This bug was fixed in the package linux-kvm - 4.4.0-1060.67 --------------- linux-kvm (4.4.0-1060.67) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1060.67 -proposed tracker (LP: #1846060) * Xenial update: 4.4.190 upstream stable release (LP: #1845038) - [config] Update CONFIG_ISCSI_IBFT_FIND option name * ubuntu_quota_smoke_test failed with KVM kernel (LP: #1784535) - [Config] Enable quota module support [ Ubuntu: 4.4.0-166.195 ] * xenial/linux: 4.4.0-166.195 -proposed tracker (LP: #1846069) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * CVE-2017-18232 - scsi: libsas: direct call probe and destruct * CVE-2018-21008 - rsi: add fix for crash during assertions * Xenial update: 4.4.194 upstream stable release (LP: #1845405) - bridge/mdb: remove wrong use of NLM_F_MULTI - cdc_ether: fix rndis support for Mediatek based smartphones - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' - isdn/capi: check message length in capi_write() - net: Fix null de-reference of device refcount - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR - tipc: add NULL pointer check before calling kfree_rcu - tun: fix use-after-free when register netdev failed - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur" - Btrfs: fix assertion failure during fsync and use of stale transaction - genirq: Prevent NULL pointer dereference in resend_irqs() - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl - KVM: x86: work around leak of uninitialized stack contents - KVM: nVMX: handle page fault in vmread - MIPS: VDSO: Prevent use of smp_processor_id() - MIPS: VDSO: Use same -m%-float cflag as the kernel proper - clk: rockchip: Don't yell about bad mmc phases when getting - driver core: Fix use-after-free and double free on glue directory - crypto: talitos - check AES key size - crypto: talitos - check data blocksize in ablkcipher. - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning - MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send() - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs - USB: usbcore: Fix slab-out-of-bounds bug during device reset - media: tm6000: double free if usb disconnect while streaming - x86/boot: Add missing bootparam that breaks boot on some platforms - xen-netfront: do not assume sk_buff_head list is empty in error handling - serial: sprd: correct the wrong sequence of arguments - tty/serial: atmel: reschedule TX after RX was started - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings - s390/bpf: fix lcgr instruction encoding - ARM: OMAP2+: Fix omap4 errata warning on other SoCs - s390/bpf: use 32-bit index for tail calls - NFSv4: Fix return values for nfs4_file_open() - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105 - ARM: 8874/1: mm: only adjust sections of valid mm structures - r8152: Set memory to all 0xFFs on failed reg reads - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines - netfilter: nf_conntrack_ftp: Fix debug output - NFSv2: Fix eof handling - NFSv2: Fix write regression - cifs: set domainName when a domain-key is used in multiuser - cifs: Use kzfree() to zero out the password - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) - tools/power turbostat: fix buffer overrun - net: seeq: Fix the function used to release some memory in an error handling path - dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe() - keys: Fix missing null pointer check in request_key_auth_describe() - floppy: fix usercopy direction - media: technisat-usb2: break out of loop at end of buffer - ARC: export "abort" for modules - net_sched: let qdisc_put() accept NULL pointer - Linux 4.4.194 * CVE-2019-14821 - KVM: coalesced_mmio: add bounds checking * Xenial update: 4.4.193 upstream stable release (LP: #1845395) - ALSA: hda - Fix potential endless loop at applying quirks - ALSA: hda/realtek - Fix overridden device-specific initialization - xfrm: clean up xfrm protocol checks - vhost/test: fix build for vhost test - scripts/decode_stacktrace: match basepath using shell prefix operator, not regex - clk: s2mps11: Add used attribute to s2mps11_dt_match - x86, boot: Remove multiple copy of static function sanitize_boot_params() - af_packet: tone down the Tx-ring unsupported spew. - Linux 4.4.193 * Xenial update: 4.4.192 upstream stable release (LP: #1845374) - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx - Bluetooth: btqca: Add a short delay before downloading the NVM - ibmveth: Convert multicast list size for little-endian system - gpio: Fix build