Package "linux-kvm"

 linux-kvm (4.4.0-1093.102) xenial; urgency=medium
 .
   * xenial/linux-kvm: 4.4.0-1093.102 -proposed tracker (LP: #1924636)
 .
   [ Ubuntu: 4.4.0-210.242 ]
 .
   * xenial/linux: 4.4.0-210.242 -proposed tracker (LP: #1924644)
   * setting extended attribute may cause memory leak (LP: #1924611)
     - SAUCE: vfs_setxattr: free converted value if xattr_permission returns error

 linux-kvm (4.4.0-1091.100) xenial; urgency=medium
 .
   * xenial/linux-kvm: 4.4.0-1091.100 -proposed tracker (LP: #1922062)
 .
   * CVE-2017-5967
     - kvm: [Config] Dropped CONFIG_TIMER_STATS
 .
   * Xenial update: v4.4.257 upstream stable release (LP: #1916660)
     - kvm: [Config] updateconfigs for ELFCORE
 .
   [ Ubuntu: 4.4.0-208.240 ]
 .
   * xenial/linux: 4.4.0-208.240 -proposed tracker (LP: #1922069)
   * linux ADT test failure with linux/4.4.0-207.239 -
     ubuntu_qrt_kernel_security.test-kernel-security.py (LP: #1922200) //
     CVE-2018-5953 // CVE-2018-5995 // CVE-2018-7754
     - SAUCE: Revert "printk: hash addresses printed with %p"
   * lxd 2.0.11-0ubuntu1~16.04.4 ADT test failure with linux 4.4.0-207.239
     (LP: #1921969)
     - SAUCE: Fix fuse regression in 4.4.0-207.239
 .
   [ Ubuntu: 4.4.0-207.239 ]
 .
   * xenial/linux: 4.4.0-207.239 -proposed tracker (LP: #1919558)
   * Xenial update: v4.4.262 upstream stable release (LP: #1920221)
     - uapi: nfnetlink_cthelper.h: fix userspace compilation error
     - ath9k: fix transmitting to stations in dynamic SMPS mode
     - net: Fix gro aggregation for udp encaps with zero csum
     - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before
       setting skb ownership
     - can: flexcan: assert FRZ bit in flexcan_chip_freeze()
     - can: flexcan: enable RX FIFO after FRZ/HALT valid
     - netfilter: x_tables: gpf inside xt_find_revision()
     - cifs: return proper error code in statfs(2)
     - floppy: fix lock_fdc() signal handling
     - Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
     - futex: Change locking rules
     - futex: Cure exit race
     - futex: fix dead code in attach_to_pi_owner()
     - net/mlx4_en: update moderation when config reset
     - net: lapbether: Remove netif_start_queue / netif_stop_queue
     - net: davicom: Fix regulator not turned off on failed probe
     - net: davicom: Fix regulator not turned off on driver removal
     - media: usbtv: Fix deadlock on suspend
     - mmc: mxs-mmc: Fix a resource leak in an error handling path in
       'mxs_mmc_probe()'
     - mmc: mediatek: fix race condition between msdc_request_timeout and irq
     - powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
     - PCI: xgene-msi: Fix race in installing chained irq handler
     - s390/smp: __smp_rescan_cpus() - move cpumask away from stack
     - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
     - ALSA: hda/hdmi: Cancel pending works before suspend
     - ALSA: hda: Avoid spurious unsol event handling during S3/S4
     - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
     - s390/dasd: fix hanging DASD driver unbind
     - mmc: core: Fix partition switch time for eMMC
     - scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section
       names
     - Goodix Fingerprint device is not a modem
     - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio
       slot
     - usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
     - xhci: Improve detection of device initiated wake signal.
