This bug was fixed in the package linux - 4.4.0-89.112

linux (4.4.0-89.112) xenial; urgency=low

  * CVE-2017-7533
    - dentry name snapshots

linux (4.4.0-88.111) xenial; urgency=low

  * linux: 4.4.0-88.111 -proposed tracker (LP: #1705270)

  * [Xenial] nvme: Quirks for PM1725 controllers (LP: #1704435)
    - nvme: Quirks for PM1725 controllers

  * Upgrade Redpine WLAN/BT driver to ver. 1.2 (production release)
    (LP: #1697829)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

  * ubuntu/rsi driver has several issues as picked up by static analysis
    (LP: #1694733)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

  * Redpine vendor driver - Switching to AP mode causes kernel panic
    (LP: #1700941)
    - SAUCE: Redpine: Upgrade to ver. 1.2 production release

  * CVE-2017-10810
    - drm/virtio: don't leak bo on drm_gem_object_init failure

  * Ath10k to read different board data file if specify in SMBIOS (LP: #1666742)
    - ath10k: search SMBIOS for OEM board file extension

  * make snap-pkg support (LP: #1700747)
    - SAUCE: make snap-pkg support

  * ISST-LTE: Briggs:Stratton:UbuntuKVM:  ics_opal_set_affinity on host kernel
    log using Intel X710 (i40e driver) (LP: #1703663)
    - i40e: use valid online CPU on q_vector initialization

  * Update snapcraft.yaml (LP: #1700480)
    - snapcraft.yaml: various improvements

  * Xenial update to 4.4.76 stable release (LP: #1702863)
    - ipv6: release dst on error in ip6_dst_lookup_tail
    - net: don't call strlen on non-terminated string in dev_set_alias()
    - decnet: dn_rtmsg: Improve input length sanitization in
    - net: Zero ifla_vf_info in rtnl_fill_vfinfo()
    - af_unix: Add sockaddr length checks before accessing sa_family in bind and
      connect handlers
    - Fix an intermittent pr_emerg warning about lo becoming free.
    - net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
    - igmp: acquire pmc lock for ip_mc_clear_src()
    - igmp: add a missing spin_lock_init()
    - ipv6: fix calling in6_ifa_hold incorrectly for dad work
    - net/mlx5: Wait for FW readiness before initializing command interface
    - decnet: always not take dst->__refcnt when inserting dst into hash table
    - net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
    - sfc: provide dummy definitions of vswitch functions
    - ipv6: Do not leak throw route references
    - rtnetlink: add IFLA_GROUP to ifla_policy
    - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
    - netfilter: synproxy: fix conntrackd interaction
    - NFSv4: fix a reference leak caused WARNING messages
    - drm/ast: Handle configuration without P2A bridge
    - mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff()
    - MIPS: Avoid accidental raw backtrace
    - MIPS: pm-cps: Drop manual cache-line alignment of ready_count
    - MIPS: Fix IRQ tracing & lockdep when rescheduling
    - ALSA: hda - Fix endless loop of codec configure
    - ALSA: hda - set input_path bitmap to zero after moving it to new place
    - drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr
    - usb: gadget: f_fs: Fix possibe deadlock
    - sysctl: enable strict writes
    - mm: numa: avoid waiting on freed migrated pages
    - KVM: x86: fix fixing of hypercalls
    - scsi: sd: Fix wrong DPOFUA disable in sd_read_cache_type
    - scsi: lpfc: Set elsiocb contexts to NULL after freeing it
    - qla2xxx: Fix erroneous invalid handle message
    - ARM: dts: BCM5301X: Correct GIC_PPI interrupt flags
    - net: mvneta: Fix for_each_present_cpu usage
    - MIPS: ath79: fix regression in PCI window initialization
    - net: korina: Fix NAPI versus resources freeing
    - MIPS: ralink: MT7688 pinmux fixes
    - MIPS: ralink: fix USB frequency scaling
    - MIPS: ralink: Fix invalid assignment of SoC type
    - MIPS: ralink: fix MT7628 pinmux typos
    - MIPS: ralink: fix MT7628 wled_an pinmux gpio
    - mtd: bcm47xxpart: limit scanned flash area on BCM47XX (MIPS) only
    - bgmac: fix a missing check for build_skb
    - mtd: bcm47xxpart: don't fail because of bit-flips
    - bgmac: Fix reversed test of build_skb() return value.
    - net: bgmac: Fix SOF bit checking
    - net: bgmac: Start transmit queue in bgmac_open
    - net: bgmac: Remove superflous netif_carrier_on()
    - powerpc/eeh: Enable IO path on permanent error
    - gianfar: Do not reuse pages from emergency reserve
    - Btrfs: fix truncate down when no_holes feature is enabled
    - virtio_console: fix a crash in config_work_handler
    - swiotlb-xen: update dev_addr after swapping pages
    - xen-netfront: Fix Rx stall during network stress and OOM
    - scsi: virtio_scsi: Reject commands when virtqueue is broken
    - platform/x86: ideapad-laptop: handle ACPI event 1
    - amd-xgbe: Check xgbe_init() return code
    - net: dsa: Check return value of phy_connect_direct()
    - drm/amdgpu: check ring being ready before using
    - vfio/spapr: fail tce_iommu_attach_group() when iommu_data is null
    - virtio_net: fix PAGE_SIZE > 64k
    - vxlan: do not age static remote mac entries
    - ibmveth: Add a proper check for the availability of the checksum features
    - kernel/panic.c: add missing \n
    - HID: i2c-hid: Add sleep between POWER ON and RESET
    - scsi: lpfc: avoid double free of resource identifiers
    - spi: davinci: use dma_mapping_error()
    - mac80211: initialize SMPS field in HT capabilities
    - x86/mpx: Use compatible types in comparison to fix sparse error
    - coredump: Ensure proper size of sparse core files
    - swiotlb: ensure that page-sized mappings are page-aligned
    - s390/ctl_reg: make __ctl_load a full memory barrier
    - be2net: fix status check in be_cmd_pmac_add()
    - perf probe: Fix to show correct locations for events on modules
    - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
    - sctp: check af before verify address in sctp_addr_id2transport
    - ravb: Fix use-after-free on `ifconfig eth0 down`
    - jump label: fix passing kbuild_cflags when checking for asm goto support
    - xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY
    - xfrm: NULL dereference on allocation failure
    - xfrm: Oops on error in pfkey_msg2xfrm_state()
    - watchdog: bcm281xx: Fix use of uninitialized spinlock.
    - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting
    - ARM64/ACPI: Fix BAD_MADT_GICC_ENTRY() macro implementation
    - ARM: 8685/1: ensure memblock-limit is pmd-aligned
    - x86/mpx: Correctly report do_mpx_bt_fault() failures to user-space
    - x86/mm: Fix flush_tlb_page() on Xen
    - ocfs2: o2hb: revert hb threshold to keep compatible
    - iommu/vt-d: Don't over-free page table directories
    - iommu: Handle default domain attach failure
    - iommu/amd: Fix incorrect error handling in amd_iommu_bind_pasid()
    - cpufreq: s3c2416: double free on driver init error path
    - KVM: x86: fix emulation of RSM and IRET instructions
    - KVM: x86/vPMU: fix undefined shift in intel_pmu_refresh()
    - KVM: x86: zero base3 of unusable segments
    - KVM: nVMX: Fix exception injection
    - Linux 4.4.76

  * Xenial update to 4.4.75 stable release (LP: #1702118)
    - fs/exec.c: account for argv/envp pointers
    - autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
    - lib/cmdline.c: fix get_options() overflow while parsing ranges
    - KVM: PPC: Book3S HV: Preserve userspace HTM state properly
    - CIFS: Improve readdir verbosity
    - HID: Add quirk for Dell PIXART OEM mouse
    - signal: Only reschedule timers on signals timers have sent
    - powerpc/kprobes: Pause function_graph tracing during jprobes handling
    - Input: i8042 - add Fujitsu Lifebook AH544 to notimeout list
    - time: Fix clock->read(clock) race around clocksource changes
    - target: Fix kref->refcount underflow in transport_cmd_finish_abort
    - iscsi-target: Reject immediate data underflow larger than SCSI transfer
    - drm/radeon: add a PX quirk for another K53TK variant
    - drm/radeon: add a quirk for Toshiba Satellite L20-183
    - drm/amdgpu/atom: fix ps allocation size for EnableDispPowerGating
    - drm/amdgpu: adjust default display clock
    - USB: usbip: fix nonconforming hub descriptor
    - rxrpc: Fix several cases where a padded len isn't checked in ticket decode
    - of: Add check to of_scan_flat_dt() before accessing initial_boot_params
    - mtd: spi-nor: fix spansion quad enable
    - powerpc/slb: Force a full SLB flush when we insert for a bad EA
    - usb: gadget: f_fs: avoid out of bounds access on comp_desc
    - net: phy: Initialize mdio clock at probe function
    - net: phy: fix marvell phy status reading
    - Linux 4.4.75

  * Xenial update to 4.4.74 stable release (LP: #1702104)
    - configfs: Fix race between create_link and configfs_rmdir
    - can: gs_usb: fix memory leak in gs_cmd_reset()
    - cpufreq: conservative: Allow down_threshold to take values from 1 to 10
    - vb2: Fix an off by one error in 'vb2_plane_vaddr'
    - mac80211: don't look at the PM bit of BAR frames
    - mac80211/wpa: use constant time memory comparison for MACs
    - mac80211: fix CSA in IBSS mode
    - mac80211: fix IBSS presp allocation size
    - serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'
    - x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init()
    - mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode
    - staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data()
    - iio: proximity: as3935: recalibrate RCO after resume
    - USB: hub: fix SS max number of ports
    - usb: core: fix potential memory leak in error path during hcd creation
    - pvrusb2: reduce stack usage pvr2_eeprom_analyze()
    - USB: gadget: dummy_hcd: fix hub-descriptor removable fields
    - usb: r8a66597-hcd: select a different endpoint on timeout
    - usb: r8a66597-hcd: decrease timeout
    - drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of
    - usb: xhci: ASMedia ASM1042A chipset need shorts TX quirk
    - USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks
    - mm/memory-failure.c: use compound_head() flags for huge pages
    - swap: cond_resched in swap_cgroup_prepare()
    - genirq: Release resources in __setup_irq() error path
    - alarmtimer: Prevent overflow of relative timers
    - usb: dwc3: exynos fix axius clock error path to do cleanup
    - MIPS: Fix bnezc/jialc return address calculation
    - alarmtimer: Rate limit periodic intervals
    - Linux 4.4.74

  * Side Button (Display Toggle) fails on Dell AIO systems (LP: #1702541)
    - dell-wmi: Add a WMI event code for display on/off

  * Intel i40e PF reset under load (LP: #1700834)
    - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per 

  * update ENA driver to 1.2.0k from net-next (LP: #1701575)
    - net: ena: remove superfluous check in ena_remove()
    - net: ena: fix rare uncompleted admin command false alarm
    - net: ena: add missing return when ena_com_get_io_handlers() fails
    - net: ena: fix race condition between submit and completion admin command
    - net: ena: add missing unmap bars on device removal
    - net: ena: fix theoretical Rx hang on low memory systems
    - net: ena: disable admin msix while working in polling mode
    - net: ena: bug fix in lost tx packets detection mechanism
    - net: ena: update ena driver to version 1.1.7
    - net: ena: change return value for unsupported features unsupported return
    - net: ena: add hardware hints capability to the driver
    - net: ena: change sizeof() argument to be the type pointer
    - net: ena: add reset reason for each device FLR
    - net: ena: add support for out of order rx buffers refill
    - net: ena: use napi_schedule_irqoff when possible
    - net: ena: separate skb allocation to dedicated function
    - net: ena: use lower_32_bits()/upper_32_bits() to split dma address
    - net: ena: update driver's rx drop statistics
    - net: ena: update ena driver to version 1.2.0

 -- Thadeu Lima de Souza Cascardo <>  Mon, 31 Jul
2017 14:50:32 -0300

** Changed in: linux (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added:

** CVE added:

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  Redpine vendor driver - Switching to AP mode causes kernel panic

Status in HWE Next:
  In Progress
Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  Fix Released

Bug description:
  Switching from STA to AP mode on RS9113 Redpine Wifi-BT combo device,
  system reports a kernel panic.

  The Redpine driver (ver. 1.2 RC12) doesn't track the Linux 4.4.69 stable 
  which introduced following patches to mac80211 subsystem:
  - mac80211: pass RX aggregation window size to driver
  - mac80211: pass block ack session timeout to to driver
  - mac80211: RX BA support for sta max_rx_aggregation_subframes

  The Redpine driver ver. 1.2RC12 needs to be updated to handle the changes 
  in the patch:
  - mac80211: pass block ack session timeout to to driver
  (more details here:
  buntu-4.4.0-82.105&id=0b2141bd007213cc9c4228786f773a3c35c41c56 and 

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to