Bug 52549 - linux: Multiple issues (4.4)
linux: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P3 normal (vote)
: UCS 4.4-7-errata
Assigned To: Quality Assurance
Erik Damrose
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-01-06 11:07 CET by Quality Assurance
Modified: 2021-01-13 17:20 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) NVD RedHat


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2021-01-06 11:07:44 CET
New Debian linux 4.9.246-2 fixes:
This update addresses the following issues:
* In create_pinctrl of core.c, there is a possible out of bounds read due to  a use after free. This could lead to local information disclosure with no  additional execution privileges needed. User interaction is not needed for  exploitation.Product: AndroidVersions: Android kernelAndroid ID:  A-140550171 (CVE-2020-0427)
* Insufficient access control vulnerability in PowerCap Framework  (CVE-2020-8694)
* performance counters race condition use-after-free (CVE-2020-14351)
* Geneve/IPsec traffic may be unencrypted between two Geneve endpoints  (CVE-2020-25645)
* use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)
* race condition in fg_console can lead to use-after-free in con_font_op  (CVE-2020-25668)
* use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c  (CVE-2020-25669)
* perf_event_parse_addr_filter memory (CVE-2020-25704)
* ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)
* xen: guest OS users can cause a DoS via a high rate of events to dom0  (XSA-332) (CVE-2020-27673)
* xen: race condition in event-channel removal during the event-handling loop  (XSA-331) (CVE-2020-27675)
* slab-out-of-bounds read in fbcon (CVE-2020-28974)
Comment 1 Quality Assurance univentionstaff 2021-01-06 12:00:40 CET
--- mirror/ftp/4.4/unmaintained/4.4-7/source/linux_4.9.240-2.dsc
+++ apt/ucs_4.4-0-errata4.4-7/source/linux_4.9.246-2.dsc
@@ -1,3 +1,369 @@
+4.9.246-2 [Thu, 17 Dec 2020 13:51:31 +0100] Ben Hutchings <benh@debian.org>:
+
+  * [arm64] Fix FTBFS after Xen netback fix:
+    - arm64: Remove redundant mov from LL/SC cmpxchg
+    - arm64: Avoid redundant type conversions in xchg() and cmpxchg()
+    - arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint
+    - arm64: Use correct ll/sc atomic constraints
+
+4.9.246-1 [Wed, 16 Dec 2020 23:26:40 +0100] Ben Hutchings <benh@debian.org>:
+
+  * New upstream stable update:
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.241
+    - tipc: fix the skb_unshare() in tipc_buf_append()
+    - net/ipv4: always honour route mtu during forwarding
+    - r8169: fix data corruption issue on RTL8402
+    - ALSA: bebob: potential info leak in hwdep_read()
+    - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
+    - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling
+      ether_setup
+    - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in
+      nfc_genl_fw_download()
+    - tcp: fix to update snd_wl1 in bulk receiver fast path
+    - icmp: randomize the global rate limiter (CVE-2020-25705)
+    - cifs: remove bogus debug code
+    - [x86] KVM: x86/mmu: Commit zap of remaining invalid pages when recovering
+      lpages
+    - ima: Don't ignore errors from crypto_shash_update()
+    - crypto: algif_aead - Do not set MAY_BACKLOG on the async path
+    - [x86] EDAC/i5100: Fix error handling order in i5100_init_one()
+    - [armhf] media: Revert "media: exynos4-is: Add missed check for
+      pinctrl_lookup_state()"
+    - [armhf] media: omap3isp: Fix memleak in isp_probe
+    - [armhf] crypto: omap-sham - fix digcnt register handling with export/
+      import
+    - [armhf] media: ti-vpe: Fix a missing check and reference count leak
+    - regulator: resolve supply after creating regulator
+    - ath10k: provide survey info as accumulated data
+    - ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
+    - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
+    - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
+    - [arm64] ASoC: qcom: lpass-platform: fix memory leak
+    - mwifiex: Do not use GFP_KERNEL in atomic context
+    - [x86] drm/gma500: fix error check
+    - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
+    - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
+    - [x86] VMCI: check return value of get_user_pages_fast() for errors
+    - tty: serial: earlycon dependency
+    - pty: do tty_flip_buffer_push without port->lock in pty_write
+    - [x86] video: fbdev: vga16fb: fix setting of pixclock because a pass-by-
+      value error
+    - video: fbdev: sis: fix null ptr dereference
+    - HID: roccat: add bounds checking in kone_sysfs_write_settings()
+    - ath6kl: wmi: prevent a shift wrapping bug in
+      ath6kl_wmi_delete_pstream_cmd()
+    - [amd64] misc: mic: scif: Fix error handling path
+    - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
+    - quota: clear padding in v2r1_mem2diskdqb()
+    - net: enic: Cure the enic api locking trainwreck
+    - iwlwifi: mvm: split a print to avoid a WARNING in ROC
+    - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above.
