UbuntuUpdates.org

Package "linux-hwe-5.4"

Name: linux-hwe-5.4

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel buildinfo for version 5.4.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 5.4.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 5.4.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 5.4.0 on 32 bit x86 SMP

Latest version: 5.4.0-74.83~18.04.1
Release: bionic (18.04)
Level: updates
Repository: main

Links



Other versions of "linux-hwe-5.4" in Bionic

Repository Area Version
security main 5.4.0-74.83~18.04.1
proposed main 5.4.0-75.84~18.04.1
PPA: Canonical Kernel Team 5.4.0-75.84~18.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.4.0-74.83~18.04.1 2021-06-02 22:06:21 UTC

  linux-hwe-5.4 (5.4.0-74.83~18.04.1) bionic; urgency=medium

  * bionic/linux-hwe-5.4: 5.4.0-74.83~18.04.1 -proposed tracker (LP: #1927618)

  [ Ubuntu: 5.4.0-74.83 ]

  * focal/linux: 5.4.0-74.83 -proposed tracker (LP: #1927619)
  * Introduce the 465 driver series, fabric-manager, and libnvidia-nscq
    (LP: #1925522)
    - debian/dkms-versions -- add NVIDIA 465 and migrate 450 to 460
  * linux-image-5.0.0-35-generic breaks checkpointing of container
    (LP: #1857257)
    - SAUCE: overlayfs: fix incorrect mnt_id of files opened from map_files
  * Enable CIFS GCM256 (LP: #1921916)
    - smb3: add defines for new crypto algorithms
    - smb3.1.1: add new module load parm require_gcm_256
    - smb3.1.1: add new module load parm enable_gcm_256
    - smb3.1.1: print warning if server does not support requested encryption type
    - smb3.1.1: rename nonces used for GCM and CCM encryption
    - smb3.1.1: set gcm256 when requested
    - cifs: Adjust key sizes and key generation routines for AES256 encryption
  * locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (LP: #1926184)
    - locking/qrwlock: Fix ordering in queued_write_lock_slowpath()
  * [Ubuntu 21.04] net/mlx5: Fix HW spec violation configuring uplink
    (LP: #1925452)
    - net/mlx5: Fix HW spec violation configuring uplink
  * Focal update: v5.4.114 upstream stable release (LP: #1926493)
    - Revert "scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure"
    - Revert "scsi: qla2xxx: Fix stuck login session using prli_pend_timer"
    - scsi: qla2xxx: Dual FCP-NVMe target port support
    - scsi: qla2xxx: Fix device connect issues in P2P configuration
    - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure
    - scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport
    - scsi: qla2xxx: Fix stuck login session using prli_pend_timer
    - scsi: qla2xxx: Fix fabric scan hang
    - net/sctp: fix race condition in sctp_destroy_sock
    - Input: nspire-keypad - enable interrupts only when opened
    - gpio: sysfs: Obey valid_mask
    - dmaengine: dw: Make it dependent to HAS_IOMEM
    - ARM: dts: Drop duplicate sha2md5_fck to fix clk_disable race
    - ARM: dts: Fix moving mmc devices with aliases for omap4 & 5
    - lockdep: Add a missing initialization hint to the "INFO: Trying to register
      non-static key" message
    - arc: kernel: Return -EFAULT if copy_to_user() fails
    - ASoC: max98373: Added 30ms turn on/off time delay
    - neighbour: Disregard DEAD dst in neigh_update
    - ARM: keystone: fix integer overflow warning
    - ARM: omap1: fix building with clang IAS
