Ubuntu
linux package

Bionic update: upstream stable patchset 2021-06-11

Bionic (18.04)
Bug #1931740

Bug #1931740 reported by Kamal Mostafa on 2021-06-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Bionic	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2021-06-11

                Ported from the following upstream stable releases:
                        v4.14.234, v4.19.192
                        v4.14.235, v4.19.193

from git://git.kernel.org/

openrisc: Fix a memory leak
RDMA/rxe: Clear all QP fields if creation failed
scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword()
ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
cifs: fix memory leak in smb2_copychunk_range
ALSA: line6: Fix racy initialization of LINE6 MIDI
ALSA: usb-audio: Validate MS endpoint descriptors
ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
Revert "ALSA: sb8: add a check for request_region"
ALSA: hda/realtek: reset eapd coeff to default value for alc287
Revert "rapidio: fix a NULL pointer dereference when create_workqueue() fails"
rapidio: handle create_workqueue() failure
xen-pciback: reconfigure also from backend watch handler
dm snapshot: fix crash with transient storage and zero chunk size
Revert "video: hgafb: fix potential NULL pointer dereference"
Revert "net: stmicro: fix a missing check of clk_prepare"
Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"
Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
Revert "video: imsttfb: fix potential NULL pointer dereferences"
Revert "ecryptfs: replace BUG_ON with error handling code"
Revert "gdrom: fix a memory leak bug"
cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
cdrom: gdrom: initialize global variable at init time
Revert "media: rcar_drif: fix a memory disclosure"
Revert "rtlwifi: fix a potential NULL pointer dereference"
Revert "qlcnic: Avoid potential NULL pointer dereference"
Revert "niu: fix missing checks of niu_pci_eeprom_read"
ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
net: stmicro: handle clk_prepare() failure during init
net: rtlwifi: properly check for alloc_workqueue() failure
leds: lp5523: check return value of lp5xx_read and jump to cleanup code
qlcnic: Add null check after calling netdev_alloc_skb
video: hgafb: fix potential NULL pointer dereference
vgacon: Record video mode changes with VT_RESIZEX
vt: Fix character height handling with VT_RESIZEX
tty: vt: always invoke vc->vc_sw->con_resize callback
video: hgafb: correctly handle card detect failure during probe
Bluetooth: SMP: Fail if remote and local public keys are identical
firmware: arm_scpi: Prevent the ternary sign expansion bug
platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293
Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference"
UBUNTU: upstream stable to v4.14.234, v4.19.192
mm, vmstat: drop zone->lock in /proc/pagetypeinfo
usb: dwc3: gadget: Enable suspend events
NFC: nci: fix memory leak in nci_allocate_device
NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
iommu/vt-d: Fix sysfs leak in alloc_iommu()
perf intel-pt: Fix sample instruction bytes
perf intel-pt: Fix transaction abort handling
proc: Check /proc/$pid/attr/ writes against file opener
net: hso: fix control-request directions
mac80211: assure all fragments are encrypted
mac80211: prevent mixed key and fragment cache attacks
mac80211: properly handle A-MSDUs that start with an RFC 1042 header
cfg80211: mitigate A-MSDU aggregation attacks
mac80211: drop A-MSDUs on old ciphers
mac80211: add fragment cache to sta_info
mac80211: check defrag PN against current frame
mac80211: prevent attacks on TKIP/WEP as well
mac80211: do not accept/forward invalid EAPOL frames
mac80211: extend protection against mixed key and fragment cache attacks
ath10k: Validate first subframe of A-MSDU before processing the list
dm snapshot: properly fix a crash when an origin has no snapshots
kgdb: fix gcc-11 warnings harder
misc/uss720: fix memory leak in uss720_probe
thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
mei: request autosuspend after sending rx flow control
staging: iio: cdc: ad7746: avoid overwrite of num_channels
iio: adc: ad7793: Add missing error code in ad7793_setup()
USB: trancevibrator: fix control-request direction
serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
USB: serial: ti_usb_3410_5052: add startech.com device id
USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
USB: serial: ftdi_sio: add IDs for IDS GmbH Products
USB: serial: pl2303: add device id for ADLINK ND-6530 GC
usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
net: usb: fix memory leak in smsc75xx_bind
Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
NFS: fix an incorrect limit in filelayout_decode_layout()
NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
drm/meson: fix shutdown crash when component not probed
net/mlx4: Fix EEPROM dump support
Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv"
tipc: skb_linearize the head skb when reassembling msgs
i2c: s3c2410: fix possible NULL pointer deref on read message after write
i2c: i801: Don't generate an interrupt on bus reset
perf jevents: Fix getting maximum number of fds
platform/x86: hp_accel: Avoid invoking _INI to speed up resume
serial: max310x: unregister uart driver in case of failure and abort
net: fujitsu: fix potential null-ptr-deref
net: caif: remove BUG_ON(dev == NULL) in caif_xmit
char: hpet: add checks after calling ioremap
isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
dmaengine: qcom_hidma: comment platform_driver_register call
libertas: register sysfs groups properly
media: dvb: Add check on sp8870_readreg return
media: gspca: properly check for errors in po1030_probe()
scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
openrisc: Define memory barrier mb
btrfs: do not BUG_ON in link_to_fixup_dir
platform/x86: hp-wireless: add AMD's hardware id to the supported list
platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
SMB3: incorrect file id in requests compounded with open
drm/amdgpu: Fix a use-after-free
net: netcp: Fix an error message
net: mdio: thunder: Fix a double free issue in the .remove function
net: mdio: octeon: Fix some double free issues
net: bnx2: Fix error return code in bnx2_init_board()
mld: fix panic in mld_newpack()
staging: emxx_udc: fix loop in _nbu2ss_nuke()
ASoC: cs35l33: fix an error code in probe()
bpf: Set mac_len in bpf_skb_change_head
ixgbe: fix large MTU request from VF
scsi: libsas: Use _safe() loop in sas_resume_port()
ipv6: record frag_max_size in atomic fragments in input path
sch_dsmark: fix a NULL deref in qdisc_reset()
MIPS: alchemy: xxs1500: add gpio-au1000.h header file
MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
hugetlbfs: hugetlb_fault_mutex_hash() cleanup
drivers/net/ethernet: clean up unused assignments
usb: core: reduce power-on-good delay time of root hub
USB: usbfs: Don't WARN about excessively large memory allocations
selftests/bpf: Test narrow loads with off > 0 in test_verifier
bpf: extend is_branch_taken to registers
bpf: Move off_reg into sanitize_ptr_alu
bpf: Ensure off_reg has no mixed signed bounds for all types
bpf: Rework ptr_limit into alu_limit and add common error path
bpf: Improve verifier error messages for users
bpf: Refactor and streamline bounds check into helper
bpf: Move sanitize_val_alu out of op switch
bpf: Tighten speculative pointer arithmetic mask
bpf: Fix leakage of uninitialized bpf stack under speculation
bpf: Wrap aux data inside bpf_sanitize_info container
bpf: No need to simulate speculative domain for immediates
net: dsa: fix a crash if ->get_sset_count() fails
drm/amd/amdgpu: fix refcount leak
net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count
openvswitch: meter: fix race when getting now_ms.
net: hns3: check the return of skb_checksum_help()
UBUNTU: upstream stable to v4.14.235, v4.19.193

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2021-06-11

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Kamal Mostafa (kamalmostafa) on 2021-06-11

description:	updated
description:	updated

Kelsey Steele (kelsey-steele) on 2021-06-11

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-07-20:

Download full text (33.0 KiB)

This bug was fixed in the package linux - 4.15.0-151.157

---------------
linux (4.15.0-151.157) bionic; urgency=medium

* CVE-2021-33909
- SAUCE: seq_file: Disallow extremely large seq buffer allocations

linux (4.15.0-150.155) bionic; urgency=medium

* bionic/linux: 4.15.0-150.155 -proposed tracker (LP: #1934374)

* lxd exec fails (LP: #1934187)
- SAUCE: Revert "proc: Check /proc/$pid/attr/ writes against file opener"

linux (4.15.0-149.153) bionic; urgency=medium

* bionic/linux: 4.15.0-149.153 -proposed tracker (LP: #1933434)

  * selftests: bpf: test_verifier fixes (LP: #1933385)
    - bpf: Update selftests to reflect new error states
    - bpf, selftests: Adjust few selftest result_unpriv outcomes

* CVE-2021-33200
- bpf: Fix mask direction swap upon off reg sign change

linux (4.15.0-148.152) bionic; urgency=medium

* bionic/linux: 4.15.0-148.152 -proposed tracker (LP: #1932515)

* Packaging resync (LP: #1786013)
- update dkms package versions

  * Upstream v5.9 introduced 'module' patches that removed exported symbols
    (LP: #1932065)
    - SAUCE: Revert "modules: inherit TAINT_PROPRIETARY_MODULE"
    - SAUCE: Revert "modules: return licensing information from find_symbol"
    - SAUCE: Revert "modules: rename the licence field in struct symsearch to
      license"
    - SAUCE: Revert "modules: unexport __module_address"
    - SAUCE: Revert "modules: unexport __module_text_address"
    - SAUCE: Revert "modules: mark each_symbol_section static"
    - SAUCE: Revert "modules: mark find_symbol static"
    - SAUCE: Revert "modules: mark ref_module static"