     - USB: serial: io_edgeport: fix memory leak in edge_startup
     - USB: serial: ch341: add new Product ID
     - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
     - USB: serial: cp210x: add some more GE USB IDs
     - usbip: fix stub_dev to check for stream socket
     - usbip: fix vhci_hcd to check for stream socket
     - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
     - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
     - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
     - staging: rtl8712: unterminated string leads to read overflow
     - staging: rtl8188eu: fix potential memory corruption in
       rtw_check_beacon_data()
     - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
     - staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
     - staging: comedi: addi_apci_1032: Fix endian problem for COS sample
     - staging: comedi: addi_apci_1500: Fix endian problem for command sample
     - staging: comedi: adv_pci1710: Fix endian problem for AI command data
     - staging: comedi: das6402: Fix endian problem for AI command data
     - staging: comedi: das800: Fix endian problem for AI command data
     - staging: comedi: dmm32at: Fix endian problem for AI command data
     - staging: comedi: me4000: Fix endian problem for AI command data
     - staging: comedi: pcl711: Fix endian problem for AI command data
     - staging: comedi: pcl818: Fix endian problem for AI command data
     - NFSv4.2: fix return value of _nfs4_get_security_label()
     - block: rsxx: fix error return code of rsxx_pci_probe()
     - alpha: add $(src)/ rather than $(obj)/ to make source file path
     - alpha: merge build rules of division routines
     - alpha: make short build log available for division routines
     - alpha: Package string routines together
     - alpha: move exports to actual definitions
     - alpha: get rid of tail-zeroing in __copy_user()
     - alpha: switch __copy_user() and __do_clean_user() to normal calling
       conventions
     - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
     - media: hdpvr: Fix an error handling path in hdpvr_probe()
     - KVM: arm64: Fix exclusive limit for IPA size
     - xen/events: reset affinity of 2-level event when tearing it down
     - xen/events: don't unmask an event channel when an eoi is pending
     - xen/events: avoid handling the same event on two cpus at the same time
     - Linux 4.4.262
   * Xenial update: v4.4.261 upstream stable release (LP: #1920218)
     - futex: fix irq self-deadlock and satisfy assertion
     - futex: fix spin_lock() / spin_unlock_irq() imbalance
     - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
     - rsxx: Return -EFAULT if copy_

 linux-kvm (4.4.0-1090.99) xenial; urgency=medium
 .
   * xenial/linux-kvm: 4.4.0-1090.99 -proposed tracker (LP: #1919235)
 .
   [ Ubuntu: 4.4.0-206.238 ]
 .
   * xenial/linux: 4.4.0-206.238 -proposed tracker (LP: #1919242)
   * CVE-2021-27365
     - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
     - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
     - scsi: iscsi: Verify lengths on passthrough PDUs
   * CVE-2021-27363 // CVE-2021-27364
     - scsi: iscsi: Restrict sessions and handles to admin capabilities

 linux-kvm (4.4.0-1089.98) xenial; urgency=medium
 .
   * xenial/linux-kvm: 4.4.0-1089.98 -proposed tracker (LP: #1916215)
 .
   [ Ubuntu: 4.4.0-204.236 ]
 .
   * xenial/linux: 4.4.0-204.236 -proposed tracker (LP: #1916222)
   * Xenial update: v4.4.254 upstream stable release (LP: #1914648)
     - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
     - ALSA: hda/via: Add minimum mute flag
     - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
     - dm: avoid filesystem lookup in dm_get_dev_t()
     - ASoC: Intel: haswell: Add missing pm_ops
     - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
     - drm/nouveau/bios: fix issue shadowing expansion ROMs
     - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
     - can: dev: can_restart: fix use after free bug
     - iio: ad5504: Fix setting power-down state
     - ehci: fix EHCI host controller initialization sequence
     - usb: bdc: Make bdc pci driver depend on BROKEN
     - [Config] updateconfigs for USB_BDC_PCI
     - xhci: make sure TRB is fully written before giving it to the controller
     - compiler.h: Raise minimum version of GCC to 5.1 for arm64
     - netfilter: rpfilter: mask ecn bits before fib lookup
     - sh: dma: fix kconfig dependency for G2_DMA
     - sh_eth: Fix power down vs. is_opened flag ordering
     - skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
     - ipv6: create multicast route with RTPROT_KERNEL