    - drm/msm: Fix a5xx/a6xx timestamps
    - ASoC: fsl_esai: Fix TDM slot setup for I2S mode
    - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state
    - net: ieee802154: stop dump llsec keys for monitors
    - net: ieee802154: forbid monitor for add llsec key
    - net: ieee802154: forbid monitor for del llsec key
    - net: ieee802154: stop dump llsec devs for monitors
    - net: ieee802154: forbid monitor for add llsec dev
    - net: ieee802154: forbid monitor for del llsec dev
    - net: ieee802154: stop dump llsec devkeys for monitors
    - net: ieee802154: forbid monitor for add llsec devkey
    - net: ieee802154: forbid monitor for del llsec devkey
    - net: ieee802154: stop dump llsec seclevels for monitors
    - net: ieee802154: forbid monitor for add llsec seclevel
    - pcnet32: Use pci_resource_len to validate PCI resource
    - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN
    - virt_wifi: Return micros for BSS TSF values
    - Input: s6sy761 - fix coordinate read bit shift
    - Input: i8042 - fix Pegatron C15B ID entry
    - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices
    - dm verity fec: fix misaligned RS roots IO
    - readdir: make sure to verify directory entry for legacy interfaces too
    - arm64: fix inline asm in load_unaligned_zeropad()
    - arm64: alternatives: Move length validation in alternative_{insn, endif}
    - vfio/pci: Add missing range check in vfio_pci_mmap
    - riscv: Fix spelling mistake "SPARSEMEM" to "SPARSMEM"
    - scsi: libsas: Reset num_scatter if libata marks qc as NODATA
    - netfilter: conntrack: do not print icmpv6 as unknown via /proc
    - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC
    - netfilter: bridge: add pre_exit hooks for ebtable unregistration
    - netfilter: arp_tables: add pre_exit hook for table unregister
    - net: macb: fix the restore of cmp registers
    - netfilter: nft_limit: avoid possible divide error in nft_limit_init
    - net: davicom: Fix regulator not turned off on failed probe
    - net: sit: Unregister catch-all devices
    - net: ip6_tunnel: Unregister catch-all devices
    - i40e: fix the panic when running bpf in xdpdrv mode
    - ibmvnic: avoid calling napi_disable() twice
    - ibmvnic: remove duplicate napi_schedule call in do_reset function
    - ibmvnic: remove duplicate napi_schedule call in open function
    - gro: ensure frag0 meets IP header alignment
    - ARM: footbridge: fix PCI interrupt mapping
    - arm64: dts: allwinner: Fix SD card CD GPIO for SOPine systems
    - r8169: remove fiddling with the PCIe max read request size
    - r8169: simplify setting PCI_EXP_DEVCTL_NOSNOOP_EN
    - r8169: fix performance regression related to PCIe max read request size
    - r8169: improve rtl_jumbo_config
    - r8169: tweak max read request size for newer chips also in jumbo mtu mode
    - r8169: don't advertise pause in jumbo mode
    - ARM: 9071/1: uprobes: Don't hook on thumb instructions
    - net: phy: marvell: fix detection of PHY on Topaz switches
    - Linux 5.4.114
  * Focal update: v5.4.113 upstream stable release (LP: #1926490)
    - interconnect: core: fix error return code of icc_link_destroy()
    - KVM: arm64: Hide system instruction access to Trace registers
    - KVM: arm64: Disable guest access to trace filter controls
    - drm/imx:

