Bug #1648662 “Vulnerability picked up from 4.8.10 stable kernel” : Bugs : linux package : Ubuntu

Steve Beattie (sbeattie) on 2016-12-09

description:	updated
summary:	- Vulnerability picked up from 4.8.11 stable kernel + Vulnerability picked up from 4.8.10 stable kernel

Steve Beattie (sbeattie) on 2016-12-09

information type:	Private Security → Public Security
Changed in linux (Ubuntu Yakkety):
status:	New → Confirmed

Revision history for this message

Brad Figg (brad-figg) wrote on 2016-12-09: Missing required logs.

#1

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1648662

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Seth Arnold (seth-arnold) on 2016-12-09

Changed in linux (Ubuntu):
status:	Incomplete → Confirmed

Luis Henriques (henrix) on 2016-12-12

Changed in linux (Ubuntu Yakkety):
assignee:	nobody → Luis Henriques (henrix)
assignee:	Luis Henriques (henrix) → Thadeu Lima de Souza Cascardo (cascardo)

Luis Henriques (henrix) on 2016-12-13

Changed in linux (Ubuntu Yakkety):
status:	Confirmed → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-12-20:

#2

Download full text (25.5 KiB)

This bug was fixed in the package linux - 4.8.0-32.34

---------------
linux (4.8.0-32.34) yakkety; urgency=low

[ Thadeu Lima de Souza Cascardo ]

* Release Tracking Bug
- LP: #1649358

* Vulnerability picked up from 4.8.10 stable kernel (LP: #1648662)
- net: handle no dst on skb in icmp6_send

linux (4.8.0-31.33) yakkety; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
- LP: #1648034

* Update hio driver to 2.1.0.28 (LP: #1646643)
- SAUCE: hio: update to Huawei ES3000_V2 (2.1.0.28)

  * Yakkety update to v4.8.11 stable release (LP: #1645421)
    - x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
    - KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
    - KVM: Disable irq while unregistering user notifier
    - arm64: KVM: pmu: Fix AArch32 cycle counter access
    - KVM: arm64: Fix the issues when guest PMCCFILTR is configured
    - ftrace: Ignore FTRACE_FL_DISABLED while walking dyn_ftrace records
    - ftrace: Add more checks for FTRACE_FL_DISABLED in processing ip records
    - genirq: Use irq type from irqdata instead of irqdesc
    - fuse: fix fuse_write_end() if zero bytes were copied
    - IB/rdmavt: rdmavt can handle non aligned page maps
    - IB/hfi1: Fix rnr_timer addition
    - mfd: intel-lpss: Do not put device in reset state on suspend
    - mfd: stmpe: Fix RESET regression on STMPE2401
    - can: bcm: fix warning in bcm_connect/proc_register
    - gpio: do not double-check direction on sleeping chips
    - ALSA: usb-audio: Fix use-after-free of usb_device at disconnect
    - ALSA: hda - add a new condition to check if it is thinkpad
    - ALSA: hda - Fix mic regression by ASRock mobo fixup
    - i2c: mux: fix up dependencies
    - i2c: i2c-mux-pca954x: fix deselect enabling for device-tree
    - Disable the __builtin_return_address() warning globally after all
    - kbuild: add -fno-PIE
    - scripts/has-stack-protector: add -fno-PIE
    - x86/kexec: add -fno-PIE
    - kbuild: Steal gcc's pie from the very beginning
    - ext4: sanity check the block and cluster size at mount time
    - ARM: dts: imx53-qsb: Fix regulator constraints
    - crypto: caam - do not register AES-XTS mode on LP units
    - powerpc/64: Fix setting of AIL in hypervisor mode
    - drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
    - drm/i915: Refresh that status of MST capable connectors in ->detect()
    - drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch
      specified in the VBT
    - virtio-net: drop legacy features in virtio 1 mode
    - clk: mmp: pxa910: fix return value check in pxa910_clk_init()
    - clk: mmp: pxa168: fix return value check in pxa168_clk_init()
    - clk: mmp: mmp2: fix return value check in mmp2_clk_init()
    - clk: imx: fix integer overflow in AV PLL round rate
    - rtc: omap: Fix selecting external osc
    - iwlwifi: pcie: fix SPLC structure parsing
    - iwlwifi: pcie: mark command queue lock with separate lockdep class
    - iwlwifi: mvm: fix netdetect starting/stopping for unified images
    - iwlwifi: mvm: fix d3_test with unified D0/D3 images
    - iwlwifi: mvm: wake the wait queue when the RX sync counter is zero
    - mfd: cor...

This bug was fixed in the package linux - 4.8.0-32.34

---------------
linux (4.8.0-32.34) yakkety; urgency=low

[ Thadeu Lima de Souza Cascardo ]

* Release Tracking Bug
    - LP: #1649358

* Vulnerability picked up from 4.8.10 stable kernel (LP: #1648662)
    - net: handle no dst on skb in icmp6_send

linux (4.8.0-31.33) yakkety; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
    - LP: #1648034

* Update hio driver to 2.1.0.28 (LP: #1646643)
    - SAUCE: hio: update to Huawei ES3000_V2 (2.1.0.28)

* Yakkety update to v4.8.11 stable release (LP: #1645421)
    - x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
    - KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
    - KVM: Disable irq while unregistering user notifier
    - arm64: KVM: pmu: Fix AArch32 cycle counter access
    - KVM: arm64: Fix the issues when guest PMCCFILTR is configured
    - ftrace: Ignore FTRACE_FL_DISABLED while walking dyn_ftrace records
    - ftrace: Add more checks for FTRACE_FL_DISABLED in processing ip records
    - genirq: Use irq type from irqdata instead of irqdesc
    - fuse: fix fuse_write_end() if zero bytes were copied
    - IB/rdmavt: rdmavt can handle non aligned page maps
    - IB/hfi1: Fix rnr_timer addition
    - mfd: intel-lpss: Do not put device in reset state on suspend
    - mfd: stmpe: Fix RESET regression on STMPE2401
    - can: bcm: fix warning in bcm_connect/proc_register
    - gpio: do not double-check direction on sleeping chips
    - ALSA: usb-audio: Fix use-after-free of usb_device at disconnect
    - ALSA: hda - add a new condition to check if it is thinkpad
    - ALSA: hda - Fix mic regression by ASRock mobo fixup
    - i2c: mux: fix up dependencies
    - i2c: i2c-mux-pca954x: fix deselect enabling for device-tree
    - Disable the __builtin_return_address() warning globally after all
    - kbuild: add -fno-PIE
    - scripts/has-stack-protector: add -fno-PIE
    - x86/kexec: add -fno-PIE
    - kbuild: Steal gcc's pie from the very beginning
    - ext4: sanity check the block and cluster size at mount time
    - ARM: dts: imx53-qsb: Fix regulator constraints
    - crypto: caam - do not register AES-XTS mode on LP units
    - powerpc/64: Fix setting of AIL in hypervisor mode
    - drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
    - drm/i915: Refresh that status of MST capable connectors in ->detect()
    - drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch
      specified in the VBT
    - virtio-net: drop legacy features in virtio 1 mode
    - clk: mmp: pxa910: fix return value check in pxa910_clk_init()
    - clk: mmp: pxa168: fix return value check in pxa168_clk_init()
    - clk: mmp: mmp2: fix return value check in mmp2_clk_init()
    - clk: imx: fix integer overflow in AV PLL round rate
    - rtc: omap: Fix selecting external osc
    - iwlwifi: pcie: fix SPLC structure parsing
    - iwlwifi: pcie: mark command queue lock with separate lockdep class
    - iwlwifi: mvm: fix netdetect starting/stopping for unified images
    - iwlwifi: mvm: fix d3_test with unified D0/D3 images
    - iwlwifi: mvm: wake the wait queue when the RX sync counter is zero
    - mfd: core: Fix device reference leak in mfd_clone_cell
    - sunrpc: svc_age_temp_xprts_now should not call setsockopt non-tcp transports
    - uwb: fix device reference leaks
    - PM / sleep: fix device reference leak in test_suspend
    - PM / sleep: don't suspend parent when async child suspend_{noirq, late}
      fails
    - perf hists: Fix column length on --hierarchy
    - IB/rxe: Update qp state for user query
    - IB/rxe: Fix kernel panic in UDP tunnel with GRO and RX checksum
    - IB/rxe: Fix handling of erroneous WR
    - IB/rxe: Clear queue buffer when modifying QP to reset
    - IB/mlx4: Check gid_index return value
    - IB/mlx4: Fix create CQ error flow
    - IB/mlx5: Validate requested RQT size
    - IB/mlx5: Use cache line size to select CQE stride
    - IB/mlx5: Fix memory leak in query device
    - IB/mlx5: Fix fatal error dispatching
    - IB/mlx5: Fix NULL pointer dereference on debug print
    - IB/core: Avoid unsigned int overflow in sg_alloc_table
    - IB/hfi1: Remove incorrect IS_ERR check
    - IB/uverbs: Fix leak of XRC target QPs
    - IB/cm: Mark stale CM id's whenever the mad agent was unregistered
    - netfilter: nft_dynset: fix element timeout for HZ != 1000
    - gpio: pca953x: Move memcpy into mutex lock for set multiple
    - gpio: pca953x: Fix corruption of other gpios in set_multiple.
    - Linux 4.8.11