     - net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
     - Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
     - tracing: Fix race in trace_open and buffer resize call
     - xen-blkback: set ring->xenblkd to NULL after kthread_stop()
     - x86/boot/compressed: Disable relocation relaxation
     - Linux 4.4.254
   * Xenial update: v4.4.253 upstream stable release (LP: #1914647)
     - ASoC: dapm: remove widget from dirty list on free
     - mm/hugetlb: fix potential missing huge page size info
     - ext4: fix bug for rename with RENAME_WHITEOUT
     - ARC: build: add boot_targets to PHONY
     - ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram
     - arch/arc: add copy_user_page() to to fix build error on ARC
     - misdn: dsp: select CONFIG_BITREVERSE
     - net: ethernet: fs_enet: Add missing MODULE_LICENSE
     - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
     - ARM: picoxcell: fix missing interrupt-parent properties
     - Input: uinput - avoid FF flush when destroying device
     - dump_common_audit_data(): fix racy accesses to ->d_name
     - NFS: nfs_igrab_and_active must first reference the superblock
     - ext4: fix superblock checksum failure when setting password salt
     - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
     - mm, slub: consider rest of partial list if acquire_slab() fails
     - net: sunrpc: interpret the return value of kstrtou32 correctly
     - usb: ohci: Make distrust_firmware param default to false
     - iio: buffer: Fix demux update
     - nfsd4: readdirplus shouldn't return parent of export
     - net: cdc_ncm: correct overhead in delayed_ndp_size
     - netxen_nic: fix MSI/MSI-x interrupts
     - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
     - net: dcb: Validate netlink message in DCB handler
     - net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
     - net: sit: unregister_netdevice on newlink's error path
     - rxrpc: Fix handling of an unsupported token type in rxrpc_read()
     - net: avoid 32 x truesize under-estimation for tiny skbs
     - spi: cadence: cache reference clock rate during probe
     - Linux 4.4.253
   * Xenial update: v4.4.252 upstream stable release (LP: #1913479)
     - Revert "UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup"
     - target: add XCOPY target/segment desc sense codes
     - target: bounds check XCOPY segment descriptor list
     - target: use XCOPY segment descriptor CSCD IDs
     - xcopy: loop over devices using idr helper
     - scsi: target: Fix XCOPY NAA identifier lookup
     - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
     - net: ip: always refragment ip defragmented packets
     - net: fix pmtu check in nopmtudisc mode
     - vmlinux.lds.h: Add PGO and AutoFDO input sections
     - ubifs: wbuf: Don't leak kernel memory to flash
     - spi: pxa2xx: Fix use-after-free on unbind
     - cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
     - wil6210: select CONFIG_CRC32
     - block: rsxx: select CONFIG_CRC32
     - iommu/intel: Fix memleak in intel_irq_remapping_alloc
     - block: fix use-after-free in disk_part_iter_next
     - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed
       packet
     - Linux 4.4.252
   * Xenial update: v4.4.251 upstream stable release (LP: #1913478)
     - kbuild: don't hardcode depmod path
     - workqueue: Kick a worker based on the actual activation of delayed works
     - lib/genalloc: fix the overflow when size is too big
     - depmod: handle the case of /sbin/depmod without /sbin in PATH
     - atm: idt77252: call pci_disable_device() on error path
     - ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
     - net: hns: fix return value check in __lb_other_process()
     - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running
     - CDC-NCM: remove "connected" log message
     - vhost_net: fix ubuf refcount incorrectly when sendmsg fails
     - net: sched: prevent invalid Scell_log shift count
     - virtio_net: Fix recursive call to cpus_read_lock()
     - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
     - video: hyperv_fb: Fix the mmap() regression for v5.4.y and older
     - usb: gadget: enable super speed plus
     - USB: cdc-acm: blacklist another IR Droid device
     - usb: chipidea: ci_hdrc_imx: add missing put_device()

 linux-kvm (4.4.0-1088.97) xenial; urgency=medium
 .
   * xenial/linux-kvm: 4.4.0-1088.97 -proposed tracker (LP: #1914132)
 .
   [ Ubuntu: 4.4.0-203.235 ]
 .
   * xenial/linux: 4.4.0-203.235 -proposed tracker (LP: #1914140)
   * Ubuntu 16.04 kernel 4.4.0-202 basic commands hanging (LP: #1913853)
     - SAUCE: Revert "mm: check that mm is still valid in madvise()"
 .
   [ Ubuntu: 4.4.0-202.234 ]
 .
