Bug #1853142 “CVE-2019-18660: patches for Ubuntu” : Focal (20.04) : Bugs : linux package : Ubuntu

Revision history for this message

Daniel Axtens (daxtens) wrote on 2019-11-19:

#1

Patches for Eoan, Disco, Bionic and Xenial Edit (80.0 KiB, application/x-tar)

Tyler Hicks (tyhicks) on 2019-11-20

Changed in linux (Ubuntu):
status:	New → Triaged

Tyler Hicks (tyhicks) on 2019-11-20

Changed in linux (Ubuntu Eoan):
assignee:	nobody → Ben Romer (bromer)
Changed in linux (Ubuntu Disco):
assignee:	nobody → Ben Romer (bromer)
Changed in linux (Ubuntu Bionic):
assignee:	nobody → Ben Romer (bromer)
Changed in linux (Ubuntu Xenial):
assignee:	nobody → Ben Romer (bromer)
status:	New → Triaged
Changed in linux (Ubuntu Bionic):
status:	New → Triaged
Changed in linux (Ubuntu Disco):
status:	New → Triaged
Changed in linux (Ubuntu Eoan):
status:	New → Triaged

Revision history for this message

Daniel Axtens (daxtens) wrote on 2019-11-29:

#2

The embargo has expired so I'm making this public now.

description:	updated
information type:	Private Security → Public Security

Kleber Sacilotto de Souza (kleber-souza) on 2019-12-02

Changed in linux (Ubuntu Bionic):
status:	Triaged → Fix Committed
Changed in linux (Ubuntu Xenial):
status:	Triaged → Fix Committed
Changed in linux (Ubuntu Disco):
status:	Triaged → Fix Committed
Changed in linux (Ubuntu Eoan):
status:	Triaged → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-12-03:

#3

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:	added: verification-needed-disco
tags:	added: verification-needed-bionic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-12-03:

#4

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-12-04:

#5

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-12-05:

#6

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-eoan' to 'verification-done-eoan'. If the problem still exists, change the tag 'verification-needed-eoan' to 'verification-failed-eoan'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-eoan

Revision history for this message

Daniel Axtens (daxtens) wrote on 2019-12-06:

#7

My colleague has verified all 4 versions. In all cases, on supported hardware, the test now operates as expected: the secret does not leak unless the mitigation is manually turned off.

I notice the SRU verification is happening a bit sooner than I expected - when do you expect these kernels to be released?

tags:

added: verification-done-bionic verification-done-disco verification-done-eoan verification-done-xenial
removed: verification-needed-bionic verification-needed-disco verification-needed-eoan verification-needed-xenial

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-01-06:

#8

Download full text (27.4 KiB)

This bug was fixed in the package linux - 5.3.0-26.28

---------------
linux (5.3.0-26.28) eoan; urgency=medium

* eoan/linux: 5.3.0-26.28 -proposed tracker (LP: #1856807)

  * nvidia-435 is in eoan, linux-restricted-modules only builds against 430,
    ubiquity gives me the self-signed modules experience instead of using the
    Canonical-signed modules (LP: #1856407)
    - Add nvidia-435 dkms build

linux (5.3.0-25.27) eoan; urgency=medium

* eoan/linux: 5.3.0-25.27 -proposed tracker (LP: #1854762)

* CVE-2019-14901
- SAUCE: mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()

* CVE-2019-14896 // CVE-2019-14897
- SAUCE: libertas: Fix two buffer overflows at parsing bss descriptor

* CVE-2019-14895
- SAUCE: mwifiex: fix possible heap overflow in mwifiex_process_country_ie()

  * [CML] New device id's for CMP-H (LP: #1846335)
    - mmc: sdhci-pci: Add another Id for Intel CML
    - i2c: i801: Add support for Intel Comet Lake PCH-H
    - mtd: spi-nor: intel-spi: Add support for Intel Comet Lake-H SPI serial flash
    - mfd: intel-lpss: Add Intel Comet Lake PCH-H PCI IDs

  * i915: Display flickers (monitor loses signal briefly) during "flickerfree"
    boot, while showing the BIOS logo on a black background (LP: #1836858)
    - [Config] FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y

* Please add patch fixing RK818 ID detection (LP: #1853192)
- SAUCE: mfd: rk808: Fix RK818 ID template

  * Kernel build log filled with "/bin/bash: line 5: warning: command
    substitution: ignored null byte in input" (LP: #1853843)
    - [Debian] Fix warnings when checking for modules signatures

* Lenovo dock MAC Address pass through doesn't work in Ubuntu (LP: #1827961)
- r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2

  * Dell XPS 13 9350/9360 headphone audio hiss (LP: #1654448) // [XPS 13 9360,
    Realtek ALC3246, Black Headphone Out, Front] High noise floor (LP: #1845810)
    - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360

  * no HDMI video output since GDM greeter after linux-oem-osp1 version
    5.0.0-1026 (LP: #1852386)
    - drm/i915: Add new CNL PCH ID seen on a CML platform
    - SAUCE: drm/i915: Fix detection for a CMP-V PCH

