This bug was fixed in the package linux - 4.15.0-69.78
---
linux (4.15.0-69.78) bionic; urgency=medium
* KVM NULL pointer deref (LP: #1851205)
- KVM: nVMX: handle page fault in vmread fix
* CVE-2018-12207
- KVM: MMU: drop vcpu param in gpte_access
- kvm: Convert kvm_lock to a mutex
- kvm: x86: Do not release the page inside mmu_set_spte()
- KVM: x86: make FNAME(fetch) and __direct_map more similar
- KVM: x86: remove now unneeded hugepage gfn adjustment
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry
- SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
active
- SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
- SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
- SAUCE: kvm: Add helper function for creating VM worker threads
- SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
- SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
- SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
* CVE-2019-11135
- KVM: x86: use Intel speculation bugs and features as derived in generic
x86
code
- x86/msr: Add the IA32_TSX_CTRL MSR
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
- x86/speculation/taa: Add mitigation for TSX Async Abort
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
- x86/speculation/taa: Add documentation for TSX Async Abort
- x86/tsx: Add config options to set tsx=on|off|auto
- SAUCE: x86/speculation/taa: Call tsx_init()
- SAUCE: x86/cpu: Include cpu header from bugs.c
- [Config] Disable TSX by default when possible
* CVE-2019-0154
- SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
- SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
* CVE-2019-0155
- drm/i915/gtt: Add read only pages to gen8_pte_encode
- drm/i915/gtt: Read-only pages for insert_entries on bdw+
- drm/i915/gtt: Disable read-only support under GVT
- drm/i915: Prevent writing into a read-only object via a GGTT mmap
- drm/i915/cmdparser: Check reg_table_count before derefencing.
- drm/i915/cmdparser: Do not check past the cmd length.
- drm/i915: Silence smatch for cmdparser
- drm/i915: Move engine->needs_cmd_parser to engine->flags
- SAUCE: drm/i915: Rename gen7 cmdparser tables
- SAUCE: drm/i915: Disable Secure Batches for gen6+
- SAUCE: drm/i915: Remove Master tables from cmdparser
- SAUCE: drm/i915: Add support for mandatory cmdparsing
- SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
- SAUCE: drm/i915: Allow parsing of unsized batches
- SAUCE: drm/i915: Add gen9 BCS cmdparsing
- SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
- SAUCE: drm/i915/cmdparser: Add support for backward jumps
- SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching
linux (4.15.0-68.77) bionic; urgency=medium
* bionic/linux: 4.15.0-68.77 -proposed tracker (LP: #1849855)
* [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
setting (LP: #1849682)
- Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."
linux (4.15.0-67.76) bionic; urgency=medium
* bionic/linux: 4.15.0-67.76 -proposed tracker (LP: #1849035)
* Unexpected CFS throttling (LP: #1832151)
- sched/fair: Add lsub_positive() and use it consistently
- sched/fair: Fix low cpu usage with high throttling by removing expiration
of
cpu-local slices
- sched/fair: Fix -Wunused-but-set-variable warnings
* [CML] New device IDs for CML-U (LP: #1843774)
- i2c: i801: Add support for Intel Comet Lake
- spi: pxa2xx: Add support for Intel Comet Lake
* CVE-2019-17666
- SAUCE: rtlwifi: rtl8822b: Fix potential overflow on P2P code
- SAUCE: rtlwifi: Fix potential overflow on P2P code
* md raid0/linear doesn't show error state if an array member is removed and
allows successful writes (LP: #1847773)
- md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone
* Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x from yes
to no (LP: #1848492)
- [Config] Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for
s390x
from yes to no
* [Packaging] Support building Flattened Image Tree (FIT) kernels
(LP: #1847969)
- [Packaging] add rules to build FIT image
- [Packaging] force creation of headers directory
* bcache: Performance degradation when querying priority_stats (LP: #1840043)
- bcache: add cond_resched() in __bch_cache_cmp()
* Add installer support fo
