This bug was fixed in the package linux - 3.13.0-125.174 --------------- linux (3.13.0-125.174) trusty; urgency=low
* linux: 3.13.0-125.174 -proposed tracker (LP: #1703396) * NULL pointer dereference triggered by openvswitch autopkg testcase (LP: #1703401) - Revert "rtnl/do_setlink(): notify when a netdev is modified" - Revert "rtnl/do_setlink(): last arg is now a set of flags" - Revert "rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated" - Revert "rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated" - Revert "rtnetlink: provide api for getting and setting slave info" linux (3.13.0-124.173) trusty; urgency=low * linux: 3.13.0-124.173 -proposed tracker (LP: #1701042) * CVE-2017-7895 - nfsd: Remove assignments inside conditions - svcrdma: Do not add XDR padding to xdr_buf page vector - nfsd4: minor NFSv2/v3 write decoding cleanup - nfsd: stricter decoding of write-like NFSv2/v3 ops * CVE-2017-9605 - drm/vmwgfx: Make sure backup_handle is always valid * CVE-2017-1000380 - ALSA: timer: Fix race between read and ioctl - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT * linux <3.18: netlink notification is missing when an interface is modified (LP: #1690094) - rtnetlink: provide api for getting and setting slave info - rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated - rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated - rtnl/do_setlink(): last arg is now a set of flags - rtnl/do_setlink(): notify when a netdev is modified * CVE-2015-8944 - Make file credentials available to the seqfile interfaces - /proc/iomem: only expose physical resource addresses to privileged users * CVE-2016-10088 - sg_write()/bsg_write() is not fit to be called under KERNEL_DS * CVE-2017-7346 - drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() * CVE-2015-8966 - arm: fix handling of F_OFD_... in oabi_fcntl64() * Missing IOTLB flush causes DMAR errors with SR-IOV (LP: #1697053) - iommu/vt-d: Fix missing IOTLB flush in intel_iommu_unmap() * CVE-2017-8924 - USB: serial: io_ti: fix information leak in completion handler * CVE-2017-8925 - USB: serial: omninet: fix reference leaks at open * CVE-2015-8967 - arm64: make sys_call_table const * CVE-2015-8964 - tty: Prevent ldisc drivers from re-using stale tty fields * CVE-2015-8955 - arm64: perf: reject groups spanning multiple HW PMUs * CVE-2015-8962 - sg: Fix double-free when drives detach during SG_IO * CVE-2015-8963 - perf: Fix race in swevent hash * CVE-2017-9074 - ipv6: Check ip6_find_1stfragopt() return value properly. * CVE-2014-9900 - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() -- Thadeu Lima de Souza Cascardo <casca...@canonical.com> Mon, 10 Jul 2017 13:02:31 -0300 ** Changed in: linux (Ubuntu Trusty) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9900 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8944 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8955 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8962 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8963 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8964 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8966 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8967 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10088 ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2017-1000380 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7346 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7895 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8924 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8925 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9074 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9605 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1697053 Title: Missing IOTLB flush causes DMAR errors with SR-IOV Status in linux package in Ubuntu: Confirmed Status in linux source package in Trusty: Fix Released Bug description: SRU Justification: Impact: Using SR-IOV with Intel IOMMUs can observe DMAR errors of the following type: [606483.223009] DMAR:[fault reason 05] PTE Write access is not set [606484.071974] dmar: DRHD: handling fault status reg 402 [606484.077121] dmar: DMAR:[DMA Write] Request device [d8:0a.1] fault addr 35c6e000 The DMAR error causes, at a minimum, loss of network traffic because the request being serviced is lost. Network cards were also observed to experience transmit timeouts after a DMAR fault. In this case, these errors arise from a race condition in the IOTLB management; this race is described (and fixed) in upstream commit: commit ea8ea460c9ace60bbb5ac6e5521d637d5c15293d Author: David Woodhouse <david.woodho...@intel.com> Date: Wed Mar 5 17:09:32 2014 +0000 iommu/vt-d: Clean up and fix page table clear/free behaviour This commit first appeared in mainline 3.15. This issue affects only the Ubuntu 3.13 kernel series. Fix: The race avoidance portion of the above was backported to 3.14-stable, but was never incorporated into the Ubuntu 3.13 kernel series. commit 51d20e1096a711f8cfa9d98a3ac2dd2c7c0fc20c Author: David Woodhouse <dw...@infradead.org> Date: Mon Jun 9 14:09:53 2014 +0100 iommu/vt-d: Fix missing IOTLB flush in intel_iommu_unmap() Based on commit ea8ea460c9ace60bbb5ac6e5521d637d5c15293d upstream This 3.14-stable patch was tested by the customer and observed to resolve the issue in their environment. Testcase: In this case, the issue occurs on very recent Intel based servers using two different SR-IOV network cards (i40e and bnxt) at a customer site. The customer has tested the patch in their environment and confirmed that it resolves the issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1697053/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp