[ubuntu/xenial-security] linux-snapdragon 4.4.0-1146.156 (Accepted)

Andy Whitcroft apw at canonical.com
Tue Dec 1 17:24:55 UTC 2020


linux-snapdragon (4.4.0-1146.156) xenial; urgency=medium

  * xenial/linux-snapdragon: 4.4.0-1146.156 -proposed tracker (LP: #1903103)

  [ Ubuntu: 4.4.0-195.227 ]

  * xenial/linux: 4.4.0-195.227 -proposed tracker (LP: #1903107)
  * Update kernel packaging to support forward porting kernels (LP: #1902957)
    - [Debian] Update for leader included in BACKPORT_SUFFIX
  * Avoid double newline when running insertchanges (LP: #1903293)
    - [Packaging] insertchanges: avoid double newline
  * EFI: Fails when BootCurrent entry does not exist (LP: #1899993)
    - efivarfs: Replace invalid slashes with exclamation marks in dentries.
  * CVE-2020-14351
    - perf/core: Fix race in the perf_mmap_close() function
  * CVE-2020-25645
    - geneve: add transport ports in route lookup for geneve
  * Xenial update: v4.4.241 upstream stable release (LP: #1902097)
    - ibmveth: Identify ingress large send packets.
    - tipc: fix the skb_unshare() in tipc_buf_append()
    - net/ipv4: always honour route mtu during forwarding
    - r8169: fix data corruption issue on RTL8402
    - ALSA: bebob: potential info leak in hwdep_read()
    - mm/kasan: print name of mem[set,cpy,move]() caller in report
    - mm/kasan: add API to check memory regions
    - compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
    - compiler.h: Add read_word_at_a_time() function.
    - lib/strscpy: Shut up KASAN false-positives in strscpy()
    - x86/mm/ptdump: Fix soft lockup in page table walker
    - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
    - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling
      ether_setup
    - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in
      nfc_genl_fw_download()
    - tcp: fix to update snd_wl1 in bulk receiver fast path
    - icmp: randomize the global rate limiter
    - cifs: remove bogus debug code
    - ima: Don't ignore errors from crypto_shash_update()
    - EDAC/i5100: Fix error handling order in i5100_init_one()
    - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
    - media: Revert "media: exynos4-is: Add missed check for
      pinctrl_lookup_state()"
    - media: m5mols: Check function pointer in m5mols_sensor_power
    - media: omap3isp: Fix memleak in isp_probe
    - crypto: omap-sham - fix digcnt register handling with export/import
    - media: tc358743: initialize variable
    - media: ti-vpe: Fix a missing check and reference count leak
    - ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
    - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
    - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
    - mwifiex: Do not use GFP_KERNEL in atomic context
    - drm/gma500: fix error check
    - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
    - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
    - backlight: sky81452-backlight: Fix refcount imbalance on error
    - VMCI: check return value of get_user_pages_fast() for errors
    - tty: serial: earlycon dependency
    - pty: do tty_flip_buffer_push without port->lock in pty_write
    - drivers/virt/fsl_hypervisor: Fix error handling path
    - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
    - video: fbdev: sis: fix null ptr dereference
    - HID: roccat: add bounds checking in kone_sysfs_write_settings()
    - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
    - misc: mic: scif: Fix error handling path
    - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
    - quota: clear padding in v2r1_mem2diskdqb()
    - net: enic: Cure the enic api locking trainwreck
    - mfd: sm501: Fix leaks in probe()
    - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
    - nl80211: fix non-split wiphy information
    - mwifiex: fix double free
    - net: korina: fix kfree of rx/tx descriptor array
    - IB/mlx4: Adjust delayed work when a dup is observed
    - powerpc/pseries: Fix missing of_node_put() in rng_init()
    - powerpc/icp-hv: Fix missing of_node_put() in success path
    - mtd: lpddr: fix excessive stack usage with clang
    - mtd: mtdoops: Don't write panic data twice
    - ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
    - powerpc/tau: Use appropriate temperature sample interval
    - powerpc/tau: Remove duplicated set_thresholds() call
    - powerpc/tau: Disable TAU between measurements
    - perf intel-pt: Fix "context_switch event has no tid" error
    - kdb: Fix pager search for multi-line strings
    - powerpc/perf/hv-gpci: Fix starting index value
    - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
    - lib/crc32.c: fix trivial typo in preprocessor condition
    - vfio/pci: Clear token on bypass registration failure
    - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
    - Input: ep93xx_keypad - fix handling of platform_get_irq() error
    - Input: omap4-keypad - fix handling of platform_get_irq() error
    - Input: sun4i-ps2 - fix handling of platform_get_irq() error
    - KVM: x86: emulating RDPID failure shall return #UD rather than #GP
    - memory: omap-gpmc: Fix a couple off by ones
    - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
    - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
    - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt
      handler
    - powerpc/powernv/dump: Fix race while processing OPAL dump
    - media: firewire: fix memory leak
    - media: ati_remote: sanity check for both endpoints
    - media: exynos4-is: Fix several reference count leaks due to
      pm_runtime_get_sync
    - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
    - media: exynos4-is: Fix a reference count leak
    - media: bdisp: Fix runtime PM imbalance on error
    - media: media/pci: prevent memory leak in bttv_probe
    - media: uvcvideo: Ensure all probed info is returned to v4l2
    - mmc: sdio: Check for CISTPL_VERS_1 buffer size
    - media: saa7134: avoid a shift overflow
    - ntfs: add check for mft record size in superblock
    - PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
    - scsi: mvumi: Fix error return in mvumi_io_attach()
    - scsi: target: core: Add CONTROL field for trace events
    - usb: gadget: function: printer: fix use-after-free in __lock_acquire
    - udf: Limit sparing table size
    - udf: Avoid accessing uninitialized data on failed inode read
    - ath9k: hif_usb: fix race condition between usb_get_urb() and
      usb_kill_anchored_urbs()
    - misc: rtsx: Fix memory leak in rtsx_pci_probe
    - reiserfs: only call unlock_new_inode() if I_NEW
    - xfs: make sure the rt allocator doesn't run off the end
    - usb: ohci: Default to per-port over-current protection
    - Bluetooth: Only mark socket zapped after unlocking
    - scsi: ibmvfc: Fix error return in ibmvfc_probe()
    - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
    - rtl8xxxu: prevent potential memory leak
    - Fix use after free in get_capset_info callback.
    - tty: ipwireless: fix error handling
    - ipvs: Fix uninit-value in do_ip_vs_set_ctl()
    - reiserfs: Fix memory leak in reiserfs_parse_options()
    - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
    - usb: core: Solve race condition in anchor cleanup functions
    - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
    - net: korina: cast KSEG0 address to pointer in kfree
    - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
    - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
    - Linux 4.4.241
  * Xenial update: v4.4.240 upstream stable release (LP: #1902096)
    - Bluetooth: MGMT: Fix not checking if BT_HS is enabled
    - Bluetooth: fix kernel oops in store_pending_adv_report
    - Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
    - Bluetooth: Fix update of connection state in `hci_encrypt_cfm`
    - Bluetooth: Disconnect if E0 is used for Level 4
    - media: usbtv: Fix refcounting mixup
    - USB: serial: option: add Cellient MPL200 card
    - USB: serial: option: Add Telit FT980-KS composition
    - staging: comedi: check validity of wMaxPacketSize of usb endpoints found
    - USB: serial: pl2303: add device-id for HP GC device
    - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
    - reiserfs: Initialize inode keys properly
    - reiserfs: Fix oops during mount
    - spi: unbinding slave before calling spi_destroy_queue
    - crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
    - Linux 4.4.240
  * Xenial update: v4.4.239 upstream stable release (LP: #1902095)
    - gpio: tc35894: fix up tc35894 interrupt configuration
    - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
    - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
    - net: dec: de2104x: Increase receive ring size for Tulip
    - rndis_host: increase sleep time in the query-response loop
    - drivers/net/wan/lapbether: Make skb->protocol consistent with the header
    - drivers/net/wan/hdlc: Set skb->protocol before transmitting
    - nfs: Fix security label length not being reset
    - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
    - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
    - i2c: cpm: Fix i2c_ram structure
    - epoll: do not insert into poll queues until all sanity checks are done
    - epoll: replace ->visited/visited_list with generation count
    - epoll: EPOLL_CTL_ADD: close the race in decision to take fast path
    - ep_create_wakeup_source(): dentry name can change under you...
    - netfilter: ctnetlink: add a range check for l3/l4 protonum
    - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
    - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
    - Revert "ravb: Fixed to be able to unload modules"
    - fbcon: Fix global-out-of-bounds read in fbcon_get_font()
    - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
    - usermodehelper: reset umask to default before executing user process
    - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
    - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
    - driver core: Fix probe_count imbalance in really_probe()
    - perf top: Fix stdio interface input handling with glibc 2.28+
    - sctp: fix sctp_auth_init_hmacs() error path
    - team: set dev->needed_headroom in team_setup_by_port()
    - net: team: fix memory leak in __team_options_register
    - mtd: nand: Provide nand_cleanup() function to free NAND related resources
    - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate
    - xfrm: clone whole liftime_cur structure in xfrm_do_migrate
    - net: stmmac: removed enabling eee in EEE set callback
    - xfrm: Use correct address family in xfrm_state_find
    - bonding: set dev->needed_headroom in bond_setup_by_slave()
    - rxrpc: Fix rxkad token xdr encoding
    - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()
    - rxrpc: Fix server keyring leak
    - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
    - Linux 4.4.239
  * CVE-2020-12352
    - Bluetooth: A2MP: Fix not initializing all members
  * CVE-2020-0427
    - pinctrl: devicetree: Avoid taking direct reference to device name string
  * Xenial update: v4.4.238 upstream stable release (LP: #1899506)
    - af_key: pfkey_dump needs parameter validation
    - KVM: fix memory leak in kvm_io_bus_unregister_dev()
    - kprobes: fix kill kprobe which has been marked as gone
    - ftrace: Setup correct FTRACE_FL_REGS flags for module
    - RDMA/ucma: ucma_context reference leak in error path
    - mtd: Fix comparison in map_word_andequal()
    - hdlc_ppp: add range checks in ppp_cp_parse_cr()
    - tipc: use skb_unshare() instead in tipc_buf_append()
    - net: add __must_check to skb_put_padto()
    - ip: fix tos reflection in ack and reset packets
    - serial: 8250: Avoid error message on reprobe
    - scsi: aacraid: fix illegal IO beyond last LBA
    - m68k: q40: Fix info-leak in rtc_ioctl
    - gma/gma500: fix a memory disclosure bug due to uninitialized bytes
    - ASoC: kirkwood: fix IRQ error handling
    - PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
    - mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of
      cfi_amdstd_setup()
    - mfd: mfd-core: Protect against NULL call-back function pointer
    - tracing: Adding NULL checks for trace_array descriptor pointer
    - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
    - xfs: fix attr leaf header freemap.size underflow
    - kernel/sys.c: avoid copying possible padding bytes in copy_to_user
    - neigh_stat_seq_next() should increase position index
    - rt_cpu_seq_next should increase position index
    - seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
    - ACPI: EC: Reference count query handlers under lock
    - tracing: Set kernel_stack's caller size properly
    - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
    - Bluetooth: Fix refcount use-after-free issue
    - mm: pagewalk: fix termination condition in walk_pte_range()
    - Bluetooth: prefetch channel before killing sock
    - skbuff: fix a data race in skb_queue_len()
    - audit: CONFIG_CHANGE don't log internal bookkeeping as an event
    - selinux: sel_avc_get_stat_idx should increase position index
    - scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
    - drm/omap: fix possible object reference leak
    - dmaengine: tegra-apb: Prevent race conditions on channel's freeing
    - media: go7007: Fix URB type for interrupt handling
    - Bluetooth: guard against controllers sending zero'd events
    - drm/amdgpu: increase atombios cmd timeout
    - Bluetooth: L2CAP: handle l2cap config request during open state
    - media: tda10071: fix unsigned sign extension overflow
    - tpm: ibmvtpm: Wait for buffer to be set before proceeding
    - tracing: Use address-of operator on section symbols
    - serial: 8250_omap: Fix sleeping function called from invalid context during
      probe
    - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
    - ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
    - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra
      endpoint descriptor
    - mm/filemap.c: clear page error before actual read
    - mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
    - KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
    - bdev: Reduce time holding bd_mutex in sync in blkdev_close()
    - drivers: char: tlclk.c: Avoid data race between init and interrupt handler
    - dt-bindings: sound: wm8994: Correct required supplies based on actual
      implementaion
    - atm: fix a memory leak of vcc->user_back
    - phy: samsung: s5pv210-usb2: Add delay after reset
    - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
    - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
    - tty: serial: samsung: Correct clock selection logic
    - ALSA: hda: Fix potential race in unsol event handler
    - fuse: don't check refcount after stealing page
    - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
    - e1000: Do not perform reset in reset_task if we are already down
    - printk: handle blank console arguments passed in.
    - vfio/pci: fix memory leaks of eventfd ctx
    - perf kcore_copy: Fix module map when there are no modules loaded
    - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
    - ceph: fix potential race in ceph_check_caps
    - mtd: parser: cmdline: Support MTD names containing one or more colons
    - x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
    - vfio/pci: Clear error and request eventfd ctx after releasing
    - vfio/pci: fix racy on error and request eventfd ctx
    - s390/init: add missing __init annotations
    - batman-adv: bla: fix type misuse for backbone_gw hash indexing
    - atm: eni: fix the missed pci_disable_device() for eni_init_one()
    - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
    - ALSA: asihpi: fix iounmap in error handler
    - MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
    - tty: vt, consw->con_scrolldelta cleanup
    - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
    - lib/string.c: implement stpcpy
    - ata: define AC_ERR_OK
    - ata: make qc_prep return ata_completion_errors
    - ata: sata_mv, avoid trigerrable BUG_ON
    - Linux 4.4.238
  * *-tools-common packages descriptions have typo "PGKVER" (LP: #1898903)
    - [Packaging] Fix typo in -tools template s/PGKVER/PKGVER/
  * Xenial update: v4.4.237 upstream stable release (LP: #1897602)
    - ARM: dts: socfpga: fix register entry for timer3 on Arria10
    - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
    - drivers/net/wan/lapbether: Added needed_tailroom
    - firestream: Fix memleak in fs_open
    - drivers/net/wan/lapbether: Set network_header before transmitting
    - xfs: initialize the shortform attr header padding entry
    - drivers/net/wan/hdlc_cisco: Add hard_header_len
    - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
    - gcov: Disable gcov build with GCC 10
    - iio: adc: mcp3422: fix locking scope
    - iio: adc: mcp3422: fix locking on error path
    - iio:light:ltr501 Fix timestamp alignment issue.
    - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak.
    - iio:accel:mma8452: Fix timestamp alignment and prevent data leak.
    - USB: core: add helpers to retrieve endpoints
    - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
    - btrfs: fix wrong address when faulting in pages in the search ioctl
    - scsi: target: iscsi: Fix hang in iscsit_access_np() when getting
      tpg->np_login_sem
    - rbd: require global CAP_SYS_ADMIN for mapping and unmapping
    - fbcon: remove soft scrollback code
    - fbcon: remove now unusued 'softback_lines' cursor() argument
    - vgacon: remove software scrollback support
    - [Config] updateconfigs for VGACON_SOFT_SCROLLBACK
    - KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit
    - video: fbdev: fix OOB read in vga_8planes_imageblit()
    - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter
    - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
    - usb: Fix out of sync data toggle if a configured device is reconfigured
    - gcov: add support for GCC 10.1
    - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall
    - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
    - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery
    - SUNRPC: stop printk reading past end of string
    - rapidio: Replace 'select' DMAENGINES 'with depends on'
    - i2c: algo: pca: Reapply i2c bus settings after reset
    - MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
    - perf test: Free formats for perf pmu parse test
    - fbcon: Fix user font detection test at fbcon_resize().
    - MIPS: SNI: Fix spurious interrupts
    - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin
      notebook
    - USB: UAS: fix disconnect by unplugging a hub
    - usblp: fix race between disconnect() and read()
    - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
    - serial: 8250_pci: Add Realtek 816a and 816b
    - ehci-hcd: Move include to keep CRC stable
    - powerpc/dma: Fix dma_map_ops::get_required_mask
    - x86/defconfig: Enable CONFIG_USB_XHCI_HCD=y
    - Linux 4.4.237

  [ Ubuntu: 4.4.0-194.226 ]

  * CVE-2020-8694
    - powercap: make attributes only readable by root

Date: 2020-11-13 05:42:14.824658+00:00
Changed-By: Ian <ian.may at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1146.156
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list