Bionic update: upstream stable patchset 2020-10-23
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Kamal Mostafa |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2020-10-23
from git://git.
af_key: pfkey_dump needs parameter validation
KVM: fix memory leak in kvm_io_
kprobes: fix kill kprobe which has been marked as gone
mm/thp: fix __split_
cxgb4: Fix offset when clearing filter byte counters
geneve: add transport ports in route lookup for geneve
hdlc_ppp: add range checks in ppp_cp_parse_cr()
ip: fix tos reflection in ack and reset packets
net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
nfp: use correct define to return NONE fec
tipc: Fix memory leak in tipc_group_
tipc: fix shutdown() of connection oriented socket
tipc: use skb_unshare() instead in tipc_buf_append()
bnxt_en: Protect bnxt_set_eee() and bnxt_set_
net: phy: Avoid NPD upon phy_detach() when driver is unbound
net: qrtr: check skb_put_padto() return value
net: add __must_check to skb_put_padto()
ipv4: Update exception handling for multipath routes via same device
MAINTAINERS: add CLANG/LLVM BUILD SUPPORT info
Documentation/llvm: add documentation on building w/ Clang/LLVM
Documentation/llvm: fix the name of llvm-size
net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding firmware
net: wan: wanxl: use $(M68KCC) instead of $(M68KAS) for rebuilding firmware
kbuild: replace AS=clang with LLVM_IAS=1
tcp_bbr: refactor bbr_target_cwnd() for general inflight provisioning
tcp_bbr: adapt cwnd based on ack aggregation estimation
serial: 8250: Avoid error message on reprobe
RDMA/ucma: ucma_context reference leak in error path
mm: fix double page fault on arm64 if PTE_AF is cleared
scsi: aacraid: fix illegal IO beyond last LBA
m68k: q40: Fix info-leak in rtc_ioctl
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
ASoC: kirkwood: fix IRQ error handling
media: smiapp: Fix error handling at NVM reading
arch/x86/
x86/ioapic: Unbreak check_timer()
ALSA: usb-audio: Add delay quirk for H570e USB headsets
ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
scsi: fnic: fix use after free
clk/ti/adpll: allocate room for terminating null
mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
mfd: mfd-core: Protect against NULL call-back function pointer
tracing: Adding NULL checks for trace_array descriptor pointer
bcache: fix a lost wake-up problem caused by mca_cannibalize
RDMA/i40iw: Fix potential use after free
xfs: fix attr leaf header freemap.size underflow
RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
mmc: core: Fix size overflow for mmc partitions
gfs2: clean up iopen glock mess in gfs2_create_inode
debugfs: Fix !DEBUG_FS debugfs_
CIFS: Properly process SMB3 lease breaks
kernel/sys.c: avoid copying possible padding bytes in copy_to_user
neigh_stat_
rt_cpu_seq_next should increase position index
seqlock: Require WRITE_ONCE surrounding raw_seqcount_
media: ti-vpe: cal: Restrict DMA to avoid memory corruption
ACPI: EC: Reference count query handlers under lock
dmaengine: zynqmp_dma: fix burst length configuration
powerpc/eeh: Only dump stack once if an MMIO loop is detected
tracing: Set kernel_stack's caller size properly
ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
selftests/ftrace: fix glob selftest
tools/power/
Bluetooth: Fix refcount use-after-free issue
mm: pagewalk: fix termination condition in walk_pte_range()
Bluetooth: prefetch channel before killing sock
ALSA: hda: Clear RIRB status before reading WP
skbuff: fix a data race in skb_queue_len()
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
selinux: sel_avc_
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
scsi: lpfc: Fix coverity errors in fmdi attribute handling
drm/omap: fix possible object reference leak
perf test: Fix test trace+probe_
RDMA/rxe: Fix configuration of atomic queue pair attributes
KVM: x86: fix incorrect comparison in trace event
media: staging/imx: Missing assignment in imx_media_
x86/pkeys: Add check for pkey "overflow"
bpf: Remove recursion prevention from rcu free callback
dmaengine: tegra-apb: Prevent race conditions on channel's freeing
media: go7007: Fix URB type for interrupt handling
Bluetooth: guard against controllers sending zero'd events
timekeeping: Prevent 32bit truncation in scale64_
ext4: fix a data race at inode->i_disksize
mm: avoid data corruption on CoW fault into PFN-mapped VMA
drm/amdgpu: increase atombios cmd timeout
ath10k: use kzalloc to read for ath10k_
scsi: aacraid: Disabling TM path and only processing IOP reset
Bluetooth: L2CAP: handle l2cap config request during open state
media: tda10071: fix unsigned sign extension overflow
xfs: don't ever return a stale pointer from __xfs_dir3_
tpm: ibmvtpm: Wait for buffer to be set before proceeding
rtc: ds1374: fix possible race condition
tracing: Use address-of operator on section symbols
serial: 8250_port: Don't service RX FIFO if throttled
serial: 8250_omap: Fix sleeping function called from invalid context during probe
serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
perf cpumap: Fix snprintf overflow check
cpufreq: powernv: Fix frame-size-overflow in powernv_
tools: gpio-hammer: Avoid potential overflow in main
RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
svcrdma: Fix leak of transport addresses
ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor
NFS: Fix races nfs_page_
mm/kmemleak.c: use address-of operator on section symbols
mm/filemap.c: clear page error before actual read
mm/vmscan.c: fix data races using kswapd_
mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
scsi: qedi: Fix termination timeouts in session logout
serial: uartps: Wait for tx_empty in console setup
KVM: Remove CREATE_
bdev: Reduce time holding bd_mutex in sync in blkdev_close()
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
sparc64: vcc: Fix error return code in vcc_probe()
arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]
dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion
atm: fix a memory leak of vcc->user_back
power: supply: max17040: Correct voltage reading
phy: samsung: s5pv210-usb2: Add delay after reset
Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
tty: serial: samsung: Correct clock selection logic
ALSA: hda: Fix potential race in unsol event handler
powerpc/traps: Make unrecoverable NMIs die instead of panic
fuse: don't check refcount after stealing page
USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register
e1000: Do not perform reset in reset_task if we are already down
drm/nouveau/
printk: handle blank console arguments passed in.
usb: dwc3: Increase timeout for CmdAct cleared by device controller
btrfs: don't force read-only after error in drop snapshot
vfio/pci: fix memory leaks of eventfd ctx
perf util: Fix memory leak of prefix_if_not_in
perf kcore_copy: Fix module map when there are no modules loaded
mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
ceph: fix potential race in ceph_check_caps
mm/swap_state: fix a data race in swapin_nr_pages
rapidio: avoid data race between file operation callbacks and mport_cdev_add().
mtd: parser: cmdline: Support MTD names containing one or more colons
x86/speculation
vfio/pci: Clear error and request eventfd ctx after releasing
cifs: Fix double add page to memcg when cifs_readpages
scsi: libfc: Handling of extra kref
scsi: libfc: Skip additional kref updating work event
selftests/
vfio/pci: fix racy on error and request eventfd ctx
btrfs: qgroup: fix data leak caused by race between writeback and truncate
s390/init: add missing __init annotations
i2c: core: Call i2c_acpi_
objtool: Fix noreturn detection for ignored functions
ieee802154: fix one possible memleak in ca8210_dev_com_init
ieee802154/adf7242: check status of adf7242_read_reg
clocksource/
batman-adv: bla: fix type misuse for backbone_gw hash indexing
atm: eni: fix the missed pci_disable_
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
mac802154: tx: fix use-after-free
drm/vc4/vc4_hdmi: fill ASoC card owner
net: qed: RDMA personality shouldn't fail VF load
batman-adv: Add missing include for in_interrupt()
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
ALSA: asihpi: fix iounmap in error handler
MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
s390/dasd: Fix zero write for FBA devices
kprobes: Fix to check probe enabled before disarm_
mm, THP, swap: fix allocating cluster for swapfile by mistake
lib/string.c: implement stpcpy
ata: define AC_ERR_OK
ata: make qc_prep return ata_completion_
ata: sata_mv, avoid trigerrable BUG_ON
media: mc-device.c: fix memleak in media_device_
tpm_crb: fix fTPM on AMD Zen+ CPUs
RDMA/qedr: Fix potential use after free
fix dget_parent() fastpath race
scsi: pm80xx: Cleanup command when a reset times out
ASoC: max98090: remove msleep in PLL unlocked workaround
ipv6_route_seq_next should increase position index
scsi: ufs: Fix a race condition in the tracing code
s390/cpum_sf: Use kzalloc and minor changes
ceph: ensure we have a new cap before continuing in fill_inode
mm/swapfile.c: swap_next should increase position index
dmaengine: stm32-mdma: use vchan_terminate
dmaengine: stm32-dma: use vchan_terminate
drm/amd/display: dal_ddc_
firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp
random: fix data races at timer_rand_state
bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal
perf jevents: Fix leak of mapfile memory
xfs: mark dir corrupt when lookup-by-hash fails
