Package "linux-kvm"

This package belongs to a PPA: Canonical Kernel Team

Name: linux-kvm


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0

Latest version: 4.4.0-1038.44
Release: xenial (16.04)
Level: base
Repository: main


Save this URL for the latest version of "linux-kvm": https://www.ubuntuupdates.org/linux-kvm

Other versions of "linux-kvm" in Xenial

Repository Area Version
security main 4.4.0-1037.43
updates universe 4.4.0-1007.12
updates main 4.4.0-1037.43
proposed main 4.4.0-1038.44

Packages in group

Deleted packages are displayed in grey.


Version: 4.4.0-1038.44 2018-11-15 20:08:34 UTC

 linux-kvm (4.4.0-1038.44) xenial; urgency=medium
   * linux-kvm: 4.4.0-1038.44 -proposed tracker (LP: #1802786)
   [ Ubuntu: 4.4.0-140.166 ]
   * linux: 4.4.0-140.166 -proposed tracker (LP: #1802776)
   * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
     - mount: Retest MNT_LOCKED in do_umount
     - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
   * kdump fail due to an IRQ storm (LP: #1797990)
     - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
     - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
     - SAUCE: x86/quirks: Scan all busses for early PCI quirks
   * crash in ENA driver on removing an interface (LP: #1802341)
     - SAUCE: net: ena: fix crash during ena_remove()
   * xenial guest on arm64 drops to busybox under openstack bionic-rocky
     (LP: #1797092)
     - [Config] CONFIG_PCI_ECAM=y
     - PCI: Provide common functions for ECAM mapping
     - PCI: generic, thunder: Use generic ECAM API
     - PCI, of: Move PCI I/O space management to PCI core code
     - PCI: Move ecam.h to linux/include/pci-ecam.h
     - PCI: Add parent device field to ECAM struct pci_config_window
     - PCI: Add pci_unmap_iospace() to unmap I/O resources
     - PCI/ACPI: Support I/O resources when parsing host bridge resources
     - [Config] CONFIG_ACPI_MCFG=y
     - PCI/ACPI: Add generic MCFG table handling
     - PCI: Refactor pci_bus_assign_domain_nr() for CONFIG_PCI_DOMAINS_GENERIC
     - PCI: Factor DT-specific pci_bus_find_domain_nr() code out
     - ARM64: PCI: Add acpi_pci_bus_find_domain_nr()
     - ARM64: PCI: ACPI support for legacy IRQs parsing and consolidation with DT
     - ARM64: PCI: Support ACPI-based PCI host controller
   * [GLK/CLX] Enhanced IBRS (LP: #1786139)
     - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
     - x86/speculation: Support Enhanced IBRS on future CPUs
   * Update ENA driver to version 2.0.1K (LP: #1798182)
     - net: ena: remove ndo_poll_controller
     - net: ena: fix warning in rmmod caused by double iounmap
     - net: ena: fix rare bug when failed restart/resume is followed by driver
     - net: ena: fix NULL dereference due to untimely napi initialization
     - net: ena: fix auto casting to boolean
     - net: ena: minor performance improvement
     - net: ena: complete host info to match latest ENA spec
     - net: ena: introduce Low Latency Queues data structures according to ENA spec
     - net: ena: add functions for handling Low Latency Queues in ena_com
     - net: ena: add functions for handling Low Latency Queues in ena_netdev
     - net: ena: use CSUM_CHECKED device indication to report skb's checksum status
     - net: ena: explicit casting and initialization, and clearer error handling
     - net: ena: limit refill Rx threshold to 256 to avoid latency issues
     - net: ena: change rx copybreak default to reduce kernel memory pressure
     - net: ena: remove redundant parameter in ena_com_admin_init()
     - net: ena: update driver version to 2.0.1
     - net: ena: fix indentations in ena_defs for better readability
     - net: ena: Fix Kconfig dependency on X86
     - net: ena: enable Low Latency Queues
     - net: ena: fix compilation error in xtensa architecture
   * Xenial update: 4.4.162 upstream stable release (LP: #1801900)
     - ASoC: wm8804: Add ACPI support
     - ASoC: sigmadsp: safeload should not have lower byte limit
     - selftests/efivarfs: add required kernel configs
     - mfd: omap-usb-host: Fix dts probe of children
     - sound: enable interrupt after dma buffer initialization
     - stmmac: fix valid numbers of unicast filter entries
     - net: macb: disable scatter-gather for macb on sama5d3
     - ARM: dts: at91: add new compatibility string for macb on sama5d3
     - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7
     - ext4: add corruption check in ext4_xattr_set_entry()
     - mm/vmstat.c: fix outdated vmstat_text
     - mach64: detect the dot clock divider correctly on sparc
     - perf script python: Fix export-to-postgresql.py occasional failure
     - i2c: i2c-scmi: fix for i2c_smbus_write_block_data
     - xhci: Don't print a warning when setting link state for disabled ports
     - jffs2: return -ERANGE when xattr buffer is too small
     - bnxt_en: Fix TX timeout during netpoll.
     - bonding: avoid possible dead-lock
     - ip6_tunnel: be careful when accessing the inner header
     - ip_tunnel: be careful when accessing the inner header
     - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
     - net: ipv4: update fnhe_pmtu when first hop's MTU changes
     - net/ipv6: Display all addresses in output of /proc/net/if_inet6
     - netlabel: check for IPV4MASK in addrinfo_get
     - net/usb: cancel pending work when unbinding smsc75xx
     - qlcnic: fix Tx descriptor corruption on 82xx devices
     - team: Forbid enslaving team device to itself
     - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
     - net: systemport: Fix wake-up interrupt race during resume
     - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
     - KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch
     - x86/fpu: Remove use_eager_fpu()
     - x86/fpu: Remove struct fpu::counter
     - x86/fpu: Finish excising 'eagerfpu'
     - media: af9035: prevent buffer overflow on write
     - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-
       am43 SoCs
     - Input: atakbd - fix Atari keymap
     - Input: atakbd - fix Atari CapsLock behaviour
     - net/mlx4: Use cpumask_available for eq->affinity_mask
     - powerpc/tm: Fix userspace r13 corruption
     - powerpc/tm: Avoid possible userspace r1 corruption on reclaim
     - ARC: build: Get rid of toolchain check
     - usb: gadget: serial: fix oops when data rx'd after close
     - HV: properly delay KVP packets when negotiation is in progress
     - Linux 4.4.162

