xenial
removed: verification-needed-xenial

Revision history for this message

Khaled El Mously (kmously) wrote on 2019-11-06:

#4

@shrirang: Ping for verification :) Thank you

Shrirang Bagul (shrirang-bagul) on 2019-11-08

tags:

added: verification-done-bionic
removed: verification-needed-bionic

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-11-12:

#5

Download full text (24.0 KiB)

This bug was fixed in the package linux - 4.15.0-69.78

---------------
linux (4.15.0-69.78) bionic; urgency=medium

* KVM NULL pointer deref (LP: #1851205)
- KVM: nVMX: handle page fault in vmread fix

  * CVE-2018-12207
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - drm/i915/gtt: Add read only pages to gen8_pte_encode
    - drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - drm/i915/gtt: Disable read-only support under GVT
    - drm/i915: Prevent writing into a read-only object via a GGTT mmap
    - drm/i915/cmdparser: Check reg_table_count before derefencing.
    - drm/i915/cmdparser: Do not check past the cmd length.
    - drm/i915: Silence smatch for cmdparser
    - drm/i915: Move engine->needs_cmd_parser to engine->flags
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdpar...

This bug was fixed in the package linux - 4.15.0-69.78

---------------
linux (4.15.0-69.78) bionic; urgency=medium

* KVM NULL pointer deref (LP: #1851205)
    - KVM: nVMX: handle page fault in vmread fix

* CVE-2018-12207
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

* CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

* CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

* CVE-2019-0155
    - drm/i915/gtt: Add read only pages to gen8_pte_encode
    - drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - drm/i915/gtt: Disable read-only support under GVT
    - drm/i915: Prevent writing into a read-only object via a GGTT mmap
    - drm/i915/cmdparser: Check reg_table_count before derefencing.
    - drm/i915/cmdparser: Do not check past the cmd length.
    - drm/i915: Silence smatch for cmdparser
    - drm/i915: Move engine->needs_cmd_parser to engine->flags
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

linux (4.15.0-68.77) bionic; urgency=medium

* bionic/linux: 4.15.0-68.77 -proposed tracker (LP: #1849855)

* [REGRESSION]  md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."

linux (4.15.0-67.76) bionic; urgency=medium

* bionic/linux: 4.15.0-67.76 -proposed tracker (LP: #1849035)

* Unexpected CFS throttling  (LP: #1832151)
    - sched/fair: Add lsub_positive() and use it consistently
    - sched/fair: Fix low cpu usage with high throttling by removing expiration of
      cpu-local slices
    - sched/fair: Fix -Wunused-but-set-variable warnings

* [CML] New device IDs for CML-U (LP: #1843774)
    - i2c: i801: Add support for Intel Comet Lake
    - spi: pxa2xx: Add support for Intel Comet Lake

* CVE-2019-17666
    - SAUCE: rtlwifi: rtl8822b: Fix potential overflow on P2P code
    - SAUCE: rtlwifi: Fix potential overflow on P2P code

* md raid0/linear doesn't show error state if an array member is removed and
    allows successful writes (LP: #1847773)
    - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone

* Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x from yes
    to no (LP: #1848492)
    - [Config] Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x
      from yes to no

* [Packaging] Support building Flattened Image Tree (FIT) kernels
    (LP: #1847969)
    - [Packaging] add rules to build FIT image
    - [Packaging] force creation of headers directory

* bcache: Performance degradation when querying priority_stats (LP: #1840043)
    - bcache: add cond_resched() in __bch_cache_cmp()

* Add installer support for iwlmvm adapters (LP: #1848236)
    - d-i: Add iwlmvm to nic-modules

* Check for CPU Measurement sampling (LP: #1847590)
    - s390/cpumsf: Check for CPU Measurement sampling

* [CML-U] Comet lake platform need ISH driver support (LP: #1843775)
    - HID: intel-ish-hid: Add Comet Lake PCI device ID

* intel-lpss driver conflicts with write-combining MTRR region (LP: #1845584)
    - SAUCE: mfd: intel-lpss: add quirk for Dell XPS 13 7390 2-in-1

* Fix non-working Realtek USB ethernet after system resume (LP: #1847063)
    - r8152: remove extra action copying ethernet address
    - r8152: Refresh MAC address during USBDEVFS_RESET
    - r8152: Set macpassthru in reset_resume callback

* Ubuntu 18.04  - wrong cpu-mf counter number (LP: #1847109)
    - s390/cpum_cf: correct counter number of LAST_HOST_TRANSLATIONS

* PM / hibernate: fix potential memory corruption (LP: #1847118)
    - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation

* Microphone-Mute keyboard LED is always on/off on Dell Latitude 3310
    (LP: #1846453)
    - platform/x86: dell-laptop: Add 2-in-1 devices to the DMI whitelist
    - platform/x86: dell-laptop: Removed duplicates in DMI whitelist

