Cosmic update: 4.18.17 upstream stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Medium
|
Stefan Bader |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
4.18.17 upstream stable release
from git://git.
The following patches will be applied:
* xfrm: Validate address prefix lengths in the xfrm selector.
* xfrm6: call kfree_skb when skb is toobig
* xfrm: reset transport header back to network header after all input
transforms ahave been applied
* xfrm: reset crypto_done when iterating over multiple input xfrms
* mac80211: Always report TX status
* cfg80211: reg: Init wiphy_idx in regulatory_
* mac80211: fix pending queue hang due to TX_DROP
* cfg80211: Address some corner cases in scan result channel updating
* mac80211: TDLS: fix skb queue/priority assignment
* mac80211: fix TX status reporting for ieee80211s
* xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
* ARM: 8799/1: mm: fix pci_ioremap_io() offset check
* xfrm: validate template mode
* drm/i2c: tda9950: fix timeout counter check
* drm/i2c: tda9950: set MAX_RETRIES for errors only
* netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev
* netfilter: conntrack: get rid of double sizeof
* arm64: hugetlb: Fix handling of young ptes
* ARM: dts: BCM63xx: Fix incorrect interrupt specifiers
* net: macb: Clean 64b dma addresses if they are not detected
* soc: fsl: qbman: qman: avoid allocating from non existing gen_pool
* soc: fsl: qe: Fix copy/paste bug in ucc_get_
* nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
* mac80211_hwsim: fix locking when iterating radios during ns exit
* mac80211_hwsim: fix race in radio destruction from netlink notifier
* mac80211_hwsim: do not omit multicast announce of first added radio
* Bluetooth: SMP: fix crash in unpairing
* pxa168fb: prepare the clock
* qed: Avoid implicit enum conversion in qed_set_
* qed: Fix mask parameter in qed_vf_
* qed: Avoid implicit enum conversion in qed_roce_
* qed: Avoid constant logical operation warning in qed_vf_pf_acquire
* qed: Avoid implicit enum conversion in qed_iwarp_
* nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
* scsi: qedi: Initialize the stats mutex lock
* rxrpc: Fix checks as to whether we should set up a new call
* rxrpc: Fix RTT gathering
* rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket
* rxrpc: Fix error distribution
* netfilter: nft_set_rbtree: add missing rb_erase() in GC routine
* netfilter: avoid erronous array bounds warning
* asix: Check for supported Wake-on-LAN modes
* ax88179_178a: Check for supported Wake-on-LAN modes
* lan78xx: Check for supported Wake-on-LAN modes
* sr9800: Check for supported Wake-on-LAN modes
* r8152: Check for supported Wake-on-LAN Modes
* smsc75xx: Check for Wake-on-LAN modes
* smsc95xx: Check for Wake-on-LAN modes
* cfg80211: fix use-after-free in reg_process_hint()
* KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled
* KVM: x86: Do not use kvm_x86_
* KVM: nVMX: Fix emulation of VM_ENTRY_
* perf/core: Fix perf_pmu_
* perf/x86/
hardcorded physical package ID 0
* perf/ring_buffer: Prevent concurent ring buffer access
* perf/x86/
* perf/x86/
* thunderbolt: Do not handle ICM events after domain is stopped
* thunderbolt: Initialize after IOMMUs
* net: fec: fix rare tx timeout
* declance: Fix continuation with the adapter identification message
* RISCV: Fix end PFN for low memory
* Revert "serial: 8250_dw: Fix runtime PM handling"
* locking/ww_mutex: Fix runtime warning in the WW mutex selftest
* drm/amd/display: Signal hw_done() after waiting for flip_done()
* be2net: don't flip hw_features when VXLANs are added/deleted
* powerpc/numa: Skip onlining a offline node in kdump path
* net: cxgb3_main: fix a missing-check bug
* yam: fix a missing-check bug
* ocfs2: fix crash in ocfs2_duplicate
* mm/gup_benchmark: fix unsigned comparison to zero in __gup_benchmark
* mm/migrate.c: split only transparent huge pages when allocation fails
* x86/paravirt: Fix some warning messages
* clk: mvebu: armada-37xx-periph: Remove unused var num_parents
* libertas: call into generic suspend code before turning off power
* perf report: Don't try to map ip to invalid map
* tls: Fix improper revert in zerocopy_from_iter
* HID: i2c-hid: Remove RESEND_REPORT_DESCR quirk and its handling
* compiler.h: Allow arch-specific asm/compiler.h
* ARM: dts: imx53-qsb: disable 1.2GHz OPP
* perf python: Use -Wno-redundant-
* perf record: Use unmapped IP for inline callchain cursors
* rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_
* rxrpc: Carry call state out of locked section in rxrpc_rotate_
* rxrpc: Only take the rwind and mtu values from latest ACK
* rxrpc: Fix connection-level abort handling
* KVM: x86: support CONFIG_KVM_AMD=y with CONFIG_
* net: ena: fix warning in rmmod caused by double iounmap
* net: ena: fix rare bug when failed restart/resume is followed by driver removal
* net: ena: fix NULL dereference due to untimely napi initialization
* gpio: Assign gpio_irq_
* IB/mlx5: Unmap DMA addr from HCA before IOMMU
* rds: RDS (tcp) hangs on sendto() to unresponding address
* selftests: rtnetlink.sh explicitly requires bash.
