canonical-hw-cert team mailing list archive
  
  - 
     canonical-hw-cert team canonical-hw-cert team
- 
    Mailing list archive
  
- 
    Message #18432
  
 [Bug 1983978] Re: bionic/linux-snapdragon:	4.15.0-1136.146 -proposed tracker
  
This bug was fixed in the package linux-snapdragon - 4.15.0-1136.146
---------------
linux-snapdragon (4.15.0-1136.146) bionic; urgency=medium
  * bionic/linux-snapdragon: 4.15.0-1136.146 -proposed tracker (LP:
#1983978)
  [ Ubuntu: 4.15.0-192.203 ]
  * bionic/linux: 4.15.0-192.203 -proposed tracker (LP: #1983980)
  * CVE-2021-33656
    - vt: drop old FONT ioctls
  * Bionic update: upstream stable patchset 2022-07-25 (LP: #1982782)
    - binfmt_flat: do not stop relocating GOT entries prematurely on riscv
    - USB: serial: option: add Quectel BG95 modem
    - USB: new quirk for Dell Gen 2 devices
    - ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
    - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
    - btrfs: add "0x" prefix for unsupported optional features
    - btrfs: repair super block num_devices automatically
    - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
    - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
    - b43legacy: Fix assigning negative value to unsigned variable
    - b43: Fix assigning negative value to unsigned variable
    - ipw2x00: Fix potential NULL dereference in libipw_xmit()
    - ACPICA: Avoid cache flush inside virtual machines
    - ALSA: jack: Access input_dev under mutex
    - drm/amd/pm: fix double free in si_parse_power_table()
    - ath9k: fix QCA9561 PA bias level
    - media: venus: hfi: avoid null dereference in deinit
    - media: pci: cx23885: Fix the error handling in cx23885_initdev()
    - media: cx25821: Fix the warning when removing the module
    - scsi: megaraid: Fix error check return value of register_chrdev()
    - drm/amd/pm: fix the compile warning
    - ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
    - ASoC: dapm: Don't fold register value changes into notifications
    - s390/preempt: disable __preempt_count_add() optimization for
      PROFILE_ALL_BRANCHES
    - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
    - ipmi:ssif: Check for NULL msg when handling events and messages
    - rtlwifi: Use pr_warn instead of WARN_ONCE
    - openrisc: start CPU timer early in boot
    - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
    - ASoC: rt5645: Fix errorenous cleanup order
    - net: phy: micrel: Allow probing without .driver_data
    - media: exynos4-is: Fix compile warning
    - rxrpc: Return an error to sendmsg if call failed
    - eth: tg3: silence the GCC 12 array-bounds warning
    - ARM: dts: ox820: align interrupt controller node name with dtschema
    - fs: jfs: fix possible NULL pointer dereference in dbFree()
    - ARM: OMAP1: clock: Fix UART rate reporting algorithm
    - fat: add ratelimit to fat*_ent_bread()
    - ARM: versatile: Add missing of_node_put in dcscb_init
    - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
    - ARM: hisi: Add missing of_node_put after of_find_compatible_node
    - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
    - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
    - powerpc/xics: fix refcount leak in icp_opal_init()
    - macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
    - RDMA/hfi1: Prevent panic when SDMA is disabled
    - drm: fix EDID struct for old ARM OABI format
    - ath9k: fix ar9003_get_eepmisc
    - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
    - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
    - x86/delay: Fix the wrong asm constraint in delay_loop()
    - drm/mediatek: Fix mtk_cec_mask()
    - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
    - NFC: NULL out the dev->rfkill to prevent UAF
    - efi: Add missing prototype for efi_capsule_setup_info
    - HID: hid-led: fix maximum brightness for Dream Cheeky
    - spi: img-spfi: Fix pm_runtime_get_sync() error checking
    - ath9k_htc: fix potential out of bounds access with invalid
      rxstatus->rs_keyix
    - inotify: show inotify mask flags in proc fdinfo
    - fsnotify: fix wrong lockdep annotations
    - x86/pm: Fix false positive kmemleak report in msr_build_context()
    - drm/msm/dsi: fix error checks and return values for DSI xmit functions
    - drm/msm/hdmi: check return value after calling
      platform_get_resource_byname()
    - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
    - x86: Fix return value of __setup handlers
    - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
    - x86/mm: Cleanup the control_va_addr_alignment() __setup handler
    - drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
    - media: uvcvideo: Fix missing check to determine if element is found in list
    - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
    - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
    - media: st-delta: Fix PM disable depth imbalance in delta_probe
    - media: exynos4-is: Change clk_disable to clk_disable_unprepare
    - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
    - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
    - m68k: math-emu: Fix dependencies of math emulation support
    - sctp: read sk->sk_bound_dev_if once in sctp_rcv()
    - ASoC: wm2000: fix missing clk_disable_unprepare() on error in
      wm2000_anc_transition()
    - rxrpc: Fix listen() setting the bar too high for the prealloc rings
    - rxrpc: Don't try to resend the request if we're receiving the reply
    - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
    - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
    - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
    - ARM: dts: bcm2835-rpi-b: Fix GPIO line names
    - mfd: ipaq-micro: Fix error check return value of platform_get_irq()
    - scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
    - pinctrl: mvebu: Fix irq_of_parse_and_map() return value
    - drivers/base/node.c: fix compaction sysfs file leak
    - powerpc/8xx: export 'cpm_setbrg' for modules
    - powerpc/idle: Fix return value of __setup() handler
    - powerpc/4xx/cpm: Fix return value of __setup() handler
    - tty: fix deadlock caused by calling printk() under tty_port->lock
    - Input: sparcspkr - fix refcount leak in bbc_beep_probe
    - powerpc/perf: Fix the threshold compare group constraint for power9
    - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
    - mailbox: forward the hrtimer if not queued and under a lock
    - iommu/mediatek: Add list_del in mtk_iommu_remove
    - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
    - iommu/amd: Increase timeout waiting for GA log enablement
    - perf c2c: Use stdio interface if slang is not supported
    - perf jevents: Fix event syntax error caused by ExtSel
    - wifi: mac80211: fix use-after-free in chanctx code
    - iwlwifi: mvm: fix assert 1F04 upon reconfig
    - fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped
      pages
    - ext4: fix use-after-free in ext4_rename_dir_prepare
    - ext4: fix bug_on in ext4_writepages
    - ext4: verify dir block before splitting it
    - ext4: avoid cycles in directory h-tree
    - dlm: fix plock invalid read
    - dlm: fix missing lkb refcount handling
    - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
    - scsi: dc395x: Fix a missing check on list iterator
    - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
    - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
    - drm/nouveau/clk: Fix an incorrect NULL check on list iterator
    - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
    - md: fix an incorrect NULL check in does_sb_need_changing
    - md: fix an incorrect NULL check in md_reload_sb
    - RDMA/hfi1: Fix potential integer multiplication overflow errors
    - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375,
      A38x, A39x
    - irqchip: irq-xtensa-mx: fix initial IRQ affinity
    - mac80211: upgrade passive scan to active scan on DFS channels after beacon
      rx
    - um: chan_user: Fix winch_tramp() return value
    - um: Fix out-of-bounds read in LDT setup
    - iommu/msm: Fix an incorrect NULL check on list iterator
    - nodemask.h: fix compilation error with GCC12
    - hugetlb: fix huge_pmd_unshare address update