* xHCI on AMD Stoney Ridge cannot detect USB 2.0 or 1.1 devices.
    (LP: #1846470)
    - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect

* CVE-2019-15098
    - ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()

* Bionic update: upstream stable patchset 2019-10-15 (LP: #1848274)
    - tpm: use tpm_try_get_ops() in tpm-sysfs.c.
    - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations
    - drm/bridge: tc358767: Increase AUX transfer length limit
    - drm/panel: simple: fix AUO g185han01 horizontal blanking
    - video: ssd1307fb: Start page range at page_offset
    - drm/stm: attach gem fence to atomic state
    - drm/radeon: Fix EEH during kexec
    - gpu: drm: radeon: Fix a possible null-pointer dereference in
      radeon_connector_set_property()
    - ipmi_si: Only schedule continuously in the thread in maintenance mode
    - clk: qoriq: Fix -Wunused-const-variable
    - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks
    - clk: sirf: Don't reference clk_init_data after registration
    - clk: zx296718: Don't reference clk_init_data after registration
    - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL
    - powerpc/rtas: use device model APIs and serialization during LPM
    - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this
      function
    - powerpc/pseries/mobility: use cond_resched when updating device tree
    - pinctrl: tegra: Fix write barrier placement in pmx_writel
    - vfio_pci: Restore original state on release
    - drm/nouveau/volt: Fix for some cards having 0 maximum voltage
    - drm/amdgpu/si: fix ASIC tests
    - powerpc/64s/exception: machine check use correct cfar for late handler
    - powerpc/pseries: correctly track irq state in default idle
    - arm64: fix unreachable code issue with cmpxchg
    - clk: at91: select parent if main oscillator or bypass is enabled
    - scsi: core: Reduce memory required for SCSI logging
    - dma-buf/sw_sync: Synchronize signal vs syncpt free
    - MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
    - i2c-cht-wc: Fix lockdep warning
    - PCI: tegra: Fix OF node reference leak
    - livepatch: Nullify obj->mod in klp_module_coming()'s error path
    - ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as
      writes
    - rtc: snvs: fix possible race condition
    - HID: apple: Fix stuck function keys when using FN
    - PCI: rockchip: Propagate errors for optional regulators
    - PCI: imx6: Propagate errors for optional regulators
    - PCI: exynos: Propagate errors for optional PHYs
    - security: smack: Fix possible null-pointer dereferences in
      smack_socket_sock_rcv_skb()
    - ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned
      address
    - fat: work around race with userspace's read via blockdev while mounting
    - pktcdvd: remove warning on attempting to register non-passthrough dev
    - hypfs: Fix error number left in struct pointer member
    - kbuild: clean compressed initramfs image
    - ocfs2: wait for recovering done after direct unlock request
    - kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
    - bpf: fix use after free in prog symbol exposure
    - cxgb4:Fix out-of-bounds MSI-X info array access
    - erspan: remove the incorrect mtu limit for erspan
    - hso: fix NULL-deref on tty open
    - ipv6: drop incoming packets having a v4mapped source address
    - net: ipv4: avoid mixed n_redirects and rate_tokens usage
    - net: qlogic: Fix memory leak in ql_alloc_large_buffers
    - net: Unpublish sk from sk_reuseport_cb before call_rcu
    - nfc: fix memory leak in llcp_sock_bind()
    - qmi_wwan: add support for Cinterion CLS8 devices
    - sch_dsmark: fix potential NULL deref in dsmark_init()
    - vsock: Fix a lockdep warning in __vsock_release()
    - net/rds: Fix error handling in rds_ib_add_one()
    - xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
    - tipc: fix unlimited bundling of small messages
    - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
    - ipv6: Handle missing host route in __ipv6_ifa_notify
    - Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
    - smack: use GFP_NOFS while holding inode_smack::smk_lock
    - NFC: fix attrs checks in netlink interface
    - kexec: bail out upon SIGKILL when allocating memory.
    - drm/panel: check failure cases in the probe func
    - drm/amd/display: reprogram VM config when system resume
    - pinctrl: amd: disable spurious-firing GPIO IRQs
    - pstore: fs superblock limits
    - pinctrl: meson-gxbb: Fix wrong pinning definition for uart_c
    - mbox: qcom: add APCS child device for QCS404
    - ARM: 8875/1: Kconfig: default to AEABI w/ Clang
    - arm64: consider stack randomization for mmap base only when necessary
    - mips: properly account for stack randomization and stack guard gap
    - arm: properly account for stack randomization and stack guard gap
    - arm: use STACK_TOP when computing mmap base address

* Bionic update: upstream stable patchset 2019-10-07 (LP: #1847155)
    - Revert "Bluetooth: validate BLE connection interval updates"
    - powerpc/xive: Fix bogus error code returned by OPAL
    - IB/core: Add an unbound WQ type to the new CQ API
    - HID: prodikeys: Fix general protection fault during probe
    - HID: sony: Fix memory corruption issue on cleanup.
    - HID: logitech: Fix general protection fault caused by Logitech driver
    - HID: hidraw: Fix invalid read in hidraw_ioctl
    - mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
    - crypto: talitos - fix missing break in switch statement
    - iwlwifi: mvm: send BCAST management frames to the right station
    - media: tvp5150: fix switch exit in set control handler
    - ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
    - arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field
    - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
    - ALSA: hda - Apply AMD controller workaround for Raven platform
    - objtool: Clobber user CFLAGS variable
    - pinctrl: sprd: Use define directive for sprd_pinconf_params values
    - power: supply: sysfs: ratelimit property read error message
    - irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
    - f2fs: check all the data segments against all node ones
    - PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
    - blk-mq: move cancel of requeue_work to the front of blk_exit_queue
    - Revert "f2fs: avoid out-of-range memory access"
    - dm zoned: fix invalid memory access
    - f2fs: fix to do sanity check on segment bitmap of LFS curseg
    - drm: Flush output polling on shutdown
    - net: don't warn in inet diag when IPV6 is disabled
    - ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
    - xfs: don't crash on null attr fork xfs_bmapi_read
    - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
    - f2fs: use generic EFSBADCRC/EFSCORRUPTED
    - arcnet: provide a buffer big enough to actually receive packets
    - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
    - macsec: drop skb sk before calling gro_cells_receive
    - net/phy: fix DP83865 10 Mbps HDX loopback disable function
    - net: qrtr: Stop rx_worker before freeing node
    - net/sched: act_sample: don't push mac header on ip6gre ingress
    - net_sched: add max len check for TCA_KIND
    - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
    - ppp: Fix memory leak in ppp_write
    - sch_netem: fix a divide by zero in tabledist()
    - skge: fix checksum byte order
    - usbnet: ignore endpoints with invalid wMaxPacketSize
    - usbnet: sanity checking of packet sizes and device mtu
    - net/mlx5: Add device ID of upcoming BlueField-2
    - mISDN: enforce CAP_NET_RAW for raw sockets
    - appletalk: enforce CAP_NET_RAW for raw sockets
    - ax25: enforce CAP_NET_RAW for raw sockets
    - ieee802154: enforce CAP_NET_RAW for raw sockets
    - nfc: enforce CAP_NET_RAW for raw sockets
    - ALSA: hda: Flush interrupts on disabling
    - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
    - ASoC: sgtl5000: Fix charge pump source assignment
    - dmaengine: bcm2835: Print error in case setting DMA mask fails
    - leds: leds-lp5562 allow firmware files up to the maximum length
    - media: dib0700: fix link error for dibx000_i2c_set_speed
    - media: mtk-cir: lower de-glitch counter for rc-mm protocol
    - media: exynos4-is: fix leaked of_node references
    - media: hdpvr: Add device num check and handling
    - media: i2c: ov5640: Check for devm_gpiod_get_optional() error
    - sched/fair: Fix imbalance due to CPU affinity
    - sched/core: Fix CPU controller for !RT_GROUP_SCHED
    - x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI
      fails
    - x86/apic: Soft disable APIC before initializing it
    - ALSA: hda - Show the fatal CORB/RIRB error more clearly
    - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in
      build_adc_controls()
    - EDAC/mc: Fix grain_bits calculation
    - media: iguanair: add sanity checks
    - base: soc: Export soc_device_register/unregister APIs
    - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
    - ia64:unwind: fix double free for mod->arch.init_unw_table
    - EDAC/altera: Use the proper type for the IRQ status bits
    - ASoC: rsnd: don't call clk_get_rate() under atomic context
    - md/raid1: end bio when the device faulty
    - md: don't call spare_active in md_reap_sync_thread if all member devices
      can't work
    - md: don't set In_sync if array is frozen
    - ACPI / processor: don't print errors for processorIDs == 0xff
    - EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
    - efi: cper: print AER info of PCIe fatal error
    - sched/fair: Use rq_lock/unlock in online_fair_sched_group
    - media: gspca: zero usb_buf on error
    - perf test vfs_getname: Disable ~/.perfconfig to get default output
    - media: mtk-mdp: fix reference count on old device tree
    - media: fdp1: Reduce FCP not found message level to debug
    - media: rc: imon: Allow iMON RC protocol for ffdc 7e device
    - dmaengine: iop-adma: use correct printk format strings
    - perf record: Support aarch64 random socket_id assignment
    - media: i2c: ov5645: Fix power sequence
    - media: omap3isp: Don't set streaming state on random subdevs
    - media: imx: mipi csi-2: Don't fail if initial state times-out
    - net: lpc-enet: fix printk format strings
    - ARM: dts: imx7d: cl-som-imx7: make ethernet work again
    - media: radio/si470x: kill urb on error
    - media: hdpvr: add terminating 0 at end of string
    - nbd: add missing config put
    - media: dvb-core: fix a memory leak bug
    - libperf: Fix alignment trap with xyarray contents in 'perf stat'
    - EDAC/amd64: Recognize DRAM device type ECC capability
    - EDAC/amd64: Decode syndrome before translating address
    - PM / devfreq: passive: Use non-devm notifiers
    - PM / devfreq: exynos-bus: Correct clock enable sequence
    - media: cec-notifier: clear cec_adap in cec_notifier_unregister
    - media: saa7146: add cleanup in hexium_attach()
    - media: cpia2_usb: fix memory leaks
    - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
    - perf trace beauty ioctl: Fix off-by-one error in cmd->string table
    - media: ov9650: add a sanity check
    - ASoC: es8316: fix headphone mixer volume table
    - ACPI / CPPC: do not require the _PSD method
    - arm64: kpti: ensure patched kernel text is fetched from PoU
    - nvmet: fix data units read and written counters in SMART log
    - iommu/amd: Silence warnings under memory pressure
    - iommu/iova: Avoid false sharing on fq_timer_on
    - libtraceevent: Change users plugin directory
    - ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
    - ACPI: custom_method: fix memory leaks
    - ACPI / PCI: fix acpi_pci_irq_enable() memory leak
    - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
    - md/raid1: fail run raid1 array when active disk less than one
    - dmaengine: ti: edma: Do not reset reserved paRAM slots
    - kprobes: Prohibit probing on BUG() and WARN() address
    - s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
    - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
    - raid5: don't set STRIPE_HANDLE to stripe which is in batch list
    - mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
    - mmc: sdhci: Fix incorrect switch to HS mode
    - raid5: don't increment read_errors on EILSEQ return
    - libertas: Add missing sentinel at end of if_usb.c fw_table
    - ALSA: hda - Drop unsol event handler for Intel HDMI codecs
    - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
    - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
    - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
    - btrfs: extent-tree: Make sure we only allocate extents from block groups
      with the same type
    - media: omap3isp: Set device on omap3isp subdevs
    - PM / devfreq: passive: fix compiler warning
    - ALSA: firewire-tascam: handle error code when getting current source of
      clock
    - ALSA: firewire-tascam: check intermediate state of clock status and retry
    - scsi: scsi_dh_rdac: zero cdb in send_mode_select()
    - printk: Do not lose last line in kmsg buffer dump
    - IB/hfi1: Define variables as unsigned long to fix KASAN warning
    - randstruct: Check member structs in is_pure_ops_struct()
    - ALSA: hda/realtek - Fixup mute led on HP Spectre x360
    - fuse: fix missing unlock_page in fuse_writepage()
    - parisc: Disable HP HSC-PCI Cards to prevent kernel crash
    - x86/retpolines: Fix up backport of a9d57ef15cbe
    - KVM: x86: always stop emulation on page fault
    - KVM: x86: set ctxt->have_exception in x86_decode_insn()
    - KVM: x86: Manually calculate reserved bits when loading PDPTRS
    - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
    - binfmt_elf: Do not move brk for INTERP-less ET_EXEC
    - ASoC: Intel: NHLT: Fix debug print format
    - ASoC: Intel: Skylake: Use correct function to access iomem space
    - ASoC: Intel: Fix use of potentially uninitialized variable
    - ARM: samsung: Fix system restart on S3C6410
    - ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
    - arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
    - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
    - regulator: Defer init completion for a while after late_initcall
    - gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
    - memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
    - memcg, kmem: do not fail __GFP_NOFAIL charges
    - ovl: filter of trusted xattr results in audit
    - Btrfs: fix use-after-free when using the tree modification log
    - btrfs: Relinquish CPUs in btrfs_compare_trees
    - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
    - md/raid6: Set R5_ReadError when there is read failure on parity disk
    - md: don't report active array_state until after revalidate_disk() completes.
    - md: only call set_in_sync() when it is expected to succeed.
    - cfg80211: Purge frame registrations on iftype change
    - /dev/mem: Bail out upon SIGKILL.
    - ext4: fix warning inside ext4_convert_unwritten_extents_endio
    - ext4: fix punch hole for inline_data file systems
    - quota: fix wrong condition in is_quota_modification()
    - hwrng: core - don't wait on add_early_randomness()
    - i2c: riic: Clear NACK in tend isr
    - CIFS: fix max ea value size
    - CIFS: Fix oplock handling for SMB 2.1+ protocols
    - md/raid0: avoid RAID0 data corruption due to layout confusion.
    - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new
      zone
    - btrfs: qgroup: Drop quota_root and fs_info parameters from
      update_qgroup_status_item
    - Btrfs: fix race setting up and completing qgroup rescan workers
    - net/ibmvnic: free reset work of removed device from queue
    - HID: Add quirk for HP X500 PIXART OEM mouse
    - net/mlx5e: Set ECN for received packets using CQE indication
    - net/mlx5e: don't set CHECKSUM_COMPLETE on SCTP packets
    - mlx5: fix get_ip_proto()
    - net/mlx5e: Allow reporting of checksum unnecessary
    - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded
    - net/mlx5e: Rx, Check ip headers sanity
    - bcache: remove redundant LIST_HEAD(journal) from run_cache_set()
    - initramfs: don't free a non-existent initrd
    - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs
    - net/ibmvnic: Fix missing { in __ibmvnic_reset
    - net_sched: check cops->tcf_block in tc_bind_tclass()
    - loop: Add LOOP_SET_BLOCK_SIZE in compat ioctl
    - loop: Add LOOP_SET_DIRECT_IO to compat ioctl
    - perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig
    - ASoC: sun4i-i2s: Don't use the oversample to calculate BCLK
    - posix-cpu-timers: Sanitize bogus WARNONS
    - x86/apic/vector: Warn when vector space exhaustion breaks affinity
    - x86/mm/pti: Do not invoke PTI functions when PTI is disabled
    - x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable()
    - libata/ahci: Drop PCS quirk for Denverton and beyond
    - x86/cpu: Add Tiger Lake to Intel family
    - platform/x86: intel_pmc_core: Do not ioremap RAM
    - mmc: core: Add helper function to indicate if SDIO IRQs is enabled
    - mmc: dw_mmc: Re-store SDIO IRQs mask at system resume
    - iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36
    - Revert "ceph: use ceph_evict_inode to cleanup inode's resource"
    - ceph: use ceph_evict_inode to cleanup inode's resource
    - ALSA: hda/realtek - PCI quirk for Medion E4254
    - smb3: allow disabling requesting leases
    - btrfs: fix allocation of free space cache v1 bitmap pages
    - drm/amd/display: Restore backlight brightness after system resume

