[ubuntu/bionic-security] linux-azure-4.15 4.15.0-1157.172 (Accepted)
Andy Whitcroft
apw at canonical.com
Fri Dec 9 12:12:31 UTC 2022
linux-azure-4.15 (4.15.0-1157.172) bionic; urgency=medium
* bionic/linux-azure-4.15: 4.15.0-1157.172 -proposed tracker (LP: #1997445)
[ Ubuntu: 4.15.0-200.211 ]
* bionic/linux: 4.15.0-200.211 -proposed tracker (LP: #1997465)
* CVE-2022-3239
- media: em28xx: initialize refcount before kref_get
* CVE-2022-3524
- tcp/udp: Fix memory leak in ipv6_renew_options().
* CVE-2022-3564
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
* CVE-2022-3565
- mISDN: fix use-after-free bugs in l1oip timer handlers
* CVE-2022-3566
- tcp: Fix data races around icsk->icsk_af_ops.
* CVE-2022-3567
- ipv6: annotate some data-races around sk->sk_prot
- ipv6: Fix data races around sk->sk_prot.
* CVE-2022-3594
- r8152: Rate limit overflow messages
* CVE-2022-3621
- nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
* CVE-2022-42703
- mm/rmap.c: don't reuse anon_vma if we just want a copy
- mm: rmap: explicitly reset vma->anon_vma in unlink_anon_vmas()
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
[ Ubuntu: 4.15.0-197.208 ]
* bionic/linux: 4.15.0-197.208 -proposed tracker (LP: #1994998)
* Memory leak while using NFQUEUE to delegate the decision on TCP packets to
userspace processes (LP: #1991774)
- SAUCE: netfilter: nf_queue: Fix memory leak in nf_queue_entry_get_refs
* Bionic update: upstream stable patchset 2022-09-23 (LP: #1990698)
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
- ntfs: fix use-after-free in ntfs_ucsncmp()
- ARM: crypto: comment out gcc warning that breaks clang builds
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
- ACPI: video: Force backlight native for some TongFang devices
- macintosh/adb: fix oob read in do_adb_query() function
- Makefile: link with -z noexecstack --no-warn-rwx-segments
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
- ALSA: bcd2000: Fix a UAF bug on the error path of probing
- add barriers to buffer_uptodate and set_buffer_uptodate
- HID: wacom: Don't register pad_input for touch switch
- KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
- ALSA: hda/cirrus - support for iMac 12,1 model
- vfs: Check the truncate maximum size in inode_newsize_ok()
- fs: Add missing umask strip in vfs_tmpfile
- usbnet: Fix linkwatch use-after-free on disconnect
- parisc: Fix device names in /proc/iomem
- drm/nouveau: fix another off-by-one in nvbios_addr
- drm/amdgpu: Check BO's requested pinning domains against its
preferred_domains
- iio: light: isl29028: Fix the warning in isl29028_remove()
- fuse: limit nsec
- md-raid10: fix KASAN warning
- ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
- PCI: Add defines for normal and subtractive PCI bridges
- powerpc/fsl-pci: Fix Class Code of PCIe Root Port
- powerpc/powernv: Avoid crashing if rng is NULL
- MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
- USB: HCD: Fix URB giveback issue in tasklet function
- netfilter: nf_tables: fix null deref due to zeroed list head
- arm64: Do not forget syscall when starting a new thread.
