UbuntuUpdates.org

Package "linux-oem-5.10-tools-host"

Name: linux-oem-5.10-tools-host

Description:

Linux kernel VM host tools

Latest version: 5.10.0-1057.61
Release: focal (20.04)
Level: security
Repository: main
Head package: linux-oem-5.10

Links


Download "linux-oem-5.10-tools-host"


Other versions of "linux-oem-5.10-tools-host" in Focal

Repository Area Version
updates universe 5.10.0-1008.9
updates main 5.10.0-1057.61
PPA: Canonical Kernel Team 5.10.0-1058.62

Changelog

Version: 5.10.0-1057.61 2022-01-19 13:06:30 UTC

  linux-oem-5.10 (5.10.0-1057.61) focal; urgency=medium

  * CVE-2022-0185
    - SAUCE: vfs: Out-of-bounds write of heap buffer in fs_context.c
    - SAUCE: vfs: test that one given mount param is not larger than PAGE_SIZE

 -- Thadeu Lima de Souza Cascardo <email address hidden> Thu, 13 Jan 2022 11:04:33 -0300

Source diff to previous version
CVE-2022-0185 vfs: fs_context: fix up param length parsing in legacy_parse_param

Version: 5.10.0-1055.58 2022-01-10 23:06:26 UTC

  linux-oem-5.10 (5.10.0-1055.58) focal; urgency=medium

  * OOB write on BPF_RINGBUF (LP: #1956585)
    - SAUCE: bpf: prevent helper argument PTR_TO_ALLOC_MEM to have offset other
      than 0

 -- Thadeu Lima de Souza Cascardo <email address hidden> Thu, 06 Jan 2022 13:45:49 -0300

Source diff to previous version

Version: 5.10.0-1053.55 2022-01-05 00:06:34 UTC

  linux-oem-5.10 (5.10.0-1053.55) focal; urgency=medium

  * focal/linux-oem-5.10: 5.10.0-1053.55 -proposed tracker (LP: #1952317)

