UbuntuUpdates.org

Package "linux-kvm"

Name: linux-kvm

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.15.0
  • Header files related to Linux kernel version 4.15.0
  • Header files related to Linux kernel version 4.15.0
  • Header files related to Linux kernel version 4.15.0

Latest version: 4.15.0-1132.137
Release: bionic (18.04)
Level: security
Repository: main

Links



Other versions of "linux-kvm" in Bionic

Repository Area Version
base main 4.15.0-1008.8
updates main 4.15.0-1142.147
proposed main 4.15.0-1142.147

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.15.0-1137.142 2023-03-28 22:07:00 UTC

  linux-kvm (4.15.0-1137.142) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1137.142 -proposed tracker (LP: #2008411)

  [ Ubuntu: 4.15.0-207.218 ]

  * bionic/linux: 4.15.0-207.218 -proposed tracker (LP: #2008419)
  * rtcpie in timers from ubuntu_kernel_selftests randomly failing
    (LP: #1814234)
    - SAUCE: selftest: rtctest: Force passing unreliable subtest
  * btrfs/154: rename fails with EOVERFLOW when calculating item size during
    item key collision (LP: #2004132)
    - btrfs: correctly calculate item size used when item key collision happens
  * CVE-2021-3669
    - ipc: replace costly bailout check in sysvipc_find_ipc()
  * Bionic update: upstream stable patchset 2023-02-06 (LP: #2006403)
    - libtraceevent: Fix build with binutils 2.35
    - once: Fix panic when module unload
    - once: add DO_ONCE_SLOW() for sleepable contexts
    - mm/khugepaged: fix GUP-fast interaction by sending IPI
    - mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
    - block: unhash blkdev part inode when the part is deleted
    - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
    - can: sja1000: fix size of OCR_MODE_MASK define
    - can: mcba_usb: Fix termination command argument
    - ASoC: ops: Correct bounds check for second channel on SX controls
    - perf script python: Remove explicit shebang from tests/attr.c
    - udf: Discard preallocation before extending file with a hole
    - udf: Drop unused arguments of udf_delete_aext()
    - udf: Fix preallocation discarding at indirect extent boundary
    - udf: Do not bother looking for prealloc extents if i_lenExtents matches
      i_size
    - udf: Fix extending file within last block
    - usb: gadget: uvc: Prevent buffer overflow in setup handler
    - USB: serial: option: add Quectel EM05-G modem
    - USB: serial: cp210x: add Kamstrup RF sniffer PIDs
    - igb: Initialize mailbox message for VF reset
    - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
    - usb: musb: remove extra check in musb_gadget_vbus_draw
    - ARM: dts: qcom: apq8064: fix coresight compatible
    - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
    - arm: dts: spear600: Fix clcd interrupt
    - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
    - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
    - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: turris-omnia: Add ethernet aliases
    - ARM: dts: turris-omnia: Add switch port 6 node
    - pstore/ram: Fix error return code in ramoops_probe()
    - ARM: mmp: fix timer_read delay
    - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
    - tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
    - cpuidle: dt: Return the correct numbers of parsed idle states
    - alpha: fix syscall entry in !AUDUT_SYSCALL case
    - PM: hibernate: Fix mistake in kerneldoc comment
    - fs: don't audit the capability check in simple_xattr_list()
    - perf: Fix possible memleak in pmu_dev_alloc()
    - timerqueue: Use rb_entry_safe() in timerqueue_getnext()
    - ocfs2: fix memory leak in ocfs2_stack_glue_init()
    - MIPS: vpe-mt: fix possible memory leak while module exiting
    - MIPS: vpe-cmp: fix possible memory leak while module exiting
    - PNP: fix name memory leak in pnp_alloc_dev()
    - irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
    - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
    - lib/notifier-error-inject: fix error when writing -errno to debugfs file
    - rapidio: fix possible name leaks when rio_add_device() fails
    - rapidio: rio: fix possible name leak in rio_register_mport()
    - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
    - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
    - x86/xen: Fix memory leak in xen_init_lock_cpu()
    - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
    - MIPS: BCM63xx: Add check for NULL for clk in clk_enable
    - fs: sysv: Fix sysv_nblocks() returns wrong value
    - rapidio: fix possible UAF when kfifo_alloc() fails
    - eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
    - hfs: Fix OOB Write in hfs_asc2mac
    - rapidio: devices: fix missing put_device in mport_cdev_open
    - wifi: ath9k: hif_usb: fix memory leak of urbs in
      ath9k_hif_usb_dealloc_tx_urbs()
    - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
    - media: i2c: ad5820: Fix error path
    - spi: Update reference to struct spi_controller
    - media: vivid: fix compose size exceed boundary
    - mtd: Fix device name leak when register device failed in add_mtd_device()
    - media: camss: Clean up received buffers on failed start of streaming
    - drm/radeon: Add the missed acpi_put_table() to fix memory leak
    - ASoC: pxa: fix null-pointer dereference in filter()
    - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
    - ima: Fix misuse of dereference of pointer in template_desc_init_fields()
    - wifi: ath10k: Fix return value in ath10k_pci_init()
    - mtd: lpddr2_nvm: Fix possible null-ptr-deref
    - Input: elants_i2c - properly handle the reset GPIO when power is off
    - media: solo6x10: fix possible memory leak in solo_sysfs_init()
    - media: platform: exynos4-is: Fix error handling in fimc_md_init()
    - HID: hid-sensor-custom: set fixed size for custom attributes
    - ALSA: seq: fix undefined behavior in bit shift for
      SNDRV_SEQ_FILTER_USE_EVENT
    - clk: rockchip: Fix memory leak in r

Source diff to previous version
1814234 rtcpie in timers from ubuntu_kernel_selftests randomly failing
2004132 btrfs/154: rename fails with EOVERFLOW when calculating item size during item key collision
2006403 Bionic update: upstream stable patchset 2023-02-06
CVE-2021-3669 A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to
CVE-2023-0266 A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be u
CVE-2022-41218 In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open
CVE-2023-23559 In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.

Version: 4.15.0-1136.141 2023-03-06 18:06:52 UTC

  linux-kvm (4.15.0-1136.141) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1136.141 -proposed tracker (LP: #2004406)

  * Bionic update: upstream stable patchset 2023-01-20 (LP: #2003596)
    - [Config] kvm: updateconfigs for INET_TABLE_PERTURB_ORDER

  [ Ubuntu: 4.15.0-206.217 ]

  * bionic/linux: 4.15.0-206.217 -proposed tracker (LP: #2004655)
  * CVE-2023-0461
    - SAUCE: Fix inet_csk_listen_start after CVE-2023-0461

  [ Ubuntu: 4.15.0-205.216 ]

  * bionic/linux: 4.15.0-205.216 -proposed tracker (LP: #2004414)
  * Bionic update: upstream stable patchset 2023-01-20 (LP: #2003596)
    - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
    - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
    - nfs4: Fix kmemleak when allocate slot failed
    - net: dsa: Fix possible memory leaks in dsa_loop_init()
    - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
    - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
    - net: fec: fix improper use of NETDEV_TX_BUSY
    - ata: pata_legacy: fix pdc20230_set_piomode()
    - net: sched: Fix use after free in red_enqueue()
    - ipvs: use explicitly signed chars
    - rose: Fix NULL pointer dereference in rose_send_frame()
    - mISDN: fix possible memory leak in mISDN_register_device()
    - isdn: mISDN: netjet: fix wrong check of device registration
    - btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
    - btrfs: fix ulist leaks in error paths of qgroup self tests
    - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
    - net: mdio: fix undefined behavior in bit shift for __mdiobus_register
    - net, neigh: Fix null-ptr-deref in neigh_table_clear()
    - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
    - media: dvb-frontends/drxk: initialize err to 0
    - i2c: xiic: Add platform module alias
    - Bluetooth: L2CAP: Fix attempting to access uninitialized memory
    - block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
    - btrfs: fix type of parameter generation in btrfs_get_dentry
    - tcp/udp: Make early_demux back namespacified.
    - capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
    - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
    - efi: random: reduce seed size to 32 bytes
    - parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
    - parisc: Export iosapic_serial_irq() symbol for serial port driver
    - ext4: fix warning in 'ext4_da_release_space'
    - KVM: x86: Mask off reserved bits in CPUID.80000008H
    - KVM: x86: emulator: em_sysexit should update ctxt->mode
    - KVM: x86: emulator: introduce emulator_recalc_and_set_mode
    - KVM: x86: emulator: update the emulation mode after CR0 write
    - linux/const.h: prefix include guard of uapi/linux/const.h with _UAPI
    - linux/const.h: move UL() macro to include/linux/const.h
    - linux/bits.h: make BIT(), GENMASK(), and friends available in assembly
    - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
    - net: tun: fix bugs for oversize packet when napi frags enabled
    - ipvs: fix WARNING in __ip_vs_cleanup_batch()
    - ipvs: fix WARNING in ip_vs_app_net_cleanup()
    - ipv6: fix WARNING in ip6_route_net_exit_late()
    - parisc: Avoid printing the hardware path twice
    - HID: hyperv: fix possible memory leak in mousevsc_probe()
    - net: gso: fix panic on frag_list with mixed head alloc types
    - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
    - net: fman: Unregister ethernet device on removal
    - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
    - net: lapbether: fix issue of dev reference count leakage in
      lapbeth_device_event()
    - hamradio: fix issue of dev reference count leakage in bpq_device_event()
    - drm/vc4: Fix missing platform_unregister_drivers() call in
      vc4_drm_register()
    - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
    - tipc: fix the msg->req tlv len check in
      tipc_nl_compat_name_table_dump_header
    - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
    - drivers: net: xgene: disable napi when register irq failed in
      xgene_enet_open()
    - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
    - ethernet: s2io: disable napi when start nic failed in s2io_card_up()
    - net: mv643xx_eth: disable napi when init rxq or txq failed in
      mv643xx_eth_open()
    - net: macvlan: fix memory leaks of macvlan_common_newlink
    - arm64: efi: Fix handling of misaligned runtime regions and drop warning
    - ALSA: hda: fix potential memleak in 'add_widget_node'
    - ALSA: usb-audio: Add quirk entry for M-Audio Micro
    - nilfs2: fix deadlock in nilfs_count_free_blocks()
    - drm/i915/dmabuf: fix sg_table handling in map_dma_buf
    - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
    - btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
    - udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
    - cert host tools: Stop complaining about deprecated OpenSSL functions
    - dmaengine: at_hdmac: Fix at_lli struct definition
    - dmaengine: at_hdmac: Don't start transactions at tx_submit level
    - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
    - dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
    - dmaengine: at_hdmac: Fix impossible condition
    - dmaengine: at_hdmac: Check return code of dma_async_device_register
    - x86/cpu: Restore AMD's DE_CFG MSR after resume
    - selftests/futex: fix build for clang
    - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
    - ASoC: core: Fix use-after-free in snd_soc_exit()
    - serial: 8250_omap: remove wait loop from Errata i202 workaround
    - serial: 8250: omap: Flush PM QOS work on remove
    - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
    - ASoC: soc-utils: Remove

Source diff to previous version
2003596 Bionic update: upstream stable patchset 2023-01-20
1968681 rdpru in ubuntu_kvm_unit_tests failed on B-4.15 node riccioli with FAIL: RDPRU raises #UD
2003053 NFS: client permission error after adding user to permissible group
2002889 5.15.0-58.64 breaks xen bridge networking (pvh domU)
2002812 Revoke \u0026 rotate to new signing key
CVE-2023-0461 RESERVED
CVE-2022-3628 A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device
CVE-2022-3545 A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file

Version: 4.15.0-1135.140 2023-02-09 02:37:08 UTC

  linux-kvm (4.15.0-1135.140) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1135.140 -proposed tracker (LP: #2001868)

  [ Ubuntu: 4.15.0-203.214 ]

  * bionic/linux: 4.15.0-203.214 -proposed tracker (LP: #2001876)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * Bionic update: upstream stable patchset 2022-12-01 (LP: #1998542)
    - Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
    - x86/cpufeature: Add facility to check for min microcode revisions
    - x86/cpufeature: Fix various quality problems in the <asm/cpu_device_hd.h>
      header
    - x86/devicetable: Move x86 specific macro out of generic code
    - x86/cpu: Add consistent CPU match macros
    - x86/cpu: Add a steppings field to struct x86_cpu_id
    - x86/entry: Remove skip_r11rcx
    - x86/cpufeatures: Move RETPOLINE flags to word 11
    - x86/bugs: Report AMD retbleed vulnerability
    - x86/bugs: Add AMD retbleed= boot parameter
    - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
    - x86/entry: Add kernel IBRS implementation
    - x86/bugs: Optimize SPEC_CTRL MSR writes
    - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
    - x86/bugs: Split spectre_v2_select_mitigation() and
      spectre_v2_user_select_mitigation()
    - x86/bugs: Report Intel retbleed vulnerability
    - entel_idle: Disable IBRS during long idle
    - x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
    - x86/speculation: Add LFENCE to RSB fill sequence
    - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
    - x86/speculation: Fix firmware entry SPEC_CTRL handling
    - x86/speculation: Fix SPEC_CTRL write on SMT state change
    - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
    - x86/speculation: Remove x86_spec_ctrl_mask
    - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
    - KVM: VMX: Fix IBRS handling after vmexit
    - x86/speculation: Fill RSB on vmexit for IBRS
    - x86/common: Stamp out the stepping madness
    - x86/cpu/amd: Enumerate BTC_NO
    - x86/bugs: Add Cannon lake to RETBleed affected CPU list
    - x86/speculation: Disable RRSBA behavior
    - x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
    - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
    - x86/speculation: Add RSB VM Exit protections
    - ocfs2: clear dinode links count in case of error
    - ocfs2: fix BUG when iput after ocfs2_mknod fails
    - x86/microcode/AMD: Apply the patch early on every logical thread
    - ata: ahci-imx: Fix MODULE_ALIAS
    - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
    - KVM: arm64: vgic: Fix exit condition in scan_its_table()
    - [Config] updateconfigs for ARM64_ERRATUM_1742098
    - arm64: errata: Remove AES hwcap for COMPAT tasks
    - r8152: add PID for the Lenovo OneLink+ Dock
    - btrfs: fix processing of delayed data refs during backref walking
    - ACPI: extlog: Handle multiple records
    - HID: magicmouse: Do not set BTN_MOUSE on double report
    - net/atm: fix proc_mpc_write incorrect return value
    - net: hns: fix possible memory leak in hnae_ae_register()
    - iommu/vt-d: Clean up si_domain in the init_dmars() error path
    - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
    - ACPI: video: Force backlight native for more TongFang devices
    - ALSA: Use del_timer_sync() before freeing timer
    - ALSA: au88x0: use explicitly signed char
    - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
    - usb: dwc3: gadget: Don't set IMI for no_interrupt
    - usb: bdc: change state when port disconnected
    - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96
      controller
    - xhci: Remove device endpoints from bandwidth list when freeing the device
    - tools: iio: iio_utils: fix digit calculation
    - iio: light: tsl2583: Fix module unloading
    - fbdev: smscufx: Fix several use-after-free bugs
    - mac802154: Fix LQI recording
    - drm/msm/hdmi: fix memory corruption with too many bridges
    - mmc: core: Fix kernel panic when remove non-standard SDIO card
    - kernfs: fix use-after-free in __kernfs_remove
    - s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
    - Xen/gntdev: don't ignore kernel unmapping error
    - xen/gntdev: Prevent leaking grants
    - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
    - net: ieee802154: fix error return code in dgram_bind()
    - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
    - arc: iounmap() arg is volatile
    - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
    - x86/unwind/orc: Fix unreliable stack dump with gcov
    - amd-xgbe: fix the SFP compliance codes check for DAC cables
    - amd-xgbe: add the bit rate quirk for Molex cables
    - kcm: annotate data-races around kcm->rx_psock
    - kcm: annotate data-races around kcm->rx_wait
    - net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
    - tcp: fix indefinite deferral of RTO with SACK reneging
    - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error
      path
    - PM: hibernate: Allow hybrid sleep to work with s2idle
    - media: vivid: s_fbuf: add more sanity checks
    - media: vivid: dev->bitmap_cap wasn't freed in all cases
    - media: v4l2-dv-timings: add sanity checks for blanking values
    - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
    - i40e: Fix ethtool rx-flow-hash setting for X722
    - i40e: Fix flow-type by setting GL_HASH_INSET registers
    - net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
    - PM: domains: Fix handling of unavailable/disabled idle states
    - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
    - ALSA: aoa: Fix I2S device accounting
    - openvswitch: switch from WARN to pr_warn
    - net: ehea: fix possible memory leak in ehea_regis