error of function redefinition - cxgb4: fix a memory leak bug - net: myri10ge: fix memory leaks - cx82310_eth: fix a memory leak bug - net: kalmia: fix memory leaks - wimax/i2400m: fix a memory leak bug - ravb: Fix use-after-free ravb_tstamp_skb - Tools: hv: kvp: eliminate 'may be used uninitialized' warning - IB/mlx4: Fix memory leaks - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() - KVM: arm/arm64: Only skip MMIO insn once - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer - spi: bcm2835aux: ensure interrupts are enabled for shared handler - spi: bcm2835aux: unifying code between polling and interrupt driven code - spi: bcm2835aux: remove dangerous uncontrolled read of fifo - spi: bcm2835aux: fix corruptions for longer spi transfers - Revert "x86/apic: Include the LDR when clearing out APIC registers" - net: fix skb use after free in netpoll - net: stmmac: dwmac-rk: Don't fail if phy regulator is absent - Linux 4.4.192 * Xenial update: 4.4.191 upstream stable release (LP: #1845036) - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT - MIPS: kernel: only use i8253 clocksource with periodic clockevent - netfilter: ebtables: fix a memory leak bug in compat - bonding: Force slave speed check after link state recovery for 802.3ad - can: dev: call netif_carrier_off() in register_candev() - st21nfca_connectivity_event_received: null check the allocation - st_nci_hci_connectivity_event_received: null check the allocation - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint - net: usb: qmi_wwan: Add the BroadMobi BM818 card - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack - perf bench numa: Fix cpu0 binding - can: sja1000: force the string buffer NULL-terminated - can: peak_usb: force the string buffer NULL-terminated - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()' - net: hisilicon: make hip04_tx_reclaim non-reentrant - net: hisilicon: fix hip04-xmit never return TX_BUSY - net: hisilicon: Fix dma_map_single failed on arm64 - libata: add SG safety checks in SFF pio transfers - selftests: kvm: Adding config fragments - HID: wacom: correct misreported EKR ring values - Revert "dm bufio: fix deadlock with loop device" - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx - x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386 - x86/apic: Handle missing global clockevent gracefully - x86/boot: Save fields explicitly, zero out everything else - x86/boot: Fix boot regression caused by bootparam sanitizing - dm btree: fix order of block initialization in btree_split_beneath - dm space map metadata: fix missing store of apply_bops() return value - dm table: fix invalid memory accesses with too high sector number - cgroup: Disable IRQs while holding css_set_lock - net: arc_emac: fix koops caused by sk_buff free - siphash: implement HalfSipHash1-3 for hash tables - netfilter: ctnetlink: don't use conntrack/expect object addresses as id - netfilter: conntrack: Use consistent ct id hash calculation - x86/pm: Introduce quirk framework to save/restore extra MSR registers around suspend/resume - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() - dmaengine: ste_dma40: fix unneeded variable warning - usb: gadget: composite: Clear "suspended" on reset/disconnect - usb: host: fotg2: restart hcd after port reset - tools: hv: fix KVP and VSS daemons exit code - watchdog: bcm2835_wdt: Fix module autoload - tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue - ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term - ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit - tcp: make sure EPOLLOUT wont be missed - ALSA: seq: Fix potential concurrent access to the deleted pool - KVM: x86: Don't update RIP or do single-step on faulting emulation - x86/apic: Do not initialize LDR and DFR for bigsmp - x86/apic: Include the LDR when clearing out APIC registers - usb-storage: Add new JMS567 revision to unusual_devs - USB: cdc-wdm: fix race between write and disconnect due to flag abuse - usb: host: ohci: fix a race condition between shutdown and irq - USB: storage: ums-realtek: Update module parameter description for auto_delink_en - ptrace,x86: Make user_64bit_mode() available to 32-bit builds - uprobes/x86: Fix detection of 32-bit user mode - mmc: sdhci-of-at91: add quirk for broken HS200 - mmc: core: Fix init of SD cards reporting an invalid VDD range - stm class: Fix a double free of stm_source_device - VMCI: Release resource if the work is already queued - Revert "cfg80211: fix