[ubuntu/bionic-security] linux 4.15.0-143.147 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue May 11 07:33:57 UTC 2021
linux (4.15.0-143.147) bionic; urgency=medium
* bionic/linux: 4.15.0-143.147 -proposed tracker (LP: #1923811)
* CVE-2021-29650
- netfilter: x_tables: Use correct memory barriers.
* LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing key
(LP: #1918134)
- [Packaging] dkms-build{,--nvidia-N} sync back from LRMv4
* Security-Fix Xen XSA 371 for Kernel 5.4.0-71 (LP: #1921902) //
CVE-2021-28688
- xen-blkback: don't leak persistent grants from xen_blkbk_map()
* CVE-2021-20292
- drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
* CVE-2021-29264
- gianfar: fix jumbo packets+napi+rx overrun crash
* CVE-2021-29265
- usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
* Bcache bypasse writeback on caching device with fragmentation (LP: #1900438)
- bcache: consider the fragmentation when update the writeback rate
* Bionic update: upstream stable patchset 2021-03-31 (LP: #1922124)
- net: usb: qmi_wwan: support ZTE P685M modem
- scripts: use pkg-config to locate libcrypto
- scripts: set proper OpenSSL include dir also for sign-file
- hugetlb: fix update_and_free_page contig page struct assumption
- drm/virtio: use kvmalloc for large allocations
- virtio/s390: implement virtio-ccw revision 2 correctly
- arm64 module: set plt* section addresses to 0x0
- arm64: Avoid redundant type conversions in xchg() and cmpxchg()
- arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint
- arm64: Use correct ll/sc atomic constraints
- JFS: more checks for invalid superblock
- media: mceusb: sanity check for prescaler value
- xfs: Fix assert failure in xfs_setattr_size()
- smackfs: restrict bytes count in smackfs write functions
- net: fix up truesize of cloned skb in skb_prepare_for_shift()
- mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
- net: bridge: use switchdev for port flags set through sysfs too
- dt-bindings: net: btusb: DT fix s/interrupt-name/interrupt-names/
- staging: fwserial: Fix error handling in fwserial_create
- x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
- vt/consolemap: do font sum unsigned
- wlcore: Fix command execute failure 19 for wl12xx
- pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
- ath10k: fix wmi mgmt tx queue full due to race condition
- x86/build: Treat R_386_PLT32 relocation as R_386_PC32
- Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
- staging: most: sound: add sanity check for function argument
- media: uvcvideo: Allow entities with no pads
- f2fs: handle unallocated section and zone on pinned/atgc
- parisc: Bump 64-bit IRQ stack size to 64 KB
- Xen/gnttab: handle p2m update errors on a per-slot basis
- xen-netback: respect gnttab_map_refs()'s return value
- zsmalloc: account the number of compacted pages correctly
- swap: fix swapfile read/write offset
- media: v4l: ioctl: Fix memory leak in video_usercopy
- PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse
- drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails
- f2fs: fix to set/clear I_LINKABLE under i_lock
- btrfs: fix error handling in commit_fs_roots
- ALSA: hda/realtek: Add quirk for Clevo NH55RZQ
- ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board
- btrfs: raid56: simplify tracking of Q stripe presence
- btrfs: fix raid6 qstripe kmap
- usbip: tools: fix build error for multiple definition
- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
- rsxx: Return -EFAULT if copy_to_user() fails
- dm table: fix iterate_devices based device capability checks
- dm table: fix DAX iterate_devices based device capability checks
- dm table: fix zoned iterate_devices based device capability checks
- iommu/amd: Fix sleeping in atomic in increase_address_space()
- mwifiex: pcie: skip cancel_work_sync() on reset failure path
- platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines
- platform/x86: acer-wmi: Cleanup accelerometer device handling
- platform/x86: acer-wmi: Add new force_caps module parameter
- platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag
- platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices
- platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch
10E SW3-016
- PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
- misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom
- drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register
- Revert "zram: close udev startup race condition as default groups"
- HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter
* Bionic update: upstream stable patchset 2021-03-16 (LP: #1919380)
- fgraph: Initialize tracing_graph_pause at task creation
- tracing: Do not count ftrace events in top level enable output
- tracing: Check length before giving out the filter buffer
- arm/xen: Don't probe xenbus as part of an early initcall
- MIPS: BMIPS: Fix section mismatch warning
- arm64: dts: rockchip: Fix PCIe DT properties on rk3399
- platform/x86: hp-wmi: Disable tablet-mode reporting by default
- ovl: perform vfs_getxattr() with mounter creds
- cap: fix conversions on getxattr
- ovl: skip getxattr of security labels
- ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL
- ARM: ensure the signal page contains defined contents
- bpf: Check for integer overflow when using roundup_pow_of_two()
- netfilter: xt_recent: Fix attempt to update deleted entry
- xen/netback: avoid race in xenvif_rx_ring_slots_available()
- netfilter: conntrack: skip identical origin tuple in same zone only
- usb: dwc3: ulpi: fix checkpatch warning
- usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one
- net/vmw_vsock: improve locking in vsock_connect_timeout()
- net: watchdog: hold device global xmit lock during tx disable
- vsock/virtio: update credit only if socket is not closed
- vsock: fix locking in vsock_shutdown()
- i2c: stm32f7: fix configuration of the digital filter
- h8300: fix PREEMPTION build, TI_PRE_COUNT undefined
- x86/build: Disable CET instrumentation in the kernel for 32-bit too
- trace: Use -mcount-record for dynamic ftrace
- tracing: Fix SKIP_STACK_VALIDATION=1 build due to bad merge with -mrecord-
mcount
- tracing: Avoid calling cc-option -mrecord-mcount for every Makefile
- Xen/x86: don't bail early from clear_foreign_p2m_mapping()
- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()
- Xen/gntdev: correct error checking in gntdev_map_grant_pages()
- xen/arm: don't ignore return errors from set_phys_to_machine
- xen-blkback: don't "handle" error by BUG()
- xen-netback: don't "handle" error by BUG()
- xen-scsiback: don't "handle" error by BUG()
- xen-blkback: fix error handling in xen_blkbk_map()
- scsi: qla2xxx: Fix crash during driver load on big endian machines
- kvm: check tlbs_dirty directly
- drm/amd/display: Free atomic state after drm_atomic_commit
- riscv: virt_addr_valid must check the address belongs to linear mapping
- ARM: kexec: fix oops after TLB are invalidated
- net: hns3: add a check for queue_id in hclge_reset_vf_queue()
- firmware_loader: align .builtin_fw to 8
- net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS
- ovl: expand warning in ovl_d_real()
- net: qrtr: Fix port ID for control messages
- HID: make arrays usage and value to be the same
- usb: quirks: add quirk to start video capture on ELMO L-12F document camera
reliable
- ntfs: check for valid standard information attribute
- arm64: tegra: Add power-domain for Tegra210 HDA
- NET: usb: qmi_wwan: Adding support for Cinterion MV31
- cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.
- scripts/recordmcount.pl: support big endian for ARCH sh
- vmlinux.lds.h: add DWARF v5 sections
- kdb: Make memory allocations more robust
- MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
- random: fix the RNDRESEEDCRNG ioctl
- Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the
probe function
- Bluetooth: Fix initializing response id after clearing struct
- ARM: dts: exynos: correct PMIC interrupt trigger level on Monk
- ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato
- ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
- ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
- arm64: dts: exynos: correct PMIC interrupt trigger level on TM2
- arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso
- cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove()
- usb: gadget: u_audio: Free requests only after callback
- Bluetooth: drop HCI device reference before return
- Bluetooth: Put HCI device if inquiry procedure interrupts
- ARM: dts: Configure missing thermal interrupt for 4430
- usb: dwc2: Do not update data length if it is 0 on inbound transfers
- usb: dwc2: Abort transaction after errors with unknown reason
- usb: dwc2: Make "trimming xfer length" a debug message
- staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules
- arm64: dts: msm8916: Fix reserved and rfsa nodes unit address
- ARM: s3c: fix fiq for clang IAS
- bpf_lru_list: Read double-checked variable once without lock
- ath9k: fix data bus crash when setting nf_override via debugfs
- bnxt_en: reverse order of TX disable and carrier off
- xen/netback: fix spurious event detection for common event case
- mac80211: fix potential overflow when multiplying to u32 integers
- b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
- ibmvnic: skip send_request_unmap for timeout reset
- net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout
- net: amd-xgbe: Reset link when the link never comes back
- net: mvneta: Remove per-cpu queue mapping for Armada 3700
- fbdev: aty: SPARC64 requires FB_ATY_CT
- drm/gma500: Fix error return code in psb_driver_load()
- gma500: clean up error handling in init
- crypto: sun4i-ss - fix kmap usage
- MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
- MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
- media: i2c: ov5670: Fix PIXEL_RATE minimum value
- media: vsp1: Fix an error handling path in the probe function
- media: media/pci: Fix memleak in empress_init
- media: tm6000: Fix memleak in tm6000_start_stream
- ASoC: cs42l56: fix up error handling in probe
- crypto: bcm - Rename struct device_private to bcm_device_private
- media: lmedm04: Fix misuse of comma
- media: qm1d1c0042: fix error return code in qm1d1c0042_init()
- media: cx25821: Fix a bug when reallocating some dma memory
- media: pxa_camera: declare variable when DEBUG is defined
- media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
- ata: ahci_brcm: Add back regulators management
- Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind()
- btrfs: clarify error returns values in __load_free_space_cache
- hwrng: timeriomem - Fix cooldown period calculation
- crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key()
- ima: Free IMA measurement buffer on error
- ima: Free IMA measurement buffer after kexec syscall
- fs/jfs: fix potential integer overflow on shift of a int
- jffs2: fix use after free in jffs2_sum_write_data()
- capabilities: Don't allow writing ambiguous v3 file capabilities
- clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
- quota: Fix memory leak when handling corrupted quota file
- spi: cadence-quadspi: Abort read if dummy cycles required are too many
- HID: core: detect and skip invalid inputs to snto32()
- dmaengine: fsldma: Fix a resource leak in the remove function
- dmaengine: fsldma: Fix a resource leak in an error handling path of the
probe function
- dmaengine: hsu: disable spurious interrupt
- mfd: bd9571mwv: Use devm_mfd_add_devices()
- fdt: Properly handle "no-map" field in the memory region
- of/fdt: Make sure no-map does not remove already reserved regions
- power: reset: at91-sama5d2_shdwc: fix wkupdbc mask
- rtc: s5m: select REGMAP_I2C
- clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
- regulator: axp20x: Fix reference cout leak
- certs: Fix blacklist flag type confusion
- spi: atmel: Put allocated master before return
- isofs: release buffer head before return
- auxdisplay: ht16k33: Fix refresh rate handling
- IB/umad: Return EIO in case of when device disassociated
- powerpc/47x: Disable 256k page size
- mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
- ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
- amba: Fix resource leak for drivers without .remove
- tracepoint: Do not fail unregistering a probe due to memory failure
- perf tools: Fix DSO filtering when not finding a map for a sampled address
- RDMA/rxe: Fix coding error in rxe_recv.c
- spi: stm32: properly handle 0 byte transfer
- mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
- powerpc/pseries/dlpar: handle ibm, configure-connector delay status
- powerpc/8xx: Fix software emulation interrupt
- spi: pxa2xx: Fix the controller numbering for Wildcat Point
- perf intel-pt: Fix missing CYC processing in PSB
- perf test: Fix unaligned access in sample parsing test
- Input: elo - fix an error code in elo_connect()
- sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
- misc: eeprom_93xx46: Fix module alias to enable module autoprobe
- misc: eeprom_93xx46: Add module alias to avoid breaking support for non
device tree users
- pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare()
- VMCI: Use set_page_dirty_lock() when unregistering guest memory
- PCI: Align checking of syscall user config accessors
- drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)
- ext4: fix potential htree index checksum corruption
- i40e: Fix flow for IPv6 next header (extension header)
- i40e: Fix overwriting flow control settings during driver loading
- net/mlx4_core: Add missed mlx4_free_cmd_mailbox()
- ocfs2: fix a use after free on error
- mm/memory.c: fix potential pte_unmap_unlock pte error
- mm/hugetlb: fix potential double free in hugetlb_register_node() error path
- arm64: Add missing ISB after invalidating TLB in __primary_switch
- i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
- mm/rmap: fix potential pte_unmap on an not mapped pte
- scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
