Bionic update: upstream stable patchset 2022-07-06
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Bionic |
Fix Released
|
Medium
|
Kamal Mostafa | ||
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2022-07-06
from git://git.
MIPS: Use address-of operator on section symbols
block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
can: grcan: only use the NAPI poll budget for RX
Bluetooth: Fix the creation of hdev->name
mmc: rtsx: add 74 Clocks in power on flow
mm: hugetlb: fix missing cache flush in copy_huge_
mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
ALSA: pcm: Fix races among concurrent read/write and buffer changes
ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
ALSA: pcm: Fix races among concurrent prealloc proc writes
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
VFS: Fix memory leak caused by concurrently mounting fs with subtype
UBUNTU: Upstream stable to v4.14.279, v4.19.243
batman-adv: Don't skb_split skbuffs with frag_list
net: Fix features skip in for_each_
ipv4: drop dst in multicast routing path
netlink: do not reset transport header in netlink_recvmsg()
mac80211_hwsim: call ieee80211_
hwmon: (ltq-cputemp) restrict it to SOC_XWAY
s390/ctcm: fix variable dereferenced before check
s390/ctcm: fix potential memory leak
s390/lcs: fix variable dereferenced before check
net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
net: sfc: ef10: fix memory leak in efx_ef10_
hwmon: (f71882fg) Fix negative temperature
ASoC: max98090: Reject invalid values in custom control put()
ASoC: max98090: Generate notifications on changes for custom control
ASoC: ops: Validate input values in snd_soc_
tcp: resalt the secret every 10 seconds
usb: cdc-wdm: fix reading stuck on device close
USB: serial: pl2303: add device id for HP LM930 Display
USB: serial: qcserial: add support for Sierra Wireless EM7590
USB: serial: option: add Fibocom L610 modem
USB: serial: option: add Fibocom MA510 modem
cgroup/cpuset: Remove cpus_allowed/
drm/vmwgfx: Initialize drm_mode_fb_cmd2
ping: fix address binding wrt vrf
tty/serial: digicolor: fix possible null-ptr-deref in digicolor_
net/sched: act_pedit: really ensure the skb is writable
UBUNTU: Upstream stable to v4.14.280, v4.19.244
floppy: use a statically allocated error counter
um: Cleanup syscall_handler_t definition/cast, fix warning
Input: add bounds checking to input_set_
Input: stmfts - fix reference leak in stmfts_input_open
MIPS: lantiq: check the return value of kzalloc()
drbd: remove usage of list iterator variable after loop
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
ALSA: wavefront: Proper check of get_user() error
perf: Fix sys_perf_
drm/dp/mst: fix a possible memory leak in fetch_monitor_
mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_
mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_
clk: at91: generated: consider range when calculating best rate
net/qla3xxx: Fix a test in ql_reset_work()
NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
igb: skip phy status check where unavailable
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
gpio: gpio-vf610: do not touch other bits when set the target bit
gpio: mvebu/pwm: Refuse requests with inverted polarity
perf bench numa: Address compiler error on s390
scsi: qla2xxx: Fix missed DMA unmap for aborted commands
mac80211: fix rx reordering with non explicit / psmp ack policy
ethernet: tulip: fix missing pci_disable_
net: stmmac: fix missing pci_disable_
net: atlantic: verify hw_head_ lies within TX buffer ring
swiotlb: fix info leak with DMA_FROM_DEVICE
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
net: macb: Increment rx bd head after allocating skb and buffer
net/sched: act_pedit: sanitize shift argument before usage
afs: Fix afs_getattr() to refetch file status if callback break occurred
UBUNTU: Upstream stable to v4.14.281, v4.19.245
x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
tcp: change source port randomizarion at connect() time
secure_seq: use the 64 bits of the siphash for port offset calculation
ACPI: sysfs: Make sparse happy about address space in use
Revert "UBUNTU: SAUCE: ACPI: sysfs: copy ACPI data using io memory copying"
ACPI: sysfs: Fix BERT error region memory mapping
net: af_key: check encryption module availability consistency
net: ftgmac100: Disable hardware checksum on AST2600
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
assoc_array: Fix BUG_ON during garbage collect
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_
block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
exec: Force single empty string when argv is empty
netfilter: conntrack: re-fetch conntrack after insertion
zsmalloc: fix races between asynchronous zspage free and page migration
dm integrity: fix error code in dm_integrity_ctr()
dm crypt: make printing of the key constant-time
dm stats: add cond_resched when looping over entries
dm verity: set DM_TARGET_IMMUTABLE feature flag
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
docs: submitting-patches: Fix crossref to 'The canonical patch format'
NFSD: Fix possible sleep during nfsd4_release_
bpf: Enlarge offset check value to INT_MAX in bpf_skb_
UBUNTU: Upstream stable to v4.14.282, v4.19.246
| Changed in linux (Ubuntu): | |
| status: | New → Confirmed |
| tags: | added: kernel-stable-tracking-bug |
| description: | updated |
| Changed in linux (Ubuntu): | |
| status: | Confirmed → In Progress |
| Changed in linux (Ubuntu Bionic): | |
| status: | New → Invalid |
| importance: | Undecided → Medium |
| assignee: | nobody → Kamal Mostafa (kamalmostafa) |
| description: | updated |
| Changed in linux (Ubuntu): | |
| status: | In Progress → Invalid |
| Changed in linux (Ubuntu Bionic): | |
| status: | Invalid → In Progress |
| Changed in linux (Ubuntu Bionic): | |
| status: | In Progress → Fix Committed |
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in linux (Ubuntu Bionic): | |
| status: | Fix Committed → Fix Released |
This bug was fixed in the package linux - 4.15.0-191.202
---------------
linux (4.15.0-191.202) bionic; urgency=medium
* CVE-2022-2586
- SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table
- SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another chain
* CVE-2022-2588
- SAUCE: net_sched: cls_route: remove from list when handle is 0
* CVE-2022-34918
- netfilter: nf_tables: stricter validation of element data
* BUG: kernel NULL pointer dereference, address: 0000000000000008
(LP: #1981658)
- tcp: make sure treq->af_specific is initialized
linux (4.15.0-190.201) bionic; urgency=medium
* bionic/linux: 4.15.0-190.201 -proposed tracker (LP: #1981321)
* CVE-2022-1679
- SAUCE: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
* Bionic update: upstream stable patchset 2022-07-06 (LP: #1980879)
- MIPS: Use address-of operator on section symbols
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
- can: grcan: grcan_probe(): fix broken system id check for errata workaround
needs
- can: grcan: only use the NAPI poll budget for RX
- Bluetooth: Fix the creation of hdev->name
- mmc: rtsx: add 74 Clocks in power on flow
- mm: hugetlb: fix missing cache flush in copy_huge_
- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and
_
- ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
- ALSA: pcm: Fix races among concurrent read/write and buffer changes
- ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
- ALSA: pcm: Fix races among concurrent prealloc proc writes
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
- VFS: Fix memory leak caused by concurrently mounting fs with subtype
- batman-adv: Don't skb_split skbuffs with frag_list
- net: Fix features skip in for_each_
- ipv4: drop dst in multicast routing path
- netlink: do not reset transport header in netlink_recvmsg()
- mac80211_hwsim: call ieee80211_
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY
- s390/ctcm: fix variable dereferenced before check
- s390/ctcm: fix potential memory leak
- s390/lcs: fix variable dereferenced before check
- net/smc: non blocking recvmsg() return -EAGAIN when no data and
signal_
- net: sfc: ef10: fix memory leak in efx_ef10_
- hwmon: (f71882fg) Fix negative temperature
- ASoC: max98090: Reject invalid values in custom control put()
- ASoC: max98090: Generate notifications on changes for custom control
- ASoC: ops: Validate input values in snd_soc_
- tcp: resalt the secret every 10 seconds
- usb: cdc-wdm: fix reading stuck on device close
- USB: serial: pl2303: add device id for HP LM930 Display
- USB: serial: qcserial: add support for Sierra Wireless EM7590
- USB: serial: option: add Fibocom L610 modem
- USB: serial: option: add Fibocom MA510 modem
- cgroup/cpuset: Remove cpus_allowed/
...