   * xenial/linux: 4.4.0-202.234 -proposed tracker (LP: #1913086)
   * DMI entry syntax fix for Pegatron / ByteSpeed C15B (LP: #1910639)
     - Input: i8042 - unbreak Pegatron C15B
   * CVE-2020-29372
     - mm: check that mm is still valid in madvise()
   * errinjct open fails on IBM POWER LPAR (LP: #1908710)
     - powerpc/rtas: Fix typo of ibm, open-errinjct in RTAS filter
   * 4.4 kernel panics in kvm wake_up() handler (LP: #1908428)
     - kvm: vmx: rename vmx_pre/post_block to pi_pre/post_block
     - KVM: VMX: extract __pi_post_block
     - KVM: VMX: avoid double list add with VT-d posted interrupts
   * restore reverted commit "crypto: arm64/sha - avoid non-standard inline asm
     tricks" (LP: #1907489)
     - crypto: arm64/sha - avoid non-standard inline asm tricks
   * CVE-2020-29374
     - gup: document and work around "COW can break either way" issue
   * Xenial update: v4.4.249 upstream stable release (LP: #1910139)
     - spi: bcm2835aux: Fix use-after-free on unbind
     - spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
     - ARC: stack unwinding: don't assume non-current task is sleeping
     - platform/x86: acer-wmi: add automatic keyboard background light toggle key
       as KEY_LIGHTS_TOGGLE
     - Input: cm109 - do not stomp on control URB
     - Input: i8042 - add Acer laptops to the i8042 reset list
     - [Config] updateconfigs for SPI_DYNAMIC
     - spi: Prevent adding devices below an unregistering controller
     - net/mlx4_en: Avoid scheduling restart task if it is already running
     - tcp: fix cwnd-limited bug for TSO deferral where we send nothing
     - net: stmmac: delete the eee_ctrl_timer after napi disabled
     - net: bridge: vlan: fix error return code in __vlan_add()
     - USB: dummy-hcd: Fix uninitialized array use in init()
     - USB: add RESET_RESUME quirk for Snapscan 1212
     - ALSA: usb-audio: Fix potential out-of-bounds shift
     - ALSA: usb-audio: Fix control 'access overflow' errors from chmap
     - xhci: Give USB2 ports time to enter U3 in bus suspend
     - USB: sisusbvga: Make console support depend on BROKEN
     - [Config] updateconfigs for USB_SISUSBVGA_CON
     - ALSA: pcm: oss: Fix potential out-of-bounds shift
     - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access
     - USB: serial: cp210x: enable usb generic throttle/unthrottle
     - scsi: bnx2i: Requires MMU
     - can: softing: softing_netdev_open(): fix error handling
     - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
     - dm table: Remove BUG_ON(in_interrupt())
     - soc/tegra: fuse: Fix index bug in get_process_id
     - USB: serial: option: add interface-number sanity check to flag handling
     - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
     - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
     - media: msi2500: assign SPI bus number dynamically
     - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
     - drm/gma500: fix double free of gma_connector
     - ARM: p2v: fix handling of LPAE translation in BE mode
     - crypto: talitos - Fix return type of current_desc_hdr()
     - spi: img-spfi: fix reference leak in img_spfi_resume
     - ASoC: pcm: DRAIN support reactivation
     - Bluetooth: Fix null pointer dereference in hci_event_packet()
     - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
     - spi: tegra20-slink: fix reference leak in slink ops of tegra20
     - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
     - spi: tegra114: fix reference leak in tegra spi ops
     - RDMa/mthca: Work around -Wenum-conversion warning
     - MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA
     - media: solo6x10: fix missing snd_card_free in error handling case
     - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
     - Input: ads7846 - fix integer overflow on Rt calculation
     - Input: ads7846 - fix unaligned access on 7845
     - powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32
     - soc: ti: knav_qmss: fix reference leak in knav_queue_probe
     - soc: ti: Fix reference imbalance in knav_dma_probe
     - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe
     - memstick: fix a double-free bug in memstick_check
     - ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host
     - ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host
     - orinoco: Move context allocation after processing the skb
     - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common
     - mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
     - NFSv4.2: condition READDIR's mask for security label based on LSM state
     - lockd: don't use interval-based rebinding over TCP
     - NFS: switch nfsiod to be an UNBOUND workqueue.
     - media: saa7146: fix array overflow in vidioc_s_audio()
     - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()
     - memstick: r592: Fix error return in r592_probe()
     - ASoC: jz4740-i2s: add missed checks for clk_get()
     - dm ioctl: fix error return code in target_message
     - clocksource/drivers/arm_arch_timer: Correct fault programming of
       CNTKCTL_EL1.EVNTI
     - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
     - cpufreq: loongson1: Add missing MODULE_ALIAS
     - cpufreq: scpi: Add missing MODULE_ALIAS
     - scsi: pm80xx: Fix error return in pm8001_pci_probe()
     - seq_buf: Avoid type mismatch for seq_buf_init
     - scsi: fnic: Fix error return code in fn