+    - nl80211: fix non-split wiphy information
+    - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
+    - mwifiex: fix double free
+    - IB/mlx4: Fix starvation in paravirt mux/demux
+    - IB/mlx4: Adjust delayed work when a dup is observed
+    - mtd: lpddr: fix excessive stack usage with clang
+    - mtd: mtdoops: Don't write panic data twice
+    - [armel,armhf] 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using
+      DT values
+    - RDMA/qedr: Fix use of uninitialized field
+    - [x86] perf intel-pt: Fix "context_switch event has no tid" error
+    - [arm64] RDMA/hns: Set the unsupported wr opcode
+    - overflow: Include header file with SIZE_MAX declaration
+    - IB/rdmavt: Fix sizeof mismatch
+    - rapidio: fix error handling path
+    - rapidio: fix the missed put_device() for rio_mport_add_riodev
+    - [arm64,armhf] clk: bcm2835: add missing release if devm_clk_hw_register
+      fails
+    - vfio/pci: Clear token on bypass registration failure
+    - [armhf] Input: omap4-keypad - fix handling of platform_get_irq() error
+    - [armhf] Input: twl4030_keypad - fix handling of platform_get_irq() error
+    - [armhf] Input: sun4i-ps2 - fix handling of platform_get_irq() error
+    - [x86] KVM: x86: emulating RDPID failure shall return #UD rather than #GP
+    - [arm64] dts: qcom: msm8916: Fix MDP/DSI interrupts
+    - [arm64] dts: zynqmp: Remove additional compatible string for i2c IPs
+    - nvmet: fix uninitialized work for zero kato
+    - [x86] crypto: ccp - fix error handling
+    - media: firewire: fix memory leak
+    - media: ati_remote: sanity check for both endpoints
+    - [armhf] media: exynos4-is: Fix several reference count leaks due to
+      pm_runtime_get_sync
+    - [armhf] media: exynos4-is: Fix a reference count leak due to
+      pm_runtime_get_sync
+    - [armhf] media: exynos4-is: Fix a reference count leak
+    - media: media/pci: prevent memory leak in bttv_probe
+    - media: uvcvideo: Ensure all probed info is returned to v4l2
+    - mmc: sdio: Check for CISTPL_VERS_1 buffer size
+    - media: saa7134: avoid a shift overflow
+    - fs: dlm: fix configfs memory leak
+    - ntfs: add check for mft record size in superblock
+    - PM: hibernate: remove the bogus call to get_gendisk() in
+      software_resume()
+    - scsi: mvumi: Fix error return in mvumi_io_attach()
+    - scsi: target: core: Add CONTROL field for trace events
+    - [amd64] mic: vop: copy data to kernel space then write to io memory
+    - [amd64] misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
+    - usb: gadget: function: printer: fix use-after-free in __lock_acquire
+    - udf: Limit sparing table size
+    - udf: Avoid accessing uninitialized data on failed inode read
+    - USB: cdc-acm: handle broken union descriptors
+    - ath9k: hif_usb: fix race condition between usb_get_urb() and
+      usb_kill_anchored_urbs()
+    - misc: rtsx: Fix memory leak in rtsx_pci_probe
+    - reiserfs: only call unlock_new_inode() if I_NEW
+    - xfs: make sure the rt allocator doesn't run off the end
+    - usb: ohci: Default to per-port over-current protection
+    - Bluetooth: Only mark socket zapped after unlocking
+    - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
+    - rtl8xxxu: prevent potential memory leak
+    - Fix use after free in get_capset_info callback.
+    - tty: ipwireless: fix error handling
+    - ipvs: Fix uninit-value in do_ip_vs_set_ctl()
+    - reiserfs: Fix memory leak in reiserfs_parse_options()
+    - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
+    - usb: core: Solve race condition in anchor cleanup functions
+    - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
+    - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
+    - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
+    - eeprom: at25: set minimum read/write access stride to 1
+    - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets.
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.242
+    - SUNRPC: ECONNREFUSED should cause a rebind.
+    - efivarfs: Replace invalid slashes with exclamation marks in dentries.
