[ubuntu/bionic-security] linux-gcp-4.15 4.15.0-1122.136 (Accepted)

Andy Whitcroft apw at canonical.com
Thu May 12 09:14:49 UTC 2022


linux-gcp-4.15 (4.15.0-1122.136) bionic; urgency=medium

  * bionic/linux-gcp-4.15: 4.15.0-1122.136 -proposed tracker (LP: #1969073)

  [ Ubuntu: 4.15.0-177.186 ]

  * bionic/linux: 4.15.0-177.186 -proposed tracker (LP: #1969083)
  * Bionic update: upstream stable patchset 2022-04-13 (LP: #1968932)
    - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
    - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
    - parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
    - parisc/unaligned: Fix ldw() and stw() unalignment handlers
    - sr9700: sanity check for packet length
    - USB: zaurus: support another broken Zaurus
    - ping: remove pr_err from ping_lookup
    - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
    - gso: do not skip outer ip header in case of ipip and net_failover
    - openvswitch: Fix setting ipv6 fields causing hw csum failure
    - drm/edid: Always set RGB444
    - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
    - configfs: fix a race in configfs_{,un}register_subsystem()
    - RDMA/ib_srp: Fix a deadlock
    - iio: adc: men_z188_adc: Fix a resource leak in an error handling path
    - ata: pata_hpt37x: disable primary channel on HPT371
    - Revert "USB: serial: ch341: add new Product ID for CH341A"
    - usb: gadget: rndis: add spinlock for rndis response list
    - tracefs: Set the group ownership in apply_options() not parse_options()
    - USB: serial: option: add support for DW5829e
    - USB: serial: option: add Telit LE910R1 compositions
    - usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
    - xhci: re-initialize the HC during resume if HCE was set
    - xhci: Prevent futile URB re-submissions due to incorrect return value.
    - tty: n_gsm: fix encoding of control signal octet bit DV
    - tty: n_gsm: fix proper link termination after failed open
    - Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of
      DEVINIT/PREOS/ACR"
    - memblock: use kfree() to release kmalloced memblock regions
    - fget: clarify and improve __fget_files() implementation
    - gpio: tegra186: Fix chip_data type confusion
    - tracing: Have traceon and traceoff trigger honor the instance
    - mac80211_hwsim: report NOACK frames in tx_status
    - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
    - i2c: bcm2835: Avoid clock stretching timeouts
    - Input: clear BTN_RIGHT/MIDDLE on buttonpads
    - cifs: fix double free race when mount fails in cifs_get_root()
    - dmaengine: shdma: Fix runtime PM imbalance on error
    - i2c: cadence: allow COMPILE_TEST
    - i2c: qup: allow COMPILE_TEST
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
    - usb: gadget: don't release an existing dev->buf
    - usb: gadget: clear related members when goto fail
    - ata: pata_hpt37x: fix PCI clock detection
    - ALSA: intel_hdmi: Fix reference to PCM buffer address
    - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
    - xfrm: fix MTU regression
    - netfilter: fix use-after-free in __nf_register_net_hook()
    - xfrm: enforce validity of offload input flags
    - netfilter: nf_queue: don't assume sk is full socket
    - netfilter: nf_queue: fix possible use-after-free
    - batman-adv: Request iflink once in batadv-on-batadv check
    - batman-adv: Request iflink once in batadv_get_real_netdevice
    - batman-adv: Don't expect inter-netns unique iflink indices
    - net: dcb: flush lingering app table entries for unregistered devices
    - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
    - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
    - mac80211: fix forwarded mesh frames AC & queue selection
    - net: stmmac: fix return value of __setup handler
    - net: sxgbe: fix return value of __setup handler
    - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
    - efivars: Respect "block" flag in efivar_entry_set_safe()
    - can: gs_usb: change active_channels's type from atomic_t to u8
    - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
    - soc: fsl: qe: Check of ioremap return value
    - net: chelsio: cxgb3: check the return value of pci_find_capability()
