This bug was fixed in the package linux-kvm - 4.18.0-1009.9 --------------- linux-kvm (4.18.0-1009.9) cosmic; urgency=medium * linux-kvm: 4.18.0-1009.9 -proposed tracker (LP: #1819621) * CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel (LP: #1812153) - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE - [Config]: disable CONFIG_SECURITY_WRITABLE_HOOKS * PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was expected to be set in C-KVM (LP: #1812624) - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY, PAGE_POISONING_ZERO [ Ubuntu: 4.18.0-17.18 ] * linux: 4.18.0-17.18 -proposed tracker (LP: #1819624) * Packaging resync (LP: #1786013) - [Packaging] resync getabis - [Packaging] update helper scripts * C++ demangling support missing from perf (LP: #1396654) - [Packaging] fix a mistype * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162) - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747) - nvme-pci: fix out of bounds access in nvme_cqe_pending * CVE-2019-9003 - ipmi: fix use-after-free of user->release_barrier.rda * CVE-2019-9162 - netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs * CVE-2019-9213 - mm: enforce min addr even if capable() in expand_downwards() * CVE-2019-3460 - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt * tun/tap: unable to manage carrier state from userland (LP: #1806392) - tun: implement carrier change * CVE-2019-8980 - exec: Fix mem leak in kernel_read_file * [Packaging] Allow overlay of config annotations (LP: #1752072) - [Packaging] config-check: Add an include directive * amdgpu with mst WARNING on blanking (LP: #1814308) - drm/amd/display: Fix MST dp_blank REG_WAIT timeout * CVE-2019-7308 - bpf: move {prev_,}insn_idx into verifier env - bpf: move tmp variable into ax register in interpreter - bpf: enable access to ax register also from verifier rewrite - bpf: restrict map value pointer arithmetic for unprivileged - bpf: restrict stack pointer arithmetic for unprivileged - bpf: restrict unknown scalars of mixed signed bounds for unprivileged - bpf: fix check_map_access smin_value test when pointer contains offset - bpf: prevent out of bounds speculation on pointer arithmetic - bpf: fix sanitation of alu op with pointer / scalar type from different paths - bpf: add various test cases to test_verifier - bpf: add various test cases to selftests * CVE-2017-5753 - bpf: fix inner map masking to prevent oob under speculation * Use memblock quirk instead of delayed allocation for GICv3 LPI tables (LP: #1816425) - efi/arm: Revert "Defer persistent reservations until after paging_init()" - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982) - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted * Update ENA driver to version 2.0.3K (LP: #1816806) - net: ena: update driver version from 2.0.2 to 2.0.3 - net: ena: fix race between link up and device initalization - net: ena: fix crash during failed resume from hibernation * Silent "Unknown key" message when pressing keyboard backlight hotkey (LP: #1817063) - platform/x86: dell-wmi: Ignore new keyboard backlight change event * CVE-2018-19824 - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c * CVE-2019-3459 - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer * CONFIG_TEST_BPF is disabled (LP: #1813955) - [Config]: Reenable TEST_BPF * installer does not support iSCSI iBFT (LP: #1817321) - d-i: add iscsi_ibft to scsi-modules * CVE-2019-7222 - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) * CVE-2019-7221 - KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) * CVE-2019-6974 - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) * hns3 nic speed may not match optical port speed (LP: #1817969) - net: hns3: Config NIC port speed same as that of optical module * [Hyper-V] srcu: Lock srcu_data structure in srcu_gp_start() (LP: #1802021) - srcu: Lock srcu_data structure in srcu_gp_start() * libsas disks can have non-unique by-path names (LP: #1817784) - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached * Bluetooth not working (Intel CyclonePeak) (LP: #1817518) - Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029 * CVE-2019-8912 - net: crypto set sk to NULL when af_alg_release. - net: socket: set sock->sk to NULL after calling proto_ops::release() * 4.18.0 thinkpad_acpi : thresholds for BAT1 not writable (LP: #1812099) - platform/x86: thinkpad_acpi: Fix multi-battery bug * [ALSA] [PATCH] System76 darp5 and oryp5 fixups (LP: #1815831) - ALSA: hda/realtek - Headset microphone support for System76 darp5 - ALSA: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 * CVE-2019-8956 - sctp: walk the list of asoc safely * Constant noise in the headphone on Lenovo X1 machines (LP: #1817263) - ALSA: hda/realtek: Disable PC beep in passthrough on alc285 -- Kleber Sacilotto de Souza