  * [broadwell-rt286, playback] Since Linux 5.2rc2 audio playback no longer
    works on Dell Venue 11 Pro 7140 (LP: #1846539)
    - [Config] Drop snd-sof-intel-bdw build
    - SAUCE: ASoC: SOF: Intel: Broadwell: clarify mutual exclusion with legacy
      driver

  * [CML-S62] Need enable turbostat patch support for Comet lake- S 6+2
    (LP: #1847451)
    - SAUCE: tools/power turbostat: Add Cometlake support

  * External microphone can't work on some dell machines with the codec alc256
    or alc236 (LP: #1853791)
    - SAUCE: ALSA: hda/realtek - Move some alc256 pintbls to fallback table
    - SAUCE: ALSA: hda/realtek - Move some alc236 pintbls to fallback table

  * Memory leak in net/xfrm/xfrm_state.c - 8 pages per ipsec connection
    (LP: #1853197)
    - xfrm: Fix memleak on xfrm state destroy

  * CVE-2019-18660: patches for Ubuntu (LP: #1853142) // CVE-2019-18660
    - powerpc/64s: support nospectre_v2 cmdline option
    - powerp...

This bug was fixed in the package linux - 5.3.0-26.28

---------------
linux (5.3.0-26.28) eoan; urgency=medium

* eoan/linux: 5.3.0-26.28 -proposed tracker (LP: #1856807)

* nvidia-435 is in eoan, linux-restricted-modules only builds against 430,
    ubiquity gives me the self-signed modules experience instead of using the
    Canonical-signed modules (LP: #1856407)
    - Add nvidia-435 dkms build

linux (5.3.0-25.27) eoan; urgency=medium

* eoan/linux: 5.3.0-25.27 -proposed tracker (LP: #1854762)

* CVE-2019-14901
    - SAUCE: mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()

* CVE-2019-14896 // CVE-2019-14897
    - SAUCE: libertas: Fix two buffer overflows at parsing bss descriptor

* CVE-2019-14895
    - SAUCE: mwifiex: fix possible heap overflow in mwifiex_process_country_ie()

* [CML] New device id's for CMP-H (LP: #1846335)
    - mmc: sdhci-pci: Add another Id for Intel CML
    - i2c: i801: Add support for Intel Comet Lake PCH-H
    - mtd: spi-nor: intel-spi: Add support for Intel Comet Lake-H SPI serial flash
    - mfd: intel-lpss: Add Intel Comet Lake PCH-H PCI IDs

* i915: Display flickers (monitor loses signal briefly) during "flickerfree"
    boot, while showing the BIOS logo on a black background (LP: #1836858)
    - [Config] FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y

* Please add patch fixing RK818 ID detection (LP: #1853192)
    - SAUCE: mfd: rk808: Fix RK818 ID template

* Kernel build log filled with "/bin/bash: line 5: warning: command
    substitution: ignored null byte in input" (LP: #1853843)
    - [Debian] Fix warnings when checking for modules signatures

* Lenovo dock MAC Address pass through doesn't work in Ubuntu  (LP: #1827961)
    - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2

* Dell XPS 13 9350/9360 headphone audio hiss (LP: #1654448) // [XPS 13 9360,
    Realtek ALC3246, Black Headphone Out, Front] High noise floor (LP: #1845810)
    - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360

* no HDMI video output since GDM greeter after linux-oem-osp1 version
    5.0.0-1026 (LP: #1852386)
    - drm/i915: Add new CNL PCH ID seen on a CML platform
    - SAUCE: drm/i915: Fix detection for a CMP-V PCH

* [broadwell-rt286, playback] Since Linux 5.2rc2 audio playback no longer
    works on Dell Venue 11 Pro 7140 (LP: #1846539)
    - [Config] Drop snd-sof-intel-bdw build
    - SAUCE: ASoC: SOF: Intel: Broadwell: clarify mutual exclusion with legacy
      driver

* [CML-S62] Need enable turbostat patch support for Comet lake- S 6+2
    (LP: #1847451)
    - SAUCE: tools/power turbostat: Add Cometlake support

* External microphone can't work on some dell machines with the codec alc256
    or alc236 (LP: #1853791)
    - SAUCE: ALSA: hda/realtek - Move some alc256 pintbls to fallback table
    - SAUCE: ALSA: hda/realtek - Move some alc236 pintbls to fallback table

* Memory leak in net/xfrm/xfrm_state.c - 8 pages per ipsec connection
    (LP: #1853197)
    - xfrm: Fix memleak on xfrm state destroy

* CVE-2019-18660: patches for Ubuntu (LP: #1853142) // CVE-2019-18660
    - powerpc/64s: support nospectre_v2 cmdline option
    - powerpc/book3s64: Fix link stack flush on context switch
    - KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel

* Raydium Touchscreen on ThinkPad L390 does not work (LP: #1849721)
    - HID: i2c-hid: fix no irq after reset on raydium 3118

