UbuntuUpdates.org

Package "linux-hwe"

Name: linux-hwe

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel buildinfo for version 4.15.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 4.15.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 4.15.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 4.15.0 on 32 bit x86 SMP

Latest version: 4.15.0-50.54~16.04.1
Release: xenial (16.04)
Level: security
Repository: main

Links

Save this URL for the latest version of "linux-hwe": https://www.ubuntuupdates.org/linux-hwe



Other versions of "linux-hwe" in Xenial

Repository Area Version
updates main 4.15.0-50.54~16.04.1
proposed main 4.15.0-51.55~16.04.1
PPA: Canonical Kernel Team 4.15.0-51.55~16.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.15.0-42.45~16.04.1 2018-12-03 21:06:15 UTC

  linux-hwe (4.15.0-42.45~16.04.1) xenial; urgency=medium

  * linux-hwe: 4.15.0-42.45~16.04.1 -proposed tracker (LP: #1802571)

  [ Ubuntu: 4.15.0-42.45 ]

  * linux: 4.15.0-42.45 -proposed tracker (LP: #1803592)
  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
    - KVM: s390: reset crypto attributes for all vcpus
    - KVM: s390: vsie: simulate VCPU SIE entry/exit
    - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
    - KVM: s390: refactor crypto initialization
    - s390: vfio-ap: base implementation of VFIO AP device driver
    - s390: vfio-ap: register matrix device with VFIO mdev framework
    - s390: vfio-ap: sysfs interfaces to configure adapters
    - s390: vfio-ap: sysfs interfaces to configure domains
    - s390: vfio-ap: sysfs interfaces to configure control domains
    - s390: vfio-ap: sysfs interface to view matrix mdev matrix
    - KVM: s390: interface to clear CRYCB masks
    - s390: vfio-ap: implement mediated device open callback
    - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
    - s390: vfio-ap: zeroize the AP queues
    - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
    - KVM: s390: Clear Crypto Control Block when using vSIE
    - KVM: s390: vsie: Do the CRYCB validation first
    - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
    - KVM: s390: vsie: Allow CRYCB FORMAT-2
    - KVM: s390: vsie: allow CRYCB FORMAT-1
    - KVM: s390: vsie: allow CRYCB FORMAT-0
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
    - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
    - KVM: s390: device attrs to enable/disable AP interpretation
    - KVM: s390: CPU model support for AP virtualization
    - s390: doc: detailed specifications for AP virtualization
    - KVM: s390: fix locking for crypto setting error path
    - KVM: s390: Tracing APCB changes
    - s390: vfio-ap: setup APCB mask using KVM dedicated function
    - s390/zcrypt: Add ZAPQ inline function.
    - s390/zcrypt: Review inline assembler constraints.
    - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
    - s390/zcrypt: fix ap_instructions_available() returncodes
    - s390/zcrypt: remove VLA usage from the AP bus
    - s390/zcrypt: Remove deprecated ioctls.
    - s390/zcrypt: Remove deprecated zcrypt proc interface.
    - s390/zcrypt: Support up to 256 crypto adapters.
    - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.
  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
  * CVE-2018-18955: nested user namespaces with more than five extents
    incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
    - userns: also map extents in the reverse map to kernel IDs
  * kdump fail due to an IRQ storm (LP: #1797990)
    - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
    - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
    - SAUCE: x86/quirks: Scan all busses for early PCI quirks

  [ Ubuntu: 4.15.0-40.43 ]

  * linux: 4.15.0-40.43 -proposed tracker (LP: #1802554)
  * crash in ENA driver on removing an interface (LP: #1802341)
    - SAUCE: net: ena: fix crash during ena_remove()
  * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
    (LP: #1797367)
    - s390/qeth: don't keep track of MAC address's cast type
    - s390/qeth: consolidate qeth MAC address helpers
    - s390/qeth: avoid using is_multicast_ether_addr_64bits on (u8 *)[6]
    - s390/qeth: remove outdated portname debug msg
    - s390/qeth: reduce hard-coded access to ccw channels
    - s390/qeth: sanitize strings in debug messages
  * [18.04 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver
    binding (LP: #1799184)
    - s390/zcrypt: code beautify
    - s390/zcrypt: AP bus support for alternate driver(s)
    - s390/zcrypt: hex string mask improvements for apmask and aqmask.
    - s390/zcrypt: remove unused functions and declarations
    - s390/zcrypt: Show load of cards and queues in sysfs
  * [GLK/CLX] Enhanced IBRS (LP: #1786139)
    - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
    - x86/speculation: Support Enhanced IBRS on future CPUs
  * Allow signed kernels to be kexec'ed under lockdown (LP: #1798441)
    - Fix kexec forbidding kernels signed with keys in the secondary keyring to
      boot
  * Overlayfs in user namespace leaks directory content of inaccessible
    directories (LP: #1793458) // CVE-2018-6559
    - SAUCE: overlayfs: ensure mounter privileges when reading directories
  * Update ENA driver to version 2.0.1K (LP: #1798182)
    - net: ena: remove ndo_poll_controller
    - net: ena: fix warning in rmmod caused by double iounmap
    - net: ena: fix rare bug when failed restart/resume is followed by driver
      removal
    - net: ena: fix NULL dereference due to untimely napi initialization
    - net: ena: fix auto casting to boolean
    - net: ena: minor performance improvement
    - net: ena: complete host info to match latest ENA spec
    - net: ena: introduce Low Latency Queues data structures according to ENA spec
    - net: ena: add functions for handling Low Latency Queues in ena_com
    - net: ena: add functions for handling Low Latency Queues in ena_netdev
    - net: ena: use CSUM_CHECKED device indication to report skb's checksum status
    - net: ena: explicit casting and initialization, and clearer error handling
    - net: ena: limit refill Rx threshold to 256 to avoid latency issues
    - net: ena: change rx copybreak default to reduce kernel memory pressure
    - net: ena: remove redundant parameter in ena_com_admin_init()
    - net: ena: update driver version to 2.0.1
    - net: ena: fix indentations in ena_defs for better readability
    - net: ena: Fix Kconfig dependency on X86
    - net: ena: enable Low Latency

Source diff to previous version
1787405 [FEAT] Guest-dedicated Crypto Adapters
1789161 Bypass of mount visibility through userns + mount propagation
1801924 CVE-2018-18955: nested user namespaces with more than five extents incorrectly grant privileges over inode
1797990 kdump fail due to an IRQ storm
1797367 Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
1799184 [18.04 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver binding
1786139 [GLK/CLX] Enhanced IBRS
1798441 Allow signed kernels to be kexec'ed under lockdown
1793458 Overlayfs in user namespace leaks directory content of inaccessible directories
1798182 Update ENA driver to version 2.0.1K
1800537 Bionic update: upstream stable patchset 2018-10-29
1799049 [bionic]mlx5: reading SW stats through ifstat cause kernel crash
1799281 [Bionic][Cosmic] ipmi: Fix timer race with module unload
1799276 [Bionic] ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver
1786729 execveat03 in ubuntu_ltp_syscalls failed on X/B
1799794 [Bionic][Cosmic] Fix to ipmi to support vendor specific messages greater than 255 bytes
1784501 libvirtd is unable to configure bridge devices inside of LXD containers
1800849 [Ubuntu] kvm: fix deadlock when killed by oom
1800639 [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport
1801875 Power consumption during s2idle is higher than long idle(sk hynix)
1798552 Enable keyboard wakeup for S2Idle laptops
1801878 NULL pointer dereference at 0000000000000020 when access dst_orig-\u003eops-\u003efamily in function xfrm_lookup_with_ifid()
1801686 [Ubuntu] qdio: reset old sbal_state flags
1802023 hns3: map tx ring to tc
1800641 [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup
1798165 Vulkan applications cause permanent memory leak with Intel GPU
1792580 Mounting SOFS SMB shares fails
1786013 Packaging resync
CVE-2018-18955 userns: also map extents in the reverse map to kernel IDs
CVE-2018-6559 The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able

Version: 4.15.0-39.42~16.04.1 2018-11-13 20:07:20 UTC

  linux-hwe (4.15.0-39.42~16.04.1) xenial; urgency=medium

  * linux-hwe: 4.15.0-39.42~16.04.1 -proposed tracker (LP: #1799425)

  [ Ubuntu: 4.15.0-39.42 ]

  * linux: 4.15.0-39.42 -proposed tracker (LP: #1799411)
  * Linux: insufficient shootdown for paging-structure caches (LP: #1798897)
    - mm: move tlb_table_flush to tlb_flush_mmu_free
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE
    - [Config] CONFIG_HAVE_RCU_TABLE_INVALIDATE=y
  * Ubuntu18.04: GPU total memory is reduced (LP: #1792102)
    - Revert "powerpc/powernv: Increase memory block size to 1GB on radix"
  * arm64: snapdragon: reduce boot noise (LP: #1797154)
    - [Config] arm64: snapdragon: DRM_MSM=m
    - [Config] arm64: snapdragon: SND*=m
    - [Config] arm64: snapdragon: disable ARM_SDE_INTERFACE
    - [Config] arm64: snapdragon: disable DRM_I2C_ADV7511_CEC
    - [Config] arm64: snapdragon: disable VIDEO_ADV7511, VIDEO_COBALT
  * [Bionic] CPPC bug fixes (LP: #1796949)
    - ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id
    - cpufreq: CPPC: Don't set transition_latency
    - ACPI / CPPC: Fix invalid PCC channel status errors
  * regression in 'ip --family bridge neigh' since linux v4.12 (LP: #1796748)
    - rtnetlink: fix rtnl_fdb_dump() for ndmsg header
  * screen displays abnormally on the lenovo M715 with the AMD GPU (Radeon Vega
    8 Mobile, rev ca, 1002:15dd) (LP: #1796786)
    - drm/amd/display: Fix takover from VGA mode
    - drm/amd/display: early return if not in vga mode in disable_vga
    - drm/amd/display: Refine disable VGA
  * arm64: snapdragon: WARNING: CPU: 0 PID: 1 arch/arm64/kernel/setup.c:271
    reserve_memblock_reserved_regions (LP: #1797139)
    - SAUCE: arm64: Fix /proc/iomem for reserved but not memory regions
  * The front MIC can't work on the Lenovo M715 (LP: #1797292)
    - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
  * Keyboard backlight sysfs sometimes is missing on Dell laptops (LP: #1797304)
    - platform/x86: dell-smbios: Correct some style warnings
    - platform/x86: dell-smbios: Rename dell-smbios source to dell-smbios-base
    - platform/x86: dell-smbios: Link all dell-smbios-* modules together
    - [Config] CONFIG_DELL_SMBIOS_SMM=y, CONFIG_DELL_SMBIOS_WMI=y
  * rpi3b+: ethernet not working (LP: #1797406)
    - lan78xx: Don't reset the interface on open
  * 87cdf3148b11 was never backported to 4.15 (LP: #1795653)
    - xfrm: Verify MAC header exists before overwriting eth_hdr(skb)->h_proto
  * [Ubuntu18.04][Power9][DD2.2]package installation segfaults inside debian
    chroot env in P9 KVM guest with HTM enabled (kvm) (LP: #1792501)
    - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
  * Provide mode where all vCPUs on a core must be the same VM (LP: #1792957)
    - KVM: PPC: Book3S HV: Provide mode where all vCPUs on a core must be the same
      VM
  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages
  * CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report
  * CVE-2017-13168
    - scsi: sg: mitigate read/write abuse
  * [Bionic] ACPI / PPTT: use ACPI ID whenever ACPI_PPTT_ACPI_PROCESSOR_ID_VALID
    is set (LP: #1797200)
    - ACPI / PPTT: use ACPI ID whenever ACPI_PPTT_ACPI_PROCESSOR_ID_VALID is set
  * [Bionic] arm64: topology: Avoid checking numa mask for scheduler MC
    selection (LP: #1797202)
    - arm64: topology: Avoid checking numa mask for scheduler MC selection
  * crypto/vmx - Backport of Fix sleep-in-atomic bugs patch for 18.04
    (LP: #1790832)
    - crypto: vmx - Fix sleep-in-atomic bugs
  * hns3: autoneg settings get lost on down/up (LP: #1797654)
    - net: hns3: Fix for information of phydev lost problem when down/up
  * not able to unwind the stack from within __kernel_clock_gettime in the Linux
    vDSO (LP: #1797963)
    - powerpc/vdso: Correct call frame information
  * Signal 7 error when running GPFS tracing in cluster (LP: #1792195)
    - powerpc/mm/books3s: Add new pte bit to mark pte temporarily invalid.
    - powerpc/mm/radix: Only need the Nest MMU workaround for R -> RW transition
  * Support Edge Gateway's WIFI LED (LP: #1798330)
    - SAUCE: mwifiex: Switch WiFi LED state according to the device status
  * Support Edge Gateway's Bluetooth LED (LP: #1798332)
    - SAUCE: Bluetooth: Support for LED on Edge Gateways
  * USB cardreader (0bda:0328) make the system can't enter s3 or hang
    (LP: #1798328)
    - usb: Don't disable Latency tolerance Messaging (LTM) before port reset
  * CVE-2018-15471
    - xen-netback: fix input validation in xenvif_set_hash_mapping()
  * CVE-2018-16658
    - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
  * [Bionic] Update ThunderX2 implementation defined pmu core events
    (LP: #1796904)
    - perf vendor events arm64: Update ThunderX2 implementation defined pmu core
      events
  * the machine of lenovo M715 with the AMD GPU (Radeon Vega 8 Mobile, rev ca,
    1002:15dd) often hangs randomly (LP: #1796789)
    - drm/amd: Add missing fields in atom_integrated_system_info_v1_11
  * [18.04] GLK hang after a while (LP: #1760545)
    - drm/i915/glk: Add MODULE_FIRMWARE for Geminilake
  * Fix usbcore.quirks when used at boot (LP: #1795784)
    - usb: core: safely deal with the dynamic quirk lists

 -- Kleber Sacilotto de Souza <email address hidden> Wed, 24 Oct 2018 16:13:39 +0000

Source diff to previous version
1798897 Linux: insufficient shootdown for paging-structure caches
1792102 Ubuntu18.04: GPU total memory is reduced
1797154 arm64: snapdragon: reduce boot noise
1796949 [Bionic] CPPC bug fixes
1796748 regression in 'ip --family bridge neigh' since linux v4.12
1796786 screen displays abnormally on the lenovo M715 with the AMD GPU (Radeon Vega 8 Mobile, rev ca, 1002:15dd)
1797139 arm64: snapdragon: WARNING: CPU: 0 PID: 1 arch/arm64/kernel/setup.c:271 reserve_memblock_reserved_regions
1797292 The front MIC can't work on the Lenovo M715
1797304 Keyboard backlight sysfs sometimes is missing on Dell laptops
1797406 rpi3b+: ethernet not working
1795653 87cdf3148b11 was never backported to 4.15
1792501 [Ubuntu18.04][Power9][DD2.2]package installation segfaults inside debian chroot env in P9 KVM guest with HTM enabled (kvm)
1792957 Provide mode where all vCPUs on a core must be the same VM
1797314 fscache: bad refcounting in fscache_op_complete leads to OOPS
1797200 [Bionic] ACPI / PPTT: use ACPI ID whenever ACPI_PPTT_ACPI_PROCESSOR_ID_VALID is set
1797202 [Bionic] arm64: topology: Avoid checking numa mask for scheduler MC selection
1790832 crypto/vmx - Backport of Fix sleep-in-atomic bugs patch for 18.04
1797654 hns3: autoneg settings get lost on down/up
1797963 not able to unwind the stack from within __kernel_clock_gettime in the Linux vDSO
1792195 Signal 7 error when running GPFS tracing in cluster
1798330 Support Edge Gateway's WIFI LED
1798332 Support Edge Gateway's Bluetooth LED
1798328 USB cardreader (0bda:0328) make the system can't enter s3 or hang
1796904 [Bionic] Update ThunderX2 implementation defined pmu core events
1796789 the machine of lenovo M715 with the AMD GPU (Radeon Vega 8 Mobile, rev ca, 1002:15dd) often hangs randomly
1760545 [18.04] GLK hang after a while
1795784 Fix usbcore.quirks when used at boot
CVE-2018-9363 HID: Bluetooth: hidp: buffer overflow in hidp_process_report
CVE-2017-13168 An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.
CVE-2018-15471 An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.
CVE-2018-16658 An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by

Version: 4.15.0-36.39~16.04.1 2018-10-01 18:06:44 UTC

  linux-hwe (4.15.0-36.39~16.04.1) xenial; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

linux (4.15.0-35.38) bionic; urgency=medium

  * linux: 4.15.0-35.38 -proposed tracker (LP: #1791719)

  * device hotplug of vfio devices can lead to deadlock in vfio_pci_release
    (LP: #1792099)
    - SAUCE: vfio -- release device lock before userspace requests

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563)
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * CVE-2017-5715 (Spectre v2 s390x)
    - KVM: s390: implement CPU model only facilities
    - s390: detect etoken facility
    - KVM: s390: add etoken support for guests
    - s390/lib: use expoline for all bcr instructions
    - s390: fix br_r1_trampoline for machines without exrl
    - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT

  * Ubuntu18.04.1: cpuidle: powernv: Fix promotion from snooze if next state
    disabled (performance) (LP: #1790602)
    - cpuidle: powernv: Fix promotion from snooze if next state disabled

  * Watchdog CPU:19 Hard LOCKUP when kernel crash was triggered (LP: #1790636)
    - powerpc: hard disable irqs in smp_send_stop loop
    - powerpc: Fix deadlock with multiple calls to smp_send_stop
    - powerpc: smp_send_stop do not offline stopped CPUs
    - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled

  * Security fix: check if IOMMU page is contained in the pinned physical page
    (LP: #1785675)
    - vfio/spapr: Use IOMMU pageshift rather than pagesize
    - KVM: PPC: Check if IOMMU page is contained in the pinned physical page

  * Missing Intel GPU pci-id's (LP: #1789924)
    - drm/i915/kbl: Add KBL GT2 sku
    - drm/i915/whl: Introducing Whiskey Lake platform
    - drm/i915/aml: Introducing Amber Lake platform
    - drm/i915/cfl: Add a new CFL PCI ID.