+    - tipc: fix memory leak caused by tipc_buf_append()
+    - [x86] arch/x86/amd/ibs: Fix re-arming IBS Fetch
+    - fuse: fix page dereference after free
+    - p54: avoid accessing the data mapped to streaming DMA
+    - mtd: lpddr: Fix bad logic in print_drs_error
+    - fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
+    - fscrypto: move ioctl processing more fully into common code
+    - fscrypt: use EEXIST when file already uses different policy
+    - f2fs: add trace exit in exception path
+    - f2fs: fix to check segment boundary during SIT page readahead
+    - um: change sigio_spinlock to a mutex
+    - [armel,armhf] 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
+    - xfs: fix realtime bitmap/summary file truncation when growing rt volume
+    - ath10k: fix VHT NSS calculation when STBC is enabled
+    - media: tw5864: check status of tw5864_frameinterval_get
+    - mmc: via-sdmmc: Fix data race bug
+    - USB: adutux: fix debugging
+    - [arm64] mm: return cpu_all_mask when node is NUMA_NO_NODE
+    - drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
+    - md/bitmap: md_bitmap_get_counter returns wrong blocks
+    - [armhf] clk: ti: clockdomain: fix static checker warning
+    - net: 9p: initialize sun_server.sun_path to have addr's value only when
+      addr is valid
+    - ext4: Detect already used quota file early
+    - gfs2: add validation checks for size of superblock
+    - [armhf] memory: emif: Remove bogus debugfs error handling
+    - md/raid5: fix oops during stripe resizing
+    - [x86] perf/x86/amd/ibs: Don't include randomized bits in
+      get_ibs_op_count()
+    - [x86] perf/x86/amd/ibs: Fix raw sample data accumulation
+    - fs: Don't invalidate page buffers in block_write_full_page()
+    - NFS: fix nfs_path in case of a rename retry
+    - ACPI / extlog: Check for RDMSR failure
+    - ACPI: video: use ACPI backlight for HP 635 Notebook
+    - ACPI: debug: don't allow debugging when ACPI is disabled
+    - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
+    - scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
+    - btrfs: reschedule if necessary when logging directory items
+    - btrfs: cleanup cow block on error
+    - btrfs: fix use-after-free on readahead extent after failure to create it
+    - [arm64,armhf] usb: dwc3: core: add phy cleanup for probe error handling
+    - [arm64,armhf] usb: dwc3: core: don't trigger runtime pm when remove
+      driver
+    - vt: keyboard, simplify vt_kdgkbsent
+    - vt: keyboard, extend func_buf_lock to readers (CVE-2020-25656)
+    - ubifs: dent: Fix some potential memory leaks while iterating entries
+    - ubi: check kthread_should_stop() after the setting of task state
+    - ceph: promote to unsigned long long before shifting
+    - libceph: clear con->out_msg on Policy::stateful_server faults
+    - 9P: Cast to loff_t before multiplying
+    - ring-buffer: Return 0 on success from ring_buffer_resize()
+    - vringh: fix __vringh_iov() when riov and wiov are different
+    - tty: make FONTX ioctl use the tty pointer they were actually passed
+      (CVE-2020-25668)
+    - cachefiles: Handle readpage error correctly
+    - device property: Keep secondary firmware node secondary by type
+    - device property: Don't clear secondary pointer for shared primary
+      firmware node
+    - [arm64] KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
+    - [x86] staging: comedi: cb_pcidas: Allow 2-channel commands for AO
+      subdevice
+    - tipc: fix use-after-free in tipc_bcast_get_mode
+    - ALSA: usb-audio: Add implicit feedback quirk for Qu-16
+    - kthread_worker: prevent queuing delayed work from timer_fn when it is
+      being canceled
+    - ftrace: Fix recursion check for NMI test
+    - ftrace: Handle tracing when switching between context
+    - tracing: Fix out of bounds write in get_trace_buf
+    - [armhf] dts: sun4i-a10: fix cpu_alert temperature
+    - [x86] kexec: Use up-to-dated screen_info copy to fill boot params
+    - of: Fix reserved-memory overlap detection
+    - scsi: core: Don't start concurrent async scan on same host
+    - vsock: use ns_capable_noaudit() on socket create
+    - ACPI: NFIT: Fix comparison to '-ENXIO'
+    - vt: Disable KD_FONT_OP_COPY (CVE-2020-28974)
+    - fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
+    - USB: serial: cyberjack: fix write-URB completion race
+    - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
+    - USB: serial: option: add Telit FN980 composition 0x1055
+    - USB: Add NO_LPM quirk for Kingston flash drive
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.243
+    - powercap: restrict energy meter to root access (CVE-2020-8694)
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.244
+    - regulator: defer probe when trying to get voltage from unresolved supply
+    - ring-buffer: Fix recursion protection transitions between interrupt
+      context
+    - gfs2: Wake up when sd_glock_disposal becomes zero
+    - mm: mempolicy: fix potential pte_unmap_unlock pte error
+    - time: Prevent undefined behaviour in timespec64_to_ns()
+    - btrfs: reschedule when cloning lots of extents
+    - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
+    - net: xfrm: fix a race condition during allocing spi
+    - perf tools: Add missing swap for ino_generation
+    - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
+    - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ
+      context
+    - can: dev: __can_get_echo_skb(): fix real payload length return value for
+      RTR frames
+    - can: can_create_echo_skb(): fix echo skb generation: always use
+      skb_clone()
+    - can: peak_usb: add range checking in decode operations
+    - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
+    - xfs: flush new eof page on truncate to avoid post-eof corruption
+    - Btrfs: fix missing error return if writeback for extent buffer never
+      started
+    - pinctrl: devicetree: Avoid taking direct reference to device name string
+      (CVE-2020-0427)
+    - i40e: Fix a potential NULL pointer dereference
+    - i40e: add num_vectors checker in iwarp handler
+    - i40e: Wrong truncation from u16 to u8
+    - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
+    - i40e: Memory leak in i40e_config_iwarp_qvlist
+    - geneve: add transport ports in route lookup for geneve (CVE-2020-25645)
+    - ath9k_htc: Use appropriate rs_datalen type
+    - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
+    - gfs2: check for live vs. read-only file system in gfs2_fitrim
+    - scsi: hpsa: Fix memory leak in hpsa_init_one()
+    - drm/amdgpu: perform srbm soft reset always on SDMA resume
+    - mac80211: fix use of skb payload instead of header
+    - cfg80211: regulatory: Fix inconsistent format argument
+    - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
+    - [amd64] iommu/amd: Increase interrupt remapping table limit to 512 entries
+    - xfs: fix flags argument to rmap lookup when converting shared file rmaps
+    - xfs: fix rmap key and record comparison functions
+    - xfs: fix a missing unlock on error in xfs_fs_map_blocks
+    - of/address: Fix of_node memory leak in of_dma_is_coherent
+    - [i386] cosa: Add missing kfree in error path of cosa_write
+    - perf: Fix get_recursion_context()
+    - ext4: correctly report "not supported" for {usr,grp}jquota when
+      !CONFIG_QUOTA
+    - ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
+    - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
+    - [x86] mei: protect mei_cl_mtu from null dereference
+    - ocfs2: initialize ip_next_orphan
+    - don't dump the threads that had been already exiting when zapped.
+    - [x86] drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
+    - [x86] pinctrl: amd: use higher precision for 512 RtcClk
+    - [x86] pinctrl: amd: fix incorrect way to disable debounce filter
+    - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
+    - IPv6: Set SIT tunnel hard_header_len to zero
+    - net/x25: Fix null-ptr-deref in x25_connect
+    - net: Update window_clamp if SOCK_RCVBUF is set
+    - random32: make prandom_u32() output unpredictable
+    - [x86] speculation: Allow IBPB to be conditionally enabled on CPUs with
+      always-on STIBP
+    - perf/core: Fix bad use of igrab()
+    - perf/core: Fix crash when using HW tracing kernel filters
+    - perf/core: Fix a memory leak in perf_event_parse_addr_filter()
+      (CVE-2020-25704)
+    - xen/events: avoid removing an event channel while handling it
+      (CVE-2020-27675)
+    - xen/events: Fix potential DoS of dom0 by rogue guests (CVE-2020-27673):
+      + xen/events: add a proper barrier to 2-level uevent unmasking
+      + xen/events: fix race in evtchn_fifo_unmask()
+      + xen/events: add a new "late EOI" evtchn framework
+      + xen/blkback: use lateeoi irq binding
+      + xen/netback: use lateeoi irq binding
+      + xen/scsiback: use lateeoi irq binding
+      + xen/pciback: use lateeoi irq binding
+      + xen/events: switch user event channels to lateeoi model
+      + xen/events: use a common cpu hotplug hook for event channels
+      + xen/events: defer eoi in case of excessive number of events
+      + xen/events: block rogue events for some time
+    - perf/core: Fix race in the perf_mmap_close() function (CVE-2020-14351)
+    - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
+    - reboot: fix overflow parsing reboot cpu number
+    - ext4: fix leaking sysfs kobject after failed mount
+    - Convert trailing spaces and periods in path components
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.245
+    - [armhf] i2c: imx: use clk notifier for rate changes
+    - [armhf] i2c: imx: Fix external abort on interrupt in exit paths
+    - [armhf] i2c: mux: pca954x: Add missing pca9546 definition to chip_desc
+    - [x86] Input: sunkbd - avoid use-after-free in teardown paths
+      (CVE-2020-25669)
+    - mac80211: always wind down STA state
+    - [x86] KVM: x86: clflushopt should be treated as a no-op by emulation
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.246
+    - ah6: fix error return code in ah6_input()
+    - atm: nicstar: Unmap DMA on send error
+    - bnxt_en: read EEPROM A2h address using page 0
+    - devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill()
+    - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill()
+    - net: b44: fix error return code in b44_init_one()
+    - net: bridge: add missing counters to ndo_get_stats64 callback
+    - net: Have netpoll bring-up DSA management interface
+    - netlabel: fix our progress tracking in netlbl_unlabel_staticlist()
+    - netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist()
+    - net/mlx4_core: Fix init_hca fields offset
+    - net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request
+    - qlcnic: fix error return code in qlcnic_83xx_restart_hw()
+    - sctp: change to hold/put transport for proto_unreach_timer
+    - net: usb: qmi_wwan: Set DTR quirk for MR400
+    - tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate
+    - [armhf] pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
+    - [arm64] psci: Avoid printing in cpu_psci_cpu_die()
+    - vfs: remove lockdep bogosity in __sb_start_write
+    - [armhf] dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy
+    - [armhf] dts: imx50-evk: Fix the chip select 1 IOMUX
+    - perf lock: Don't free "lock_seq_stat" if read_count isn't zero
+    - can: dev: can_restart(): post buffer from the right context
+    - can: peak_usb: fix potential integer overflow on shift of a int
+    - [armhf] regulator: ti-abb: Fix array out of bound read access on the
+      first transition
+    - xfs: revert "xfs: fix rmap key and record comparison functions"
+    - libfs: fix error cast of negative value in simple_attr_write()
+    - ALSA: ctl: fix error path at adding user-defined element set
+    - ALSA: mixart: Fix mutex deadlock
+    - tty: serial: imx: keep console clocks always on
+    - ext4: fix bogus warning in ext4_update_dx_flag()
+    - [x86] iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type
+      enum
+    - regulator: fix memory leak with repeated set_machine_constraints()
+    - mac80211: minstrel: remove deferred sampling code
+    - mac80211: minstrel: fix tx status processing corner case
+    - mac80211: free sta in sta_info_insert_finish() on errors
+    - [x86] microcode/intel: Check patch signature before saving microcode for
+      early loading
+
+  [ Ben Hutchings ]
+  * fscrypto: Ignore ABI changes
+  * xen/events: Ignore ABI changes
+  * efivarfs: revert "fix memory leak in efivarfs_create()" (regression in
+    4.9.246)
+  * [x86] speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
+    (regressions in 4.9.228, 4.9.244)
+  * regulator: avoid resolve_supply() infinite recursion (regression in
+    4.9.241)
+  * regulator: workaround self-referent regulators (regression in 4.9.241)
+  * bonding: wait for sysfs kobject destruction before freeing struct slave
+    (regression in 4.9.226)
+  * [x86] iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (regression in
+    4.9.244)
+
 4.9.240-2 [Fri, 30 Oct 2020 18:26:41 +0000] Ben Hutchings <benh@debian.org>:
 
   * xen/events: don't use chip_data for legacy IRQs (Closes: #973417)

<http://10.200.17.11/4.4-7/#1279507831696507503>
Comment 2 Erik Damrose univentionstaff 2021-01-06 16:16:38 CET
univention-kernel-image-signed Version: 5.0.0-14A~4.4.0.202101061603
c4682480d7 yaml
Comment 3 Erik Damrose univentionstaff 2021-01-08 09:54:23 CET
Fixed signing with 266e7f77 univention-kernel-image-signed 5.0.0-15A~4.4.0.202101071237

OK: amd64 @ kvm + SeaBIOS
OK: amd64 @ kvm + OVMF + SB
OK: cat /sys/kernel/security/securelevel ; echo
OK: i386 @ kvm
OK: uname -a
OK: dmesg -H
OK ./linux-dmesg-norm -a
OK: YAML

Verified