* Upstream stable 4.4.34 and 4.8.10 regression (LP: #1645278)
    - flow_dissect: call init_default_flow_dissectors() earlier

* Fix Kernel Crashing under IBM Virtual Scsi Driver (LP: #1642299)
    - SAUCE: ibmvscsis: Rearrange functions for future patches
    - SAUCE: ibmvscsis: Synchronize cmds at tpg_enable_store time
    - SAUCE: ibmvscsis: Synchronize cmds at remove time
    - SAUCE: ibmvscsis: Clean up properly if target_submit_cmd/tmr fails
    - SAUCE: ibmvscsis: Return correct partition name/# to client
    - SAUCE: ibmvscsis: Issues from Dan Carpenter/Smatch

* Add a driver for Amazon Elastic Network Adapters (ENA) (LP: #1635721)
    - net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)
    - [config] enable CONFIG_ENA_ETHERNET=m (Amazon ENA driver)

* Move some kernel modules to the main kernel package (LP: #1642228)
    - [Config] Move some powerpc kernel modules to the main kernel package

* Yakkety update to 4.8.10 stable release (LP: #1643639)
    - dctcp: avoid bogus doubling of cwnd after loss
    - net: clear sk_err_soft in sk_clone_lock()
    - net: mangle zero checksum in skb_checksum_help()
    - bgmac: stop clearing DMA receive control register right after it is set
    - ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
    - tcp: fix potential memory corruption
    - ipv4: allow local fragmentation in ip_finish_output_gso()
    - tcp: fix return value for partial writes
    - dccp: do not release listeners too soon
    - dccp: do not send reset to already closed sockets
    - dccp: fix out of bound access in dccp_v4_err()
    - ipv6: dccp: fix out of bound access in dccp_v6_err()
    - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
    - sctp: assign assoc_id earlier in __sctp_connect
    - bpf: fix htab map destruction when extra reserve is in use
    - net: icmp6_send should use dst dev to determine L3 domain
    - fib_trie: Correct /proc/net/route off by one error
    - sock: fix sendmmsg for partial sendmsg
    - net: icmp_route_lookup should use rt dev to determine L3 domain
    - net: __skb_flow_dissect() must cap its return value
    - ipv4: use new_gw for redirect neigh lookup
    - tcp: take care of truncations done by sk_filter()
    - Revert "include/uapi/linux/atm_zatm.h: include linux/time.h"
    - mlxsw: spectrum: Fix refcount bug on span entries
    - mlxsw: spectrum_router: Correctly dump neighbour activity
    - Revert "bnx2: Reset device during driver initialization"
    - bnx2: Wait for in-flight DMA to complete at probe stage
    - sctp: change sk state only when it has assocs in sctp_shutdown
    - net: stmmac: Fix lack of link transition for fixed PHYs
    - spi: spidev_test: fix build with musl libc
    - sparc: Handle negative offsets in arch_jump_label_transform
    - sparc64: Handle extremely large kernel TSB range flushes sanely.
    - sparc64: Fix illegal relative branches in hypervisor patched TLB code.
    - sparc64: Fix instruction count in comment for
      __hypervisor_flush_tlb_pending.
    - sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call
      code.
    - sparc64: Handle extremely large kernel TLB range flushes more gracefully.
    - sparc64: Delete __ret_efault.
    - sparc64: Prepare to move to more saner user copy exception handling.
    - sparc64: Convert copy_in_user to accurate exception reporting.
    - sparc64: Convert GENcopy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert U1copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NG2copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert U3copy_{from,to}_user to accurate exception reporting.
    - sparc64: Delete now unused user copy assembler helpers.
    - sparc64: Delete now unused user copy fixup functions.
    - usb: gadget: f_fs: edit epfile->ep under lock
    - usb: gadget: f_fs: stop sleeping in ffs_func_eps_disable
    - Linux 4.8.10

* Yakkety update to v4.8.9 stable release (LP: #1642972)
    - ALSA: info: Return error for invalid read/write
    - ALSA: info: Limit the proc text input size
    - ASoC: cs4270: fix DAPM stream name mismatch
    - dib0700: fix nec repeat handling
    - mm, frontswap: make sure allocated frontswap map is assigned
    - shmem: fix pageflags after swapping DMA32 object
    - swapfile: fix memory corruption via malformed swapfile
    - mm: hwpoison: fix thp split handling in memory_failure()
    - mm/hugetlb: fix huge page reservation leak in private mapping error paths
    - coredump: fix unfreezable coredumping task
    - s390/hypfs: Use get_free_page() instead of kmalloc to ensure page alignment
    - ARC: timer: rtc: implement read loop in "C" vs. inline asm
    - PCI: Don't attempt to claim shadow copies of ROM
    - arc: Implement arch-specific dma_map_ops.mmap
    - pinctrl: cherryview: Serialize register access in suspend/resume
    - pinctrl: cherryview: Prevent possible interrupt storm on resume
    - cpupower: Correct return type of cpu_power_is_cpu_online() in cpufreq-set
    - mmc: sdhci: Fix CMD line reset interfering with ongoing data transfer
    - mmc: sdhci: Fix unexpected data interrupt handling
    - mmc: mmc: Use 500ms as the default generic CMD6 timeout
    - staging: iio: ad5933: avoid uninitialized variable in error case
    - staging: sm750fb: Fix bugs introduced by early commits
    - staging: comedi: ni_tio: fix buggy ni_tio_clock_period_ps() return value
    - drivers: staging: nvec: remove bogus reset command for PS/2 interface
    - Revert "staging: nvec: ps2: change serio type to passthrough"
    - staging: nvec: remove managed resource from PS2 driver
    - usb: dwc3: Fix error handling for core init
    - USB: cdc-acm: fix TIOCMIWAIT
    - usb: gadget: u_ether: remove interrupt throttling
    - drbd: Fix kernel_sendmsg() usage - potential NULL deref
    - toshiba-wmi: Fix loading the driver on non Toshiba laptops
    - clk: qoriq: Don't allow CPU clocks higher than starting value
    - cdc-acm: fix uninitialized variable
    - iio: hid-sensors: Increase the precision of scale to fix wrong reading
      interpretation.
    - iio: orientation: hid-sensor-rotation: Add PM function (fix non working
      driver)
    - iio: st_sensors: fix scale configuration for h3lis331dl
    - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
    - scsi: mpt3sas: Fix for block device of raid exists even after deleting raid
      disk
    - scsi: scsi_dh_alua: fix missing kref_put() in alua_rtpg_work()
    - scsi: scsi_dh_alua: Fix a reference counting bug
    - KVM: arm/arm64: vgic: Prevent access to invalid SPIs
    - drm/radeon: disable runtime pm in certain cases
    - drm/i915: Respect alternate_ddc_pin for all DDI ports
    - drm/i915/dp: BDW cdclk fix for DP audio
    - drm/i915/dp: Extend BDW DP audio workaround to GEN9 platforms
    - drm/amdgpu: disable runtime pm in certain cases
    - drm/amdgpu: fix crash in acp_hw_fini
    - tty/serial: at91: fix hardware handshake on Atmel platforms
    - drm/amdgpu: fix sched fence slab teardown
    - drm/amd: fix scheduler fence teardown order v2
    - xprtrdma: use complete() instead complete_all()
    - xprtrdma: Fix DMAR failure in frwr_op_map() after reconnect
    - iommu/io-pgtable-arm: Check for v7s-incapable systems
    - iommu/amd: Free domain id when free a domain of struct dma_ops_domain
    - iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path
    - agp/intel: Flush chipset writes after updating a single PTE
    - watchdog: core: Fix devres_alloc() allocation size
    - Input: synaptics-rmi4 - fix error handling in SPI transport driver
    - Input: synaptics-rmi4 - fix error handling in I2C transport driver
    - perf top: Fix refreshing hierarchy entries on TUI
    - mei: bus: fix received data size check in NFC fixup
    - svcrdma: Skip put_page() when send_reply() fails
    - svcrdma: Tail iovec leaves an orphaned DMA mapping
    - nvme: Delete created IO queues on reset
    - Revert "clocksource/drivers/timer_sun5i: Replace code by
      clocksource_mmio_init"
    - x86/build: Fix build with older GCC versions
    - clk: samsung: clk-exynos-audss: Fix module autoload
    - rtc: pcf2123: Add missing error code assignment before test
    - s390/dumpstack: restore reliable indicator for call traces
    - lib/genalloc.c: start search from start of chunk
    - hwrng: core - Don't use a stack buffer in add_early_randomness()
    - i40e: fix call of ndo_dflt_bridge_getlink()
    - mmc: sdhci-msm: Fix error return code in sdhci_msm_probe()
    - ACPI / APEI: Fix incorrect return value of ghes_proc()
    - ACPI/PCI/IRQ: assign ISA IRQ directly during early boot stages
    - ACPI/PCI: pci_link: penalize SCI correctly
    - ACPI/PCI: pci_link: Include PIRQ_PENALTY_PCI_USING for ISA IRQs
    - batman-adv: Modify neigh_list only with rcu-list functions
    - gpio/mvebu: Use irq_domain_add_linear
    - gpio: of: fix GPIO drivers with multiple gpio_chip for a single node
    - ASoC: Intel: Skylake: Always acquire runtime pm ref on unload
    - ASoC: sun4i-codec: return error code instead of NULL when create_card fails
    - pinctrl: iproc: Fix iProc and NSP GPIO support
    - mmc: mxs: Initialize the spinlock prior to using it
    - memcg: prevent memcg caches to be both OFF_SLAB & OBJFREELIST_SLAB
    - libceph: fix legacy layout decode with pool 0
    - NFSv4.1: work around -Wmaybe-uninitialized warning
    - drm/amdgpu: fix fence slab teardown
    - drm/amdgpu: fix a vm_flush fence leak
    - drm/i915: Fix mismatched INIT power domain disabling during suspend
    - netfilter: fix namespace handling in nf_log_proc_dostring
    - Linux 4.8.9