* Disable hv-kvp-daemon.service on certain instance types (LP: #1932081)
- [Packaging]: Add kernel command line condition to hv-kvp-daemon service

This bug was fixed in the package linux - 4.15.0-151.157

---------------
linux (4.15.0-151.157) bionic; urgency=medium

* CVE-2021-33909
    - SAUCE: seq_file: Disallow extremely large seq buffer allocations

linux (4.15.0-150.155) bionic; urgency=medium

* bionic/linux: 4.15.0-150.155 -proposed tracker (LP: #1934374)

* lxd exec fails (LP: #1934187)
    - SAUCE: Revert "proc: Check /proc/$pid/attr/ writes against file opener"

linux (4.15.0-149.153) bionic; urgency=medium

* bionic/linux: 4.15.0-149.153 -proposed tracker (LP: #1933434)

* selftests: bpf: test_verifier fixes (LP: #1933385)
    - bpf: Update selftests to reflect new error states
    - bpf, selftests: Adjust few selftest result_unpriv outcomes

* CVE-2021-33200
    - bpf: Fix mask direction swap upon off reg sign change

linux (4.15.0-148.152) bionic; urgency=medium

* bionic/linux: 4.15.0-148.152 -proposed tracker (LP: #1932515)

* Packaging resync (LP: #1786013)
    - update dkms package versions

* Disable hv-kvp-daemon.service on certain instance types (LP: #1932081)
    - [Packaging]: Add kernel command line condition to hv-kvp-daemon service

