CVE-2010-4083
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Low
|
Brad Figg | |||
Hardy |
Low
|
Brad Figg | |||
Karmic |
Low
|
Brad Figg | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Low
|
Brad Figg | |||
Natty |
Undecided
|
Unassigned | |||
linux-fsl-imx51 (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Paolo Pisati | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
linux-ti-omap4 (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned |
Bug Description
sys_semctl: fix kernel stack leakage
The semctl syscall has several code paths that lead to the leakage of
uninitialized kernel stack memory (namely the IPC_INFO, SEM_INFO,
IPC_STAT, and SEM_STAT commands) during the use of the older, obsolete
version of the semid_ds struct.
The copy_semid_
and copies it back to the user without initializing or zeroing the
"sem_base", "sem_pending", "sem_pending_last", and "undo" pointers,
allowing the leakage of 16 bytes of kernel stack memory.
The code is still reachable on 32-bit systems - when calling semctl()
newer glibc's automatically OR the IPC command with the IPC_64 flag, but
invoking the syscall directly allows users to use the older versions of
the struct.
CVE References
- 2010-0435
- 2010-2943
- 2010-3296
- 2010-3297
- 2010-3448
- 2010-3698
- 2010-3699
- 2010-3848
- 2010-3849
- 2010-3850
- 2010-3858
- 2010-3859
- 2010-3865
- 2010-3873
- 2010-3874
- 2010-3875
- 2010-3876
- 2010-3877
- 2010-3880
- 2010-4072
- 2010-4073
- 2010-4074
- 2010-4076
- 2010-4077
- 2010-4078
- 2010-4079
- 2010-4080
- 2010-4081
- 2010-4082
- 2010-4083
- 2010-4157
- 2010-4160
- 2010-4162
- 2010-4163
- 2010-4164
- 2010-4165
- 2010-4169
- 2010-4175
- 2010-4242
- 2010-4243
- 2010-4248
- 2010-4256
- 2010-4258
- 2010-4342
- 2010-4346
- 2010-4527
- 2010-4529
- 2010-4565
- 2010-4649
- 2010-4656
- 2011-0463
- 2011-0521
- 2011-0695
- 2011-0711
- 2011-0712
- 2011-0726
- 2011-1010
- 2011-1012
- 2011-1013
- 2011-1016
- 2011-1017
- 2011-1019
- 2011-1020
- 2011-1078
- 2011-1079
- 2011-1080
- 2011-1082
- 2011-1090
- 2011-1093
- 2011-1160
- 2011-1163
- 2011-1169
- 2011-1170
- 2011-1171
- 2011-1172
- 2011-1173
- 2011-1180
- 2011-1478
- 2011-1493
- 2011-1494
- 2011-1577
- 2011-1598
- 2011-1748
- 2011-1770
- 2011-1833
- 2011-2484
- 2011-2492
- 2011-2534
- 2011-2699
- 2011-2918
Changed in linux (Ubuntu Maverick): | |
status: | New → In Progress |
assignee: | nobody → Brad Figg (brad-figg) |
importance: | Undecided → Low |
Changed in linux (Ubuntu Natty): | |
status: | New → Fix Released |
Changed in linux (Ubuntu Lucid): | |
status: | New → Fix Released |
Changed in linux (Ubuntu Karmic): | |
status: | New → In Progress |
importance: | Undecided → Low |
assignee: | nobody → Brad Figg (brad-figg) |
Changed in linux (Ubuntu Hardy): | |
status: | New → In Progress |
assignee: | nobody → Brad Figg (brad-figg) |
importance: | Undecided → Low |
Changed in linux (Ubuntu Dapper): | |
status: | New → In Progress |
importance: | Undecided → Low |