* Make Goodix I2C touchpads work (LP: #1853842)
    - HID: i2c-hid: Remove runtime power management
    - HID: i2c-hid: Send power-on command after reset

* Touchpad doesn't work on Dell Inspiron 7000 2-in-1 (LP: #1851901)
    - Revert "UBUNTU: SAUCE: mfd: intel-lpss: add quirk for Dell XPS 13 7390
      2-in-1"
    - lib: devres: add a helper function for ioremap_uc
    - mfd: intel-lpss: Use devm_ioremap_uc for MMIO

* CVE-2019-19055
    - nl80211: fix memory leak in nl80211_get_ftm_responder_stats

* CML: perf enabling for core (LP: #1848978)
    - perf/x86/intel: Add Comet Lake CPU support
    - perf/x86/msr: Add Comet Lake CPU support
    - perf/x86/cstate: Add Comet Lake CPU support
    - perf/x86/msr: Add new CPU model numbers for Ice Lake
    - perf/x86/cstate: Update C-state counters for Ice Lake

* Boot hangs after "Loading initial ramdisk ..."  (LP: #1852586)
    - SAUCE: Revert "tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for
      interrupts"
    - SAUCE: Revert "tpm_tis_core: Turn on the TPM before probing IRQ's"

* [CML-S62] Need enable intel_rapl patch support for Comet lake- S 6+2
    (LP: #1847454)
    - powercap/intel_rapl: add support for CometLake Mobile
    - powercap/intel_rapl: add support for Cometlake desktop

* [CML-S62] Need enable intel_pmc_core driver patch for Comet lake- S 6+2
    (LP: #1847450)
    - SAUCE: platform/x86: intel_pmc_core: Add Comet Lake (CML) platform support
      to intel_pmc_core driver

* update ENA driver for DIMLIB dynamic interrupt moderation (LP: #1853180)
    - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it
    - net: ena: switch to dim algorithm for rx adaptive interrupt moderation
    - net: ena: reimplement set/get_coalesce()
    - net: ena: enable the interrupt_moderation in driver_supported_features
    - net: ena: remove code duplication in
      ena_com_update_nonadaptive_moderation_interval _*()
    - net: ena: remove old adaptive interrupt moderation code from ena_netdev
    - net: ena: remove ena_restore_ethtool_params() and relevant fields
    - net: ena: remove all old adaptive rx interrupt moderation code from ena_com
    - net: ena: fix update of interrupt moderation register
    - net: ena: fix retrieval of nonadaptive interrupt moderation intervals
    - net: ena: fix incorrect update of intr_delay_resolution
    - net: ena: Select DIMLIB for ENA_ETHERNET
    - SAUCE: net: ena: fix issues in setting interrupt moderation params in
      ethtool
    - SAUCE: net: ena: fix too long default tx interrupt moderation interval

* CONFIG_ARCH_ROCKCHIP is not set in ubuntu 18.04 aarch64,arm64 (LP: #1825222)
    - [Config] Enable ROCKCHIP support for arm64

* remount of multilower moved pivoted-root overlayfs root, results in I/O
    errors on some modified files (LP: #1824407)
    - SAUCE: ovl: fix lookup failure on multi lower squashfs

* Eoan update: 5.3.13 upstream stable release (LP: #1853882)
    - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size()
    - block, bfq: deschedule empty bfq_queues not referred by any process
    - mm/memory_hotplug: don't access uninitialized memmaps in shrink_pgdat_span()
    - mm/memory_hotplug: fix updating the node span
    - arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault
    - fbdev: Ditch fb_edid_add_monspecs
    - Linux 5.3.13