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 06 Nov 2019 10:28:28 +0100

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-11-12:

#6

Download full text (18.6 KiB)

This bug was fixed in the package linux - 4.4.0-168.197

---------------
linux (4.4.0-168.197) xenial; urgency=medium

  * CVE-2018-12207
    - KVM: x86: MMU: Encapsulate the type of rmap-chain head in a new struct
    - KVM: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault()
    - KVM: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault()
    - KVM: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed
    - KVM: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage
    - KVM: x86: MMU: Make mmu_set_spte() return emulate value
    - KVM: x86: MMU: Move initialization of parent_ptes out from
      kvm_mmu_alloc_page()
    - KVM: x86: MMU: always set accessed bit in shadow PTEs
    - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to
      link_shadow_page()
    - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page()
    - KVM: x86: simplify ept_misconfig
    - KVM: x86: extend usage of RET_MMIO_PF_* constants
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

  * CVE-2019-11135
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

  * CVE-2019-0154
    - SAUCE: i915_bpo: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: i915_bpo: drm/i915/gen8+: Add RC6 CTX corruption WA
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

  * CVE-2019-0155
    - SAUCE: i915_bpo: drm/i915/gtt: Add read only pages to gen8_pte_encode
    - SAUCE: i915_bpo: drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - SAUCE: i915_bpo: drm/i915/gtt: Disable read-on...

This bug was fixed in the package linux - 4.4.0-168.197

---------------
linux (4.4.0-168.197) xenial; urgency=medium

* CVE-2018-12207
    - KVM: x86: MMU: Encapsulate the type of rmap-chain head in a new struct
    - KVM: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault()
    - KVM: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault()
    - KVM: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed
    - KVM: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage
    - KVM: x86: MMU: Make mmu_set_spte() return emulate value
    - KVM: x86: MMU: Move initialization of parent_ptes out from
      kvm_mmu_alloc_page()
    - KVM: x86: MMU: always set accessed bit in shadow PTEs
    - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to
      link_shadow_page()
    - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page()
    - KVM: x86: simplify ept_misconfig
    - KVM: x86: extend usage of RET_MMIO_PF_* constants
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT

* CVE-2019-11135
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible

* CVE-2019-0154
    - SAUCE: i915_bpo: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: i915_bpo: drm/i915/gen8+: Add RC6 CTX corruption WA
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA

* CVE-2019-0155
    - SAUCE: i915_bpo: drm/i915/gtt: Add read only pages to gen8_pte_encode
    - SAUCE: i915_bpo: drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - SAUCE: i915_bpo: drm/i915/gtt: Disable read-only support under GVT
    - SAUCE: i915_bpo: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: i915_bpo: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: i915_bpo: drm/i915/cmdparser: Use binary search for faster register
      lookup
    - SAUCE: i915_bpo: drm/i915/cmdparser: Check reg_table_count before
      derefencing.
    - SAUCE: i915_bpo: drm/i915: Remove Master tables from cmdparser
    - SAUCE: i915_bpo: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: i915_bpo: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: i915_bpo: drm/i915: Allow parsing of unsized batches
    - SAUCE: i915_bpo: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: i915_bpo: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: i915_bpo: drm/i915/cmdparser: Ignore Length operands during command
      matching

linux (4.4.0-167.196) xenial; urgency=medium

* xenial/linux: 4.4.0-167.196 -proposed tracker (LP: #1849051)

* Xenial update: 4.4.197 upstream stable release (LP: #1848780)
    - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
    - s390/topology: avoid firing events before kobjs are created
    - s390/cio: avoid calling strlen on null pointer
    - s390/cio: exclude subchannels with no parent from pseudo check
    - KVM: nVMX: handle page fault in vmread fix
    - ASoC: Define a set of DAPM pre/post-up events
    - powerpc/powernv: Restrict OPAL symbol map to only be readable by root
    - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
    - crypto: qat - Silence smp_processor_id() warning
    - ieee802154: atusb: fix use-after-free at disconnect
    - cfg80211: initialize on-stack chandefs
    - ima: always return negative code for error
    - fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
    - 9p: avoid attaching writeback_fid on mmap with type PRIVATE
    - xen/pci: reserve MCFG areas earlier
    - ceph: fix directories inode i_blkbits initialization
    - drm/amdgpu: Check for valid number of registers to read
    - thermal: Fix use-after-free when unregistering thermal zone device
    - fuse: fix memleak in cuse_channel_open
    - kernel/elfcore.c: include proper prototypes
    - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
    - perf stat: Fix a segmentation fault when using repeat forever
    - crypto: caam - fix concurrency issue in givencrypt descriptor
    - cfg80211: add and use strongly typed element iteration macros
    - cfg80211: Use const more consistently in for_each_element macros
    - nl80211: validate beacon head
    - ASoC: sgtl5000: Improve VAG power and mute control
    - panic: ensure preemption is disabled during panic()
    - [Config] updateconfigs for USB_RIO500
    - USB: rio500: Remove Rio 500 kernel driver
    - USB: yurex: Don't retry on unexpected errors
    - USB: yurex: fix NULL-derefs on disconnect
    - USB: usb-skeleton: fix runtime PM after driver unbind
    - USB: usb-skeleton: fix NULL-deref on disconnect
    - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
    - xhci: Check all endpoints for LPM timeout
    - usb: xhci: wait for CNR controller not ready bit in xhci resume
    - USB: adutux: remove redundant variable minor
    - USB: adutux: fix use-after-free on disconnect
    - USB: adutux: fix NULL-derefs on disconnect
    - USB: adutux: fix use-after-free on release
    - USB: iowarrior: fix use-after-free on disconnect
    - USB: iowarrior: fix use-after-free on release
    - USB: iowarrior: fix use-after-free after driver unbind
    - USB: usblp: fix runtime PM after driver unbind
    - USB: chaoskey: fix use-after-free on release
    - USB: ldusb: fix NULL-derefs on driver unbind
    - serial: uartlite: fix exit path null pointer
    - USB: serial: keyspan: fix NULL-derefs on open() and write()
    - USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
    - USB: serial: option: add Telit FN980 compositions
    - USB: serial: option: add support for Cinterion CLS8 devices
    - USB: serial: fix runtime PM after driver unbind
    - USB: usblcd: fix I/O after disconnect
    - USB: microtek: fix info-leak at probe
    - USB: dummy-hcd: fix power budget for SuperSpeed mode
    - usb: renesas_usbhs: gadget: Do not discard queues in
      usb_ep_set_{halt,wedge}()
    - usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
    - USB: legousbtower: fix slab info leak at probe
    - USB: legousbtower: fix deadlock on disconnect
    - USB: legousbtower: fix potential NULL-deref on disconnect
    - USB: legousbtower: fix open after failed reset request
    - USB: legousbtower: fix use-after-free on release
    - staging: vt6655: Fix memory leak in vt6655_probe
    - iio: adc: ad799x: fix probe error handling
    - iio: light: opt3001: fix mutex unlock race
    - perf llvm: Don't access out-of-scope array
    - CIFS: Gracefully handle QueryInfo errors during open
    - CIFS: Force reval dentry if LOOKUP_REVAL flag is set
    - kernel/sysctl.c: do not override max_threads provided by userspace
    - arm64: capabilities: Handle sign of the feature bit
    - arm64: Rename cpuid_feature field extract routines
    - Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
    - cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
    - CIFS: Force revalidate inode when dentry is stale
    - media: stkwebcam: fix runtime PM after driver unbind
    - tracing: Get trace_array reference for available_tracers files
    - x86/asm: Fix MWAITX C-state hint value
    - Linux 4.4.197
    - [Config] updateconfigs for USB_RIO500