assignee: | nobody → Brad Figg (brad-figg) |
Changed in linux (Ubuntu Dapper): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Karmic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Maverick): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Hardy): | |
status: | In Progress → Fix Committed |
Launchpad Janitor (janitor) wrote : | #2 |
This bug was fixed in the package linux - 2.6.24-28.86
---------------
linux (2.6.24-28.86) hardy-proposed; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #716166
[Tim Gardner]
* xen unified block-device I/O interface back end can orphan devices,
CVE-2010-3699
- LP: #708019
- CVE-2010-3699
[Upstream Kernel Changes]
* Hardy SRU: thinkpad-acpi: lock down video output state access,
CVE-2010-3448
- LP: #706999
- CVE-2010-3448
* net: Limit socket I/O iovec total length to INT_MAX., CVE-2010-3859
- LP: #711855, #708839
- CVE-2010-4160
* net: Truncate recvfrom and sendto length to INT_MAX., CVE-2010-3859
- LP: #711855, #708839
- CVE-2010-4160
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* memory corruption in X.25 facilities parsing, CVE-2010-3873
- LP: #709372
- CVE-2010-3873
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #710714
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* KVM: VMX: fix vmx null pointer dereference on debug register access,
CVE-2010-0435
- LP: #712615
- CVE-2010-0435
* gdth: integer overflow in ioctl, CVE-2010-4157
- LP: #711797
- CVE-2010-4157
* posix-cpu-timers: workaround to suppress the problems with mt exec,
CVE-2010-4248
- LP: #712609
- CVE-2010-4248
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory,
CVE-2010-4080, CVE-2010-4081
- LP: #712723, #712737
- CVE-2010-4081
* sys_semctl: fix kernel stack leakage, CVE-2010-4083
- LP: #712749
- CVE-2010-4083
* inet_diag: Make sure we actually run the same bytecode we audited,
CVE-2010-3880
- LP: #711865
- CVE-2010-3880
linux (2.6.24-28.85) hardy-proposed; urgency=low
[ Brad Figg ]
* Tracking Bug
- LP: #708315
[Upstream Kernel Changes]
* ata_piix: IDE mode SATA patch for Intel ICH10 DeviceID's
- LP: #693401
* USB: serial/mos*: prevent reading uninitialized stack memory,
CVE-2010-4074
- LP: #706149
- CVE-2010-4074
* KVM: Fix fs/gs reload oops with invalid ldt
- LP: #707000
- CVE-2010-3698
* drivers/
memory, CVE-2010-4078
- LP: #707579
- CVE-2010-4078
* V4L/DVB: ivtvfb: prevent reading uninitialized stack memory,
CVE-2010-4079
- LP: #707649
- CVE-2010-4079
linux (2.6.24-28.84) hardy-proposed; urgency=low
[ Steve Conklin ]
* Tracking Bug
- LP: #698185
linux (2.6.24-28.83) hardy-proposed; urgency=low
[ Steve Conklin ]
* tracking bug moved from here to latest entry
linux (2.6.24-28.82) hardy-proposed; urgency=low
[ Leann Ogasawara ]
* Revert "SAUCE: AF_ECONET saddr->cookie prevent NULL pointer
dereference"
* Revert "SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges"
* Revert "SAUCE: AF_ECONET prevent kernel stack overflow"
[Upstream Kernel Changes]
* xfs: validate untrust...
Changed in linux (Ubuntu Hardy): | |
status: | Fix Committed → Fix Released |
Launchpad Janitor (janitor) wrote : | #3 |
This bug was fixed in the package linux - 2.6.31-22.73
---------------
linux (2.6.31-22.73) karmic-proposed; urgency=low
[ Steve Conklin ]
* Release Tracking Bug
- LP: #716648
[ Upstream Kernel Changes ]
* copied ABI directory
* net: Limit socket I/O iovec total length to INT_MAX., CVE-2010-3859
- LP: #708839, #711855
- CVE-2010-4160
* net: Truncate recvfrom and sendto length to INT_MAX., CVE-2010-3859
- LP: #708839, #711855
- CVE-2010-4160
* net: fix rds_iovec page count overflow, CVE-2010-3865
- LP: #709153
- CVE-2010-3865
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* can-bcm: fix minor heap overflow
- LP: #710680
- CVE-2010-3874
* memory corruption in X.25 facilities parsing, CVE-2010-3873
- LP: #709372
- CVE-2010-3873
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #710714
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* KVM: VMX: fix vmx null pointer dereference on debug register access,
CVE-2010-0435
- LP: #712615
- CVE-2010-0435
* gdth: integer overflow in ioctl, CVE-2010-4157
- LP: #711797
- CVE-2010-4157
* posix-cpu-timers: workaround to suppress the problems with mt exec,
CVE-2010-4248
- LP: #712609
- CVE-2010-4248
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory,
CVE-2010-4080, CVE-2010-4081
- LP: #712723, #712737
- CVE-2010-4081
* drivers/
CVE-2010-4082
- LP: #712744
- CVE-2010-4082
* sys_semctl: fix kernel stack leakage, CVE-2010-4083
- LP: #712749
- CVE-2010-4083
* inet_diag: Make sure we actually run the same bytecode we audited,
CVE-2010-3880
- LP: #711865
- CVE-2010-3880
linux (2.6.31-22.72) karmic-proposed; urgency=low
[ Brad Figg ]
* Tracking Bug
- LP: #708860
[ Upstream Kernel Changes ]
* Karmic SRU: thinkpad-acpi: lock down video output state access, CVE-2010-3448
- LP: #706999
- CVE-2010-3448
* USB: serial/mos*: prevent reading uninitialized stack memory,
CVE-2010-4074
- LP: #706149
- CVE-2010-4074
* KVM: Fix fs/gs reload oops with invalid ldt
- LP: #707000
- CVE-2010-3698
* drivers/
memory, CVE-2010-4078
- LP: #707579
- CVE-2010-4078
* V4L/DVB: ivtvfb: prevent reading uninitialized stack memory,
CVE-2010-4079
- LP: #707649
- CVE-2010-4079
linux (2.6.31-22.71) karmic-proposed; urgency=low
[ Brad Figg ]
- LP: #698214
[ Upstream Kernel Changes ]
* ipc: initialize structure memory to zero for compat functions
* tcp: Increase TCP_MAXSEG socket option minimum.
- CVE-2010-4165
* perf_events: Fix perf_counter_mmap() hook in mprotect()
- CVE-2010-4169
* af_unix: limit unix_tot_inflight
- CVE-2010-4249
-- Steve Conklin <email address hidden> Thu, 10 Feb 2011 13:49:49...
Changed in linux (Ubuntu Karmic): | |
status: | Fix Committed → Fix Released |
Launchpad Janitor (janitor) wrote : | #4 |
This bug was fixed in the package linux - 2.6.35-27.48
---------------
linux (2.6.35-27.48) maverick-proposed; urgency=low
[ Steve Conklin ]
* Release Tracking Bug
- LP: #723335
[ Upstream Kernel Changes ]
* thinkpad-acpi: avoid keymap pitfall
- LP: #722747
linux (2.6.35-27.47) maverick-proposed; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #716532
[ Upstream Kernel Changes ]
* Revert "USB: gadget: Allow function access to device ID data during
bind()"
- LP: #714732
* net: fix rds_iovec page count overflow, CVE-2010-3865
- LP: #709153
- CVE-2010-3865
* Input: fix typo in keycode validation supporting large scancodes
- LP: #658198
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #710714
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* posix-cpu-timers: workaround to suppress the problems with mt exec,
CVE-2010-4248
- LP: #712609
- CVE-2010-4248
* sys_semctl: fix kernel stack leakage, CVE-2010-4083
- LP: #712749
- CVE-2010-4083
* thinkpad-acpi: lock down size of hotkey keymap
- LP: #712174
* thinkpad-acpi: add support for model-specific keymaps
- LP: #712174
* thinkpad-acpi: Add KEY_CAMERA (Fn-F6) for Lenovo keyboards
- LP: #712174
* x86, hotplug: Use mwait to offline a processor, fix the legacy case
- LP: #714732
* fuse: verify ioctl retries
- LP: #714732
* fuse: fix ioctl when server is 32bit
- LP: #714732
* ALSA: hda: Use position_fix=1 for Acer Aspire 5538 to enable capture on
internal mic
- LP: #685161, #714732
* ALSA: hda: Use model=lg quirk for LG P1 Express to enable playback and
capture
- LP: #595482, #714732
* drm/radeon/kms: don't apply 7xx HDP flush workaround on AGP
- LP: #714732
* drm/kms: remove spaces from connector names (v2)
- LP: #714732
* drm/radeon/kms: fix vram base calculation on rs780/rs880
- LP: #714732
* nohz: Fix printk_needs_cpu() return value on offline cpus
- LP: #714732
* nohz: Fix get_next_
- LP: #714732
* nfsd: Fix possible BUG_ON firing in set_change_info
- LP: #714732
* NFS: Fix fcntl F_GETLK not reporting some conflicts
- LP: #714732
* sunrpc: prevent use-after-free on clearing XPT_BUSY
- LP: #714732
* hwmon: (adm1026) Allow 1 as a valid divider value
- LP: #714732
* hwmon: (adm1026) Fix setting fan_div
- LP: #714732
* EDAC: Fix workqueue-related crashes
- LP: #714732
* amd64_edac: Fix interleaving check
- LP: #714732
* ASoC: Fix swap of left and right channels for WM8993/4 speaker boost
gain
- LP: #714732
* ASoC: Fix off by one error in WM8994 EQ register bank size
- LP: #714732
* ASoC: WM8580: Fix R8 initial value
- LP: #714732
* ASoC: fix deemphasis control in wm8904/55/60 codecs
- LP: #714732
* bootmem: Add alloc_bootmem_...
Changed in linux (Ubuntu Maverick): | |
status: | Fix Committed → Fix Released |
Paolo Pisati (p-pisati) wrote : | #5 |
karmic is EOL
Changed in linux-fsl-imx51 (Ubuntu): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Maverick): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Karmic): | |
status: | New → Won't Fix |
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
status: | New → In Progress |
Changed in linux-ti-omap4 (Ubuntu): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Karmic): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Natty): | |
status: | New → Fix Released |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | New → In Progress |
Launchpad Janitor (janitor) wrote : | #6 |
This bug was fixed in the package linux-fsl-imx51 - 2.6.31-609.26
---------------
linux-fsl-imx51 (2.6.31-609.26) lucid; urgency=low
[ Paolo Pisati ]
* Tracking bug
- LP: #795219
* [Config] Disable parport_pc on fsl-imx51
- LP: #601226
[ Upstream Kernel Changes ]
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
- LP: #712723, #712737
* can-bcm: fix minor heap overflow
- LP: #710680
* drivers/
- LP: #712744
* gdth: integer overflow in ioctl
- LP: #711797
* inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880
- LP: #711865
- CVE-2010-3880
* net: fix rds_iovec page count overflow, CVE-2010-3865
- LP: #709153
- CVE-2010-3865
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #711045
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* net: Truncate recvfrom and sendto length to INT_MAX.
- LP: #708839
* posix-cpu-timers: workaround to suppress the problems with mt exec
- LP: #712609
* sys_semctl: fix kernel stack leakage
- LP: #712749
* x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet.
- LP: #709372
* memory corruption in X.25 facilities parsing
- LP: #709372
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* fs/partitions/
- LP: #771382
- CVE-2011-1017
* net: clear heap allocations for privileged ethtool actions
- LP: #771445
* Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
- LP: #772543
* Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
- LP: #772543
* exec: make argv/envp memory visible to oom-killer
- LP: #768408
* next_pidmap: fix overflow condition
- LP: #784727
* proc: do proper range check on readdir offset
- LP: #784727
* mpt2sas: prevent heap overflows and unchecked reads
- LP: #787145
* agp: fix arbitrary kernel memory writes
- LP: #788684
* can: add missing socket check in can/raw release
- LP: #788694
* agp: fix OOM and buffer overflow
- LP: #788700
* do_exit(): make sure that we run with get_fs() == USER_DS - CVE-2010-4258
- LP: #723945
- CVE-2010-4258
* x25: Prevent crashing when parsing bad X.25 facilities - CVE-2010-4164
- LP: #731199
- CVE-2010-4164
* install_
- LP: #731971
- CVE-2010-4346
* econet: Fix crash in aun_incoming() - CVE-2010-4342
- LP: #736394
- CVE-2010-4342
* sound: Prevent buffer overflow in OSS load_mixer_volumes - CVE-2010-4527
- LP: #737073
- CVE-2010-4527
* irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
- LP: #737823
- CVE-2010-4529
* CAN: Use inode instead of kernel address for /proc file - CVE-2010-4565
- LP: #765007...
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
status: | In Progress → Fix Released |
tags: |
added: kernel-cve-tracking-bug removed: kernel-cve-tracker |
Launchpad Janitor (janitor) wrote : | #7 |
This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.24
---------------
linux-ti-omap4 (2.6.35-903.24) maverick-proposed; urgency=low
* Release tracking bug
- LP: #838037
[ Upstream Kernel Changes ]
* ipv6: make fragment identifications less predictable, CVE-2011-2699
- LP: #827685
- CVE-2011-2699
* perf: Fix software event overflow, CVE-2011-2918
- LP: #834121
- CVE-2011-2918
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
linux-ti-omap4 (2.6.35-903.23) maverick-proposed; urgency=low
* Release tracking bug
- LP: #829655
[ Upstream Kernel Changes ]
* drm/radeon/kms: check AA resolve registers on r300, CVE-2011-1016
- LP: #745686
- CVE-2011-1016
* drm/radeon: fix regression with AA resolve checking, CVE-2011-1016
- LP: #745686
- CVE-2011-1016
* can-bcm: fix minor heap overflow
- LP: #690730
* CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
- LP: #765007
- CVE-2010-4565
* av7110: check for negative array offset
- LP: #747520
* xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
CVE-2011-0711
- LP: #767740
- CVE-2011-0711
* ALSA: caiaq - Fix possible string-buffer overflow
- LP: #747520
* IB/cm: Bump reference count on cm_id before invoking callback,
CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* RDMA/cma: Fix crash in request handlers, CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* Treat writes as new when holes span across page boundaries,
CVE-2011-0463
- LP: #770483
- CVE-2011-0463
* net: clear heap allocations for privileged ethtool actions
- LP: #686158
* usb: iowarrior: don't trust report_size for buffer size
- LP: #747520
* fs/partitions/
CVE-2011-1017
- LP: #771382
- CVE-2011-1017
* Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal
code
- LP: #747520
* Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
- LP: #747520
* exec: make argv/envp memory visible to oom-killer
- LP: #690730
* next_pidmap: fix overflow condition
- LP: #772560
* proc: do proper range check on readdir offset
- LP: #772560
* ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl, CVE-2011-1169
- LP: #785331
- CVE-2011-1169
* mpt2sas: prevent heap overflows and unchecked reads, CVE-2011-1494
- LP: #787145
- CVE-2011-1494
* agp: fix arbitrary kernel memory writes, CVE-1011-2022
- LP: #788684
- CVE-1011-2022
* can: add missing socket check in can/raw release, CVE-2011-1748
- LP: #788694
- CVE-2011-1748
* agp: fix OOM and buffer overflow
- LP: #788700
* drivers/
memory - CVE-2010-3296
- CVE-2010-3296
* drivers/net/eql.c: prevent reading uninitialized stack memory -
CVE-2010-3297
- CVE-2010-3297
* inet_diag: Make sure we actually run the same bytecode we audited,
CVE-2010-3880
- LP: #711865
- CVE-2010-3880
* setup_arg_pages: diagnose excessive argume...
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | In Progress → Fix Released |
Changed in linux (Ubuntu Dapper): | |
status: | Fix Committed → Won't Fix |
The upstream commit for this patch is: 982f7c2b2e6a28f 8f266e075d92e19 c0dd4c6e56