Source diff to previous version
1857257 linux-image-5.0.0-35-generic breaks checkpointing of container
1921916 Enable CIFS GCM256
1925452 [Ubuntu 21.04] net/mlx5: Fix HW spec violation configuring uplink
1926493 Focal update: v5.4.114 upstream stable release
1926490 Focal update: v5.4.113 upstream stable release
1926489 Focal update: v5.4.112 upstream stable release
1919275 crash utility fails on arm64 with cannot determine VA_BITS_ACTUAL
1923874 Focal update: v5.4.111 upstream stable release
1923869 Focal update: v5.4.110 upstream stable release
1923220 Focal update: v5.4.109 upstream stable release
1923214 Focal update: v5.4.108 upstream stable release
1923210 Focal update: v5.4.107 upstream stable release

Version: 5.4.0-73.82~18.04.1 2021-05-10 22:07:42 UTC

  linux-hwe-5.4 (5.4.0-73.82~18.04.1) bionic; urgency=medium

  * bionic/linux-hwe-5.4: 5.4.0-73.82~18.04.1 -proposed tracker (LP: #1923780)

  [ Ubuntu: 5.4.0-73.82 ]

  * focal/linux: 5.4.0-73.82 -proposed tracker (LP: #1923781)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CIFS DFS entries not accessible with 5.4.0-71.74-generic (LP: #1923670)
    - Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting
      cifs_sb->prepath."
  * CVE-2021-29650
    - Revert "netfilter: x_tables: Update remaining dereference to RCU"
    - Revert "netfilter: x_tables: Switch synchronization to RCU"
    - netfilter: x_tables: Use correct memory barriers.
  * LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing key
    (LP: #1918134)
    - [Packaging] dkms-build{,--nvidia-N} sync back from LRMv4
  * 5.4 kernel: when iommu is on crashdump fails (LP: #1922738)
    - iommu/vt-d: Refactor find_domain() helper
    - iommu/vt-d: Add attach_deferred() helper
    - iommu/vt-d: Move deferred device attachment into helper function
    - iommu/vt-d: Do deferred attachment in iommu_need_mapping()
    - iommu/vt-d: Remove deferred_attach_domain()
    - iommu/vt-d: Simplify check in identity_mapping()
  * Backport mlx5e fix for tunnel offload (LP: #1921769)
    - net/mlx5e: Check tunnel offload is required before setting SWP
  * Bcache bypasse writeback on caching device with fragmentation (LP: #1900438)
    - bcache: consider the fragmentation when update the writeback rate
  * Fix implicit declaration warnings for kselftests/memfd test on newer
    releases (LP: #1910323)
    - selftests/memfd: Fix implicit declaration warnings
  * net/mlx5e: Add missing capability check for uplink follow (LP: #1921104)
    - net/mlx5e: Add missing capability check for uplink follow
  * [UBUNUT 21.04] s390/vtime: fix increased steal time accounting
    (LP: #1921498)
    - s390/vtime: fix increased steal time accounting
  * Mute/Mic-mute LEDs are not work on HP 850/840/440 G8 Laptops (LP: #1920030)
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8
  * Focal update: v5.4.106 upstream stable release (LP: #1920246)
    - uapi: nfnetlink_cthelper.h: fix userspace compilation error
    - powerpc/pseries: Don't enforce MSI affinity with kdump
    - ath9k: fix transmitting to stations in dynamic SMPS mode
    - net: Fix gro aggregation for udp encaps with zero csum
    - net: check if protocol extracted by virtio_net_hdr_set_proto is correct
    - net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
    - sh_eth: fix TRSCER mask for SH771x
    - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before
      setting skb ownership
    - can: flexcan: assert FRZ bit in flexcan_chip_freeze()
    - can: flexcan: enable RX FIFO after FRZ/HALT valid
    - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode
    - can: tcan4x5x: tcan4x5x_init(): fix initialization - clear MRAM before
      entering Normal Mode
    - tcp: add sanity tests to TCP_QUEUE_SEQ
    - netfilter: nf_nat: undo erroneous tcp edemux lookup
    - netfilter: x_tables: gpf inside xt_find_revision()
    - selftests/bpf: No need to drop the packet when there is no geneve opt
    - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier
    - samples, bpf: Add missing munmap in xdpsock
    - ibmvnic: always store valid MAC address
    - mt76: dma: do not report truncated frames to mac80211
    - powerpc/603: Fix protection of user pages mapped with PROT_NONE
    - mount: fix mounting of detached mounts onto targets that reside on shared
      mounts
    - cifs: return proper error code in statfs(2)
    - Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
    - net: enetc: don't overwrite the RSS indirection table when initializing
    - net/mlx4_en: update moderation when config reset
    - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10
    - nexthop: Do not flush blackhole nexthops when loopback goes down
    - net: sched: avoid duplicates in classes dump
    - net: usb: qmi_wwan: allow qmimux add/del with master up
    - netdevsim: init u64 stats for 32bit hardware
    - cipso,calipso: resolve a number of problems with the DOI refcounts
    - net: lapbether: Remove netif_start_queue / netif_stop_queue
    - net: davicom: Fix regulator not turned off on failed probe
    - net: davicom: Fix regulator not turned off on driver removal
    - net: qrtr: fix error return code of qrtr_sendmsg()
    - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA
    - net: stmmac: stop each tx channel independently
    - net: stmmac: fix watchdog timeout during suspend/resume stress test
    - selftests: forwarding: Fix race condition in mirror installation
    - perf traceevent: Ensure read cmdlines are null terminated.
    - net: hns3: fix query vlan mask value error for flow director
    - net: hns3: fix bug when calculating the TCAM table info
    - s390/cio: return -EFAULT if copy_to_user() fails again
    - bnxt_en: reliably allocate IRQ table on reset to avoid crash
    - drm/compat: Clear bounce structures
    - drm/shmem-helper: Check for purged buffers in fault handler
    - drm/shmem-helper: Don't remove the offset in vm_area_struct pgoff
    - drm: meson_drv add shutdown function
    - s390/cio: return -EFAULT if copy_to_user() fails
    - s390/crypto: return -EFAULT if copy_to_user() fails
    - qxl: Fix uninitialised struct field head.surface_id
    - sh_eth: fix TRSCER mask for R7S9210
    - media: usbtv: Fix deadlock on suspend
    - media: v4l: vsp1: Fix uif null pointer access
    - media: v4l: vsp1: Fix bru null pointer access
    - media: rc: compile rc-cec.c into rc-core
    - [Config] update abi for rc-cec
    - net: hns3: fix error mask definition of flow director
    - net

