[ubuntu/bionic-security] linux 4.15.0-189.200 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue Jul 12 19:19:47 UTC 2022
linux (4.15.0-189.200) bionic; urgency=medium
* bionic/linux: 4.15.0-189.200 -proposed tracker (LP: #1979525)
* linux-image-4.15.0-177-generic freezes on the welcome screen (LP: #1973167)
- mfd: intel-lpss: Use MODULE_SOFTDEP() instead of implicit request
* Bionic update: upstream stable patchset 2022-06-03 (LP: #1977622)
- etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
- mm: page_alloc: fix building error on -Werror=array-compare
- tracing: Dump stacktrace trigger to the corresponding instance
- gfs2: assign rgrp glock before compute_bitstructs
- ALSA: usb-audio: Clear MIDI port active flag after draining
- tcp: fix race condition when creating child sockets from syncookies
- tcp: Fix potential use-after-free due to double kfree()
- dmaengine: imx-sdma: Fix error checking in sdma_event_remap
- net/packet: fix packet_sock xmit return value checking
- netlink: reset network and mac headers in netlink_dump()
- ARM: vexpress/spc: Avoid negative array index when !SMP
- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be
negative
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
constant
- vxlan: fix error return code in vxlan_fdb_append
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
- drm/msm/mdp5: check the return of kzalloc()
- net: macb: Restart tx only if queue pointer is lagging
- stat: fix inconsistency between struct stat and struct compat_stat
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading
- dma: at_xdmac: fix a missing check on list iterator
- powerpc/perf: Fix power9 event alternatives
- openvswitch: fix OOB access in reserve_sfa_size()
- ASoC: soc-dapm: fix two incorrect uses of list iterator
- e1000e: Fix possible overflow in LTR decoding
- ARC: entry: fix syscall_trace_exit argument
- ext4: fix symlink file size not match to file content
- ext4: fix overhead calculation to account for the reserved gdt blocks
- ext4: force overhead calculation if the s_overhead_cluster makes no sense
- staging: ion: Prevent incorrect reference counting behavour
- block/compat_ioctl: fix range check in BLKGETSIZE
- ax25: add refcount in ax25_dev to avoid UAF bugs
- ax25: fix reference count leaks of ax25_dev
- ax25: fix UAF bugs of net_device caused by rebinding operation
- ax25: Fix refcount leaks caused by ax25_cb_del()
- ax25: fix UAF bug in ax25_send_control()
- ax25: fix NPD bug in ax25_disconnect
- ax25: Fix NULL pointer dereferences in ax25 timers
- ax25: Fix UAF bugs in ax25 timers
- ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
- net/sched: cls_u32: fix possible leak in u32_init_knode()
- drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
- drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
* Bionic update: upstream stable patchset 2022-05-17 (LP: #1973831)
- USB: serial: pl2303: add IBM device IDs
- USB: serial: simple: add Nokia phone driver
- netdevice: add the case if dev is NULL
- virtio_console: break out of buf poll on remove
- ethernet: sun: Free the coherent when failing in probing
- spi: Fix invalid sgs value
- spi: Fix erroneous sgs value with min_t()
- af_key: add __GFP_ZERO flag for compose_sadb_supported in function
pfkey_register
- fuse: fix pipe buffer lifetime for direct_io
- tpm: fix reference counting for struct tpm_chip
- block: Add a helper to validate the block size
- virtio-blk: Use blk_validate_block_size() to validate block size
- USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
- coresight: Fix TRCCONFIGR.QE sysfs interface
- iio: inkern: apply consumer scale on IIO_VAL_INT cases
- iio: inkern: apply consumer scale when no channel scale is available
- iio: inkern: make a best effort on offset calculation
- clk: uniphier: Fix fixed-rate initialization
- Documentation: add link to stable release candidate tree
- Documentation: update stable tree link
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
- NFSD: prevent underflow in nfssvc_decode_writeargs()
- pinctrl: samsung: drop pin banks references on error paths
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
- jffs2: fix memory leak in jffs2_do_mount_fs
- jffs2: fix memory leak in jffs2_scan_medium
- mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
- mempolicy: mbind_range() set_policy() after vma_merge()
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
- qed: display VF trust config
- qed: validate and restrict untrusted VFs vlan promisc mode
- Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
- ALSA: cs4236: fix an incorrect NULL check on list iterator
- drbd: fix potential silent data corruption
- ACPI: properties: Consistently return -ENOENT if there are no more
references
- drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
- video: fbdev: sm712fb: Fix crash in smtcfb_read()
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
- ARM: dts: exynos: add missing HDMI supplies on SMDK5250
- ARM: dts: exynos: add missing HDMI supplies on SMDK5420
- carl9170: fix missing bit-wise or operator for tx_params
- thermal: int340x: Increase bitmap size
- lib/raid6/test: fix multiple definition linking error
- DEC: Limit PMAX memory probing to R3k systems
- media: davinci: vpif: fix unbalanced runtime PM get
- brcmfmac: firmware: Allocate space for default boardrev in nvram
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
- PCI: pciehp: Clear cmd_busy bit in polling mode
- crypto: authenc - Fix sleep in atomic context in decrypt_tail
- crypto: mxs-dcp - Fix scatterlist processing
- spi: tegra114: Add missing IRQ check in tegra_spi_probe
- selftests/x86: Add validity check and allow field splitting
- spi: pxa2xx-pci: Balance reference count for PCI DMA device
- hwmon: (pmbus) Add mutex to regulator ops
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
- PM: hibernate: fix __setup handler error handling
- PM: suspend: fix return value of __setup handler
- hwrng: atmel - disable trng on failure path
- crypto: vmx - add missing dependencies
- ACPI: APEI: fix return value of __setup handlers
- crypto: ccp - ccp_dmaengine_unregister release dma channels
- hwmon: (pmbus) Add Vin unit off handling
- clocksource: acpi_pm: fix return value of __setup handler
- sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
- perf/core: Fix address filter parser for multiple filters
- perf/x86/intel/pt: Fix address filter config for 32-bit kernel
- media: coda: Fix missing put_device() call in coda_get_vdoa_data
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
- ARM: dts: qcom: ipq4019: fix sleep clock
- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
- media: usb: go7007: s2250-board: fix leak in probe()
- ASoC: ti: davinci-i2s: Add check for clk_enable()
- ALSA: spi: Add check for clk_enable()
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property
- arm64: dts: broadcom: Fix sata nodename
- printk: fix return value of printk.devkmsg __setup handler
- ASoC: mxs-saif: Handle errors for clk_enable
- ASoC: atmel_ssc_dai: Handle errors for clk_enable
- memory: emif: Add check for setup_interrupts
- memory: emif: check the pointer temp in get_device_details()
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
- media: stk1160: If start stream fails, return buffers with
VB2_BUF_STATE_QUEUED
- ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
- ASoC: wm8350: Handle error for wm8350_register_irq
- ASoC: fsi: Add check for clk_enable
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
- ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
- ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in
msm8916_wcd_digital_probe
- mtd: onenand: Check for error irq
- drm/edid: Don't clear formats if using deep color
- ath9k_htc: fix uninit value bugs
- power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
- ray_cs: Check ioremap return value
- power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
- iwlwifi: Fix -EIO error code that is never returned
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
- scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
- scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
- scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
- scsi: pm8001: Fix abort all task initialization
- TOMOYO: fix __setup handlers return values
- ext2: correct max file size computing
- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
- power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false
return
- KVM: x86: Fix emulation in writing cr8
- KVM: x86/emulator: Defer not-present segment check in
__load_segment_descriptor()
- i2c: xiic: Make bus names unique
- power: supply: wm8350-power: Handle error for wm8350_register_irq
- power: supply: wm8350-power: Add missing free in free_charger_irq
- PCI: Reduce warnings on possible RW1C corruption
- powerpc/sysdev: fix incorrect use to determine if list is empty
- mfd: mc13xxx: Add check for mc13xxx_irq_request
- vxcan: enable local echo for sent CAN frames
- MIPS: RB532: fix return value of __setup handler
- mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
- USB: storage: ums-realtek: fix error code in rts51x_read_mem()
- af_netlink: Fix shift out of bounds in group mask calculation
- i2c: mux: demux-pinctrl: do not deactivate a master that is not active
- tcp: ensure PMTU updates are processed during fastopen
- mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
- mxser: fix xmit_buf leak in activate when LSR == 0xff
- pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
- staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
- serial: 8250_mid: Balance reference count for PCI DMA device
- serial: 8250: Fix race condition in RTS-after-send handling
- iio: adc: Add check for devm_request_threaded_irq
- clk: qcom: clk-rcg2: Update the frac table for pixel clock
- remoteproc: qcom_wcnss: Add missing of_node_put() in
wcnss_alloc_memory_region
- clk: loongson1: Terminate clk_div_table with sentinel element
- clk: clps711x: Terminate clk_div_table with sentinel element
- clk: tegra: tegra124-emc: Fix missing put_device() call in
emc_ensure_emc_driver
- NFS: remove unneeded check in decode_devicenotify_args()
- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
- pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
- tty: hvc: fix return value of __setup handler
- kgdboc: fix return value of __setup handler
- kgdbts: fix return value of __setup handler
- jfs: fix divide error in dbNextAG
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
- xen: fix is_xen_pmu()
- net: phy: broadcom: Fix brcm_fet_config_init()
- qlcnic: dcb: default to returning -EOPNOTSUPP
- net/x25: Fix null-ptr-deref caused by x25_disconnect
- NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
- lib/test: use after free in register_test_dev_kmod()
- selinux: use correct type for context length
- loop: use sysfs_emit() in the sysfs xxx show()
- Fix incorrect type in assignment of ipv6 port for audit
- irqchip/nvic: Release nvic_base upon failure
- ACPICA: Avoid walking the ACPI Namespace if it is not there
- ACPI/APEI: Limit printable size of BERT table data
- PM: core: keep irq flags in device_pm_check_callbacks()
- spi: tegra20: Use of_device_get_match_data()
- ext4: don't BUG if someone dirty pages without asking ext4 first
- ntfs: add sanity check on allocation size
- video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
- video: fbdev: w100fb: Reset global state
- video: fbdev: cirrusfb: check pixclock to avoid divide by zero
- video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
- ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
- ARM: dts: bcm2837: Add the missing L1/L2 cache information
- video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
- video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of
snprintf()
- ASoC: soc-core: skip zero num_dai component in searching dai name
- media: cx88-mpeg: clear interrupt status register before streaming video
- ARM: tegra: tamonten: Fix I2C3 pad setting
- ARM: mmp: Fix failure to remove sram device
- video: fbdev: sm712fb: Fix crash in smtcfb_write()
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev
- mmc: host: Return an error when ->enable_sdio_irq() ops is missing
- powerpc/lib/sstep: Fix 'sthcx' instruction
- powerpc/lib/sstep: Fix build errors with newer binutils
- scsi: qla2xxx: Fix warning for missing error code
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
- KVM: Prevent module exit until all VMs are freed
- ubifs: rename_whiteout: Fix double free for whiteout_ui->data
- ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
- ubifs: rename_whiteout: correct old_dir size computing
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
- can: mcba_usb: properly check endpoint type
- gfs2: Make sure FITRIM minlen is rounded up to fs block size
- pinctrl: pinconf-generic: Print arguments for bias-pull-*
- ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
- mm/mmap: return 1 from stack_guard_gap __setup() handler
- mm/memcontrol: return 1 from cgroup.memory __setup() handler
- ubi: fastmap: Return error code if memory allocation fails in add_aeb()
- ASoC: topology: Allow TLV control to be either read or write
- ARM: dts: spear1340: Update serial node properties
- ARM: dts: spear13xx: Update SPI dma properties
- openvswitch: Fixed nd target mask field in the flow dump.
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
- ubifs: Rectify space amount budget for mkdir/tmpfile operations
- rtc: wm8350: Handle error for wm8350_register_irq
- ARM: 9187/1: JIVE: fix return value of __setup handler
- KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
- ptp: replace snprintf with sysfs_emit
- powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
- scsi: mvsas: Replace snprintf() with sysfs_emit()
- scsi: bfa: Replace snprintf() with sysfs_emit()
- power: supply: axp20x_battery: properly report current when discharging
- powerpc: Set crashkernel offset to mid of RMA region
- PCI: aardvark: Fix support for MSI interrupts
- iommu/arm-smmu-v3: fix event handling soft lockup
- dm ioctl: prevent potential spectre v1 gadget
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
- net/smc: correct settings of RMB window update limit
- macvtap: advertise link netns via netlink
- bnxt_en: Eliminate unintended link toggle during FW reset
- MIPS: fix fortify panic when copying asm exception handlers
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
- usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
- xtensa: fix DTC warning unit_address_format
- Bluetooth: Fix use after free in hci_send_acl
- init/main.c: return 1 from handled __setup() functions
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors
- SUNRPC/call_alloc: async tasks mustn't block waiting for memory
- NFS: swap IO handling is slightly different for O_DIRECT IO
- NFS: swap-out must always use STABLE writes.
- serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
- virtio_console: eliminate anonymous module_init & module_exit
- jfs: prevent NULL deref in diFree
- parisc: Fix CPU affinity for Lasi, WAX and Dino chips
- ipv6: add missing tx timestamping on IPPROTO_RAW
- net: add missing SOF_TIMESTAMPING_OPT_ID support
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read
- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
- net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
- drm/imx: Fix memory leak in imx_pd_connector_get_modes
- drbd: Fix five use after free bugs in get_initial_state
- Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
- mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
- mm/mempolicy: fix mpol_new leak in shared_policy_replace
- x86/pm: Save the MSR validity status at context setup
- x86/speculation: Restore speculation related MSRs during S3 resume
- btrfs: fix qgroup reserve overflow the qgroup limit
- arm64: patch_text: Fixup last cpu should be master
- perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
- tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
- dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
- mm: don't skip swap entry even if zap_details specified
- arm64: module: remove (NOLOAD) from linker script
- mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
- cgroup: Use open-time credentials for process migraton perm checks
- cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
- cgroup: Use open-time cgroup namespace for process migration perm checks
- memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
- veth: Ensure eth header is in skb's linear part
- gpiolib: acpi: use correct format characters
- mlxsw: i2c: Fix initialization error flow
- nfc: nci: add flush_workqueue to prevent uaf
- cifs: potential buffer overflow in handling symlinks
- drm/amd: Add USBC connector ID
- drm/amdkfd: Check for potential null return of kmalloc_array()
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
- scsi: target: tcmu: Fix possible page UAF
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
- gpu: ipu-v3: Fix dev_dbg frequency output
- scsi: mvsas: Add PCI ID of RocketRaid 2640
- drivers: net: slip: fix NPD bug in sl_tx_timeout()
- mm, page_alloc: fix build_zonerefs_node()
- mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
- gcc-plugins: latent_entropy: use /dev/urandom
- ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
- ARM: davinci: da850-evm: Avoid NULL pointer dereference
- smp: Fix offline cpu check in flush_smp_call_function_queue()
- i2c: pasemi: Wait for write xfers to finish
- xhci: make xhci_handshake timeout for xhci_reset() adjustable
- drm/edid: check basic audio support on CEA extension block
- ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
- mmc: davinci_mmc: Handle error for clk_enable
- drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
- Bluetooth: hci_serdev: call init_rwsem() before p->open()
- drm/amd/display: Fix a NULL pointer dereference in
amdgpu_dm_connector_add_common_modes()
- hv_balloon: rate-limit "Unhandled message" warning
- scsi: qla2xxx: Fix incorrect reporting of task management failure
- ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
- sctp: Initialize daddr on peeled off socket
- testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
Date: 2022-06-22 19:50:08.691195+00:00
Changed-By: Luke Nowakowski-Krijger <luke.nowakowskikrijger at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/4.15.0-189.200
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list