* Bionic update: upstream stable patchset 2021-06-11 (LP: #1931740)
    - openrisc: Fix a memory leak
    - RDMA/rxe: Clear all QP fields if creation failed
    - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword()
    - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
    - cifs: fix memory leak in smb2_copychunk_range
    - ALSA: line6: Fix racy initialization of LINE6 MIDI
    - ALSA: usb-audio: Validate MS endpoint descriptors
    - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
    - Revert "ALSA: sb8: add a check for request_region"
    - Revert "rapidio: fix a NULL pointer dereference when create_workqueue()
      fails"
    - rapidio: handle create_workqueue() failure
    - xen-pciback: reconfigure also from backend watch handler
    - dm snapshot: fix crash with transient storage and zero chunk size
    - Revert "video: hgafb: fix potential NULL pointer dereference"
    - Revert "net: stmicro: fix a missing check of clk_prepare"
    - Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"
    - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
    - Revert "video: imsttfb: fix potential NULL pointer dereferences"
    - Revert "ecryptfs: replace BUG_ON with error handling code"
    - Revert "gdrom: fix a memory leak bug"
    - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
    - cdrom: gdrom: initialize global variable at init time
    - Revert "media: rcar_drif: fix a memory disclosure"
    - Revert "rtlwifi: fix a potential NULL pointer dereference"
    - Revert "qlcnic: Avoid potential NULL pointer dereference"
    - Revert "niu: fix missing checks of niu_pci_eeprom_read"
    - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
    - net: stmicro: handle clk_prepare() failure during init
    - net: rtlwifi: properly check for alloc_workqueue() failure
    - leds: lp5523: check return value of lp5xx_read and jump to cleanup code
    - qlcnic: Add null check after calling netdev_alloc_skb
    - video: hgafb: fix potential NULL pointer dereference
    - vgacon: Record video mode changes with VT_RESIZEX
    - vt: Fix character height handling with VT_RESIZEX
    - tty: vt: always invoke vc->vc_sw->con_resize callback
    - video: hgafb: correctly handle card detect failure during probe
    - Bluetooth: SMP: Fail if remote and local public keys are identical
    - firmware: arm_scpi: Prevent the ternary sign expansion bug
    - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
    - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
    - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293
    - Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer
      dereference"
    - mm, vmstat: drop zone->lock in /proc/pagetypeinfo
    - usb: dwc3: gadget: Enable suspend events
    - NFC: nci: fix memory leak in nci_allocate_device
    - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
    - iommu/vt-d: Fix sysfs leak in alloc_iommu()
    - perf intel-pt: Fix sample instruction bytes
    - perf intel-pt: Fix transaction abort handling
    - proc: Check /proc/$pid/attr/ writes against file opener
    - net: hso: fix control-request directions
    - mac80211: assure all fragments are encrypted
    - mac80211: prevent mixed key and fragment cache attacks
    - mac80211: properly handle A-MSDUs that start with an RFC 1042 header
    - cfg80211: mitigate A-MSDU aggregation attacks
    - mac80211: drop A-MSDUs on old ciphers
    - mac80211: add fragment cache to sta_info
    - mac80211: check defrag PN against current frame
    - mac80211: prevent attacks on TKIP/WEP as well
    - mac80211: do not accept/forward invalid EAPOL frames
    - ath10k: Validate first subframe of A-MSDU before processing the list
    - dm snapshot: properly fix a crash when an origin has no snapshots
    - kgdb: fix gcc-11 warnings harder
    - misc/uss720: fix memory leak in uss720_probe
    - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
    - mei: request autosuspend after sending rx flow control
    - staging: iio: cdc: ad7746: avoid overwrite of num_channels
    - iio: adc: ad7793: Add missing error code in ad7793_setup()
    - USB: trancevibrator: fix control-request direction
    - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
    - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
    - USB: serial: ti_usb_3410_5052: add startech.com device id
    - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
    - USB: serial: ftdi_sio: add IDs for IDS GmbH Products
    - USB: serial: pl2303: add device id for ADLINK ND-6530 GC
    - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
    - net: usb: fix memory leak in smsc75xx_bind
    - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
    - NFS: fix an incorrect limit in filelayout_decode_layout()
    - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
    - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
    - drm/meson: fix shutdown crash when component not probed
    - net/mlx4: Fix EEPROM dump support
    - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv"
    - tipc: skb_linearize the head skb when reassembling msgs
    - i2c: s3c2410: fix possible NULL pointer deref on read message after write
    - i2c: i801: Don't generate an interrupt on bus reset
    - perf jevents: Fix getting maximum number of fds
    - platform/x86: hp_accel: Avoid invoking _INI to speed up resume
    - serial: max310x: unregister uart driver in case of failure and abort
    - net: fujitsu: fix potential null-ptr-deref
    - net: caif: remove BUG_ON(dev == NULL) in caif_xmit
    - char: hpet: add checks after calling ioremap
    - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
    - dmaengine: qcom_hidma: comment platform_driver_register call
    - libertas: register sysfs groups properly
    - media: dvb: Add check on sp8870_readreg return
    - media: gspca: properly check for errors in po1030_probe()
    - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
    - openrisc: Define memory barrier mb
    - btrfs: do not BUG_ON in link_to_fixup_dir
    - platform/x86: hp-wireless: add AMD's hardware id to the supported list
    - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
    - SMB3: incorrect file id in requests compounded with open
    - drm/amdgpu: Fix a use-after-free
    - net: netcp: Fix an error message
    - net: mdio: thunder: Fix a double free issue in the .remove function
    - net: mdio: octeon: Fix some double free issues
    - net: bnx2: Fix error return code in bnx2_init_board()
    - mld: fix panic in mld_newpack()
    - staging: emxx_udc: fix loop in _nbu2ss_nuke()
    - ASoC: cs35l33: fix an error code in probe()
    - bpf: Set mac_len in bpf_skb_change_head
    - ixgbe: fix large MTU request from VF
    - scsi: libsas: Use _safe() loop in sas_resume_port()
    - ipv6: record frag_max_size in atomic fragments in input path
    - sch_dsmark: fix a NULL deref in qdisc_reset()
    - MIPS: alchemy: xxs1500: add gpio-au1000.h header file
    - MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
    - hugetlbfs: hugetlb_fault_mutex_hash() cleanup
    - drivers/net/ethernet: clean up unused assignments
    - usb: core: reduce power-on-good delay time of root hub
    - USB: usbfs: Don't WARN about excessively large memory allocations
    - bpf: extend is_branch_taken to registers
    - bpf: Move off_reg into sanitize_ptr_alu
    - bpf: Ensure off_reg has no mixed signed bounds for all types
    - bpf: Rework ptr_limit into alu_limit and add common error path
    - bpf: Improve verifier error messages for users
    - bpf: Refactor and streamline bounds check into helper
    - bpf: Move sanitize_val_alu out of op switch
    - bpf: Tighten speculative pointer arithmetic mask
    - bpf: Fix leakage of uninitialized bpf stack under speculation
    - bpf: Wrap aux data inside bpf_sanitize_info container
    - bpf: No need to simulate speculative domain for immediates
    - net: dsa: fix a crash if ->get_sset_count() fails
    - drm/amd/amdgpu: fix refcount leak
    - net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count
    - openvswitch: meter: fix race when getting now_ms.
    - net: hns3: check the return of skb_checksum_help()

* Bionic update: upstream stable patchset 2021-06-11 (LP: #1931740) //
    CVE-2020-24587 for such cases.
    - mac80211: extend protection against mixed key and fragment cache attacks

