[ubuntu/bionic-proposed] linux-azure-4.15 4.15.0-1119.132 (Accepted)

Andy Whitcroft apw at canonical.com
Fri Jun 25 20:44:25 UTC 2021


linux-azure-4.15 (4.15.0-1119.132) bionic; urgency=medium

  * bionic/linux-azure-4.15: 4.15.0-1119.132 -proposed tracker (LP: #1932496)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

  [ Ubuntu: 4.15.0-149.153 ]

  * bionic/linux: 4.15.0-149.153 -proposed tracker (LP: #1933434)
  * selftests: bpf: test_verifier fixes (LP: #1933385)
    - bpf: Update selftests to reflect new error states
    - bpf, selftests: Adjust few selftest result_unpriv outcomes
  * CVE-2021-33200
    - bpf: Fix mask direction swap upon off reg sign change

  [ Ubuntu: 4.15.0-148.152 ]

  * bionic/linux: 4.15.0-148.152 -proposed tracker (LP: #1932515)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * Upstream v5.9 introduced 'module' patches that removed exported symbols
    (LP: #1932065)
    - SAUCE: Revert "modules: inherit TAINT_PROPRIETARY_MODULE"
    - SAUCE: Revert "modules: return licensing information from find_symbol"
    - SAUCE: Revert "modules: rename the licence field in struct symsearch to
      license"
    - SAUCE: Revert "modules: unexport __module_address"
    - SAUCE: Revert "modules: unexport __module_text_address"
    - SAUCE: Revert "modules: mark each_symbol_section static"
    - SAUCE: Revert "modules: mark find_symbol static"
    - SAUCE: Revert "modules: mark ref_module static"
  * Disable hv-kvp-daemon.service on certain instance types (LP: #1932081)
    - [Packaging]: Add kernel command line condition to hv-kvp-daemon service
  * Bionic update: upstream stable patchset 2021-06-11 (LP: #1931740)
    - openrisc: Fix a memory leak
    - RDMA/rxe: Clear all QP fields if creation failed
    - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword()
    - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
    - cifs: fix memory leak in smb2_copychunk_range
    - ALSA: line6: Fix racy initialization of LINE6 MIDI
    - ALSA: usb-audio: Validate MS endpoint descriptors
    - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
    - Revert "ALSA: sb8: add a check for request_region"
    - Revert "rapidio: fix a NULL pointer dereference when create_workqueue()
      fails"
    - rapidio: handle create_workqueue() failure
    - xen-pciback: reconfigure also from backend watch handler
    - dm snapshot: fix crash with transient storage and zero chunk size
    - Revert "video: hgafb: fix potential NULL pointer dereference"
    - Revert "net: stmicro: fix a missing check of clk_prepare"
    - Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"
    - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
    - Revert "video: imsttfb: fix potential NULL pointer dereferences"
    - Revert "ecryptfs: replace BUG_ON with error handling code"
    - Revert "gdrom: fix a memory leak bug"
    - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
    - cdrom: gdrom: initialize global variable at init time
    - Revert "media: rcar_drif: fix a memory disclosure"
    - Revert "rtlwifi: fix a potential NULL pointer dereference"
    - Revert "qlcnic: Avoid potential NULL pointer dereference"
    - Revert "niu: fix missing checks of niu_pci_eeprom_read"
    - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
    - net: stmicro: handle clk_prepare() failure during init
    - net: rtlwifi: properly check for alloc_workqueue() failure
    - leds: lp5523: check return value of lp5xx_read and jump to cleanup code
    - qlcnic: Add null check after calling netdev_alloc_skb
    - video: hgafb: fix potential NULL pointer dereference
    - vgacon: Record video mode changes with VT_RESIZEX
    - vt: Fix character height handling with VT_RESIZEX
    - tty: vt: always invoke vc->vc_sw->con_resize callback
    - video: hgafb: correctly handle card detect failure during probe
    - Bluetooth: SMP: Fail if remote and local public keys are identical
    - firmware: arm_scpi: Prevent the ternary sign expansion bug
    - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
    - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
    - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293
    - Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer
      dereference"
    - mm, vmstat: drop zone->lock in /proc/pagetypeinfo
    - usb: dwc3: gadget: Enable suspend events
    - NFC: nci: fix memory leak in nci_allocate_device
    - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
    - iommu/vt-d: Fix sysfs leak in alloc_iommu()
    - perf intel-pt: Fix sample instruction bytes
    - perf intel-pt: Fix transaction abort handling
