[ubuntu/bionic-security] linux 4.15.0-137.141 (Accepted)

Andy Whitcroft apw at canonical.com
Mon Mar 15 17:32:59 UTC 2021


linux (4.15.0-137.141) bionic; urgency=medium

  * bionic/linux: 4.15.0-137.141 -proposed tracker (LP: #1916199)

  * Fix oops in skb_segment for Bionic series (LP: #1915552)
    - net: permit skb_segment on head_frag frag_list skb
    - net: bpf: add a test for skb_segment in test_bpf module
    - test_bpf: Fix NULL vs IS_ERR() check in test_skb_segment()

  * Bionic update: upstream stable patchset 2021-02-10 (LP: #1915328)
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - net: vlan: avoid leaks on register_vlan_dev() failures
    - net: ip: always refragment ip defragmented packets
    - net: fix pmtu check in nopmtudisc mode
    - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR
    - x86/resctrl: Don't move a task to the same resource group
    - vmlinux.lds.h: Add PGO and AutoFDO input sections
    - drm/i915: Fix mismatch between misplaced vma check and vma insert
    - spi: pxa2xx: Fix use-after-free on unbind
    - iio: imu: st_lsm6dsx: flip irq return logic
    - iio: imu: st_lsm6dsx: fix edge-trigger interrupts
    - ARM: OMAP2+: omap_device: fix idling of devices during probe
    - i2c: sprd: use a specific timeout to avoid system hang up issue
    - cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
    - spi: stm32: FIFO threshold level - fix align packet size
    - dmaengine: xilinx_dma: check dma_async_device_register return value
    - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
    - wil6210: select CONFIG_CRC32
    - block: rsxx: select CONFIG_CRC32
    - iommu/intel: Fix memleak in intel_irq_remapping_alloc
    - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
    - net/mlx5e: Fix two double free cases
    - wan: ds26522: select CONFIG_BITREVERSE
    - KVM: arm64: Don't access PMCR_EL0 when no PMU is available
    - block: fix use-after-free in disk_part_iter_next
    - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed
      packet
    - net: hns3: fix the number of queues actually used by ARQ
    - net: stmmac: dwmac-sun8i: Balance internal PHY resource references
    - net: stmmac: dwmac-sun8i: Balance internal PHY power
    - net/sonic: Fix some resource leaks in error handling paths
    - net: ipv6: fib: flush exceptions when purging route
    - dmaengine: xilinx_dma: fix incompatible param warning in _child_probe()
    - lightnvm: select CONFIG_CRC32
    - ASoC: dapm: remove widget from dirty list on free
    - MIPS: boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB
    - MIPS: relocatable: fix possible boot hangup with KASLR enabled
    - ACPI: scan: Harden acpi_device_add() against device ID overflows
    - mm/hugetlb: fix potential missing huge page size info
    - dm snapshot: flush merged data before committing metadata
    - r8152: Add Lenovo Powered USB-C Travel Hub
    - ext4: fix bug for rename with RENAME_WHITEOUT
    - ARC: build: remove non-existing bootpImage from KBUILD_IMAGE
    - ARC: build: add uImage.lzma to the top-level target
    - ARC: build: add boot_targets to PHONY
    - btrfs: fix transaction leak and crash after RO remount caused by qgroup
      rescan
    - ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram
    - arch/arc: add copy_user_page() to <asm/page.h> to fix build error on ARC
    - misdn: dsp: select CONFIG_BITREVERSE
    - net: ethernet: fs_enet: Add missing MODULE_LICENSE
    - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
    - ARM: picoxcell: fix missing interrupt-parent properties
    - dump_common_audit_data(): fix racy accesses to ->d_name
    - ASoC: Intel: fix error code cnl_set_dsp_D0()
    - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
    - pNFS: Mark layout for return if return-on-close was not sent
    - NFS: nfs_igrab_and_active must first reference the superblock
    - ext4: fix superblock checksum failure when setting password salt
    - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
    - mm, slub: consider rest of partial list if acquire_slab() fails
    - net: sunrpc: interpret the return value of kstrtou32 correctly
    - dm: eliminate potential source of excessive kernel log noise
    - ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
    - ALSA: fireface: Fix integer overflow in transmit_midi_msg()
    - netfilter: conntrack: fix reading nf_conntrack_buckets
    - usb: ohci: Make distrust_firmware param default to false
    - nfsd4: readdirplus shouldn't return parent of export
    - netxen_nic: fix MSI/MSI-x interrupts
    - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
    - esp: avoid unneeded kmap_atomic call
    - net: dcb: Validate netlink message in DCB handler
    - net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
    - net: stmmac: Fixed mtu channged by cache aligned
    - net: sit: unregister_netdevice on newlink's error path
    - net: avoid 32 x truesize under-estimation for tiny skbs
    - rxrpc: Fix handling of an unsupported token type in rxrpc_read()
    - tipc: fix NULL deref in tipc_link_xmit()
    - spi: cadence: cache reference clock rate during probe
    - x86/hyperv: check cpu mask after interrupt has been disabled
    - mtd: rawnand: fsl_ifc: check result of SRAM initialization fixup
    - kbuild: enforce -Werror=return-type
    - crypto: x86/crc32c - fix building with clang ias
    - rxrpc: Call state should be read with READ_ONCE() under some circumstances

  * [ssbs-0118] backport SSBS bug (arm64: cpufeature: Detect SSBS and advertise
    to userspace) (LP: #1911376)
    - SAUCE: Move SSBS snippet from arm64_elf_hwcaps to arm64_features

  * Bionic update: upstream stable patchset 2021-01-25 (LP: #1913214)
    - x86/entry/64: Add instruction suffix
    - md/raid10: initialize r10_bio->read_slot before use.
    - ALSA: usb-audio: simplify set_sync_ep_implicit_fb_quirk
    - ALSA: usb-audio: fix sync-ep altsetting sanity check
    - mm: memcontrol: eliminate raw access to stat and event counters
    - mm: memcontrol: implement lruvec stat functions on top of each other
    - mm: memcontrol: fix excessive complexity in memory.stat reporting
    - vfio/pci: Move dummy_resources_list init in vfio_pci_probe()
    - powerpc/bitops: Fix possible undefined behaviour with fls() and fls64()
    - uapi: move constants from <linux/kernel.h> to <linux/const.h>
    - of: fix linker-section match-table corruption
    - reiserfs: add check for an invalid ih_entry_count
    - misc: vmw_vmci: fix kernel info-leak by initializing dbells in
      vmci_ctx_get_chkpt_doorbells()
    - media: gp8psk: initialize stats at power control logic
    - ALSA: seq: Use bool for snd_seq_queue internal flags
    - rtc: sun6i: Fix memleak in sun6i_rtc_clk_init
    - module: set MODULE_STATE_GOING state when a module fails to load
    - quota: Don't overflow quota file offsets
    - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe()
    - module: delay kobject uevent until after module init call
    - ALSA: pcm: Clear the full allocated memory at hw_params
    - dm verity: skip verity work if I/O error when system is shutting down
    - kdev_t: always inline major/minor helper functions
    - iio:imu:bmi160: Fix alignment and data leak issues
    - iio:magnetometer:mag3110: Fix alignment and data leak issues.
    - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
    - ext4: don't remount read-only with errors=continue on reboot
    - KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses
    - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits
    - xen/gntdev.c: Mark pages as dirty
    - ALSA: rawmidi: Access runtime->avail always in spinlock
    - fcntl: Fix potential deadlock in send_sig{io, urg}()
    - dmaengine: at_hdmac: Substitute kzalloc with kmalloc
    - dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate()
    - dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate()
    - kbuild: don't hardcode depmod path
    - workqueue: Kick a worker based on the actual activation of delayed works
    - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk
      ->poweroff()
    - scsi: ide: Do not set the RQF_PREEMPT flag for sense requests
    - lib/genalloc: fix the overflow when size is too big
    - depmod: handle the case of /sbin/depmod without /sbin in PATH
    - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
    - ethernet: ucc_geth: set dev->max_mtu to 1518
    - atm: idt77252: call pci_disable_device() on error path
    - qede: fix offload for IPIP tunnel packets
    - virtio_net: Fix recursive call to cpus_read_lock()
    - net/ncsi: Use real net-device for response handler
    - net: ethernet: Fix memleak in ethoc_probe
    - net-sysfs: take the rtnl lock when storing xps_cpus
    - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered
    - ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
    - net: hns: fix return value check in __lb_other_process()
    - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running
    - CDC-NCM: remove "connected" log message
    - net: usb: qmi_wwan: add Quectel EM160R-GL
    - vhost_net: fix ubuf refcount incorrectly when sendmsg fails
    - net: sched: prevent invalid Scell_log shift count
    - net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc
    - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations
    - net: systemport: set dev->max_mtu to UMAC_MAX_MTU_SIZE
    - video: hyperv_fb: Fix the mmap() regression for v5.4.y and older
    - crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
    - usb: gadget: enable super speed plus
    - USB: cdc-acm: blacklist another IR Droid device
    - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion
    - usb: chipidea: ci_hdrc_imx: add missing put_device() call in
      usbmisc_get_init_data()
    - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set
    - usb: usbip: vhci_hcd: protect shift size
    - usb: uas: Add PNY USB Portable SSD to unusual_uas
    - USB: serial: iuu_phoenix: fix DMA from stack
    - USB: serial: option: add LongSung M5710 module support
    - USB: serial: option: add Quectel EM160R-GL
    - USB: yurex: fix control-URB timeout handling
    - USB: usblp: fix DMA to stack
    - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks
    - usb: gadget: select CONFIG_CRC32
    - usb: gadget: f_uac2: reset wMaxPacketSize
    - usb: gadget: function: printer: Fix a memory leak for interface descriptor
    - USB: gadget: legacy: fix return error code in acm_ms_bind()
    - usb: gadget: Fix spinlock lockup on usb_function_deactivate
    - usb: gadget: configfs: Preserve function ordering after bind failure
    - usb: gadget: configfs: Fix use-after-free issue with udc_name
    - USB: serial: keyspan_pda: remove unused variable
    - x86/mm: Fix leak of pmd ptlock
    - ALSA: hda/conexant: add a new hda codec CX11970
    - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940
    - Revert "device property: Keep secondary firmware node secondary by type"
    - netfilter: ipset: fix shift-out-of-bounds in htable_bits()
    - netfilter: xt_RATEEST: reject non-null terminated string from userspace
    - x86/mtrr: Correct the range check before performing MTRR type lookups
    - KVM: x86: fix shift out of bounds reported by UBSAN
    - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs
    - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS
    - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt().
    - USB: Gadget Ethernet: Re-enable Jumbo frames.
    - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size

Date: 2021-02-19 13:40:13.321662+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/4.15.0-137.141
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list