* [82A1, Realtek ALC287, Speaker, Internal] Underruns, dropouts or crackling
    sound (LP: #1925057) // Bionic update: upstream stable patchset 2021-06-11
    (LP: #1931740)
    - ALSA: hda/realtek: reset eapd coeff to default value for alc287

* test_map in ubuntu_bpf failed with "Allowed update sockmap '0:3' not in
    ESTABLISHED" (LP: #1839912)
    - SAUCE: Revert "bpf: test_maps, only support ESTABLISHED socks"

* Bionic update: upstream stable patchset 2021-06-01 (LP: #1930472)
    - MIPS: Introduce isa-rev.h to define MIPS_ISA_REV
    - MIPS: cpu-features.h: Replace __mips_isa_rev with MIPS_ISA_REV
    - s390/disassembler: increase ebpf disasm buffer size
    - ACPI: custom_method: fix potential use-after-free issue
    - ACPI: custom_method: fix a possible memory leak
    - arm64: dts: mt8173: fix property typo of 'phys' in dsi node
    - ecryptfs: fix kernel panic with null dev_name
    - spi: spi-ti-qspi: Free DMA resources
    - mmc: block: Update ext_csd.cache_ctrl if it was written
    - mmc: core: Do a power cycle when the CMD11 fails
    - mmc: core: Set read only for SD cards with permanent write protect bit
    - cifs: Return correct error code from smb2_get_enc_key
    - btrfs: fix metadata extent leak after failure to create subvolume
    - intel_th: pci: Add Rocket Lake CPU support
    - fbdev: zero-fill colormap in fbcmap.c
    - staging: wimax/i2400m: fix byte-order issue
    - crypto: api - check for ERR pointers in crypto_destroy_tfm()
    - usb: gadget: uvc: add bInterval checking for HS mode
    - usb: gadget: f_uac1: validate input parameters
    - usb: dwc3: gadget: Ignore EP queue requests during bus reset
    - usb: xhci: Fix port minor revision
    - PCI: PM: Do not read power state in pci_enable_device_flags()
    - x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
    - tee: optee: do not check memref size on return from Secure World
    - perf/arm_pmu_platform: Fix error handling
    - spi: dln2: Fix reference leak to master
    - spi: omap-100k: Fix reference leak to master
    - intel_th: Consistency and off-by-one fix
    - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
    - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
    - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe
    - scsi: lpfc: Fix pt2pt connection does not recover after LOGO
    - scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
    - media: ite-cir: check for receive overflow
    - power: supply: bq27xxx: fix power_avg for newer ICs
    - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has
      been unplugged
    - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
    - media: gspca/sq905.c: fix uninitialized variable
    - power: supply: Use IRQF_ONESHOT
    - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
    - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats()
    - scsi: qla2xxx: Fix use after free in bsg
    - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
    - media: em28xx: fix memory leak
    - media: vivid: update EDID
    - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
    - power: supply: generic-adc-battery: fix possible use-after-free in
      gab_remove()
    - power: supply: s3c_adc_battery: fix possible use-after-free in
      s3c_adc_bat_remove()
    - media: adv7604: fix possible use-after-free in adv76xx_remove()
    - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
    - media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
    - media: dvb-usb: fix memory leak in dvb_usb_adapter_init
    - media: gscpa/stv06xx: fix memory leak
    - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
    - drm/amdgpu: fix NULL pointer dereference
    - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO
      response
    - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
    - scsi: libfc: Fix a format specifier
    - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
    - ALSA: hda/conexant: Re-order CX5066 quirk table entries
    - ALSA: sb: Fix two use after free in snd_sb_qsound_build
    - btrfs: fix race when picking most recent mod log operation for an old root
    - arm64/vdso: Discard .note.gnu.property sections in vDSO
    - openvswitch: fix stack OOB read while fragmenting IPv4 packets
    - ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
    - NFSv4: Don't discard segments marked for return in _pnfs_return_layout()
    - jffs2: Fix kasan slab-out-of-bounds problem
    - powerpc/eeh: Fix EEH handling for hugepages in ioremap space.
    - powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
    - intel_th: pci: Add Alder Lake-M support
    - md/raid1: properly indicate failure when ending a failed write request
    - security: commoncap: fix -Wstringop-overread warning
    - Fix misc new gcc warnings
    - jffs2: check the validity of dstlen in jffs2_zlib_compress()
    - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op")
    - posix-timers: Preserve return value in clock_adjtime32()
    - ftrace: Handle commands when closing set_ftrace_filter file
    - ext4: fix check to prevent false positive report of incorrect used inodes
    - ext4: fix error code in ext4_commit_super
    - media: dvbdev: Fix memory leak in dvb_media_device_free()
    - usb: gadget: dummy_hcd: fix gpf in gadget_setup
    - usb: gadget: Fix double free of device descriptor pointers
    - usb: gadget/function/f_fs string table fix for multiple languages
    - usb: dwc3: gadget: Fix START_TRANSFER link state check