    - nl80211: Handle nla_memdup failures in handle_nan_filter
    - Input: elan_i2c - move regulator_[en|dis]able() out of
      elan_[en|dis]able_power()
    - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
    - HID: add mapping for KEY_ALL_APPLICATIONS
    - memfd: fix F_SEAL_WRITE after shmem huge page allocated
    - net: dcb: disable softirqs in dcbnl_flush_dev()
    - hamradio: fix macro redefine warning
    - arm/arm64: Provide a wrapper for SMCCC 1.1 calls
    - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
    - ARM: report Spectre v2 status through sysfs
    - ARM: early traps initialisation
    - ARM: use LOADADDR() to get load address of sections
    - [Config] updateconfigs for HARDEN_BRANCH_HISTORY
    - ARM: Spectre-BHB workaround
    - ARM: include unprivileged BPF status in Spectre V2 reporting
    - ARM: fix build error when BPF_SYSCALL is disabled
    - ARM: fix co-processor register typo
    - ARM: Do not use NOCROSSREFS directive with ld.lld
    - ARM: fix build warning in proc-v7-bugs.c
    - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
    - xen/grant-table: add gnttab_try_end_foreign_access()
    - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
    - xen/netfront: don't use gnttab_query_foreign_access() for mapped status
    - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
    - xen/gntalloc: don't use gnttab_query_foreign_access()
    - xen: remove gnttab_query_foreign_access()
    - xen/9p: use alloc/free_pages_exact()
    - xen/gnttab: fix gnttab_end_foreign_access() without page specified
    - xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
  * ip6gre driver does not hold device reference (LP: #1968340)
    - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
  * LRMv6: add multi-architecture support (LP: #1968774)
    - [Packaging] resync dkms-build{,--nvidia-N}
  * Use kernel-testing repo from launchpad for ADT tests (LP: #1968016)
    - [Debian] Use kernel-testing repo from launchpad
  * vmx_ldtr_test in ubuntu_kvm_unit_tests failed (FAIL: Expected 0 for L1 LDTR
    selector (got 50)) (LP: #1956315)
    - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit
  * Bionic update: upstream stable patchset 2022-03-29 (LP: #1967013)
    - moxart: fix potential use-after-free on remove path
    - x86/mm, mm/hwpoison: Fix the unmap kernel 1:1 pages check condition
    - integrity: check the return value of audit_log_start()
    - ima: Remove ima_policy file before directory
    - ima: Allow template selection with ima_template[_fmt]= after ima_hash=
    - mmc: sdhci-of-esdhc: Check for error num after setting mask
    - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
    - NFS: Fix initialisation of nfs_client cl_flags field
    - NFSD: Clamp WRITE offsets
    - NFSv4 only print the label when its queried
    - nfs: nfs4clinet: check the return value of kstrdup()
    - NFSv4.1: Fix uninitialised variable in devicenotify
    - NFSv4 remove zero number of fs_locations entries error check
    - NFSv4 expose nfs_parse_server_name function
    - scsi: target: iscsi: Make sure the np under each tpg is unique
    - usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
    - net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
    - Revert "net: axienet: Wait for PhyRstCmplt after core reset"
    - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
    - ARM: dts: meson: Fix the UART compatible strings
    - staging: fbtft: Fix error path in fbtft_driver_module_init()
    - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
    - usb: f_fs: Fix use-after-free for epfile
    - bonding: pair enable_port with slave_arr_updates
    - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
    - net: do not keep the dst cache when uncloning an skb dst and its metadata
    - net: fix a memleak when uncloning an skb dst and its metadata
    - tipc: rate limit warning for received illegal binding update
    - net: amd-xgbe: disable interrupts during pci removal
    - vt_ioctl: fix array_index_nospec in vt_setactivate
    - vt_ioctl: add array_index_nospec to VT_ACTIVATE
    - n_tty: wake up poll(POLLRDNORM) on receiving data
    - usb: ulpi: Move of_node_put to ulpi_dev_release