* selftests: udpgso_bench.sh explicitly requires bash
* vmlinux.lds.h: Fix incomplete .text.exit discards
* vmlinux.lds.h: Fix linker warnings about orphan .LPBX sections
* afs: Fix cell proc list
* fs/fat/fatent.c: add cond_resched() to fat_count_
* Revert "mm: slowly shrink slabs with a relatively small number of objects"
* Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
* perf tools: Disable parallelism for 'make clean'
* bridge: do not add port to router list when receives query with source 0.0.0.0
* ipv6: mcast: fix a use-after-free in inet6_mc_check
* ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
* ipv6: rate-limit probes for neighbourless routes
* llc: set SOCK_RCU_FREE in llc_sap_
* net: fec: don't dump RX FIFO register when not available
* net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
* net/mlx5e: fix csum adjustments caused by RXFCS
* net: sched: gred: pass the right attribute to gred_change_
* net: socket: fix a missing-check bug
* net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
* net: udp: fix handling of CHECKSUM_COMPLETE packets
* r8169: fix NAPI handling under high load
* rtnetlink: Disallow FDB configuration for non-Ethernet device
* sctp: fix race on sctp_id2asoc
* tipc: fix unsafe rcu locking when accessing publication list
* udp6: fix encap return code for resubmitting
* vhost: Fix Spectre V1 vulnerability
* virtio_net: avoid using netif_tx_disable() for serializing tx routine
* ethtool: fix a privilege escalation bug
* bonding: fix length of actor system
* ip6_tunnel: Fix encapsulation layout
* openvswitch: Fix push/pop ethernet validation
* net: ipmr: fix unresolved entry dumps
* net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type
* net: bcmgenet: Poll internal PHY for GENETv5
* net: sched: Fix for duplicate class dump
* net/sched: cls_api: add missing validation of netlink attributes
* net/ipv6: Allow onlink routes to have a device mismatch if it is the
default route
* sctp: fix the data size calculation in sctp_data_size
* sctp: not free the new asoc when sctp_wait_
* net/mlx5: Fix memory leak when setting fpga ipsec caps
* net/smc: fix smc_buf_unuse to use the lgr pointer
* mlxsw: spectrum_switchdev: Don't ignore deletions of learned MACs
* net: bpfilter: use get_pid_task instead of pid_task
* net: drop skb on failure in ip_check_defrag()
* net: fix pskb_trim_
* net/mlx5: WQ, fixes for fragmented WQ buffers API
* mlxsw: core: Fix devlink unregister flow
* sparc64: Export __node_distance.
* sparc64: Make corrupted user stacks more debuggable.
* sparc64: Make proc_id signed.
* sparc64: Set %l4 properly on trap return after handling signals.
* sparc64: Wire up compat getpeername and getsockname.
* sparc: Fix single-pcr perf event counter management.
* sparc: Fix syscall fallback bugs in VDSO.
* sparc: Throttle perf events properly.
* net: bridge: remove ipv6 zero address check in mcast queries
* Linux 4.18.17
CVE References
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu Cosmic): | |
assignee: | nobody → Stefan Bader (smb) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu): | |
status: | New → Invalid |
description: | updated |
Changed in linux (Ubuntu Cosmic): | |
status: | In Progress → Fix Committed |
tags: | added: cscc |
This bug was fixed in the package linux - 4.18.0-12.13
---------------
linux (4.18.0-12.13) cosmic; urgency=medium
* linux: 4.18.0-12.13 -proposed tracker (LP: #1802743)
* [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405) _available( ) returncodes VSIE_RESTART GET_INFO ioctl S390_AP_ IOMMU and set CONFIG_VFIO_AP to module.
- s390/zcrypt: Add ZAPQ inline function.
- s390/zcrypt: Review inline assembler constraints.
- s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
- s390/zcrypt: fix ap_instructions
- KVM: s390: vsie: simulate VCPU SIE entry/exit
- KVM: s390: introduce and use KVM_REQ_
- KVM: s390: refactor crypto initialization
- s390: vfio-ap: base implementation of VFIO AP device driver
- s390: vfio-ap: register matrix device with VFIO mdev framework
- s390: vfio-ap: sysfs interfaces to configure adapters
- s390: vfio-ap: sysfs interfaces to configure domains
- s390: vfio-ap: sysfs interfaces to configure control domains
- s390: vfio-ap: sysfs interface to view matrix mdev matrix
- KVM: s390: interface to clear CRYCB masks
- s390: vfio-ap: implement mediated device open callback
- s390: vfio-ap: implement VFIO_DEVICE_
- s390: vfio-ap: zeroize the AP queues
- s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
- KVM: s390: Clear Crypto Control Block when using vSIE
- KVM: s390: vsie: Do the CRYCB validation first
- KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
- KVM: s390: vsie: Allow CRYCB FORMAT-2
- KVM: s390: vsie: allow CRYCB FORMAT-1
- KVM: s390: vsie: allow CRYCB FORMAT-0
- KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
- KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
- KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
- KVM: s390: device attrs to enable/disable AP interpretation
- KVM: s390: CPU model support for AP virtualization
- s390: doc: detailed specifications for AP virtualization
- KVM: s390: fix locking for crypto setting error path
- KVM: s390: Tracing APCB changes
- s390: vfio-ap: setup APCB mask using KVM dedicated function
- [Config:] Enable CONFIG_
* Bypass of mount visibility through userns + mount propagation (LP: #1789161) MNT_LOCKED mounts
- mount: Retest MNT_LOCKED in do_umount
- mount: Don't allow copying MNT_UNBINDABLE|
* CVE-2018-18955: nested user namespaces with more than five extents
incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
- userns: also map extents in the reverse map to kernel IDs
* kdump fail due to an IRQ storm (LP: #1797990)
- SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
- SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
- SAUCE: x86/quirks: Scan all busses for early PCI quirks
* crash in ENA driver on removing an interface (LP: #1802341)
- SAUCE: net: ena: fix crash during ena_remove()
* Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
(LP: #1797367)
- s390/qeth: reduce hard-coded access to ccw channels
- s390/qeth: sanitize strings in debug messages
* Add checksum offload and T...