* Eoan update: 5.3.12 upstream stable release (LP: #1853475)
    - scsi: core: Handle drivers which set sg_tablesize to zero
    - ax88172a: fix information leak on short answers
    - devlink: disallow reload operation during device cleanup
    - ipmr: Fix skb headroom in ipmr_get_route().
    - mlxsw: core: Enable devlink reload only on probe
    - net: gemini: add missed free_netdev
    - net/smc: fix fastopen for non-blocking connect()
    - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules
    - slip: Fix memory leak in slip_open error path
    - tcp: remove redundant new line from tcp_event_sk_skb
    - dpaa2-eth: free already allocated channels on probe defer
    - devlink: Add method for time-stamp on reporter's dump
    - net/smc: fix refcount non-blocking connect() -part 2
    - ALSA: usb-audio: Fix missing error check at mixer resolution test
    - ALSA: usb-audio: not submit urb for stopped endpoint
    - ALSA: usb-audio: Fix incorrect NULL check in create_yamaha_midi_quirk()
    - ALSA: usb-audio: Fix incorrect size check for processing/extension units
    - Btrfs: fix log context list corruption after rename exchange operation
    - cgroup: freezer: call cgroup_enter_frozen() with preemption disabled in
      ptrace_stop()
    - Input: ff-memless - kill timer in destroy()
    - Input: synaptics-rmi4 - fix video buffer size
    - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver
    - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12)
    - Input: synaptics-rmi4 - clear IRQ enables for F54
    - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing
    - KVM: MMU: Do not treat ZONE_DEVICE pages as being reserved
    - IB/hfi1: Ensure r_tid_ack is valid before building TID RDMA ACK packet
    - IB/hfi1: Calculate flow weight based on QP MTU for TID RDMA
    - IB/hfi1: TID RDMA WRITE should not return IB_WC_RNR_RETRY_EXC_ERR
    - IB/hfi1: Ensure full Gen3 speed in a Gen4 system
    - IB/hfi1: Use a common pad buffer for 9B and 16B packets
    - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present
    - SAUCE: Revert "UBUNTU: SAUCE: x86/intel: Disable HPET on Intel Coffe Lake
      platforms"
    - x86/quirks: Disable HPET on Intel Coffe Lake platforms
    - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable
    - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either
    - io_uring: ensure registered buffer import returns the IO length
    - drm/i915: update rawclk also on resume
    - Revert "drm/i915/ehl: Update MOCS table for EHL"
    - ntp/y2038: Remove incorrect time_t truncation
    - net: ethernet: dwmac-sun8i: Use the correct function in exit path
    - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros
    - mm: mempolicy: fix the wrong return value and potential pages leak of mbind
    - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm()
    - mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()
    - mm: slub: really fix slab walking for init_on_free
    - mm/memory_hotplug: fix try_offline_node()
    - mm/page_io.c: do not free shared swap slots
    - mmc: sdhci-of-at91: fix quirk2 overwrite
    - slcan: Fix memory leak in error path
    - Linux 5.3.12

* Eoan update: 5.3.11 upstream stable release (LP: #1852338)
    - bonding: fix state transition issue in link monitoring
    - CDC-NCM: handle incomplete transfer of MTU
    - ipv4: Fix table id reference in fib_sync_down_addr
    - net: ethernet: octeon_mgmt: Account for second possible VLAN header
    - net: fix data-race in neigh_event_send()
    - net: qualcomm: rmnet: Fix potential UAF when unregistering
    - net/tls: fix sk_msg trim on fallback to copy mode
    - net: usb: qmi_wwan: add support for DW5821e with eSIM support
    - NFC: fdp: fix incorrect free object
    - nfc: netlink: fix double device reference drop
    - NFC: st21nfca: fix double free
    - qede: fix NULL pointer deref in __qede_remove()
    - net: mscc: ocelot: don't handle netdev events for other netdevs
    - net: mscc: ocelot: fix NULL pointer on LAG slave removal
    - net/tls: don't pay attention to sk_write_pending when pushing partial
      records
    - net/tls: add a TX lock
    - selftests/tls: add test for concurrent recv and send
    - ipv6: fixes rt6_probe() and fib6_nh->last_probe init
    - net: hns: Fix the stray netpoll locks causing deadlock in NAPI path
    - net: prevent load/store tearing on sk->sk_stamp
    - net: sched: prevent duplicate flower rules from tcf_proto destroy race
    - net/smc: fix ethernet interface refcounting
    - vsock/virtio: fix sock refcnt holding during the shutdown
    - r8169: fix page read in r8168g_mdio_read
    - ALSA: timer: Fix incorrectly assigned timer instance
    - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite
      Saffire Pro i/o series
    - ALSA: hda/ca0132 - Fix possible workqueue stall
    - mm: memcontrol: fix NULL-ptr deref in percpu stats flush
    - mm: memcontrol: fix network errors from failing __GFP_ATOMIC charges
    - mm, meminit: recalculate pcpu batch and high limits after init completes
    - mm: thp: handle page cache THP correctly in PageTransCompoundMap
    - mm, vmstat: hide /proc/pagetypeinfo from normal users
    - dump_stack: avoid the livelock of the dump_lock
    - mm: slab: make page_cgroup_ino() to recognize non-compound slab pages
      properly
    - btrfs: Consider system chunk array size for new SYSTEM chunks
    - btrfs: tree-checker: Fix wrong check on max devid
    - btrfs: save i_size to avoid double evaluation of i_size_read in
      compress_file_range
    - tools: gpio: Use !building_out_of_srctree to determine srctree
    - pinctrl: intel: Avoid potential glitches if pin is in GPIO mode
    - perf tools: Fix time sorting
    - perf map: Use zalloc for map_groups
    - drm/radeon: fix si_enable_smc_cac() failed issue
    - HID: wacom: generic: Treat serial number and related fields as unsigned
    - mm/khugepaged: fix might_sleep() warn with CONFIG_HIGHPTE=y
    - soundwire: depend on ACPI
    - soundwire: depend on ACPI || OF
    - soundwire: bus: set initial value to port_status
    - blkcg: make blkcg_print_stat() print stats only for online blkgs
    - arm64: Do not mask out PTE_RDONLY in pte_same()
    - ASoC: rsnd: dma: fix SSI9 4/5/6/7 busif dma address
    - ceph: fix use-after-free in __ceph_remove_cap()
    - ceph: fix RCU case handling in ceph_d_revalidate()
    - ceph: add missing check in d_revalidate snapdir handling
    - ceph: don't try to handle hashed dentries in non-O_CREAT atomic_open
    - ceph: don't allow copy_file_range when stripe_count != 1
    - iio: adc: stm32-adc: fix stopping dma
    - iio: imu: adis16480: make sure provided frequency is positive
    - iio: imu: inv_mpu6050: fix no data on MPU6050
    - iio: srf04: fix wrong limitation in distance measuring
    - ARM: sunxi: Fix CPU powerdown on A83T
    - ARM: dts: imx6-logicpd: Re-enable SNVS power key
    - cpufreq: intel_pstate: Fix invalid EPB setting
    - clone3: validate stack arguments
    - netfilter: nf_tables: Align nft_expr private data to 64-bit
    - netfilter: ipset: Fix an error code in ip_set_sockfn_get()
    - intel_th: gth: Fix the window switching sequence
    - intel_th: pci: Add Comet Lake PCH support
    - intel_th: pci: Add Jasper Lake PCH support
    - x86/dumpstack/64: Don't evaluate exception stacks before setup
    - x86/apic/32: Avoid bogus LDR warnings
    - SMB3: Fix persistent handles reconnect
    - can: usb_8dev: fix use-after-free on disconnect
    - can: flexcan: disable completely the ECC mechanism
    - can: c_can: c_can_poll(): only read status register after status IRQ
    - can: peak_usb: fix a potential out-of-sync while decoding packets
    - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid
      skb mem leak
    - can: gs_usb: gs_can_open(): prevent memory leak
    - can: dev: add missing of_node_put() after calling of_get_child_by_name()
    - can: mcba_usb: fix use-after-free on disconnect
    - can: peak_usb: fix slab info leak
    - configfs: fix a deadlock in configfs_symlink()
    - ALSA: usb-audio: More validations of descriptor units
    - ALSA: usb-audio: Simplify parse_audio_unit()
    - ALSA: usb-audio: Unify the release of usb_mixer_elem_info objects
    - ALSA: usb-audio: Remove superfluous bLength checks
    - ALSA: usb-audio: Clean up check_input_term()
    - ALSA: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk()
    - ALSA: usb-audio: remove some dead code
    - ALSA: usb-audio: Fix copy&paste error in the validator
    - usbip: Implement SG support to vhci-hcd and stub driver
    - HID: google: add magnemite/masterball USB ids
    - dmaengine: sprd: Fix the link-list pointer register configuration issue
    - bpf: lwtunnel: Fix reroute supplying invalid dst
    - dmaengine: xilinx_dma: Fix 64-bit simple AXIDMA transfer
    - dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config
    - dmaengine: sprd: Fix the possible memory leak issue
    - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring()
    - powerpc/32s: fix allow/prevent_user_access() when crossing segment
      boundaries.
    - RDMA/mlx5: Clear old rate limit when closing QP
    - iw_cxgb4: fix ECN check on the passive accept
    - RDMA/siw: free siw_base_qp in kref release routine
    - RDMA/qedr: Fix reported firmware version
    - IB/core: Use rdma_read_gid_l2_fields to compare GID L2 fields
    - net/mlx5e: Tx, Fix assumption of single WQEBB of NOP in cleanup flow
    - net/mlx5e: kTLS, Release reference on DUMPed fragments in shutdown flow
    - net/mlx5e: TX, Fix consumer index of error cqe dump
    - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq
    - net/mlx5: fix memory leak in mlx5_fw_fatal_reporter_dump
    - selftests/bpf: More compatible nc options in test_tc_edt
    - scsi: qla2xxx: fixup incorrect usage of host_byte
    - scsi: lpfc: Check queue pointer before use
    - scsi: ufs-bsg: Wake the device before sending raw upiu commands
    - ARC: [plat-hsdk]: Enable on-board SPI NOR flash IC
    - RDMA/uverbs: Prevent potential underflow
    - bpf: Fix use after free in subprog's jited symbol removal
    - net: stmmac: Fix the problem of tso_xmit
    - net: openvswitch: free vport unless register_netdevice() succeeds
    - scsi: lpfc: Honor module parameter lpfc_use_adisc
    - scsi: qla2xxx: Initialized mailbox to prevent driver load failure
    - bpf: Fix use after free in bpf_get_prog_name
    - iwlwifi: pcie: fix PCI ID 0x2720 configs that should be soc
    - iwlwifi: pcie: fix all 9460 entries for qnj
    - iwlwifi: pcie: 0x2720 is qu and 0x30DC is not
    - netfilter: nf_flow_table: set timeout before insertion into hashes
    - drm/v3d: Fix memory leak in v3d_submit_cl_ioctl
    - xsk: Fix registration of Rx-only sockets
    - net: phy: smsc: LAN8740: add PHY_RST_AFTER_CLK_EN flag
    - ipvs: don't ignore errors in case refcounting ip_vs module fails
    - ipvs: move old_secure_tcp into struct netns_ipvs
    - netfilter: nft_payload: fix missing check for matching length in offloads
    - RDMA/nldev: Skip counter if port doesn't match