  * CVE-2018-15572
    - x86/speculation: Protect against userspace-userspace spectreRSB

  * Support Power Management for Thunderbolt Controller (LP: #1789358)
    - thunderbolt: Handle NULL boot ACL entries properly
    - thunderbolt: Notify userspace when boot_acl is changed
    - thunderbolt: Use 64-bit DMA mask if supported by the platform
    - thunderbolt: Do not unnecessarily call ICM get route
    - thunderbolt: No need to take tb->lock in domain suspend/complete
    - thunderbolt: Use correct ICM commands in system suspend
    - thunderbolt: Add support for runtime PM

  * random oopses on s390 systems using NVMe devices (LP: #1790480)
    - s390/pci: fix out of bounds access during irq setup

  * [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support
    for arm64 using SMC firmware call to set a hardware chicken bit
    (LP: #1787993) // CVE-2018-3639 (arm64)
    - arm64: alternatives: Add dynamic patching feature
    - KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
    - KVM: arm64: Avoid storing the vcpu pointer on the stack
    - arm/arm64: smccc: Add SMCCC-specific return codes
    - arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
    - arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
    - arm64: Add ARCH_WORKAROUND_2 probing
    - arm64: Add 'ssbd' command-line option
    - arm64: ssbd: Add global mitigation state accessor
    - arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
    - arm64: ssbd: Restore mitigation status on CPU resume
    - arm64: ssbd: Introduce thread flag to control userspace mitigation
    - arm64: ssbd: Add prctl interface for per-thread mitigation
    - arm64: KVM: Add HYP per-cpu accessors
    - arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
    - arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
    - arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
    - [Config] ARM64_SSBD=y

  * Reconcile hns3 SAUCE patches with upstream (LP: #1787477)
    - Revert "UBUNTU: SAUCE: net: hns3: Optimize PF CMDQ interrupt switching
      process"
    - Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox receiving unknown
      message"
    - Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox cannot receiving PF
      response"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix comments for
      hclge_get_ring_chain_from_mbx"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for using wrong mask and
      shift in hclge_get_ring_chain_from_mbx"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for reset_level default
      assignment probelm"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unnecessary ring
      configuration operation while resetting"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix return value error in
      hns3_reset_notify_down_enet"
    - Revert "UBUNTU: SAUCE: net: hns3: Fix for phy link issue when using marvell
      phy driver"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: separate roce from nic when
      resetting"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: correct reset event status
      register"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: prevent to request reset
      frequently"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: reset net device with rtnl_lock"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: modify the order of initializeing
      command queue register"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: prevent sending command during
      global or core reset"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove the warning when clear
      reset cause"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix get_vector ops in
      hclgevf_main module"

Source diff to previous version
1792099 device hotplug of vfio devices can lead to deadlock in vfio_pci_release
1788563 L1TF mitigation not effective in some CPU and RAM combinations
1790602 Ubuntu18.04.1: cpuidle: powernv: Fix promotion from snooze if next state disabled (performance)
1790636 Watchdog CPU:19 Hard LOCKUP when kernel crash was triggered
1785675 Security fix: check if IOMMU page is contained in the pinned physical page
1789924 Missing Intel GPU pci-id's
1789358 Support Power Management for Thunderbolt Controller
1790480 random oopses on s390 systems using NVMe devices
1787993 [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support for arm64 using SMC firmware call to set a hardware chicken bit
1787477 Reconcile hns3 SAUCE patches with upstream
1790188 Bionic update: upstream stable patchset 2018-08-31
1789666 Bionic update: upstream stable patchset 2018-08-29
1788897 Bionic update: upstream stable patchset 2018-08-24
1787281 errors when scanning partition table of corrupted AIX disk
1789772 tlbie master timeout checkstop (using NVidia/GPU)
1788097 performance drop with ATS enabled
1786878 [Regression] kernel crashdump fails on arm64
1785780 TB 16 issue on Dell Lattitude 7490 with large amount of data
1762385 dell_wmi: Unknown key codes
1773940 Enable AMD PCIe MP2 for AMDI0011
1779817 r8169 no internet after suspending
1789790 Fix Intel Cannon Lake LPSS I2C input clock
1789145 Microphone cannot be detected with front panel audio combo jack on HP Z8-G4 machine
1787945 Tango platform uses __initcall without further checks
1787898 [18.10 FEAT] Add kernel config option \
CVE-2018-14633 A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request f
CVE-2018-17182 An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An
CVE-2018-15594 arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectr
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2018-15572 The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context swi
CVE-2018-3639 Speculative Store Bypass
CVE-2018-6555 The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users
CVE-2018-6554 Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows lo

Version: 4.15.0-34.37~16.04.1 2018-09-10 20:06:33 UTC

  linux-hwe (4.15.0-34.37~16.04.1) xenial; urgency=medium

  * linux-hwe: 4.15.0-34.37~16.04.1 -proposed tracker (LP: #1788760)

  * linux: 4.15.0-34.37 -proposed tracker (LP: #1788744)

  * Bionic update: upstream stable patchset 2018-08-09 (LP: #1786352)
    - MIPS: c-r4k: Fix data corruption related to cache coherence
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - fs: don't scan the inode cache before SB_BORN is set
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - do d_instantiate/unlock_new_inode combinations safely
    - mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
    - arm64: lse: Add early clobbers to some input/output asm operands
    - powerpc/64s: Clear PCR on boot
    - IB/hfi1: Use after free race condition in send context error path
    - IB/umem: Use the correct mm during ib_umem_release
    - idr: fix invalid ptr dereference on item delete
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - mm/kasan: don't vfree() nonexistent vm_area
    - kasan: free allocated shadow memory on MEM_CANCEL_ONLINE
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - KVM: s390: vsie: fix < 8k check for the itdba
    - KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
    - kvm: x86: IA32_ARCH_CAPABILITIES is always supported
    - powerpc/64s: Improve RFI L1-D cache flush fallback
    - powerpc/pseries: Restore default security feature flags on setup
    - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
    - MIPS: generic: Fix machine compatible matching
    - mac80211: mesh: fix wrong mesh TTL offset calculation
    - ARC: Fix malformed ARC_EMUL_UNALIGNED default
    - ptr_ring: prevent integer overflow when calculating size
    - arm64: dts: rockchip: fix rock64 gmac2io stability issues
    - arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire
    - libata: Fix compile warning with ATA_DEBUG enabled
    - selftests: sync: missing CFLAGS while compiling
    - selftest/vDSO: fix O=
    - selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
    - selftests: memfd: add config fragment for fuse
    - ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
    - ARM: OMAP3: Fix prm wake interrupt for resume
    - ARM: OMAP2+: Fix sar_base inititalization for HS omaps
    - ARM: OMAP1: clock: Fix debugfs_create_*() usage
    - tls: retrun the correct IV in getsockopt
    - xhci: workaround for AMD Promontory disabled ports wakeup
    - IB/uverbs: Fix method merging in uverbs_ioctl_merge
    - IB/uverbs: Fix possible oops with duplicate ioctl attributes
    - IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy
    - arm64: dts: rockchip: Fix DWMMC clocks
    - ARM: dts: rockchip: Fix DWMMC clocks
    - iwlwifi: mvm: fix security bug in PN checking
    - iwlwifi: mvm: fix IBSS for devices that support station type API
    - iwlwifi: mvm: always init rs with 20mhz bandwidth rates
    - NFC: llcp: Limit size of SDP URI
    - rxrpc: Work around usercopy check
    - MD: Free bioset when md_run fails
    - md: fix md_write_start() deadlock w/o metadata devices
    - s390/dasd: fix handling of internal requests
    - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos
    - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
    - mac80211: fix a possible leak of station stats
    - mac80211: fix calling sleeping function in atomic context
    - cfg80211: clear wep keys after disconnection
    - mac80211: Do not disconnect on invalid operating class
    - mac80211: Fix sending ADDBA response for an ongoing session
    - gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle
    - gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle
    - md raid10: fix NULL deference in handle_write_completed()
    - drm/exynos: g2d: use monotonic timestamps
    - drm/exynos: fix comparison to bitshift when dealing with a mask
    - drm/meson: fix vsync buffer update
    - arm64: perf: correct PMUVer probing
    - RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails
    - RDMA/bnxt_re: Fix system crash during load/unload
    - net/mlx5e: Return error if prio is specified when offloading eswitch vlan
      push
    - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
    - md: raid5: avoid string overflow warning
    - virtio_net: fix XDP code path in receive_small()
    - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
    - bug.h: work around GCC PR82365 in BUG()
    - selftests/memfd: add run_fuse_test.sh to TEST_FILES
    - seccomp: add a selftest for get_metadata
    - soc: imx: gpc: de-register power domains only if initialized
    - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
    - s390/cio: fix ccw_device_start_timeout API
    - s390/cio: fix return code after missing interrupt
    - s390/cio: clear timer when terminating driver I/O
    - selftests/bpf/test_maps: exit child process without error in ENOMEM case
    - PKCS#7: fix direct verification of SignerInfo signature
    - arm64: dts: cavium: fix PCI bus dtc warnings
    - nfs: system crashes after NFS4ERR_MOVED recovery
    - ARM: OMAP: Fix dmtimer init for omap1
    - smsc75xx: fix smsc75xx_set_feat