    - proc: Check /proc/$pid/attr/ writes against file opener
    - net: hso: fix control-request directions
    - mac80211: assure all fragments are encrypted
    - mac80211: prevent mixed key and fragment cache attacks
    - mac80211: properly handle A-MSDUs that start with an RFC 1042 header
    - cfg80211: mitigate A-MSDU aggregation attacks
    - mac80211: drop A-MSDUs on old ciphers
    - mac80211: add fragment cache to sta_info
    - mac80211: check defrag PN against current frame
    - mac80211: prevent attacks on TKIP/WEP as well
    - mac80211: do not accept/forward invalid EAPOL frames
    - ath10k: Validate first subframe of A-MSDU before processing the list
    - dm snapshot: properly fix a crash when an origin has no snapshots
    - kgdb: fix gcc-11 warnings harder
    - misc/uss720: fix memory leak in uss720_probe
    - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
    - mei: request autosuspend after sending rx flow control
    - staging: iio: cdc: ad7746: avoid overwrite of num_channels
    - iio: adc: ad7793: Add missing error code in ad7793_setup()
    - USB: trancevibrator: fix control-request direction
    - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
    - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
    - USB: serial: ti_usb_3410_5052: add startech.com device id
    - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
    - USB: serial: ftdi_sio: add IDs for IDS GmbH Products
    - USB: serial: pl2303: add device id for ADLINK ND-6530 GC
    - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
    - net: usb: fix memory leak in smsc75xx_bind
    - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
    - NFS: fix an incorrect limit in filelayout_decode_layout()
    - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
    - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
    - drm/meson: fix shutdown crash when component not probed
    - net/mlx4: Fix EEPROM dump support
    - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv"
    - tipc: skb_linearize the head skb when reassembling msgs
    - i2c: s3c2410: fix possible NULL pointer deref on read message after write
    - i2c: i801: Don't generate an interrupt on bus reset
    - perf jevents: Fix getting maximum number of fds
    - platform/x86: hp_accel: Avoid invoking _INI to speed up resume
    - serial: max310x: unregister uart driver in case of failure and abort
    - net: fujitsu: fix potential null-ptr-deref
    - net: caif: remove BUG_ON(dev == NULL) in caif_xmit
    - char: hpet: add checks after calling ioremap
    - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
    - dmaengine: qcom_hidma: comment platform_driver_register call
    - libertas: register sysfs groups properly
    - media: dvb: Add check on sp8870_readreg return
    - media: gspca: properly check for errors in po1030_probe()
    - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
    - openrisc: Define memory barrier mb
    - btrfs: do not BUG_ON in link_to_fixup_dir
    - platform/x86: hp-wireless: add AMD's hardware id to the supported list
    - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
    - SMB3: incorrect file id in requests compounded with open
    - drm/amdgpu: Fix a use-after-free
    - net: netcp: Fix an error message
    - net: mdio: thunder: Fix a double free issue in the .remove function
    - net: mdio: octeon: Fix some double free issues
    - net: bnx2: Fix error return code in bnx2_init_board()
    - mld: fix panic in mld_newpack()
    - staging: emxx_udc: fix loop in _nbu2ss_nuke()
    - ASoC: cs35l33: fix an error code in probe()
    - bpf: Set mac_len in bpf_skb_change_head
    - ixgbe: fix large MTU request from VF
    - scsi: libsas: Use _safe() loop in sas_resume_port()
    - ipv6: record frag_max_size in atomic fragments in input path
    - sch_dsmark: fix a NULL deref in qdisc_reset()
    - MIPS: alchemy: xxs1500: add gpio-au1000.h header file
    - MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
    - hugetlbfs: hugetlb_fault_mutex_hash() cleanup
    - drivers/net/ethernet: clean up unused assignments
    - usb: core: reduce power-on-good delay time of root hub
    - USB: usbfs: Don't WARN about excessively large memory allocations
    - bpf: extend is_branch_taken to registers
    - bpf: Move off_reg into sanitize_ptr_alu
    - bpf: Ensure off_reg has no mixed signed bounds for all types
    - bpf: Rework ptr_limit into alu_limit and add common error path
    - bpf: Improve verifier error messages for users
    - bpf: Refactor and streamline bounds check into helper
    - bpf: Move sanitize_val_alu out of op switch