* Yakkety update to 4.8.8 stable release (LP: #1642607)
    - net: fec: set mac address unconditionally
    - net: pktgen: fix pkt_size
    - net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*()
      functions
    - net: Add netdev all_adj_list refcnt propagation to fix panic
    - packet: call fanout_release, while UNREGISTERING a netdev
    - netlink: do not enter direct reclaim from netlink_dump()
    - drivers/ptp: Fix kernel memory disclosure
    - net_sched: reorder pernet ops and act ops registrations
    - ipv6: tcp: restore IP6CB for pktoptions skbs
    - net: phy: Trigger state machine on state change and not polling.
    - ip6_tunnel: fix ip6_tnl_lookup
    - IB/ipoib: move back IB LL address into the hard header
    - net/mlx4_en: fixup xdp tx irq to match rx
    - net: pktgen: remove rcu locking in pktgen_change_name()
    - bridge: multicast: restore perm router ports on multicast enable
    - switchdev: Execute bridge ndos only for bridge ports
    - rtnetlink: Add rtnexthop offload flag to compare mask
    - net: core: Correctly iterate over lower adjacency list
    - net: add recursion limit to GRO
    - ipv4: disable BH in set_ping_group_range()
    - ipv4: use the right lock for ping_group_range
    - net: fec: Call swap_buffer() prior to IP header alignment
    - net: sctp, forbid negative length
    - sctp: fix the panic caused by route update
    - udp: fix IP_CHECKSUM handling
    - netvsc: fix incorrect receive checksum offloading
    - macsec: Fix header length if SCI is added if explicitly disabled
    - net: ipv6: Do not consider link state for nexthop validation
    - net sched filters: fix notification of filter delete with proper handle
    - sctp: validate chunk len before actually using it
    - ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit()
    - packet: on direct_xmit, limit tso and csum to supported devices
    - arch/powerpc: Update parameters for csum_tcpudp_magic & csum_tcpudp_nofold
    - usb: dwc3: gadget: properly account queued requests
    - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough)
      devices
    - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
    - Linux 4.8.8

* Yakkety update to 4.8.7 stable release (LP: #1642606)
    - i2c: rk3x: Give the tuning value 0 during rk3x_i2c_v0_calc_timings
    - i2c: xgene: Avoid dma_buffer overrun
    - i2c: core: fix NULL pointer dereference under race condition
    - drm/dp/mst: Clear port->pdt when tearing down the i2c adapter
    - spi: fsl-espi: avoid processing uninitalized data on error
    - spi: mark device nodes only in case of successful instantiation
    - h8300: fix syscall restarting
    - gpio / ACPI: fix returned error from acpi_dev_gpio_irq_get()
    - gpio: GPIO_GET_CHIPINFO_IOCTL: Fix line offset validation
    - gpio: GPIO_GET_CHIPINFO_IOCTL: Fix information leak
    - gpio: GPIO_GET_LINEHANDLE_IOCTL: Validate line offset
    - gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix information leak
    - gpio: GPIO_GET_LINEEVENT_IOCTL: Validate line offset
    - gpio: GPIO_GET_LINEHANDLE_IOCTL: Reject invalid line flags
    - gpio: GPIO_GET_LINEEVENT_IOCTL: Reject invalid line and event flags
    - gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix another information leak
    - gpio: GPIO_GET_LINE{HANDLE,EVENT}_IOCTL: Fix file descriptor leak
    - libxfs: clean up _calc_dquots_per_chunk
    - mm/list_lru.c: avoid error-path NULL pointer deref
    - mm/slab: fix kmemcg cache creation delayed issue
    - mm: memcontrol: do not recurse in direct reclaim
    - KEYS: Sort out big_key initialisation
    - security/keys: make BIG_KEYS dependent on stdrng.
    - device-dax: fix percpu_ref_exit ordering
    - ALSA: usb-audio: Add quirk for Syntek STK1160
    - ALSA: seq: Fix time account regression
    - ALSA: hda - allow 40 bit DMA mask for NVidia devices
    - ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table
    - ALSA: hda - Fix surround output pins for ASRock B150M mobo
    - ALSA: hda - Fix headset mic detection problem for two Dell laptops
    - ANDROID: binder: Add strong ref checks
    - ANDROID: binder: Clear binder and cookie when setting handle in flat binder
      struct
    - cxl: Fix leaking pid refs in some error paths
    - btrfs: fix races on root_log_ctx lists
    - powerpc: Convert cmp to cmpd in idle enter sequence
    - powerpc/mm/radix: Use tlbiel only if we ever ran on the current cpu
    - x86/microcode/AMD: Fix more fallout from CONFIG_RANDOMIZE_MEMORY=y
    - timers: Prevent base clock rewind when forwarding clock
    - timers: Prevent base clock corruption when forwarding
    - timers: Plug locking race vs. timer migration
    - timers: Lock base for same bucket optimization
    - ubifs: Abort readdir upon error
    - ubifs: Fix regression in ubifs_readdir()
    - mei: txe: don't clean an unprocessed interrupt cause.
    - usb: gadget: udc: atmel: fix endpoint name
    - usb: gadget: function: u_ether: don't starve tx request queue
    - USB: serial: fix potential NULL-dereference at probe
    - USB: serial: cp210x: fix tiocmget error handling
    - USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7
    - xhci: use default USB_RESUME_TIMEOUT when resuming ports.
    - usb: renesas_usbhs: add wait after initialization for R-Car Gen3
    - usb: increase ohci watchdog delay to 275 msec
    - x86/smpboot: Init apic mapping before usage
    - vt: clear selection before resizing
    - xhci: add restart quirk for Intel Wildcatpoint PCH
    - xhci: workaround for hosts missing CAS bit
    - tty: limit terminal size to 4M chars
    - arm64: dts: marvell: fix clocksource for CP110 master SPI0
    - iio:chemical:atlas-ph-sensor: Fix use of 32 bit int to hold 16 bit big
      endian value
    - Staging: wilc1000: Fix kernel Oops on opening the device
    - dm: free io_barrier after blk_cleanup_queue call
    - KVM: x86: fix wbinvd_dirty_mask use-after-free
    - KVM: s390: Fix STHYI buffer alignment for diag224
    - KVM: MIPS: Make ERET handle ERL before EXL
    - KVM: MIPS: Precalculate MMIO load resume PC
    - ARM: mvebu: Select corediv clk for all mvebu v7 SoC
    - ARM: dts: fix the SD card on the Snowball