Source diff to previous version
1786013 Packaging resync
1923670 CIFS DFS entries not accessible with 5.4.0-71.74-generic
1918134 LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing key
1922738 5.4 kernel: when iommu is on crashdump fails
1900438 Bcache bypasse writeback on caching device with fragmentation
1910323 Fix implicit declaration warnings for kselftests/memfd test on newer releases
1921104 net/mlx5e: Add missing capability check for uplink follow
1921498 [UBUNUT 21.04] s390/vtime: fix increased steal time accounting
1920030 Mute/Mic-mute LEDs are not work on HP 850/840/440 G8 Laptops
1920246 Focal update: v5.4.106 upstream stable release
1920244 Focal update: v5.4.105 upstream stable release
1920238 Focal update: v5.4.104 upstream stable release
1920235 Focal update: v5.4.103 upstream stable release
1918974 Focal update: v5.4.102 upstream stable release
1909428 eeh-basic.sh from powerpc in ubuntu_kernel_selftests failed with unexpected operator on F-5.8
CVE-2021-29650 An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net

Version: 5.4.0-72.80~18.04.1 2021-04-15 19:07:16 UTC

  linux-hwe-5.4 (5.4.0-72.80~18.04.1) bionic; urgency=medium

  [ Ubuntu: 5.4.0-72.80 ]

  * overlayfs calls vfs_setxattr without cap_convert_nscap
    - vfs: move cap_convert_nscap() call into vfs_setxattr()
  * CVE-2021-3492
    - SAUCE: shiftfs: free allocated memory in shiftfs_btrfs_ioctl_fd_replace()
      error paths
    - SAUCE: shiftfs: handle copy_to_user() return values correctly
  * CVE-2021-29154
    - SAUCE: bpf, x86: Validate computation of branch displacements for x86-64
    - SAUCE: bpf, x86: Validate computation of branch displacements for x86-32

 -- Kelsey Skunberg <email address hidden> Mon, 12 Apr 2021 16:02:43 -0600

Source diff to previous version
CVE-2021-3492 RESERVED
CVE-2021-29154 BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect c ...

Version: 5.4.0-71.79~18.04.1 2021-04-12 17:07:19 UTC

  linux-hwe-5.4 (5.4.0-71.79~18.04.1) bionic; urgency=medium

  * bionic/linux-hwe-5.4: 5.4.0-71.79~18.04.1 -proposed tracker (LP: #1921039)

  [ Ubuntu: 5.4.0-71.79 ]

