[ubuntu/bionic-updates] linux-kvm 4.15.0-1110.113 (Accepted)
Andy Whitcroft
apw at canonical.com
Mon Mar 21 21:26:59 UTC 2022
linux-kvm (4.15.0-1110.113) bionic; urgency=medium
* bionic/linux-kvm: 4.15.0-1110.113 -proposed tracker (LP: #1964232)
[ Ubuntu: 4.15.0-172.181 ]
* CVE-2022-0847
- lib/iov_iter: initialize "flags" in new pipe_buffer
* Bionic update: upstream stable patchset 2022-02-11 (LP: #1960681)
- Bluetooth: bfusb: fix division by zero in send path
- USB: core: Fix bug in resuming hub's handling of wakeup requests
- USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
- can: gs_usb: fix use of uninitialized variable, detach device on reception
of invalid USB data
- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
- random: fix data race on crng_node_pool
- random: fix data race on crng init time
- staging: wlan-ng: Avoid bitwise vs logical OR warning in
hfa384x_usb_throttlefn()
- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
- media: uvcvideo: fix division by zero at stream start
- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with
interrupts enabled
- Bluetooth: schedule SCO timeouts with delayed_work
- Bluetooth: fix init and cleanup of sco_conn.timeout_work
- HID: uhid: Fix worker destroying device without any protection
- HID: wacom: Ignore the confidence flag when a touch is removed
- HID: wacom: Avoid using stale array indicies to read contact count
- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed
bind()
- rtc: cmos: take rtc_lock while reading from CMOS
- media: flexcop-usb: fix control-message timeouts
- media: mceusb: fix control-message timeouts
- media: em28xx: fix control-message timeouts
- media: cpia2: fix control-message timeouts
- media: s2255: fix control-message timeouts
- media: dib0700: fix undefined behavior in tuner shutdown
- media: redrat3: fix control-message timeouts
- media: pvrusb2: fix control-message timeouts
- media: stk1160: fix control-message timeouts
- can: softing_cs: softingcs_probe(): fix memleak on registration failure
- shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
- clk: bcm-2835: Pick the closest clock rate
- clk: bcm-2835: Remove rounding up the dividers
- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
- media: em28xx: fix memory leak in em28xx_init_dev
- Bluetooth: stop proccessing malicious adv data
- media: dmxdev: fix UAF when dvb_register_device() fails
- crypto: qce - fix uaf on qce_ahash_register_one
- tty: serial: atmel: Check return code of dmaengine_submit()
- tty: serial: atmel: Call dma_async_issue_pending()
- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
- netfilter: bridge: add support for pppoe filtering
- arm64: dts: qcom: msm8916: fix MMC controller aliases
- drm/amdgpu: Fix a NULL pointer dereference in
amdgpu_connector_lcd_native_mode()
- drm/radeon/radeon_kms: Fix a NULL pointer dereference in
radeon_driver_open_kms()
- serial: amba-pl011: do not request memory region twice
- floppy: Fix hang in watchdog when disk is ejected
- media: dib8000: Fix a memleak in dib8000_init()
- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
- media: si2157: Fix "warm" tuner state detection
- sched/rt: Try to restart rt period timer when rt runtime exceeded
- media: dw2102: Fix use after free
- media: msi001: fix possible null-ptr-deref in msi001_probe()
- usb: ftdi-elan: fix memory leak on device disconnect
- x86/mce/inject: Avoid out-of-bounds write when setting flags
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
__nonstatic_find_io_region()
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
nonstatic_find_mem_region()
- ppp: ensure minimum packet size in ppp_write()
- fsl/fman: Check for null pointer after calling devm_ioremap
- spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
- tpm: add request_locality before write TPM_INT_ENABLE
- can: softing: softing_startstop(): fix set but not used variable warning
- can: xilinx_can: xcan_probe(): check for error irq
- pcmcia: fix setting of kthread task states
- net: mcs7830: handle usb read errors properly
- ext4: avoid trim error on fs with small groups
- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
- RDMA/hns: Validate the pkey index
- powerpc/prom_init: Fix improper check of prom_getprop()
- ALSA: oss: fix compile error when OSS_DEBUG is enabled
- char/mwave: Adjust io port register size
- scsi: ufs: Fix race conditions related to driver data
- RDMA/core: Let ib_find_gid() continue search even after empty entry
- dmaengine: pxa/mmp: stop referencing config->slave_id
- iommu/iova: Fix race between FQ timeout and teardown
- ASoC: samsung: idma: Check of ioremap return value
- misc: lattice-ecp3-config: Fix task hung when firmware load failed
- mips: lantiq: add support for clk_set_parent()
- mips: bcm63xx: add support for clk_set_parent()
- RDMA/cxgb4: Set queue pair state when being queried
- Bluetooth: Fix debugfs entry leak in hci_register_dev()
- fs: dlm: filter user dlm messages for kernel locks
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
- usb: gadget: f_fs: Use stream_open() for endpoint files
- HID: apple: Do not reset quirks when the Fn key is not found
- media: b2c2: Add missing check in flexcop_pci_isr:
- mlxsw: pci: Add shutdown method in PCI driver
- drm/bridge: megachips: Ensure both bridges are probed before registration
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
- HSI: core: Fix return freed object in hsi_new_client
- mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
- usb: uhci: add aspeed ast2600 uhci support
- floppy: Add max size check for user space request
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
- media: saa7146: hexium_orion: Fix a NULL pointer dereference in
hexium_attach()
- media: m920x: don't use stack on USB reads
- iwlwifi: mvm: synchronize with FW after multicast commands
- ath10k: Fix tx hanging
- net: bonding: debug: avoid printing debug logs when bond is not notifying
peers
- bpf: Do not WARN in bpf_warn_invalid_xdp_action()
- media: igorplugusb: receiver overflow should be reported
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in
hexium_attach()
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
- arm64: tegra: Adjust length of CCPLEX cluster MMIO region
- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
- iwlwifi: fix leaks/bad data after failed firmware load
- iwlwifi: remove module loading failure message
- um: registers: Rename function names to avoid conflicts and build problems
- jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
- ACPICA: Utilities: Avoid deleting the same object twice in a row
- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
- btrfs: remove BUG_ON() in find_parent_nodes()
- btrfs: remove BUG_ON(!eie) in find_parent_nodes
- net: mdio: Demote probed message to debug print
- mac80211: allow non-standard VHT MCS-10/11
- dm btree: add a defensive bounds check to insert_at()
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
- net: phy: marvell: configure RGMII delays for 88E1118
- serial: pl010: Drop CR register reset on set_termios
- serial: core: Keep mctrl register state and cached copy in sync
- parisc: Avoid calling faulthandler_disabled() twice
- powerpc/6xx: add missing of_node_put
- powerpc/powernv: add missing of_node_put
- powerpc/cell: add missing of_node_put
- powerpc/btext: add missing of_node_put
- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
- i2c: i801: Don't silently correct invalid transfer size
- powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
- i2c: mpc: Correct I2C reset procedure
- w1: Misuse of get_user()/put_user() reported by sparse
- ALSA: seq: Set upper limit of processed events
- MIPS: OCTEON: add put_device() after of_find_device_by_node()
- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
- MIPS: Octeon: Fix build errors using clang
- scsi: sr: Don't use GFP_DMA
- ASoC: mediatek: mt8173: fix device_node leak
- power: bq25890: Enable continuous conversion for ADC at charging
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
- serial: Fix incorrect rs485 polarity on uart open
- cputime, cpuacct: Include guest time in user time in cpuacct.stat
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
- ext4: make sure quota gets properly shutdown on error
- ext4: set csum seed in tmp inode while migrating to extents
- ext4: Fix BUG_ON in ext4_bread when write quota data
- ext4: don't use the orphan list when migrating an inode
- crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
- drm/radeon: fix error handling in radeon_driver_open_kms
- firmware: Update Kconfig help text for Google firmware
- Documentation: refer to config RANDOMIZE_BASE for kernel address-space
randomization
- RDMA/hns: Modify the mapping attribute of doorbell to device
- RDMA/rxe: Fix a typo in opcode name
- powerpc/cell: Fix clang -Wimplicit-fallthrough warning
- powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
- parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
- net: axienet: Wait for PhyRstCmplt after core reset
- net: axienet: fix number of TX ring slots for available check
- netns: add schedule point in ops_exit_list()
- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
- dmaengine: at_xdmac: Don't start transactions at tx_submit level
- dmaengine: at_xdmac: Print debug message after realeasing the lock
- dmaengine: at_xdmac: Fix lld view setting
- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
- net_sched: restore "mpu xxx" handling
- bcmgenet: add WOL IRQ check
- scripts/dtc: dtx_diff: remove broken example from help text
- lib82596: Fix IRQ check in sni_82596_probe
- mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue
- gianfar: simplify FCS handling and fix memory leak
- firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
- firmware: qemu_fw_cfg: fix kobject leak in probe error path
- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after
reboot from Windows
- wcn36xx: Release DMA channel descriptor allocations
- tty: serial: uartlite: allow 64 bit address
- xfrm: fix a small bug in xfrm_sa_len()
- mmc: meson-mx-sdio: add IRQ check
- netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
- staging: greybus: audio: Check null pointer
- Bluetooth: hci_bcm: Check for error irq
- ASoC: rt5663: Handle device_property_read_u32_array error codes
- rpmsg: Only invoke announce_create for rpdev with endpoints
- rpmsg: core: Clean up resources on announce_create failure.
- dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
- rtc: pxa: fix null pointer dereference
* CVE-2022-0435
- tipc: improve size validations for received domain records
* CVE-2022-0492
- cgroup-v1: Require capabilities to set release_agent
* CVE-2021-3506
- f2fs: fix to avoid out-of-bounds memory access
* Bionic update: upstream stable patchset 2022-02-01 (LP: #1959709)
- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
- tracing: Tag trace_percpu_buffer as a percpu pointer
- virtio_pci: Support surprise removal of virtio pci device
- ieee802154: atusb: fix uninit value in atusb_set_extended_addr
- RDMA/core: Don't infoleak GRH fields
- mac80211: initialize variable have_higher_than_11mbit
- i40e: fix use-after-free in i40e_sync_filters_subtask()
- i40e: Fix incorrect netdev's real number of RX/TX queues
- ipv6: Check attribute length for RTA_GATEWAY in multipath route
- ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
- sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
- power: reset: ltc2952: Fix use of floating point literals
- rndis_host: support Hytera digital radios
- phonet: refcount leak in pep_sock_accep
- ipv6: Continue processing multipath route even if gateway attribute is
invalid
- ipv6: Do cleanup if attribute validation fails in multipath route
- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
- ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
- net: udp: fix alignment problem in udp4_seq_show()
- mISDN: change function names to avoid conflicts
- usb: mtu3: fix interval value for intr and isoc
* Bionic update: upstream stable patchset 2022-01-27 (LP: #1959335)
- tee: handle lookup of shm with reference count 0
- platform/x86: apple-gmux: use resource_size() with res
- selinux: initialize proto variable in selinux_ip_postroute_compat()
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
- net: usb: pegasus: Do not drop long Ethernet frames
- NFC: st21nfca: Fix memory leak in device probe and remove
- fsl/fman: Fix missing put_device() call in fman_port_probe
- nfc: uapi: use kernel size_t to fix user-space builds
- uapi: fix linux/nfc.h userspace compilation errors
- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
- binder: fix async_free_space accounting for empty parcels
- scsi: vmw_pvscsi: Set residual data length conditionally
- Input: appletouch - initialize work before device registration
- Input: spaceball - fix parsing of movement data packets
- net: fix use-after-free in tw_timer_handler
- sctp: use call_rcu to free endpoint
- Input: i8042 - add deferred probe support
- Input: i8042 - enable deferred probe quirk for ASUS UM325UA
- i2c: validate user data in compat ioctl
- usb: mtu3: set interval of FS intr and isoc endpoint
* Bionic update: upstream stable patchset 2022-01-27 (LP: #1959335) //
HID_ASUS should depend on USB_HID in stable v4.15 backports (LP: #1959762)
- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
* Packaging resync (LP: #1786013)
- [Packaging] resync getabis
Date: 2022-03-10 22:18:22.686504+00:00
Changed-By: Luke Nowakowski-Krijger <luke.nowakowskikrijger at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1110.113
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list