    - tracing: Map all PIDs to command lines
    - dm persistent data: packed struct should have an aligned() attribute too
    - dm space map common: fix division bug in sm_ll_find_free_block()
    - dm rq: fix double free of blk_mq_tag_set in dev remove after table load
      fails
    - modules: mark ref_module static
    - modules: mark find_symbol static
    - modules: mark each_symbol_section static
    - modules: unexport __module_text_address
    - modules: unexport __module_address
    - modules: rename the licence field in struct symsearch to license
    - modules: return licensing information from find_symbol
    - modules: inherit TAINT_PROPRIETARY_MODULE
    - Bluetooth: verify AMP hci_chan before amp_destroy
    - hsr: use netdev_err() instead of WARN_ONCE()
    - bluetooth: eliminate the potential race condition when removing the HCI
      controller
    - net/nfc: fix use-after-free llcp_sock_bind/connect
    - MIPS: pci-rt2880: fix slot 0 configuration
    - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
    - misc: lis3lv02d: Fix false-positive WARN on various HP models
    - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
    - misc: vmw_vmci: explicitly initialize vmci_datagram payload
    - tracing: Restructure trace_clock_global() to never block
    - md-cluster: fix use-after-free issue when removing rdev
    - md: split mddev_find
    - md: factor out a mddev_find_locked helper from mddev_find
    - md: md_open returns -EBUSY when entering racing area
    - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
    - cfg80211: scan: drop entry from hidden_list on overflow
    - drm/radeon: fix copy of uninitialized variable back to userspace
    - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
    - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
    - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
    - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported
    - KVM: s390: split kvm_s390_logical_to_effective
    - KVM: s390: fix guarded storage control register handling
    - KVM: s390: split kvm_s390_real_to_abs
    - usb: gadget: pch_udc: Revert d3cb25a12138 completely
    - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family
    - ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
    - serial: stm32: fix incorrect characters on console
    - serial: stm32: fix tx_empty condition
    - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
    - x86/microcode: Check for offline CPUs before requesting new microcode
    - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
    - usb: gadget: pch_udc: Check if driver is present before calling ->setup()
    - usb: gadget: pch_udc: Check for DMA mapping error
    - crypto: qat - don't release uninitialized resources
    - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
    - fotg210-udc: Fix DMA on EP0 for length > max packet size
    - fotg210-udc: Fix EP0 IN requests bigger than two packets
    - fotg210-udc: Remove a dubious condition leading to fotg210_done
    - fotg210-udc: Mask GRP2 interrupts we don't handle
    - fotg210-udc: Don't DMA more than the buffer can take
    - fotg210-udc: Complete OUT requests on short packets
    - mtd: require write permissions for locking and badblock ioctls
    - bus: qcom: Put child node before return
    - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y,
      unconditionally
    - crypto: qat - fix error path in adf_isr_resource_alloc()
    - USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
    - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
    - staging: rtl8192u: Fix potential infinite loop
    - staging: greybus: uart: fix unprivileged TIOCCSERIAL
    - spi: Fix use-after-free with devm_spi_alloc_*
    - soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
    - soc: qcom: mdt_loader: Detect truncated read of segments
    - ACPI: CPPC: Replace cppc_attr with kobj_attribute
    - crypto: qat - Fix a double free in adf_create_ring
    - usb: gadget: r8a66597: Add missing null check on return from
      platform_get_resource
    - USB: cdc-acm: fix unprivileged TIOCCSERIAL
    - tty: fix return value for unsupported ioctls
    - firmware: qcom-scm: Fix QCOM_SCM configuration
    - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with
      critclk_systems DMI table
    - x86/platform/uv: Fix !KEXEC build failure
    - ttyprintk: Add TTY hangup callback.
    - media: vivid: fix assignment of dev->fbuf_out_flags
    - media: omap4iss: return error code when omap4iss_get() failed
    - media: m88rs6000t: avoid potential out-of-bounds reads on arrays
    - x86/kprobes: Fix to check non boostable prefixes correctly
    - pata_arasan_cf: fix IRQ check
    - pata_ipx4xx_cf: fix IRQ check
    - sata_mv: add IRQ checks
    - ata: libahci_platform: fix IRQ check
    - vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
    - clk: uniphier: Fix potential infinite loop
    - scsi: jazz_esp: Add IRQ check
    - scsi: sun3x_esp: Add IRQ check
    - scsi: sni_53c710: Add IRQ check
    - mfd: stm32-timers: Avoid clearing auto reload register
    - HSI: core: fix resource leaks in hsi_add_client_from_dt()
    - x86/events/amd/iommu: Fix sysfs type mismatch
    - HID: plantronics: Workaround for double volume key presses
    - perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of
      printed chars
    - net: lapbether: Prevent racing when checking whether the netif is running