- blk-settings: align max_sectors on "logical_block_size" boundary
- ACPI: property: Fix fwnode string properties matching
- ACPI: configfs: add missing check after configfs_register_default_group()
- HID: wacom: Ignore attempts to overwrite the touch_max value from HID
- Input: raydium_ts_i2c - do not send zero length
- Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox
Series X|S
- Input: joydev - prevent potential read overflow in ioctl
- Input: i8042 - add ASUS Zenbook Flip to noselftest list
- USB: serial: option: update interface mapping for ZTE P685M
- usb: musb: Fix runtime PM race in musb_queue_resume_work
- USB: serial: mos7840: fix error code in mos7840_write()
- USB: serial: mos7720: fix error code in mos7720_write()
- usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
- usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
- ALSA: hda/realtek: modify EAPD in the ALC886
- tpm_tis: Fix check_locality for correct locality acquisition
- KEYS: trusted: Fix migratable=1 failing
- btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
- btrfs: fix reloc root leak with 0 ref reloc roots on recovery
- btrfs: fix extent buffer leak on failure to copy root
- crypto: sun4i-ss - checking sg length is not sufficient
- crypto: sun4i-ss - handle BigEndian for cipher
- seccomp: Add missing return in non-void function
- drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
- staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
- x86/reboot: Force all cpus to exit VMX root if VMX is supported
- floppy: reintroduce O_NDELAY fix
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
- watchdog: mei_wdt: request stop on unregister
- mtd: spi-nor: hisi-sfc: Put child node np on error path
- fs/affs: release old buffer head on error path
- hugetlb: fix copy_huge_page_from_user contig page struct assumption
- mm: hugetlb: fix a race between freeing and dissolving the page
- libnvdimm/dimm: Avoid race between probe and available_slots_show()
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
- mmc: sdhci-esdhc-imx: fix kernel panic when remove module
- gpio: pcf857x: Fix missing first interrupt
- printk: fix deadlock when kernel panic
- f2fs: fix out-of-repair __setattr_copy()
- sparc32: fix a user-triggerable oops in clear_user()
- gfs2: Don't skip dlm unlock if glock has an lvb
- dm era: Recover committed writeset after crash
- dm era: Verify the data block size hasn't changed
- dm era: Fix bitset memory leaks
- dm era: Use correct value size in equality function of writeset tree
- dm era: Reinitialize bitset cache before digesting a new writeset
- dm era: only resize metadata in preresume
- icmp: introduce helper for nat'd source address in network device context
- icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n
- gtp: use icmp_ndo_send helper
- sunvnet: use icmp_ndo_send helper
- ipv6: icmp6: avoid indirect call for icmpv6_send()
- ipv6: silence compilation warning for non-IPV6 builds
- net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
- dm era: Update in-core bitset after committing the metadata
- USB: quirks: sort quirk entries
- jump_label/lockdep: Assert we hold the hotplug lock for _cpuslocked()
operations
- ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5
- ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 family
- arm64: dts: allwinner: A64: properly connect USB PHY to port 0
- arm64: dts: allwinner: Drop non-removable from SoPine/LTS SD card
- arm64: dts: allwinner: A64: Limit MMC2 bus frequency to 150 MHz
- memory: ti-aemif: Drop child node when jumping out loop
- ibmvnic: add memory barrier to protect long term buffer
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning
- drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition
- drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction.
- crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error)
- f2fs: fix to avoid inconsistent quota data
- regulator: s5m8767: Drop regulators OF node reference
- mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to
128-bytes
- RDMA/rxe: Correct skb on loopback path
- i40e: Add zero-initialization of AQ command structures
- i40e: Fix add TC filter for IPv6
- r8169: fix jumbo packet handling on RTL8168e
- USB: serial: ftdi_sio: fix FTX sub-integer prescaler
- crypto: arm64/sha - add missing module aliases
- misc: rtsx: init of rts522a add OCP power off when no card is present
- seq_file: document how per-entry resources are managed.
- x86: fix seq_file iteration for pat/memtype.c
Date: 2021-04-14 15:51:11.238827+00:00
Changed-By: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/4.15.0-143.147
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list