Package "linux-kvm"

  linux-kvm (4.4.0-1093.102) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1093.102 -proposed tracker (LP: #1924636)

  [ Ubuntu: 4.4.0-210.242 ]

  * xenial/linux: 4.4.0-210.242 -proposed tracker (LP: #1924644)
  * setting extended attribute may cause memory leak (LP: #1924611)
    - SAUCE: vfs_setxattr: free converted value if xattr_permission returns error

 -- Stefan Bader <email address hidden> Fri, 16 Apr 2021 14:54:26 +0200

  linux-kvm (4.4.0-1092.101) xenial; urgency=medium

  [ Ubuntu: 4.4.0-209.241 ]

  * overlayfs calls vfs_setxattr without cap_convert_nscap
    - vfs: move cap_convert_nscap() call into vfs_setxattr()
  * CVE-2021-29154
    - SAUCE: bpf, x86: Validate computation of branch displacements for x86-64

 -- Stefan Bader <email address hidden> Tue, 13 Apr 2021 10:36:01 +0200

  linux-kvm (4.4.0-1091.100) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1091.100 -proposed tracker (LP: #1922062)

  * CVE-2017-5967
    - kvm: [Config] Dropped CONFIG_TIMER_STATS

  * Xenial update: v4.4.257 upstream stable release (LP: #1916660)
    - kvm: [Config] updateconfigs for ELFCORE

  [ Ubuntu: 4.4.0-208.240 ]

  * xenial/linux: 4.4.0-208.240 -proposed tracker (LP: #1922069)
  * linux ADT test failure with linux/4.4.0-207.239 -
    ubuntu_qrt_kernel_security.test-kernel-security.py (LP: #1922200) //
    CVE-2018-5953 // CVE-2018-5995 // CVE-2018-7754
    - SAUCE: Revert "printk: hash addresses printed with %p"
  * lxd 2.0.11-0ubuntu1~16.04.4 ADT test failure with linux 4.4.0-207.239
    (LP: #1921969)
    - SAUCE: Fix fuse regression in 4.4.0-207.239

  [ Ubuntu: 4.4.0-207.239 ]

  * xenial/linux: 4.4.0-207.239 -proposed tracker (LP: #1919558)
  * Xenial update: v4.4.262 upstream stable release (LP: #1920221)
    - uapi: nfnetlink_cthelper.h: fix userspace compilation error
    - ath9k: fix transmitting to stations in dynamic SMPS mode
    - net: Fix gro aggregation for udp encaps with zero csum
    - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before
      setting skb ownership
    - can: flexcan: assert FRZ bit in flexcan_chip_freeze()
    - can: flexcan: enable RX FIFO after FRZ/HALT valid
    - netfilter: x_tables: gpf inside xt_find_revision()
    - cifs: return proper error code in statfs(2)
    - floppy: fix lock_fdc() signal handling
    - Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
    - futex: Change locking rules
    - futex: Cure exit race
    - futex: fix dead code in attach_to_pi_owner()
    - net/mlx4_en: update moderation when config reset
    - net: lapbether: Remove netif_start_queue / netif_stop_queue
    - net: davicom: Fix regulator not turned off on failed probe
    - net: davicom: Fix regulator not turned off on driver removal
    - media: usbtv: Fix deadlock on suspend
    - mmc: mxs-mmc: Fix a resource leak in an error handling path in
      'mxs_mmc_probe()'
    - mmc: mediatek: fix race condition between msdc_request_timeout and irq
    - powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
    - PCI: xgene-msi: Fix race in installing chained irq handler
    - s390/smp: __smp_rescan_cpus() - move cpumask away from stack
    - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
    - ALSA: hda/hdmi: Cancel pending works before suspend
    - ALSA: hda: Avoid spurious unsol event handling during S3/S4
    - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
    - s390/dasd: fix hanging DASD driver unbind
    - mmc: core: Fix partition switch time for eMMC
    - scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section
      names
    - Goodix Fingerprint device is not a modem
    - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio
      slot
    - usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
    - xhci: Improve detection of device initiated wake signal.
    - USB: serial: io_edgeport: fix memory leak in edge_startup
    - USB: serial: ch341: add new Product ID
    - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
    - USB: serial: cp210x: add some more GE USB IDs
    - usbip: fix stub_dev to check for stream socket
    - usbip: fix vhci_hcd to check for stream socket
    - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
    - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
    - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
    - staging: rtl8712: unterminated string leads to read overflow
    - staging: rtl8188eu: fix potential memory corruption in
      rtw_check_beacon_data()
    - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
    - staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
    - staging: comedi: addi_apci_1032: Fix endian problem for COS sample
    - staging: comedi: addi_apci_1500: Fix endian problem for command sample
    - staging: comedi: adv_pci1710: Fix endian problem for AI command data
    - staging: comedi: das6402: Fix endian problem for AI command data
    - staging: comedi: das800: Fix endian problem for AI command data
    - staging: comedi: dmm32at: Fix endian problem for AI command data
    - staging: comedi: me4000: Fix endian problem for AI command data
    - staging: comedi: pcl711: Fix endian problem for AI command data
    - staging: comedi: pcl818: Fix endian problem for AI command data
    - NFSv4.2: fix return value of _nfs4_get_security_label()
    - block: rsxx: fix error return code of rsxx_pci_probe()
    - alpha: add $(src)/ rather than $(obj)/ to make source file path
    - alpha: merge build rules of division routines
    - alpha: make short build log available for division routines
    - alpha: Package string routines together
    - alpha: move exports to actual definitions
    - alpha: get rid of tail-zeroing in __copy_user()
    - alpha: switch __copy_user() and __do_clean_user() to normal calling
      conventions
    - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
    - media: hdpvr: Fix an error handling path in hdpvr_probe()
    - KVM: arm64: Fix exclusive limit for IPA size
    - xen/events: reset affinity of 2-level event when tearing it down
    - xen/events: don't unmask an event channel when an eoi is pending
    - xen/events: avoid handling the same event on two cpus at the same time
    - Linux 4.4.262
  * Xenial update: v4.4.261 upstream stable release (LP: #1920218)
    - futex: fix irq self-deadlock and satisfy assertion
    - futex: fix spin_lock() / spin_unlock_irq() imbalance
    - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
    - rsxx: Return -EFAULT if copy_to_user() fails
    - dm table: fix iterate_devices based device capability checks
    - platform/x86: acer-wmi:

  linux-kvm (4.4.0-1090.99) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1090.99 -proposed tracker (LP: #1919235)

  [ Ubuntu: 4.4.0-206.238 ]

  * xenial/linux: 4.4.0-206.238 -proposed tracker (LP: #1919242)
  * CVE-2021-27365
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
    - scsi: iscsi: Verify lengths on passthrough PDUs
  * CVE-2021-27363 // CVE-2021-27364
    - scsi: iscsi: Restrict sessions and handles to admin capabilities

 -- Khalid Elmously <email address hidden> Wed, 17 Mar 2021 01:19:00 -0400

  linux-kvm (4.4.0-1089.98) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1089.98 -proposed tracker (LP: #1916215)

  [ Ubuntu: 4.4.0-204.236 ]

  * xenial/linux: 4.4.0-204.236 -proposed tracker (LP: #1916222)
  * Xenial update: v4.4.254 upstream stable release (LP: #1914648)
    - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
    - ALSA: hda/via: Add minimum mute flag
    - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
    - dm: avoid filesystem lookup in dm_get_dev_t()
    - ASoC: Intel: haswell: Add missing pm_ops
    - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
    - drm/nouveau/bios: fix issue shadowing expansion ROMs
    - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
    - can: dev: can_restart: fix use after free bug
    - iio: ad5504: Fix setting power-down state
    - ehci: fix EHCI host controller initialization sequence
    - usb: bdc: Make bdc pci driver depend on BROKEN
    - [Config] updateconfigs for USB_BDC_PCI
    - xhci: make sure TRB is fully written before giving it to the controller
    - compiler.h: Raise minimum version of GCC to 5.1 for arm64
    - netfilter: rpfilter: mask ecn bits before fib lookup
    - sh: dma: fix kconfig dependency for G2_DMA
    - sh_eth: Fix power down vs. is_opened flag ordering
    - skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
    - ipv6: create multicast route with RTPROT_KERNEL
    - net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
    - Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
    - tracing: Fix race in trace_open and buffer resize call
    - xen-blkback: set ring->xenblkd to NULL after kthread_stop()
    - x86/boot/compressed: Disable relocation relaxation
    - Linux 4.4.254
  * Xenial update: v4.4.253 upstream stable release (LP: #1914647)
    - ASoC: dapm: remove widget from dirty list on free
    - mm/hugetlb: fix potential missing huge page size info
    - ext4: fix bug for rename with RENAME_WHITEOUT
    - ARC: build: add boot_targets to PHONY
    - ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram
    - arch/arc: add copy_user_page() to <asm/page.h> to fix build error on ARC
    - misdn: dsp: select CONFIG_BITREVERSE
    - net: ethernet: fs_enet: Add missing MODULE_LICENSE
    - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
    - ARM: picoxcell: fix missing interrupt-parent properties
    - Input: uinput - avoid FF flush when destroying device
    - dump_common_audit_data(): fix racy accesses to ->d_name
    - NFS: nfs_igrab_and_active must first reference the superblock
    - ext4: fix superblock checksum failure when setting password salt
    - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
    - mm, slub: consider rest of partial list if acquire_slab() fails
    - net: sunrpc: interpret the return value of kstrtou32 correctly
    - usb: ohci: Make distrust_firmware param default to false
    - iio: buffer: Fix demux update
    - nfsd4: readdirplus shouldn't return parent of export
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - netxen_nic: fix MSI/MSI-x interrupts
    - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
    - net: dcb: Validate netlink message in DCB handler
    - net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
    - net: sit: unregister_netdevice on newlink's error path
    - rxrpc: Fix handling of an unsupported token type in rxrpc_read()
    - net: avoid 32 x truesize under-estimation for tiny skbs
    - spi: cadence: cache reference clock rate during probe
    - Linux 4.4.253
  * Xenial update: v4.4.252 upstream stable release (LP: #1913479)
    - Revert "UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup"
    - target: add XCOPY target/segment desc sense codes
    - target: bounds check XCOPY segment descriptor list
    - target: use XCOPY segment descriptor CSCD IDs
    - xcopy: loop over devices using idr helper
    - scsi: target: Fix XCOPY NAA identifier lookup
    - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
    - net: ip: always refragment ip defragmented packets
    - net: fix pmtu check in nopmtudisc mode
    - vmlinux.lds.h: Add PGO and AutoFDO input sections
    - ubifs: wbuf: Don't leak kernel memory to flash
    - spi: pxa2xx: Fix use-after-free on unbind
    - cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
    - wil6210: select CONFIG_CRC32
    - block: rsxx: select CONFIG_CRC32
    - iommu/intel: Fix memleak in intel_irq_remapping_alloc
    - block: fix use-after-free in disk_part_iter_next
    - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed
      packet
    - Linux 4.4.252
  * Xenial update: v4.4.251 upstream stable release (LP: #1913478)
    - kbuild: don't hardcode depmod path
    - workqueue: Kick a worker based on the actual activation of delayed works
    - lib/genalloc: fix the overflow when size is too big
    - depmod: handle the case of /sbin/depmod without /sbin in PATH
    - atm: idt77252: call pci_disable_device() on error path
    - ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
    - net: hns: fix return value check in __lb_other_process()
    - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running
    - CDC-NCM: remove "connected" log message
    - vhost_net: fix ubuf refcount incorrectly when sendmsg fails
    - net: sched: prevent invalid Scell_log shift count
    - virtio_net: Fix recursive call to cpus_read_lock()
    - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
    - video: hyperv_fb: Fix the mmap() regression for v5.4.y and older
    - usb: gadget: enable super speed plus
    - USB: cdc-acm: blacklist another IR Droid device
    - usb: chipidea: ci_hdrc_imx: add missing put_device() call in
      usbmisc_get_init_data()
    - USB: xhci: fix U1/U2 handling for hardware