* CVE-2019-17666
    - SAUCE: rtlwifi: Fix potential overflow on P2P code

* Suspend stopped working from 4.4.0-157 onwards (LP: #1844021) // Xenial
    update: 4.4.197 upstream stable release (LP: #1848780)
    - xhci: Increase STS_SAVE timeout in xhci_suspend()

* Ubuntu 16.04.6 - Shared CEX7C cards defined in z/VM guest not established by
    zcrypt device driver (LP: #1848173)
    - SAUCE: s390/zcrypt: CEX7 toleration support

* Xenial update: 4.4.196 upstream stable release (LP: #1848598)
    - video: ssd1307fb: Start page range at page_offset
    - gpu: drm: radeon: Fix a possible null-pointer dereference in
      radeon_connector_set_property()
    - ipmi_si: Only schedule continuously in the thread in maintenance mode
    - clk: qoriq: Fix -Wunused-const-variable
    - clk: sirf: Don't reference clk_init_data after registration
    - powerpc/rtas: use device model APIs and serialization during LPM
    - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this
      function
    - powerpc/pseries/mobility: use cond_resched when updating device tree
    - pinctrl: tegra: Fix write barrier placement in pmx_writel
    - vfio_pci: Restore original state on release
    - powerpc/64s/exception: machine check use correct cfar for late handler
    - powerpc/pseries: correctly track irq state in default idle
    - scsi: core: Reduce memory required for SCSI logging
    - mfd: intel-lpss: Remove D3cold delay
    - ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as
      writes
    - HID: apple: Fix stuck function keys when using FN
    - security: smack: Fix possible null-pointer dereferences in
      smack_socket_sock_rcv_skb()
    - fat: work around race with userspace's read via blockdev while mounting
    - hypfs: Fix error number left in struct pointer member
    - ocfs2: wait for recovering done after direct unlock request
    - kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
    - ANDROID: binder: remove waitqueue when thread exits.
    - ANDROID: binder: synchronize_rcu() when using POLLFREE.
    - hso: fix NULL-deref on tty open
    - ipv6: drop incoming packets having a v4mapped source address
    - net: ipv4: avoid mixed n_redirects and rate_tokens usage
    - net: qlogic: Fix memory leak in ql_alloc_large_buffers
    - nfc: fix memory leak in llcp_sock_bind()
    - sch_dsmark: fix potential NULL deref in dsmark_init()
    - xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
    - net/rds: Fix error handling in rds_ib_add_one()
    - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
    - Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
    - smack: use GFP_NOFS while holding inode_smack::smk_lock
    - NFC: fix attrs checks in netlink interface
    - Linux 4.4.196