    - bpf: Tighten speculative pointer arithmetic mask
    - bpf: Fix leakage of uninitialized bpf stack under speculation
    - bpf: Wrap aux data inside bpf_sanitize_info container
    - bpf: No need to simulate speculative domain for immediates
    - net: dsa: fix a crash if ->get_sset_count() fails
    - drm/amd/amdgpu: fix refcount leak
    - net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count
    - openvswitch: meter: fix race when getting now_ms.
    - net: hns3: check the return of skb_checksum_help()
  * Bionic update: upstream stable patchset 2021-06-11 (LP: #1931740) //
    CVE-2020-24587 for such cases.
    - mac80211: extend protection against mixed key and fragment cache attacks
  * [82A1, Realtek ALC287, Speaker, Internal] Underruns, dropouts or crackling
    sound (LP: #1925057) // Bionic update: upstream stable patchset 2021-06-11
    (LP: #1931740)
    - ALSA: hda/realtek: reset eapd coeff to default value for alc287
  * test_map in ubuntu_bpf failed with "Allowed update sockmap '0:3' not in
    ESTABLISHED" (LP: #1839912)
    - SAUCE: Revert "bpf: test_maps, only support ESTABLISHED socks"
  * Bionic update: upstream stable patchset 2021-06-01 (LP: #1930472)
    - MIPS: Introduce isa-rev.h to define MIPS_ISA_REV
    - MIPS: cpu-features.h: Replace __mips_isa_rev with MIPS_ISA_REV
    - s390/disassembler: increase ebpf disasm buffer size
    - ACPI: custom_method: fix potential use-after-free issue
    - ACPI: custom_method: fix a possible memory leak
    - arm64: dts: mt8173: fix property typo of 'phys' in dsi node
    - ecryptfs: fix kernel panic with null dev_name
    - spi: spi-ti-qspi: Free DMA resources
    - mmc: block: Update ext_csd.cache_ctrl if it was written
    - mmc: core: Do a power cycle when the CMD11 fails
    - mmc: core: Set read only for SD cards with permanent write protect bit
    - cifs: Return correct error code from smb2_get_enc_key
    - btrfs: fix metadata extent leak after failure to create subvolume
    - intel_th: pci: Add Rocket Lake CPU support
    - fbdev: zero-fill colormap in fbcmap.c
    - staging: wimax/i2400m: fix byte-order issue
    - crypto: api - check for ERR pointers in crypto_destroy_tfm()
    - usb: gadget: uvc: add bInterval checking for HS mode
    - usb: gadget: f_uac1: validate input parameters
    - usb: dwc3: gadget: Ignore EP queue requests during bus reset
    - usb: xhci: Fix port minor revision
    - PCI: PM: Do not read power state in pci_enable_device_flags()
    - x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
    - tee: optee: do not check memref size on return from Secure World
    - perf/arm_pmu_platform: Fix error handling
    - spi: dln2: Fix reference leak to master
    - spi: omap-100k: Fix reference leak to master
    - intel_th: Consistency and off-by-one fix
    - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
    - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
    - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe
    - scsi: lpfc: Fix pt2pt connection does not recover after LOGO
    - scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
    - media: ite-cir: check for receive overflow
    - power: supply: bq27xxx: fix power_avg for newer ICs
    - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has
      been unplugged
    - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
    - media: gspca/sq905.c: fix uninitialized variable
    - power: supply: Use IRQF_ONESHOT
    - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
    - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats()
    - scsi: qla2xxx: Fix use after free in bsg
    - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
    - media: em28xx: fix memory leak
    - media: vivid: update EDID
    - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
    - power: supply: generic-adc-battery: fix possible use-after-free in
      gab_remove()
    - power: supply: s3c_adc_battery: fix possible use-after-free in
      s3c_adc_bat_remove()
    - media: adv7604: fix possible use-after-free in adv76xx_remove()
    - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
    - media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
    - media: dvb-usb: fix memory leak in dvb_usb_adapter_init
    - media: gscpa/stv06xx: fix memory leak
    - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
    - drm/amdgpu: fix NULL pointer dereference
    - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO
      response
    - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
    - scsi: libfc: Fix a format specifier
    - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