- arm64: fix oops in concurrently setting insn_emulation sysctls
- ext2: Add more validity checks for inode counts
- ARM: dts: imx6ul: add missing properties for sram
- ARM: dts: imx6ul: fix qspi node compatible
- ARM: OMAP2+: display: Fix refcount leak bug
- ACPI: PM: save NVS memory for Lenovo G40-45
- ACPI: LPSS: Fix missing check in register_device_clock()
- PM: hibernate: defer device probing when resuming from hibernation
- selinux: Add boundary check in put_entry()
- ARM: findbit: fix overflowing offset
- ARM: bcm: Fix refcount leak in bcm_kona_smc_init
- x86/pmem: Fix platform-device leak in error path
- ARM: dts: ast2500-evb: fix board compatible
- soc: fsl: guts: machine variable might be unset
- cpufreq: zynq: Fix refcount leak in zynq_get_revision
- ARM: dts: qcom: pm8841: add required thermal-sensor-cells
- arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
- thermal/tools/tmon: Include pthread and time headers in tmon.h
- dm: return early from dm_pr_call() if DM device is suspended
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
- i2c: Fix a potential use after free
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
il4965_rs_fill_link_cmd()
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register
- media: hdpvr: fix error value returns in hdpvr_read
- drm/vc4: dsi: Correct DSI divider calculations
- drm/rockchip: vop: Don't crash for invalid duplicate_state()
- drm/mediatek: dpi: Remove output format of YUV
- drm: bridge: sii8620: fix possible off-by-one
- media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
- tcp: make retransmitted SKB fit into the send window
- selftests: timers: valid-adjtimex: build fix for newer toolchains
- selftests: timers: clocksource-switch: fix passing errors from child
- fs: check FMODE_LSEEK to control internal pipe splicing
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
- wifi: p54: Fix an error handling path in p54spi_probe()
- wifi: p54: add missing parentheses in p54_flush()
- can: pch_can: do not report txerr and rxerr during bus-off
- can: rcar_can: do not report txerr and rxerr during bus-off
- can: sja1000: do not report txerr and rxerr during bus-off
- can: hi311x: do not report txerr and rxerr during bus-off
- can: sun4i_can: do not report txerr and rxerr during bus-off
- can: usb_8dev: do not report txerr and rxerr during bus-off
- can: error: specify the values of data[5..7] of CAN error frames
- can: pch_can: pch_can_error(): initialize errc before using it
- Bluetooth: hci_intel: Add check for platform_driver_register
- i2c: cadence: Support PEC for SMBus block read
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop
- wifi: wil6210: debugfs: fix uninitialized variable use in
`wil_write_file_wmi()`
- wifi: libertas: Fix possible refcount leak in if_usb_probe()
- net: rose: fix netdev reference changes
- dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
- mtd: maps: Fix refcount leak in of_flash_probe_versatile
- mtd: maps: Fix refcount leak in ap_flash_init
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
- misc: rtsx: Fix an error handling path in rtsx_pci_probe()
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
- memstick/ms_block: Fix some incorrect memory allocation
- memstick/ms_block: Fix a memory leak
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
- scsi: smartpqi: Fix DMA direction for RAID requests
- usb: gadget: udc: amd5536 depends on HAS_DMA
- RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
- USB: serial: fix tty-port initialized comments
- platform/olpc: Fix uninitialized data in debugfs write
- mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
- RDMA/rxe: Fix error unwind in rxe_create_qp()
- ext4: recover csum seed of tmp_inode after migrating to extents
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
- ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
- ASoC: codecs: da7210: add check for i2c_add_driver
- ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
- profiling: fix shift too large makes kernel panic
- tty: n_gsm: fix non flow control frames during mux flow off
- tty: n_gsm: fix packet re-transmission without open control channel
- tty: n_gsm: fix race condition in gsmld_write()
- remoteproc: qcom: wcnss: Fix handling of IRQs
- vfio/ccw: Do not change FSM state in subchannel event
- tty: n_gsm: fix wrong T1 retry count handling
- tty: n_gsm: fix DM command
- iommu/exynos: Handle failed IOMMU device registration properly
- kfifo: fix kfifo_to_user() return type
- mfd: t7l66xb: Drop platform disable callback
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
- s390/zcore: fix race when reading from hardware system area
- video: fbdev: amba-clcd: Fix refcount leak bugs
- video: fbdev: sis: fix typos in SiS_GetModeID()
- powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and
alias
- powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
- powerpc/xive: Fix refcount leak in xive_get_max_prio
- powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
- kprobes: Forbid probing on trampoline and BPF code areas
- powerpc/pci: Fix PHB numbering when using opal-phbid
- genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
- x86/numa: Use cpumask_available instead of hardcoded NULL check
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
- tools/thermal: Fix possible path truncations
- video: fbdev: vt8623fb: Check the size of screen before memset_io()
- video: fbdev: arkfb: Check the size of screen before memset_io()
- video: fbdev: s3fb: Check the size of screen before memset_io()
- scsi: zfcp: Fix missing auto port scan and thus missing target ports
- x86/olpc: fix 'logical not is only applied to the left hand side'
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
- ext4: make sure ext4_append() always allocates new block
- ext4: fix use-after-free in ext4_xattr_set_entry
- ext4: update s_overhead_clusters in the superblock during an on-line resize
- ext4: fix extent status tree race in writeback error recovery path
- ext4: correct max_inline_xattr_value_size computing
- ext4: correct the misjudgment in ext4_iget_extra_inode
- intel_th: pci: Add Raptor Lake-S CPU support
- intel_th: pci: Add Raptor Lake-S PCH support
- intel_th: pci: Add Meteor Lake-P support
- dm raid: fix address sanitizer warning in raid_resume
- dm raid: fix address sanitizer warning in raid_status
- btrfs: reject log replay if there is unsupported RO compat flag
- KVM: Add infrastructure and macro to mark VM as bugged
- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
- KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast()
- tcp: fix over estimation in sk_forced_mem_schedule()
- scsi: sg: Allow waiting for commands to complete on removed device
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
- net/9p: Initialize the iounit field during fid creation
- net_sched: cls_route: disallow handle of 0
- powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
- ALSA: info: Fix llseek return value when using callback
- rds: add missing barrier to release_refill
- ata: libata-eh: Add missing command name
- btrfs: fix lost error handling when looking up extended ref on log replay
- can: ems_usb: fix clang's -Wunaligned-access warning
- apparmor: fix quiet_denied for file rules
- apparmor: Fix failed mount permission check error message
- apparmor: fix aa_label_asxprint return check
- apparmor: fix reference count leak in aa_pivotroot()
- NFSv4: Fix races in the legacy idmapper upcall
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES
- SUNRPC: Reinitialise the backchannel request buffers before reuse
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
- geneve: do not use RT_TOS for IPv6 flowlabel
- vsock: Fix memory leak in vsock_connect()
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
- tools build: Switch to new openssl API for test-libcrypto
- xen/xenbus: fix return type in xenbus_file_read()
- atm: idt77252: fix use-after-free bugs caused by tst_timer
- nios2: page fault et.al. are *not* restartable syscalls...
- nios2: don't leave NULLs in sys_call_table[]
- nios2: traced syscall does need to check the syscall number
- nios2: fix syscall restart checks
- nios2: restarts apply only to the first sigframe we build...
- nios2: add force_successful_syscall_return()
- netfilter: nf_tables: really skip inactive sets when allocating name
- powerpc/pci: Fix get_phb_number() locking
- i40e: Fix to stop tx_timeout recovery if GLOBR fails
- fec: Fix timer capture timing in `fec_ptp_enable_pps()`
- igb: Add lock to avoid data race
- kbuild: clear LDFLAGS in the top Makefile
- btrfs: only write the sectors in the vertical stripe which has data stripes
- btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
- PCI: Add ACS quirk for Broadcom BCM5750x NICs
- irqchip/tegra: Fix overflow implicit truncation warnings
- usb: host: ohci-ppc-of: Fix refcount leak bug
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
- gadgetfs: ep_io - wait until IRQ finishes
- cxl: Fix a memory leak in an error handling path
- drivers:md:fix a potential use-after-free bug
- ext4: avoid remove directory when directory is corrupted
- ext4: avoid resizing to a partial cluster size
- tty: serial: Fix refcount leak bug in ucc_uart.c
- vfio: Clear the caps->buf to NULL after free
- mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
- ALSA: core: Add async signal helpers
- ALSA: timer: Use deferred fasync helper
- smb3: check xattr value length earlier
- powerpc/64: Init jump labels before parse_early_param()
- video: fbdev: i740fb: Check the argument of i740_calc_vclk()
- MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
- ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
- nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
- media: tw686x: Register the irq at the end of probe
- HID: cp2112: prevent a buffer overflow in cp2112_xfer()
- staging: rtl8192u: Fix sleep in atomic context bug in
dm_fsync_timer_callback
- HID: alps: Declare U1_UNICORN_LEGACY support
- tty: n_gsm: fix missing corner cases in gsmld_poll()
- rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
- gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
* Bionic update: upstream stable patchset 2022-09-21 (LP: #1990434)
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in
xfrm_bundle_lookup()
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
- perf/core: Fix data race between perf_event_set_output() and
perf_mmap_close()
- ip: Fix a data-race around sysctl_fwmark_reflect.
- tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
- tcp: Fix a data-race around sysctl_tcp_probe_threshold.
- tcp: Fix a data-race around sysctl_tcp_probe_interval.
- i2c: cadence: Change large transfer count reset logic to be unconditional
- net: stmmac: fix dma queue left shift overflow issue
- igmp: Fix data-races around sysctl_igmp_llm_reports.
- igmp: Fix a data-race around sysctl_igmp_max_memberships.
- tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
- be2net: Fix buffer overflow in be_get_module_eeprom
- Revert "Revert "char/random: silence a lockdep splat with printk()""
- mm/mempolicy: fix uninit-value in mpol_rebind_policy()
- bpf: Make sure mac_header was set before using it
- drm/tilcdc: Remove obsolete crtc_mode_valid() hack
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
- ALSA: memalloc: Align buffer allocations in page size
- Bluetooth: Add bt_skb_sendmsg helper
- Bluetooth: Add bt_skb_sendmmsg helper
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
- Bluetooth: Fix passing NULL to PTR_ERR
- Bluetooth: SCO: Fix sco_send_frame returning skb->len
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
- tty: drivers/tty/, stop using tty_schedule_flip()
- tty: the rest, stop using tty_schedule_flip()
- tty: drop tty_schedule_flip()
- tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
- tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
- PCI: hv: Fix multi-MSI to allow more than one MSI vector
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
- PCI: hv: Fix interrupt mapping for multi-MSI
- ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
- ip: Fix data-races around sysctl_ip_nonlocal_bind.
- tcp: Fix data-races around sysctl_tcp_mtu_probing.
- tcp: Fix data-races around sysctl_tcp_reordering.
- tcp: Fix data-races around some timeout sysctl knobs.
- tcp: Fix a data-race around sysctl_tcp_tw_reuse.
- tcp: Fix data-races around sysctl_tcp_fastopen.
- tcp: Fix a data-race around sysctl_tcp_early_retrans.
- tcp: Fix data-races around sysctl_tcp_recovery.
- tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
- tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
- tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
- tcp: Fix a data-race around sysctl_tcp_stdurg.
- tcp: Fix a data-race around sysctl_tcp_rfc1337.
- tcp: Fix data-races around sysctl_tcp_max_reordering.
- ima: remove the IMA_TEMPLATE Kconfig option
- [Config] updateconfigs for IMA_TEMPLATE
- tcp: Fix data-races around sysctl_tcp_dsack.
- tcp: Fix a data-race around sysctl_tcp_app_win.
- tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
- tcp: Fix a data-race around sysctl_tcp_frto.
- tcp: Fix a data-race around sysctl_tcp_nometrics_save.
- scsi: ufs: host: Hold reference returned by of_parse_phandle()
- tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
- net: ping6: Fix memleak in ipv6_renew_options().
- igmp: Fix data-races around sysctl_igmp_qrv.
- net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
- tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
- tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
- tcp: Fix a data-race around sysctl_tcp_autocorking.
- tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
- Documentation: fix sctp_wmem in ip-sysctl.rst
- i40e: Fix interface init with MSI interrupts (no MSI-X)
- sctp: fix sleep in atomic context bug in timer handlers
- perf symbol: Correct address for bss symbols
- scsi: core: Fix race between handling STS_RESOURCE and completion
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only
* unprivileged users may trigger page cache invalidation WARN (LP: #1989144)
- iomap: fix WARN_ON_ONCE() from unprivileged users
* Users belonging to video group may trigger a deadlock WARN (LP: #1990690)
- SAUCE: fbdev: remove redundant lock_fb_info
* ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel
systems (LP: #1990985)
- ACPI: processor_idle: Skip dummy wait if kernel is in guest
- ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel
systems
* CVE-2022-3028
- af_key: Do not call xfrm_probe_algs in parallel
* CVE-2022-2978
- fs: fix UAF/GPF bug in nilfs_mdt_destroy
* CVE-2022-40768
- scsi: stex: Properly zero out the passthrough command structure
[ Ubuntu: 4.15.0-196.207 ]
* bionic/linux: 4.15.0-196.207 -proposed tracker (LP: #1994992)
* [UBUNTU 18.04] Ubuntu 18.04 kernel 4.15.0-194 crashes on IPL (LP: #1994601)
- SAUCE: Revert "s390/archrandom: simplify back to earlier design and
initialize earlier"
linux-azure-4.15 (4.15.0-1154.169) bionic; urgency=medium
* bionic/linux-azure-4.15: 4.15.0-1154.169 -proposed tracker (LP: #1992077)
* Bionic update: upstream stable patchset 2022-09-21 (LP: #1990434)
- [Config] updateconfigs for IMA_TEMPLATE
[ Ubuntu: 4.15.0-195.206 ]
* bionic/linux: 4.15.0-195.206 -proposed tracker (LP: #1992097)
* Memory leak while using NFQUEUE to delegate the decision on TCP packets to
userspace processes (LP: #1991774)
- SAUCE: netfilter: nf_queue: Fix memory leak in nf_queue_entry_get_refs
* Bionic update: upstream stable patchset 2022-09-23 (LP: #1990698)
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
- ntfs: fix use-after-free in ntfs_ucsncmp()
- ARM: crypto: comment out gcc warning that breaks clang builds
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
- ACPI: video: Force backlight native for some TongFang devices
- macintosh/adb: fix oob read in do_adb_query() function
- Makefile: link with -z noexecstack --no-warn-rwx-segments
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
- ALSA: bcd2000: Fix a UAF bug on the error path of probing
- add barriers to buffer_uptodate and set_buffer_uptodate
- HID: wacom: Don't register pad_input for touch switch
- KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
- ALSA: hda/cirrus - support for iMac 12,1 model
- vfs: Check the truncate maximum size in inode_newsize_ok()
- fs: Add missing umask strip in vfs_tmpfile
- usbnet: Fix linkwatch use-after-free on disconnect
- parisc: Fix device names in /proc/iomem
- drm/nouveau: fix another off-by-one in nvbios_addr
- drm/amdgpu: Check BO's requested pinning domains against its
preferred_domains
- iio: light: isl29028: Fix the warning in isl29028_remove()
- fuse: limit nsec
- md-raid10: fix KASAN warning
- ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
- PCI: Add defines for normal and subtractive PCI bridges
- powerpc/fsl-pci: Fix Class Code of PCIe Root Port
- powerpc/powernv: Avoid crashing if rng is NULL
- MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
- USB: HCD: Fix URB giveback issue in tasklet function
- netfilter: nf_tables: fix null deref due to zeroed list head
- arm64: Do not forget syscall when starting a new thread.
- arm64: fix oops in concurrently setting insn_emulation sysctls
- ext2: Add more validity checks for inode counts
- ARM: dts: imx6ul: add missing properties for sram
- ARM: dts: imx6ul: fix qspi node compatible
- ARM: OMAP2+: display: Fix refcount leak bug
- ACPI: PM: save NVS memory for Lenovo G40-45
- ACPI: LPSS: Fix missing check in register_device_clock()
- PM: hibernate: defer device probing when resuming from hibernation
- selinux: Add boundary check in put_entry()
- ARM: findbit: fix overflowing offset
- ARM: bcm: Fix refcount leak in bcm_kona_smc_init
- x86/pmem: Fix platform-device leak in error path
- ARM: dts: ast2500-evb: fix board compatible
- soc: fsl: guts: machine variable might be unset
- cpufreq: zynq: Fix refcount leak in zynq_get_revision
- ARM: dts: qcom: pm8841: add required thermal-sensor-cells
- arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
- thermal/tools/tmon: Include pthread and time headers in tmon.h
- dm: return early from dm_pr_call() if DM device is suspended
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
- i2c: Fix a potential use after free
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
il4965_rs_fill_link_cmd()
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register
- media: hdpvr: fix error value returns in hdpvr_read
- drm/vc4: dsi: Correct DSI divider calculations
- drm/rockchip: vop: Don't crash for invalid duplicate_state()
- drm/mediatek: dpi: Remove output format of YUV
- drm: bridge: sii8620: fix possible off-by-one
- media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
- tcp: make retransmitted SKB fit into the send window
- selftests: timers: valid-adjtimex: build fix for newer toolchains
- selftests: timers: clocksource-switch: fix passing errors from child
- fs: check FMODE_LSEEK to control internal pipe splicing
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
- wifi: p54: Fix an error handling path in p54spi_probe()
- wifi: p54: add missing parentheses in p54_flush()
- can: pch_can: do not report txerr and rxerr during bus-off
- can: rcar_can: do not report txerr and rxerr during bus-off
- can: sja1000: do not report txerr and rxerr during bus-off
- can: hi311x: do not report txerr and rxerr during bus-off
- can: sun4i_can: do not report txerr and rxerr during bus-off
- can: usb_8dev: do not report txerr and rxerr during bus-off
- can: error: specify the values of data[5..7] of CAN error frames
- can: pch_can: pch_can_error(): initialize errc before using it
- Bluetooth: hci_intel: Add check for platform_driver_register
- i2c: cadence: Support PEC for SMBus block read
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop
- wifi: wil6210: debugfs: fix uninitialized variable use in
`wil_write_file_wmi()`
- wifi: libertas: Fix possible refcount leak in if_usb_probe()
- net: rose: fix netdev reference changes
- dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
- mtd: maps: Fix refcount leak in of_flash_probe_versatile
- mtd: maps: Fix refcount leak in ap_flash_init
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
- misc: rtsx: Fix an error handling path in rtsx_pci_probe()
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
- memstick/ms_block: Fix some incorrect memory allocation
- memstick/ms_block: Fix a memory leak
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
- scsi: smartpqi: Fix DMA direction for RAID requests
- usb: gadget: udc: amd5536 depends on HAS_DMA
- RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
- USB: serial: fix tty-port initialized comments
- platform/olpc: Fix uninitialized data in debugfs write
- mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
- RDMA/rxe: Fix error unwind in rxe_create_qp()
- ext4: recover csum seed of tmp_inode after migrating to extents
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
- ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
- ASoC: codecs: da7210: add check for i2c_add_driver
- ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
- profiling: fix shift too large makes kernel panic
- tty: n_gsm: fix non flow control frames during mux flow off
- tty: n_gsm: fix packet re-transmission without open control channel
- tty: n_gsm: fix race condition in gsmld_write()
- remoteproc: qcom: wcnss: Fix handling of IRQs
- vfio/ccw: Do not change FSM state in subchannel event
- tty: n_gsm: fix wrong T1 retry count handling
- tty: n_gsm: fix DM command
- iommu/exynos: Handle failed IOMMU device registration properly
- kfifo: fix kfifo_to_user() return type
- mfd: t7l66xb: Drop platform disable callback
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
- s390/zcore: fix race when reading from hardware system area
- video: fbdev: amba-clcd: Fix refcount leak bugs
- video: fbdev: sis: fix typos in SiS_GetModeID()
- powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and
alias
- powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
- powerpc/xive: Fix refcount leak in xive_get_max_prio
- powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
- kprobes: Forbid probing on trampoline and BPF code areas
- powerpc/pci: Fix PHB numbering when using opal-phbid
- genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
- x86/numa: Use cpumask_available instead of hardcoded NULL check
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
- tools/thermal: Fix possible path truncations
- video: fbdev: vt8623fb: Check the size of screen before memset_io()
- video: fbdev: arkfb: Check the size of screen before memset_io()
- video: fbdev: s3fb: Check the size of screen before memset_io()
- scsi: zfcp: Fix missing auto port scan and thus missing target ports
- x86/olpc: fix 'logical not is only applied to the left hand side'
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
- ext4: make sure ext4_append() always allocates new block
- ext4: fix use-after-free in ext4_xattr_set_entry
- ext4: update s_overhead_clusters in the superblock during an on-line resize
- ext4: fix extent status tree race in writeback error recovery path
- ext4: correct max_inline_xattr_value_size computing
- ext4: correct the misjudgment in ext4_iget_extra_inode
- intel_th: pci: Add Raptor Lake-S CPU support
- intel_th: pci: Add Raptor Lake-S PCH support
- intel_th: pci: Add Meteor Lake-P support
- dm raid: fix address sanitizer warning in raid_resume
- dm raid: fix address sanitizer warning in raid_status
- btrfs: reject log replay if there is unsupported RO compat flag
- KVM: Add infrastructure and macro to mark VM as bugged
- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
- KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast()
- tcp: fix over estimation in sk_forced_mem_schedule()
- scsi: sg: Allow waiting for commands to complete on removed device
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
- net/9p: Initialize the iounit field during fid creation
- net_sched: cls_route: disallow handle of 0
- powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
- ALSA: info: Fix llseek return value when using callback
- rds: add missing barrier to release_refill
- ata: libata-eh: Add missing command name
- btrfs: fix lost error handling when looking up extended ref on log replay
- can: ems_usb: fix clang's -Wunaligned-access warning
- apparmor: fix quiet_denied for file rules
- apparmor: Fix failed mount permission check error message
- apparmor: fix aa_label_asxprint return check
- apparmor: fix reference count leak in aa_pivotroot()
- NFSv4: Fix races in the legacy idmapper upcall
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES
- SUNRPC: Reinitialise the backchannel request buffers before reuse
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
- geneve: do not use RT_TOS for IPv6 flowlabel
- vsock: Fix memory leak in vsock_connect()
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
- tools build: Switch to new openssl API for test-libcrypto
- xen/xenbus: fix return type in xenbus_file_read()
- atm: idt77252: fix use-after-free bugs caused by tst_timer
- nios2: page fault et.al. are *not* restartable syscalls...
- nios2: don't leave NULLs in sys_call_table[]
- nios2: traced syscall does need to check the syscall number
- nios2: fix syscall restart checks
- nios2: restarts apply only to the first sigframe we build...
- nios2: add force_successful_syscall_return()
- netfilter: nf_tables: really skip inactive sets when allocating name
- powerpc/pci: Fix get_phb_number() locking
- i40e: Fix to stop tx_timeout recovery if GLOBR fails
- fec: Fix timer capture timing in `fec_ptp_enable_pps()`
- igb: Add lock to avoid data race
- kbuild: clear LDFLAGS in the top Makefile
- btrfs: only write the sectors in the vertical stripe which has data stripes
- btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
- PCI: Add ACS quirk for Broadcom BCM5750x NICs
- irqchip/tegra: Fix overflow implicit truncation warnings
- usb: host: ohci-ppc-of: Fix refcount leak bug
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
- gadgetfs: ep_io - wait until IRQ finishes
- cxl: Fix a memory leak in an error handling path
- drivers:md:fix a potential use-after-free bug
- ext4: avoid remove directory when directory is corrupted
- ext4: avoid resizing to a partial cluster size
- tty: serial: Fix refcount leak bug in ucc_uart.c
- vfio: Clear the caps->buf to NULL after free
- mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
- ALSA: core: Add async signal helpers
- ALSA: timer: Use deferred fasync helper
- smb3: check xattr value length earlier
- powerpc/64: Init jump labels before parse_early_param()
- video: fbdev: i740fb: Check the argument of i740_calc_vclk()
- MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
- ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
- nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
- media: tw686x: Register the irq at the end of probe
- HID: cp2112: prevent a buffer overflow in cp2112_xfer()
- staging: rtl8192u: Fix sleep in atomic context bug in
dm_fsync_timer_callback
- HID: alps: Declare U1_UNICORN_LEGACY support
- tty: n_gsm: fix missing corner cases in gsmld_poll()
- rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
- gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
* Bionic update: upstream stable patchset 2022-09-21 (LP: #1990434)
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in
xfrm_bundle_lookup()
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
- perf/core: Fix data race between perf_event_set_output() and
perf_mmap_close()
- ip: Fix a data-race around sysctl_fwmark_reflect.
- tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
- tcp: Fix a data-race around sysctl_tcp_probe_threshold.
- tcp: Fix a data-race around sysctl_tcp_probe_interval.
- i2c: cadence: Change large transfer count reset logic to be unconditional
- net: stmmac: fix dma queue left shift overflow issue
- igmp: Fix data-races around sysctl_igmp_llm_reports.
- igmp: Fix a data-race around sysctl_igmp_max_memberships.
- tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
- be2net: Fix buffer overflow in be_get_module_eeprom
- Revert "Revert "char/random: silence a lockdep splat with printk()""
- mm/mempolicy: fix uninit-value in mpol_rebind_policy()
- bpf: Make sure mac_header was set before using it
- drm/tilcdc: Remove obsolete crtc_mode_valid() hack
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
- ALSA: memalloc: Align buffer allocations in page size
- Bluetooth: Add bt_skb_sendmsg helper
- Bluetooth: Add bt_skb_sendmmsg helper
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
- Bluetooth: Fix passing NULL to PTR_ERR
- Bluetooth: SCO: Fix sco_send_frame returning skb->len
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
- tty: drivers/tty/, stop using tty_schedule_flip()
- tty: the rest, stop using tty_schedule_flip()
- tty: drop tty_schedule_flip()
- tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
- tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
- PCI: hv: Fix multi-MSI to allow more than one MSI vector
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
- PCI: hv: Fix interrupt mapping for multi-MSI
- ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
- ip: Fix data-races around sysctl_ip_nonlocal_bind.
- tcp: Fix data-races around sysctl_tcp_mtu_probing.
- tcp: Fix data-races around sysctl_tcp_reordering.
- tcp: Fix data-races around some timeout sysctl knobs.
- tcp: Fix a data-race around sysctl_tcp_tw_reuse.
- tcp: Fix data-races around sysctl_tcp_fastopen.
- tcp: Fix a data-race around sysctl_tcp_early_retrans.
- tcp: Fix data-races around sysctl_tcp_recovery.
- tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
- tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
- tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
- tcp: Fix a data-race around sysctl_tcp_stdurg.
- tcp: Fix a data-race around sysctl_tcp_rfc1337.
- tcp: Fix data-races around sysctl_tcp_max_reordering.
- ima: remove the IMA_TEMPLATE Kconfig option
- [Config] updateconfigs for IMA_TEMPLATE
- s390/archrandom: prevent CPACF trng invocations in interrupt context
- tcp: Fix data-races around sysctl_tcp_dsack.
- tcp: Fix a data-race around sysctl_tcp_app_win.
- tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
- tcp: Fix a data-race around sysctl_tcp_frto.
- tcp: Fix a data-race around sysctl_tcp_nometrics_save.
- scsi: ufs: host: Hold reference returned by of_parse_phandle()
- tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
- net: ping6: Fix memleak in ipv6_renew_options().
- igmp: Fix data-races around sysctl_igmp_qrv.
- net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
- tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
- tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
- tcp: Fix a data-race around sysctl_tcp_autocorking.
- tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
- Documentation: fix sctp_wmem in ip-sysctl.rst
- i40e: Fix interface init with MSI interrupts (no MSI-X)
- sctp: fix sleep in atomic context bug in timer handlers
- perf symbol: Correct address for bss symbols
- scsi: core: Fix race between handling STS_RESOURCE and completion
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only
* unprivileged users may trigger page cache invalidation WARN (LP: #1989144)
- iomap: fix WARN_ON_ONCE() from unprivileged users
* Users belonging to video group may trigger a deadlock WARN (LP: #1990690)
- SAUCE: fbdev: remove redundant lock_fb_info
* ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel
systems (LP: #1990985)
- ACPI: processor_idle: Skip dummy wait if kernel is in guest
- ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel
systems
* CVE-2022-3028
- af_key: Do not call xfrm_probe_algs in parallel
* CVE-2022-2978
- fs: fix UAF/GPF bug in nilfs_mdt_destroy
* CVE-2022-40768
- scsi: stex: Properly zero out the passthrough command structure
Date: 2022-11-25 15:09:09.091025+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.cascardo at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1157.172
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list