    - nfsd: Fix general protection fault in release_lock_stateid()
    - MIPS: KASLR: Fix handling of NULL FDT
    - ovl: fix get_acl() on tmpfs
    - ovl: update S_ISGID when setting posix ACLs
    - ovl: fsync after copy-up
    - parisc: Ensure consistent state when switching to kernel stack at syscall
      entry
    - virtio_ring: Make interrupt suppression spec compliant
    - virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices
    - virtio: console: Unlock vqs while freeing buffers
    - dm mirror: fix read error on recovery after default leg failure
    - dm table: fix missing dm_put_target_type() in dm_table_add_target()
    - dm rq: clear kworker_task if kthread_run() returned an error
    - dm raid: fix activation of existing raid4/10 devices
    - rtl8xxxu: Fix memory leak in handling rxdesc16 packets
    - rtl8xxxu: Fix big-endian problem reporting mactime
    - rtl8xxxu: Fix rtl8723bu driver reload issue
    - Input: i8042 - add XMG C504 to keyboard reset table
    - firewire: net: guard against rx buffer overflows
    - firewire: net: fix fragmented datagram_size off-by-one
    - mac80211: discard multicast and 4-addr A-MSDUs
    - Revert "ath9k_hw: implement temperature compensation support for AR9003+"
    - ath10k: cache calibration data when the core is stopped
    - scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
    - scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
    - mmc: dw_mmc-pltfm: fix the potential NULL pointer dereference
    - RAID1: ignore discard error
    - RAID10: ignore discard error
    - md: be careful not lot leak internal curr_resync value into metadata. --
      (all)
    - Revert "drm/radeon: fix DP link training issue with second 4K monitor"
    - drm/imx: ipuv3-plane: Switch EBA buffer only when we don't need modeset
    - drm/imx: ipuv3-plane: Access old u/vbo properly in ->atomic_check for
      YU12/YV12
    - drm/radeon/si_dpm: Limit clocks on HD86xx part
    - drm/radeon/si_dpm: workaround for SI kickers
    - drm/radeon: drop register readback in cayman_cp_int_cntl_setup
    - drm/nouveau/acpi: fix check for power resources support
    - drm/fb-helper: Don't call dirty callback for untouched clips
    - drm/fb-helper: Fix connector ref leak on error
    - drm/fb-helper: Keep references for the current set of used connectors
    - drm/i915/gen9: fix DDB partitioning for multi-screen cases
    - drm/i915/gen9: fix watermarks when using the pipe scaler
    - drm/dp/mst: Check peer device type before attempting EDID read
    - drm: Release reference from blob lookup after replacing property
    - drm/i915: Respect alternate_aux_channel for all DDI ports
    - drm/i915: Clean up DDI DDC/AUX CH sanitation
    - drm/i915/fbc: fix CFB size calculation for gen8+
    - drm: i915: Wait for fences on new fb, not old
    - i2c: mark device nodes only in case of successful instantiation
    - netfilter: xt_NFLOG: fix unexpected truncated packet
    - UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header
    - uapi: add missing install of sync_file.h
    - video: fbdev: pxafb: potential NULL dereference on error
    - omapfb: fix return value check in dsi_bind()
    - pwm: Unexport children before chip removal
    - usb: dwc3: Fix size used in dma_free_coherent()
    - usb: chipidea: host: fix NULL ptr dereference during shutdown
    - usb: musb: Fix hardirq-safe hardirq-unsafe lock order error
    - v4l: vsp1: Prevent pipelines from running when not streaming
    - tty: vt, fix bogus division in csi_J
    - ARM: fix oops when using older ARMv4T CPUs
    - kvm: x86: Check memopp before dereference (CVE-2016-8630)
    - btrfs: qgroup: Prevent qgroup->reserved from going subzero
    - ubi: fastmap: Fix add_vol() return value test in ubi_attach_fastmap()
    - cpufreq: intel_pstate: Set P-state upfront in performance mode
    - HID: usbhid: add ATEN CS962 to list of quirky devices
    - Linux 4.8.7
    - [Config] updateconfigs after 4.8.7 stable update