    - powerpc/prom: Mark identical_pvr_fixup as __init
    - powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration
    - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
    - bug: Remove redundant condition check in report_bug
    - nfc: pn533: prevent potential memory corruption
    - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
    - liquidio: Fix unintented sign extension of a left shift of a u16
    - powerpc/perf: Fix PMU constraint check for EBB events
    - powerpc: iommu: fix build when neither PCI or IBMVIO is set
    - mac80211: bail out if cipher schemes are invalid
    - mt7601u: fix always true expression
    - IB/hfi1: Fix error return code in parse_platform_config()
    - net: thunderx: Fix unintentional sign extension issue
    - i2c: cadence: add IRQ check
    - i2c: emev2: add IRQ check
    - i2c: jz4780: add IRQ check
    - i2c: sh7760: add IRQ check
    - MIPS: pci-legacy: stop using of_pci_range_to_resource
    - powerpc/pseries: extract host bridge from pci_bus prior to bus removal
    - rtlwifi: 8821ae: upgrade PHY and RF parameters
    - i2c: sh7760: fix IRQ error path
    - mwl8k: Fix a double Free in mwl8k_probe_hw
    - vsock/vmci: log once the failed queue pair allocation
    - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
    - net: davinci_emac: Fix incorrect masking of tx and rx error channel
    - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
    - powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
    - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
    - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
    - kfifo: fix ternary sign extension bugs
    - smp: Fix smp_call_function_single_async prototype
    - Revert "of/fdt: Make sure no-map does not remove already reserved regions"
    - Revert "fdt: Properly handle "no-map" field in the memory region"
    - tpm: fix error return code in tpm2_get_cc_attrs_tbl()
    - fs: dlm: fix debugfs dump
    - tipc: convert dest node's address to network order
    - net: stmmac: Set FIFO sizes for ipq806x
    - ALSA: hdsp: don't disable if not enabled
    - ALSA: hdspm: don't disable if not enabled
    - ALSA: rme9652: don't disable if not enabled
    - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
    - Bluetooth: initialize skb_queue_head at l2cap_chan_create()
    - Bluetooth: check for zapped sk before connecting
    - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
    - mac80211: clear the beacon's CRC after channel switch
    - pinctrl: samsung: use 'int' for register masks in Exynos
    - cuse: prevent clone
    - selftests: Set CC to clang in lib.mk if LLVM is set
    - kconfig: nconf: stop endless search loops
    - sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
    - powerpc/smp: Set numa node before updating mask
    - ASoC: rt286: Generalize support for ALC3263 codec
    - samples/bpf: Fix broken tracex1 due to kprobe argument change
    - powerpc/pseries: Stop calling printk in rtas_stop_self()
    - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
    - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
    - powerpc/iommu: Annotate nested lock for lockdep
    - net: ethernet: mtk_eth_soc: fix RX VLAN offload
    - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
    - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
    - PCI: Release OF node in pci_scan_device()'s error path
    - ARM: 9064/1: hw_breakpoint: Do not directly check the event's
      overflow_handler hook
    - rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data()
    - NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
    - NFS: Deal correctly with attribute generation counter overflow
    - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
    - NFSv4.2 fix handling of sr_eof in SEEK's reply
    - rtc: ds1307: Fix wday settings for rx8130
    - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
    - drm/radeon: Fix off-by-one power_state index heap overwrite
    - khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()
    - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
    - ksm: fix potential missing rmap_item for stable_node
    - net: fix nla_strcmp to handle more then one trailing null character
    - kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
    - netfilter: nftables: avoid overflows in nft_hash_buckets()
    - ARC: entry: fix off-by-one error in syscall number validation
    - powerpc/64s: Fix crashes when toggling stf barrier
    - powerpc/64s: Fix crashes when toggling entry flush barrier
    - squashfs: fix divide error in calculate_skip()
    - userfaultfd: release page in error path to avoid BUG_ON
    - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors
      are connected
    - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
    - usb: fotg210-hcd: Fix an error message
    - ACPI: scan: Fix a memory leak in an error handling path
    - blk-mq: Swap two calls in blk_mq_exit_queue()
    - usb: dwc3: omap: improve extcon initialization
    - usb: xhci: Increase timeout for HC halt
    - usb: dwc2: Fix gadget DMA unmap direction
    - usb: core: hub: fix race condition about TRSMRCY of resume
    - iio: gyro: mpu3050: Fix reported temperature value
    - iio: tsl2583: Fix division by a zero lux_val
    - KVM: x86: Cancel pvclock_gtod_work on module removal
    - FDDI: defxx: Make MMIO the configuration default except for EISA
    - MIPS: Reinstate platform `__div64_32' handler