    - bonding: fix unexpected IFF_BONDING bit unset
    - bonding: use dynamic lockdep key instead of subclass
    - macsec: fix refcnt leak in module exit routine
    - virt_wifi: fix refcnt leak in module exit routine
    - scsi: sd: define variable dif as unsigned int instead of bool
    - usb: dwc3: select CONFIG_REGMAP_MMIO
    - usb: fsl: Check memory resource before releasing it
    - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode.
    - usb: gadget: composite: Fix possible double free memory bug
    - usb: dwc3: pci: prevent memory leak in dwc3_pci_probe
    - usb: gadget: configfs: fix concurrent issue between composite APIs
    - usb: dwc3: remove the call trace of USBx_GFLADJ
    - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise
      RIP validity
    - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h)
    - perf/x86/uncore: Fix event group support
    - USB: Skip endpoints with 0 maxpacket length
    - USB: ldusb: use unsigned size format specifiers
    - usbip: tools: Fix read_usb_vudc_device() error path handling
    - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case
    - RDMA/hns: Prevent memory leaks of eq->buf_list
    - hwmon: (ina3221) Fix read timeout issue
    - scsi: qla2xxx: stop timer in shutdown path
    - sched/topology: Don't try to build empty sched domains
    - sched/topology: Allow sched_asym_cpucapacity to be disabled
    - nvme-multipath: fix possible io hang after ctrl reconnect
    - fjes: Handle workqueue allocation failure
    - net: hisilicon: Fix "Trying to free already-free IRQ"
    - wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
    - net: mscc: ocelot: fix vlan_filtering when enslaving to bridge before link
      is up
    - net: mscc: ocelot: refuse to overwrite the port's native vlan
    - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41
    - mt76: dma: fix buffer unmap with non-linear skbs
    - drm/amdgpu/sdma5: do not execute 0-sized IBs (v2)
    - drm/sched: Set error to s_fence if HW job submission failed.
    - drm/amdgpu: If amdgpu_ib_schedule fails return back the error.
    - drm/amd/display: do not synchronize "drr" displays
    - drm/amd/display: add 50us buffer as WA for pstate switch in active
    - drm/amd/display: Passive DP->HDMI dongle detection fix
    - dc.c:use kzalloc without test
    - SUNRPC: The TCP back channel mustn't disappear while requests are
      outstanding
    - SUNRPC: The RDMA back channel mustn't disappear while requests are
      outstanding
    - SUNRPC: Destroy the back channel when we destroy the host transport
    - hv_netvsc: Fix error handling in netvsc_attach()
    - efi/tpm: Return -EINVAL when determining tpm final events log size fails
    - efi: libstub/arm: Account for firmware reserved memory at the base of RAM
    - x86, efi: Never relocate kernel below lowest acceptable address
    - arm64: cpufeature: Enable Qualcomm Falkor errata 1009 for Kryo
    - usb: dwc3: gadget: fix race when disabling ep with cancelled xfers
    - arm64: apply ARM64_ERRATUM_845719 workaround for Brahma-B53 core
    - arm64: Brahma-B53 is SSB and spectre v2 safe
    - arm64: apply ARM64_ERRATUM_843419 workaround for Brahma-B53 core
    - NFSv4: Don't allow a cached open with a revoked delegation
    - net: ethernet: arc: add the missed clk_disable_unprepare
    - igb: Fix constant media auto sense switching when no cable is connected
    - e1000: fix memory leaks
    - gve: Fixes DMA synchronization.
    - ocfs2: protect extent tree in ocfs2_prepare_inode_for_write()
    - pinctrl: cherryview: Fix irq_valid_mask calculation
    - clk: imx8m: Use SYS_PLL1_800M as intermediate parent of CLK_ARM
    - timekeeping/vsyscall: Update VDSO data unconditionally
    - mm/filemap.c: don't initiate writeback if mapping has no dirty pages
    - cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is
      dead
    - ARM: dts: stm32: change joystick pinctrl definition on stm32mp157c-ev1
    - ASoC: SOF: Intel: hda-stream: fix the CONFIG_ prefix missing
    - usbip: Fix free of unallocated memory in vhci tx
    - bonding: fix using uninitialized mode_lock
    - netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets
    - arm64: errata: Update stale comment
    - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run
    - SAUCE: Revert "UBUNTU: SAUCE: kvm: x86: mmu: Recovery of shattered NX large
      pages"
    - SAUCE: Revert "UBUNTU: SAUCE: kvm: Add helper function for creating VM
      worker threads"
    - SAUCE: Revert "UBUNTU: SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation"
    - SAUCE: Revert "kvm: x86, powerpc: do not allow clearing largepages debugfs
      entry"
    - SAUCE: Revert "UBUNTU: SAUCE: cpu/speculation: Uninline and export CPU
      mitigations helpers"
    - SAUCE: Revert "UBUNTU: SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure"
    - SAUCE: Revert "x86/tsx: Add config options to set tsx=on|off|auto"
    - SAUCE: Revert "x86/speculation/taa: Add documentation for TSX Async Abort"
    - SAUCE: Revert "x86/tsx: Add "auto" option to the tsx= cmdline parameter"
    - SAUCE: Revert "kvm/x86: Export MDS_NO=0 to guests when TSX is enabled"
    - SAUCE: Revert "x86/speculation/taa: Add sysfs reporting for TSX Async Abort"
    - SAUCE: Revert "x86/speculation/taa: Add mitigation for TSX Async Abort"
    - SAUCE: Revert "x86/cpu: Add a "tsx=" cmdline option with TSX disabled by
      default"
    - SAUCE: Revert "x86/cpu: Add a helper function x86_read_arch_cap_msr()"
    - SAUCE: Revert "x86/msr: Add the IA32_TSX_CTRL MSR"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915/cmdparser: Fix jump whitelist
      clearing"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915: Lower RM timeout to avoid DSI hard
      hangs"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915/cmdparser: Ignore Length operands
      during command matching"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915/cmdparser: Add support for backward
      jumps"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915/cmdparser: Use explicit goto for
      error paths"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915: Add gen9 BCS cmdparsing"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915: Allow parsing of unsized batches"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915: Support ro ppgtt mapped cmdparser
      shadow buffers"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915: Add support for mandatory
      cmdparsing"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915: Remove Master tables from cmdparser"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915: Disable Secure Batches for gen6+"
    - SAUCE: Revert "UBUNTU: SAUCE: drm/i915: Rename gen7 cmdparser tables"
    - drm/i915: Rename gen7 cmdparser tables
    - drm/i915: Disable Secure Batches for gen6+
    - drm/i915: Remove Master tables from cmdparser
    - drm/i915: Add support for mandatory cmdparsing
    - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - drm/i915: Allow parsing of unsized batches
    - drm/i915: Add gen9 BCS cmdparsing
    - drm/i915/cmdparser: Use explicit goto for error paths
    - drm/i915/cmdparser: Add support for backward jumps
    - drm/i915/cmdparser: Ignore Length operands during command matching
    - drm/i915: Lower RM timeout to avoid DSI hard hangs
    - drm/i915/gen8+: Add RC6 CTX corruption WA
    - drm/i915/cmdparser: Fix jump whitelist clearing
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
    - x86/bugs: Add ITLB_MULTIHIT bug infrastructure
    - x86/cpu: Add Tremont to the cpu vulnerability whitelist
    - cpu/speculation: Uninline and export CPU mitigations helpers
    - Documentation: Add ITLB_MULTIHIT documentation
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - kvm: mmu: ITLB_MULTIHIT mitigation
    - kvm: Add helper function for creating VM worker threads
    - kvm: x86: mmu: Recovery of shattered NX large pages
    - Linux 5.3.11

* The alsa hda driver is not loaded due to the missing of PCIID for Comet
    Lake-S [8086:a3f0] (LP: #1852070)
    - SAUCE: ALSA: hda: Add Cometlake-S PCI ID

* Can't adjust brightness on DELL UHD dGPU AIO (LP: #1813877)
    - SAUCE: platform/x86: dell-uart-backlight: add missing status command
    - SAUCE: platform/x86: dell-uart-backlight: load driver by scalar status
    - SAUCE: platform/x86: dell-uart-backlight: add force parameter
    - SAUCE: platform/x86: dell-uart-backlight: add quirk for old platforms

* Disable unreliable HPET on CFL-H system (LP: #1852216)
    - SAUCE: x86/intel: Disable HPET on Intel Coffe Lake H platforms

* i40e: Setting VF MAC address causes General Protection Fault (LP: #1852432)
    - i40e: Fix crash caused by stress setting of VF MAC addresses

* CVE-2019-19072
    - tracing: Have error path in predicate_parse() free its allocated memory

* i40e: general protection fault in i40e_config_vf_promiscuous_mode
    (LP: #1852663)
    - SAUCE: i40e Fix GPF when deleting VMs

* hwe-edge kernel 5.3.0-23.25 kernel does not boot on Precision 5720 AIO
    (LP: #1852581)
    - [Packaging] Fix module signing with older modinfo

-- Khalid Elmously <khalid.elmously@canonical.com>  Wed, 18 Dec 2019 00:21:55 -0500

Changed in linux (Ubuntu Eoan):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-01-06:

#9

Download full text (42.3 KiB)

This bug was fixed in the package linux - 5.0.0-38.41

---------------
linux (5.0.0-38.41) disco; urgency=medium

* disco/linux: 5.0.0-38.41 -proposed tracker (LP: #1854788)

  * [Regression] Failed to boot disco kernel built from master-next (kernel
    kernel NULL pointer dereference) (LP: #1853981)
    - SAUCE: blk-mq: Fix blk_mq_make_request for mq devices

* CVE-2019-14901
- SAUCE: mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()

* CVE-2019-14896 // CVE-2019-14897
- SAUCE: libertas: Fix two buffer overflows at parsing bss descriptor

* CVE-2019-14895
- SAUCE: mwifiex: fix possible heap overflow in mwifiex_process_country_ie()

  * [CML] New device id's for CMP-H (LP: #1846335)
    - mmc: sdhci-pci: Add another Id for Intel CML
    - i2c: i801: Add support for Intel Comet Lake PCH-H
    - mtd: spi-nor: intel-spi: Add support for Intel Comet Lake-H SPI serial flash
    - mfd: intel-lpss: Add Intel Comet Lake PCH-H PCI IDs

* Please add patch fixing RK818 ID detection (LP: #1853192)
- SAUCE: mfd: rk808: Fix RK818 ID template

  * [SRU][B/OEM-B/OEM-OSP1/D] Enable new Elan touchpads which are not in current
    whitelist (LP: #1853246)
    - Input: elan_i2c - export the device id whitelist
    - HID: quirks: Refactor ELAN 400 and 401 handling

* Lenovo dock MAC Address pass through doesn't work in Ubuntu (LP: #1827961)
- r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2

  * [CML-S62] Need enable turbostat patch support for Comet lake- S 6+2
    (LP: #1847451)
    - SAUCE: tools/power turbostat: Add Cometlake support

  * External microphone can't work on some dell machines with the codec alc256
    or alc236 (LP: #1853791)
    - SAUCE: ALSA: hda/realtek - Move some alc256 pintbls to fallback table
    - SAUCE: ALSA: hda/realtek - Move some alc236 pintbls to fallback table

  * Memory leak in net/xfrm/xfrm_state.c - 8 pages per ipsec connection
    (LP: #1853197)
    - xfrm: Fix memleak on xfrm state destroy

  * CVE-2019-18660: patches for Ubuntu (LP: #1853142) // CVE-2019-18660
    - powerpc/64s: support nospectre_v2 cmdline option
    - powerpc/book3s64: Fix link stack flush on context switch
    - KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel

* Raydium Touchscreen on ThinkPad L390 does not work (LP: #1849721)
- HID: i2c-hid: fix no irq after reset on raydium 3118

  * Make Goodix I2C touchpads work (LP: #1853842)
    - HID: i2c-hid: Remove runtime power management
    - HID: i2c-hid: Send power-on command after reset

  * Touchpad doesn't work on Dell Inspiron 7000 2-in-1 (LP: #1851901)
    - Revert "UBUNTU: SAUCE: mfd: intel-lpss: add quirk for Dell XPS 13 7390
      2-in-1"
    - lib: devres: add a helper function for ioremap_uc
    - mfd: intel-lpss: Use devm_ioremap_uc for MMIO

* CVE-2019-19055
- nl80211: fix memory leak in nl80211_get_ftm_responder_stats

  * [CML-S62] Need enable intel_rapl patch support for Comet lake- S 6+2
    (LP: #1847454)
    - powercap/intel_rapl: add support for CometLake Mobile
    - powercap/intel_rapl: add support for Cometlake desktop

* [CML-S62] Need enable intel_pmc_core driver patch for Comet l...

This bug was fixed in the package linux - 5.0.0-38.41

---------------
linux (5.0.0-38.41) disco; urgency=medium

* disco/linux: 5.0.0-38.41 -proposed tracker (LP: #1854788)

* [Regression] Failed to boot disco kernel built from master-next (kernel
    kernel NULL pointer dereference) (LP: #1853981)
    - SAUCE: blk-mq: Fix blk_mq_make_request for mq devices

* CVE-2019-14901
    - SAUCE: mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()

* CVE-2019-14896 // CVE-2019-14897
    - SAUCE: libertas: Fix two buffer overflows at parsing bss descriptor

* CVE-2019-14895
    - SAUCE: mwifiex: fix possible heap overflow in mwifiex_process_country_ie()

* [CML] New device id's for CMP-H (LP: #1846335)
    - mmc: sdhci-pci: Add another Id for Intel CML
    - i2c: i801: Add support for Intel Comet Lake PCH-H
    - mtd: spi-nor: intel-spi: Add support for Intel Comet Lake-H SPI serial flash
    - mfd: intel-lpss: Add Intel Comet Lake PCH-H PCI IDs

* Please add patch fixing RK818 ID detection (LP: #1853192)
    - SAUCE: mfd: rk808: Fix RK818 ID template

* [SRU][B/OEM-B/OEM-OSP1/D] Enable new Elan touchpads which are not in current
    whitelist (LP: #1853246)
    - Input: elan_i2c - export the device id whitelist
    - HID: quirks: Refactor ELAN 400 and 401 handling