Xenial update: 4.4.178 upstream stable release

Bug #1826212 reported by Stefan Bader
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Stefan Bader

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.4.178 upstream stable release
       from git://git.kernel.org/

The following patches will be applied:
* mmc: pxamci: fix enum type confusion
* drm/vmwgfx: Don't double-free the mode stored in par->set_mode
* udf: Fix crash on IO error during truncate
* mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
* MIPS: Fix kernel crash for R6 in jump label branch function
* futex: Ensure that futex address is aligned in handle_futex_death()
* ext4: fix NULL pointer dereference while journal is aborted
* ext4: fix data corruption caused by unaligned direct AIO
* ext4: brelse all indirect buffer in ext4_ind_remove_space()
* mmc: tmio_mmc_core: don't claim spurious interrupts
* media: v4l2-ctrls.c/uvc: zero v4l2_event
* locking/lockdep: Add debug_locks check in __lock_downgrade()
* ALSA: hda - Record the current power state before suspend/resume calls
* ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
* mmc: pwrseq_simple: Make reset-gpios optional to match doc
* mmc: debugfs: Add a restriction to mmc debugfs clock setting
* mmc: make MAN_BKOPS_EN message a debug
* mmc: sanitize 'bus width' in debug output
* mmc: core: shut up "voltage-ranges unspecified" pr_info()
* usb: dwc3: gadget: Fix suspend/resume during device mode
* arm64: mm: Add trace_irqflags annotations to do_debug_exception()
* mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
* mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
* extcon: usb-gpio: Don't miss event during suspend/resume
* kbuild: setlocalversion: print error to STDERR
* usb: gadget: composite: fix dereference after null check coverify warning
* usb: gadget: Add the gserial port checking in gs_start_tx()
* tcp/dccp: drop SYN packets if accept queue is full
* serial: sprd: adjust TIMEOUT to a big value
* Hang/soft lockup in d_invalidate with simultaneous calls
* arm64: traps: disable irq in die()
* usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
* serial: sprd: clear timeout interrupt only rather than all interrupts
* lib/int_sqrt: optimize small argument
* USB: core: only clean up what we allocated
* rtc: Fix overflow when converting time64_t to rtc_time
* ath10k: avoid possible string overflow
* mmc: block: Allow more than 8 partitions per card
* arm64: fix COMPAT_SHMLBA definition for large pages
* efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
* ARM: 8458/1: bL_switcher: add GIC dependency
* ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
* android: unconditionally remove callbacks in sync_fence_free()
* vmstat: make vmstat_updater deferrable again and shut down on idle
* hid-sensor-hub.c: fix wrong do_div() usage
* arm64: hide __efistub_ aliases from kallsyms
* perf: Synchronously free aux pages in case of allocation failure
* net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
* Revert "mmc: block: don't use parameter prefix if built as module"
* writeback: initialize inode members that track writeback history
* coresight: fixing lockdep error
* coresight: coresight_unregister() function cleanup
* coresight: release reference taken by 'bus_find_device()'
* coresight: remove csdev's link from topology
* stm class: Fix locking in unbinding policy path
* stm class: Fix link list locking
* stm class: Prevent user-controllable allocations
* stm class: Support devices with multiple instances
* stm class: Fix unlocking braino in the error path
* stm class: Guard output assignment against concurrency
* stm class: Fix unbalanced module/device refcounting
* stm class: Fix a race in unlinking
* coresight: "DEVICE_ATTR_RO" should defined as static.
* coresight: etm4x: Check every parameter used by dma_xx_coherent.
* asm-generic: Fix local variable shadow in __set_fixmap_offset
* staging: ashmem: Avoid deadlock with mmap/shrink
* staging: ashmem: Add missing include
* staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
* staging: goldfish: audio: fix compiliation on arm
* ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
* arm64/kernel: fix incorrect EL0 check in inv_entry macro
* mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
* perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
* arm64: kernel: Include _AC definition in page.h
* PM / Hibernate: Call flush_icache_range() on pages restored in-place
* stm class: Do not leak the chrdev in error path
* stm class: Fix stm device initialization order
* ipv6: fix endianness error in icmpv6_err
* usb: gadget: configfs: add mutex lock before unregister gadget
* usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
* cpu/hotplug: Handle unbalanced hotplug enable/disable
* video: fbdev: Set pixclock = 0 in goldfishfb
* arm64: kconfig: drop CONFIG_RTC_LIB dependency
* mmc: mmc: fix switch timeout issue caused by jiffies precision
* cfg80211: size various nl80211 messages correctly
* stmmac: copy unicast mac address to MAC registers
* dccp: do not use ipv6 header for ipv4 flow
* mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
* net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
* net: rose: fix a possible stack overflow
* Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel
* packets: Always register packet sk in the same order
* tcp: do not use ipv6 header for ipv4 flow
* vxlan: Don't call gro_cells_destroy() before device is unregistered
* sctp: get sctphdr by offset in sctp_compute_cksum
* mac8390: Fix mmio access size probe
* btrfs: remove WARN_ON in log_dir_items
* ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
* ALSA: compress: add support for 32bit calls in a 64bit kernel
* ALSA: pcm: Fix possible OOB access in PCM oss plugins
* ALSA: pcm: Don't suspend stream in unrecoverable PCM state
* scsi: sd: Fix a race between closing an sd device and sd I/O
* scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
* scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
* tty: atmel_serial: fix a potential NULL pointer dereference
* staging: vt6655: Remove vif check from vnt_interrupt
* staging: vt6655: Fix interrupt race condition on device start up.
* serial: max310x: Fix to avoid potential NULL pointer dereference
* serial: sh-sci: Fix setting SCSCR_TIE while transferring data
* USB: serial: cp210x: add new device id
* USB: serial: ftdi_sio: add additional NovaTech products
* USB: serial: mos7720: fix mos_parport refcount imbalance on error path
* USB: serial: option: set driver_info for SIM5218 and compatibles
* USB: serial: option: add Olicard 600
* Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
* fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
* gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
* perf intel-pt: Fix TSC slip
* x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
* KVM: Reject device ioctls from processes other than the VM's creator
* xhci: Fix port resume done detection for SS ports with LPM enabled
* Revert "USB: core: only clean up what we allocated"
* arm64: support keyctl() system call in 32-bit mode
* coresight: removing bind/unbind options from sysfs
* stm class: Hide STM-specific options if STM is disabled
* Linux 4.4.178