    - ALSA: hda/conexant: Re-order CX5066 quirk table entries
    - ALSA: sb: Fix two use after free in snd_sb_qsound_build
    - btrfs: fix race when picking most recent mod log operation for an old root
    - arm64/vdso: Discard .note.gnu.property sections in vDSO
    - openvswitch: fix stack OOB read while fragmenting IPv4 packets
    - ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
    - NFSv4: Don't discard segments marked for return in _pnfs_return_layout()
    - jffs2: Fix kasan slab-out-of-bounds problem
    - powerpc/eeh: Fix EEH handling for hugepages in ioremap space.
    - powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
    - intel_th: pci: Add Alder Lake-M support
    - md/raid1: properly indicate failure when ending a failed write request
    - security: commoncap: fix -Wstringop-overread warning
    - Fix misc new gcc warnings
    - jffs2: check the validity of dstlen in jffs2_zlib_compress()
    - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op")
    - posix-timers: Preserve return value in clock_adjtime32()
    - ftrace: Handle commands when closing set_ftrace_filter file
    - ext4: fix check to prevent false positive report of incorrect used inodes
    - ext4: fix error code in ext4_commit_super
    - media: dvbdev: Fix memory leak in dvb_media_device_free()
    - usb: gadget: dummy_hcd: fix gpf in gadget_setup
    - usb: gadget: Fix double free of device descriptor pointers
    - usb: gadget/function/f_fs string table fix for multiple languages
    - usb: dwc3: gadget: Fix START_TRANSFER link state check
    - tracing: Map all PIDs to command lines
    - dm persistent data: packed struct should have an aligned() attribute too
    - dm space map common: fix division bug in sm_ll_find_free_block()
    - dm rq: fix double free of blk_mq_tag_set in dev remove after table load
      fails
    - modules: mark ref_module static
    - modules: mark find_symbol static
    - modules: mark each_symbol_section static
    - modules: unexport __module_text_address
    - modules: unexport __module_address
    - modules: rename the licence field in struct symsearch to license
    - modules: return licensing information from find_symbol
    - modules: inherit TAINT_PROPRIETARY_MODULE
    - Bluetooth: verify AMP hci_chan before amp_destroy
    - hsr: use netdev_err() instead of WARN_ONCE()
    - bluetooth: eliminate the potential race condition when removing the HCI
      controller
    - net/nfc: fix use-after-free llcp_sock_bind/connect
    - MIPS: pci-rt2880: fix slot 0 configuration
    - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
    - misc: lis3lv02d: Fix false-positive WARN on various HP models
    - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
    - misc: vmw_vmci: explicitly initialize vmci_datagram payload
    - tracing: Restructure trace_clock_global() to never block
    - md-cluster: fix use-after-free issue when removing rdev
    - md: split mddev_find
    - md: factor out a mddev_find_locked helper from mddev_find
    - md: md_open returns -EBUSY when entering racing area
    - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
    - cfg80211: scan: drop entry from hidden_list on overflow
    - drm/radeon: fix copy of uninitialized variable back to userspace
    - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
    - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
    - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
    - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported
    - KVM: s390: split kvm_s390_logical_to_effective
    - KVM: s390: fix guarded storage control register handling
    - KVM: s390: split kvm_s390_real_to_abs
    - usb: gadget: pch_udc: Revert d3cb25a12138 completely
    - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family
    - ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
    - serial: stm32: fix incorrect characters on console
    - serial: stm32: fix tx_empty condition
    - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
    - x86/microcode: Check for offline CPUs before requesting new microcode
    - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
    - usb: gadget: pch_udc: Check if driver is present before calling ->setup()
    - usb: gadget: pch_udc: Check for DMA mapping error
    - crypto: qat - don't release uninitialized resources
    - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
    - fotg210-udc: Fix DMA on EP0 for length > max packet size
    - fotg210-udc: Fix EP0 IN requests bigger than two packets
    - fotg210-udc: Remove a dubious condition leading to fotg210_done
    - fotg210-udc: Mask GRP2 interrupts we don't handle