* CVE-2016-6213
    - mnt: Add a per mount namespace limit on the number of mounts

* Cursor doesn't move after multitouch on alps touchpad (LP: #1641874)
    - HID: alps: fix multitouch cursor issue

* [SRU] Add 0cf3:e009 to btusb (LP: #1641562)
    - Bluetooth: btusb: Add support for 0cf3:e009

* [Hyper-V] do not lose pending heartbeat vmbus packets (LP: #1632786)
    - hv: do not lose pending heartbeat vmbus packets

* ipv6: connected routes are missing after a down/up cycle on the loopback
    (LP: #1634545)
    - ipv6: correctly add local routes when lo goes up

* [Feature] Add Knights Mill to Intel processors family list (LP: #1637528)
    - x86/cpu/intel: Add Knights Mill to Intel family
    - perf/x86/intel: Add Knights Mill CPUID
    - perf/x86/intel/rapl: Add Knights Mill CPUID
    - perf/x86/intel/uncore: Add Knights Mill CPUID

* hv_set_ifconfig script parsing fails for certain configuration
    (LP: #1640109)
    - hv_set_ifconfig -- handle DHCP interfaces correctly
    - hv_set_ifconfig -- ensure we include the last stanza

* nvme: improve performance for virtual Google NVMe devices (LP: #1637565)
    - [Config] CONFIG_NVME_VENDOR_EXT_GOOGLE=y
    - SAUCE: nvme: improve performance for virtual NVMe devices

* CVE-2016-7039 and CVE-2016-8666 (LP: #1631287)
    - Revert "UBUNTU: SAUCE: net: add recursion limit to GRO"

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Mon, 12 Dec 2016 15:33:04 -0200

Changed in linux (Ubuntu Yakkety):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2019-10-03

Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Yakkety	Fix Released	Undecided	Thadeu Lima de Souza Cascardo

Ubuntu
linux package

Vulnerability picked up from 4.8.10 stable kernel

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntulinux package