UbuntuUpdates.org

Package "linux-kvm"

Name: linux-kvm

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.18.0
  • Header files related to Linux kernel version 4.18.0
  • Header files related to Linux kernel version 4.18.0
  • Header files related to Linux kernel version 4.18.0

Latest version: 4.18.0-1009.9
Release: cosmic (18.10)
Level: security
Repository: main

Links

Save this URL for the latest version of "linux-kvm": https://www.ubuntuupdates.org/linux-kvm



Other versions of "linux-kvm" in Cosmic

Repository Area Version
base main 4.18.0-1003.3
updates main 4.18.0-1009.9
proposed main 4.18.0-1010.10
PPA: Canonical Kernel Team 4.18.0-1010.10

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.18.0-1009.9 2019-04-02 16:12:20 UTC

  linux-kvm (4.18.0-1009.9) cosmic; urgency=medium

  * linux-kvm: 4.18.0-1009.9 -proposed tracker (LP: #1819621)

  * CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
    (LP: #1812153)
    - [Config]: disable CONFIG_SECURITY_SELINUX_DISABLE
    - [Config]: disable CONFIG_SECURITY_WRITABLE_HOOKS

  * PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was
    expected to be set in C-KVM (LP: #1812624)
    - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY,
      PAGE_POISONING_ZERO

  [ Ubuntu: 4.18.0-17.18 ]

  * linux: 4.18.0-17.18 -proposed tracker (LP: #1819624)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
  * C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype
  * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
    - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout
  * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
    - nvme-pci: fix out of bounds access in nvme_cqe_pending
  * CVE-2019-9003
    - ipmi: fix use-after-free of user->release_barrier.rda
  * CVE-2019-9162
    - netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()
  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
  * tun/tap: unable to manage carrier state from userland (LP: #1806392)
    - tun: implement carrier change
  * CVE-2019-8980
    - exec: Fix mem leak in kernel_read_file
  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive
  * amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout
  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to test_verifier
    - bpf: add various test cases to selftests
  * CVE-2017-5753
    - bpf: fix inner map masking to prevent oob under speculation
  * Use memblock quirk instead of delayed allocation for GICv3 LPI tables
    (LP: #1816425)
    - efi/arm: Revert "Defer persistent reservations until after paging_init()"
    - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve
      table
  * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
    - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted
  * Update ENA driver to version 2.0.3K (LP: #1816806)
    - net: ena: update driver version from 2.0.2 to 2.0.3
    - net: ena: fix race between link up and device initalization
    - net: ena: fix crash during failed resume from hibernation
  * Silent "Unknown key" message when pressing keyboard backlight hotkey
    (LP: #1817063)
    - platform/x86: dell-wmi: Ignore new keyboard backlight change event
  * CVE-2018-19824
    - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
  * CVE-2019-3459
    - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
  * CONFIG_TEST_BPF is disabled (LP: #1813955)
    - [Config]: Reenable TEST_BPF
  * installer does not support iSCSI iBFT (LP: #1817321)
    - d-i: add iscsi_ibft to scsi-modules
  * CVE-2019-7222
    - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
  * CVE-2019-7221
    - KVM: nVMX: unconditionally cancel preemption timer in free_nested
      (CVE-2019-7221)
  * CVE-2019-6974
    - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
  * hns3 nic speed may not match optical port speed (LP: #1817969)
    - net: hns3: Config NIC port speed same as that of optical module
  * [Hyper-V] srcu: Lock srcu_data structure in srcu_gp_start() (LP: #1802021)
    - srcu: Lock srcu_data structure in srcu_gp_start()
  * libsas disks can have non-unique by-path names (LP: #1817784)
    - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
  * Bluetooth not working (Intel CyclonePeak) (LP: #1817518)
    - Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029
  * CVE-2019-8912
    - net: crypto set sk to NULL when af_alg_release.
    - net: socket: set sock->sk to NULL after calling proto_ops::release()
  * 4.18.0 thinkpad_acpi : thresholds for BAT1 not writable (LP: #1812099)
    - platform/x86: thinkpad_acpi: Fix multi-battery bug
  * [ALSA] [PATCH] System76 darp5 and oryp5 fixups (LP: #1815831)
    - ALSA: hda/realtek - Headset microphone support for System76 darp5
    - ALSA: hda/realtek - Headset microphone and internal speaker support for
      System76 oryp5
  * CVE-2019-8956
    - sctp: walk the list of asoc safely
  * Constant noise in the headphone on Lenovo X1 machines (LP: #1817263)
    - ALSA: hda/realtek: Disable PC beep in passthrough on alc285

 -- Kleber Sacilotto de Souza <email address hidden> Thu, 14 Mar 2019 09:43:06 +0100

Source diff to previous version
1812153 CONFIG_SECURITY_SELINUX_DISABLE should be disabled on KVM kernel
1786013 Packaging resync
1818162 arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout
1818747 Crash in nvme_irq_check() when using threaded interrupts
1806392 tun/tap: unable to manage carrier state from userland
1752072 [Packaging] Allow overlay of config annotations
1814308 amdgpu with mst WARNING on blanking
1816425 Use memblock quirk instead of delayed allocation for GICv3 LPI tables
1814982 efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted
1816806 Update ENA driver to version 2.0.3K
1817063 Silent \
1813955 CONFIG_TEST_BPF is disabled
1817321 installer does not support iSCSI iBFT
1817969 hns3 nic speed may not match optical port speed
1802021 [Hyper-V] srcu: Lock srcu_data structure in srcu_gp_start()
1817784 libsas disks can have non-unique by-path names
1817518 Bluetooth not working (Intel CyclonePeak)
1812099 4.18.0 thinkpad_acpi : thresholds for BAT1 not writable
1815831 [ALSA] [PATCH] System76 darp5 and oryp5 fixups
1817263 Constant noise in the headphone on Lenovo X1 machines
CVE-2019-9003 In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simul
CVE-2019-9162 In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an a
CVE-2019-9213 In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to
CVE-2019-3460 Heap data infoleak in multiple locations including functionl2cap_parse_conf_rsp
CVE-2019-8980 A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory
CVE-2019-7308 kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, includ
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2018-19824 In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with ze
CVE-2019-3459 Heap address infoleak in use of l2cap_get_conf_opt
CVE-2019-7222 KVM: x86: work around leak of uninitialized stack contents
CVE-2019-7221 KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer
CVE-2019-6974 In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading
CVE-2019-8912 In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to
CVE-2019-8956 In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-fre ...

Version: 4.18.0-1008.8 2019-03-06 12:06:44 UTC

  linux-kvm (4.18.0-1008.8) cosmic; urgency=medium

  * linux-kvm: 4.18.0-1008.8 -proposed tracker (LP: #1814760)

  [ Ubuntu: 4.18.0-16.17 ]

  * linux: 4.18.0-16.17 -proposed tracker (LP: #1814749)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2018-16880
    - vhost: fix OOB in get_rx_bufs()
  * RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472)
    - SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled
    - [Config] CONFIG_RTLWIFI_DEBUG_ST=n
    - SAUCE: Add r8822be to signature inclusion list
  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation
  * CVE-2018-18397
    - userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
    - userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
    - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
    - userfaultfd: shmem: add i_size checks
    - userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set
  * Ignore "incomplete report" from Elan touchpanels (LP: #1813733)
    - HID: i2c-hid: Ignore input report if there's no data present on Elan
      touchpanels
  * Vsock connect fails with ENODEV for large CID (LP: #1813934)
    - vhost/vsock: fix vhost vsock cid hashing inconsistent
  * Fix non-working pinctrl-intel (LP: #1811777)
    - pinctrl: intel: Do pin translation in other GPIO operations as well
  * ip6_gre: fix tunnel list corruption for x-netns (LP: #1812875)
    - ip6_gre: fix tunnel list corruption for x-netns
  * Backported commit breaks audio (fixed upstream) (LP: #1811566)
    - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0
    - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook
      Clapper
    - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook
      Gnawty
  * kvm_stat : missing python dependency (LP: #1798776)
    - tools/kvm_stat: switch to python3
  * [SRU] Fix Xorg crash with nomodeset when BIOS enable 64-bit fb addr
    (LP: #1812797)
    - vgaarb: Add support for 64-bit frame buffer address
    - vgaarb: Keep adding VGA device in queue
  * Fix non-working QCA Rome Bluetooth after S3 (LP: #1812812)
    - USB: Add new USB LPM helpers
    - USB: Consolidate LPM checks to avoid enabling LPM twice
  * [SRU] IO's are issued with incorrect Scatter Gather Buffer (LP: #1795453)
    - scsi: megaraid_sas: Use 63-bit DMA addressing
  * x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
    (LP: #1813532)
    - x86/mm: Do not warn about PCI BIOS W+X mappings
  * CVE-2019-6133
    - fork: record start_time late
  * Fix not working Goodix touchpad (LP: #1811929)
    - HID: i2c-hid: Disable runtime PM on Goodix touchpad
  * bluetooth controller not detected with 4.15 kernel (LP: #1810797)
    - SAUCE: btqcomsmd: introduce BT_QCOMSMD_HACK
    - [Config] arm64: snapdragon: BT_QCOMSMD_HACK=y
  * X1 Extreme: only one of the two SSDs is loaded (LP: #1811755)
    - nvme-core: rework a NQN copying operation
    - nvme: pad fake subsys NQN vid and ssvid with zeros
    - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN
  * Crash on "ip link add foo type ipip" (LP: #1811803)
    - SAUCE: fan: Fix NULL pointer dereference

  [ Ubuntu: 4.18.0-15.16 ]

  * Ubuntu boot failure. 4.18.0-14 boot stalls. (does not boot) (LP: #1814555)
    - Revert "drm/i915/ringbuffer: Delay after EMIT_INVALIDATE for gen4/gen5"
  * Userspace break as a result of missing patch backport (LP: #1813873)
    - tty: Don't hold ldisc lock in tty_reopen() if ldisc present

 -- Khalid Elmously <email address hidden> Mon, 11 Feb 2019 06:20:24 +0000

Source diff to previous version
1786013 Packaging resync
1806472 RTL8822BE WiFi Disabled in Kernel 4.18.0-12
1793901 kernel oops in bcache module
1813733 Ignore \
1813934 Vsock connect fails with ENODEV for large CID
1811777 Fix non-working pinctrl-intel
1812875 ip6_gre: fix tunnel list corruption for x-netns
1811566 Backported commit breaks audio (fixed upstream)
1798776 kvm_stat : missing python dependency
1812797 [SRU] Fix Xorg crash with nomodeset when BIOS enable 64-bit fb addr
1812812 Fix non-working QCA Rome Bluetooth after S3
1795453 [SRU] IO's are issued with incorrect Scatter Gather Buffer
1813532 x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
1811929 Fix not working Goodix touchpad
1810797 bluetooth controller not detected with 4.15 kernel
1811755 X1 Extreme: only one of the two SSDs is loaded
1811803 Crash on \
1814555 Ubuntu boot failure. 4.18.0-14 boot stalls. (does not boot)
1813873 Userspace break as a result of missing patch backport
CVE-2018-16880 A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trig
CVE-2018-18397 The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowi
CVE-2019-6133 In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization deci

Version: 4.18.0-1007.7 2019-02-04 11:06:30 UTC

  linux-kvm (4.18.0-1007.7) cosmic; urgency=medium

  * linux-kvm: 4.18.0-1007.7 -proposed tracker (LP: #1811417)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  [ Ubuntu: 4.18.0-14.15 ]

  * linux: 4.18.0-14.15 -proposed tracker (LP: #1811406)
  * CPU hard lockup with rigorous writes to NVMe drive (LP: #1810998)
    - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait
    - blk-wbt: move disable check into get_limit()
    - blk-wbt: use wq_has_sleeper() for wq active check
    - blk-wbt: fix has-sleeper queueing check
    - blk-wbt: abstract out end IO completion handler
    - blk-wbt: improve waking of tasks
  * To reduce the Realtek USB cardreader power consumption (LP: #1811337)
    - mmc: core: Introduce MMC_CAP_SYNC_RUNTIME_PM
    - mmc: rtsx_usb_sdmmc: Don't runtime resume the device while changing led
    - mmc: rtsx_usb_sdmmc: Re-work runtime PM support
    - mmc: rtsx_usb_sdmmc: Re-work card detection/removal support
    - memstick: rtsx_usb_ms: Add missing pm_runtime_disable() in probe function
    - misc: rtsx_usb: Use USB remote wakeup signaling for card insertion detection
    - memstick: Prevent memstick host from getting runtime suspended during card
      detection
    - memstick: rtsx_usb_ms: Use ms_dev() helper
    - memstick: rtsx_usb_ms: Support runtime power management
  * Support non-strict iommu mode on arm64 (LP: #1806488)
    - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap()
    - iommu/arm-smmu-v3: Implement flush_iotlb_all hook
    - iommu/dma: Add support for non-strict mode
    - iommu: Add "iommu.strict" command line option
    - iommu/io-pgtable-arm: Add support for non-strict mode
    - iommu/arm-smmu-v3: Add support for non-strict mode
    - iommu/io-pgtable-arm-v7s: Add support for non-strict mode
    - iommu/arm-smmu: Support non-strict mode
  * [Regression] crashkernel fails on HiSilicon D05 (LP: #1806766)
    - efi: honour memory reservations passed via a linux specific config table
    - efi/arm: libstub: add a root memreserve config table
    - efi: add API to reserve memory persistently across kexec reboot
    - irqchip/gic-v3-its: Change initialization ordering for LPIs
    - irqchip/gic-v3-its: Simplify LPI_PENDBASE_SZ usage
    - irqchip/gic-v3-its: Split property table clearing from allocation
    - irqchip/gic-v3-its: Move pending table allocation to init time
    - irqchip/gic-v3-its: Keep track of property table's PA and VA
    - irqchip/gic-v3-its: Allow use of pre-programmed LPI tables
    - irqchip/gic-v3-its: Use pre-programmed redistributor tables with kdump
      kernels
    - irqchip/gic-v3-its: Check that all RDs have the same property table
    - irqchip/gic-v3-its: Register LPI tables with EFI config table
    - irqchip/gic-v3-its: Allow use of LPI tables in reserved memory
    - arm64: memblock: don't permit memblock resizing until linear mapping is up
    - efi/arm: Defer persistent reservations until after paging_init()
    - efi: Permit calling efi_mem_reserve_persistent() from atomic context
    - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use
  * ELAN900C:00 04F3:2844 touchscreen doesn't work (LP: #1811335)
    - pinctrl: cannonlake: Fix community ordering for H variant
    - pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant
  * Add Cavium ThunderX2 SoC UNCORE PMU driver (LP: #1811200)
    - Documentation: perf: Add documentation for ThunderX2 PMU uncore driver
    - drivers/perf: Add Cavium ThunderX2 SoC UNCORE PMU driver
    - [Config] New config CONFIG_THUNDERX2_PMU=m
  * iptables connlimit allows more connections than the limit when using
    multiple CPUs (LP: #1811094)
    - netfilter: nf_conncount: don't skip eviction when age is negative
  * CVE-2018-16882
    - KVM: Fix UAF in nested posted interrupt processing
  * Cannot initialize ATA disk if IDENTIFY command fails (LP: #1809046)
    - scsi: libsas: check the ata device status by ata_dev_enabled()
  * scsi: libsas: fix a race condition when smp task timeout (LP: #1808912)
    - scsi: libsas: fix a race condition when smp task timeout
  * CVE-2018-14625
    - vhost/vsock: fix use-after-free in network stack callers
  * Fix and issue that LG I2C touchscreen stops working after reboot
    (LP: #1805085)
    - HID: i2c-hid: Disable runtime PM for LG touchscreen
  * Drivers: hv: vmbus: Offload the handling of channels to two workqueues
    (LP: #1807757)
    - Drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl()
    - Drivers: hv: vmbus: Offload the handling of channels to two workqueues
  * Disable LPM for Raydium Touchscreens (LP: #1802248)
    - USB: quirks: Add no-lpm quirk for Raydium touchscreens
  * Power leakage at S5 with Qualcomm Atheros QCA9377 802.11ac Wireless Network
    Adapter (LP: #1805607)
    - SAUCE: ath10k: provide reset function for QCA9377 chip
  * CVE-2018-19407
    - KVM: X86: Fix scan ioapic use-before-initialization
  * Fix USB2 device wrongly detected as USB1 (LP: #1806534)
    - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc
  * Add support for ALC3277 codec on new Dell edge gateways (LP: #1807334)
    - SAUCE: ASoC: rt5660: (no-up) Move platform code to board file
    - ASoC: Intel: kbl_rt5660: Add a new machine driver for kbl with rt5660
    - [Config] CONFIG_SND_SOC_INTEL_KBL_RT5660_MACH=m
  * armhf guests fail to boot in EFI mode (LP: #1809488)
    - efi/arm: Revert deferred unmap of early memmap mapping
  * audio output has constant noise on a Dell machine (LP: #1810891)
    - ALSA: hda/realtek - Fixed headphone issue for ALC700
  * ldisc crash on reopened tty (LP: #1791758)
    - tty: Hold tty_ldisc_lock() during tty_reopen()
    - tty: Don't block on IO when ldisc change is pending
    - tty: Simplify tty->count math in tty_reopen()
  * efi-lockdown patch causes -EPERM for some debugfs files even though
    CONFIG_LOCK_DOWN_KERNEL is not set (LP: #1807686)
    - SAUCE: debugfs: avoid

Source diff to previous version
1786013 Packaging resync
1810998 CPU hard lockup with rigorous writes to NVMe drive
1811337 To reduce the Realtek USB cardreader power consumption
1806488 Support non-strict iommu mode on arm64
1806766 [Regression] crashkernel fails on HiSilicon D05
1811335 ELAN900C:00 04F3:2844 touchscreen doesn't work
1811200 Add Cavium ThunderX2 SoC UNCORE PMU driver
1811094 iptables connlimit allows more connections than the limit when using multiple CPUs
1809046 Cannot initialize ATA disk if IDENTIFY command fails
1808912 scsi: libsas: fix a race condition when smp task timeout
1805085 Fix and issue that LG I2C touchscreen stops working after reboot
1807757 Drivers: hv: vmbus: Offload the handling of channels to two workqueues
1802248 Disable LPM for Raydium Touchscreens
1805607 Power leakage at S5 with Qualcomm Atheros QCA9377 802.11ac Wireless Network Adapter
1806534 Fix USB2 device wrongly detected as USB1
1807334 Add support for ALC3277 codec on new Dell edge gateways
1809488 armhf guests fail to boot in EFI mode
1810891 audio output has constant noise on a Dell machine
1791758 ldisc crash on reopened tty
1807686 efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
1781533 SATA device is not going to DEVSLP
1808097 Console got stuck using serial tty after logout
1806838 Workaround CSS timeout on AMD SNPS 3.0 xHC
1805081 Add pointstick support for Cirque Touchpad
1810457 Update hisilicon SoC-specific drivers
1810821 Cosmic update: 4.18.20 upstream stable release
1810820 Cosmic update: 4.18.19 upstream stable release
1810818 Cosmic update: 4.18.18 upstream stable release
1794387 Colour banding in HP Pavilion 15-n233sl integrated display
1810892 lineout jack can't work on a Dell machine
1809847 Ethernet[10ec:8136] doesn't work after S3 with kernel 4.15.0.43.64
1811055 Support new Realtek ethernet chips
1805775 PC SN720 NVMe WDC 256GB consumes more power in S2Idle than during long idle
1804588 Power consumption during s2idle is higher than long idle (Intel SSDPEKKF)
1810781 mpt3sas - driver using the wrong register to update a queue index in FW
1806335 Enable new Realtek card reader
1806532 The line-out on the Dell Dock station can't work
1806380 linux-buildinfo: pull out ABI information into its own package
1806818 Fix Intel I210 doesn't work when ethernet cable gets plugged
1806850 Fix Terminus USB hub that may breaks connected USB devices after S3
1807333 Add support for 0cf3:535b QCA_ROME device
1798583 the new Steam Controller driver breaks it on Steam
1808465 The mute led can't work anymore on the lenovo x1 carbon
1805079 click/pop noise in the headphone on several lenovo laptops
1808729 MAC address pass through on RTL8153-BND for docking station
1808318 powerpc test in ubuntu_kernel_selftest failed on Cosmic P8/P9
1805414 [Ubuntu] kernel: zcrypt: reinit ap queue state machine
1805802 [UBUNTU] qeth: fix length check in SNMP processing
1808183 ASPEED server console output extremely slow after upgrade to 18.04
CVE-2018-16882 A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled.
CVE-2018-14625 A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condi
CVE-2018-19407 The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer

Version: 4.18.0-1006.6 2018-12-20 11:07:53 UTC

  linux-kvm (4.18.0-1006.6) cosmic; urgency=medium

  * linux-kvm: 4.18.0-1006.6 -proposed tracker (LP: #1806424)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update update.conf

  [ Ubuntu: 4.18.0-13.14 ]