Source diff to previous version
1786352 Bionic update: upstream stable patchset 2018-08-09
1785282 arm-smmu-v3 arm-smmu-v3.1.auto: failed to allocate MSIs
1772467 Driver iwlwifi for Intel Wireless-AC 9560 is slow and unreliable in kernel 4.15.0-20-generic
1786981 [Bionic] i2c: xlp9xx: Add SMBAlert support
1786057 qeth: don't clobber buffer on async TX completion
1777338 Linux 4.15.0-23 crashes during the boot process with a \
1787058 ThinkPad systems have no HDMI sound when using the nvidia GPU
1787240 [Bionic] i2c: xlp9xx: Fix case where SSIF read transaction completes early
1787469 [Bionic] integrate upstream fix for Cavium zram driver
1788222 Bugfix for handling of shadow doorbell buffer
1789227 nvme devices namespace assigned to the wrong controller
1739107 linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before walinuxagent.service
1783138 hinic interfaces aren't getting predictable names
1774950 Suspend fails in Ubuntu and Kubuntu 18.04 but works fine in Ubuntu and Kubuntu 17.10 (and on Kubuntu 18.04 using kernel 4.14.47)
1784835 [Bionic] Bluetooth: Support RTL8723D and RTL8821C Devices
1776254 CacheFiles: Error: Overlong wait for old active object to go away.
1776277 fscache cookie refcount updated incorrectly during fscache object allocation
1774336 FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false
1786110 SMB3: Fix regression in server reconnect detection
CVE-2018-1118 Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in t

Version: 4.15.0-33.36~16.04.1 2018-08-23 15:06:35 UTC

  linux-hwe (4.15.0-33.36~16.04.1) xenial; urgency=medium

  * linux-hwe: 4.15.0-33.36~16.04.1 -proposed tracker (LP: #1787163)

  * linux: 4.15.0-33.36 -proposed tracker (LP: #1787149)

  * RTNL assertion failure on ipvlan (LP: #1776927)
    - ipvlan: drop ipv6 dependency
    - ipvlan: use per device spinlock to protect addrs list updates
    - SAUCE: fix warning from "ipvlan: drop ipv6 dependency"

  * ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941)
    - test_bpf: flag tests that cannot be jited on s390

  * HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689)
    - drm/nouveau: fix nouveau_dsm_get_client_id()'s return type
    - drm/radeon: fix radeon_atpx_get_client_id()'s return type
    - drm/amdgpu: fix amdgpu_atpx_get_client_id()'s return type
    - platform/x86: apple-gmux: fix gmux_get_client_id()'s return type
    - ALSA: hda: use PCI_BASE_CLASS_DISPLAY to replace PCI_CLASS_DISPLAY_VGA
    - vga_switcheroo: set audio client id according to bound GPU id

  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets

  * Update2 for ocxl driver (LP: #1781436)
    - ocxl: Fix page fault handler in case of fault on dying process

  * netns: unable to follow an interface that moves to another netns
    (LP: #1774225)
    - net: core: Expose number of link up/down transitions
    - dev: always advertise the new nsid when the netns iface changes
    - dev: advertise the new ifindex when the netns iface changes

  * [Bionic] Disk IO hangs when using BFQ as io scheduler (LP: #1780066)
    - block, bfq: fix occurrences of request finish method's old name
    - block, bfq: remove batches of confusing ifdefs
    - block, bfq: add requeue-request hook

  * HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763)
    - ALSA: hda: add mute led support for HP ProBook 455 G5

  * [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
    (LP: #1781476)
    - i2c: xlp9xx: Fix issue seen when updating receive length
    - i2c: xlp9xx: Make sure the transfer size is not more than
      I2C_SMBUS_BLOCK_SIZE

  * x86/kvm: fix LAPIC timer drift when guest uses periodic mode (LP: #1778486)
    - x86/kvm: fix LAPIC timer drift when guest uses periodic mode

  * Please include ax88179_178a and r8152 modules in d-i udeb (LP: #1771823)
    - [Config:] d-i: Add ax88179_178a and r8152 to nic-modules

  * Nvidia fails after switching its mode (LP: #1778658)
    - PCI: Restore config space on runtime resume despite being unbound

  * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
    - SAUCE: (noup) zfs to 0.7.5-1ubuntu16.3

  * CVE-2018-12232
    - PATCH 1/1] socket: close race condition between sock_close() and
      sockfs_setattr()

  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree

  * change front mic location for more lenovo m7/8/9xx machines (LP: #1781316)
    - ALSA: hda/realtek - Fix the problem of two front mics on more machines
    - ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION

  * Cephfs + fscache: unable to handle kernel NULL pointer dereference at
    0000000000000000 IP: jbd2__journal_start+0x22/0x1f0 (LP: #1783246)
    - ceph: track read contexts in ceph_file_info

  * Touchpad of ThinkPad P52 failed to work with message "lost sync at byte"
    (LP: #1779802)
    - Input: elantech - fix V4 report decoding for module with middle key
    - Input: elantech - enable middle button of touchpads on ThinkPad P52

  * xhci_hcd 0000:00:14.0: Root hub is not suspended (LP: #1779823)
    - usb: xhci: dbc: Fix lockdep warning
    - usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started

  * CVE-2018-13406
    - video: uvesafb: Fix integer overflow in allocation

  * CVE-2018-10840
    - ext4: correctly handle a zero-length xattr with a non-zero e_value_offs

  * CVE-2018-11412
    - ext4: do not allow external inodes for inline data

  * CVE-2018-10881
    - ext4: clear i_data in ext4_inode_info when removing inline data

  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size

  * CVE-2018-12904
    - kvm: nVMX: Enforce cpl=0 for VMX instructions

  * Error parsing PCC subspaces from PCCT (LP: #1528684)
    - mailbox: PCC: erroneous error message when parsing ACPI PCCT

  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp

  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories

  * Invoking obsolete 'firmware_install' target breaks snap build (LP: #1782166)
    - snapcraft.yaml: stop invoking the obsolete (and non-existing)
      'firmware_install' target

  * snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
    (LP: #1782116)
    - snapcraft.yaml: copy retpoline-extract-one to scripts before build

  * Allow Raven Ridge's audio controller to be runtime suspended (LP: #1782540)
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge

  * CVE-2018-11506
    - sr: pass down correctly sized SCSI sense buffer

  * Bionic update: upstream stable patchset 2018-07-24 (LP: #1783418)
    - net: Fix a bug in removing queues from XPS map
    - net/mlx4_core: Fix error handling in mlx4_init_port_info.
    - net/sched: fix refcnt leak in the error path of tcf_vlan_init()
    - net: sched: red: avoid hashing NULL child
    - net/smc: check for missing nlattrs in SMC_PNETID messages
    - net: test tailroom before appending to linear skb
    - packet: in packet_snd start writing at link layer allocation
    - sock_diag: fix use-after-free read in __sk_free
    - tcp: purge write queue in tcp_connect_init()
    - vmxnet3: set the DMA mask before the first DMA map operation
    - vmxnet3: use DMA memory barriers where required
    -

1776927 RTNL assertion failure on ipvlan
1753941 ubuntu_bpf_jit test failed on Bionic s390x systems
1782689 HDMI/DP audio can't work on the laptop of Dell Latitude 5495
1780227 locking sockets broken due to missing AppArmor socket mediation patches
1781436 Update2 for ocxl driver
1774225 netns: unable to follow an interface that moves to another netns
1780066 [Bionic] Disk IO hangs when using BFQ as io scheduler
1781763 HP ProBook 455 G5 needs mute-led-gpio fixup
1781476 [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
1778486 x86/kvm: fix LAPIC timer drift when guest uses periodic mode
1771823 Please include ax88179_178a and r8152 modules in d-i udeb
1778658 Nvidia fails after switching its mode
1781364 Kernel error \
1781316 change front mic location for more lenovo m7/8/9xx machines
1783246 Cephfs + fscache: unable to handle kernel NULL pointer dereference at 0000000000000000 IP: jbd2__journal_start+0x22/0x1f0
1779802 Touchpad of ThinkPad P52 failed to work with message \
1779823 xhci_hcd 0000:00:14.0: Root hub is not suspended
1528684 Error parsing PCC subspaces from PCCT
1779923 other users' coredumps can be read via setgid directory and killpriv bypass
1782166 Invoking obsolete 'firmware_install' target breaks snap build
1782116 snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
1782540 Allow Raven Ridge's audio controller to be runtime suspended
1783418 Bionic update: upstream stable patchset 2018-07-24
1782846 Bionic update: upstream stable patchset 2018-07-20
1780858 Bionic update: upstream stable patchset 2018-07-09
1780499 Bionic update: upstream stable patchset 2018-07-06
1778759 Bionic update: upstream stable patchset 2018-06-26
1778265 Bionic update: upstream stable patchset 2018-06-22
1756700 Ryzen/Raven Ridge USB ports do not work
1776389 [Ubuntu 1804][boston][ixgbe] EEH causes kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/drivers/pci/msi.c:352 (i2S)
1770095 Need fix to aacraid driver to prevent panic
1775391 kernel: Fix arch random implementation
1775390 kernel: Fix memory leak on CCA and EP11 CPRB processing.
1774471 Various fixes for CXL kernel module
1764645 Bluetooth not working
1776491 linux-snapdragon: wcn36xx: mac address generation on boot
1777029 fscache: Fix hanging wait on page discarded by writeback
CVE-2018-12232 In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket f
CVE-2018-10323 The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service
CVE-2018-13406 An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attacker
CVE-2018-10840 Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by
CVE-2018-11412 In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain cir
CVE-2018-10881 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of se
CVE-2018-12233 In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twic
CVE-2018-12904 In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, pot
CVE-2018-13094 An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da
CVE-2018-13405 The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership,
CVE-2018-11506 The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based
CVE-2018-1108 kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the



About   -   Send Feedback to @ubuntu_updates