* Xenial update: 4.4.195 upstream stable release (LP: #1848589)
    - Revert "Bluetooth: validate BLE connection interval updates"
    - HID: prodikeys: Fix general protection fault during probe
    - HID: lg: make transfer buffers DMA capable
    - HID: logitech: Fix general protection fault caused by Logitech driver
    - HID: hidraw: Fix invalid read in hidraw_ioctl
    - mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
    - crypto: talitos - fix missing break in switch statement
    - net: rds: Fix NULL ptr use in rds_tcp_kill_sock
    - ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
    - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
    - SAUCE: Revert "mac80211: handle deauthentication/disassociation from TDLS
      peer"
    - mac80211: Print text for disassociation reason
    - mac80211: handle deauthentication/disassociation from TDLS peer
    - locking/lockdep: Add debug_locks check in __lock_downgrade()
    - irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
    - f2fs: check all the data segments against all node ones
    - Revert "f2fs: avoid out-of-range memory access"
    - f2fs: fix to do sanity check on segment bitmap of LFS curseg
    - drm: Flush output polling on shutdown
    - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
    - arcnet: provide a buffer big enough to actually receive packets
    - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
    - net/phy: fix DP83865 10 Mbps HDX loopback disable function
    - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
    - sch_netem: fix a divide by zero in tabledist()
    - skge: fix checksum byte order
    - usbnet: ignore endpoints with invalid wMaxPacketSize
    - usbnet: sanity checking of packet sizes and device mtu
    - ALSA: hda: Flush interrupts on disabling
    - ASoC: sgtl5000: Fix charge pump source assignment
    - dmaengine: bcm2835: Print error in case setting DMA mask fails
    - leds: leds-lp5562 allow firmware files up to the maximum length
    - media: dib0700: fix link error for dibx000_i2c_set_speed
    - media: hdpvr: Add device num check and handling
    - sched/fair: Fix imbalance due to CPU affinity
    - sched/core: Fix CPU controller for !RT_GROUP_SCHED
    - x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI
      fails
    - x86/apic: Soft disable APIC before initializing it
    - ALSA: hda - Show the fatal CORB/RIRB error more clearly
    - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in
      build_adc_controls()
    - media: iguanair: add sanity checks
    - base: soc: Export soc_device_register/unregister APIs
    - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
    - ia64:unwind: fix double free for mod->arch.init_unw_table
    - md: don't call spare_active in md_reap_sync_thread if all member devices
      can't work
    - md: don't set In_sync if array is frozen
    - efi: cper: print AER info of PCIe fatal error
    - media: gspca: zero usb_buf on error
    - dmaengine: iop-adma: use correct printk format strings
    - media: omap3isp: Don't set streaming state on random subdevs
    - net: lpc-enet: fix printk format strings
    - media: radio/si470x: kill urb on error
    - media: hdpvr: add terminating 0 at end of string
    - media: saa7146: add cleanup in hexium_attach()
    - media: cpia2_usb: fix memory leaks
    - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
    - media: ov9650: add a sanity check
    - ACPI / CPPC: do not require the _PSD method
    - libtraceevent: Change users plugin directory
    - ACPI: custom_method: fix memory leaks
    - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
    - md/raid1: fail run raid1 array when active disk less than one
    - dmaengine: ti: edma: Do not reset reserved paRAM slots
    - kprobes: Prohibit probing on BUG() and WARN() address
    - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
    - mmc: sdhci: Fix incorrect switch to HS mode
    - libertas: Add missing sentinel at end of if_usb.c fw_table
    - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
    - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
    - btrfs: extent-tree: Make sure we only allocate extents from block groups
      with the same type
    - media: omap3isp: Set device on omap3isp subdevs
    - ALSA: firewire-tascam: handle error code when getting current source of
      clock
    - ALSA: firewire-tascam: check intermediate state of clock status and retry
    - printk: Do not lose last line in kmsg buffer dump
    - fuse: fix missing unlock_page in fuse_writepage()
    - parisc: Disable HP HSC-PCI Cards to prevent kernel crash
    - KVM: x86: always stop emulation on page fault
    - KVM: x86: set ctxt->have_exception in x86_decode_insn()
    - KVM: x86: Manually calculate reserved bits when loading PDPTRS
    - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
    - ASoC: Intel: Fix use of potentially uninitialized variable
    - ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
    - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
    - md/raid6: Set R5_ReadError when there is read failure on parity disk
    - cfg80211: Purge frame registrations on iftype change
    - /dev/mem: Bail out upon SIGKILL.
    - ext4: fix punch hole for inline_data file systems
    - quota: fix wrong condition in is_quota_modification()
    - hwrng: core - don't wait on add_early_randomness()
    - i2c: riic: Clear NACK in tend isr
    - CIFS: Fix oplock handling for SMB 2.1+ protocols
    - ovl: filter of trusted xattr results in audit
    - Btrfs: fix use-after-free when using the tree modification log
    - btrfs: Relinquish CPUs in btrfs_compare_trees
    - Btrfs: fix race setting up and completing qgroup rescan workers
    - Linux 4.4.195

* [Packaging] Support building Flattened Image Tree (FIT) kernels
    (LP: #1847969)
    - [Packaging] add rules to build FIT image
    - [Packaging] force creation of headers directory

* bcache: Performance degradation when querying priority_stats (LP: #1840043)
    - bcache: add cond_resched() in __bch_cache_cmp()

* Add installer support for iwlmvm adapters (LP: #1848236)
    - d-i: Add iwlmvm to nic-modules

* Bad posix clock speculation mitigation backport (LP: #1847189)
    - SAUCE: Fix posix clock speculation mitigation backport

* PM / hibernate: fix potential memory corruption (LP: #1847118)
    - PM / hibernate: memory_bm_find_bit -- tighten node optimisation

* CVE-2019-17056
    - nfc: enforce CAP_NET_RAW for raw sockets

* CVE-2019-17055
    - mISDN: enforce CAP_NET_RAW for raw sockets

* CVE-2019-17054
    - appletalk: enforce CAP_NET_RAW for raw sockets

* CVE-2019-17053
    - ieee802154: enforce CAP_NET_RAW for raw sockets

* CVE-2019-17052
    - ax25: enforce CAP_NET_RAW for raw sockets

* CVE-2019-15098
    - ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()

* arm64: sigaltstack fails with MINSIGSTKSZ for 32-bit processes
    (LP: #1844155)
    - signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
    - arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 06 Nov 2019 09:50:06 +0100

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2020-01-06

Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Ubuntu
linux package

[Packaging] Support building Flattened Image Tree (FIT) kernels

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Invalid	Undecided	Unassigned
Xenial	Fix Released	High	Unassigned
Bionic	Fix Released	High	Unassigned

Ubuntulinux package

[Packaging] Support building Flattened Image Tree (FIT) kernels

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package