This bug was fixed in the package linux - 4.4.0-166.195
---
linux (4.4.0-166.195) xenial; urgency=medium
* xenial/linux: 4.4.0-166.195 -proposed tracker (LP: #1846069)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
* CVE-2017-18232
- scsi: libsas: direct call probe and destruct
* CVE-2018-21008
- rsi: add fix for crash during assertions
* Xenial update: 4.4.194 upstream stable release (LP: #1845405)
- bridge/mdb: remove wrong use of NLM_F_MULTI
- cdc_ether: fix rndis support for Mediatek based smartphones
- ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
- isdn/capi: check message length in capi_write()
- net: Fix null de-reference of device refcount
- sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
- sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
- sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
- tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
- tipc: add NULL pointer check before calling kfree_rcu
- tun: fix use-after-free when register netdev failed
- Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
- Btrfs: fix assertion failure during fsync and use of stale transaction
- genirq: Prevent NULL pointer dereference in resend_irqs()
- KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
- KVM: x86: work around leak of uninitialized stack contents
- KVM: nVMX: handle page fault in vmread
- MIPS: VDSO: Prevent use of smp_processor_id()
- MIPS: VDSO: Use same -m%-float cflag as the kernel proper
- clk: rockchip: Don't yell about bad mmc phases when getting
- driver core: Fix use-after-free and double free on glue directory
- crypto: talitos - check AES key size
- crypto: talitos - check data blocksize in ablkcipher.
- x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
GCC9 build warning
- MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
- ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
- USB: usbcore: Fix slab-out-of-bounds bug during device reset
- media: tm6000: double free if usb disconnect while streaming
- x86/boot: Add missing bootparam that breaks boot on some platforms
- xen-netfront: do not assume sk_buff_head list is empty in error handling
- serial: sprd: correct the wrong sequence of arguments
- tty/serial: atmel: reschedule TX after RX was started
- mwifiex: Fix three heap overflow at parsing element in
cfg80211_ap_settings
- s390/bpf: fix lcgr instruction encoding
- ARM: OMAP2+: Fix omap4 errata warning on other SoCs
- s390/bpf: use 32-bit index for tail calls
- NFSv4: Fix return values for nfs4_file_open()
- NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
- Kconfig: Fix the reference to the IDT77105 Phy driver in the description
of
ATM_NICSTAR_USE_IDT77105
- ARM: 8874/1: mm: only adjust sections of valid mm structures
- r8152: Set memory to all 0xFFs on failed reg reads
- x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
- netfilter: nf_conntrack_ftp: Fix debug output
- NFSv2: Fix eof handling
- NFSv2: Fix write regression
- cifs: set domainName when a domain-key is used in multiuser
- cifs: Use kzfree() to zero out the password
- sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
- tools/power turbostat: fix buffer overrun
- net: seeq: Fix the function used to release some memory in an error
handling
path
- dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
- keys: Fix missing null pointer check in request_key_auth_describe()
- floppy: fix usercopy direction
- media: technisat-usb2: break out of loop at end of buffer
- ARC: export "abort" for modules
- net_sched: let qdisc_put() accept NULL pointer
- Linux 4.4.194
* CVE-2019-14821
- KVM: coalesced_mmio: add bounds checking
* Xenial update: 4.4.193 upstream stable release (LP: #1845395)
- ALSA: hda - Fix potential endless loop at applying quirks
- ALSA: hda/realtek - Fix overridden device-specific initialization
- xfrm: clean up xfrm protocol checks
- vhost/test: fix build for vhost test
- scripts/decode_stacktrace: match basepath using shell prefix operator, not
regex
- clk: s2mps11: Add used attribute to s2mps11_dt_match
- x86, boot: Remove multiple copy of static function sanitize_boot_params()
- af_packet: tone down the Tx-ring unsupported spew.
- Linux 4.4.193
* Xenial update: 4.4.192 upstream stable release (LP: #1845374)
- net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ
context
- net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
- Bluetooth: btqca: Add a short delay before downloading the NVM
- ibmveth: Convert