processing world regdomain when non modular" - mac80211: fix possible sta leak - x86/ptrace: fix up botched merge of spectrev1 fix - Linux 4.4.191 * New ID in ums-realtek module breaks cardreader (LP: #1838886) // Xenial update: 4.4.191 upstream stable release (LP: #1845036) - USB: storage: ums-realtek: Whitelist auto-delink support * Xenial update: 4.4.190 upstream stable release (LP: #1845038) - usb: iowarrior: fix deadlock on disconnect - sound: fix a memory leak bug - x86/mm: Check for pfn instead of page in vmalloc_sync_one() - x86/mm: Sync also unmappings in vmalloc_sync_all() - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() - perf db-export: Fix thread__exec_comm() - usb: yurex: Fix use-after-free in yurex_delete - can: peak_usb: fix potential double kfree_skb() - netfilter: nfnetlink: avoid deadlock due to synchronous request_module - iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND - mac80211: don't warn about CW params when not using them - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() - s390/qdio: add sanity checks to the fast-requeue path - ALSA: compress: Fix regression on compressed capture streams - ALSA: compress: Prevent bypasses of set_params - ALSA: compress: Be more restrictive about when a drain is allowed - perf probe: Avoid calling freeing routine multiple times for same pointer - ARM: davinci: fix sleep.S build error on ARMv4 - scsi: megaraid_sas: fix panic on loading firmware crashdump - scsi: ibmvfc: fix WARN_ON during event pool release - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop - perf/core: Fix creating kernel counters for PMUs that override event->cpu - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices - hwmon: (nct7802) Fix wrong detection of in4 presence - ALSA: firewire: fix a memory leak bug - mac80211: don't WARN on short WMM parameters from AP - SMB3: Fix deadlock in validate negotiate hits reconnect - smb3: send CAP_DFS capability during session setup - mwifiex: fix 802.11n/WPA detection - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA - sh: kernel: hw_breakpoint: Fix missing break in switch statement - mm/memcontrol.c: fix use after free in mem_cgroup_iter() - ALSA: hda - Fix a memory leak bug - HID: holtek: test for sanity of intfdata - HID: hiddev: avoid opening a disconnected device - HID: hiddev: do cleanup in failure of opening a device - Input: kbtab - sanity check for endpoint type - Input: iforce - add sanity checks - net: usb: pegasus: fix improper read if get_registers() fail - xen/pciback: remove set but not used variable 'old_state' - irqchip/irq-imx-gpcv2: Forward irq type to parent - perf header: Fix divide by zero error if f_header.attr_size==0 - perf header: Fix use of unitialized value warning - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() - scsi: hpsa: correct scsi command status issue after reset - ata: libahci: do not complain in case of deferred probe - kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules - IB/core: Add mitigation for Spectre V1 - ocfs2: remove set but not used variable 'last_hash' - asm-generic: fix -Wtype-limits compiler warnings - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' - staging: comedi: dt3000: Fix rounding up of timer divisor - USB: core: Fix races in character device registration and deregistraion - usb: cdc-acm: make sure a refcount is taken early enough - USB: serial: option: add D-Link DWM-222 device ID - USB: serial: option: Add support for ZTE MF871A - USB: serial: option: add the BroadMobi BM818 card - USB: serial: option: Add Motorola modem UARTs - Backport minimal compiler_attributes.h to support GCC 9 - include/linux/module.h: copy __init/__exit attrs to init/cleanup_module - arm64: compat: Allow single-byte watchpoints on all addresses - Input: psmouse - fix build error of multiple definition - asm-generic: default BUG_ON(x) to if(x)BUG() - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure - RDMA: Directly cast the sockaddr union to sockaddr - IB/mlx5: Make coding style more consistent - x86/vdso: Remove direct HPET access through the vDSO - iommu/amd: Move iommu_init_pci() to .init section - x86/boot: Disable the address-of-packed-member compiler warning - net/packet: fix race in tpacket_snd() - xen/netback: Reset nr_frags before freeing skb - net/mlx5e: Only support tx/rx pause setting for port owner - sctp: fix the transport error_count check - bonding: Add vlan tx offload to hw_enc_features - Linux 4.4.190 -- Khalid Elmously