Source diff to previous version
1786013 Packaging resync
1998542 Bionic update: upstream stable patchset 2022-12-01
1996650 Bionic update: upstream stable patchset 2022-11-15

Version: 4.15.0-1134.139 2023-01-12 23:07:20 UTC

  linux-kvm (4.15.0-1134.139) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1134.139 -proposed tracker (LP: #2001997)

  [ Ubuntu: 4.15.0-202.213 ]

  * bionic/linux: 4.15.0-202.213 -proposed tracker (LP: #2002005)
  * CVE-2022-3643
    - xen/netback: Ensure protocol headers don't fall in the non-linear area
  * CVE-2022-45934
    - Bluetooth: L2CAP: Fix u8 overflow
  * CVE-2022-42896
    - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
    - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
  * CVE-2022-43945
    - NFSD: Cap rsize_bop result based on send buffer size

 -- Thadeu Lima de Souza Cascardo <email address hidden> Wed, 11 Jan 2023 00:48:15 -0300

Source diff to previous version
CVE-2022-3643 Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux bas
CVE-2022-45934 An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_R
CVE-2022-42896 There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which ma
CVE-2022-43945 The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by e

Version: 4.15.0-1133.138 2023-01-06 12:06:33 UTC

  linux-kvm (4.15.0-1133.138) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1133.138 -proposed tracker (LP: #1997863)

  [ Ubuntu: 4.15.0-201.212 ]

  * bionic/linux: 4.15.0-201.212 -proposed tracker (LP: #1997871)
  * Expose built-in trusted and revoked certificates (LP: #1996892)
    - [Packaging] Expose built-in trusted and revoked certificates
  * Bionic update: upstream stable patchset 2022-09-21 (LP: #1990434)
    - s390/archrandom: prevent CPACF trng invocations in interrupt context
  * BUG: scheduling while atomic: ip/1210/0x00000200 on xenial/hwe rumford
    (LP: #1995870)
    - tg3: prevent scheduling while atomic splat
  * Bionic update: upstream stable patchset 2022-10-18 (LP: #1993349)
    - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
    - selftests/bpf: Fix test_align verifier log patterns
    - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
    - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
    - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
    - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
    - kcm: fix strp_init() order and cleanup
    - serial: fsl_lpuart: RS485 RTS polariy is inverse
    - staging: rtl8712: fix use after free bugs
    - vt: Clear selection before changing the font
    - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
    - binder: fix UAF of ref->proc caused by race condition
    - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
    - Input: rk805-pwrkey - fix module autoloading
    - hwmon: (gpio-fan) Fix array out of bounds access
    - thunderbolt: Use the actual buffer in tb_async_error()
    - xhci: Add grace period after xHC start to prevent premature runtime suspend.
    - USB: serial: cp210x: add Decagon UCA device id
    - USB: serial: option: add support for OPPO R11 diag port
    - USB: serial: option: add Quectel EM060K modem
    - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
    - usb: dwc2: fix wrong order of phy_power_on and phy_init
    - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
    - usb-storage: Add ignore-residue quirk for NXP PN7462AU
    - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
    - s390: fix nospec table alignments
    - USB: core: Prevent nested device-reset calls
    - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
    - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
    - net: mac802154: Fix a condition in the receive path
    - ALSA: seq: oss: Fix data-race for max_midi_devs access
    - ALSA: seq: Fix data-race at module auto-loading
    - efi: capsule-loader: Fix use-after-free in efi_capsule_write
    - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
      il4965_rs_fill_link_cmd()
    - fs: only do a memory barrier for the first set_buffer_uptodate()
    - Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
    - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
    - drm/radeon: add a force flush to delay work when radeon
    - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
    - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
    - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
    - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
    - ALSA: aloop: Fix random zeros in capture data when using jiffies timer
    - ALSA: usb-audio: Fix an out-of-bounds bug in
      __snd_usb_parse_audio_interface()
    - kprobes: Prohibit probes in gate area
    - scsi: mpt3sas: Fix use-after-free warning
    - driver core: Don't probe devices after bus_type.match() probe deferral
    - netfilter: br_netfilter: Drop dst references before setting.
    - sch_sfb: Don't assume the skb is still around after enqueueing to child
    - tipc: fix shift wrapping bug in map_get()
    - ipv6: sr: fix out-of-bounds read when setting HMAC data.
    - tcp: fix early ETIMEDOUT after spurious non-SACK RTO
    - sch_sfb: Also store skb len before calling child enqueue
    - usb: dwc3: fix PHY disable sequence
    - USB: serial: ch341: fix lost character on LCR updates
    - USB: serial: ch341: fix disabled rx timer on older devices
    - MIPS: loongson32: ls1c: Fix hang during startup
    - SUNRPC: use _bh spinlocking on ->transport_lock
    - net: dp83822: disable false carrier interrupt
    - tcp: annotate data-race around challenge_timestamp
    - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
    - clk: core: Fix runtime PM sequence in clk_core_unprepare()
    - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
    - i40e: Fix kernel crash during module removal
    - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
    - drm/msm/rd: Fix FIFO-full deadlock
    - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
    - tg3: Disable tg3 device on system reboot to avoid triggering AER
    - ieee802154: cc2520: add rc code in cc2520_tx()
    - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
    - tracefs: Only clobber mode/uid/gid on remount if asked
    - net: dp83822: disable rx error interrupt
  * Bionic update: upstream stable patchset 2022-10-06 (LP: #1992112)
    - audit: fix potential double free on error path from fsnotify_add_inode_mark
    - parisc: Fix exception handler for fldw and fstw instructions
    - pinctrl: amd: Don't save/restore interrupt status and wake status bits
    - xfrm: fix refcount leak in __xfrm_policy_check()
    - rose: check NULL rose_loopback_neigh->loopback
    - bonding: 802.3ad: fix no transmission of LACPDUs
    - net: ipvtap - add __init/__exit annotations to module init/exit funcs
    - netfilter: ebtables: reject blobs that don't provide all entry points
    - netfilter: nft_payload: report ERANGE for too long offset and length
    - netfilter: nft_payload: do not

1996892 Expose built-in trusted and revoked certificates
1990434 Bionic update: upstream stable patchset 2022-09-21
1995870 BUG: scheduling while atomic: ip/1210/0x00000200 on xenial/hwe rumford
1993349 Bionic update: upstream stable patchset 2022-10-18
1992112 Bionic update: upstream stable patchset 2022-10-06
CVE-2022-2663 An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall
CVE-2022-3061 Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't c



About   -   Send Feedback to @ubuntu_updates