[ubuntu/bionic-security] linux 4.15.0-177.186 (Accepted)
Andy Whitcroft
apw at canonical.com
Thu May 12 09:13:53 UTC 2022
linux (4.15.0-177.186) bionic; urgency=medium
* bionic/linux: 4.15.0-177.186 -proposed tracker (LP: #1969083)
* Bionic update: upstream stable patchset 2022-04-13 (LP: #1968932)
- cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
- vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
- parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
- parisc/unaligned: Fix ldw() and stw() unalignment handlers
- sr9700: sanity check for packet length
- USB: zaurus: support another broken Zaurus
- ping: remove pr_err from ping_lookup
- net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
- gso: do not skip outer ip header in case of ipip and net_failover
- openvswitch: Fix setting ipv6 fields causing hw csum failure
- drm/edid: Always set RGB444
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
- configfs: fix a race in configfs_{,un}register_subsystem()
- RDMA/ib_srp: Fix a deadlock
- iio: adc: men_z188_adc: Fix a resource leak in an error handling path
- ata: pata_hpt37x: disable primary channel on HPT371
- Revert "USB: serial: ch341: add new Product ID for CH341A"
- usb: gadget: rndis: add spinlock for rndis response list
- tracefs: Set the group ownership in apply_options() not parse_options()
- USB: serial: option: add support for DW5829e
- USB: serial: option: add Telit LE910R1 compositions
- usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
- xhci: re-initialize the HC during resume if HCE was set
- xhci: Prevent futile URB re-submissions due to incorrect return value.
- tty: n_gsm: fix encoding of control signal octet bit DV
- tty: n_gsm: fix proper link termination after failed open
- Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of
DEVINIT/PREOS/ACR"
- memblock: use kfree() to release kmalloced memblock regions
- fget: clarify and improve __fget_files() implementation
- gpio: tegra186: Fix chip_data type confusion
- tracing: Have traceon and traceoff trigger honor the instance
- mac80211_hwsim: report NOACK frames in tx_status
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
- i2c: bcm2835: Avoid clock stretching timeouts
- Input: clear BTN_RIGHT/MIDDLE on buttonpads
- cifs: fix double free race when mount fails in cifs_get_root()
- dmaengine: shdma: Fix runtime PM imbalance on error
- i2c: cadence: allow COMPILE_TEST
- i2c: qup: allow COMPILE_TEST
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
- usb: gadget: don't release an existing dev->buf
- usb: gadget: clear related members when goto fail
- ata: pata_hpt37x: fix PCI clock detection
- ALSA: intel_hdmi: Fix reference to PCM buffer address
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
- xfrm: fix MTU regression
- netfilter: fix use-after-free in __nf_register_net_hook()
- xfrm: enforce validity of offload input flags
- netfilter: nf_queue: don't assume sk is full socket
- netfilter: nf_queue: fix possible use-after-free
- batman-adv: Request iflink once in batadv-on-batadv check
- batman-adv: Request iflink once in batadv_get_real_netdevice
- batman-adv: Don't expect inter-netns unique iflink indices
- net: dcb: flush lingering app table entries for unregistered devices
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
- mac80211: fix forwarded mesh frames AC & queue selection
- net: stmmac: fix return value of __setup handler
- net: sxgbe: fix return value of __setup handler
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
- efivars: Respect "block" flag in efivar_entry_set_safe()
- can: gs_usb: change active_channels's type from atomic_t to u8
- ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
- soc: fsl: qe: Check of ioremap return value
- net: chelsio: cxgb3: check the return value of pci_find_capability()
- nl80211: Handle nla_memdup failures in handle_nan_filter
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power()
- Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
- HID: add mapping for KEY_ALL_APPLICATIONS
- memfd: fix F_SEAL_WRITE after shmem huge page allocated
- net: dcb: disable softirqs in dcbnl_flush_dev()
- hamradio: fix macro redefine warning
- arm/arm64: Provide a wrapper for SMCCC 1.1 calls
- arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
- ARM: report Spectre v2 status through sysfs
- ARM: early traps initialisation
- ARM: use LOADADDR() to get load address of sections
- [Config] updateconfigs for HARDEN_BRANCH_HISTORY
- ARM: Spectre-BHB workaround
- ARM: include unprivileged BPF status in Spectre V2 reporting
- ARM: fix build error when BPF_SYSCALL is disabled
- ARM: fix co-processor register typo
- ARM: Do not use NOCROSSREFS directive with ld.lld
- ARM: fix build warning in proc-v7-bugs.c
- xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
- xen/grant-table: add gnttab_try_end_foreign_access()
- xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
- xen/netfront: don't use gnttab_query_foreign_access() for mapped status
- xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
- xen/gntalloc: don't use gnttab_query_foreign_access()
- xen: remove gnttab_query_foreign_access()
- xen/9p: use alloc/free_pages_exact()
- xen/gnttab: fix gnttab_end_foreign_access() without page specified
- xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
* ip6gre driver does not hold device reference (LP: #1968340)
- ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
* LRMv6: add multi-architecture support (LP: #1968774)
- [Packaging] resync dkms-build{,--nvidia-N}
* Use kernel-testing repo from launchpad for ADT tests (LP: #1968016)
- [Debian] Use kernel-testing repo from launchpad
* vmx_ldtr_test in ubuntu_kvm_unit_tests failed (FAIL: Expected 0 for L1 LDTR
selector (got 50)) (LP: #1956315)
- KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit
* Bionic update: upstream stable patchset 2022-03-29 (LP: #1967013)
- moxart: fix potential use-after-free on remove path
- x86/mm, mm/hwpoison: Fix the unmap kernel 1:1 pages check condition
- integrity: check the return value of audit_log_start()
- ima: Remove ima_policy file before directory
- ima: Allow template selection with ima_template[_fmt]= after ima_hash=
- mmc: sdhci-of-esdhc: Check for error num after setting mask
- net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
- NFS: Fix initialisation of nfs_client cl_flags field
- NFSD: Clamp WRITE offsets
- NFSv4 only print the label when its queried
- nfs: nfs4clinet: check the return value of kstrdup()
- NFSv4.1: Fix uninitialised variable in devicenotify
- NFSv4 remove zero number of fs_locations entries error check
- NFSv4 expose nfs_parse_server_name function
- scsi: target: iscsi: Make sure the np under each tpg is unique
- usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
- net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
- Revert "net: axienet: Wait for PhyRstCmplt after core reset"
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
- ARM: dts: meson: Fix the UART compatible strings
- staging: fbtft: Fix error path in fbtft_driver_module_init()
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
- usb: f_fs: Fix use-after-free for epfile
- bonding: pair enable_port with slave_arr_updates
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
- net: do not keep the dst cache when uncloning an skb dst and its metadata
- net: fix a memleak when uncloning an skb dst and its metadata
- tipc: rate limit warning for received illegal binding update
- net: amd-xgbe: disable interrupts during pci removal
- vt_ioctl: fix array_index_nospec in vt_setactivate
- vt_ioctl: add array_index_nospec to VT_ACTIVATE
- n_tty: wake up poll(POLLRDNORM) on receiving data
- usb: ulpi: Move of_node_put to ulpi_dev_release
- usb: ulpi: Call of_node_put correctly
- usb: dwc3: gadget: Prevent core from processing stale TRBs
- USB: gadget: validate interface OS descriptor requests
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
- USB: serial: option: add ZTE MF286D modem
- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
- USB: serial: cp210x: add NCR Retail IO box id
- USB: serial: cp210x: add CPI Bulk Coin Recycler id
- seccomp: Invalidate seccomp mode to catch death failures
- hwmon: (dell-smm) Speed up setting of fan speed
- perf: Fix list corruption in perf_cgroup_switch()
- net: bridge: fix stale eth hdr pointer in br_dev_xmit
- Makefile.extrawarn: Move -Wunaligned-access to W=1
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
- serial: parisc: GSC: fix build when IOSAPIC is not set
- parisc: Fix data TLB miss in sba_unmap_sg
- parisc: Fix sglist access in ccio-dma.c
- btrfs: send: in case of IO error log it
- net: ieee802154: at86rf230: Stop leaking skb's
- selftests/zram: Skip max_comp_streams interface on newer kernel
- selftests/zram01.sh: Fix compression ratio calculation
- selftests/zram: Adapt the situation that /dev/zram0 is being used
- ax25: improve the incomplete fix to avoid UAF and NPD bugs
- vfs: make freeze_super abort when sync_filesystem returns error
- quota: make dquot_quota_sync return errors from ->sync_fs
- Revert "module, async: async_synchronize_full() on module init iff async is
used"
- iwlwifi: fix use-after-free
- drm/radeon: Fix backlight control on iMac 12,1
- xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
- taskstats: Cleanup the use of task->exit_code
- vsock: remove vsock from connected table when connect is interrupted by a
signal
- iwlwifi: pcie: fix locking when "HW not ready"
- iwlwifi: pcie: gen2: fix locking when "HW not ready"
- net: ieee802154: ca8210: Fix lifs/sifs periods
- ping: fix the dif and sdif check in ping_lookup
- drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
- bonding: fix data-races around agg_select_timer
- libsubcmd: Fix use-after-free for realloc(..., 0)
- ALSA: hda: Fix regression on forced probe mask option
- ALSA: hda: Fix missing codec probe on Shenker Dock 15
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
- powerpc/lib/sstep: fix 'ptesync' build error
- NFS: LOOKUP_DIRECTORY is also ok with symlinks
- EDAC: Fix calculation of returned address and next offset in
edac_align_ptr()
- net: sched: limit TC_ACT_REPEAT loops
- dmaengine: sh: rcar-dmac: Check for error num after setting mask
- i2c: brcmstb: fix support for DSL and CM variants
- mtd: rawnand: brcmnand: Refactored code to introduce helper functions
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
- KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
- NFS: Do not report writeback errors in nfs_getattr()
- ARM: OMAP2+: hwmod: Add of_node_put() before break
- ata: libata-core: Disable TRIM on M88V29
- tracing: Fix tp_printk option related with tp_printk_stop_on_boot
- net: usb: qmi_wwan: Add support for Dell DW5829e
- net: macb: Align the dma and coherent dma masks
- net: dsa: lan9303: fix reset on probe
* CVE-2022-27223
- USB: gadget: validate endpoint index for xilinx udc
* CVE-2022-26490
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
* CVE-2021-26401
- x86/speculation: Use generic retpoline by default on AMD
- x86/speculation: Update link to AMD speculation whitepaper
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
* CVE-2022-0001
- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation
reporting
Date: 2022-04-14 20:19:10.116368+00:00
Changed-By: Luke Nowakowski-Krijger <luke.nowakowskikrijger at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/4.15.0-177.186
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list