El-errata: ELSA-2022-9179 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
Oracle Linux Security Advisory ELSA-2022-9179
http://linux.oracle.com/errata/ELSA-2022-9179.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
kernel-uek-4.14.35-2047.511.5.2.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-2047.511.5.2.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-2047.511.5.2.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-2047.511.5.2.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-2047.511.5.2.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-2047.511.5.2.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-2047.511.5.2.el7uek.aarch64.rpm
perf-4.14.35-2047.511.5.2.el7uek.aarch64.rpm
python-perf-4.14.35-2047.511.5.2.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-2047.511.5.2.el7uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-2047.511.5.2.el7uek.src.rpm
Related CVEs:
CVE-2022-0492
Description of changes:
[4.14.35-2047.511.5.2.el7uek]
- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33876756] {CVE-2022-0492}
- scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33876755]
[4.14.35-2047.511.5.1.el7uek]
- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33836770]
[4.14.35-2047.511.5.el7uek]
- irq/msi: add extra step when both old and new affinity are not current cpu (Joe Jin) [Orabug: 33789982]
- Revert "rds/ib: Kernel change to extend rds-info functionality" (Rohit Nair) [Orabug: 33795472]
- smp: always continue to process IRQ work (Stephen Brennan) [Orabug: 33775326]
- scsi: libiscsi: Fix iscsi_task use after free() (Mike Christie) [Orabug: 33674803]
- scsi: libiscsi: Drop taskqueuelock (Mike Christie) [Orabug: 33674803]
- netfilter: fix regression in looped (broad|multi)cast's MAC handling (Ignacy Gawędzki)
- PM: hibernate: use correct mode for swsusp_close() (Thomas Zeitlhofer)
- tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware))
- binder: fix test regression due to sender_euid change (Todd Kjos)
- IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (José Expósito)
[4.14.35-2047.511.4.el7uek]
- net/rds: Refactor rds_ib_recv_refill_one (Freddy Carrillo) [Orabug: 33811840]
- net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33811824]
- ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33811779]
- rds: ib: Ack seq not always received in monotonic increasing order (Håkon Bugge) [Orabug: 33810922]
- arm64: pcie: Intercept Pensando specific SError (Henry Willard) [Orabug: 33811771]
- arm64: pcie: Change bad_mode hook to cap_pciep_access_in_progress() (Henry Willard) [Orabug: 33811771]
- arm64: pcie: Remove Pensando SError trapping patch (Henry Willard) [Orabug: 33811771]
- take care multiple extents in CoW extent converting (Wengang Wang) [Orabug: 33811755]
[4.14.35-2047.511.3.el7uek]
- scsi: vmw_pvscsi: Set residual data length conditionally (Alexey Makhalov) [Orabug: 33761308]
- xfs: force the log offline when log intent item recovery fails (Darrick J. Wong) [Orabug: 33757273]
- xfs: cancel intents immediately if process_intents fails (Darrick J. Wong) [Orabug: 33757273]
- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33749641]
- irqchip/gic-v3-its: Allow use of LPI tables in reserved memory (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Register LPI tables with EFI config table (Marc Zyngier) [Orabug: 33749641]
- efi: add API to reserve memory persistently across kexec reboot (Ard Biesheuvel) [Orabug: 33749641]
- efi/arm: libstub: add a root memreserve config table (Ard Biesheuvel) [Orabug: 33749641]
- efi: honour memory reservations passed via a linux specific config table (Ard Biesheuvel) [Orabug: 33749641]
- irqchip/gic-v3-its: Check that all RDs have the same property table (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Use pre-programmed redistributor tables with kdump kernels (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Allow use of pre-programmed LPI tables (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Keep track of property table's PA and VA (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Move pending table allocation to init time (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Split property table clearing from allocation (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Simplify LPI_PENDBASE_SZ usage (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Change initialization ordering for LPIs (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Cap lpi_id_bits to reduce memory footprint (Jia He) [Orabug: 33749641]
- irqchip/gic-v3-its: Make its_lock a raw_spin_lock_t (Sebastian Andrzej Siewior) [Orabug: 33749641]
- irqchip/gic-v3-its: Honor hypervisor enforced LPI range (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3: Expose GICD_TYPER in the rdist structure (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Drop chunk allocation compatibility (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Move minimum LPI requirements to individual busses (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Use full range of LPIs (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Refactor LPI allocator (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Only emit VSYNC if targetting a valid collection (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3-its: Only emit SYNC if targetting a valid collection (Marc Zyngier) [Orabug: 33749641]
- irqchip/gic-v3: Ensure GICR_CTLR.EnableLPI=0 is observed before enabling (Shanker Donthineni) [Orabug: 33749641]
- irqchip/gic-v3-its: Pass its_node pointer to each command builder (Marc Zyngier) [Orabug: 33749641]
- tee: handle lookup of shm with reference count 0 (Jens Wiklander) [Orabug: 33739583] {CVE-2021-44733}
- rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33660978]
- net/mlx5: Fix eeprom support for SFP module (Eran Ben Elisha) [Orabug: 33541468]
- x86/vector: search CPU vector starts from last successfully assigned (Joe Jin) [Orabug: 33290504]
[4.14.35-2047.511.2.el7uek]
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33756155] {CVE-2021-4155}
- net/mlx5e: ethtool, Add support for EEPROM high pages query (Erez Alfasi) [Orabug: 33755527]
- ethtool: Add SFF-8436 and SFF-8636 max EEPROM length definitions (Erez Alfasi) [Orabug: 33755527]
- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (George Kennedy) [Orabug: 33731361]
- uek-rpm: configs: disable CONFIG_USB_GADGET (aloktiw) [Orabug: 33730434]
- rds: ib: Incorporate the stat counter "ib_rdma_flush_mr_pool_avoided" in the structure "rds_ib_stat_names" (Praveen Kumar Kannoju) [Orabug: 33720886]
- panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33703438]
- panic: disable optimistic spin after halting CPUs (Stephen Brennan) [Orabug: 33703438]
- atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (Zekun Shen) [Orabug: 33594985] {CVE-2021-43975}
- x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Yazen Ghannam) [Orabug: 33427596]
- EDAC/mce_amd: Add new error descriptions for existing types (Yazen Ghannam) [Orabug: 33427596]
- x86/mce, EDAC/mce_amd: Print PPIN in machine check records (Smita Koralahalli) [Orabug: 33427596]
- x86/mce/amd, edac: Remove report_gart_errors (Borislav Petkov) [Orabug: 33427596]
- x86/mce/amd: Add PPIN support for AMD MCE (Wei Huang) [Orabug: 33427596]
- x86/mce: Take action on UCNA/Deferred errors again (Jan H. Schönherr) [Orabug: 33427596]
- xen/mcelog: add PPIN to record when available (Jan Beulich) [Orabug: 33427596]
- xen/mcelog: drop __MC_MSR_MCGCAP (Jan Beulich) [Orabug: 33427596]
- x86/MCE/AMD: Don't report L1 BTB MCA errors on some family 17h models (Yazen Ghannam) [Orabug: 33427596]
- x86/MCE: Add an MCE-record filtering function (Yazen Ghannam) [Orabug: 33427596]
- EDAC, mce_amd: Print ExtErrorCode and description on a single line (Yazen Ghannam) [Orabug: 33427596]
- mstflint_access: Update driver code to v4.18.0-1 from Github (Sharath Srinivasan) [Orabug: 33186485]
- mstflint_access: Update driver code to v4.17.0-1 from Github (Sharath Srinivasan) [Orabug: 33186485]
- mstflint_access: Add README.txt (Sharath Srinivasan) [Orabug: 33186485]
- Revert "Revert "net/mlx4_core: Add masking for a few queries on HCA caps"" (Freddy Carrillo) [Orabug: 32603654]
[4.14.35-2047.511.1.el7uek]
- uek-rpm: Update ol7 locklist with fnic symbols (Saeed Mirzamohammadi) [Orabug: 33590914]
- mm, oom: dump stack of victim when reaping failed (David Rientjes) [Orabug: 33647102]
- memcg: prohibit unconditional exceeding the limit of dying tasks (Vasily Averin) [Orabug: 33647102]
- memcg: enable memcg oom-kill for __GFP_NOFAIL (Shakeel Butt) [Orabug: 33647102]
- memcg, oom: no oom-kill for __GFP_RETRY_MAYFAIL (Shakeel Butt) [Orabug: 33647102]
- memcg: killed threads should not invoke memcg OOM killer (Tetsuo Handa) [Orabug: 33647102]
- memcg, oom: notify on oom killer invocation from the charge path (Michal Hocko) [Orabug: 33647102]
- mm: memcontrol: print proper OOM header when no eligible victim left (Johannes Weiner) [Orabug: 33647102]
- memcg, oom: move out_of_memory back to the charge path (Michal Hocko) [Orabug: 33647102]
- rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33671340]
- arm64: kexec: Suppress kexec on embedded systems (smartnics) (Henry Willard) [Orabug: 33699776]
- fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679805] {CVE-2021-0920}
- fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679805]
- xfs: remove all COW fork extents when remounting readonly (Darrick J. Wong) [Orabug: 33676191]
- RDS/IB: Fix error when trying to unallocate ring buffers (Hans Westgaard Ry) [Orabug: 33620350]
- net: macsec: Severe performance regression in "...preserve ordering" (Venkat Venkatsubra) [Orabug: 33557957]
- Linux 4.14.256 (Greg Kroah-Hartman)
- soc/tegra: pmc: Fix imbalanced clock disabling in error code path (Dmitry Osipenko)
- usb: max-3421: Use driver data instead of maintaining a list of bound devices (Uwe Kleine-König)
- RDMA/netlink: Add __maybe_unused to static inline in C file (Leon Romanovsky)
- batman-adv: Don't always reallocate the fragmentation skb head (Sven Eckelmann)
- batman-adv: Reserve needed_*room for fragments (Sven Eckelmann)
- batman-adv: Consider fragmentation for needed_headroom (Sven Eckelmann)
- batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (Linus Lüssing)
- batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (Linus Lüssing)
- perf/core: Avoid put_page() when GUP fails (Greg Thelen)
- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (hongao)
- drm/udl: fix control-message timeout (Johan Hovold)
- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (Nguyen Dinh Phi)
- parisc/sticon: fix reverse colors (Sven Schnelle)
- btrfs: fix memory ordering between normal and ordered work functions (Nikolay Borisov)
- mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag (Rustam Kovhaev)
- hexagon: export raw I/O routines for modules (Nathan Chancellor)
- tun: fix bonding active backup with arp monitoring (Nicolas Dichtel)
- perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server (Alexander Antonov)
- perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server (Alexander Antonov)
- NFC: reorder the logic in nfc_{un,}register_device (Lin Ma)
- NFC: reorganize the functions in nci_request (Lin Ma)
- i40e: Fix NULL ptr dereference on VSI filter sync (Michal Maloszewski)
- net: virtio_net_hdr_to_skb: count transport header in UFO (Jonathan Davies)
- platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (Christophe JAILLET)
- mips: lantiq: add support for clk_get_parent() (Randy Dunlap)
- mips: bcm63xx: add support for clk_get_parent() (Randy Dunlap)
- MIPS: generic/yamon-dt: fix uninitialized variable error (Colin Ian King)
- iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Surabhi Boob)
- net: bnx2x: fix variable dereferenced before check (Pavel Skripkin)
- sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (Vincent Donnefort)
- mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set (Randy Dunlap)
- sh: define __BIG_ENDIAN for math-emu (Randy Dunlap)
- sh: fix kconfig unmet dependency warning for FRAME_POINTER (Randy Dunlap)
- maple: fix wrong return value of maple_bus_init(). (Lu Wei)
- sh: check return code of request_irq (Nick Desaulniers)
- powerpc/dcr: Use cmplwi instead of 3-argument cmpli (Michael Ellerman)
- ALSA: gus: fix null pointer dereference on pointer block (Chengfeng Ye)
- powerpc/5200: dts: fix memory node unit name (Anatolij Gustschin)
- scsi: target: Fix alua_tg_pt_gps_count tracking (Mike Christie)
- scsi: target: Fix ordered tag handling (Mike Christie)
- MIPS: sni: Fix the build (Bart Van Assche)
- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Guanghui Feng)
- usb: host: ohci-tmio: check return value after calling platform_get_resource() (Yang Yingliang)
- ARM: dts: omap: fix gpmc,mux-add-data type (Roger Quadros)
- scsi: advansys: Fix kernel pointer leak (Guo Zhi)
- usb: musb: tusb6010: check return value after calling platform_get_resource() (Yang Yingliang)
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (James Smart)
- arm64: zynqmp: Fix serial compatible string (Michal Simek)
- PCI/MSI: Destroy sysfs before freeing entries (Thomas Gleixner)
- parisc/entry: fix trace test in syscall exit path (Sven Schnelle)
- tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (Paul Burton)
- ext4: fix lazy initialization next schedule time computation in more granular unit (Shaoying Xu)
- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (Pali Rohár)
- s390/cio: check the subchannel validity for dev_busid (Vineeth Vijayan)
- mm, oom: do not trigger out_of_memory from the #PF (Michal Hocko)
- mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks (Vasily Averin)
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (Naveen N. Rao)
- powerpc/bpf: Validate branch ranges (Naveen N. Rao)
- powerpc/lib: Add helper to check if offset is within conditional branch range (Naveen N. Rao)
- ARM: 9156/1: drop cc-option fallbacks for architecture selection (Arnd Bergmann)
- ARM: 9155/1: fix early early_iounmap() (Michał Mirosław)
- USB: chipidea: fix interrupt deadlock (Johan Hovold)
- vsock: prevent unnecessary refcnt inc for nonblocking connect (Eiichi Tsukata)
- nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (Chengfeng Ye)
- llc: fix out-of-bound array index in llc_sk_dev_hash() (Eric Dumazet)
- mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() (Miaohe Lin)
- bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (Huang Guobin)
- ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (Hans de Goede)
- net: davinci_emac: Fix interrupt pacing disable (Maxim Kiselev)
- xen-pciback: Fix return in pm_ctrl_init() (YueHaibing)
- i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (Christophe JAILLET)
- scsi: qla2xxx: Turn off target reset during issue_lip (Quinn Tran)
- ar7: fix kernel builds for compiler test (Jackie Liu)
- watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (Ahmad Fatoum)
- m68k: set a default value for MEMORY_RESERVE (Randy Dunlap)
- dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (Lars-Peter Clausen)
- netfilter: nfnetlink_queue: fix OOB when mac header was cleared (Florian Westphal)
- auxdisplay: ht16k33: Fix frame buffer device blanking (Geert Uytterhoeven)
- auxdisplay: ht16k33: Connect backlight to fbdev (Geert Uytterhoeven)
- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (Geert Uytterhoeven)
- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (Claudiu Beznea)
- mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (Evgeny Novikov)
- fs: orangefs: fix error return code of orangefs_revalidate_lookup() (Jia-Ju Bai)
- NFS: Fix deadlocks in nfs_scan_commit_list() (Trond Myklebust)
- PCI: aardvark: Don't spam about PIO Response Status (Marek Behún)
- drm/plane-helper: fix uninitialized variable reference (Alex Xu (Hello71))
- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (Baptiste Lepers)
- rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined (Arnaud Pouliquen)
- apparmor: fix error check (Tom Rix)
- power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (Hans de Goede)
- mips: cm: Convert to bitfield API to fix out-of-bounds access (Geert Uytterhoeven)
- serial: xilinx_uartps: Fix race condition causing stuck TX (Anssi Hannula)
- ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (Richard Fitzgerald)
- ASoC: cs42l42: Correct some register default values (Richard Fitzgerald)
- RDMA/mlx4: Return missed an error if device doesn't support steering (Leon Romanovsky)
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Dan Carpenter)
- power: supply: rt5033_battery: Change voltage values to µV (Jakob Hauser)
- usb: gadget: hid: fix error code in do_config() (Dan Carpenter)
- serial: 8250_dw: Drop wrong use of ACPI_PTR() (Andy Shevchenko)
- video: fbdev: chipsfb: use memset_io() instead of memset() (Christophe Leroy)
- memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (Dongliang Mu)
- soc/tegra: Fix an error handling path in tegra_powergate_power_up() (Christophe JAILLET)
- arm: dts: omap3-gta04a4: accelerometer irq fix (Andreas Kemnade)
- ALSA: hda: Reduce udelay() at SKL+ position reporting (Takashi Iwai)
- JFS: fix memleak in jfs_mount (Dongliang Mu)
- MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT (Jackie Liu)
- scsi: dc395: Fix error case unwinding (Tong Zhang)
- ARM: dts: at91: tse850: the emacphy interface is rmii (Peter Rosin)
- ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (Jackie Liu)
- RDMA/rxe: Fix wrong port_cap_flags (Junji Wei)
- ibmvnic: Process crqs after enabling interrupts (Sukadev Bhattiprolu)
- crypto: pcrypt - Delay write to padata->info (Daniel Jordan)
- net: phylink: avoid mvneta warning when setting pause parameters (Russell King (Oracle))
- net: amd-xgbe: Toggle PLL settings during rate change (Shyam Sundar S K)
- libertas: Fix possible memory leak in probe and disconnect (Wang Hai)
- libertas_tf: Fix possible memory leak in probe and disconnect (Wang Hai)
- samples/kretprobes: Fix return value if register_kretprobe() failed (Tiezhu Yang)
- irq: mips: avoid nested irq_enter() (Mark Rutland)
- s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() (David Hildenbrand)
- smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi (Tetsuo Handa)
- PM: hibernate: fix sparse warnings (Anders Roxell)
- phy: micrel: ksz8041nl: do not use power down mode (Stefan Agner)
- mwifiex: Send DELBA requests according to spec (Jonas Dreßler)
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (Nathan Chancellor)
- mmc: mxs-mmc: disable regulator on error and in the remove function (Christophe JAILLET)
- net: stream: don't purge sk_error_queue in sk_stream_kill_queues() (Jakub Kicinski)
- drm/msm: uninitialized variable in msm_gem_import() (Dan Carpenter)
- ath10k: fix max antenna gain unit (Sven Eckelmann)
- hwmon: Fix possible memleak in __hwmon_device_register() (Yang Yingliang)
- memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (Dan Carpenter)
- memstick: avoid out-of-range warning (Arnd Bergmann)
- b43: fix a lower bounds test (Dan Carpenter)
- b43legacy: fix a lower bounds test (Dan Carpenter)
- hwrng: mtk - Force runtime pm ops for sleep ops (Markus Schneider-Pargmann)
- crypto: qat - disregard spurious PFVF interrupts (Giovanni Cabiddu)
- crypto: qat - detect PFVF collision after ACK (Giovanni Cabiddu)
- ath9k: Fix potential interrupt storm on queue reset (Linus Lüssing)
- cpuidle: Fix kobject memory leaks in error paths (Anel Orazgaliyeva)
- media: cx23885: Fix snd_card_free call on null card pointer (Colin Ian King)
- media: si470x: Avoid card name truncation (Kees Cook)
- media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (Christophe JAILLET)
- media: dvb-usb: fix ununit-value in az6027_rc_query (Pavel Skripkin)
- cgroup: Make rebind_subsystems() disable v2 controllers all at once (Waiman Long)
- parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling (Sven Schnelle)
- task_stack: Fix end_of_stack() for architectures with upwards-growing stack (Helge Deller)
- parisc: fix warning in flush_tlb_all (Sven Schnelle)
- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (Yang Yingliang)
- ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (Arnd Bergmann)
- gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE (Stephen Suryaputra)
- ARM: clang: Do not rely on lr register for stacktrace (Masami Hiramatsu)
- smackfs: use __GFP_NOFAIL for smk_cipso_doi() (Tetsuo Handa)
- iwlwifi: mvm: disable RX-diversity in powersave (Johannes Berg)
- PM: hibernate: Get block device exclusively in swsusp_check() (Ye Bin)
- mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (Zheyu Ma)
- tracing/cfi: Fix cmp_entries_* functions signature mismatch (Kalesh Singh)
- lib/xz: Validate the value before assigning it to an enum variable (Lasse Collin)
- lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (Lasse Collin)
- memstick: r592: Fix a UAF bug when removing the driver (Zheyu Ma)
- leaking_addresses: Always print a trailing newline (Kees Cook)
- ACPI: battery: Accept charges over the design capacity as full (André Almeida)
- ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (Tuo Li)
- tracefs: Have tracefs directories not set OTH permission bits by default (Steven Rostedt (VMware))
- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (Anant Thazhemadam)
- ACPICA: Avoid evaluating methods too early during system resume (Rafael J. Wysocki)
- ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK (Randy Dunlap)
- media: mceusb: return without resubmitting URB in case of -EPROTO error. (Rajat Asthana)
- media: s5p-mfc: Add checking to s5p_mfc_probe(). (Nadezda Lutovinova)
- media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (Tuo Li)
- media: uvcvideo: Set capability in s_param (Ricardo Ribalda)
- media: netup_unidvb: handle interrupt properly according to the firmware (Zheyu Ma)
- media: mt9p031: Fix corrupted frame after restarting stream (Dirk Bender)
- mwifiex: Properly initialize private structure on interface type changes (Jonas Dreßler)
- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (Jonas Dreßler)
- x86: Increase exception stack sizes (Peter Zijlstra)
- smackfs: Fix use-after-free in netlbl_catmap_walk() (Pawan Gupta)
- locking/lockdep: Avoid RCU-induced noinstr fail (Peter Zijlstra)
- MIPS: lantiq: dma: reset correct number of channel (Aleksander Jan Bajkowski)
- MIPS: lantiq: dma: add small delay after reset (Aleksander Jan Bajkowski)
- platform/x86: wmi: do not fail if disabling fails (Barnabás Pőcze)
- Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo)
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (Takashi Iwai) {CVE-2021-3640}
- USB: iowarrior: fix control-message timeouts (Johan Hovold)
- USB: serial: keyspan: fix memleak on probe errors (Wang Hai)
- iio: dac: ad5446: Fix ad5622_write() return value (Pekka Korpinen)
- pinctrl: core: fix possible memory leak in pinctrl_enable() (Yang Yingliang)
- quota: correct error number in free_dqentry() (Zhang Yi)
- quota: check block number when reading the block in quota file (Zhang Yi)
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (Marek Behún)
- PCI: aardvark: Fix return value of MSI domain .alloc() method (Marek Behún)
- PCI: aardvark: Do not unmask unused interrupts (Pali Rohár)
- PCI: aardvark: Do not clear status bits of masked interrupts (Pali Rohár)
- xen/balloon: add late_initcall_sync() for initial ballooning done (Juergen Gross)
- ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume (Pavel Skripkin)
- ALSA: mixer: oss: Fix racy access to slots (Takashi Iwai)
- serial: core: Fix initializing and restoring termios speed (Pali Rohár)
- powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found (Xiaoming Ni)
- power: supply: max17042_battery: use VFSOC for capacity when no rsns (Henrik Grimler)
- power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (Sebastian Krzyszkowiak)
- signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT (Eric W. Biederman)
- signal: Remove the bogus sigkill_pending in ptrace_stop (Eric W. Biederman)
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (Alok Prasad)
- wcn36xx: handle connection loss indication (Benjamin Li)
- libata: fix checking of DMA state (Reimar Döffinger)
- mwifiex: Read a PCI register after writing the TX ring write pointer (Jonas Dreßler)
- wcn36xx: Fix HT40 capability for 2Ghz band (Loic Poulain)
- evm: mark evm_fixmode as __ro_after_init (Austin Kim)
- rtl8187: fix control-message timeouts (Johan Hovold)
- PCI: Mark Atheros QCA6174 to avoid bus reset (Ingmar Klein)
- ath10k: fix division by zero in send path (Johan Hovold)
- ath10k: fix control-message timeout (Johan Hovold)
- ath6kl: fix control-message timeout (Johan Hovold)
- ath6kl: fix division by zero in send path (Johan Hovold)
- mwifiex: fix division by zero in fw download path (Johan Hovold)
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (Eric Badger)
- regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (Krzysztof Kozlowski)
- regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (Krzysztof Kozlowski)
- hwmon: (pmbus/lm25066) Add offset coefficients (Zev Weiss)
- btrfs: fix lost error handling when replaying directory deletes (Filipe Manana)
- vmxnet3: do not stop tx queues after netif_device_detach() (Dongli Zhang)
- watchdog: Fix OMAP watchdog early handling (Walter Stoll)
- spi: spl022: fix Microwire full duplex mode (Thomas Perrot)
- bpf: Prevent increasing bpf_jit_limit above max (Lorenz Bauer)
- mmc: winbond: don't build on M68K (Randy Dunlap)
- hyperv/vmbus: include linux/bitops.h (Arnd Bergmann)
- sfc: Don't use netif_info before net_device setup (Erik Ekman)
- cavium: Fix return values of the probe function (Zheyu Ma)
- scsi: qla2xxx: Fix unmap of already freed sgl (Dmitry Bogdanov)
- cavium: Return negative value when pci_alloc_irq_vectors() fails (Zheyu Ma)
- x86/irq: Ensure PI wakeup handler is unregistered before module unload (Sean Christopherson)
- ALSA: timer: Unconditionally unlink slave instances, too (Takashi Iwai)
- ALSA: timer: Fix use-after-free problem (Wang Wensheng)
- ALSA: synth: missing check for possible NULL after the call to kstrdup (Austin Kim)
- ALSA: line6: fix control and interrupt message timeouts (Johan Hovold)
- ALSA: 6fire: fix control and bulk message timeouts (Johan Hovold)
- ALSA: ua101: fix division by zero at probe (Johan Hovold)
- media: ite-cir: IR receiver stop working after receive overflow (Sean Young)
- tpm: Check for integer overflow in tpm2_map_response_body() (Dan Carpenter)
- parisc: Fix ptrace check on syscall return (Helge Deller)
- mmc: dw_mmc: Dont wait for DRTO on Write RSP error (Christian Löhle)
- ocfs2: fix data corruption on truncate (Jan Kara)
- libata: fix read log timeout value (Damien Le Moal)
- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (Takashi Iwai)
- Input: elantench - fix misreporting trackpoint coordinates (Phoenix Huang)
- binder: use cred instead of task for selinux checks (Todd Kjos)
- binder: use euid from cred instead of using task (Todd Kjos)
- xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (Mathias Nyman)
- Linux 4.14.255 (Greg Kroah-Hartman)
- rsi: fix control-message timeout (Johan Hovold)
- staging: rtl8192u: fix control-message timeouts (Johan Hovold)
- staging: r8712u: fix control-message timeout (Johan Hovold)
- comedi: vmk80xx: fix bulk and interrupt message timeouts (Johan Hovold)
- comedi: vmk80xx: fix bulk-buffer overflow (Johan Hovold)
- comedi: vmk80xx: fix transfer-buffer overflows (Johan Hovold)
- comedi: ni_usb6501: fix NULL-deref in command paths (Johan Hovold)
- comedi: dt9812: fix DMA buffers on stack (Johan Hovold)
- isofs: Fix out of bound access for corrupted isofs image (Jan Kara)
- printk/console: Allow to disable console output by using console="" or console=null (Petr Mladek)
- usb-storage: Add compatibility quirk flags for iODD 2531/2541 (James Buren)
- usb: musb: Balance list entry in musb_gadget_queue (Viraj Shah)
- usb: gadget: Mark USB_FSL_QE broken on 64-bit (Geert Uytterhoeven)
- Revert "x86/kvm: fix vcpu-id indexed array sizes" (Juergen Gross)
- block: introduce multi-page bvec helpers (Ming Lei)
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (Mike Marciniszyn)
- IB/qib: Use struct_size() helper (Gustavo A. R. Silva)
- ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" (Wang Kefeng)
- arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed (Arnd Bergmann)
- mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS (Kirill A. Shutemov)
- media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Dan Carpenter)
- scsi: core: Put LLD module refcnt after SCSI device is released (Ming Lei)
- Linux 4.14.254 (Greg Kroah-Hartman)
- sctp: add vtag check in sctp_sf_ootb (Xin Long)
- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (Xin Long)
- sctp: add vtag check in sctp_sf_violation (Xin Long)
- sctp: fix the processing for COOKIE_ECHO chunk (Xin Long)
- sctp: use init_tag from inithdr for ABORT chunk (Xin Long)
- net: nxp: lpc_eth.c: avoid hang when bringing interface down (Trevor Woerner)
- nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST (Guenter Roeck)
- net: batman-adv: fix error handling (Pavel Skripkin)
- regmap: Fix possible double-free in regcache_rbtree_exit() (Yang Yingliang)
- net: lan78xx: fix division by zero in send path (Johan Hovold)
- mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (Haibo Chen)
- mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (Shawn Guo)
- mmc: dw_mmc: exynos: fix the finding clock sample value (Jaehoon Chung)
- mmc: vub300: fix control-message timeouts (Johan Hovold)
- ipv4: use siphash instead of Jenkins in fnhe_hashfun() (Eric Dumazet)
- Revert "net: mdiobus: Fix memory leak in __mdiobus_register" (Pavel Skripkin)
- nfc: port100: fix using -ERRNO as command type mask (Krzysztof Kozlowski)
- ata: sata_mv: Fix the error handling of mv_chip_id() (Zheyu Ma)
- usbnet: fix error return code in usbnet_probe() (Wang Hai)
- usbnet: sanity check for maxpacket (Oliver Neukum)
- ARM: 8819/1: Remove '-p' from LDFLAGS (Nathan Chancellor)
- powerpc/bpf: Fix BPF_MOD when imm == 1 (Naveen N. Rao)
- ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (Arnd Bergmann)
- ARM: 9134/1: remove duplicate memcpy() definition (Arnd Bergmann)
- ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (Nick Desaulniers)
[4.14.35-2047.511.0.el7uek]
- Linux 4.14.253 (Greg Kroah-Hartman)
- ASoC: DAPM: Cover regression by kctl change notification fix (Takashi Iwai)
- ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (Nick Desaulniers)
- tracing: Have all levels of checks prevent recursion (Steven Rostedt (VMware))
- net: mdiobus: Fix memory leak in __mdiobus_register (Yanfei Xu)
- ALSA: hda: avoid write to STATESTS if controller is in reset (Kai Vehmanen)
- platform/x86: intel_scu_ipc: Update timeout value in comment (Prashant Malani)
- isdn: mISDN: Fix sleeping function called from invalid context (Zheyu Ma)
- ARM: dts: spear3xx: Fix gmac node (Herve Codina)
- net: stmmac: add support for dwmac 3.40a (Herve Codina)
- btrfs: deal with errors when checking if a dir entry exists during log replay (Filipe Manana)
- netfilter: Kconfig: use 'default y' instead of 'm' for bool config option (Vegard Nossum)
- isdn: cpai: check ctr->cnr to avoid array index out of bound (Xiaolong Huang)
- nfc: nci: fix the UAF of rf_conn_info object (Lin Ma)
- ASoC: DAPM: Fix missing kctl change notifications (Takashi Iwai)
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (Brendan Grieve)
- vfs: check fd has read access in kernel_read_file_from_fd() (Matthew Wilcox (Oracle))
- elfcore: correct reference to CONFIG_UML (Lukas Bulwahn)
- ocfs2: mount fails with buffer overflow in strlen (Valentin Vidic)
- ocfs2: fix data corruption after conversion from inline format (Jan Kara)
- can: peak_pci: peak_pci_remove(): fix UAF (Zheyu Ma)
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (Stephane Grosjean)
- can: rcar_can: fix suspend/resume (Yoshihiro Shimoda)
- NIOS2: irqflags: rename a redefined register name (Randy Dunlap)
- netfilter: ipvs: make global sysctl readonly in non-init netns (Antoine Tenart)
- NFSD: Keep existing listeners on portlist error (Benjamin Coddington)
- xtensa: xtfpga: Try software restart before simulating CPU reset (Guenter Roeck)
- xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF (Max Filippov)
- ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default (Eugen Hristev)
- uek-rpm: Add _raw_spin_trylock to KABI (John Donnelly) [Orabug: 33557961]
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33581183]
- RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib) [Orabug: 33615343]
- net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33615357]
- rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33611440]
- net/mlx5: Remove unnecessary prints from mlx5_enter_error_state. (Anand Khoje) [Orabug: 33175315]
- net/rds: Don't pummel the subnet-manager (Gerd Rausch) [Orabug: 33589568]
- x86/clear_page: add alternative for clear_page_clzero() (Ankur Arora) [Orabug: 33580825]
- x86/asm: add clzero based page clearing (Ankur Arora) [Orabug: 33580825]
- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on all AMD Zen models (Ankur Arora) [Orabug: 33580825]
- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (Kim Phillips) [Orabug: 33580825]
- uek-rpm: Add smartpqi driver module in ueknano kernel (Somasundaram Krishnasamy) [Orabug: 33590163]
_______________________________________________
An unbreakable Enterprise kernel security update (aarch64) has been released for Oracle Linux 7.