CVE References

Stefan Bader (smb)
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → Confirmed
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Revision history for this message
Stefan Bader (smb) wrote :

Skipped "Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt" since it is already applied for CVE-2019-3460.
Skipped "Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer" since it is already applied for CVE-2019-3459.
Skipped "sched/fair: Fix new task's load avg removed from source CPU in wake_up_new_task()" since it is already applied for bug #1643797.
Skipped "btrfs: raid56: properly unmap parity page in finish_parity_scrub()" since it is already applied for bug #1812845.

Skipped several patches for CVE-2017-5753 (already applied):
* "ALSA: rawmidi: Fix potential Spectre v1 vulnerability"
* "ALSA: seq: oss: Fix Spectre v1 vulnerability"

Stefan Bader (smb)
description: updated
Changed in linux (Ubuntu Xenial):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (19.2 KiB)

This bug was fixed in the package linux - 4.4.0-150.176

linux (4.4.0-150.176) xenial; urgency=medium

  * linux: 4.4.0-150.176 -proposed tracker (LP: #1830941)

  * glibc 2.23-0ubuntu11 ADT test failure with linux 4.4.0-149.175
    (LP: #1830890)
    - x86/vdso: Pass --eh-frame-hdr to the linker

linux (4.4.0-149.175) xenial; urgency=medium

  * linux: 4.4.0-149.175 -proposed tracker (LP: #1829209)

  * disable a.out support (LP: #1818552)
    - [Config] Disable a.out support

  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite, if requested to.

  * Xenial update: 4.4.179 upstream stable release (LP: #1828420)
    - arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
    - arm64: debug: Ensure debug handlers check triggering exception level
    - ext4: cleanup bh release code in ext4_ind_remove_space()
    - lib/int_sqrt: optimize initial value compute
    - tty/serial: atmel: Add is_half_duplex helper
    - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
    - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
    - Bluetooth: Fix decrementing reference count twice in releasing socket
    - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
    - CIFS: fix POSIX lock leak and invalid ptr deref
    - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
    - tracing: kdb: Fix ftdump to not sleep
    - gpio: gpio-omap: fix level interrupt idling
    - sysctl: handle overflow for file-max
    - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
    - mm/cma.c: cma_declare_contiguous: correct err handling
    - mm/page_ext.c: fix an imbalance with kmemleak
    - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
    - mm/slab.c: kmemleak no scan alien caches
    - ocfs2: fix a panic problem caused by o2cb_ctl
    - f2fs: do not use mutex lock in atomic context
    - fs/file.c: initialize init_files.resize_wait
    - cifs: use correct format characters
    - dm thin: add sanity checks to thin-pool and external snapshot creation
    - cifs: Fix NULL pointer dereference of devname
    - fs: fix guard_bio_eod to check for real EOD errors
    - tools lib traceevent: Fix buffer overflow in arg_eval
    - usb: chipidea: Grab the (legacy) USB PHY by phandle first
    - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
    - coresight: etm4x: Add support to enable ETMv4.2
    - ARM: 8840/1: use a raw_spinlock_t in unwind
    - mmc: omap: fix the maximum timeout setting
    - e1000e: Fix -Wformat-truncation warnings
    - IB/mlx4: Increase the timeout for CM cache
    - scsi: megaraid_sas: return error when create DMA pool failed
    - perf test: Fix failure of 'evsel-tp-sched' test on s390
    - SoC: imx-sgtl5000: add missing put_device()
    - media: sh_veu: Correct return type for mem2mem buffer helpers
    - media: s5...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers