[ubuntu/bionic-security] linux 4.15.0-189.200 (Accepted)

Andy Whitcroft apw at canonical.com
Tue Jul 12 19:19:47 UTC 2022


linux (4.15.0-189.200) bionic; urgency=medium

  * bionic/linux: 4.15.0-189.200 -proposed tracker (LP: #1979525)

  * linux-image-4.15.0-177-generic freezes on the welcome screen (LP: #1973167)
    - mfd: intel-lpss: Use MODULE_SOFTDEP() instead of implicit request

  * Bionic update: upstream stable patchset 2022-06-03 (LP: #1977622)
    - etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
    - mm: page_alloc: fix building error on -Werror=array-compare
    - tracing: Dump stacktrace trigger to the corresponding instance
    - gfs2: assign rgrp glock before compute_bitstructs
    - ALSA: usb-audio: Clear MIDI port active flag after draining
    - tcp: fix race condition when creating child sockets from syncookies
    - tcp: Fix potential use-after-free due to double kfree()
    - dmaengine: imx-sdma: Fix error checking in sdma_event_remap
    - net/packet: fix packet_sock xmit return value checking
    - netlink: reset network and mac headers in netlink_dump()
    - ARM: vexpress/spc: Avoid negative array index when !SMP
    - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be
      negative
    - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
      constant
    - vxlan: fix error return code in vxlan_fdb_append
    - cifs: Check the IOCB_DIRECT flag, not O_DIRECT
    - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
    - drm/msm/mdp5: check the return of kzalloc()
    - net: macb: Restart tx only if queue pointer is lagging
    - stat: fix inconsistency between struct stat and struct compat_stat
    - ata: pata_marvell: Check the 'bmdma_addr' beforing reading
    - dma: at_xdmac: fix a missing check on list iterator
    - powerpc/perf: Fix power9 event alternatives
    - openvswitch: fix OOB access in reserve_sfa_size()
    - ASoC: soc-dapm: fix two incorrect uses of list iterator
    - e1000e: Fix possible overflow in LTR decoding
    - ARC: entry: fix syscall_trace_exit argument
    - ext4: fix symlink file size not match to file content
    - ext4: fix overhead calculation to account for the reserved gdt blocks
    - ext4: force overhead calculation if the s_overhead_cluster makes no sense
    - staging: ion: Prevent incorrect reference counting behavour
    - block/compat_ioctl: fix range check in BLKGETSIZE
    - ax25: add refcount in ax25_dev to avoid UAF bugs
    - ax25: fix reference count leaks of ax25_dev
    - ax25: fix UAF bugs of net_device caused by rebinding operation
    - ax25: Fix refcount leaks caused by ax25_cb_del()
    - ax25: fix UAF bug in ax25_send_control()
    - ax25: fix NPD bug in ax25_disconnect
    - ax25: Fix NULL pointer dereferences in ax25 timers
    - ax25: Fix UAF bugs in ax25 timers
    - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
    - net/sched: cls_u32: fix possible leak in u32_init_knode()
    - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
    - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare

  * Bionic update: upstream stable patchset 2022-05-17 (LP: #1973831)
    - USB: serial: pl2303: add IBM device IDs
    - USB: serial: simple: add Nokia phone driver
    - netdevice: add the case if dev is NULL
    - virtio_console: break out of buf poll on remove
    - ethernet: sun: Free the coherent when failing in probing
    - spi: Fix invalid sgs value
    - spi: Fix erroneous sgs value with min_t()
    - af_key: add __GFP_ZERO flag for compose_sadb_supported in function
      pfkey_register
    - fuse: fix pipe buffer lifetime for direct_io
    - tpm: fix reference counting for struct tpm_chip
    - block: Add a helper to validate the block size
    - virtio-blk: Use blk_validate_block_size() to validate block size
    - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
    - coresight: Fix TRCCONFIGR.QE sysfs interface
    - iio: inkern: apply consumer scale on IIO_VAL_INT cases
    - iio: inkern: apply consumer scale when no channel scale is available
    - iio: inkern: make a best effort on offset calculation
    - clk: uniphier: Fix fixed-rate initialization
    - Documentation: add link to stable release candidate tree
    - Documentation: update stable tree link
    - SUNRPC: avoid race between mod_timer() and del_timer_sync()
    - NFSD: prevent underflow in nfssvc_decode_writeargs()
    - pinctrl: samsung: drop pin banks references on error paths
    - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
    - jffs2: fix memory leak in jffs2_do_mount_fs
    - jffs2: fix memory leak in jffs2_scan_medium
    - mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
    - mempolicy: mbind_range() set_policy() after vma_merge()
    - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
    - qed: display VF trust config
    - qed: validate and restrict untrusted VFs vlan promisc mode
    - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
    - ALSA: cs4236: fix an incorrect NULL check on list iterator
    - drbd: fix potential silent data corruption
    - ACPI: properties: Consistently return -ENOENT if there are no more
      references
    - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
    - video: fbdev: sm712fb: Fix crash in smtcfb_read()
    - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
    - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
    - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
    - ARM: dts: exynos: add missing HDMI supplies on SMDK5250
    - ARM: dts: exynos: add missing HDMI supplies on SMDK5420
    - carl9170: fix missing bit-wise or operator for tx_params
    - thermal: int340x: Increase bitmap size
    - lib/raid6/test: fix multiple definition linking error
    - DEC: Limit PMAX memory probing to R3k systems
    - media: davinci: vpif: fix unbalanced runtime PM get
    - brcmfmac: firmware: Allocate space for default boardrev in nvram
    - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
    - PCI: pciehp: Clear cmd_busy bit in polling mode
    - crypto: authenc - Fix sleep in atomic context in decrypt_tail
    - crypto: mxs-dcp - Fix scatterlist processing
    - spi: tegra114: Add missing IRQ check in tegra_spi_probe
    - selftests/x86: Add validity check and allow field splitting
    - spi: pxa2xx-pci: Balance reference count for PCI DMA device
    - hwmon: (pmbus) Add mutex to regulator ops
    - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
    - PM: hibernate: fix __setup handler error handling
    - PM: suspend: fix return value of __setup handler
    - hwrng: atmel - disable trng on failure path
    - crypto: vmx - add missing dependencies
    - ACPI: APEI: fix return value of __setup handlers
    - crypto: ccp - ccp_dmaengine_unregister release dma channels
    - hwmon: (pmbus) Add Vin unit off handling
    - clocksource: acpi_pm: fix return value of __setup handler
    - sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
    - perf/core: Fix address filter parser for multiple filters
    - perf/x86/intel/pt: Fix address filter config for 32-bit kernel
    - media: coda: Fix missing put_device() call in coda_get_vdoa_data
    - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
    - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
    - ARM: dts: qcom: ipq4019: fix sleep clock
    - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
    - media: usb: go7007: s2250-board: fix leak in probe()
    - ASoC: ti: davinci-i2s: Add check for clk_enable()
    - ALSA: spi: Add check for clk_enable()
    - arm64: dts: ns2: Fix spi-cpol and spi-cpha property
    - arm64: dts: broadcom: Fix sata nodename
    - printk: fix return value of printk.devkmsg __setup handler
    - ASoC: mxs-saif: Handle errors for clk_enable
    - ASoC: atmel_ssc_dai: Handle errors for clk_enable
    - memory: emif: Add check for setup_interrupts
    - memory: emif: check the pointer temp in get_device_details()
    - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
    - media: stk1160: If start stream fails, return buffers with
      VB2_BUF_STATE_QUEUED
    - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
    - ASoC: wm8350: Handle error for wm8350_register_irq
    - ASoC: fsi: Add check for clk_enable
    - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
    - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
    - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
    - ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
    - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in
      msm8916_wcd_digital_probe
    - mtd: onenand: Check for error irq
    - drm/edid: Don't clear formats if using deep color
    - ath9k_htc: fix uninit value bugs
    - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
    - ray_cs: Check ioremap return value
    - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
    - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
    - iwlwifi: Fix -EIO error code that is never returned
    - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
    - scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
    - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
    - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
    - scsi: pm8001: Fix abort all task initialization
    - TOMOYO: fix __setup handlers return values
    - ext2: correct max file size computing
    - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
    - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false
      return
    - KVM: x86: Fix emulation in writing cr8
    - KVM: x86/emulator: Defer not-present segment check in
      __load_segment_descriptor()
    - i2c: xiic: Make bus names unique
    - power: supply: wm8350-power: Handle error for wm8350_register_irq
    - power: supply: wm8350-power: Add missing free in free_charger_irq
    - PCI: Reduce warnings on possible RW1C corruption
    - powerpc/sysdev: fix incorrect use to determine if list is empty
    - mfd: mc13xxx: Add check for mc13xxx_irq_request
    - vxcan: enable local echo for sent CAN frames
    - MIPS: RB532: fix return value of __setup handler
    - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
    - USB: storage: ums-realtek: fix error code in rts51x_read_mem()
    - af_netlink: Fix shift out of bounds in group mask calculation
    - i2c: mux: demux-pinctrl: do not deactivate a master that is not active
    - tcp: ensure PMTU updates are processed during fastopen
    - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
    - mxser: fix xmit_buf leak in activate when LSR == 0xff
    - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
    - staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
    - serial: 8250_mid: Balance reference count for PCI DMA device
    - serial: 8250: Fix race condition in RTS-after-send handling
    - iio: adc: Add check for devm_request_threaded_irq
    - clk: qcom: clk-rcg2: Update the frac table for pixel clock
    - remoteproc: qcom_wcnss: Add missing of_node_put() in
      wcnss_alloc_memory_region
    - clk: loongson1: Terminate clk_div_table with sentinel element
    - clk: clps711x: Terminate clk_div_table with sentinel element
    - clk: tegra: tegra124-emc: Fix missing put_device() call in
      emc_ensure_emc_driver
    - NFS: remove unneeded check in decode_devicenotify_args()
    - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
    - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
    - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
    - tty: hvc: fix return value of __setup handler
    - kgdboc: fix return value of __setup handler
    - kgdbts: fix return value of __setup handler
    - jfs: fix divide error in dbNextAG
    - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
    - xen: fix is_xen_pmu()
    - net: phy: broadcom: Fix brcm_fet_config_init()
    - qlcnic: dcb: default to returning -EOPNOTSUPP
    - net/x25: Fix null-ptr-deref caused by x25_disconnect
    - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
    - lib/test: use after free in register_test_dev_kmod()
    - selinux: use correct type for context length
    - loop: use sysfs_emit() in the sysfs xxx show()
    - Fix incorrect type in assignment of ipv6 port for audit
    - irqchip/nvic: Release nvic_base upon failure
    - ACPICA: Avoid walking the ACPI Namespace if it is not there
    - ACPI/APEI: Limit printable size of BERT table data
    - PM: core: keep irq flags in device_pm_check_callbacks()
    - spi: tegra20: Use of_device_get_match_data()
    - ext4: don't BUG if someone dirty pages without asking ext4 first
    - ntfs: add sanity check on allocation size
    - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
    - video: fbdev: w100fb: Reset global state
    - video: fbdev: cirrusfb: check pixclock to avoid divide by zero
    - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
    - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
    - ARM: dts: bcm2837: Add the missing L1/L2 cache information
    - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
    - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of
      snprintf()
    - ASoC: soc-core: skip zero num_dai component in searching dai name
    - media: cx88-mpeg: clear interrupt status register before streaming video
    - ARM: tegra: tamonten: Fix I2C3 pad setting
    - ARM: mmp: Fix failure to remove sram device
    - video: fbdev: sm712fb: Fix crash in smtcfb_write()
    - media: hdpvr: initialize dev->worker at hdpvr_register_videodev
    - mmc: host: Return an error when ->enable_sdio_irq() ops is missing
    - powerpc/lib/sstep: Fix 'sthcx' instruction
    - powerpc/lib/sstep: Fix build errors with newer binutils
    - scsi: qla2xxx: Fix warning for missing error code
    - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
    - KVM: Prevent module exit until all VMs are freed
    - ubifs: rename_whiteout: Fix double free for whiteout_ui->data
    - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
    - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
    - ubifs: rename_whiteout: correct old_dir size computing
    - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
    - can: mcba_usb: properly check endpoint type
    - gfs2: Make sure FITRIM minlen is rounded up to fs block size
    - pinctrl: pinconf-generic: Print arguments for bias-pull-*
    - ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
    - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
    - mm/mmap: return 1 from stack_guard_gap __setup() handler
    - mm/memcontrol: return 1 from cgroup.memory __setup() handler
    - ubi: fastmap: Return error code if memory allocation fails in add_aeb()
    - ASoC: topology: Allow TLV control to be either read or write