    - usb: ulpi: Call of_node_put correctly
    - usb: dwc3: gadget: Prevent core from processing stale TRBs
    - USB: gadget: validate interface OS descriptor requests
    - usb: gadget: rndis: check size of RNDIS_MSG_SET command
    - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
    - USB: serial: option: add ZTE MF286D modem
    - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
    - USB: serial: cp210x: add NCR Retail IO box id
    - USB: serial: cp210x: add CPI Bulk Coin Recycler id
    - seccomp: Invalidate seccomp mode to catch death failures
    - hwmon: (dell-smm) Speed up setting of fan speed
    - perf: Fix list corruption in perf_cgroup_switch()
    - net: bridge: fix stale eth hdr pointer in br_dev_xmit
    - Makefile.extrawarn: Move -Wunaligned-access to W=1
    - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
    - serial: parisc: GSC: fix build when IOSAPIC is not set
    - parisc: Fix data TLB miss in sba_unmap_sg
    - parisc: Fix sglist access in ccio-dma.c
    - btrfs: send: in case of IO error log it
    - net: ieee802154: at86rf230: Stop leaking skb's
    - selftests/zram: Skip max_comp_streams interface on newer kernel
    - selftests/zram01.sh: Fix compression ratio calculation
    - selftests/zram: Adapt the situation that /dev/zram0 is being used
    - ax25: improve the incomplete fix to avoid UAF and NPD bugs
    - vfs: make freeze_super abort when sync_filesystem returns error
    - quota: make dquot_quota_sync return errors from ->sync_fs
    - Revert "module, async: async_synchronize_full() on module init iff async is
      used"
    - iwlwifi: fix use-after-free
    - drm/radeon: Fix backlight control on iMac 12,1
    - xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
    - taskstats: Cleanup the use of task->exit_code
    - vsock: remove vsock from connected table when connect is interrupted by a
      signal
    - iwlwifi: pcie: fix locking when "HW not ready"
    - iwlwifi: pcie: gen2: fix locking when "HW not ready"
    - net: ieee802154: ca8210: Fix lifs/sifs periods
    - ping: fix the dif and sdif check in ping_lookup
    - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
    - bonding: fix data-races around agg_select_timer
    - libsubcmd: Fix use-after-free for realloc(..., 0)
    - ALSA: hda: Fix regression on forced probe mask option
    - ALSA: hda: Fix missing codec probe on Shenker Dock 15
    - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
    - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
    - powerpc/lib/sstep: fix 'ptesync' build error
    - NFS: LOOKUP_DIRECTORY is also ok with symlinks
    - EDAC: Fix calculation of returned address and next offset in
      edac_align_ptr()
    - net: sched: limit TC_ACT_REPEAT loops
    - dmaengine: sh: rcar-dmac: Check for error num after setting mask
    - i2c: brcmstb: fix support for DSL and CM variants
    - mtd: rawnand: brcmnand: Refactored code to introduce helper functions
    - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
    - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
    - NFS: Do not report writeback errors in nfs_getattr()
    - ARM: OMAP2+: hwmod: Add of_node_put() before break
    - ata: libata-core: Disable TRIM on M88V29
    - tracing: Fix tp_printk option related with tp_printk_stop_on_boot
    - net: usb: qmi_wwan: Add support for Dell DW5829e
    - net: macb: Align the dma and coherent dma masks
    - net: dsa: lan9303: fix reset on probe
  * CVE-2022-27223
    - USB: gadget: validate endpoint index for xilinx udc
  * CVE-2022-26490
    - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
  * CVE-2021-26401
    - x86/speculation: Use generic retpoline by default on AMD
    - x86/speculation: Update link to AMD speculation whitepaper
    - x86/speculation: Warn about Spectre v2 LFENCE mitigation
    - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
  * CVE-2022-0001
    - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation
      reporting

Date: 2022-04-21 04:39:11.490637+00:00
Changed-By: Khaled El Mously <khalid.elmously at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1122.136
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list