  * focal/linux: 5.4.0-71.79 -proposed tracker (LP: #1921040)
  * selftests: bpf verifier fails after sanitize_ptr_alu fixes (LP: #1920995)
    - bpf: Simplify alu_limit masking for pointer arithmetic
    - bpf: Add sanity check for upper ptr_limit
    - bpf, selftests: Fix up some test_verifier cases for unprivileged
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * Fix missing HDMI/DP audio on NVidia card after S3 (LP: #1918228)
    - ALSA: hda/hdmi: Reduce hda_jack_tbl lookup at unsol event handling
    - ALSA: hda/hdmi: Don't use standard hda_jack for generic HDMI jacks
    - ALSA: hda/hdmi: Move runtime PM resume into hdmi_present_sense_via_verbs()
    - ALSA: hda/hdmi: Move ELD parse and jack reporting into update_eld()
  * Focal update: v5.4.101 upstream stable release (LP: #1918170)
    - HID: make arrays usage and value to be the same
    - USB: quirks: sort quirk entries
    - usb: quirks: add quirk to start video capture on ELMO L-12F document camera
      reliable
    - ntfs: check for valid standard information attribute
    - arm64: tegra: Add power-domain for Tegra210 HDA
    - scripts: use pkg-config to locate libcrypto
    - scripts: set proper OpenSSL include dir also for sign-file
    - mm: unexport follow_pte_pmd
    - mm: simplify follow_pte{,pmd}
    - KVM: do not assume PTE is writable after follow_pfn
    - mm: provide a saner PTE walking API for modules
    - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
    - NET: usb: qmi_wwan: Adding support for Cinterion MV31
    - cxgb4: Add new T6 PCI device id 0x6092
    - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.
    - scripts/recordmcount.pl: support big endian for ARCH sh
    - Linux 5.4.101
  * Focal update: v5.4.100 upstream stable release (LP: #1918168)
    - KVM: SEV: fix double locking due to incorrect backport
    - net: qrtr: Fix port ID for control messages
    - net: bridge: Fix a warning when del bridge sysfs
    - Xen/x86: don't bail early from clear_foreign_p2m_mapping()
    - Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
    - Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()
    - Xen/gntdev: correct error checking in gntdev_map_grant_pages()
    - xen/arm: don't ignore return errors from set_phys_to_machine
    - xen-blkback: don't "handle" error by BUG()
    - xen-netback: don't "handle" error by BUG()
    - xen-scsiback: don't "handle" error by BUG()
    - xen-blkback: fix error handling in xen_blkbk_map()
    - media: pwc: Use correct device for DMA
    - btrfs: fix backport of 2175bf57dc952 in 5.4.95
    - Linux 5.4.100
  * Focal update: v5.4.99 upstream stable release (LP: #1918167)
    - gpio: ep93xx: fix BUG_ON port F usage
    - gpio: ep93xx: Fix single irqchip with multi gpiochips
    - tracing: Do not count ftrace events in top level enable output
    - tracing: Check length before giving out the filter buffer
    - arm/xen: Don't probe xenbus as part of an early initcall
    - cgroup: fix psi monitor for root cgroup
    - arm64: dts: rockchip: Fix PCIe DT properties on rk3399
    - arm64: dts: qcom: sdm845: Reserve LPASS clocks in gcc
    - ARM: OMAP2+: Fix suspcious RCU usage splats for omap_enter_idle_coupled
    - platform/x86: hp-wmi: Disable tablet-mode reporting by default
    - ovl: perform vfs_getxattr() with mounter creds
    - cap: fix conversions on getxattr
    - ovl: skip getxattr of security labels
    - nvme-pci: ignore the subsysem NQN on Phison E16
    - drm/amd/display: Add more Clock Sources to DCN2.1
    - drm/amd/display: Fix dc_sink kref count in emulated_link_detect
    - drm/amd/display: Free atomic state after drm_atomic_commit
    - drm/amd/display: Decrement refcount of dc_sink before reassignment
    - riscv: virt_addr_valid must check the address belongs to linear mapping
    - bfq-iosched: Revert "bfq: Fix computation of shallow depth"
    - ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL
    - ARM: ensure the signal page contains defined contents
    - ARM: kexec: fix oops after TLB are invalidated
    - vmlinux.lds.h: Create section for protection against instrumentation
    - lkdtm: don't move ctors to .rodata
    - mt76: dma: fix a possible memory leak in mt76_add_fragment()
    - drm/vc4: hvs: Fix buffer overflow with the dlist handling
    - bpf: Check for integer overflow when using roundup_pow_of_two()
    - netfilter: xt_recent: Fix attempt to update deleted entry
    - netfilter: nftables: fix possible UAF over chains from packet path in netns
    - netfilter: flowtable: fix tcp and udp header checksum update
    - xen/netback: avoid race in xenvif_rx_ring_slots_available()
    - net: enetc: initialize the RFS and RSS memories
    - selftests: txtimestamp: fix compilation issue
    - net: stmmac: set TxQ mode back to DCB after disabling CBS
    - ibmvnic: Clear failover_pending if unable to schedule
    - netfilter: conntrack: skip identical origin tuple in same zone only
    - x86/build: Disable CET instrumentation in the kernel for 32-bit too
    - net: hns3: add a check for queue_id in hclge_reset_vf_queue()
    - firmware_loader: align .builtin_fw to 8
    - drm/sun4i: tcon: set sync polarity for tcon1 channel
    - drm/sun4i: Fix H6 HDMI PHY configuration
    - drm/sun4i: dw-hdmi: Fix max. frequency for H6
    - clk: sunxi-ng: mp: fix parent rate change flag check
    - i2c: stm32f7: fix configuration of the digital filter
    - h8300: fix PREEMPTION build, TI_PRE_COUNT undefined
    - usb: dwc3: ulpi: fix checkpatch warning
    - usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one
    - rxrpc: Fix clearance of Tx/Rx ring when releasing a call
    - udp: fix skb_copy_and_csum_datagram with odd segment sizes
    - net: dsa: call teardown metho