    - MIPS: Avoid DIVU in `__div64_32' is result would be zero
    - MIPS: Avoid handcoded DIVU in `__div64_32' altogether
    - thermal/core/fair share: Lock the thermal zone while looping over instances
    - RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint
    - kobject_uevent: remove warning in init_uevent_argv()
    - netfilter: conntrack: Make global sysctls readonly in non-init netns
    - clk: exynos7: Mark aclk_fsys1_200 as critical
    - x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
    - kgdb: fix gcc-11 warning on indentation
    - usb: sl811-hcd: improve misleading indentation
    - cxgb4: Fix the -Wmisleading-indentation warning
    - isdn: capi: fix mismatched prototypes
    - PCI: thunder: Fix compile testing
    - ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend()
    - ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
    - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated
      devices
    - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a
      stuck state
    - um: Mark all kernel symbols as local
    - ceph: fix fscache invalidation
    - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
    - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
    - block: reexpand iov_iter after read/write
    - lib: stackdepot: turn depot_lock spinlock to raw_spinlock
    - sit: proper dev_{hold|put} in ndo_[un]init methods
    - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
    - xhci: Do not use GFP_KERNEL in (potentially) atomic context
    - ipv6: remove extra dev_hold() for fallback tunnels
    - ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld
    - arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node
    - mtd: rawnand: atmel: Update ecc_stats.corrected counter
    - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based
      controllers
    - genirq/matrix: Prevent allocation counter corruption
    - usb: xhci-mtk: support quirk to disable usb2 lpm
    - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB
    - media: tc358743: fix possible use-after-free in tc358743_remove()
    - amdgpu: avoid incorrect %hu format string
    - s390/archrandom: add parameter check for s390_arch_random_generate
    - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset
      PC 8
    - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx
    - ubifs: Only check replay with inode type to judge if inode linked
    - mlxsw: spectrum_mr: Update egress RIF list before route's action
    - NFS: Don't discard pNFS layout segments that are marked for return
    - tpm: vtpm_proxy: Avoid reading host log when using a virtual device
    - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload
      sequences
    - arm64: vdso: remove commas between macro name and arguments
    - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
    - tty: fix memory leak in vc_deallocate
    - rsi: Use resume_noirq for SDIO
    - MIPS: pci-mt7620: fix PLL lock check
    - md: Fix missing unused status line of /proc/mdstat
    - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries
    - ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family
    - ARM: dts: exynos: correct MUIC interrupt trigger level on Midas family
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Midas family
    - regmap: set debugfs_name to NULL after it is freed
    - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe()
    - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC
    - mtd: rawnand: qcom: Return actual error code instead of -ENODEV
    - usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
    - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE
    - scsi: ibmvfc: Fix invalid state machine BUG_ON()
    - sched/debug: Fix cgroup_path[] serialization
    - net: hns3: Limiting the scope of vector_ring_chain variable
    - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails
    - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
    - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res
    - net: Only allow init netns to set default tcp cong to a restricted algo
    - i2c: bail out early when RDWR parameters are wrong
    - net: bridge: when suppression is enabled exclude RARP packets
    - i2c: Add I2C_AQ_NO_REP_START adapter quirk
    - ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user()
    - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc()
    - PCI: endpoint: Fix missing destroy_workqueue()
    - net: hns3: disable phy loopback setting in hclge_mac_start_phy
    - sctp: do asoc update earlier in sctp_sf_do_dupcook_a
    - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
    - netfilter: xt_SECMARK: add new revision to fix structure layout
    - drm/radeon: Avoid power table parsing memory leaks
    - sched/fair: Fix unfairness caused by missing load decay
    - xhci: Add reset resume quirk for AMD xhci controller.
    - cdc-wdm: untangle a circular dependency between callback and softint
    - nvme: do not try to reconfigure APST when the controller is not live
    - pinctrl: ingenic: Improve unreachable code generation
    - ARM: 9075/1: kernel: Fix interrupted SMC calls
    - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not
      found
    - tweewide: Fix most Shebang lines
    - scripts: switch explicitly to Python 3

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Fri, 09 Jul 2021 17:19:20 -0300

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package