  * linux: 4.18.0-13.14 -proposed tracker (LP: #1806409)
  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] limit preparation to linux-libc-dev in headers
    - [Packaging] commonise debhelper invocation
    - [Packaging] ABI -- accumulate abi information at the end of the build
    - [Packaging] buildinfo -- add basic build information
    - [Packaging] buildinfo -- add firmware information to the flavour ABI
    - [Packaging] buildinfo -- add compiler information to the flavour ABI
    - [Packaging] buildinfo -- add buildinfo support to getabis
  * linux packages should own /usr/lib/linux/triggers (LP: #1770256)
    - [Packaging] own /usr/lib/linux/triggers
  * Regression: hinic performance degrades over time (LP: #1805248)
    - Revert "net-next/hinic: add checksum offload and TSO support"
  * CVE-2018-18710
    - cdrom: fix improper type cast, which can leat to information leak.

 -- Stefan Bader <email address hidden> Wed, 05 Dec 2018 16:45:55 +0100

Source diff to previous version
1786013 Packaging resync
1806380 linux-buildinfo: pull out ABI information into its own package
1770256 linux packages should own /usr/lib/linux/triggers
1805248 Regression: hinic performance degrades over time
CVE-2018-18710 An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by lo

Version: 4.18.0-1005.5 2018-12-03 10:06:50 UTC

  linux-kvm (4.18.0-1005.5) cosmic; urgency=medium

  * linux-kvm: 4.18.0-1005.5 -proposed tracker (LP: #1802753)

  [ Ubuntu: 4.18.0-12.13 ]

  * linux: 4.18.0-12.13 -proposed tracker (LP: #1802743)
  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
    - s390/zcrypt: Add ZAPQ inline function.
    - s390/zcrypt: Review inline assembler constraints.
    - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
    - s390/zcrypt: fix ap_instructions_available() returncodes
    - KVM: s390: vsie: simulate VCPU SIE entry/exit
    - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
    - KVM: s390: refactor crypto initialization
    - s390: vfio-ap: base implementation of VFIO AP device driver
    - s390: vfio-ap: register matrix device with VFIO mdev framework
    - s390: vfio-ap: sysfs interfaces to configure adapters
    - s390: vfio-ap: sysfs interfaces to configure domains
    - s390: vfio-ap: sysfs interfaces to configure control domains
    - s390: vfio-ap: sysfs interface to view matrix mdev matrix
    - KVM: s390: interface to clear CRYCB masks
    - s390: vfio-ap: implement mediated device open callback
    - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
    - s390: vfio-ap: zeroize the AP queues
    - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
    - KVM: s390: Clear Crypto Control Block when using vSIE
    - KVM: s390: vsie: Do the CRYCB validation first
    - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
    - KVM: s390: vsie: Allow CRYCB FORMAT-2
    - KVM: s390: vsie: allow CRYCB FORMAT-1
    - KVM: s390: vsie: allow CRYCB FORMAT-0
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
    - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
    - KVM: s390: device attrs to enable/disable AP interpretation
    - KVM: s390: CPU model support for AP virtualization
    - s390: doc: detailed specifications for AP virtualization
    - KVM: s390: fix locking for crypto setting error path
    - KVM: s390: Tracing APCB changes
    - s390: vfio-ap: setup APCB mask using KVM dedicated function
    - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.
  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
  * CVE-2018-18955: nested user namespaces with more than five extents
    incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
    - userns: also map extents in the reverse map to kernel IDs
  * kdump fail due to an IRQ storm (LP: #1797990)
    - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
    - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
    - SAUCE: x86/quirks: Scan all busses for early PCI quirks
  * crash in ENA driver on removing an interface (LP: #1802341)
    - SAUCE: net: ena: fix crash during ena_remove()
  * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
    (LP: #1797367)
    - s390/qeth: reduce hard-coded access to ccw channels
    - s390/qeth: sanitize strings in debug messages
  * Add checksum offload and TSO support for HiNIC adapters (LP: #1800664)
    - net-next/hinic: add checksum offload and TSO support
  * smartpqi updates for ubuntu 18.04.2 (LP: #1798208)
    - scsi: smartpqi: improve handling for sync requests
    - scsi: smartpqi: improve error checking for sync requests
    - scsi: smartpqi: add inspur advantech ids
    - scsi: smartpqi: fix critical ARM issue reading PQI index registers
    - scsi: smartpqi: bump driver version to 1.1.4-130
  * [GLK/CLX] Enhanced IBRS (LP: #1786139)
    - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
    - x86/speculation: Support Enhanced IBRS on future CPUs
  * Enable keyboard wakeup for S2Idle laptops (LP: #1798552)
    - Input: i8042 - enable keyboard wakeups by default when s2idle is used
  * Overlayfs in user namespace leaks directory content of inaccessible
    directories (LP: #1793458) // CVE-2018-6559
    - SAUCE: overlayfs: ensure mounter privileges when reading directories
  * Update ENA driver to version 2.0.1K (LP: #1798182)
    - net: ena: remove ndo_poll_controller
    - net: ena: fix auto casting to boolean
    - net: ena: minor performance improvement
    - net: ena: complete host info to match latest ENA spec
    - net: ena: introduce Low Latency Queues data structures according to ENA spec
    - net: ena: add functions for handling Low Latency Queues in ena_com
    - net: ena: add functions for handling Low Latency Queues in ena_netdev
    - net: ena: use CSUM_CHECKED device indication to report skb's checksum status
    - net: ena: explicit casting and initialization, and clearer error handling
    - net: ena: limit refill Rx threshold to 256 to avoid latency issues
    - net: ena: change rx copybreak default to reduce kernel memory pressure
    - net: ena: remove redundant parameter in ena_com_admin_init()
    - net: ena: update driver version to 2.0.1
    - net: ena: fix indentations in ena_defs for better readability
    - net: ena: Fix Kconfig dependency on X86
    - net: ena: enable Low Latency Queues
    - net: ena: fix compilation error in xtensa architecture
  * Cosmic update: 4.18.17 upstream stable release (LP: #1802119)
    - xfrm: Validate address prefix lengths in the xfrm selector.
    - xfrm6: call kfree_skb when skb is toobig
    - xfrm: reset transport header back to network header after all input
      transforms ahave been applied
    - xfrm: reset crypto_done when iterating over multiple input xfrms
    - mac80211: Always report TX status
    - cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
    - mac80211: fix pending queue hang due to TX_DROP
    - cfg80211: Address some corner cases in scan result channel updating
    - mac80211: TDLS: fix skb queue/priority assignment
    - mac80211: fix TX status reporting for ie

1787405 [FEAT] Guest-dedicated Crypto Adapters
1789161 Bypass of mount visibility through userns + mount propagation
1801924 CVE-2018-18955: nested user namespaces with more than five extents incorrectly grant privileges over inode
1797990 kdump fail due to an IRQ storm
1797367 Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
1800664 Add checksum offload and TSO support for HiNIC adapters
1798208 smartpqi updates for ubuntu 18.04.2
1786139 [GLK/CLX] Enhanced IBRS
1798552 Enable keyboard wakeup for S2Idle laptops
1793458 Overlayfs in user namespace leaks directory content of inaccessible directories
1798182 Update ENA driver to version 2.0.1K
1802119 Cosmic update: 4.18.17 upstream stable release
1802100 Cosmic update: 4.18.16 upstream stable release
1802082 Cosmic update: 4.18.15 upstream stable release
1801986 Cosmic update: 4.18.14 upstream stable release
1801931 Cosmic update: 4.18.13 upstream stable release
1775068 Volume control not working Dell XPS 27 (7760)
1799281 [Bionic][Cosmic] ipmi: Fix timer race with module unload
1799794 [Bionic][Cosmic] Fix to ipmi to support vendor specific messages greater than 255 bytes
1798863 18.10 kernel does not appear to validate kernel module signatures correctly
1800639 [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport
1801875 Power consumption during s2idle is higher than long idle(sk hynix)
1801878 NULL pointer dereference at 0000000000000020 when access dst_orig-\u003eops-\u003efamily in function xfrm_lookup_with_ifid()
1802023 hns3: map tx ring to tc
1800641 [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup
1799393 Mellanox CX5 stops pinging with rx_wqe_err (mlx5_core)
1798165 Vulkan applications cause permanent memory leak with Intel GPU
1786013 Packaging resync
CVE-2018-18955 userns: also map extents in the reverse map to kernel IDs
CVE-2018-6559 The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able
CVE-2018-18653 The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot



About   -   Send Feedback to @ubuntu_updates