    - fotg210-udc: Don't DMA more than the buffer can take
    - fotg210-udc: Complete OUT requests on short packets
    - mtd: require write permissions for locking and badblock ioctls
    - bus: qcom: Put child node before return
    - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y,
      unconditionally
    - crypto: qat - fix error path in adf_isr_resource_alloc()
    - USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
    - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
    - staging: rtl8192u: Fix potential infinite loop
    - staging: greybus: uart: fix unprivileged TIOCCSERIAL
    - spi: Fix use-after-free with devm_spi_alloc_*
    - soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
    - soc: qcom: mdt_loader: Detect truncated read of segments
    - ACPI: CPPC: Replace cppc_attr with kobj_attribute
    - crypto: qat - Fix a double free in adf_create_ring
    - usb: gadget: r8a66597: Add missing null check on return from
      platform_get_resource
    - USB: cdc-acm: fix unprivileged TIOCCSERIAL
    - tty: fix return value for unsupported ioctls
    - firmware: qcom-scm: Fix QCOM_SCM configuration
    - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with
      critclk_systems DMI table
    - x86/platform/uv: Fix !KEXEC build failure
    - ttyprintk: Add TTY hangup callback.
    - media: vivid: fix assignment of dev->fbuf_out_flags
    - media: omap4iss: return error code when omap4iss_get() failed
    - media: m88rs6000t: avoid potential out-of-bounds reads on arrays
    - x86/kprobes: Fix to check non boostable prefixes correctly
    - pata_arasan_cf: fix IRQ check
    - pata_ipx4xx_cf: fix IRQ check
    - sata_mv: add IRQ checks
    - ata: libahci_platform: fix IRQ check
    - vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
    - clk: uniphier: Fix potential infinite loop
    - scsi: jazz_esp: Add IRQ check
    - scsi: sun3x_esp: Add IRQ check
    - scsi: sni_53c710: Add IRQ check
    - mfd: stm32-timers: Avoid clearing auto reload register
    - HSI: core: fix resource leaks in hsi_add_client_from_dt()
    - x86/events/amd/iommu: Fix sysfs type mismatch
    - HID: plantronics: Workaround for double volume key presses
    - perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of
      printed chars
    - net: lapbether: Prevent racing when checking whether the netif is running
    - powerpc/prom: Mark identical_pvr_fixup as __init
    - powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration
    - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
    - bug: Remove redundant condition check in report_bug
    - nfc: pn533: prevent potential memory corruption
    - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
    - liquidio: Fix unintented sign extension of a left shift of a u16
    - powerpc/perf: Fix PMU constraint check for EBB events
    - powerpc: iommu: fix build when neither PCI or IBMVIO is set
    - mac80211: bail out if cipher schemes are invalid
    - mt7601u: fix always true expression
    - IB/hfi1: Fix error return code in parse_platform_config()
    - net: thunderx: Fix unintentional sign extension issue
    - i2c: cadence: add IRQ check
    - i2c: emev2: add IRQ check
    - i2c: jz4780: add IRQ check
    - i2c: sh7760: add IRQ check
    - MIPS: pci-legacy: stop using of_pci_range_to_resource
    - powerpc/pseries: extract host bridge from pci_bus prior to bus removal
    - rtlwifi: 8821ae: upgrade PHY and RF parameters
    - i2c: sh7760: fix IRQ error path
    - mwl8k: Fix a double Free in mwl8k_probe_hw
    - vsock/vmci: log once the failed queue pair allocation
    - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
    - net: davinci_emac: Fix incorrect masking of tx and rx error channel
    - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
    - powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
    - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
    - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
    - kfifo: fix ternary sign extension bugs
    - smp: Fix smp_call_function_single_async prototype
    - Revert "of/fdt: Make sure no-map does not remove already reserved regions"
    - Revert "fdt: Properly handle "no-map" field in the memory region"
    - tpm: fix error return code in tpm2_get_cc_attrs_tbl()
    - fs: dlm: fix debugfs dump
    - tipc: convert dest node's address to network order
    - net: stmmac: Set FIFO sizes for ipq806x
    - ALSA: hdsp: don't disable if not enabled
    - ALSA: hdspm: don't disable if not enabled
    - ALSA: rme9652: don't disable if not enabled
    - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
