Package "linux-dell300x"

This package belongs to a PPA: Canonical Kernel Team

Name: linux-dell300x


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.15.0
  • Header files related to Linux kernel version 4.15.0
  • Header files related to Linux kernel version 4.15.0
  • Header files related to Linux kernel version 4.15.0

Latest version: 4.15.0-1052.57
Release: bionic (18.04)
Level: base
Repository: main


Other versions of "linux-dell300x" in Bionic

Repository Area Version
security universe 4.15.0-1051.56
updates universe 4.15.0-1051.56
proposed universe 4.15.0-1052.57

Packages in group

Deleted packages are displayed in grey.


Version: 4.15.0-1052.57 2022-08-12 19:09:05 UTC

 linux-dell300x (4.15.0-1052.57) bionic; urgency=medium
   * bionic/linux-dell300x: 4.15.0-1052.57 -proposed tracker (LP: #1983961)
   [ Ubuntu: 4.15.0-192.203 ]
   * bionic/linux: 4.15.0-192.203 -proposed tracker (LP: #1983980)
   * CVE-2021-33656
     - vt: drop old FONT ioctls
   * Bionic update: upstream stable patchset 2022-07-25 (LP: #1982782)
     - binfmt_flat: do not stop relocating GOT entries prematurely on riscv
     - USB: serial: option: add Quectel BG95 modem
     - USB: new quirk for Dell Gen 2 devices
     - ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
     - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
     - btrfs: add "0x" prefix for unsupported optional features
     - btrfs: repair super block num_devices automatically
     - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
     - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
     - b43legacy: Fix assigning negative value to unsigned variable
     - b43: Fix assigning negative value to unsigned variable
     - ipw2x00: Fix potential NULL dereference in libipw_xmit()
     - ACPICA: Avoid cache flush inside virtual machines
     - ALSA: jack: Access input_dev under mutex
     - drm/amd/pm: fix double free in si_parse_power_table()
     - ath9k: fix QCA9561 PA bias level
     - media: venus: hfi: avoid null dereference in deinit
     - media: pci: cx23885: Fix the error handling in cx23885_initdev()
     - media: cx25821: Fix the warning when removing the module
     - scsi: megaraid: Fix error check return value of register_chrdev()
     - drm/amd/pm: fix the compile warning
     - ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
     - ASoC: dapm: Don't fold register value changes into notifications
     - s390/preempt: disable __preempt_count_add() optimization for
     - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
     - ipmi:ssif: Check for NULL msg when handling events and messages
     - rtlwifi: Use pr_warn instead of WARN_ONCE
     - openrisc: start CPU timer early in boot
     - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
     - ASoC: rt5645: Fix errorenous cleanup order
     - net: phy: micrel: Allow probing without .driver_data
     - media: exynos4-is: Fix compile warning
     - rxrpc: Return an error to sendmsg if call failed
     - eth: tg3: silence the GCC 12 array-bounds warning
     - ARM: dts: ox820: align interrupt controller node name with dtschema
     - fs: jfs: fix possible NULL pointer dereference in dbFree()
     - ARM: OMAP1: clock: Fix UART rate reporting algorithm
     - fat: add ratelimit to fat*_ent_bread()
     - ARM: versatile: Add missing of_node_put in dcscb_init
     - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
     - ARM: hisi: Add missing of_node_put after of_find_compatible_node
     - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
     - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
     - powerpc/xics: fix refcount leak in icp_opal_init()
     - macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
     - RDMA/hfi1: Prevent panic when SDMA is disabled
     - drm: fix EDID struct for old ARM OABI format
     - ath9k: fix ar9003_get_eepmisc
     - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
     - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
     - x86/delay: Fix the wrong asm constraint in delay_loop()
     - drm/mediatek: Fix mtk_cec_mask()
     - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
     - NFC: NULL out the dev->rfkill to prevent UAF
     - efi: Add missing prototype for efi_capsule_setup_info
     - HID: hid-led: fix maximum brightness for Dream Cheeky
     - spi: img-spfi: Fix pm_runtime_get_sync() error checking
     - ath9k_htc: fix potential out of bounds access with invalid
     - inotify: show inotify mask flags in proc fdinfo
     - fsnotify: fix wrong lockdep annotations
     - x86/pm: Fix false positive kmemleak report in msr_build_context()
     - drm/msm/dsi: fix error checks and return values for DSI xmit functions
     - drm/msm/hdmi: check return value after calling
     - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
     - x86: Fix return value of __setup handlers
     - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
     - x86/mm: Cleanup the control_va_addr_alignment() __setup handler
     - drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
     - media: uvcvideo: Fix missing check to determine if element is found in list
     - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
     - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
     - media: st-delta: Fix PM disable depth imbalance in delta_probe
     - media: exynos4-is: Change clk_disable to clk_disable_unprepare
     - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
     - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
     - m68k: math-emu: Fix dependencies of math emulation support
     - sctp: read sk->sk_bound_dev_if once in sctp_rcv()
     - ASoC: wm2000: fix missing clk_disable_unprepare() on error in
     - rxrpc: Fix listen() setting the bar too high for the prealloc rings
     - rxrpc: Don't try to resend the request if we're receiving the reply
     - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
     - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
     - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
     - ARM: dts: bcm2835-rpi-b: Fix GPIO line names
     - mfd: ipaq-micro: Fix error check return value of platform_get_irq()
     - scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
     - pinctrl: mvebu: Fix i

Source diff to previous version
1982782 Bionic update: upstream stable patchset 2022-07-25
CVE-2021-33656 When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.

Version: 4.15.0-1050.55 2022-07-22 14:09:21 UTC

 linux-dell300x (4.15.0-1050.55) bionic; urgency=medium
   * bionic/linux-dell300x: 4.15.0-1050.55 -proposed tracker (LP: #1981302)
   * Bionic update: upstream stable patchset 2022-06-21 (LP: #1979355)
     - UBUNTU [Conig] dell300x: updateconfigs for NVM, NVM_PBLK
   [ Ubuntu: 4.15.0-190.201 ]
   * bionic/linux: 4.15.0-190.201 -proposed tracker (LP: #1981321)
   * CVE-2022-1679
     - SAUCE: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
   * Bionic update: upstream stable patchset 2022-07-06 (LP: #1980879)
     - MIPS: Use address-of operator on section symbols
     - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
     - can: grcan: grcan_probe(): fix broken system id check for errata workaround
     - can: grcan: only use the NAPI poll budget for RX
     - Bluetooth: Fix the creation of hdev->name
     - mmc: rtsx: add 74 Clocks in power on flow
     - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
     - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and
     - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
     - ALSA: pcm: Fix races among concurrent read/write and buffer changes
     - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
     - ALSA: pcm: Fix races among concurrent prealloc proc writes
     - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
     - VFS: Fix memory leak caused by concurrently mounting fs with subtype
     - batman-adv: Don't skb_split skbuffs with frag_list
     - net: Fix features skip in for_each_netdev_feature()
     - ipv4: drop dst in multicast routing path
     - netlink: do not reset transport header in netlink_recvmsg()
     - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
     - hwmon: (ltq-cputemp) restrict it to SOC_XWAY
     - s390/ctcm: fix variable dereferenced before check
     - s390/ctcm: fix potential memory leak
     - s390/lcs: fix variable dereferenced before check
     - net/smc: non blocking recvmsg() return -EAGAIN when no data and
     - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
     - hwmon: (f71882fg) Fix negative temperature
     - ASoC: max98090: Reject invalid values in custom control put()
     - ASoC: max98090: Generate notifications on changes for custom control
     - ASoC: ops: Validate input values in snd_soc_put_volsw_range()
     - tcp: resalt the secret every 10 seconds
     - usb: cdc-wdm: fix reading stuck on device close
     - USB: serial: pl2303: add device id for HP LM930 Display
     - USB: serial: qcserial: add support for Sierra Wireless EM7590
     - USB: serial: option: add Fibocom L610 modem
     - USB: serial: option: add Fibocom MA510 modem
     - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
     - drm/vmwgfx: Initialize drm_mode_fb_cmd2
     - ping: fix address binding wrt vrf
     - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
     - net/sched: act_pedit: really ensure the skb is writable
     - um: Cleanup syscall_handler_t definition/cast, fix warning
     - Input: add bounds checking to input_set_capability()
     - Input: stmfts - fix reference leak in stmfts_input_open
     - MIPS: lantiq: check the return value of kzalloc()
     - drbd: remove usage of list iterator variable after loop
     - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
     - ALSA: wavefront: Proper check of get_user() error
     - perf: Fix sys_perf_event_open() race against self
     - drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
     - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
     - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
     - mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
     - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
     - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
     - clk: at91: generated: consider range when calculating best rate
     - net/qla3xxx: Fix a test in ql_reset_work()
     - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
     - ARM: 9196/1: spectre-bhb: enable for Cortex-A15
     - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
     - igb: skip phy status check where unavailable
     - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
     - gpio: gpio-vf610: do not touch other bits when set the target bit
     - gpio: mvebu/pwm: Refuse requests with inverted polarity
     - perf bench numa: Address compiler error on s390
     - scsi: qla2xxx: Fix missed DMA unmap for aborted commands
     - mac80211: fix rx reordering with non explicit / psmp ack policy
     - ethernet: tulip: fix missing pci_disable_device() on error in
     - net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
     - net: atlantic: verify hw_head_ lies within TX buffer ring
     - swiotlb: fix info leak with DMA_FROM_DEVICE
     - Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
     - net: macb: Increment rx bd head after allocating skb and buffer
     - net/sched: act_pedit: sanitize shift argument before usage
     - afs: Fix afs_getattr() to refetch file status if callback break occurred
     - x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
     - staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
     - tcp: change source port randomizarion at connect() time
     - secure_seq: use the 64 bits of the siphash for port offset calculation
     - ACPI: sysfs: Make sparse happy about address space in use
     - Revert "UBUNTU: SAUCE: ACPI: sysfs: copy ACPI data using io memory copying"
     - ACPI: sysfs: Fix BERT error region memory mapping
     - net: af_key: check encryption module availability

Source diff to previous version
1979355 Bionic update: upstream stable patchset 2022-06-21
1980879 Bionic update: upstream stable patchset 2022-07-06
1980648 unprivileged tests in test_verifier from ubuntu_bpf failed with \
CVE-2022-1679 A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function
CVE-2022-1734 A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non syn
CVE-2022-1652 Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr fu

Version: 4.15.0-1049.54 2022-06-27 12:07:55 UTC

 linux-dell300x (4.15.0-1049.54) bionic; urgency=medium
   * bionic/linux-dell300x: 4.15.0-1049.54 -proposed tracker (LP: #1979505)
   [ Ubuntu: 4.15.0-189.200 ]
   * bionic/linux: 4.15.0-189.200 -proposed tracker (LP: #1979525)
   * linux-image-4.15.0-177-generic freezes on the welcome screen (LP: #1973167)
     - mfd: intel-lpss: Use MODULE_SOFTDEP() instead of implicit request
   * Bionic update: upstream stable patchset 2022-06-03 (LP: #1977622)
     - etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
     - mm: page_alloc: fix building error on -Werror=array-compare
     - tracing: Dump stacktrace trigger to the corresponding instance
     - gfs2: assign rgrp glock before compute_bitstructs
     - ALSA: usb-audio: Clear MIDI port active flag after draining
     - tcp: fix race condition when creating child sockets from syncookies
     - tcp: Fix potential use-after-free due to double kfree()
     - dmaengine: imx-sdma: Fix error checking in sdma_event_remap
     - net/packet: fix packet_sock xmit return value checking
     - netlink: reset network and mac headers in netlink_dump()
     - ARM: vexpress/spc: Avoid negative array index when !SMP
     - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be
     - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
     - vxlan: fix error return code in vxlan_fdb_append
     - cifs: Check the IOCB_DIRECT flag, not O_DIRECT
     - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
     - drm/msm/mdp5: check the return of kzalloc()
     - net: macb: Restart tx only if queue pointer is lagging
     - stat: fix inconsistency between struct stat and struct compat_stat
     - ata: pata_marvell: Check the 'bmdma_addr' beforing reading
     - dma: at_xdmac: fix a missing check on list iterator
     - powerpc/perf: Fix power9 event alternatives
     - openvswitch: fix OOB access in reserve_sfa_size()
     - ASoC: soc-dapm: fix two incorrect uses of list iterator
     - e1000e: Fix possible overflow in LTR decoding
     - ARC: entry: fix syscall_trace_exit argument
     - ext4: fix symlink file size not match to file content
     - ext4: fix overhead calculation to account for the reserved gdt blocks
     - ext4: force overhead calculation if the s_overhead_cluster makes no sense
     - staging: ion: Prevent incorrect reference counting behavour
     - block/compat_ioctl: fix range check in BLKGETSIZE
     - ax25: add refcount in ax25_dev to avoid UAF bugs
     - ax25: fix reference count leaks of ax25_dev
     - ax25: fix UAF bugs of net_device caused by rebinding operation
     - ax25: Fix refcount leaks caused by ax25_cb_del()
     - ax25: fix UAF bug in ax25_send_control()
     - ax25: fix NPD bug in ax25_disconnect
     - ax25: Fix NULL pointer dereferences in ax25 timers
     - ax25: Fix UAF bugs in ax25 timers
     - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
     - net/sched: cls_u32: fix possible leak in u32_init_knode()
     - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
     - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
   * Bionic update: upstream stable patchset 2022-05-17 (LP: #1973831)
     - USB: serial: pl2303: add IBM device IDs
     - USB: serial: simple: add Nokia phone driver
     - netdevice: add the case if dev is NULL
     - virtio_console: break out of buf poll on remove
     - ethernet: sun: Free the coherent when failing in probing
     - spi: Fix invalid sgs value
     - spi: Fix erroneous sgs value with min_t()
     - af_key: add __GFP_ZERO flag for compose_sadb_supported in function
     - fuse: fix pipe buffer lifetime for direct_io
     - tpm: fix reference counting for struct tpm_chip
     - block: Add a helper to validate the block size
     - virtio-blk: Use blk_validate_block_size() to validate block size
     - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
     - coresight: Fix TRCCONFIGR.QE sysfs interface
     - iio: inkern: apply consumer scale on IIO_VAL_INT cases
     - iio: inkern: apply consumer scale when no channel scale is available
     - iio: inkern: make a best effort on offset calculation
     - clk: uniphier: Fix fixed-rate initialization
     - Documentation: add link to stable release candidate tree
     - Documentation: update stable tree link
     - SUNRPC: avoid race between mod_timer() and del_timer_sync()
     - NFSD: prevent underflow in nfssvc_decode_writeargs()
     - pinctrl: samsung: drop pin banks references on error paths
     - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
     - jffs2: fix memory leak in jffs2_do_mount_fs
     - jffs2: fix memory leak in jffs2_scan_medium
     - mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
     - mempolicy: mbind_range() set_policy() after vma_merge()
     - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
     - qed: display VF trust config
     - qed: validate and restrict untrusted VFs vlan promisc mode
     - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
     - ALSA: cs4236: fix an incorrect NULL check on list iterator
     - drbd: fix potential silent data corruption
     - ACPI: properties: Consistently return -ENOENT if there are no more
     - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
     - video: fbdev: sm712fb: Fix crash in smtcfb_read()
     - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
     - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
     - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
     - ARM: dts: exynos: add missing HDMI supplies on SMDK5250
     - ARM: dts: exynos: add missing HDMI supplies on SMDK5420
     - carl9170: fix missing bit-wise or operator for tx_params
     - thermal: int340x: Increase bitmap size
     - lib/raid6/test: fix multiple

Source diff to previous version
1973167 linux-image-4.15.0-177-generic freezes on the welcome screen
1977622 Bionic update: upstream stable patchset 2022-06-03
1973831 Bionic update: upstream stable patchset 2022-05-17
CVE-2022-28388 usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

Version: 4.15.0-1045.50 2022-05-27 18:08:00 UTC

 linux-dell300x (4.15.0-1045.50) bionic; urgency=medium
   * bionic/linux-dell300x: 4.15.0-1045.50 -proposed tracker (LP: #1974407)
   [ Ubuntu: 4.15.0-182.191 ]
   * CVE-2022-21499
     - SAUCE: debug: Lock down kgdb
   [ Ubuntu: 4.15.0-181.190 ]
   * bionic/linux: 4.15.0-181.190 -proposed tracker (LP: #1974426)
   * Bionic update: upstream stable patchset 2022-05-06 (LP: #1972006)
     - [Config] updateconfigs for ARM64_ERRATUM_1188873
     - arm64: arch_timer: Add workaround for ARM erratum 1188873
     - arm64: arch_timer: avoid unused function warning
     - arm64: Add silicon-errata.txt entry for ARM erratum 1188873
     - arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT
     - arm64: Add part number for Neoverse N1
     - arm64: Add part number for Arm Cortex-A77
     - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
     - arm64: Add Cortex-X2 CPU part definition
     - arm64: entry.S: Add ventry overflow sanity checks
     - arm64: entry: Make the trampoline cleanup optional
     - arm64: entry: Free up another register on kpti's tramp_exit path
     - arm64: entry: Move the trampoline data page before the text page
     - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
     - arm64: entry: Don't assume tramp_vectors is the start of the vectors
     - arm64: entry: Move trampoline macros out of ifdef'd section
     - arm64: entry: Make the kpti trampoline's kpti sequence optional
     - Revert "arm64: mmu: add the entry trampolines start/end section markers into
     - arm64: entry: Allow the trampoline text to occupy multiple pages
     - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
     - [Config] updateconfigs for MITIGATE_SPECTRE_BRANCH_HISTORY
     - arm64: entry: Add vectors that have the bhb mitigation sequences
     - arm64: entry: Add macro for reading symbol addresses from the trampoline
     - arm64: Add percpu vectors for EL1
     - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
     - KVM: arm64: Add templates for BHB mitigation sequences
     - arm64: Mitigate spectre style branch history side channels
     - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
     - arm64: add ID_AA64ISAR2_EL1 sys register
     - arm64: Use the clearbhb instruction in mitigations
   * issuing invalid ioctl to /dev/vsock may spam dmesg (LP: #1971480)
     - vsock: remove ratelimit unknown ioctl message
   * ubuntu_ltp_controllers:cpuset_sched_domains: tests 3,9,11,17,19,25 report
     incorrect sched domain for cpu#32 (LP: #1951289)
     - sched/topology: Make sched_init_numa() use a set for the deduplicating sort
     - sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa()
     - ia64: ensure proper NUMA distance and possible map initialization
   * CVE-2022-1419
     - drm/vgem: Reclassify buffer creation debug message
     - drm/vgem: Close use-after-free race in vgem_gem_create
   * CVE-2022-28390
     - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
   * Bionic update: upstream stable patchset 2022-04-26 (LP: #1970479)
     - net: qlogic: check the return value of dma_alloc_coherent() in
     - qed: return status of qed_iov_get_link
     - ethernet: Fix error handling in xemaclite_of_probe
     - net: ethernet: ti: cpts: Handle error for clk_enable
     - net: ethernet: lpc_eth: Handle error for clk_enable
     - ax25: Fix NULL pointer dereference in ax25_kill_by_device
     - net/mlx5: Fix size field in bufferx_reg struct
     - NFC: port100: fix use-after-free in port100_send_complete
     - gpio: ts4900: Do not set DAT and OE together
     - sctp: fix kernel-infoleak for SCTP sockets
     - net-sysfs: add check for netdevice being present to speed_show
     - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose"
     - Revert "xen-netback: Check for hotplug-status existence before watching"
     - tracing: Ensure trace buffer is at least 4096 bytes large
     - selftests/memfd: clean up mapping in mfd_fail_write
     - ARM: Spectre-BHB: provide empty stub for non-config
     - staging: gdm724x: fix use after free in gdm_lte_rx()
     - virtio: unexport virtio_finalize_features
     - virtio: acknowledge all features before access
     - ARM: fix Thumb2 regression with Spectre BHB
     - ext4: add check to prevent attempting to resize an fs with sparse_super2
     - btrfs: unlock newly allocated extent buffer after error
     - net: phy: DP83822: clear MISR2 register to disable interrupts
     - sctp: fix the processing for INIT chunk
     - sctp: fix the processing for INIT_ACK chunk
     - xfrm: Fix xfrm migrate issues when address family changes
     - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity
     - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller
     - MIPS: smp: fill in sibling and core maps earlier
     - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE
     - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when
       fully ready
     - atm: firestream: check the return value of ioremap() in fs_init()
     - nl80211: Update bss channel on channel switch for P2P_CLIENT
     - tcp: make tcp_read_sock() more robust
     - sfc: extend the locking on mcdi->seqno
     - kselftest/vm: fix tests build with old libc
     - fs: sysfs_emit: Remove PAGE_SIZE alignment check
     - efi: fix return value of __setup handlers
     - net/packet: fix slab-out-of-bounds access in packet_recvmsg()
     - atm: eni: Add check for dma_map_single
     - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit()
     - usb: gadget: rndis: prevent integer overflow in rndis_set_response()
     - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
     - Input: aiptek - properly check endpoint type
     - perf symbols: Fix symbol size calculation condition

Source diff to previous version
1972006 Bionic update: upstream stable patchset 2022-05-06
1971480 issuing invalid ioctl to /dev/vsock may spam dmesg
1970479 Bionic update: upstream stable patchset 2022-04-26
CVE-2022-21499 RESERVED
CVE-2022-28390 ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

Version: 4.15.0-1044.49 2022-05-20 10:07:57 UTC

 linux-dell300x (4.15.0-1044.49) bionic; urgency=medium
   * bionic/linux-dell300x: 4.15.0-1044.49 -proposed tracker (LP: #1973994)
   [ Ubuntu: 4.15.0-180.189 ]
   * bionic/linux: 4.15.0-180.189 -proposed tracker (LP: #1974013)
   * CVE-2022-29581
     - net/sched: cls_u32: fix netns refcount changes in u32_change()
   * Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP
     option (LP: #1972740)
     - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
   * ext4: limit length to bitmap_maxbytes (LP: #1972281)
     - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole

1972740 Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
1972281 ext4: limit length to bitmap_maxbytes
CVE-2022-29581 Improper Update of Reference Count vulnerability in net/sched of Linux ...

About   -   Send Feedback to @ubuntu_updates