Skipped because applied for CVE-2019-9500: * brcmfmac: add subtype check for event handling in data path * brcmfmac: assure SSID length from firmware is limited
Skipped because already applied for bug #1830815: * net: hns3: fix for TX clean num when cleaning TX BD * net: hns3: use atomic_t replace u32 for arq's count * net: hns3: free the pending skb when clean RX ring * net: hns3: fix keep_alive_timer not stop problem * net: hns3: add error handler for initializing command queue * net: hns3: check resetting status in hns3_get_stats() * net: hns3: add protect when handling mac addr list Skipped because already applied for bug #1830435: * scsi: libsas: Do discovery on empty PHY to update PHY info Skipped because already applied for bug #1830815: * RDMA/hns: Fix bad endianess of port_pd variable Skipped because already applied for bug #1817058: * e1000e: Disable runtime PM on CNP+ Applied with minor context adjustments: * selinux: avoid uninitialized variable warning ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9500 ** Changed in: linux (Ubuntu Disco) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Disco) Status: New => In Progress ** Changed in: linux (Ubuntu) Status: Confirmed => Invalid ** Description changed: + SRU Justification - SRU Justification + Impact: + The upstream process for stable tree updates is quite similar + in scope to the Ubuntu SRU process, e.g., each patch has to + demonstrably fix a bug, and each patch is vetted by upstream + by originating either directly from a mainline/stable Linux tree or + a minimally backported form of that patch. The following upstream + stable patches should be included in the Ubuntu kernel: - Impact: - The upstream process for stable tree updates is quite similar - in scope to the Ubuntu SRU process, e.g., each patch has to - demonstrably fix a bug, and each patch is vetted by upstream - by originating either directly from a mainline/stable Linux tree or - a minimally backported form of that patch. The following upstream - stable patches should be included in the Ubuntu kernel: + 5.0.20 upstream stable release + from git://git.kernel.org/ - 5.0.20 upstream stable release - from git://git.kernel.org/ + The following patches where applied: + * x86: Hide the int3_emulate_call/jmp functions from UML + * ext4: do not delete unlinked inode from orphan list on failed truncate + * ext4: wait for outstanding dio during truncate in nojournal mode + * KVM: x86: fix return value for reserved EFER + * bio: fix improper use of smp_mb__before_atomic() + * sbitmap: fix improper use of smp_mb__before_atomic() + * Revert "scsi: sd: Keep disk read-only when re-reading partition" + * crypto: hash - fix incorrect HASH_MAX_DESCSIZE + * crypto: vmx - CTR: always increment IV as quadword + * mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem + * mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem + * kvm: svm/avic: fix off-by-one in checking host APIC ID + * libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead + * arm64/kernel: kaslr: reduce module randomization range to 2 GB + * arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable + * gfs2: Fix sign extension bug in gfs2_update_stats + * btrfs: don't double unlock on error in btrfs_punch_hole + * Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path + * Btrfs: avoid fallback to transaction commit during fsync of files with holes + * Btrfs: fix race between ranged fsync and writeback of adjacent ranges + * btrfs: sysfs: Fix error path kobject memory leak + * btrfs: sysfs: don't leak memory when failing add fsid + * fbdev: fix divide error in fb_var_to_videomode + * cifs: fix credits leak for SMB1 oplock breaks + * arm64: errata: Add workaround for Cortex-A76 erratum #1463225 + * btrfs: honor path->skip_locking in backref code + * ovl: relax WARN_ON() for overlapping layers use case + * fbdev: fix WARNING in __alloc_pages_nodemask bug + * media: cpia2: Fix use-after-free in cpia2_exit + * media: serial_ir: Fix use-after-free in serial_ir_init_module + * media: vb2: add waiting_in_dqbuf flag + * media: vivid: use vfree() instead of kfree() for dev->bitmap_cap + * ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit + * bpf: devmap: fix use-after-free Read in __dev_map_entry_free + * batman-adv: mcast: fix multicast tt/tvlv worker locking + * at76c50x-usb: Don't register led_trigger if usb_register_driver failed + * acct_on(): don't mess with freeze protection + * netfilter: ctnetlink: Resolve conntrack L3-protocol flush regression + * Revert "btrfs: Honour FITRIM range constraints during free space trim" + * gfs2: Fix lru_count going negative + * cxgb4: Fix error path in cxgb4_init_module + * afs: Fix getting the afs.fid xattr + * NFS: make nfs_match_client killable + * gfs2: fix race between gfs2_freeze_func and unmount + * IB/hfi1: Fix WQ_MEM_RECLAIM warning + * gfs2: Fix occasional glock use-after-free + * mmc: core: Verify SD bus width + * tools/bpf: fix perf build error with uClibc (seen on ARC) + * selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c + * bpftool: exclude bash-completion/bpftool from .gitignore pattern + * ice: Separate if conditions for ice_set_features() + * blk-mq: split blk_mq_alloc_and_init_hctx into two parts + * blk-mq: grab .q_usage_counter when queuing request from plug code path + * dmaengine: tegra210-dma: free dma controller in remove() + * net: ena: gcc 8: fix compilation warning + * net: ena: fix: set freed objects to NULL to avoid failing future allocations + * hv_netvsc: fix race that may miss tx queue wakeup + * Bluetooth: Ignore CC events not matching the last HCI command + * pinctrl: zte: fix leaked of_node references + * ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE + * usb: dwc2: gadget: Increase descriptors count for ISOC's + * usb: dwc3: move synchronize_irq() out of the spinlock protected block + * usb: gadget: f_fs: don't free buffer prematurely + * ASoC: hdmi-codec: unlock the device on startup errors + * powerpc/perf: Return accordingly on invalid chip-id in + * powerpc/boot: Fix missing check of lseek() return value + * powerpc/perf: Fix loop exit condition in nest_imc_event_init + * spi: atmel-quadspi: fix crash while suspending + * ASoC: imx: fix fiq dependencies + * spi: pxa2xx: fix SCR (divisor) calculation + * brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() + * ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() + * drm/nouveau/bar/nv50: ensure BAR is mapped + * media: stm32-dcmi: return appropriate error codes during probe + * ARM: vdso: Remove dependency with the arch_timer driver internals + * arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable + * x86/ftrace: Set trampoline pages as executable + * powerpc/watchdog: Use hrtimers for per-CPU heartbeat + * sched/cpufreq: Fix kobject memleak + * scsi: qla2xxx: Fix a qla24xx_enable_msix() error path + * scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() + * scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in + tcm_qla2xxx_close_session() + * scsi: qla2xxx: Fix hardirq-unsafe locking + * x86/modules: Avoid breaking W^X while loading modules + * Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota + reserve + * btrfs: fix panic during relocation after ENOSPC before writeback happens + * btrfs: Don't panic when we can't find a root key + * iwlwifi: pcie: don't crash on invalid RX interrupt + * rtc: 88pm860x: prevent use-after-free on device remove + * rtc: stm32: manage the get_irq probe defer case + * scsi: qedi: Abort ep termination if offload not scheduled + * s390/kexec_file: Fix detection of text segment in ELF loader + * ALSA: hda: fix unregister device twice on ASoC driver + * sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs + * net: ethernet: ti: cpsw: fix allmulti cfg in dual_mac mode + * w1: fix the resume command API + * net: phy: improve genphy_soft_reset + * s390: qeth: address type mismatch warning + * dmaengine: pl330: _stop: clear interrupt status + * mac80211/cfg80211: update bss channel on channel switch + * libbpf: fix samples/bpf build failure due to undefined UINT32_MAX + * slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register + * ASoC: fsl_sai: Update is_slave_mode with correct value + * Fix nfs4.2 return -EINVAL when do dedupe operation + * mwifiex: prevent an array overflow + * rsi: Fix NULL pointer dereference in kmalloc + * net: cw1200: fix a NULL pointer dereference + * nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE + * nvme-rdma: fix a NULL deref when an admin connect times out + * nvme-tcp: fix a NULL deref when an admin connect times out + * crypto: sun4i-ss - Fix invalid calculation of hash end + * bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC + branch of run_cache_set + * bcache: return error immediately in bch_journal_replay() + * bcache: fix failure in journal relplay + * bcache: add failure check to run_cache_set() for journal replay + * bcache: avoid clang -Wunintialized warning + * RDMA/cma: Consider scope_id while binding to ipv6 ll address + * vfio-ccw: Do not call flush_workqueue while holding the spinlock + * vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev + * x86/build: Move _etext to actual end of .text + * smpboot: Place the __percpu annotation correctly + * x86/uaccess: Dont leak the AC flag into __put_user() argument evaluation + * x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() + * mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions + * Bluetooth: hci_qca: Give enough time to ROME controller to bootup. + * Bluetooth: btbcm: Add default address for BCM43341B + * HID: logitech-hidpp: use RAP instead of FAP to get the protocol version + * pinctrl: pistachio: fix leaked of_node references + * pinctrl: st: fix leaked of_node references + * pinctrl: samsung: fix leaked of_node references + * clk: rockchip: undo several noc and special clocks as critical on rk3288 + * perf/arm-cci: Remove broken race mitigation + * dmaengine: at_xdmac: remove BUG_ON macro in tasklet + * media: coda: clear error return value before picture run + * media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper + * media: au0828: stop video streaming only when last user stops + * media: ov2659: make S_FMT succeed even if requested format doesn't match + * audit: fix a memory leak bug + * media: stm32-dcmi: fix crash when subdev do not expose any formats + * media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() + * media: pvrusb2: Prevent a buffer overflow + * iio: adc: stm32-dfsdm: fix unmet direct dependencies detected + * block: fix use-after-free on gendisk + * powerpc/numa: improve control of topology updates + * powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX + * random: fix CRNG initialization when random.trust_cpu=1 + * random: add a spinlock_t to struct batched_entropy + * cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock + * sched/core: Check quota and period overflow at usec to nsec conversion + * sched/rt: Check integer overflow at usec to nsec conversion + * sched/core: Handle overflow in cpu_shares_write_u64 + * staging: vc04_services: handle kzalloc failure + * drm/msm/dpu: release resources on modeset failure + * drm/msm: a5xx: fix possible object reference leak + * drm/msm: dpu: Don't set frame_busy_mask for async updates + * drm/msm: Fix NULL pointer dereference + * irq_work: Do not raise an IPI when queueing work on the local CPU + * thunderbolt: Take domain lock in switch sysfs attribute callbacks + * s390/qeth: handle error from qeth_update_from_chp_desc() + * USB: core: Don't unbind interfaces following device reset failure + * x86/irq/64: Limit IST stack overflow check to #DB stack + * drm: etnaviv: avoid DMA API warning when importing buffers + * dt-bindings: phy-qcom-qmp: Add UFS PHY reset + * phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode + * phy: mapphone-mdm6600: add gpiolib dependency + * dpaa2-eth: Fix Rx classification status + * i40e: Able to add up to 16 MAC filters on an untrusted VF + * i40e: don't allow changes to HW VLAN stripping on active port VLANs + * ACPI/IORT: Reject platform device creation on NUMA node mapping failure + * arm64: vdso: Fix clock_getres() for CLOCK_REALTIME + * RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure + * perf/x86/msr: Add Icelake support + * perf/x86/intel/rapl: Add Icelake support + * perf/x86/intel/cstate: Add Icelake support + * PM / devfreq: Fix static checker warning in try_then_request_governor + * hwmon: (vt1211) Use request_muxed_region for Super-IO accesses + * hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses + * hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses + * hwmon: (pc87427) Use request_muxed_region for Super-IO accesses + * hwmon: (f71805f) Use request_muxed_region for Super-IO accesses + * mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers + * mmc_spi: add a status check for spi_sync_locked + * mmc: sdhci-of-esdhc: add erratum eSDHC5 support + * mmc: sdhci-of-esdhc: add erratum A-009204 support + * mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support + * drm/amdgpu: fix old fence check in amdgpu_fence_emit + * PM / core: Propagate dev->power.wakeup_path when no callbacks + * clk: rockchip: Fix video codec clocks on rk3288 + * extcon: arizona: Disable mic detect if running when driver is removed + * clk: rockchip: Make rkpwm a critical clock on rk3288 + * clk: zynqmp: fix check for fractional clock + * s390: zcrypt: initialize variables before_use + * x86/microcode: Fix the ancient deprecated microcode loading method + * s390/mm: silence compiler warning when compiling without CONFIG_PGSTE + * s390: cio: fix cio_irb declaration + * selftests: cgroup: fix cleanup path in test_memcg_subtree_control() + * qmi_wwan: Add quirk for Quectel dynamic config + * cpufreq: ppc_cbe: fix possible object reference leak + * cpufreq/pasemi: fix possible object reference leak + * cpufreq: pmac32: fix possible object reference leak + * cpufreq: kirkwood: fix possible object reference leak + * cpufreq: imx6q: fix possible object reference leak + * block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR + * samples/bpf: fix build with new clang + * x86/build: Keep local relocations with ld.lld + * regulator: core: Avoid potential deadlock on regulator_unregister + * drm/pl111: fix possible object reference leak + * iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion + * iio: hmc5843: fix potential NULL pointer dereferences + * iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data + * iio: adc: ti-ads7950: Fix improper use of mlock + * selftests/bpf: ksym_search won't check symbols exists + * rtlwifi: fix a potential NULL pointer dereference + * mwifiex: Fix mem leak in mwifiex_tm_cmd + * brcmfmac: fix missing checks for kmemdup + * b43: shut up clang -Wuninitialized variable warning + * brcmfmac: convert dev_init_lock mutex to completion + * brcmfmac: fix WARNING during USB disconnect in case of unempty psq + * brcmfmac: fix race during disconnect when USB completion is in progress + * brcmfmac: fix Oops when bringing up interface during USB disconnect + * rtc: xgene: fix possible race condition + * rtlwifi: fix potential NULL pointer dereference + * scsi: ufs: Fix regulator load and icc-level configuration + * scsi: ufs: Avoid configuring regulator with undefined voltage range + * drm/panel: otm8009a: Add delay at the end of initialization + * drm/amd/display: Prevent cursor hotspot overflow for RV overlay planes + * arm64: cpu_ops: fix a leaked reference by adding missing of_node_put + * locking/static_key: Fix false positive warnings on concurrent dec/inc + * wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext + * x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP + * x86/uaccess, signal: Fix AC=1 bloat + * x86/ia32: Fix ia32_restore_sigcontext() AC leak + * x86/uaccess: Fix up the fixup + * chardev: add additional check for minor range overlap + * sh: sh7786: Add explicit I/O cast to sh7786_mm_sel() + * HID: core: move Usage Page concatenation to Main item + * ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put + * ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put + * cxgb3/l2t: Fix undefined behaviour + * clk: renesas: rcar-gen3: Correct parent clock of SYS-DMAC + * block: pass page to xen_biovec_phys_mergeable + * clk: renesas: rcar-gen3: Correct parent clock of Audio-DMAC + * HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent + * spi: tegra114: reset controller on probe + * kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice. + * media: video-mux: fix null pointer dereferences + * media: wl128x: prevent two potential buffer overflows + * media: gspca: Kill URBs on USB device disconnect + * efifb: Omit memory map check on legacy boot + * thunderbolt: property: Fix a missing check of kzalloc + * thunderbolt: Fix to check the return value of kmemdup + * drm: rcar-du: lvds: Set LVEN and LVRES bits together on D3 + * timekeeping: Force upper bound for setting CLOCK_REALTIME + * scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check + * virtio_console: initialize vtermno value for ports + * tty: ipwireless: fix missing checks for ioremap + * staging: mt7621-mmc: Initialize completions a single time during probe + * overflow: Fix -Wtype-limits compilation warnings + * x86/mce: Fix machine_check_poll() tests for error types + * rcutorture: Fix cleanup path for invalid torture_type strings + * x86/mce: Handle varying MCA bank counts + * rcuperf: Fix cleanup path for invalid perf_type strings + * rcu: Do a single rhp->func read in rcu_head_after_call_rcu() + * spi: stm32-qspi: add spi_master_put in release function + * usb: core: Add PM runtime calls to usb_hcd_platform_shutdown + * scsi: qla4xxx: avoid freeing unallocated dma memory + * scsi: lpfc: avoid uninitialized variable warning + * ice: Prevent unintended multiple chain resets + * selinux: avoid uninitialized variable warning + * batman-adv: allow updating DAT entry timeouts on incoming ARP Replies + * dmaengine: tegra210-adma: use devm_clk_*() helpers + * x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors + * staging: mt7621-mmc: Check for nonzero number of scatterlist entries + * hwrng: omap - Set default quality + * thunderbolt: Fix to check return value of ida_simple_get + * thunderbolt: Fix to check for kmemdup failure + * drm/amd/display: fix releasing planes when exiting odm + * drm/amd/display: Link train only when link is DP and backend is enabled + * drm/amd/display: Reset alpha state for planes to the correct values + * thunderbolt: property: Fix a NULL pointer dereference + * media: v4l2-fwnode: The first default data lane is 0 on C-PHY + * media: staging/intel-ipu3: mark PM function as __maybe_unused + * tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers + * igb: Exclude device from suspend direct complete optimization + * media: si2165: fix a missing check of return value + * media: dvbsky: Avoid leaking dvb frontend + * media: m88ds3103: serialize reset messages in m88ds3103_set_frontend + * drm/amd/display: add pipe lock during stream update + * media: staging: davinci_vpfe: disallow building with COMPILE_TEST + * drm/amd/display: Fix Divide by 0 in memory calculations + * drm/amd/display: Set stream->mode_changed when connectors change + * scsi: ufs: fix a missing check of devm_reset_control_get + * media: vimc: stream: fix thread state before sleep + * media: gspca: do not resubmit URBs when streaming has stopped + * media: go7007: avoid clang frame overflow warning with KASAN + * media: vimc: zero the media_device on probe + * media: vim2m: replace devm_kzalloc by kzalloc + * media: cedrus: Add a quirk for not setting DMA offset + * scsi: lpfc: Fix FDMI manufacturer attribute value + * scsi: lpfc: Fix fc4type information for FDMI + * media: saa7146: avoid high stack usage with clang + * scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices + * scsi: lpfc: Fix use-after-free mailbox cmd completion + * audit: fix a memleak caused by auditing load module + * spi : spi-topcliff-pch: Fix to handle empty DMA buffers + * drm: writeback: Fix leak of writeback job + * drm/omap: dsi: Fix PM for display blank with paired dss_pll calls + * drm/omap: Notify all devices in the pipeline of output disconnection + * spi: rspi: Fix sequencer reset during initialization + * regulator: wm831x ldo: Fix notifier mutex lock warning + * regulator: wm831x isink: Fix notifier mutex lock warning + * regulator: ltc3676: Fix notifier mutex lock warning + * regulator: ltc3589: Fix notifier mutex lock warning + * regulator: pv88060: Fix notifier mutex lock warning + * spi: imx: stop buffer overflow in RX FIFO flush + * regulator: lp8755: Fix notifier mutex lock warning + * regulator: da9211: Fix notifier mutex lock warning + * regulator: da9063: Fix notifier mutex lock warning + * regulator: pv88080: Fix notifier mutex lock warning + * regulator: wm831x: Fix notifier mutex lock warning + * regulator: pv88090: Fix notifier mutex lock warning + * regulator: da9062: Fix notifier mutex lock warning + * regulator: da9055: Fix notifier mutex lock warning + * spi: Fix zero length xfer bug + * ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM + * ASoC: ti: fix davinci_mcasp_probe dependencies + * drm/v3d: Handle errors from IRQ setup. + * drm/drv: Hold ref on parent device during drm_device lifetime + * drm: Wake up next in drm_read() chain if we are forced to putback the event + * drm/sun4i: dsi: Change the start delay calculation + * vfio-ccw: Prevent quiesce function going into an infinite loop + * ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset + * drm/sun4i: dsi: Enforce boundaries on the start delay + * NFS: Fix a double unlock from nfs_match,get_client + * Linux 5.0.20 ** Changed in: linux (Ubuntu Disco) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837517 Title: Disco update: 5.0.20 upstream stable release To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1837517/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