    - ARM: dts: spear1340: Update serial node properties
    - ARM: dts: spear13xx: Update SPI dma properties
    - openvswitch: Fixed nd target mask field in the flow dump.
    - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
    - ubifs: Rectify space amount budget for mkdir/tmpfile operations
    - rtc: wm8350: Handle error for wm8350_register_irq
    - ARM: 9187/1: JIVE: fix return value of __setup handler
    - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
    - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
    - ptp: replace snprintf with sysfs_emit
    - powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
    - scsi: mvsas: Replace snprintf() with sysfs_emit()
    - scsi: bfa: Replace snprintf() with sysfs_emit()
    - power: supply: axp20x_battery: properly report current when discharging
    - powerpc: Set crashkernel offset to mid of RMA region
    - PCI: aardvark: Fix support for MSI interrupts
    - iommu/arm-smmu-v3: fix event handling soft lockup
    - dm ioctl: prevent potential spectre v1 gadget
    - scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
    - scsi: aha152x: Fix aha152x_setup() __setup handler return value
    - net/smc: correct settings of RMB window update limit
    - macvtap: advertise link netns via netlink
    - bnxt_en: Eliminate unintended link toggle during FW reset
    - MIPS: fix fortify panic when copying asm exception handlers
    - scsi: libfc: Fix use after free in fc_exch_abts_resp()
    - usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
    - xtensa: fix DTC warning unit_address_format
    - Bluetooth: Fix use after free in hci_send_acl
    - init/main.c: return 1 from handled __setup() functions
    - w1: w1_therm: fixes w1_seq for ds28ea00 sensors
    - SUNRPC/call_alloc: async tasks mustn't block waiting for memory
    - NFS: swap IO handling is slightly different for O_DIRECT IO
    - NFS: swap-out must always use STABLE writes.
    - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
    - virtio_console: eliminate anonymous module_init & module_exit
    - jfs: prevent NULL deref in diFree
    - parisc: Fix CPU affinity for Lasi, WAX and Dino chips
    - ipv6: add missing tx timestamping on IPPROTO_RAW
    - net: add missing SOF_TIMESTAMPING_OPT_ID support
    - mm: fix race between MADV_FREE reclaim and blkdev direct IO read
    - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
    - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
    - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
    - drm/imx: Fix memory leak in imx_pd_connector_get_modes
    - drbd: Fix five use after free bugs in get_initial_state
    - Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
    - mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
    - mm/mempolicy: fix mpol_new leak in shared_policy_replace
    - x86/pm: Save the MSR validity status at context setup
    - x86/speculation: Restore speculation related MSRs during S3 resume
    - btrfs: fix qgroup reserve overflow the qgroup limit
    - arm64: patch_text: Fixup last cpu should be master
    - perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
    - tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
    - dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
    - mm: don't skip swap entry even if zap_details specified
    - arm64: module: remove (NOLOAD) from linker script
    - mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
    - cgroup: Use open-time credentials for process migraton perm checks
    - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
    - cgroup: Use open-time cgroup namespace for process migration perm checks
    - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
    - veth: Ensure eth header is in skb's linear part
    - gpiolib: acpi: use correct format characters
    - mlxsw: i2c: Fix initialization error flow
    - nfc: nci: add flush_workqueue to prevent uaf
    - cifs: potential buffer overflow in handling symlinks
    - drm/amd: Add USBC connector ID
    - drm/amdkfd: Check for potential null return of kmalloc_array()
    - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
    - scsi: target: tcmu: Fix possible page UAF
    - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
    - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
    - gpu: ipu-v3: Fix dev_dbg frequency output
    - scsi: mvsas: Add PCI ID of RocketRaid 2640
    - drivers: net: slip: fix NPD bug in sl_tx_timeout()
    - mm, page_alloc: fix build_zonerefs_node()
    - mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
    - gcc-plugins: latent_entropy: use /dev/urandom
    - ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
    - ARM: davinci: da850-evm: Avoid NULL pointer dereference
    - smp: Fix offline cpu check in flush_smp_call_function_queue()
    - i2c: pasemi: Wait for write xfers to finish
    - xhci: make xhci_handshake timeout for xhci_reset() adjustable
    - drm/edid: check basic audio support on CEA extension block
    - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
    - mmc: davinci_mmc: Handle error for clk_enable
    - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
    - Bluetooth: hci_serdev: call init_rwsem() before p->open()
    - drm/amd/display: Fix a NULL pointer dereference in
      amdgpu_dm_connector_add_common_modes()
    - hv_balloon: rate-limit "Unhandled message" warning
    - scsi: qla2xxx: Fix incorrect reporting of task management failure
    - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
    - sctp: Initialize daddr on peeled off socket
    - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set

Date: 2022-06-22 19:50:08.691195+00:00
Changed-By: Luke Nowakowski-Krijger <luke.nowakowskikrijger at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/4.15.0-189.200
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list