Ubuntu
linux package

Bionic update: upstream stable patchset 2021-06-23

Bug #1933375 reported by Kamal Mostafa on 2021-06-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Bionic	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2021-06-23

Ported from the following upstream stable releases:
v4.14.236, v4.19.194

from git://git.kernel.org/

net: usb: cdc_ncm: don't spew notifications
efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
efi: cper: fix snprintf() use in cper_dimm_err_location()
vfio/pci: Fix error return code in vfio_ecap_init()
vfio/pci: zap_vma_ptes() needs MMU
vfio/platform: fix module_put call in error flow
ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
HID: pidff: fix error return code in hid_pidff_init()
HID: i2c-hid: fix format string mismatch
netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches
ieee802154: fix error return code in ieee802154_add_iface()
ieee802154: fix error return code in ieee802154_llsec_getparams()
Bluetooth: fix the erroneous flush_work() order
Bluetooth: use correct lock to prevent UAF of hdev object
net: caif: added cfserl_release function
net: caif: add proper error handling
net: caif: fix memory leak in caif_device_notify
net: caif: fix memory leak in cfusbl_device_notify
ALSA: timer: Fix master timer notification
ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
pid: take a reference when initializing `cad_pid`
ocfs2: fix data corruption by fallocate
nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
btrfs: fix error handling in btrfs_del_csums
btrfs: fixup error handling in fixup_inode_link_counts
mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY
bpf: Update selftests to reflect new error states
selftests/bpf: make 'dubious pointer arithmetic' test useful
bpf: Fix mask direction swap upon off reg sign change
bnxt_en: Remove the setting of dev_port.
KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode
sched/fair: Optimize select_idle_cpu
xen-pciback: redo VF placement in the virtual topology
ALSA: usb: update old-style static const declaration
nl80211: validate key indexes for cfg80211_registered_device
x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing
btrfs: return errors from btrfs_del_csums in cleanup_ref_head
KVM: arm64: Fix debug register indexing
UBUNTU: upstream stable to v4.14.236, v4.19.194

See original description

Tags:

CVE References

2019-19036

Kamal Mostafa (kamalmostafa) on 2021-06-23

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Bionic):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
description:	updated
description:	updated

Kelsey Steele (kelsey-steele) on 2021-06-29

Changed in linux (Ubuntu Bionic):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-08-16:

Download full text (4.5 KiB)

This bug was fixed in the package linux - 4.15.0-154.161

---------------
linux (4.15.0-154.161) bionic; urgency=medium

* bionic/linux: 4.15.0-154.161 -proposed tracker (LP: #1938411)

  * Potential reverts of 4.19.y stable changes in 18.04 (LP: #1938537)
    - SAUCE: Revert "locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to
      signal"
    - SAUCE: Revert "drm/amd/amdgpu: fix refcount leak"

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - update dkms package versions

  * btrfs: Automatic balance returns -EUCLEAN and leads to forced readonly
    filesystem (LP: #1934709) // CVE-2019-19036
    - btrfs: Validate child tree block's level and first key
    - btrfs: Detect unbalanced tree with empty leaf before crashing btree
      operations

  * btrfs: Automatic balance returns -EUCLEAN and leads to forced readonly
    filesystem (LP: #1934709)
    - Revert "btrfs: Detect unbalanced tree with empty leaf before crashing btree
      operations"
    - Revert "btrfs: Validate child tree block's level and first key"
    - btrfs: Only check first key for committed tree blocks
    - btrfs: Fix wrong first_key parameter in replace_path

  * Enable fib-onlink-tests.sh and msg_zerocopy.sh in kselftests/net on Bionic
    (LP: #1934759)
    - selftests: Add fib-onlink-tests.sh to TEST_PROGS
    - selftests: net: use TEST_PROGS_EXTENDED
    - selftests/net: enable msg_zerocopy test
    - SAUCE: selftests: Make fib-onlink-tests.sh executable

  * Kernel oops due to uninitialized list on kernfs (kernfs_kill_sb)
    (LP: #1934175)
    - kernfs: deal with kernfs_fill_super() failures
    - unfuck sysfs_mount()

* large_dir in ext4 broken (LP: #1933074)
- SAUCE: ext4: fix directory index node split corruption

  * btrfs: Attempting to balance a nearly full filesystem with relocated root
    nodes fails (LP: #1933172) // CVE-2019-19036
    - btrfs: reloc: fix reloc root leak and NULL pointer dereference

  * btrfs: Attempting to balance a nearly full filesystem with relocated root
    nodes fails (LP: #1933172)
    - Revert "btrfs: reloc: fix reloc root leak and NULL pointer dereference"

* Pixel format change broken for Elgato Cam Link 4K (LP: #1932367)
- (upstream) media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K

This bug was fixed in the package linux - 4.15.0-154.161

---------------
linux (4.15.0-154.161) bionic; urgency=medium

* bionic/linux: 4.15.0-154.161 -proposed tracker (LP: #1938411)

* Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - update dkms package versions

* Kernel oops due to uninitialized list on kernfs (kernfs_kill_sb)
    (LP: #1934175)
    - kernfs: deal with kernfs_fill_super() failures
    - unfuck sysfs_mount()

* large_dir in ext4 broken (LP: #1933074)
    - SAUCE: ext4: fix directory index node split corruption

* btrfs: Attempting to balance a nearly full filesystem with relocated root
    nodes fails (LP: #1933172) // CVE-2019-19036
    - btrfs: reloc: fix reloc root leak and NULL pointer dereference

* btrfs: Attempting to balance a nearly full filesystem with relocated root
    nodes fails (LP: #1933172)
    - Revert "btrfs: reloc: fix reloc root leak and NULL pointer dereference"

* Pixel format change broken for Elgato Cam Link 4K (LP: #1932367)
    - (upstream) media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K

* Bionic update: upstream stable patchset 2021-06-23 (LP: #1933375)
    - net: usb: cdc_ncm: don't spew notifications
    - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
    - efi: cper: fix snprintf() use in cper_dimm_err_location()
    - vfio/pci: Fix error return code in vfio_ecap_init()
    - vfio/pci: zap_vma_ptes() needs MMU
    - vfio/platform: fix module_put call in error flow
    - ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
    - HID: pidff: fix error return code in hid_pidff_init()
    - HID: i2c-hid: fix format string mismatch
    - netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches
    - ieee802154: fix error return code in ieee802154_add_iface()
    - ieee802154: fix error return code in ieee802154_llsec_getparams()
    - Bluetooth: fix the erroneous flush_work() order
    - Bluetooth: use correct lock to prevent UAF of hdev object
    - net: caif: added cfserl_release function
    - net: caif: add proper error handling
    - net: caif: fix memory leak in caif_device_notify
    - net: caif: fix memory leak in cfusbl_device_notify
    - ALSA: timer: Fix master timer notification
    - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
    - pid: take a reference when initializing `cad_pid`
    - ocfs2: fix data corruption by fallocate
    - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
    - btrfs: fix error handling in btrfs_del_csums
    - btrfs: fixup error handling in fixup_inode_link_counts
    - mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY
    - selftests/bpf: make 'dubious pointer arithmetic' test useful
    - bnxt_en: Remove the setting of dev_port.
    - KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode
    - sched/fair: Optimize select_idle_cpu
    - xen-pciback: redo VF placement in the virtual topology
    - ALSA: usb: update old-style static const declaration
    - nl80211: validate key indexes for cfg80211_registered_device
    - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing
    - btrfs: return errors from btrfs_del_csums in cleanup_ref_head
    - KVM: arm64: Fix debug register indexing

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Fri, 30 Jul 2021 14:39:24 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package