Xenial update: 4.4.194 upstream stable release

Bug #1845405 reported by Connor Kuehl
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Xenial
Fix Released
Medium
Connor Kuehl

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

* bridge/mdb: remove wrong use of NLM_F_MULTI
* cdc_ether: fix rndis support for Mediatek based smartphones
* ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
* isdn/capi: check message length in capi_write()
* net: Fix null de-reference of device refcount
* sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
* sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
* sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
* tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
* tipc: add NULL pointer check before calling kfree_rcu
* tun: fix use-after-free when register netdev failed
* Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
* Btrfs: fix assertion failure during fsync and use of stale transaction
* genirq: Prevent NULL pointer dereference in resend_irqs()
* KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
* KVM: x86: work around leak of uninitialized stack contents
* KVM: nVMX: handle page fault in vmread
* MIPS: VDSO: Prevent use of smp_processor_id()
* MIPS: VDSO: Use same -m%-float cflag as the kernel proper
* clk: rockchip: Don't yell about bad mmc phases when getting
* driver core: Fix use-after-free and double free on glue directory
* crypto: talitos - check AES key size
* crypto: talitos - check data blocksize in ablkcipher.
* x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning
* MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
* ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
* USB: usbcore: Fix slab-out-of-bounds bug during device reset
* media: tm6000: double free if usb disconnect while streaming
* x86/boot: Add missing bootparam that breaks boot on some platforms
* xen-netfront: do not assume sk_buff_head list is empty in error handling
* KVM: coalesced_mmio: add bounds checking
* serial: sprd: correct the wrong sequence of arguments
* tty/serial: atmel: reschedule TX after RX was started
* mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
* s390/bpf: fix lcgr instruction encoding
* ARM: OMAP2+: Fix omap4 errata warning on other SoCs
* s390/bpf: use 32-bit index for tail calls
* NFSv4: Fix return values for nfs4_file_open()
* NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
* Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105
* ARM: 8874/1: mm: only adjust sections of valid mm structures
* r8152: Set memory to all 0xFFs on failed reg reads
* x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
* netfilter: nf_conntrack_ftp: Fix debug output
* NFSv2: Fix eof handling
* NFSv2: Fix write regression
* cifs: set domainName when a domain-key is used in multiuser
* cifs: Use kzfree() to zero out the password
* sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
* tools/power turbostat: fix buffer overrun
* net: seeq: Fix the function used to release some memory in an error handling path
* dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
* keys: Fix missing null pointer check in request_key_auth_describe()
* floppy: fix usercopy direction
* media: technisat-usb2: break out of loop at end of buffer
* ARC: export "abort" for modules
* net_sched: let qdisc_put() accept NULL pointer
* Linux 4.4.194

       4.4.194 upstream stable release
       from git://git.kernel.org/

Connor Kuehl (connork)
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Connor Kuehl (connork)
Connor Kuehl (connork)
description: updated
Revision history for this message
Kleber Sacilotto de Souza (kleber-souza) wrote :

The following commit has already been applied and was skipped:

* f9921443b26c KVM: coalesced_mmio: add bounds checking
  - Applied for CVE-2019-14821

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (15.0 KiB)

This bug was fixed in the package linux - 4.4.0-166.195

---------------
linux (4.4.0-166.195) xenial; urgency=medium

  * xenial/linux: 4.4.0-166.195 -proposed tracker (LP: #1846069)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2017-18232
    - scsi: libsas: direct call probe and destruct

  * CVE-2018-21008
    - rsi: add fix for crash during assertions

  * Xenial update: 4.4.194 upstream stable release (LP: #1845405)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - driver core: Fix use-after-free and double free on glue directory
    - crypto: talitos - check AES key size
    - crypto: talitos - check data blocksize in ablkcipher.
    - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
      GCC9 build warning
    - MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - media: tm6000: double free if usb disconnect while streaming
    - x86/boot: Add missing bootparam that breaks boot on some platforms
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - s390/bpf: use 32-bit index for tail calls
    - NFSv4: Fix return values for nfs4_file_open()
    - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
    - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
      ATM_NICSTAR_USE_IDT77105
    - ARM: 8874/1: mm: only adjust sections of valid mm structures
    - r8152: Set memory to all 0xFFs on failed reg reads
    - x86/apic: Fix arch_dynirq_lower_bound() bug for D...

Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.