Package "linux"

  linux (4.15.0-188.199) bionic; urgency=medium

  * bionic/linux: 4.15.0-188.199 -proposed tracker (LP: #1978697)

  * CVE-2022-28388
    - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error
      path

 -- Luke Nowakowski-Krijger <email address hidden> Wed, 15 Jun 2022 13:23:15 -0700

  linux (4.15.0-187.198) bionic; urgency=medium

  * CVE-2022-21123 // CVE-2022-21125 // CVE-2022-21166
    - x86/cpu: Add Elkhart Lake to Intel family
    - cpu/speculation: Add prototype for cpu_show_srbds()
    - x86/cpu: Add Jasper Lake to Intel family
    - x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel
      CPU family
    - x86/cpu: Add another Alder Lake CPU to the Intel family
    - Documentation: Add documentation for Processor MMIO Stale Data
    - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
    - x86/speculation: Add a common function for MD_CLEAR mitigation update
    - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
    - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
    - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
    - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
    - x86/speculation/srbds: Update SRBDS mitigation selection
    - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
    - KVM: x86/speculation: Disable Fill buffer clear within guests
    - x86/speculation/mmio: Print SMT warning

 -- Thadeu Lima de Souza Cascardo <email address hidden> Mon, 13 Jun 2022 11:33:57 -0300

  linux (4.15.0-184.194) bionic; urgency=medium

  * CVE-2022-1966
    - netfilter: nf_tables: disallow non-stateful expression in sets earlier

 -- Thadeu Lima de Souza Cascardo <email address hidden> Thu, 02 Jun 2022 15:36:51 -0300

  linux (4.15.0-180.189) bionic; urgency=medium

  * bionic/linux: 4.15.0-180.189 -proposed tracker (LP: #1974013)

  * CVE-2022-29581
    - net/sched: cls_u32: fix netns refcount changes in u32_change()

  * Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP
    option (LP: #1972740)
    - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

  * ext4: limit length to bitmap_maxbytes (LP: #1972281)
    - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole

 -- Kleber Sacilotto de Souza <email address hidden> Wed, 18 May 2022 15:56:44 +0200

  linux (4.15.0-177.186) bionic; urgency=medium

  * bionic/linux: 4.15.0-177.186 -proposed tracker (LP: #1969083)

  * Bionic update: upstream stable patchset 2022-04-13 (LP: #1968932)
    - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
    - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
    - parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
    - parisc/unaligned: Fix ldw() and stw() unalignment handlers
    - sr9700: sanity check for packet length
    - USB: zaurus: support another broken Zaurus
    - ping: remove pr_err from ping_lookup
    - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
    - gso: do not skip outer ip header in case of ipip and net_failover
    - openvswitch: Fix setting ipv6 fields causing hw csum failure
    - drm/edid: Always set RGB444
    - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
    - configfs: fix a race in configfs_{,un}register_subsystem()
    - RDMA/ib_srp: Fix a deadlock
    - iio: adc: men_z188_adc: Fix a resource leak in an error handling path
    - ata: pata_hpt37x: disable primary channel on HPT371
    - Revert "USB: serial: ch341: add new Product ID for CH341A"
    - usb: gadget: rndis: add spinlock for rndis response list
    - tracefs: Set the group ownership in apply_options() not parse_options()
    - USB: serial: option: add support for DW5829e
    - USB: serial: option: add Telit LE910R1 compositions
    - usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
    - xhci: re-initialize the HC during resume if HCE was set
    - xhci: Prevent futile URB re-submissions due to incorrect return value.
    - tty: n_gsm: fix encoding of control signal octet bit DV
    - tty: n_gsm: fix proper link termination after failed open
    - Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of
      DEVINIT/PREOS/ACR"
    - memblock: use kfree() to release kmalloced memblock regions
    - fget: clarify and improve __fget_files() implementation
    - gpio: tegra186: Fix chip_data type confusion
    - tracing: Have traceon and traceoff trigger honor the instance
    - mac80211_hwsim: report NOACK frames in tx_status
    - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
    - i2c: bcm2835: Avoid clock stretching timeouts
    - Input: clear BTN_RIGHT/MIDDLE on buttonpads
    - cifs: fix double free race when mount fails in cifs_get_root()
    - dmaengine: shdma: Fix runtime PM imbalance on error
    - i2c: cadence: allow COMPILE_TEST
    - i2c: qup: allow COMPILE_TEST
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
    - usb: gadget: don't release an existing dev->buf
    - usb: gadget: clear related members when goto fail
    - ata: pata_hpt37x: fix PCI clock detection
    - ALSA: intel_hdmi: Fix reference to PCM buffer address
    - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
    - xfrm: fix MTU regression
    - netfilter: fix use-after-free in __nf_register_net_hook()
    - xfrm: enforce validity of offload input flags
    - netfilter: nf_queue: don't assume sk is full socket
    - netfilter: nf_queue: fix possible use-after-free
    - batman-adv: Request iflink once in batadv-on-batadv check
    - batman-adv: Request iflink once in batadv_get_real_netdevice
    - batman-adv: Don't expect inter-netns unique iflink indices
    - net: dcb: flush lingering app table entries for unregistered devices
    - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
    - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
    - mac80211: fix forwarded mesh frames AC & queue selection
    - net: stmmac: fix return value of __setup handler
    - net: sxgbe: fix return value of __setup handler
    - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
    - efivars: Respect "block" flag in efivar_entry_set_safe()
    - can: gs_usb: change active_channels's type from atomic_t to u8
    - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
    - soc: fsl: qe: Check of ioremap return value
    - net: chelsio: cxgb3: check the return value of pci_find_capability()
    - nl80211: Handle nla_memdup failures in handle_nan_filter
    - Input: elan_i2c - move regulator_[en|dis]able() out of
      elan_[en|dis]able_power()
    - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
    - HID: add mapping for KEY_ALL_APPLICATIONS
    - memfd: fix F_SEAL_WRITE after shmem huge page allocated
    - net: dcb: disable softirqs in dcbnl_flush_dev()
    - hamradio: fix macro redefine warning
    - arm/arm64: Provide a wrapper for SMCCC 1.1 calls
    - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
    - ARM: report Spectre v2 status through sysfs
    - ARM: early traps initialisation
    - ARM: use LOADADDR() to get load address of sections
    - [Config] updateconfigs for HARDEN_BRANCH_HISTORY
    - ARM: Spectre-BHB workaround
    - ARM: include unprivileged BPF status in Spectre V2 reporting
    - ARM: fix build error when BPF_SYSCALL is disabled
    - ARM: fix co-processor register typo
    - ARM: Do not use NOCROSSREFS directive with ld.lld
    - ARM: fix build warning in proc-v7-bugs.c
    - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
    - xen/grant-table: add gnttab_try_end_foreign_access()
    - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
    - xen/netfront: don't use gnttab_query_foreign_access() for mapped status
    - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
    - xen/gntalloc: don't use gnttab_query_foreign_access()
    - xen: remove gnttab_query_foreign_access()
    - xen/9p: use alloc/free_pages_exact()
    - xen/gnttab: fix gnttab_end_foreign_access() without page specified
    - xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

  * ip6gre driver does not hold device reference