  * Focal update: 5.10.83 upstream stable release (LP: #1954557)
    - bpf: Fix toctou on read-only map's constant scalar tracking
    - ACPI: Get acpi_device's parent from the parent field
    - USB: serial: option: add Telit LE910S1 0x9200 composition
    - USB: serial: option: add Fibocom FM101-GL variants
    - usb: dwc2: gadget: Fix ISOC flow for elapsed frames
    - usb: dwc2: hcd_queue: Fix use of floating point literal
    - usb: dwc3: gadget: Ignore NoStream after End Transfer
    - usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer
    - usb: dwc3: gadget: Fix null pointer exception
    - net: nexthop: fix null pointer dereference when IPv6 is not enabled
    - usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe
    - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts
    - usb: hub: Fix usb enumeration issue due to address0 race
    - usb: hub: Fix locking issues with address0_mutex
    - binder: fix test regression due to sender_euid change
    - ALSA: ctxfi: Fix out-of-range access
    - ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100
    - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7
    - media: cec: copy sequence field for the reply
    - Revert "parisc: Fix backtrace to always include init funtion names"
    - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
    - staging/fbtft: Fix backlight
    - staging: greybus: Add missing rwsem around snd_ctl_remove() calls
    - staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
    - fuse: release pipe buf after last use
    - xen: don't continue xenstore initialization in case of errors
    - xen: detect uninitialized xenbus in xenbus_init
    - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
    - tracing/uprobe: Fix uprobe_perf_open probes iteration
    - tracing: Fix pid filtering when triggers are attached
    - mmc: sdhci-esdhc-imx: disable CMDQ support
    - mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB
    - mdio: aspeed: Fix "Link is Down" issue
    - powerpc/32: Fix hardlockup on vmap stack overflow
    - PCI: aardvark: Deduplicate code in advk_pcie_rd_conf()
    - PCI: aardvark: Update comment about disabling link training
    - PCI: aardvark: Implement re-issuing config requests on CRS response
    - PCI: aardvark: Simplify initialization of rootcap on virtual bridge
    - PCI: aardvark: Fix link training
    - proc/vmcore: fix clearing user buffer by properly using clear_user()
    - netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY
    - netfilter: ctnetlink: do not erase error code with EINVAL
    - netfilter: ipvs: Fix reuse connection if RS weight is 0
    - netfilter: flowtable: fix IPv6 tunnel addr match
    - ARM: dts: BCM5301X: Fix I2C controller interrupt
    - ARM: dts: BCM5301X: Add interrupt properties to GPIO node
    - ARM: dts: bcm2711: Fix PCIe interrupts
    - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
    - ASoC: qdsp6: q6asm: fix q6asm_dai_prepare error handling
    - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
    - ASoC: codecs: wcd934x: return error code correctly from hw_params
    - net: ieee802154: handle iftypes as u32
    - firmware: arm_scmi: pm: Propagate return value to caller
    - NFSv42: Don't fail clone() unless the OP_CLONE operation failed
    - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
    - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks
    - scsi: mpt3sas: Fix kernel panic during drive powercycle test
    - drm/vc4: fix error code in vc4_create_object()
    - net: marvell: prestera: fix double free issue on err path
    - iavf: Prevent changing static ITR values if adaptive moderation is on
    - ALSA: intel-dsp-config: add quirk for JSL devices based on ES8336 codec
    - mptcp: fix delack timer
    - firmware: smccc: Fix check for ARCH_SOC_ID not implemented
    - ipv6: fix typos in __ip6_finish_output()
    - nfp: checking parameter process for rx-usecs/tx-usecs is invalid
    - net: stmmac: fix system hang caused by eee_ctrl_timer during suspend/resume
    - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls
    - net: ipv6: add fib6_nh_release_dsts stub
    - net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group
    - ice: fix vsi->txq_map sizing
    - ice: avoid bpf_prog refcount underflow
    - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
    - scsi: scsi_debug: Zero clear zones at reset write pointer
    - erofs: fix deadlock when shrink erofs slab
    - net/smc: Ensure the active closing peer first closes clcsock
    - mlxsw: Verify the accessed index doesn't exceed the array length
    - mlxsw: spectrum: Protect driver from buggy firmware
    - net: marvell: mvpp2: increase MTU limit when XDP enabled
    - nvmet-tcp: fix incomplete data digest send
    - net/ncsi : Add payload to be 32-bit aligned to fix dropped packets
    - PM: hibernate: use correct mode for swsusp_close()
    - drm/amd/display: Set plane update flags for all planes in reset
    - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited
      flows
    - lan743x: fix deadlock in lan743x_phy_link_status_change()
    - net: phylink: Force link down and retrigger resolve on interface change
    - net: phylink: Force retrigger in case of latched link-fail indicator
    - net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()
    - net/smc: Fix loop in smc_listen
    - nvmet: use IOCB_NOWAIT only if the filesystem supports it
    - igb: fix netpoll exit with traffic
    - MIPS: loongson64: fix FTLB configuration
    - MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
    - tls: splice_read: fix record type check
    - tls: fix replacing proto_ops
    - net/sched: sch_ets: don't peek at classes beyond 'nbands'
    - net: vlan:

Source diff to previous version
1954557 Focal update: 5.10.83 upstream stable release
1954556 Focal update: 5.10.82 upstream stable release
1954555 Focal update: 5.10.81 upstream stable release
1954552 Focal update: 5.10.80 upstream stable release
1954551 Focal update: 5.10.79 upstream stable release
1954550 Focal update: 5.10.78 upstream stable release
1954549 Focal update: 5.10.77 upstream stable release
1786013 Packaging resync
CVE-2021-4002 hugetlbfs: flush TLBs correctly after huge_pmd_unshare
CVE-2021-43267 An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality all

Version: 5.10.0-1051.53 2021-11-10 11:06:18 UTC

  linux-oem-5.10 (5.10.0-1051.53) focal; urgency=medium

  * focal/linux-oem-5.10: 5.10.0-1051.53 -proposed tracker (LP: #1947263)

  * Intel I225-IT ethernet controller: igc: probe of 0000:02:00.0 failed with
    error -1 (LP: #1945576)
    - igc: Remove _I_PHY_ID checking
    - igc: Remove phy->type checking

  * rtw89 kernel module for Realtek 8852 wifi is missing (LP: #1945967)
    - rtw89: add Realtek 802.11ax driver
    - rtw89: Remove redundant check of ret after call to rtw89_mac_enable_bb_rf
    - rtw89: fix return value check in rtw89_cam_send_sec_key_cmd()
    - rtw89: remove unneeded semicolon
    - [Config] RTW89=m

  * Focal update: 5.10.76 upstream stable release (LP: #1949019)
    - parisc: math-emu: Fix fall-through warnings
    - xhci: add quirk for host controllers that don't update endpoint DCS
    - io_uring: fix splice_fd_in checks backport typo
    - arm: dts: vexpress-v2p-ca9: Fix the SMB unit-address
    - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
    - block: decode QUEUE_FLAG_HCTX_ACTIVE in debugfs output
    - xen/x86: prevent PVH type from getting clobbered
    - drm/amdgpu/display: fix dependencies for DRM_AMD_DC_SI
    - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
    - xtensa: xtfpga: Try software restart before simulating CPU reset
    - NFSD: Keep existing listeners on portlist error
    - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage
      value
    - dma-debug: fix sg checks in debug_dma_map_sg()
    - ASoC: wm8960: Fix clock configuration on slave mode
    - ice: fix getting UDP tunnel entry
    - netfilter: ip6t_rt: fix rt0_hdr parsing in rt_mt6
    - netfilter: ipvs: make global sysctl readonly in non-init netns
    - lan78xx: select CRC32
    - tcp: md5: Fix overlap between vrf and non-vrf keys
    - ipv6: When forwarding count rx stats on the orig netdev
    - net: dsa: lantiq_gswip: fix register definition
    - NIOS2: irqflags: rename a redefined register name
    - powerpc/smp: do not decrement idle task preempt count in CPU offline
    - net: hns3: reset DWRR of unused tc to zero
    - net: hns3: add limit ets dwrr bandwidth cannot be 0
    - net: hns3: schedule the polling again when allocation fails
    - net: hns3: fix vf reset workqueue cannot exit
    - net: hns3: disable sriov before unload hclge layer
    - net: stmmac: Fix E2E delay mechanism
    - ice: Add missing E810 device ids
    - drm/panel: ilitek-ili9881c: Fix sync for Feixin K101-IM2BYL02 panel
    - net: enetc: fix ethtool counter name for PM0_TERR
    - can: rcar_can: fix suspend/resume
    - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state
      notification
    - can: peak_pci: peak_pci_remove(): fix UAF
    - can: isotp: isotp_sendmsg(): fix return error on FC timeout on TX path
    - can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()
    - can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer
    - can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
    - can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with
      error length
    - can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes
    - ceph: skip existing superblocks that are blocklisted or shut down when
      mounting
    - ceph: fix handling of "meta" errors
    - ocfs2: fix data corruption after conversion from inline format
    - ocfs2: mount fails with buffer overflow in strlen
    - userfaultfd: fix a race between writeprotect and exit_mmap()
    - elfcore: correct reference to CONFIG_UML
    - vfs: check fd has read access in kernel_read_file_from_fd()
    - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
    - ALSA: hda/realtek: Add quirk for Clevo PC50HS
    - ASoC: DAPM: Fix missing kctl change notifications
    - audit: fix possible null-pointer dereference in audit_filter_rules
    - net: dsa: mt7530: correct ds->num_ports
    - powerpc64/idle: Fix SP offsets when saving GPRs
    - KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()
    - KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to
      guest
    - powerpc/idle: Don't corrupt back chain when going idle
    - mm, slub: fix mismatch between reconstructed freelist depth and cnt
    - mm, slub: fix potential memoryleak in kmem_cache_open()
    - mm, slub: fix incorrect memcg slab count for bulk free
    - KVM: nVMX: promptly process interrupts delivered while in guest mode
    - nfc: nci: fix the UAF of rf_conn_info object
    - isdn: cpai: check ctr->cnr to avoid array index out of bound
    - netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
    - selftests: netfilter: remove stray bash debug line
    - net: bridge: mcast: use multicast_membership_interval for IGMPv3
    - drm: mxsfb: Fix NULL pointer dereference crash on unload
    - net: hns3: fix the max tx size according to user manual
    - gcc-plugins/structleak: add makefile var for disabling structleak
    - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors
    - btrfs: deal with errors when checking if a dir entry exists during log
      replay
    - net: stmmac: add support for dwmac 3.40a
    - ARM: dts: spear3xx: Fix gmac node
    - isdn: mISDN: Fix sleeping function called from invalid context
    - platform/x86: intel_scu_ipc: Update timeout value in comment
    - ALSA: hda: avoid write to STATESTS if controller is in reset
    - libperf tests: Fix test_stat_cpu
    - perf/x86/msr: Add Sapphire Rapids CPU support
    - Input: snvs_pwrkey - add clk handling
    - scsi: iscsi: Fix set_param() handling
    - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()
    - sched/scs: Reset the shadow stack when idle_task_exit
    - net: hns3: fix for miscalculation of rx unused desc
    - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()
    - can: isotp: isotp_sendm

Source diff to previous version
1949019 Focal update: 5.10.76 upstream stable release
1949018 Focal update: 5.10.75 upstream stable release
1949017 Focal update: 5.10.74 upstream stable release
1949016 Focal update: 5.10.73 upstream stable release
1949015 Focal update: 5.10.72 upstream stable release
1949009 Focal update: 5.10.71 upstream stable release
1949007 Focal update: 5.10.70 upstream stable release
1949006 Focal update: 5.10.69 upstream stable release

Version: 5.10.0-1050.52 2021-10-19 16:06:21 UTC

  linux-oem-5.10 (5.10.0-1050.52) focal; urgency=medium

  * focal/linux-oem-5.10: 5.10.0-1050.52 -proposed tracker (LP: #1944904)

  * Fix A yellow screen pops up in an instant (< 1 second) and then disappears
    before loading the system (LP: #1945932)
    - SAUCE: drm/i915: Stop force enabling pipe bottom color gammma/csc

  * CVE-2021-3759
    - memcg: enable accounting of ipc resources

  * Fix i915 warnings on skl_dram_get_channel_info() (LP: #1943923)
    - drm/i915: Nuke not needed members of dram_info
    - drm/i915/gen11+: Only load DRAM information from pcode
    - drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed

  * Focal update: 5.10.68 upstream stable release (LP: #1944975)
    - drm/bridge: lt9611: Fix handling of 4k panels
    - btrfs: fix upper limit for max_inline for page size 64K
    - xen: reset legacy rtc flag for PV domU
    - bnx2x: Fix enabling network interfaces without VFs
    - arm64/sve: Use correct size when reinitialising SVE state
    - PM: base: power: don't try to use non-existing RTC for storing data
    - PCI: Add AMD GPU multi-function power dependencies
    - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10
    - drm/etnaviv: return context from etnaviv_iommu_context_get
    - drm/etnaviv: put submit prev MMU context when it exists
    - drm/etnaviv: stop abusing mmu_context as FE running marker
    - drm/etnaviv: keep MMU context across runtime suspend/resume
    - drm/etnaviv: exec and MMU state is lost when resetting the GPU
    - drm/etnaviv: fix MMU context leak on GPU reset
    - drm/etnaviv: reference MMU context when setting up hardware state
    - drm/etnaviv: add missing MMU context put when reaping MMU mapping
    - s390/sclp: fix Secure-IPL facility detection
    - x86/pat: Pass valid address to sanitize_phys()
    - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
    - tipc: fix an use-after-free issue in tipc_recvmsg
    - ethtool: Fix rxnfc copy to user buffer overflow
    - net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert
    - net-caif: avoid user-triggerable WARN_ON(1)
    - ptp: dp83640: don't define PAGE0
    - net/l2tp: Fix reference count leak in l2tp_udp_recv_core
    - r6040: Restore MDIO clock frequency after MAC reset
    - tipc: increase timeout in tipc_sk_enqueue()
    - drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused
    - perf machine: Initialize srcline string member in add_location struct
    - net/mlx5: FWTrace, cancel work on alloc pd error flow
    - net/mlx5: Fix potential sleeping in atomic context
    - nvme-tcp: fix io_work priority inversion
    - events: Reuse value read using READ_ONCE instead of re-reading it
    - net: ipa: initialize all filter table slots
    - gen_compile_commands: fix missing 'sys' package
    - vhost_net: fix OoB on sendmsg() failure.
    - net/af_unix: fix a data-race in unix_dgram_poll
    - net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup
    - x86/uaccess: Fix 32-bit __get_user_asm_u64() when CC_HAS_ASM_GOTO_OUTPUT=y
    - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
    - selftest: net: fix typo in altname test
    - qed: Handle management FW error
    - udp_tunnel: Fix udp_tunnel_nic work-queue type
    - dt-bindings: arm: Fix Toradex compatible typo
    - ibmvnic: check failover_pending in login response
    - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
      registers
    - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem()
    - net: hns3: pad the short tunnel frame before sending to hardware
    - net: hns3: change affinity_mask to numa node range
    - net: hns3: disable mac in flr process
    - net: hns3: fix the timing issue of VF clearing interrupt sources
    - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()
    - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
    - mfd: db8500-prcmu: Adjust map to reality
    - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
    - fuse: fix use after free in fuse_read_interrupt()
    - PCI: tegra194: Fix handling BME_CHGED event
    - PCI: tegra194: Fix MSI-X programming
    - PCI: tegra: Fix OF node reference leak
    - mfd: Don't use irq_create_mapping() to resolve a mapping
    - PCI: rcar: Fix runtime PM imbalance in rcar_pcie_ep_probe()
    - tracing/probes: Reject events which have the same name of existing one
    - PCI: cadence: Use bitfield for *quirk_retrain_flag* instead of bool
    - PCI: cadence: Add quirk flag to set minimum delay in LTSSM Detect.Quiet
      state
    - PCI: j721e: Add PCIe support for J7200
    - PCI: j721e: Add PCIe support for AM64
    - PCI: Add ACS quirks for Cavium multi-function devices
    - watchdog: Start watchdog in watchdog_set_last_hw_keepalive only if
      appropriate
    - octeontx2-af: Add additional register check to rvu_poll_reg()
    - Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
    - block, bfq: honor already-setup queue merges
    - PCI: ibmphp: Fix double unmap of io_mem
    - ethtool: Fix an error code in cxgb2.c
    - NTB: Fix an error code in ntb_msit_probe()
    - NTB: perf: Fix an error code in perf_setup_inbuf()
    - s390/bpf: Fix optimizing out zero-extensions
    - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
    - s390/bpf: Fix branch shortening during codegen pass
    - mfd: axp20x: Update AXP288 volatile ranges
    - backlight: ktd253: Stabilize backlight
    - PCI: of: Don't fail devm_pci_alloc_host_bridge() on missing 'ranges'
    - PCI: iproc: Fix BCMA probe resource handling
    - netfilter: Fix fall-through warnings for Clang
    - netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with mutex
    - KVM: arm64: Restrict IPA size to maximum 48 bits on 4K and 16K page size
    - PCI: Fix pci_dev_str_match_path() alloc while atomic bug
    - mfd: tqmx86: Clear GPIO IRQ resource when no I

1943923 Fix i915 warnings on skl_dram_get_channel_info()
1944975 Focal update: 5.10.68 upstream stable release
1944974 Focal update: 5.10.67 upstream stable release
1944973 Focal update: 5.10.66 upstream stable release
1944972 Focal update: 5.10.65 upstream stable release
1920674 AMD A8-7680 (amdgpu): broken Xorg acceleration and hibernation
1944971 Focal update: 5.10.64 upstream stable release
1944970 Focal update: 5.10.63 upstream stable release
1944969 Focal update: 5.10.62 upstream stable release
1944968 Focal update: 5.10.61 upstream stable release
1944967 Focal update: 5.10.60 upstream stable release
1944966 Focal update: 5.10.59 upstream stable release
1944964 Focal update: 5.10.58 upstream stable release
1944963 Focal update: 5.10.57 upstream stable release
1944961 Focal update: 5.10.56 upstream stable release
1944960 Focal update: 5.10.55 upstream stable release
1944958 Focal update: 5.10.54 upstream stable release
1944957 Focal update: 5.10.53 upstream stable release
CVE-2021-3759 unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks
CVE-2020-16119 Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid obje



About   -   Send Feedback to @ubuntu_updates