    - rtl818x: Prevent using not initialized queues
    - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
    - carl9170: tx: fix an incorrect use of list iterator
    - gma500: fix an incorrect NULL check on list iterator
    - arm64: dts: qcom: ipq8074: fix the sleep clock frequency
    - phy: qcom-qmp: fix struct clk leak on probe errors
    - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
    - dt-bindings: gpio: altera: correct interrupt-cells
    - phy: qcom-qmp: fix reset-controller leak on probe errors
    - RDMA/rxe: Generate a completion for unsupported/invalid opcode
    - MIPS: IP27: Remove incorrect `cpu_has_fpu' override
    - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
    - staging: greybus: codecs: fix type confusion of list iterator variable
    - tty: goldfish: Use tty_port_destroy() to destroy port
    - usb: usbip: fix a refcount leak in stub_probe()
    - usb: usbip: add missing device lock on tweak configuration cmd
    - USB: storage: karma: fix rio_karma_init return
    - pwm: lp3943: Fix duty calculation in case period was clamped
    - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
    - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
    - soc: rockchip: Fix refcount leak in rockchip_grf_init
    - rtc: mt6397: check return value after calling platform_get_resource()
    - serial: meson: acquire port->lock in startup()
    - serial: digicolor-usart: Don't allow CS5-6
    - serial: txx9: Don't allow CS5-6
    - serial: sh-sci: Don't allow CS5-6
    - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
    - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
    - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
    - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
    - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
    - modpost: fix removing numeric suffixes
    - jffs2: fix memory leak in jffs2_do_fill_super
    - ubi: ubi_create_volume: Fix use-after-free when volume creation failed
    - tcp: tcp_rtx_synack() can be called from process context
    - perf c2c: Fix sorting in percent_rmt_hitm_cmp()
    - mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
    - tracing: Fix sleeping function called from invalid context on RT kernel
    - tracing: Avoid adding tracer option before update_tracer_options
    - i2c: cadence: Increase timeout per message if necessary
    - m68knommu: set ZERO_PAGE() to the allocated zeroed page
    - m68knommu: fix undefined reference to `_init_sp'
    - video: fbdev: pxa3xx-gcu: release the resources correctly in
      pxa3xx_gcu_probe/remove()
    - xprtrdma: treat all calls not a bcall when bc_serv is NULL
    - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
    - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
    - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
    - net: mdio: unexport __init-annotated mdio_bus_init()
    - net: xfrm: unexport __init-annotated xfrm4_protocol_init()
    - net: ipv6: unexport __init-annotated seg6_hmac_init()
    - net: altera: Fix refcount leak in altera_tse_mdio_create
    - drm: imx: fix compiler warning with gcc-12
    - iio: dummy: iio_simple_dummy: check the return value of kstrdup()
    - lkdtm/usercopy: Expand size of "out of frame" object
    - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
    - tty: Fix a possible resource leak in icom_probe
    - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
    - USB: host: isp116x: check return value after calling platform_get_resource()
    - drivers: tty: serial: Fix deadlock in sa1100_set_termios()
    - drivers: usb: host: Fix deadlock in oxu_bus_suspend()
    - USB: hcd-pci: Fully suspend across freeze/thaw cycle
    - usb: dwc2: gadget: don't reset gadget's driver->bus
    - misc: rtsx: set NULL intfdata when probe fails
    - extcon: Modify extcon device to be created after driver data is set
    - clocksource/drivers/sp804: Avoid error on multiple instances
    - staging: rtl8712: fix uninit-value in r871xu_drv_init()
    - serial: msm_serial: disable interrupts in __msm_console_write()
    - kernfs: Separate kernfs_pr_cont_buf and rename_lock.