rtc: sa1100: fix possible race condition
nfsd: Don't add locks to closed or closing open stateids
KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like the valid ones
thermal: rcar_thermal: Handle probe error gracefully
nvme: Fix controller creation races with teardown flow
scsi: hpsa: correct race condition in offload enabled
PCI: Use ioremap(), not phys_to_virt() for platform ROM
KVM: arm64: vgic-its: Fix memory leak on the error path of vgic_add_lpi()
net: openvswitch: use u64 for meter bucket
scsi: aacraid: Fix error handling paths in aac_probe_one()
scsi: cxlflash: Fix error return code in cxlflash_probe()
drm/nouveau: fix runtime pm imbalance on error
perf evsel: Fix 2 memory leaks
perf stat: Fix duration_time value for higher intervals
perf metricgroup: Free metric_events on error
ASoC: img-i2s-out: Fix runtime PM imbalance on error
wlcore: fix runtime pm imbalance in wl1271_tx_work
nvme: fix possible deadlock when I/O is blocked
net: openvswitch: use div_u64() for 64-by-32 divisions
nvme: explicitly update mpath disk capacity on revalidation
ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
drm/amdkfd: fix a memory leak issue
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE
KVM: SVM: Add a dedicated INVD intercept routine
s390/zcrypt: Fix ZCRYPT_
kprobes: Fix compiler warning for !CONFIG_
KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch
UBUNTU: upstream stable to v4.14.200, v4.19.149
CVE References
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu Bionic): | |
status: | New → In Progress |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
description: | updated |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
status: | Confirmed → Invalid |
This bug was fixed in the package linux - 4.15.0-126.129
---------------
linux (4.15.0-126.129) bionic; urgency=medium
* bionic/linux: 4.15.0-126.129 -proposed tracker (LP: #1905305)
* CVE-2020-4788 RELON_EXCEPTION _PSERIES_ OOL
- SAUCE: powerpc/64s: Define MASKABLE_
- SAUCE: powerpc/64s: move some exception handlers out of line
- powerpc/64s: flush L1D on kernel entry
- SAUCE: powerpc: Add a framework for user access tracking
- powerpc: Implement user_access_begin and friends
- powerpc: Fix __clear_user() with KUAP enabled
- powerpc/uaccess: Evaluate macro arguments once, before user access is
allowed
- powerpc/64s: flush L1D after user accesses
linux (4.15.0-125.128) bionic; urgency=medium
* bionic/linux: 4.15.0-125.128 -proposed tracker (LP: #1903137)
* Update kernel packaging to support forward porting kernels (LP: #1902957)
- [Debian] Update for leader included in BACKPORT_SUFFIX
* Avoid double newline when running insertchanges (LP: #1903293)
- [Packaging] insertchanges: avoid double newline
* EFI: Fails when BootCurrent entry does not exist (LP: #1899993)
- efivarfs: Replace invalid slashes with exclamation marks in dentries.
* CVE-2020-14351
- perf/core: Fix race in the perf_mmap_close() function
* raid10: Block discard is very slow, causing severe delays for mkfs and discard_ bio() for submitting discard bio
fstrim operations (LP: #1896578)
- md: add md_submit_
- md/raid10: extend r10bio devs to raid disks
- md/raid10: pull codes that wait for blocked dev into one function
- md/raid10: improve raid10 discard request
- md/raid10: improve discard request for far layout
* Bionic: btrfs: kernel BUG at /build/linux- linux-4. 15.0/fs/ btrfs/ctree. c:3233! (LP: #1902254) free_extent( ) inline_ extent_ backref( )
eTBZpZ/
- btrfs: use offset_in_page instead of open-coding it
- btrfs: use BUG() instead of BUG_ON(1)
- btrfs: drop unnecessary offset_in_page in extent buffer helpers
- btrfs: extent_io: do extra check for extent buffer read write functions
- btrfs: extent-tree: kill BUG_ON() in __btrfs_
- btrfs: extent-tree: kill the BUG_ON() in insert_
- btrfs: ctree: check key order before merging tree blocks
* Bionic update: upstream stable patchset 2020-11-04 (LP: #1902943) transport_ reset_no_ sock() display_ crtc_set_ config net/wan/ hdlc_fr: Add needed_headroom for PVC devices
- USB: gadget: f_ncm: Fix NDP16 datagram validation
- gpio: tc35894: fix up tc35894 interrupt configuration
- vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock
- vsock/virtio: stop workers during the .remove()
- vsock/virtio: add transport parameter to the
virtio_
- net: virtio_vsock: Enhance connection semantics
- Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
- ftrace: Move RCU is watching check after recursion check
- drm/amdgpu: restore proper ref count in amdgpu_
- drivers/
- drm/sun4i: mixer: Extend regmap max_register
- net: dec: de2104x: Increase receive ring size for Tulip
- rndis_host: increase sleep time in the query-response loop
- nvme-core: get/put ctrl ...