Source diff to previous version
1920995 selftests: bpf verifier fails after sanitize_ptr_alu fixes
1786013 Packaging resync
1918228 Fix missing HDMI/DP audio on NVidia card after S3
1918170 Focal update: v5.4.101 upstream stable release
1918168 Focal update: v5.4.100 upstream stable release
1918167 Focal update: v5.4.99 upstream stable release
1918158 Focal update: v5.4.98 upstream stable release
1916290 Enforce CONFIG_DRM_BOCHS=m
1916468 powerpc/eeh-basic.sh in kselftest make P8 node stopped working
1916066 Focal update: v5.4.97 upstream stable release
1916061 Focal update: v5.4.96 upstream stable release
1916056 Focal update: v5.4.95 upstream stable release

Version: 5.4.0-70.78~18.04.1 2021-03-23 21:06:39 UTC

  linux-hwe-5.4 (5.4.0-70.78~18.04.1) bionic; urgency=medium

  [ Ubuntu: 5.4.0-70.78 ]

  * CVE-2020-27170
    - bpf: Fix off-by-one for area size in creating mask to left
  * CVE-2020-27171
    - bpf: Prohibit alu ops for pointer types not defining ptr_limit
  * binary assembly failures with CONFIG_MODVERSIONS present (LP: #1919315)
    - [Packaging] quiet (nomially) benign errors in BUILD script

  [ Ubuntu: 5.4.0-69.77 ]

  * CVE-2021-3444
    - bpf: Fix 32 bit src register truncation on div/mod
    - bpf: Fix truncation handling for mod32 dst reg wrt zero
  * CVE-2021-27365
    - scsi: iscsi: Verify lengths on passthrough PDUs
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
  * CVE-2021-27363 // CVE-2021-27364
    - scsi: iscsi: Restrict sessions and handles to admin capabilities

 -- Thadeu Lima de Souza Cascardo <email address hidden> Sat, 20 Mar 2021 10:32:15 -0300

1919315 binary assembly failures with CONFIG_MODVERSIONS present
CVE-2020-27170 An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...
CVE-2020-27171 An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...
CVE-2021-3444 The bpf verifier in the Linux kernel did not properly handle mod32 des ...
CVE-2021-27365 An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and c
CVE-2021-27363 An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structu
CVE-2021-27364 An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileg



About   -   Send Feedback to @ubuntu_updates