Xenial update: 4.4.190 upstream stable release

Bug #1845038 reported by Connor Kuehl on 2019-09-23
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Connor Kuehl

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* usb: iowarrior: fix deadlock on disconnect
* sound: fix a memory leak bug
* x86/mm: Check for pfn instead of page in vmalloc_sync_one()
* x86/mm: Sync also unmappings in vmalloc_sync_all()
* mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
* perf db-export: Fix thread__exec_comm()
* usb: yurex: Fix use-after-free in yurex_delete
* can: peak_usb: fix potential double kfree_skb()
* netfilter: nfnetlink: avoid deadlock due to synchronous request_module
* iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
* mac80211: don't warn about CW params when not using them
* hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
* cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
* s390/qdio: add sanity checks to the fast-requeue path
* ALSA: compress: Fix regression on compressed capture streams
* ALSA: compress: Prevent bypasses of set_params
* ALSA: compress: Be more restrictive about when a drain is allowed
* perf probe: Avoid calling freeing routine multiple times for same pointer
* ARM: davinci: fix sleep.S build error on ARMv4
* scsi: megaraid_sas: fix panic on loading firmware crashdump
* scsi: ibmvfc: fix WARN_ON during event pool release
* tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
* perf/core: Fix creating kernel counters for PMUs that override event->cpu
* can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
* can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
* hwmon: (nct7802) Fix wrong detection of in4 presence
* ALSA: firewire: fix a memory leak bug
* mac80211: don't WARN on short WMM parameters from AP
* SMB3: Fix deadlock in validate negotiate hits reconnect
* smb3: send CAP_DFS capability during session setup
* mwifiex: fix 802.11n/WPA detection
* scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
* sh: kernel: hw_breakpoint: Fix missing break in switch statement
* mm/memcontrol.c: fix use after free in mem_cgroup_iter()
* ALSA: hda - Fix a memory leak bug
* HID: holtek: test for sanity of intfdata
* HID: hiddev: avoid opening a disconnected device
* HID: hiddev: do cleanup in failure of opening a device
* Input: kbtab - sanity check for endpoint type
* Input: iforce - add sanity checks
* net: usb: pegasus: fix improper read if get_registers() fail
* xen/pciback: remove set but not used variable 'old_state'
* irqchip/irq-imx-gpcv2: Forward irq type to parent
* perf header: Fix divide by zero error if f_header.attr_size==0
* perf header: Fix use of unitialized value warning
* libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
* scsi: hpsa: correct scsi command status issue after reset
* ata: libahci: do not complain in case of deferred probe
* kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
* IB/core: Add mitigation for Spectre V1
* ocfs2: remove set but not used variable 'last_hash'
* asm-generic: fix -Wtype-limits compiler warnings
* staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
* staging: comedi: dt3000: Fix rounding up of timer divisor
* USB: core: Fix races in character device registration and deregistraion
* usb: cdc-acm: make sure a refcount is taken early enough
* USB: serial: option: add D-Link DWM-222 device ID
* USB: serial: option: Add support for ZTE MF871A
* USB: serial: option: add the BroadMobi BM818 card
* USB: serial: option: Add Motorola modem UARTs
* Backport minimal compiler_attributes.h to support GCC 9
* include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
* arm64: compat: Allow single-byte watchpoints on all addresses
* Input: psmouse - fix build error of multiple definition
* asm-generic: default BUG_ON(x) to if(x)BUG()
* scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
* RDMA: Directly cast the sockaddr union to sockaddr
* IB/mlx5: Make coding style more consistent
* x86/vdso: Remove direct HPET access through the vDSO
* iommu/amd: Move iommu_init_pci() to .init section
* x86/boot: Disable the address-of-packed-member compiler warning
* net/packet: fix race in tpacket_snd()
* xen/netback: Reset nr_frags before freeing skb
* net/mlx5e: Only support tx/rx pause setting for port owner
* sctp: fix the transport error_count check
* bonding: Add vlan tx offload to hw_enc_features
* Linux 4.4.190
* UBUNTU: [Packaging] update i386 retpoline for get_order

       4.4.190 upstream stable release
       from git://git.kernel.org/

Connor Kuehl (connork) wrote :

Already applied:

* usb: gadget: f_midi: fail if set_alt fails to allocate requests

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Connor Kuehl (connork)
Connor Kuehl (connork) on 2019-09-24
description: updated
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (15.0 KiB)

This bug was fixed in the package linux - 4.4.0-166.195

linux (4.4.0-166.195) xenial; urgency=medium

  * xenial/linux: 4.4.0-166.195 -proposed tracker (LP: #1846069)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2017-18232
    - scsi: libsas: direct call probe and destruct

  * CVE-2018-21008
    - rsi: add fix for crash during assertions

  * Xenial update: 4.4.194 upstream stable release (LP: #1845405)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - driver core: Fix use-after-free and double free on glue directory
    - crypto: talitos - check AES key size
    - crypto: talitos - check data blocksize in ablkcipher.
    - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
      GCC9 build warning
    - MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - media: tm6000: double free if usb disconnect while streaming
    - x86/boot: Add missing bootparam that breaks boot on some platforms
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - s390/bpf: use 32-bit index for tail calls
    - NFSv4: Fix return values for nfs4_file_open()
    - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
    - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
    - ARM: 8874/1: mm: only adjust sections of valid mm structures
    - r8152: Set memory to all 0xFFs on failed reg reads
    - x86/apic: Fix arch_dynirq_lower_bound() bug for D...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers