Bug 54260 - linux: Multiple issues (4.4)
linux: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P3 normal (vote)
: UCS 4.4-8-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-12-20 08:21 CET by Quality Assurance
Modified: 2021-12-22 13:50 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 8.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2021-12-20 08:21:12 CET
New Debian linux 4.9.290-1 fixes:
This update addresses the following issues:
* ath9k: information disclosure via specifically timed and handcrafted  traffic (CVE-2020-3702)
* DCCP CCID structure use-after-free may lead to DoS or code execution  (CVE-2020-16119)
* Use After Free in unix_gc() which could result in a local privilege  escalation (CVE-2021-0920)
* joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)
* SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)
* missing size validations on inbound SCTP packets (CVE-2021-3655)
* DoS in rb_per_cpu_empty() (CVE-2021-3679)
* overlayfs: Mounting overlayfs inside an unprivileged user namespace can  reveal files (CVE-2021-3732)
* a race out-of-bound read in vt (CVE-2021-3753)
* nfc: Use-After-Free vulnerability of ndev->rf_conn_info object  (CVE-2021-3760)
* timer tree corruption leads to missing wakeup and system freeze  (CVE-2021-20317)
* In Overlayfs missing a check for a negative dentry before calling  vfs_rename() (CVE-2021-20321)
* new DNS Cache Poisoning Attack based on ICMP fragment needed packets  replies (CVE-2021-20322)
* Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks  (CVE-2021-22543)
* use-after-free in hso_free_net_device() in drivers/net/usb/hso.c  (CVE-2021-37159)
* data corruption or loss can be triggered by an untrusted device that  supplies a buf->len value exceeding the buffer size in  drivers/char/virtio_console.c (CVE-2021-38160)
* arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions  of a shadow page (CVE-2021-38198)
* incorrect connection-setup ordering allows operators of remote NFSv4  servers to cause a DoS (CVE-2021-38199)
* use-after-free and panic in drivers/usb/host/max3421-hcd.c by removing a  MAX-3421 USB device in certain situations (CVE-2021-38204)
* drivers/net/ethernet/xilinx/xilinx_emaclite.c prints the real IOMEM pointer  (CVE-2021-38205)
* race condition was discovered in ext4_write_inline_data_end in  fs/ext4/inline.c in the ext4 subsystem (CVE-2021-40490)
* eBPF multiplication integer overflow in prealloc_elems_and_freelist() in  kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864)
* slab out-of-bounds write in decode_data() in drivers/net/hamradio/6pack.c  (CVE-2021-42008)
* Heap buffer overflow in firedtv driver (CVE-2021-42739)
* an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c  (CVE-2021-43389)
Comment 1 Quality Assurance univentionstaff 2021-12-20 09:02:21 CET
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/linux_4.9.272-2A~4.4.0.202107271455.dsc
+++ apt/ucs_4.4-0-errata4.4-8/source/linux_4.9.290-1.dsc
@@ -1,8 +1,763 @@
-4.9.272-2A~4.4.0.202107271455 [Tue, 27 Jul 2021 14:55:52 +0200] Univention builddaemon <buildd@univention.de>:
+4.9.290-1 [Sun, 12 Dec 2021 22:40:16 +0100] Ben Hutchings <benh@debian.org>:
 
-  * UCS auto build. The following patches have been applied to the original source package
-    0000-do-not-abort-on-gentrol.py
-    0001-i40e-Be-much-more-verbose-about-what-we-can-and-cann
+  * New upstream stable update:
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.273
+    - net/nfc/rawsock.c: fix a permission check bug
+    - bonding: init notify_work earlier to avoid uninitialized use
+    - netlink: disable IRQs for netlink_lock_table()
+    - net: mdiobus: get rid of a BUG_ON()
+    - cgroup: disable controllers at parse time
+    - wq: handle VM suspension in stall detection
+    - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock
+    - [x86] scsi: vmw_pvscsi: Set correct residual data length
+    - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
+    - [arm64] net: macb: ensure the device is available before accessing GEMGXL
+      control registers
+    - bnx2x: Fix missing error code in bnx2x_iov_init_one()
+    - drm: Lock pointer access in drm_master_release()
+    - kvm: avoid speculation-based attacks from out-of-range memslot accesses
+    - btrfs: return value from btrfs_mark_extent_written() in case of error
+    - cgroup1: don't allow '\n' in renaming
+    - USB: f_ncm: ncm_bitrate (speed) is unsigned
+    - [arm64,armhf] usb: dwc3: ep0: fix NULL pointer exception
+    - USB: serial: ftdi_sio: add NovaTech OrionMX product ID
+    - USB: serial: omninet: add device id for Zyxel Omni 56K Plus
+    - USB: serial: quatech2: fix control-request directions
+    - usb: gadget: eem: fix wrong eem header operation
+    - usb: fix various gadgets null ptr deref on 10gbps cabling.
+    - usb: fix various gadget panics on 10gbps cabling
+    - perf: Fix data race between pin_count increment/decrement
+    - NFS: Fix a potential NULL dereference in nfs_get_client()
+    - perf session: Correct buffer copying when peeking events
+    - kvm: fix previous commit for 32-bit builds
+    - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error.
+    - scsi: core: Fix error handling of scsi_host_alloc()
+    - scsi: core: Only put parent device if host state differs from
+      SHOST_CREATED
+    - ftrace: Do not blindly read the ip address in ftrace_bug()
+    - tracing: Correct the length check which causes memory corruption
+    - proc: only require mm_struct for writing
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.274
+    - net: ieee802154: fix null deref in parse dev addr
+    - HID: hid-sensor-hub: Return error for hid_set_field() failure
+    - HID: Add BUS_VIRTUAL to hid_connect logging
+    - HID: usbhid: fix info leak in hid_submit_ctrl
+    - gfs2: Fix use-after-free in gfs2_glock_shrink_scan
+    - scsi: target: core: Fix warning on realtime kernels
+    - ethernet: myri10ge: Fix missing error code in myri10ge_probe()
+    - rtnetlink: Fix missing error code in rtnl_bridge_notify()
+    - net/x25: Return the correct errno code
+    - net: Return the correct errno code
+    - fib: Return the correct errno code
+    - mm: hwpoison: change PageHWPoison behavior on hugetlb pages
+    - batman-adv: Avoid WARN_ON timing related checks
+    - net: ipv4: fix memory leak in netlbl_cipsov4_add_std
+    - net: rds: fix memory leak in rds_recvmsg
+    - udp: fix race between close() and udp_abort()
+    - rtnetlink: Fix regression in bridge VLAN configuration
+    - netfilter: synproxy: Fix out of bounds when parsing TCP options
+    - alx: Fix an error handling path in 'alx_probe()'
+    - [arm64,armhf] net: stmmac: dwmac1000: Fix extended MAC address registers
+      definition
+    - qlcnic: Fix an error handling path in 'qlcnic_probe()'
+    - netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
+    - net: cdc_ncm: switch to eth%d interface naming
+    - net: usb: fix possible use-after-free in smsc75xx_bind
+    - net: ipv4: fix memory leak in ip_mc_add1_src
+    - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
+    - be2net: Fix an error handling path in 'be_probe()'
+    - net: hamradio: fix memory leak in mkiss_close
+    - net: cdc_eem: fix tx fixup skb leak
+    - scsi: core: Put .shost_dev in failure path if host state changes to
+      RUNNING
+    - radeon: use memcpy_to/fromio for UVD fw upload
+    - tracing: Do no increment trace_clock_global() by one
+    - PCI: Mark some NVIDIA GPUs to avoid bus reset
+    - [armhf] dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
+    - can: bcm/raw/isotp: use per module netdevice notifier
+    - [arm64,armhf] usb: dwc3: core: fix kernel panic when do reboot
+    - tracing: Do not stop recording cmdlines when tracing is off
+    - tracing: Do not stop recording comms if the trace file is being read
+    - [x86] fpu: Reset state for all signal restore failures
+    - inet: use bigger hash table for IP ID generation
+    - i40e: Be much more verbose about what we can and cannot offload
+    - [arm64] perf: Disable PMU while processing counter overflows
+    - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
+    - mac80211: remove warning in ieee80211_get_sband()
+    - cfg80211: call cfg80211_leave_ocb when switching away from OCB
+    - mac80211: drop multicast fragments
+    - ping: Check return value of function 'ping_queue_rcv_skb'
+    - inet: annotate date races around sk->sk_txhash
+    - net: caif: fix memory leak in ldisc_open
+    - net/packet: annotate accesses to po->bind
+    - net/packet: annotate accesses to po->ifindex
+    - net: qed: Fix memcpy() overflow of qed_dcbx_params()
+    - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
+    - i2c: robotfuzz-osif: fix control-request directions
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.275
+    - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split
+    - mm, futex: fix shared futex pgoff on shmem huge page
+    - scsi: sr: Return appropriate error code when disk is ejected
+    - drm/nouveau: fix dma_address check for CPU/GPU sync
+    - kthread_worker: split code for canceling the delayed work timer
+    - kthread: prevent deadlock when kthread_mod_delayed_work() races with
+      kthread_cancel_delayed_work_sync()
+    - xen/events: reset active flag for lateeoi events later
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.276
+    - ALSA: usb-audio: fix rate on Ozone Z90 USB headset
+    - media: dvb-usb: fix wrong definition
+    - Input: usbtouchscreen - fix control-request directions
+    - net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
+    - usb: gadget: eem: fix echo command packet response issue
+    - USB: cdc-acm: blacklist Heimann USB Appset device
+    - ntfs: fix validity check for file name attribute
+    - iov_iter_fault_in_readable() should do nothing in xarray case
+    - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
+      (CVE-2021-3612)
+    - btrfs: clear defrag status of a root if starting transaction fails
+    - ext4: fix kernel infoleak via ext4_extent_header
+    - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
+    - ext4: remove check for zero nr_to_scan in ext4_es_scan()
+    - ext4: fix avefreec in find_group_orlov
+    - SUNRPC: Fix the batch tasks count wraparound.
+    - SUNRPC: Should wake up the privileged task firstly.
+    - [x86] serial_cs: Add Option International GSM-Ready 56K/ISDN modem
+    - [x86] serial_cs: remove wrong GLOBETROTTER.cis entry
+    - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
+    - ssb: sdio: Don't overwrite const buffer if block_write fails
+    - seq_buf: Make trace_seq_putmem_hex() support data longer than 8
+    - fuse: check connected before queueing on fpq->io
+    - [i386] spi: spi-topcliff-pch: Fix potential double free in
+      pch_spi_process_messages()
+    - media: cpia2: fix memory leak in cpia2_usb_probe
+    - media: cobalt: fix race condition in setting HPD
+    - media: pvrusb2: fix warning in pvr2_i2c_core_done
+    - [x86] crypto: qat - check return code of qat_hal_rd_rel_reg()
+    - [x86] crypto: qat - remove unused macro in FW loader
+    - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
+    - media: bt8xx: Fix a missing check bug in bt878_probe
+    - mmc: via-sdmmc: add a check against NULL pointer dereference
+    - crypto: shash - avoid comparing pointers to exported functions under CFI
+    - media: dvb_net: avoid speculation from net slot
+    - media: siano: fix device register error path
+    - btrfs: abort transaction if we fail to update the delayed inode
+    - btrfs: disable build on platforms having page size 256K
+    - [armhf] regulator: da9052: Ensure enough delay time for
+      .set_voltage_time_sel
+    - ACPI: processor idle: Fix up C-state latency if not ordered
+    - block_dump: remove block_dump feature in mark_inode_dirty()
+    - fs: dlm: cancel work sync othercon
+    - fs: dlm: fix memory leak when fenced
+    - ACPI: bus: Call kobject_put() in acpi_init() error path
+    - [x86] platform/x86: toshiba_acpi: Fix missing error code in
+      toshiba_acpi_setup_keyboard()
+    - ACPI: tables: Add custom DSDT file as makefile prerequisite
+    - [armhf] sata_highbank: fix deferred probing
+    - media: siano: Fix out-of-bounds warnings in
+      smscore_load_firmware_family2()
+    - [armhf] spi: spi-sun6i: Fix chipselect/clock bug
+    - ACPI: sysfs: Fix a buffer overrun problem with description_show()
+    - ocfs2: fix snprintf() checking
+    - net: pch_gbe: Propagate error from devm_gpio_request_one()
+    - RDMA/rxe: Fix failure during driver load
+    - drm: qxl: ensure surf.data is ininitialized
+    - wireless: carl9170: fix LEDS build errors & warnings
+    - brcmsmac: mac80211_if: Fix a resource leak in an error handling path
+    - ath10k: Fix an error code in ath10k_add_interface()
+    - netlabel: Fix memory leak in netlbl_mgmt_add_common
+    - netfilter: nft_exthdr: check for IPv6 packet before further processing
+    - vxlan: add missing rcu_read_lock() in neigh_reduce()
+    - i40e: Fix error handling in i40e_vsi_open
+    - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
+    - writeback: fix obtain a reference to a freeing memcg css
+    - net: sched: fix warning in tcindex_alloc_perfect_hash
+    - tty: nozomi: Fix a resource leak in an error handling function
+    - iio: adis_buffer: do not return ints in irq handlers
+    - [x86] iio: accel: kxcjk-1013: Fix buffer alignment in
+      iio_push_to_buffers_with_timestamp()
+    - [x86] iio: gyro: bmg160: Fix buffer alignment in
+      iio_push_to_buffers_with_timestamp()
+    - [x86] char: pcmcia: error out if 'num_bytes_read' is greater than 4 in
+      set_protocol()
+    - tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
+    - [x86] scsi: FlashPoint: Rename si_flags field
+    - of: Fix truncation of memory sizes on 32-bit platforms
+    - scsi: mpt3sas: Fix error return value in _scsih_expander_add()
+    - configfs: fix memleak in configfs_release_bin_file
+    - mm/huge_memory.c: don't discard hugepage if other processes are mapping
+      it
+    - mmc: vub300: fix control-request direction
+    - scsi: core: Retry I/O for Notify (Enable Spinup) Required error
+    - [i386] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
+    - atm: iphase: fix possible use-after-free in ia_module_exit()
+    - mISDN: fix possible use-after-free in HFC_cleanup()
+    - atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
+    - [rt] net: Treat __napi_schedule_irqoff() as __napi_schedule() on
+      PREEMPT_RT
+    - reiserfs: add check for invalid 1st journal block
+    - drm/virtio: Fix double free on probe failure
+    - udf: Fix NULL pointer dereference in udf_symlink function
+    - [arm64,armhf] clk: tegra: Ensure that PLLU configuration is applied
+      properly
+    - ipv6: use prandom_u32() for ID generation
+    - RDMA/cxgb4: Fix missing error code in create_qp()
+    - dm space maps: don't reset space map allocation cursor when committing
+    - selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
+    - xfrm: Fix error reporting in xfrm_state_construct.
+    - [arm64,armhf] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
+    - [arm64,armhf] wl1251: Fix possible buffer overflow in wl1251_cmd_scan
+    - atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
+    - atm: nicstar: register the interrupt handler in the right place
+    - RDMA/rxe: Don't overwrite errno from ib_umem_get()
+    - sfc: avoid double pci_remove of VFs
+    - sfc: error code if SRIOV cannot be disabled
+    - wireless: wext-spy: Fix out-of-bounds warning
+    - RDMA/cma: Fix rdma_resolve_route() memory leak
+    - Bluetooth: Fix the HCI to MGMT status conversion table
+    - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
+    - sctp: add size validation when walking chunks (CVE-2021-3655)
+    - fuse: reject internal errno
+    - can: gw: synchronize rcu operations before removing gw job entry
+    - mac80211: fix memory corruption in EAPOL handling
+    - [x86] pinctrl/amd: Add device HID for new AMD GPIO controller
+    - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
+    - mmc: core: clear flags before allowing to retune
+    - [armhf] ata: ahci_sunxi: Disable DIPM
+    - [arm64,armhf] ASoC: tegra: Set driver_name=tegra for all machine drivers
+    - [x86] ipmi/watchdog: Stop watchdog timer when the current action is 'none'
+    - seq_buf: Fix overflow in seq_buf_putmem_hex()
+    - dm btree remove: assign new_root only when removal succeeds
+    - media: dtv5100: fix control-request directions
+    - media: zr364xx: fix memory leak in zr364xx_start_readpipe
+    - media: gspca/sq905: fix control-request direction
+    - media: gspca/sunplus: fix zero-length control requests
+    - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
+    - jfs: fix GPF in diFree
+    - [x86] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is
+      enabled
+    - [x86] KVM: X86: Disable hardware breakpoints unconditionally before
+      kvm_x86->run()
+    - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
+    - tracing: Do not reference char * as a string in histograms
+    - fscrypt: don't ignore minor_hash when hash is 0
+    - [x86] misc/libmasm/module: Fix two use after free in ibmasm_init_one
+    - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
+    - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
+    - [x86] tty: serial: 8250: serial_cs: Fix a memory leak in error handling
+      path
+    - fs/jfs: Fix missing error code in lmLogInit()
+    - scsi: iscsi: Add iscsi_cls_conn refcount helpers
+    - [i386] ALSA: sb: Fix potential double-free of CSP mixer elements
+    - [arm64] gpio: zynq: Check return value of pm_runtime_get_sync
+    - ASoC: soc-core: Fix the error return code in
+      snd_soc_of_parse_audio_routing()
+    - ALSA: bebob: add support for ToneWeal FW66
+    - usb: gadget: f_hid: fix endianness issue with descriptors
+    - usb: gadget: hid: fix error return code in hid_bind()
+    - ALSA: hda: Add IRQ check for platform_get_irq()
+    - i2c: core: Disable client irq on reboot/shutdown
+    - lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
+    - [x86] watchdog: Fix possible use-after-free in wdt_startup()
+    - [x86] watchdog: Fix possible use-after-free by calling del_timer_sync()
+    - [x86] fpu: Return proper error codes from user access functions
+    - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
+    - [arm64,armhf] pwm: tegra: Don't modify HW state in .remove callback
+    - [arm64] ACPI: AMBA: Fix resource name in /proc/iomem
+    - virtio-blk: Fix memory leak among suspend/resume procedure
+    - virtio_console: Assure used length from device is limited
+      (CVE-2021-38160)
+    - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
+    - nfs: fix acl memory leak of posix_acl_create()
+    - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
+    - [x86] fpu: Limit xstate copy size in xstateregs_set()
+    - [i386] ALSA: isa: Fix error return code in snd_cmi8330_probe()
+    - [armhf] dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
+    - [armhf] dts: exynos: fix PWM LED max brightness on Odroid XU4
+    - rtc: fix snprintf() checking in is_rtc_hctosys()
+    - reset: bail if try_module_get() fails
+    - [armhf] dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
+    - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.277
+    - [armhf] dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and
+      rk3288
+    - [armhf] dts: rockchip: Fix power-controller node names for rk3288
+    - [armhf] dts: imx6: phyFLEX: Fix UART hardware flow control
+    - [armhf] imx: pm-imx5: Fix references to imx5_cpu_suspend_info
+    - [arm64] dts: juno: Update SCPI nodes as per the YAML schema
+    - [arm64,armhf] rtc: max77686: Do not enforce (incorrect) interrupt trigger
+      type
+    - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
+    - sched/fair: Fix CFS bandwidth hrtimer expiry type
+    - net: ipv6: fix return value of ip6_skb_dst_mtu
+    - net: bridge: sync fdb to new unicast-filtering ports
+    - [arm64] net: qcom/emac: fix UAF in emac_remove
+    - net: ti: fix UAF in tlan_remove_one
+    - net: validate lwtstate->data before returning from skb_tunnel_info()
+    - tcp: annotate data races around tp->mtu_info
+    - ipv6: tcp: drop silly ICMPv6 packet too big messages
+    - ixgbe: Fix an error handling path in 'ixgbe_probe()'
+    - igb: Fix an error handling path in 'igb_probe()'
+    - fm10k: Fix an error handling path in 'fm10k_probe()'
+    - e1000e: Fix an error handling path in 'e1000_probe()'
+    - iavf: Fix an error handling path in 'iavf_probe()'
+    - igb: Check if num of q_vectors is smaller than max before array access
+    - perf lzma: Close lzma stream on exit
+    - perf test bpf: Free obj_buf
+    - perf probe-file: Delete namelist in del_events() on the error path
+    - net: fix uninit-value in caif_seqpkt_sendmsg
+    - [x86] net: decnet: Fix sleeping inside in af_decnet
+    - netrom: Decrease sock refcount when sock timers expire
+    - scsi: iscsi: Fix iface sysfs attr detection
+    - scsi: target: Fix protect handling in WRITE SAME(32)
+    - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
+    - proc: Avoid mixing integer types in mem_rw()
+    - [i386] ALSA: sb: Fix potential ABBA deadlock in CSP driver
+    - xhci: Fix lost USB 2 remote wake
+    - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
+    - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
+    - usb: max-3421: Prevent corruption of freed memory (CVE-2021-38204)
+    - USB: serial: option: add support for u-blox LARA-R6 family
+    - USB: serial: cp210x: fix comments for GE CS1000
+    - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
+    - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
+      (CVE-2021-3679)
+    - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.278
+    - [amd64] iommu/amd: Fix backport of
+      140456f994195b568ecd7fc2287a34eadffef3ca (regression in 4.9.261)
+    - tipc: Fix backport of b77413446408fdd256599daf00d5be72b5f3e7c6
+      (regression in 4.9.253)
+    - net: split out functions related to registering inflight socket files
+    - af_unix: fix garbage collect vs MSG_PEEK (CVE-2021-0920)
+    - workqueue: fix UAF in pwq_unbound_release_workfn()
+    - net/802/mrp: fix memleak in mrp_request_join()
+    - net/802/garp: fix memleak in garp_request_join()
+    - sctp: move 198 addresses from unusable to private scope
+    - hfs: add missing clean-up in hfs_fill_super
+    - hfs: fix high memory mapping in hfs_bnode_read
+    - hfs: add lock nesting notation to hfs_find_init
+    - ocfs2: fix zero out valid data
+    - ocfs2: issue zeroout to EOF blocks
+    - can: usb_8dev: fix memory leak
+    - can: ems_usb: fix memory leak
+    - can: esd_usb2: fix memory leak
+    - NIU: fix incorrect error return, missed in previous revert
+    - nfc: nfcsim: fix use after free during module unload
+    - cfg80211: Fix possible memory leak in function cfg80211_bss_update
+    - netfilter: conntrack: adjust stop timestamp to real expiry value
+    - netfilter: nft_nat: allow to specify layer 4 protocol NAT only
+    - tipc: fix sleeping in tipc accept routine
+    - mlx4: Fix missing error code in mlx4_load_one()
+    - net: llc: fix skb_over_panic
+    - net/mlx5: Fix flow table chaining
+    - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
+    - sis900: Fix missing pci_disable_device() in probe and remove
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.279
+    - btrfs: mark compressed range uptodate only if all bio succeed
+    - r8152: Fix potential PM refcount imbalance
+    - net: Fix zero-copy head len calculation.
+    - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.280
+    - ALSA: seq: Fix racy deletion of subscriber
+    - scsi: sr: Return correct event when media event code is 3
+    - media: videobuf2-core: dequeue if start_streaming fails
+    - net: natsemi: Fix missing pci_disable_device() in probe and remove
+    - bnx2x: fix an error code in bnx2x_nic_load()
+    - net: pegasus: fix uninit-value in get_interrupt_interval
+    - net: vxge: fix use-after-free in vxge_device_unregister
+    - Bluetooth: defer cleanup of resources in hci_unregister_dev()
+    - USB: usbtmc: Fix RCU stall warning
+    - USB: serial: option: add Telit FD980 composition 0x1056
+    - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
+    - media: rtl28xxu: fix zero-length control request
+    - pipe: increase minimum default pipe size to 2 pages
+    - serial: 8250: Mask out floating 16/32-bit bus bits
+    - [x86] pcmcia: i82092: fix a null pointer dereference bug
+    - [x86] perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside
+      the guest
+    - reiserfs: add check for root_inode in reiserfs_fill_super
+    - reiserfs: check directory items on read from disk
+    - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and
+      ql_adapter_reset
+    - [arm64] USB:ehci:fix Kunpeng920 ehci hardware problem
+    - ppp: Fix generating ppp unit id when ifname is not specified
+    - net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205)
+    - ovl: prevent private clone if bind mount is not allowed (CVE-2021-3732)
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.281
+    - iio: adc: Fix incorrect exit of for-loop
+    - [x86] ASoC: intel: atom: Fix reference to PCM buffer address
+    - i2c: dev: zero out array used for i2c reads from userspace
+    - ACPI: NFIT: Fix support for virtual SPA ranges
+    - ppp: Fix generating ifname when empty IFLA_IFNAME is specified
+    - net: Fix memory leak in ieee802154_raw_deliver
+    - net: bridge: fix memleak in br_add_if()
+    - tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B
+      packets
+    - xen/events: Fix race in set_evtchn_to_irq
+    - PCI/MSI: Enable and mask MSI-X early
+    - PCI/MSI: Do not set invalid bits in MSI mask
+    - PCI/MSI: Correct misleading comments
+    - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()
+    - PCI/MSI: Protect msi_desc::masked for multi-MSI
+    - PCI/MSI: Mask all unused MSI-X entries
+    - PCI/MSI: Enforce that MSI-X table entry is masked for update
+    - PCI/MSI: Enforce MSI[X] entry updates to be visible
+    - mac80211: drop data frames without key on encrypted links
+    - [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
+      (CVE-2021-3653)
+    - [x86] fpu: Make init_fpstate correct with optimized XSAVE
+    - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is
+      not yet available
+    - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
+    - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
+    - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
+    - Bluetooth: hidp: use correct wait queue when removing ctrl_wait
+    - vhost: Fix the calculation in vhost_overflow()
+    - net: 6pack: fix slab-out-of-bounds in decode_data (CVE-2021-42008)
+    - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
+    - [arm64,armhf] mmc: dw_mmc: call the dw_mci_prep_stop_abort() by default
+    - [arm64,armhf] mmc: dw_mmc: Fix hang on data CRC error
+    - ALSA: hda - fix the 'Capture Switch' value change notifications
+    - btrfs: prevent rename2 from exchanging a subvol with a directory from
+      different parents
+    - [x86] ASoC: intel: atom: Fix breakage for PCM buffer address setup
+    - locks: print a warning when mount fails due to lack of "mand" support
+    - fs: warn about impending deprecation of mandatory locks
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.282
+    - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN
+      RX and TX error counters
+    - USB: serial: option: add new VID/PID to support Fibocom FG150
+    - [arm64,armhf] usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
+    - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
+    - e1000e: Fix the max snoop/no-snoop latency for 10M
+    - ip_gre: add validation for csum_start
+    - [armhf] net: marvell: fix MVNETA_TX_IN_PRGRS bit number
+    - virtio: Improve vq->broken access to avoid any compiler optimization
+    - vringh: Use wiov->used to check for read/write desc order
+    - net/rds: dma_map_sg is entitled to merge entries
+    - vt_kdsetmode: extend console locking (CVE-2021-3753)
+    - fbmem: add margin check to fb_check_caps()
+    - [x86] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow
+      MMUs
+    - Revert "floppy: reintroduce O_NDELAY fix" (regression in 4.9.259)
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.283
+    - ext4: fix race writing to an inline_data file while its xattrs are
+      changing (CVE-2021-40490)
+    - qed: Fix the VF msix vectors flow
+    - qede: Fix memset corruption
+    - [x86] perf/x86/amd/ibs: Work around erratum #1197
+    - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
+    - ath: Avoid transmitting frames unencrypted after disassociation
+      (CVE-2020-3702):
+      + ath: Use safer key clearing with key cache entries
+      + ath9k: Clear key cache explicitly on disabling hardware
+      + ath: Export ath_hw_keysetmac()
+      + ath: Modify ath_key_delete() to not need full key entry
+      + ath9k: Postpone key cache entry deletion for TXQ frames reference it
+    - media: stkwebcam: fix memory leak in stk_camera_probe
+    - igmp: Add ip_mc_list lock in ip_check_mc_rcu
+    - USB: serial: mos7720: improve OOM-handling in read_mos_reg()
+    - net/sched: cls_flower: Use mask for addr_type
+    - PM / wakeirq: Enable dedicated wakeirq for suspend
+    - nvme-pci: Fix an error handling path in 'nvme_probe()'
+    - gfs2: Don't clear SGID when inheriting ACLs
+    - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device
+      routing table (v2)
+    - mm/page_alloc: speed up the iteration of max_order
+    - [x86] reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
+    - PCI: Call Max Payload Size-related fixup quirks early
+    - regmap: fix the offset of register error log
+    - [armhf] crypto: omap-sham - clear dma flags only after
+      omap_sham_update_dma_stop()
+    - udf: Check LVID earlier
+    - libata: fix ata_host_start()
+    - [x86] crypto: qat - do not ignore errors from enable_vf2pf_comms()
+    - [x86] crypto: qat - handle both source of interrupt in VF ISR
+    - [x86] crypto: qat - fix reuse of completion variable
+    - [x86] crypto: qat - fix naming for init/shutdown VF to PF notifications
+    - [x86] crypto: qat - do not export adf_iov_putmsg()
+    - udf_get_extendedattr() had no boundary checks.
+    - [x86] crypto: qat - use proper type for vf_mask
+    - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
+    - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
+    - media: go7007: remove redundant initialization
+    - Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
+    - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
+    - PCI: PM: Enable PME if it can be signaled from D3cold
+    - [arm64] soc: qcom: smsm: Fix missed interrupts if state changes while
+      masked
+    - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
+    - Bluetooth: fix repeated calls to sco_sock_kill
+    - [arm64] drm/msm/dsi: Fix some reference counted resource leaks
+    - [armhf] usb: phy: twl6030: add IRQ checks
+    - Bluetooth: Move shutdown callback before flushing tx and rx queue
+    - Bluetooth: add timeout sanity check to hci_inquiry
+    - [armhf] i2c: s3c2410q: fix IRQ check
+    - [arm64,armhf] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
+    - CIFS: Fix a potencially linear read overflow
+    - [armel] usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
+    - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
+    - bcma: Fix memory leak for internally-handled cores
+    - ipv4: make exception cache less predictible (CVE-2021-20322)
+    - tty: Fix data race between tiocsti() and flush_to_ldisc()
+    - [x86] KVM: x86: Update vCPU's hv_clock before back to guest when
+      tsc_offset is adjusted
+    - [armel] clk: kirkwood: Fix a clocking boot regression
+    - fbmem: don't allow too huge resolutions
+    - PCI/MSI: Skip masking MSI-X on Xen PV
+    - [x86] xen: fix setting of max_pfn in shared_info
+    - [x86] VMCI: fix NULL pointer dereference when unmapping queue pair
+    - media: uvc: don't do DMA on stack
+    - media: rc-loopback: return number of emitters rather than error
+    - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
+    - [armel,armhf] 9105/1: atags_to_fdt: don't warn about stack size
+    - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
+    - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
+    - [arm64,armhf] pinctrl: single: Fix error return code in
+      pcs_parse_bits_in_pinctrl_entry()
+    - PCI: Use pci_update_current_state() in pci_enable_device_flags()
+    - [x86] video: fbdev: kyro: fix a DoS bug by restricting user input
+    - netlink: Deal with ESRCH error in nlmsg_notify()
+    - usb: gadget: u_ether: fix a potential null pointer dereference
+    - usb: gadget: composite: Allow bMaxPower=0 if self-powered
+    - [x86] tty: serial: jsm: hold port lock when reporting modem line changes
+    - bpf/tests: Fix copy-and-paste error in double word test
+    - bpf/tests: Do not PASS tests without actually testing the result
+    - [x86] video: fbdev: kyro: Error out if 'pixclock' equals zero
+    - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
+    - flow_dissector: Fix out-of-bounds warnings
+    - serial: 8250: Define RX trigger levels for OxSemi 950 devices
+    - serial: 8250_pci: make setup_port() parameters explicitly unsigned
+    - Bluetooth: skip invalid hci_sync_conn_complete_evt
+    - [x86] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps
+      for the matching in-/output
+    - [arm64] net: ethernet: stmmac: Do not use unreachable() in
+      ipq806x_gmac_probe()
+    - Bluetooth: avoid circular locks in sco_sock_connect
+    - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable
+      access in amdgpu_i2c_router_select_ddc_port()
+    - [armhf] tegra: tamonten: Fix UART pad setting
+    - rpc: fix gss_svc_init cleanup on failure
+    - gfs2: Don't call dlm after protocol is unmounted
+    - mmc: rtsx_pci: Fix long reads when clock is prescaled
+    - cifs: fix wrong release in sess_alloc_buffer() failed path
+    - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
+      quirk set" (regression in 4.9.251)
+    - [x86] usbip: give back URBs for unsent unlink requests during cleanup
+    - parport: remove non-zero check on count
+    - ath9k: fix OOB read ar9300_eeprom_restore_internal
+    - ath9k: fix sleeping in atomic context
+    - net: fix NULL pointer reference in cipso_v4_doi_free
+    - [x86] scsi: BusLogic: Fix missing pr_cont() use
+    - mm/hugetlb: initialize hugetlb_usage in mm_init
+    - memcg: enable accounting for pids in nested pid namespaces
+    - [x86] xen: reset legacy rtc flag for PV domU
+    - bnx2x: Fix enabling network interfaces without VFs
+    - net-caif: avoid user-triggerable WARN_ON(1)
+    - dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119)
+      (regression in 4.9.108)
+    - net/l2tp: Fix reference count leak in l2tp_udp_recv_core
+    - r6040: Restore MDIO clock frequency after MAC reset
+    - tipc: increase timeout in tipc_sk_enqueue()
+    - events: Reuse value read using READ_ONCE instead of re-reading it
+    - net/af_unix: fix a data-race in unix_dgram_poll
+    - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
+    - [x86] mm: Fix kern_addr_valid() to cope with existing but not present
+      entries
+    - [armhf] mfd: Don't use irq_create_mapping() to resolve a mapping
+    - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
+    - ethtool: Fix an error code in cxgb2.c
+    - mtd: rawnand: cafe: Fix a resource leak in the error handling path of
+      'cafe_nand_probe()'
+    - [armhf] net: dsa: b53: Fix calculating number of switch ports
+    - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.284
+    - PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
+    - sctp: validate chunk size in __rcv_asconf_lookup
+    - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
+    - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
+    - 9p/trans_virtio: Remove sysfs file on probe failure
+    - prctl: allow to setup brk for et_dyn executables
+    - profiling: fix shift-out-of-bounds bugs
+    - ceph: lockdep annotations for try_nonblocking_invalidate
+    - nilfs2: fix memory leak in nilfs_sysfs_create_device_group
+    - nilfs2: fix NULL pointer in nilfs_##name##_attr_release
+    - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
+    - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
+    - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
+    - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
+    - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
+    - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
+    - sctp: validate from_addr_param return
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.285
+    - ocfs2: drop acl cache for directories too
+    - [armf] usb: musb: tusb6010: uninitialized data in
+      tusb_fifo_write_unaligned()
+    - cifs: fix incorrect check for null pointer in header_assemble
+    - [x86] xen/x86: fix PV trap handling on secondary processors
+    - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
+    - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
+    - USB: serial: mos7840: remove duplicated 0xac24 device ID
+    - USB: serial: option: add Telit LN920 compositions
+    - USB: serial: option: remove duplicate USB device ID
+    - USB: serial: option: add device id for Foxconn T99W265
+    - [arm64] serial: mvebu-uart: fix driver's tx_empty callback
+    - net: hso: fix muxed tty registration
+    - net/mlx4_en: Don't allow aRFS for encapsulated packets
+    - scsi: iscsi: Adjust iface sysfs attr detection
+    - blktrace: Fix uaf in blk_trace access after removing by sysfs
+    - [arm64,armhf] net: stmmac: allow CSR clock of 300MHz
+    - qnx4: avoid stringop-overread errors
+    - [arm64] Mark __stack_chk_guard as __ro_after_init
+    - net: 6pack: Fix tx timeout and slot time
+    - [arm64] dts: marvell: armada-37xx: Extend PCIe MEM space
+    - qnx4: work around gcc false positive warning bug
+    - tty: Fix out-of-bound vmalloc access in imageblit
+    - cpufreq: schedutil: Use kobject release() method to free sugov_tunables
+    - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
+    - mac80211: fix use-after-free in CCMP/GCMP RX
+    - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
+    - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
+    - hwmon: (tmp421) fix rounding for negative values
+    - e100: fix length calculation in e100_get_regs_len
+    - e100: fix buffer overrun in e100_get_regs
+    - ext4: fix potential infinite loop in ext4_dx_readdir()
+    - net: udp: annotate data race around udp_sk(sk)->corkflag
+    - ARM: 9079/1: ftrace: Add MODULE_PLTS support
+    - [arm64] Extend workaround for erratum 1024718 to all versions of
+      Cortex-A55
+    - HID: betop: fix slab-out-of-bounds Write in betop_probe
+    - netfilter: ipset: Fix oversized kvmalloc() calls
+    - HID: usbhid: free raw_report buffers in usbhid_stop
+    - cred: allow get_cred() and put_cred() to be given NULL.
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.286
+    - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
+    - xen-netback: correct success/error reporting for the SKB-with-fraglist
+      case
+    - scsi: sd: Free scsi_disk device via put_device()
+    - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD.
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.287
+    - USB: cdc-acm: fix racy tty buffer accesses
+    - USB: cdc-acm: fix break reporting
+    - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321)
+    - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
+    - [armhf] dts: omap3430-sdp: Fix NAND device node
+    - bpf: Fix integer overflow in prealloc_elems_and_freelist()
+      (CVE-2021-41864)
+    - phy: mdio: fix memory leak
+    - net_sched: fix NULL deref in fifo_set_limit()
+    - [x86] ptp_pch: Load module automatically if ID matches
+    - [armhf] imx6: disable the GIC CPU interface before calling stby-poweroff
+      sequence
+    - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
+    - netlink: annotate data races around nlk->bound
+    - drm/nouveau/debugfs: fix file release memory leak
+    - rtnetlink: fix if_nlmsg_stats_size() under estimation
+    - i40e: fix endless loop under rtnl
+    - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
+    - netfilter: ip6_tables: zero-initialize fragment offset
+    - mac80211: Drop frames from invalid MAC address in ad-hoc mode
+    - scsi: ses: Fix unsigned comparison with less than zero
+    - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
+    - [x86] perf/x86: Reset destroy callback on event init failure
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.288
+    - ALSA: seq: Fix a potential UAF by wrong private_free call order
+    - xhci: Enable trust tx length quirk for Fresco FL11 USB controller
+    - cb710: avoid NULL pointer subtraction
+    - [x86] efi/cper: use stack buffer for error record decoding
+    - efi: Change down_interruptible() in virt_efi_reset_system() to
+      down_trylock()
+    - Input: xpad - add support for another USB ID of Nacon GC-100
+    - USB: serial: qcserial: add EM9191 QDL support
+    - USB: serial: option: add Telit LE910Cx composition 0x1204
+    - ethernet: s2io: fix setting mac address during resume
+    - nfc: fix error handling of nfc_proto_register()
+    - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
+    - NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
+    - [i386] pata_legacy: fix a couple uninitialized variable bugs
+    - [arm64] drm/msm: Fix null pointer dereference on pointer edp
+    - [arm64] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
+    - r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256
+    - NFSD: Keep existing listeners on portlist error
+    - netfilter: ipvs: make global sysctl readonly in non-init netns
+    - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
+      state notification
+    - can: peak_pci: peak_pci_remove(): fix UAF
+    - ocfs2: fix data corruption after conversion from inline format
+    - ocfs2: mount fails with buffer overflow in strlen
+    - elfcore: correct reference to CONFIG_UML
+    - vfs: check fd has read access in kernel_read_file_from_fd()
+    - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
+    - ASoC: DAPM: Fix missing kctl change notifications
+    - nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760)
+    - isdn: cpai: check ctr->cnr to avoid array index out of bound
+      (CVE-2021-43389)
+    - isdn: mISDN: Fix sleeping function called from invalid context
+    - [x86] platform/x86: intel_scu_ipc: Update timeout value in comment
+    - ALSA: hda: avoid write to STATESTS if controller is in reset
+    - tracing: Have all levels of checks prevent recursion
+    - [armel,armhf] 9122/1: select HAVE_FUTEX_CMPXCHG
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.289
+    - usbnet: sanity check for maxpacket
+    - usbnet: fix error return code in usbnet_probe()
+    - ata: sata_mv: Fix the error handling of mv_chip_id()
+    - nfc: port100: fix using -ERRNO as command type mask
+    - mmc: vub300: fix control-message timeouts
+    - [armhf] mmc: dw_mmc: exynos: fix the finding clock sample value
+    - mmc: sdhci: Map more voltage level to SDHCI_POWER_330
+    - net: lan78xx: fix division by zero in send path
+    - regmap: Fix possible double-free in regcache_rbtree_exit()
+    - net: batman-adv: fix error handling
+    - sctp: use init_tag from inithdr for ABORT chunk
+    - sctp: add vtag check in sctp_sf_violation
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.290
+    - scsi: core: Put LLD module refcnt after SCSI device is released
+    - mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS
+    - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed
+    - net: hso: register netdev later to avoid a race condition
+    - usb: hso: fix error handling code of hso_create_net_device
+      (CVE-2021-37159)
+    - IB/qib: Use struct_size() helper
+    - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
+    - [armhf] usb: musb: Balance list entry in musb_gadget_queue
+    - usb-storage: Add compatibility quirk flags for iODD 2531/2541
+    - printk/console: Allow to disable console output by using console="" or
+      console=null (regression in 4.9.238)
+    - isofs: Fix out of bound access for corrupted isofs image
+    - [x86] comedi: dt9812: fix DMA buffers on stack
+    - [x86] comedi: ni_usb6501: fix NULL-deref in command paths
+    - [x86] comedi: vmk80xx: fix transfer-buffer overflows
+    - [x86] comedi: vmk80xx: fix bulk-buffer overflow
+    - [x86] comedi: vmk80xx: fix bulk and interrupt message timeouts
+    - staging: r8712u: fix control-message timeout
+    - [x86] staging: rtl8192u: fix control-message timeouts
+    - rsi: fix control-message timeout
+
+  [ Ben Hutchings ]
+  * crypto: Ignore removal of internal symbol shash_no_setkey
+  * [rt] Update to 4.9.286-rt189
+  * crypto/qat: Ignore ABI changes
+  * sctp: Ignore ABI changes
+  * Bump ABI to 17
+  * timerqueue: Fix potential timer tree corruption and system hang
+    (CVE-2021-20317):
+    - rbtree: cache leftmost node internally
+    - lib/timerqueue: Rely on rbtree semantics for next timer
+  * KVM: Fix bugs in hva_to_pfn_remapped():
+    - mm: add follow_pte_pmd()
+    - KVM: do not assume PTE is writable after follow_pfn
+    - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
+    - KVM: do not allow mapping valid but non-reference-counted pages
+      (CVE-2021-22543)
+  * [x86] KVM: Fix bugs in shadow page table management:
+    - KVM: nVMX: fix EPT permissions as reported in exit qualification
+    - KVM: MMU: drop vcpu param in gpte_access
+    - KVM: X86: MMU: Use the correct inherited permissions to get shadow
+      page (CVE-2021-38198)
+  * NFSv4: Initialise connection to the server in nfs4_alloc_client()
+    (CVE-2021-38199)
+  * media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
+    (CVE-2021-42739)
 
 4.9.272-2 [Mon, 19 Jul 2021 22:08:03 +0200] Ben Hutchings <benh@debian.org>:
 

<http://piuparts.knut.univention.de/4.4-8/#6200001377238929405>
Comment 2 Philipp Hahn univentionstaff 2021-12-21 10:30:40 CET
r19491 | patches/linux/4.4-0-0-ucs/4.9.272-2-errata4.4-8/0001-i40e-Be-much-more-verbose-about-what-we-can-and-cann.quilt got included into <https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.274> → patch no longer needed

Package: univention-kernel-image
Version: 12.0.0-9A~4.4.0.202112211012
Branch: ucs_4.4-0
Scope: errata4.4-8

Package: univention-kernel-image-signed
Version: 5.0.0-19A~4.4.0.202112211004
Branch: ucs_4.4-0
Scope: errata4.4-8

[4.4-8] 5c535bc904 Bug #54260: linux 4.9.290-1
 doc/errata/staging/linux-latest.yaml                   | 82 ++++++++++++++++++++++++++++++++++++++
 doc/errata/staging/linux.yaml                          | 24 ++++++-----
 doc/errata/staging/univention-kernel-image-signed.yaml | 82 ++++++++++++++++++++++++++++++++++++++
 doc/errata/staging/univention-kernel-image.yaml        | 82 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 259 insertions(+), 11 deletions(-)
Comment 3 Philipp Hahn univentionstaff 2021-12-21 12:55:10 CET
OK: apt install -t apt univention-kernel-image
OK: amd64 @ kvm + SeaBIOS
OK: amd64 @ kvm + OVMF + SB
OK: cat /sys/kernel/security/securelevel ; echo
IGN: amd64 @ xenX
OK: i386 @ kvm
OK: uname -a
OK: dmesg -H
OK ./linux-dmesg-norm -a
OK: YAML
OK: announce-errata -V
OK: <https://jenkins.knut.univention.de:8181/job/UCS-4.4/job/UCS-4.4-8/job/BuildDVD/267/>