[ubuntu/xenial-security] linux-hwe 4.15.0-106.107~16.04.1 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue Jun 9 23:17:55 UTC 2020
linux-hwe (4.15.0-106.107~16.04.1) xenial; urgency=medium
[ Ubuntu: 4.15.0-106.107 ]
* CVE-2020-0543
- SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
- SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
- SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
mitigation
- SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
- SAUCE: x86/speculation: Add Ivy Bridge to affected list
linux-hwe (4.15.0-103.104~16.04.1) xenial; urgency=medium
* xenial/linux-hwe: 4.15.0-103.104~16.04.1 -proposed tracker (LP: #1881271)
[ Ubuntu: 4.15.0-103.104 ]
* bionic/linux: 4.15.0-103.104 -proposed tracker (LP: #1881272)
* "BUG: unable to handle kernel paging request" when testing
ubuntu_kvm_smoke_test.kvm_smoke_test with B-KVM in proposed (LP: #1881072)
- KVM: VMX: Explicitly reference RCX as the vmx_vcpu pointer in asm blobs
- KVM: VMX: Mark RCX, RDX and RSI as clobbered in vmx_vcpu_run()'s asm blob
linux-hwe (4.15.0-102.103~16.04.1) xenial; urgency=medium
* xenial/linux-hwe: 4.15.0-102.103~16.04.1 -proposed tracker (LP: #1878855)
[ Ubuntu: 4.15.0-102.103 ]
* bionic/linux: 4.15.0-102.103 -proposed tracker (LP: #1878856)
* Packaging resync (LP: #1786013)
- update dkms package versions
* debian/scripts/file-downloader does not handle positive failures correctly
(LP: #1878897)
- [Packaging] file-downloader not handling positive failures correctly
* Kernel log flood "ceph: Failed to find inode for 1" (LP: #1875884)
- ceph: don't check quota for snap inode
- ceph: quota: cache inode pointer in ceph_snap_realm
* [UBUNTU 18.04] zpcictl --reset - contribution for kernel (LP: #1870320)
- s390/pci: Recover handle in clp_set_pci_fn()
- s390/pci: Fix possible deadlock in recover_store()
* Bionic update: upstream stable patchset 2020-05-12 (LP: #1878256)
- drm/edid: Fix off-by-one in DispID DTD pixel clock
- drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
- drm/qxl: qxl_release leak in qxl_hw_surface_alloc()
- drm/qxl: qxl_release use after free
- btrfs: fix block group leak when removing fails
- btrfs: fix partial loss of prealloc extent past i_size after fsync
- mmc: sdhci-xenon: fix annoying 1.8V regulator warning
- mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers
- ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter
- ALSA: hda/hdmi: fix without unlocked before return
- ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
- PM: ACPI: Output correct message on target power state
- PM: hibernate: Freeze kernel threads in software_resume()
- dm verity fec: fix hash block number in verity_fec_decode
- RDMA/mlx5: Set GRH fields in query QP on RoCE
- RDMA/mlx4: Initialize ib_spec on the stack
- vfio: avoid possible overflow in vfio_iommu_type1_pin_pages
- vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
- iommu/qcom: Fix local_base status check
- scsi: target/iblock: fix WRITE SAME zeroing
- iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system
- ALSA: opti9xx: shut up gcc-10 range warning
- nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
- dmaengine: dmatest: Fix iteration non-stop logic
- selinux: properly handle multiple messages in selinux_netlink_send()
- ASoC: tas571x: disable regulators on failed probe
- ASoC: wm8960: Fix wrong clock after suspend & resume
- rxrpc: Fix DATA Tx to disable nofrag for UDP on AF_INET6 socket
- xfs: acquire superblock freeze protection on eofblocks scans
- cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled
- net: fec: set GPR bit on suspend by DT configuration.
- ALSA: hda: Keep the controller initialization even if no codecs found
- ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported
- ALSA: hda: call runtime_allow() for all hda controllers
- scsi: qla2xxx: check UNLOADING before posting async work
- RDMA/core: Fix race between destroy and release FD object
- btrfs: transaction: Avoid deadlock due to bad initialization timing of
fs_info::journal_info
- mmc: sdhci-msm: Enable host capabilities pertains to R1b response
- mmc: meson-mx-sdio: Set MMC_CAP_WAIT_WHILE_BUSY
- mmc: meson-mx-sdio: remove the broken ->card_busy() op
* Bionic update: upstream stable patchset 2020-05-07 (LP: #1877461)
- ext4: fix extent_status fragmentation for plain files
- net: ipv4: avoid unused variable warning for sysctl
- crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash'
static
- vti4: removed duplicate log message.
- watchdog: reset last_hw_keepalive time at start
- scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
- ceph: return ceph_mdsc_do_request() errors from __get_parent()
- ceph: don't skip updating wanted caps when cap is stale
- pwm: rcar: Fix late Runtime PM enablement
- scsi: iscsi: Report unbind session event when the target has been removed
- ASoC: Intel: atom: Take the drv->lock mutex before calling
sst_send_slot_map()
- kernel/gcov/fs.c: gcov_seq_next() should increase position index
- selftests: kmod: fix handling test numbers above 9
- ipc/util.c: sysvipc_find_ipc() should increase position index
- s390/cio: avoid duplicated 'ADD' uevents
- pwm: renesas-tpu: Fix late Runtime PM enablement
- pwm: bcm2835: Dynamically allocate base
- perf/core: Disable page faults when getting phys address
- PCI/ASPM: Allow re-enabling Clock PM
- mm, slub: restore the original intention of prefetch_freepointer()
- cxgb4: fix large delays in PTP synchronization
- ipv6: fix restrict IPV6_ADDRFORM operation
- macsec: avoid to set wrong mtu
- macvlan: fix null dereference in macvlan_device_event()
- net: bcmgenet: correct per TX/RX ring statistics
- net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
- net/x25: Fix x25_neigh refcnt leak when receiving frame
- tcp: cache line align MAX_TCP_HEADER
- team: fix hang in team_mode_get()
- net: dsa: b53: Fix ARL register definitions
- xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
- vrf: Check skb for XFRM_TRANSFORMED flag
- KEYS: Avoid false positive ENOMEM error on key read
- ALSA: hda: Remove ASUS ROG Zenith from the blacklist
- iio: adc: stm32-adc: fix sleep in atomic context
- iio: xilinx-xadc: Fix ADC-B powerdown
- iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
- iio: xilinx-xadc: Fix sequencer configuration for aux channels in
simultaneous mode
- fs/namespace.c: fix mountpoint reference counter race
- USB: sisusbvga: Change port variable from signed to unsigned
- USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70
RGB RAPIDFIRE
- USB: early: Handle AMD's spec-compliant identifiers, too
- USB: core: Fix free-while-in-use bug in the USB S-Glibrary
- USB: hub: Fix handling of connect changes during sleep
- overflow.h: Add arithmetic shift helper
- vmalloc: fix remap_vmalloc_range() bounds checks
- mm/hugetlb: fix a addressing exception caused by huge_pte_offset
- mm/ksm: fix NULL pointer dereference when KSM zero page is enabled
- tools/vm: fix cross-compile build
- ALSA: usx2y: Fix potential NULL dereference
- ALSA: hda/realtek - Add new codec supported for ALC245
- ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
- ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
- tpm/tpm_tis: Free IRQ if probing fails
- tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send()
- KVM: Check validity of resolved slot when searching memslots
- KVM: VMX: Enable machine check support for 32bit targets
- tty: hvc: fix buffer overflow during hvc_alloc().
- tty: rocket, avoid OOB access
- usb-storage: Add unusual_devs entry for JMicron JMS566
- audit: check the length of userspace generated audit records
- ASoC: dapm: fixup dapm kcontrol widget
- iwlwifi: pcie: actually release queue memory in TVQM
- ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
- powerpc/setup_64: Set cache-line-size based on cache-block-size
- staging: comedi: dt2815: fix writing hi byte of analog output
- staging: comedi: Fix comedi_device refcnt leak in comedi_open
- vt: don't hardcode the mem allocation upper bound
- staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default.
- staging: vt6656: Fix calling conditions of vnt_set_bss_mode
- staging: vt6656: Fix drivers TBTT timing counter.
- staging: vt6656: Fix pairwise key entry save.
- staging: vt6656: Power save stop wake_up_count wrap around.
- cdc-acm: close race betrween suspend() and acm_softint
- cdc-acm: introduce a cool down
- UAS: no use logging any details in case of ENODEV
- UAS: fix deadlock in error handling and PM flushing work
- usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
- serial: sh-sci: Make sure status register SCxSR is read in correct sequence
- xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT
- remoteproc: Fix wrong rvring index computation
- mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
- binder: take read mode of mmap_sem in binder_alloc_free_page()
- usb: dwc3: gadget: Do link recovery for SS and SSP
- usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete
- iio:ad7797: Use correct attribute_group
- nfsd: memory corruption in nfsd4_lock()
- i2c: altera: use proper variable to hold errno
- net/cxgb4: Check the return from t4_query_params properly
- ARM: dts: bcm283x: Disable dsi0 node
- perf/core: fix parent pid/tid in task exit events
- mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy
path
- bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
- x86: hyperv: report value of misc_features
- xfs: fix partially uninitialized structure in xfs_reflink_remap_extent
- scsi: target: fix PR IN / READ FULL STATUS for FC
- objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings
- objtool: Support Clang non-section symbols in ORC dump
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
- arm64: Delete the space separator in __emit_inst
- ext4: use matching invalidatepage in ext4_writepage
- ext4: increase wait time needed before reuse of deleted inode numbers
- ext4: convert BUG_ON's to WARN_ON's in mballoc.c
- hwmon: (jc42) Fix name to have no illegal characters
- qed: Fix use after free in qed_chain_free
- ext4: check for non-zero journal inum in ext4_calculate_overhead
- propagate_one(): mnt_set_mountpoint() needs mount_lock
- kconfig: qconf: Fix a few alignment issues
- loop: Better discard support for block devices
- drm/amd/display: Not doing optimize bandwidth if flip pending.
- virtio-blk: improve virtqueue error to BLK_STS
- scsi: smartpqi: fix call trace in device discovery
- net: ipv6: add net argument to ip6_dst_lookup_flow
- net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
- f2fs: fix to avoid memory leakage in f2fs_listxattr
- KVM: VMX: Zero out *all* general purpose registers after VM-Exit
- KVM: Introduce a new guest mapping API
- kvm: fix compilation on aarch64
- kvm: fix compilation on s390
- kvm: fix compile on s390 part 2
- KVM: Properly check if "page" is valid in kvm_vcpu_unmap
- x86/kvm: Introduce kvm_(un)map_gfn()
- x86/kvm: Cache gfn to pfn translation
- vrf: Fix IPv6 with qdisc and xfrm
- net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled
- net: dsa: b53: Rework ARL bin logic
- net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL
- mlxsw: Fix some IS_ERR() vs NULL bugs
- iio: core: remove extra semi-colon from devm_iio_device_register() macro
- iio: st_sensors: rely on odr mask to know if odr can be set
- iio: xilinx-xadc: Make sure not exceed maximum samplerate
- iwlwifi: mvm: beacon statistics shouldn't go backwards
- xhci: prevent bus suspend if a roothub port detected a over-current
condition
* Bionic update: upstream stable patchset 2020-04-27 (LP: #1875506)
- KVM: VMX: fix crash cleanup when KVM wasn't used
- amd-xgbe: Use __napi_schedule() in BH context
- hsr: check protocol version in hsr_newlink()
- net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
- net: ipv6: do not consider routes via gateways for anycast address check
- net: qrtr: send msgs from local of same id as broadcast
- net: revert default NAPI poll timeout to 2 jiffies
- net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes
- scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
- jbd2: improve comments about freeing data buffers whose page mapping is NULL
- pwm: pca9685: Fix PWM/GPIO inter-operation
- ext4: fix incorrect group count in ext4_fill_super error message
- ext4: fix incorrect inodes per group in error message
- ASoC: Intel: mrfld: fix incorrect check on p->sink
- ASoC: Intel: mrfld: return error codes when an error occurs
- ALSA: usb-audio: Don't override ignore_ctl_error value from the map
- tracing: Fix the race between registering 'snapshot' event trigger and
triggering 'snapshot' operation
- btrfs: check commit root generation in should_ignore_root
- mac80211_hwsim: Use kstrndup() in place of kasprintf()
- ext4: do not zeroout extents beyond i_disksize
- dm flakey: check for null arg_name in parse_features()
- kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
- x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE
- x86/intel_rdt: Add two new resources for L2 Code and Data Prioritization
(CDP)
- x86/intel_rdt: Enable L2 CDP in MSR IA32_L2_QOS_CFG
- x86/resctrl: Preserve CDP enable over CPU hotplug
- x86/resctrl: Fix invalid attempt at removing the default resource group
- mm/vmalloc.c: move 'area->pages' after if statement
- objtool: Fix switch table detection in .text.unlikely
- scsi: sg: add sg_remove_request in sg_common_write
- ext4: use non-movable memory for superblock readahead
- arm, bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift by 0
- netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type
- irqchip/mbigen: Free msi_desc on device teardown
- ALSA: hda: Don't release card at firmware loading error
- lib/raid6: use vdupq_n_u8 to avoid endianness warnings
- video: fbdev: sis: Remove unnecessary parentheses and commented code
- drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
- clk: Fix debugfs_create_*() usage
- Revert "gpio: set up initial state from .get_direction()"
- wil6210: increase firmware ready timeout
- wil6210: fix temperature debugfs
- scsi: ufs: make sure all interrupts are processed
- scsi: ufs: ufs-qcom: remove broken hci version quirk
- wil6210: rate limit wil_rx_refill error
- rpmsg: glink: use put_device() if device_register fail
- rtc: pm8xxx: Fix issue in RTC write path
- rpmsg: glink: Fix missing mutex_init() in qcom_glink_alloc_channel()
- rpmsg: glink: smem: Ensure ordering during tx
- wil6210: fix PCIe bus mastering in case of interface down
- wil6210: add block size checks during FW load
- wil6210: fix length check in __wmi_send
- wil6210: abort properly in cfg suspend
- rbd: avoid a deadlock on header_rwsem when flushing notifies
- rbd: call rbd_dev_unprobe() after unwatching and flushing notifies
- of: unittest: kmemleak in of_unittest_platform_populate()
- clk: at91: usb: continue if clk_hw_round_rate() return zero
- power: supply: bq27xxx_battery: Silence deferred-probe error
- clk: tegra: Fix Tegra PMC clock out parents
- soc: imx: gpc: fix power up sequencing
- rtc: 88pm860x: fix possible race condition
- NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid()
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
- s390/cpuinfo: fix wrong output when CPU0 is offline
- powerpc/maple: Fix declaration made after definition
- ext4: do not commit super on read-only bdev
- include/linux/swapops.h: correct guards for non_swap_entry()
- percpu_counter: fix a data race at vm_committed_as
- compiler.h: fix error in BUILD_BUG_ON() reporting
- KVM: s390: vsie: Fix possible race when shadowing region 3 tables
- x86: ACPI: fix CPU hotplug deadlock
- drm/amdkfd: kfree the wrong pointer
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
- iommu/vt-d: Fix mm reference leak
- ext2: fix empty body warnings when -Wextra is used
- ext2: fix debug reference to ext2_xattr_cache
- libnvdimm: Out of bounds read in __nd_ioctl()
- iommu/amd: Fix the configuration of GCR3 table root pointer
- net: dsa: bcm_sf2: Fix overflow checks
- fbdev: potential information leak in do_fb_ioctl()
- tty: evh_bytechan: Fix out of bounds accesses
- locktorture: Print ratio of acquisitions, not failures
- mtd: lpddr: Fix a double free in probe()
- mtd: phram: fix a double free issue in error path
- KEYS: Use individual pages in big_key for crypto buffers
- KEYS: Don't write out to userspace while holding key semaphore
- keys: Fix proc_keys_next to increase position index
- wil6210: ignore HALP ICR if already handled
- wil6210: remove reset file from debugfs
- ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN.
- of: unittest: kmemleak on changeset destroy
- of: overlay: kmemleak in dup_and_fixup_symbol_prop()
- s390/cpum_sf: Fix wrong page count in error message
- f2fs: fix NULL pointer dereference in f2fs_write_begin()
* psock_tpacket from the net test in ubuntu_kernel_selftests failed on KVM
kernels (LP: #1812176)
- selftests/net: skip psock_tpacket test if KALLSYMS was not enabled
* Bionic ubuntu ethtool doesn't check ring parameters boundaries
(LP: #1874444)
- ethtool: Ensure new ring parameters are within bounds during SRINGPARAM
* Improve TSC refinement (and calibration) reliability (LP: #1877858)
- x86/tsc: Make calibration refinement more robust
- x86/tsc: Use CPUID.0x16 to calculate missing crystal frequency
* Do not treat unresolved test case in ftrace from ubuntu_kernel_selftests as
failure (LP: #1877958)
- ftrace/selftest: make unresolved cases cause failure if --fail-unresolved
set
* Add support for Ambiq micro AM1805 RTC chip (LP: #1876667)
- SAUCE: rtc: add am-1805 RTC driver
* 'Elan touchpad' not detected on 'Lenovo ThinkBook 15 IIL' (LP: #1861610)
- SAUCE: Input: elan_i2c - add more hardware ID for Lenovo laptop
* Kdump broken since 4.15.0-65 on secureboot - purgatory cannot load
(LP: #1869672)
- SAUCE: x86/purgatory: Fix Makefile to prevent undefined symbols
Date: 2020-06-04 14:55:15.026845+00:00
Changed-By: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-106.107~16.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list