    - Bluetooth: initialize skb_queue_head at l2cap_chan_create()
    - Bluetooth: check for zapped sk before connecting
    - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
    - mac80211: clear the beacon's CRC after channel switch
    - pinctrl: samsung: use 'int' for register masks in Exynos
    - cuse: prevent clone
    - selftests: Set CC to clang in lib.mk if LLVM is set
    - kconfig: nconf: stop endless search loops
    - sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
    - powerpc/smp: Set numa node before updating mask
    - ASoC: rt286: Generalize support for ALC3263 codec
    - samples/bpf: Fix broken tracex1 due to kprobe argument change
    - powerpc/pseries: Stop calling printk in rtas_stop_self()
    - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
    - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
    - powerpc/iommu: Annotate nested lock for lockdep
    - net: ethernet: mtk_eth_soc: fix RX VLAN offload
    - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
    - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
    - PCI: Release OF node in pci_scan_device()'s error path
    - ARM: 9064/1: hw_breakpoint: Do not directly check the event's
      overflow_handler hook
    - rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data()
    - NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
    - NFS: Deal correctly with attribute generation counter overflow
    - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
    - NFSv4.2 fix handling of sr_eof in SEEK's reply
    - rtc: ds1307: Fix wday settings for rx8130
    - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
    - drm/radeon: Fix off-by-one power_state index heap overwrite
    - khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()
    - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
    - ksm: fix potential missing rmap_item for stable_node
    - net: fix nla_strcmp to handle more then one trailing null character
    - kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
    - netfilter: nftables: avoid overflows in nft_hash_buckets()
    - ARC: entry: fix off-by-one error in syscall number validation
    - powerpc/64s: Fix crashes when toggling stf barrier
    - powerpc/64s: Fix crashes when toggling entry flush barrier
    - squashfs: fix divide error in calculate_skip()
    - userfaultfd: release page in error path to avoid BUG_ON
    - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors
      are connected
    - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
    - usb: fotg210-hcd: Fix an error message
    - ACPI: scan: Fix a memory leak in an error handling path
    - blk-mq: Swap two calls in blk_mq_exit_queue()
    - usb: dwc3: omap: improve extcon initialization
    - usb: xhci: Increase timeout for HC halt
    - usb: dwc2: Fix gadget DMA unmap direction
    - usb: core: hub: fix race condition about TRSMRCY of resume
    - iio: gyro: mpu3050: Fix reported temperature value
    - iio: tsl2583: Fix division by a zero lux_val
    - KVM: x86: Cancel pvclock_gtod_work on module removal
    - FDDI: defxx: Make MMIO the configuration default except for EISA
    - MIPS: Reinstate platform `__div64_32' handler
    - MIPS: Avoid DIVU in `__div64_32' is result would be zero
    - MIPS: Avoid handcoded DIVU in `__div64_32' altogether
    - thermal/core/fair share: Lock the thermal zone while looping over instances
    - RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint
    - kobject_uevent: remove warning in init_uevent_argv()
    - netfilter: conntrack: Make global sysctls readonly in non-init netns
    - clk: exynos7: Mark aclk_fsys1_200 as critical
    - x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
    - kgdb: fix gcc-11 warning on indentation
    - usb: sl811-hcd: improve misleading indentation
    - cxgb4: Fix the -Wmisleading-indentation warning
    - isdn: capi: fix mismatched prototypes
    - PCI: thunder: Fix compile testing
    - ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend()
    - ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
    - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated
      devices
    - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a
      stuck state
    - um: Mark all kernel symbols as local
    - ceph: fix fscache invalidation
    - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
    - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
    - block: reexpand iov_iter after read/write
    - lib: stackdepot: turn depot_lock spinlock to raw_spinlock
    - sit: proper dev_{hold|put} in ndo_[un]init methods
    - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