Source diff to previous version
1789161 Bypass of mount visibility through userns + mount propagation
1797990 kdump fail due to an IRQ storm
1797092 xenial guest on arm64 drops to busybox under openstack bionic-rocky
1786139 [GLK/CLX] Enhanced IBRS
1798182 Update ENA driver to version 2.0.1K
1801900 Xenial update: 4.4.162 upstream stable release
1801893 Xenial update: 4.4.161 upstream stable release
1793451 mlock203 test in ubuntu_ltp_syscalls failed with Xenial kernel
1786729 execveat03 in ubuntu_ltp_syscalls failed on X/B
1800639 [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport
1801878 NULL pointer dereference at 0000000000000020 when access dst_orig-\u003eops-\u003efamily in function xfrm_lookup_with_ifid()
1800641 [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup
1786013 Packaging resync

Version: 4.4.0-1037.43 2018-10-26 12:08:04 UTC

 linux-kvm (4.4.0-1037.43) xenial; urgency=medium
   * linux-kvm: 4.4.0-1037.43 -proposed tracker (LP: #1799408)
   [ Ubuntu: 4.4.0-139.165 ]
   * linux: 4.4.0-139.165 -proposed tracker (LP: #1799401)
   * Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel (LP: #1793464)
     - nbd: Remove signal usage
     - nbd: Timeouts are not user requested disconnects
     - nbd: Cleanup reset of nbd and bdev after a disconnect
     - nbd: don't shutdown sock with irq's disabled
     - nbd: fix race in ioctl
   * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
     - SAUCE: fscache: Fix race in decrementing refcount of op->npages
   * xenial: virtio-scsi: CPU soft lockup due to loop in
     virtscsi_target_destroy() (LP: #1798110)
     - SAUCE: (no-up) virtio-scsi: Decrement reqs counter before SCSI command
   * Error reported when creating ZFS pool with "-t" option, despite successful
     pool creation (LP: #1769937)
     - SAUCE: (noup) Update zfs to
   * Xenial update: 4.4.160 upstream stable release (LP: #1798770)
     - crypto: skcipher - Fix -Wstringop-truncation warnings
     - tsl2550: fix lux1_input error in low light
     - vmci: type promotion bug in qp_host_get_user_memory()
     - x86/numa_emulation: Fix emulated-to-physical node mapping
     - staging: rts5208: fix missing error check on call to rtsx_write_register
     - uwb: hwa-rc: fix memory leak at probe
     - power: vexpress: fix corruption in notifier registration
     - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
     - USB: serial: kobil_sct: fix modem-status error handling
     - 6lowpan: iphc: reset mac_header after decompress to fix panic
     - md-cluster: clear another node's suspend_area after the copy is finished
     - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
     - powerpc/kdump: Handle crashkernel memory reservation failure
     - media: fsl-viu: fix error handling in viu_of_probe()
     - x86/tsc: Add missing header to tsc_msr.c
     - x86/entry/64: Add two more instruction suffixes
     - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
       buffer size
     - scsi: klist: Make it safe to use klists in atomic context
     - scsi: ibmvscsi: Improve strings handling
     - usb: wusbcore: security: cast sizeof to int for comparison
     - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
     - alarmtimer: Prevent overflow for relative nanosleep
     - s390/extmem: fix gcc 8 stringop-overflow warning
     - ALSA: snd-aoa: add of_node_put() in error path
     - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
     - media: soc_camera: ov772x: correct setting of banding filter
     - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
     - staging: android: ashmem: Fix mmap size validation
     - drivers/tty: add error handling for pcmcia_loop_config
     - media: tm6000: add error handling for dvb_register_adapter
     - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
     - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
     - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
     - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
     - ARM: mvebu: declare asm symbols as character arrays in pmsu.c
     - HID: hid-ntrig: add error handling for sysfs_create_group
     - scsi: bnx2i: add error handling for ioremap_nocache
     - EDAC, i7core: Fix memleaks and use-after-free on probe and remove
     - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
     - module: exclude SHN_UNDEF symbols from kallsyms api
     - nfsd: fix corrupted reply to badly ordered compound
     - ARM: dts: dra7: fix DCAN node addresses
     - serial: cpm_uart: return immediately from console poll
     - spi: tegra20-slink: explicitly enable/disable clock
     - spi: sh-msiof: Fix invalid SPI use during system suspend
     - spi: sh-msiof: Fix handling of write value for SISTR register
     - spi: rspi: Fix invalid SPI use during system suspend
     - spi: rspi: Fix interrupted DMA transfers
     - USB: fix error handling in usb_driver_claim_interface()
     - USB: handle NULL config in usb_find_alt_setting()
     - slub: make ->cpu_partial unsigned int
     - Revert "UBUNTU: SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device"
     - media: uvcvideo: Support realtek's UVC 1.5 device
     - USB: usbdevfs: sanitize flags more
     - USB: usbdevfs: restore warning for nonsensical flags
     - Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
     - USB: remove LPM management from usb_driver_claim_interface()
     - Input: elantech - enable middle button of touchpad on ThinkPad P72
     - IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
     - scsi: target: iscsi: Use bin2hex instead of a re-implementation
     - serial: imx: restore handshaking irq for imx1
     - arm64: KVM: Tighten guest core register access from userspace
     - ext4: never move the system.data xattr out of the inode body
     - thermal: of-thermal: disable passive polling when thermal zone is disabled
     - net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
     - e1000: check on netif_running() before calling e1000_up()
     - e1000: ensure to free old tx/rx rings in set_ringparam()
     - hwmon: (ina2xx) fix sysfs shunt resistor read access
     - hwmon: (adt7475) Make adt7475_read_word() return errors
     - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
     - arm64: cpufeature: Track 32bit EL0 support
     - arm64: KVM: Sanitize PSTATE.M when being set from userspace
     - media: v4l: event: Prevent freeing event subscriptions while accessed
     - KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
     - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X

Source diff to previous version
1793464 Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel
1797314 fscache: bad refcounting in fscache_op_complete leads to OOPS
1798110 xenial: virtio-scsi: CPU soft lockup due to loop in virtscsi_target_destroy()
1769937 Error reported when creating ZFS pool with \
1798770 Xenial update: 4.4.160 upstream stable release
1775068 Volume control not working Dell XPS 27 (7760)
1798617 Xenial update: 4.4.159 upstream stable release
1798587 Xenial update: 4.4.158 upstream stable release
1798539 Xenial update: 4.4.157 upstream stable release
1797563 Xenial update: 4.4.156 upstream stable release
CVE-2018-7755 An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a k

Version: 4.4.0-1036.42 2018-10-02 19:09:48 UTC

 linux-kvm (4.4.0-1036.42) xenial; urgency=medium
   * linux-kvm: 4.4.0-1036.42 -proposed tracker (LP: #1795589)
   * Xenial update to 4.4.148 stable release (LP: #1792174)
     - [config] updateconfigs for master changes
   * kvm kernel missing nbd module (LP: #1793976)
     - kvm: [Config] enable BLK_DEV_NBD
   [ Ubuntu: 4.4.0-138.164 ]
   * linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)
   * Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
     - powerpc/fadump: Return error when fadump registration fails
   * Kernel hang on drive pull caused by regression introduced by commit
     287922eb0b18 (LP: #1791790)
     - block: Fix a race between blk_cleanup_queue() and timeout handling
   * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
     - s390/qeth: use vzalloc for QUERY OAT buffer
   * Page leaking in cachefiles_read_backing_file while vmscan is active
     (LP: #1793430)
     - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
       is active
   * Bugfix for handling of shadow doorbell buffer (LP: #1788222)
     - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event
   * Xenial update to 4.4.155 stable release (LP: #1792419)
     - net: 6lowpan: fix reserved space for single frames
     - net: mac802154: tx: expand tailroom if necessary
     - 9p/net: Fix zero-copy path in the 9p virtio transport
     - net: lan78xx: Fix misplaced tasklet_schedule() call
     - spi: davinci: fix a NULL pointer dereference
     - drm/i915/userptr: reject zero user_size
     - powerpc/fadump: handle crash memory ranges array index overflow
     - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
     - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
     - 9p/virtio: fix off-by-one error in sg list bounds check
     - net/9p/client.c: version pointer uninitialized
     - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
     - dm cache metadata: save in-core policy_hint_size to on-disk superblock
     - iio: ad9523: Fix displayed phase
     - iio: ad9523: Fix return value for ad952x_store()
     - vmw_balloon: fix inflation of 64-bit GFNs
     - vmw_balloon: do not use 2MB without batching
     - vmw_balloon: VMCI_DOORBELL_SET does not check status
     - vmw_balloon: fix VMCI use when balloon built into kernel
     - tracing: Do not call start/stop() functions when tracing_on does not change
     - tracing/blktrace: Fix to allow setting same value
     - kthread, tracing: Don't expose half-written comm when creating kthreads
     - uprobes: Use synchronize_rcu() not synchronize_sched()
     - 9p: fix multiple NULL-pointer-dereferences
     - PM / sleep: wakeup: Fix build error caused by missing SRCU support
     - pnfs/blocklayout: off by one in bl_map_stripe()
     - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
     - mm/tlb: Remove tlb_remove_table() non-concurrent condition
     - iommu/vt-d: Add definitions for PFSID
     - iommu/vt-d: Fix dev iotlb pfsid use
     - osf_getdomainname(): use copy_to_user()
     - sys: don't hold uts_sem while accessing userspace memory
     - userns: move user access out of the mutex
     - ubifs: Fix memory leak in lprobs self-check
     - Revert "UBIFS: Fix potential integer overflow in allocation"
     - ubifs: Check data node size before truncate
     - ubifs: Fix synced_i_size calculation for xattr inodes
     - pwm: tiehrpwm: Fix disabling of output of PWMs
     - fb: fix lost console when the user unplugs a USB adapter
     - udlfb: set optimal write delay
     - getxattr: use correct xattr length
     - bcache: release dc->writeback_lock properly in bch_writeback_thread()
     - perf auxtrace: Fix queue resize
     - fs/quota: Fix spectre gadget in do_quotactl
     - x86/io: add interface to reserve io memtype for a resource range. (v1.1)
     - drm/drivers: add support for using the arch wc mapping API.
     - Linux 4.4.155
   * Xenial update to 4.4.154 stable release (LP: #1792392)
     - sched/sysctl: Check user input value of sysctl_sched_time_avg
     - Cipso: cipso_v4_optptr enter infinite loop
     - vti6: fix PMTU caching and reporting on xmit
     - xfrm: fix missing dst_release() after policy blocking lbcast and multicast
     - xfrm: free skb if nlsk pointer is NULL
     - mac80211: add stations tied to AP_VLANs during hw reconfig
     - nl80211: Add a missing break in parse_station_flags
     - drm/bridge: adv7511: Reset registers on hotplug
     - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
     - drm/imx: imx-ldb: disable LDB on driver bind
     - drm/imx: imx-ldb: check if channel is enabled before printing warning
     - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in
     - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in
     - usb/phy: fix PPC64 build errors in phy-fsl-usb.c
     - tools: usb: ffs-test: Fix build on big endian systems
     - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
     - tools/power turbostat: fix -S on UP systems
     - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
     - qed: Fix possible race for the link state value.
     - atl1c: reserve min skb headroom
     - net: prevent ISA drivers from building on PPC32
     - can: mpc5xxx_can: check of_iomap return before use
     - i2c: davinci: Avoid zero value of CLKH
     - media: staging: omap4iss: Include asm/cacheflush.h after generic includes
     - bnx2x: Fix invalid memory access in rss hash config path.
     - net: axienet: Fix double deregister of mdio
     - selftests/ftrace: Add snapshot and tracing_on test case
     - zswap: re-check zswap_is_full() after do zswap_shrink()
     - tools/power turbostat: Read extended processor family from CPUID
     - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
     - enic: han

Source diff to previous version
1792174 Xenial update to 4.4.148 stable release
1793976 kvm kernel missing nbd module
1795662 Linux 4.4.155 stable release build is broken on ppc64
1791790 Kernel hang on drive pull caused by regression introduced by commit 287922eb0b18
1793086 qeth: use vzalloc for QUERY OAT buffer
1793430 Page leaking in cachefiles_read_backing_file while vmscan is active
1788222 Bugfix for handling of shadow doorbell buffer
1792419 Xenial update to 4.4.155 stable release
1792392 Xenial update to 4.4.154 stable release
1792383 Xenial update to 4.4.153 stable release
1792377 Xenial update to 4.4.152 stable release
1792340 Xenial update to 4.4.151 stable release
1792336 Xenial update to 4.4.150 stable release
1792310 Xenial update to 4.4.149 stable release
1792109 Xenial update to 4.4.147 stable release
1791953 Xenial update to 4.4.146 stable release
1791942 Xenial update to 4.4.145 stable release
1793753 kernel panic - null pointer dereference on ipset operations
1793461 Improvements to the kernel source package preparation
1792044 update ENA driver to latest mainline version
CVE-2018-9363 HID: Bluetooth: hidp: buffer overflow in hidp_process_report

Version: 4.4.0-1035.41 2018-09-26 10:09:56 UTC

 linux-kvm (4.4.0-1035.41) xenial; urgency=medium
   [ Ubuntu: 4.4.0-137.163 ]
   * CVE-2018-14633
     - iscsi target: Use hex2bin instead of a re-implementation
   * CVE-2018-17182
     - mm: get rid of vmacache_flush_all() entirely

Source diff to previous version
CVE-2018-14633 A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request f
CVE-2018-17182 An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An

Version: 4.4.0-1034.40 2018-09-12 10:08:21 UTC

 linux-kvm (4.4.0-1034.40) xenial; urgency=medium
   * linux-kvm: 4.4.0-1034.40 -proposed tracker (LP: #1791751)
   * Xenial update to 4.4.141 stable release (LP: #1790620)
     - [config] updateconfigs for master changes
   * please include the kernel module IPIP (LP: #1790605)
     - kvm: [config] enable CONFIG_NET_IPIP
   [ Ubuntu: 4.4.0-136.162 ]
   * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)
   * CVE-2017-5753
     - bpf: properly enforce index mask to prevent out-of-bounds speculation
     - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
     - Revert "bpf: prevent speculative execution in eBPF interpreter"
   * L1TF mitigation not effective in some CPU and RAM combinations
     (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
     - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
     - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
       much RAM
     - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
   * CVE-2018-15594
     - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
   * Xenial update to 4.4.144 stable release (LP: #1791080)
     - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
     - x86/MCE: Remove min interval polling limitation
     - fat: fix memory allocation failure handling of match_strdup()
     - ALSA: rawmidi: Change resized buffers atomically
     - ARC: mm: allow mprotect to make stack mappings executable
     - mm: memcg: fix use after free in mem_cgroup_iter()
     - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
     - ipv6: fix useless rol32 call on hash
     - lib/rhashtable: consider param->min_size when setting initial table size
     - net/ipv4: Set oif in fib_compute_spec_dst
     - net: phy: fix flag masking in __set_phy_supported
     - ptp: fix missing break in switch
     - tg3: Add higher cpu clock for 5762.
     - net: Don't copy pfmemalloc flag in __copy_skb_header()
     - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
     - xhci: Fix perceived dead host due to runtime suspend race with event handler
     - x86/paravirt: Make native_save_fl() extern inline
     - SAUCE: Add missing CPUID_7_EDX defines
     - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
     - x86/pti: Mark constant arrays as __initconst
     - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
     - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
       speculation attack surface
     - x86/speculation: Clean up various Spectre related details
     - x86/speculation: Fix up array_index_nospec_mask() asm constraint
     - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
     - x86/mm: Factor out LDT init from context init
     - x86/mm: Give each mm TLB flush generation a unique ID
     - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
     - x86/speculation: Use IBRS if available before calling into firmware
     - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
     - selftest/seccomp: Fix the seccomp(2) signature
     - xen: set cpu capabilities from xen_start_kernel()
     - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
     - SAUCE: Preserve SPEC_CTRL MSR in new inlines
     - SAUCE: Add Knights Mill to NO SSB list
     - x86/process: Correct and optimize TIF_BLOCKSTEP switch
     - x86/process: Optimize TIF_NOTSC switch
     - Revert "x86/cpufeatures: Add FEATURE_ZEN"
     - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)"
     - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
     - x86/cpufeatures: Add FEATURE_ZEN
     - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
     - x86/cpu: Re-apply forced caps every time CPU caps are re-read
     - block: do not use interruptible wait anywhere
     - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
     - ubi: Introduce vol_ignored()
     - ubi: Rework Fastmap attach base code
     - ubi: Be more paranoid while seaching for the most recent Fastmap
     - ubi: Fix races around ubi_refill_pools()
     - ubi: Fix Fastmap's update_vol()
     - ubi: fastmap: Erase outdated anchor PEBs during attach
     - Linux 4.4.144
   * CVE-2017-5715 (Spectre v2 s390x)
     - s390: detect etoken facility
     - s390/lib: use expoline for all bcr instructions
     - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
   * Xenial update to 4.4.143 stable release (LP: #1790884)
     - compiler, clang: suppress warning for unused static inline functions
     - compiler, clang: properly override 'inline' for clang
     - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
     - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
     - x86/asm: Add _ASM_ARG* constants for argument registers to
     - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
     - bcm63xx_enet: correct clock usage
     - bcm63xx_enet: do not write to random DMA channel on BCM6345
     - crypto: crypto4xx - remove bad list_del
     - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
     - atm: zatm: Fix potential Spectre v1
     - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
     - net: dccp: switch rx_tstamp_last_feedback to monotonic clock
     - net/mlx5: Fix incorrect raw command length parsing
     - net: sungem: fix rx checksum support
     - qed: Limit msix vectors in kdump kernel to the minimum required count.
     - r8152: napi hangup fix after disconnect
     - tcp: fix Fast Open key endianness
     - tcp: prevent bogus FRTO undos with non-SACK flows
     - vhost_net: validate sock before trying to put its fd
     - net_sched: blackhole: tell upper qdisc about dropped packets
     - net/mlx5: Fix command interface race in polling mode
     - net: cxgb3

1790620 Xenial update to 4.4.141 stable release
1790605 please include the kernel module IPIP
1788563 L1TF mitigation not effective in some CPU and RAM combinations
1791080 Xenial update to 4.4.144 stable release
1790884 Xenial update to 4.4.143 stable release
1790883 Xenial update to 4.4.142 stable release
1789653 regression with EXT4 file systems and meta_bg flag
1790480 random oopses on s390 systems using NVMe devices
1787281 errors when scanning partition table of corrupted AIX disk
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2018-3620 L1 Terminal Fault-OS/SMM Foreshadow-NG
CVE-2018-3646 L1 Terminal Fault-VMM
CVE-2018-15594 arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectr
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2018-15572 The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context swi
CVE-2018-6555 The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users
CVE-2018-6554 Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows lo

About   -   Send Feedback to @ubuntu_updates