Bionic update: upstream stable patchset 2020-08-11
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Bionic |
Fix Released
|
Undecided
|
Kamal Mostafa | ||
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2020-08-11
from git://git.
AX.25: Fix out-of-bounds read in ax25_connect()
AX.25: Prevent out-of-bounds read in ax25_sendmsg()
dev: Defer free of skbs in flush_backlog
drivers/
net-sysfs: add a newline when printing 'tx_timeout' by sysfs
net: udp: Fix wrong clean up for IS_UDPLITE macro
rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
AX.25: Prevent integer overflows in connect and sendmsg
ip6_gre: fix null-ptr-deref in ip6gre_init_net()
rtnetlink: Fix memory(net_device) leak when ->newlink fails
tcp: allow at most one TLP probe per flight
regmap: debugfs: check count when read regmap file
qrtr: orphan socket in qrtr_release()
sctp: shrink stream outq only when new outcnt < old outcnt
sctp: shrink stream outq when fails to do addstream reconf
UBUNTU: upstream stable to v4.14.191, v4.19.136
crypto: ccp - Release all allocated memory if sha type is invalid
media: rc: prevent memory leak in cx23888_ir_probe
iio: imu: adis16400: fix memory leak
ath9k_htc: release allocated buffer if timed out
ath9k: release allocated buffer if timed out
PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
wireless: Use offsetof instead of custom macro.
ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
drm: hold gem reference until object is no longer accessed
f2fs: check memory boundary by insane namelen
f2fs: check if file namelen exceeds max value
9p/trans_fd: abort p9_read_work if req status changed
9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled
x86/build/lto: Fix truncated .bss with -fdata-sections
rds: Prevent kernel-infoleak in rds_notify_
xfs: fix missed wakeup on l_flush_wait
net/x25: Fix x25_neigh refcnt leak when x25 disconnect
net/x25: Fix null-ptr-deref in x25_disconnect
selftests/net: rxtimestamp: fix clang issues for target arch PowerPC
sh: Fix validation of system call number
net: lan78xx: add missing endpoint sanity check
net: lan78xx: fix transfer-buffer memory leak
mlx4: disable device on shutdown
mlxsw: core: Increase scope of RCU read-side critical section
mlxsw: core: Free EMAD transactions using kfree_rcu()
ibmvnic: Fix IRQ mapping disposal in error path
bpf: Fix map leak in HASH_OF_MAPS map
mac80211: mesh: Free ie data when leaving mesh
mac80211: mesh: Free pending skb when destroying a mpath
arm64/alternatives: move length validation inside the subsection
arm64: csum: Fix handling of bad packets
usb: hso: Fix debug compile warning on sparc32
qed: Disable "MFW indication via attention" SPAM every 5 minutes
nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
parisc: add support for cmpxchg on u8 pointers
net: ethernet: ravb: exit if re-initialization fails in tx timeout
Revert "i2c: cadence: Fix the hold bit setting"
x86/unwind/orc: Fix ORC for newly forked tasks
cxgb4: add missing release on skb in uld_send()
xen-netfront: fix potential deadlock in xennet_remove()
KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled
x86/i8259: Use printk_deferred() to prevent deadlock
drm/amdgpu: fix multiple memory leaks in acp_hw_init
selftests/net: psock_fanout: fix clang issues for target arch PowerPC
net/mlx5: Verify Hardware supports requested ptp function on a given pin
UBUNTU: upstream stable to v4.14.192, v4.19.137
random32: update the net random state on interrupt and activity
ARM: percpu.h: fix build error
random: fix circular include dependency on arm64 after addition of percpu.h
random32: remove net_rand_state from the latent entropy gcc plugin
random32: move the pseudo-random 32-bit definitions to prandom.h
ext4: fix direct I/O read error
UBUNTU: upstream stable to v4.14.193, v4.19.138
CVE References
| Changed in linux (Ubuntu): | |
| status: | New → Confirmed |
| tags: | added: kernel-stable-tracking-bug |
| Changed in linux (Ubuntu Bionic): | |
| status: | New → In Progress |
| assignee: | nobody → Kamal Mostafa (kamalmostafa) |
| description: | updated |
| Changed in linux (Ubuntu Bionic): | |
| status: | In Progress → Fix Committed |
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in linux (Ubuntu Bionic): | |
| status: | Fix Committed → Fix Released |
| Changed in linux (Ubuntu): | |
| status: | Confirmed → Invalid |
This bug was fixed in the package linux - 4.15.0-118.119
---------------
linux (4.15.0-118.119) bionic; urgency=medium
* bionic/linux: 4.15.0-118.119 -proposed tracker (LP: #1894697)
* Packaging resync (LP: #1786013)
- update dkms package versions
* Introduce the new NVIDIA 450-server and the 450 UDA series (LP: #1887674)
- [packaging] add signed modules for nvidia 450 and 450-server
* cgroup refcount is bogus when cgroup_sk_alloc is disabled (LP: #1886860)
- cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()
* CVE-2020-12888
- vfio/type1: Support faulting PFNMAP vmas
- vfio-pci: Fault mmaps to enable vma tracking
- vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
* [Hyper-V] VSS and File Copy daemons intermittently fails to start
(LP: #1891224)
- [Packaging] Bind hv_vss_daemon startup to hv_vss device
- [Packaging] bind hv_fcopy_daemon startup to hv_fcopy device
* KVM: Fix zero_page reference counter overflow when using KSM on KVM compute
host (LP: #1837810)
- KVM: fix overflow of zero page refcount with ksm running
* Fix false-negative return value for rtnetlink.sh in kselftests/net
(LP: #1890136)
- selftests: rtnetlink: correct the final return value for the test
- selftests: rtnetlink: make kci_test_encap() return sub-test result
* Bionic update: upstream stable patchset 2020-08-18 (LP: #1892091)
- USB: serial: qcserial: add EM7305 QDL product ID
- USB: iowarrior: fix up report size handling for some devices
- usb: xhci: define IDs for various ASMedia host controllers
- usb: xhci: Fix ASMedia ASM1142 DMA addressing
- Revert "ALSA: hda: call runtime_allow() for all hda controllers"
- ALSA: seq: oss: Serialize ioctls
- staging: android: ashmem: Fix lockdep warning for write operation
- Bluetooth: Fix slab-out-of-bounds read in hci_extended_
- Bluetooth: Prevent out-of-bounds read in hci_inquiry_
- Bluetooth: Prevent out-of-bounds read in hci_inquiry_
- omapfb: dss: Fix max fclk divider for omap36xx
- binder: Prevent context manager from incrementing ref 0
- vgacon: Fix for missing check in scrollback handling
- mtd: properly check all write ioctls for permissions
- leds: wm831x-status: fix use-after-free on unbind
- leds: da903x: fix use-after-free on unbind
- leds: lm3533: fix use-after-free on unbind
- leds: 88pm860x: fix use-after-free on unbind
- net/9p: validate fds in p9_fd_open
- drm/nouveau/fbcon: fix module unload when fbcon init has failed for some
reason
- drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure
- i2c: slave: improve sanity check when registering
- i2c: slave: add sanity check when unregistering
- usb: hso: check for return value in hso_serial_
- firmware: Fix a reference count leak.
- cfg80211: check vendor command doit pointer before use
- igb: reinit_locked() should be called with rtnl_lock
- atm: fix atm_dev refcnt leaks in atmtcp_
- tools lib traceevent: Fix memory leak in process_dynamic...