    - xhci: Do not use GFP_KERNEL in (potentially) atomic context
    - ipv6: remove extra dev_hold() for fallback tunnels
    - ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld
    - arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node
    - mtd: rawnand: atmel: Update ecc_stats.corrected counter
    - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based
      controllers
    - genirq/matrix: Prevent allocation counter corruption
    - usb: xhci-mtk: support quirk to disable usb2 lpm
    - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB
    - media: tc358743: fix possible use-after-free in tc358743_remove()
    - amdgpu: avoid incorrect %hu format string
    - s390/archrandom: add parameter check for s390_arch_random_generate
    - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset
      PC 8
    - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx
    - ubifs: Only check replay with inode type to judge if inode linked
    - mlxsw: spectrum_mr: Update egress RIF list before route's action
    - NFS: Don't discard pNFS layout segments that are marked for return
    - tpm: vtpm_proxy: Avoid reading host log when using a virtual device
    - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload
      sequences
    - arm64: vdso: remove commas between macro name and arguments
    - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
    - tty: fix memory leak in vc_deallocate
    - rsi: Use resume_noirq for SDIO
    - MIPS: pci-mt7620: fix PLL lock check
    - md: Fix missing unused status line of /proc/mdstat
    - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries
    - ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family
    - ARM: dts: exynos: correct MUIC interrupt trigger level on Midas family
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Midas family
    - regmap: set debugfs_name to NULL after it is freed
    - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe()
    - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC
    - mtd: rawnand: qcom: Return actual error code instead of -ENODEV
    - usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
    - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE
    - scsi: ibmvfc: Fix invalid state machine BUG_ON()
    - sched/debug: Fix cgroup_path[] serialization
    - net: hns3: Limiting the scope of vector_ring_chain variable
    - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails
    - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
    - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res
    - net: Only allow init netns to set default tcp cong to a restricted algo
    - i2c: bail out early when RDWR parameters are wrong
    - net: bridge: when suppression is enabled exclude RARP packets
    - i2c: Add I2C_AQ_NO_REP_START adapter quirk
    - ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user()
    - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc()
    - PCI: endpoint: Fix missing destroy_workqueue()
    - net: hns3: disable phy loopback setting in hclge_mac_start_phy
    - sctp: do asoc update earlier in sctp_sf_do_dupcook_a
    - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
    - netfilter: xt_SECMARK: add new revision to fix structure layout
    - drm/radeon: Avoid power table parsing memory leaks
    - sched/fair: Fix unfairness caused by missing load decay
    - xhci: Add reset resume quirk for AMD xhci controller.
    - cdc-wdm: untangle a circular dependency between callback and softint
    - nvme: do not try to reconfigure APST when the controller is not live
    - pinctrl: ingenic: Improve unreachable code generation
    - ARM: 9075/1: kernel: Fix interrupted SMC calls
    - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not
      found
    - tweewide: Fix most Shebang lines
    - scripts: switch explicitly to Python 3

linux-azure-4.15 (4.15.0-1118.131) bionic; urgency=medium

  [ Ubuntu: 4.15.0-147.151 ]

  * CVE-2021-3444
    - bpf: Fix truncation handling for mod32 dst reg wrt zero
  * CVE-2021-3600
    - SAUCE: bpf: Do not use ax register in interpreter on div/mod
    - bpf: fix subprog verifier bypass by div/mod by 0 exception
    - SAUCE: bpf: Fix 32-bit register truncation on div/mod instruction

linux-azure-4.15 (4.15.0-1117.130) bionic; urgency=medium

  [ Ubuntu: 4.15.0-146.150 ]

  * UAF on CAN BCM bcm_rx_handler (LP: #1931855)
    - SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

Date: 2021-06-25 15:26:10.544624+00:00
Changed-By: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1119.132
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list