    - md: protect md_unregister_thread from reentrancy
    - drm/radeon: fix a possible null pointer dereference
    - modpost: fix undefined behavior of is_arm_mapping_symbol()
    - nbd: call genl_unregister_family() first in nbd_cleanup()
    - nbd: fix race between nbd_alloc_config() and module removal
    - nbd: fix io hung while disconnecting device
    - nodemask: Fix return values to be unsigned
    - vringh: Fix loop descriptors check in the indirect cases
    - ALSA: hda/conexant - Fix loopback issue with CX20632
    - cifs: return errors during session setup during reconnects
    - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
    - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
    - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
    - ixgbe: fix bcast packets Rx on VF after promisc removal
    - ixgbe: fix unexpected VLAN Rx in promisc mode on VF
    - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
    - powerpc/32: Fix overread/overwrite of thread_struct via ptrace
    - md/raid0: Ignore RAID0 layout if the second zone has only one device
    - mtd: cfi_cmdset_0002: Move and rename
      chip_check/chip_ready/chip_good_for_write
    - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
    - PCI: qcom: Fix unbalanced PHY init on probe errors
    - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
    - drm/edid: fix invalid EDID extension block filtering
    - drm/bridge: adv7511: clean up CEC adapter when probe fails
    - nl80211: show SSID for P2P_GO interfaces
    - of: overlay: do not break notify on NOTIFY_{OK|STOP}
    - x86/speculation: Add missing prototype for unpriv_ebpf_notify()
    - media: vsp1: Fix offset calculation for plane cropping
    - ext4: reject the 'commit' option on ext2 filesystems
    - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
    - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
    - crypto: marvell/cesa - ECB does not IV
    - dax: fix cache flush on PMD-mapped pages
    - f2fs: fix dereference of stale list iterator after loop body
    - i2c: at91: use dma safe buffers
    - dmaengine: stm32-mdma: remove GISR1 register
    - md: bcache: check the return value of kzalloc() in detached_dev_do_request()
    - usb: musb: Fix missing of_node_put() in omap2430_probe
    - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
    - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
    - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
    - serial: stm32-usart: Correct CSIZE, bits, and parity
    - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
    - nfp: only report pause frame configuration for physical device
    - af_unix: ensure POLLOUT on remote close() for connected dgram socket
    - af_unix: Fix a data-race in unix_dgram_peer_wake_me().
    - ip_gre: test csum_start instead of transport header
    - Upstream stable to v4.14.284, v4.19.248
 -- Zachary Tahenakos <zachary.tahenakos@xxxxxxxxxxxxx>  Mon, 15 Aug
2022 12:36:06 -0400
** Changed in: linux-snapdragon (Ubuntu Bionic)
       Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33656
-- 
You received this bug notification because you are a member of hardware-
certification-users, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1983978
Title:
  bionic/linux-snapdragon: 4.15.0-1136.146 -proposed tracker
Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow boot-testing series:
  Invalid
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow new-review series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-signing-to-proposed series:
  Invalid
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  In Progress
Status in Kernel SRU Workflow regression-testing series:
  Invalid
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow sru-review series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-snapdragon source package in Bionic:
  Fix Released
Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.
  For an explanation of the tasks and the associated workflow see:
    https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
  -- swm properties --
  bugs-spammed: true
  built:
    from: 63a523ca84d29214
    route-entry: 1
  delta:
    promote-to-proposed: [meta, main]
    promote-to-updates: [main, meta]
  flag:
    bugs-spammed: true
    proposed-announcement-sent: true
  issue: KSRU-4702
  kernel-stable-master-bug: 1983980
  packages:
    main: linux-snapdragon
    meta: linux-meta-snapdragon
  phase: Promote to Updates
  phase-changed: Wednesday, 31. August 2022 08:17 UTC
  proposed-announcement-sent: true
  reason:
    promote-to-updates: Ongoing -- packages not yet published
  synthetic:
    :promote-to-as-proposed: Fix Released
  trackers:
    bionic/linux-snapdragon/dragonboard-kernel: bug 1983977
  variant: debs
  versions:
    main: 4.15.0-1136.146
    meta: 4.15.0.1136.137
  ~~:
    clamps:
      new-review: 63a523ca84d29214
      promote-to-proposed: 63a523ca84d29214
      self: 4.15.0-1136.146
      sru-review: 63a523ca84d29214
To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1983978/+subscriptions