Oracle Linux 6277 Published by

Oracle Linux has released a number of security updates, including expat, bzip2, gstreamer1-plugins-base, rust-toolset:ol8, and kernel:

ELSA-2024-9502 Moderate: Oracle Linux 8 expat security update
ELSA-2024-12815 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2024-12815 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2024-9051 Important: Oracle Linux 9 podman security update
ELSA-2024-12815 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2024-12813 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2024-8922 Low: Oracle Linux 8 bzip2 security update
ELSA-2024-9056 Moderate: Oracle Linux 8 gstreamer1-plugins-base security update
ELBA-2024-8827 Oracle Linux 8 rust-toolset:ol8 bug fix and enhancement update
ELSA-2024-12813 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2024-12813 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2024-12814 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2024-12814 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)




ELSA-2024-9502 Moderate: Oracle Linux 8 expat security update


Oracle Linux Security Advisory ELSA-2024-9502

http://linux.oracle.com/errata/ELSA-2024-9502.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
expat-2.2.5-16.0.1.el8_10.i686.rpm
expat-2.2.5-16.0.1.el8_10.x86_64.rpm
expat-devel-2.2.5-16.0.1.el8_10.i686.rpm
expat-devel-2.2.5-16.0.1.el8_10.x86_64.rpm

aarch64:
expat-2.2.5-16.0.1.el8_10.aarch64.rpm
expat-devel-2.2.5-16.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//expat-2.2.5-16.0.1.el8_10.src.rpm

Related CVEs:

CVE-2024-50602

Description of changes:

[2.2.5-16.0.1]
- lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314]

[2.2.5-16]
- Fix CVE-2024-50602
- Resolves: RHEL-65062



ELSA-2024-12815 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12815

http://linux.oracle.com/errata/ELSA-2024-12815.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-302.167.6.el9uek.x86_64.rpm
kernel-uek-5.15.0-302.167.6.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-302.167.6.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-302.167.6.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-302.167.6.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-302.167.6.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-302.167.6.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-302.167.6.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-302.167.6.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-302.167.6.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-302.167.6.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-302.167.6.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-302.167.6.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-302.167.6.el9uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-302.167.6.el9uek.src.rpm

Related CVEs:

CVE-2023-31083
CVE-2023-52450
CVE-2024-26585
CVE-2024-26987
CVE-2024-36028
CVE-2024-38538
CVE-2024-38577
CVE-2024-39472
CVE-2024-39483
CVE-2024-41009
CVE-2024-41011
CVE-2024-41012
CVE-2024-41015
CVE-2024-41017
CVE-2024-41019
CVE-2024-41020
CVE-2024-41042
CVE-2024-41059
CVE-2024-41060
CVE-2024-41063
CVE-2024-41064
CVE-2024-41065
CVE-2024-41068
CVE-2024-41070
CVE-2024-41072
CVE-2024-41073
CVE-2024-41077
CVE-2024-41078
CVE-2024-41081
CVE-2024-41090
CVE-2024-41091
CVE-2024-41098
CVE-2024-42114
CVE-2024-42126
CVE-2024-42228
CVE-2024-42259
CVE-2024-42265
CVE-2024-42267
CVE-2024-42271
CVE-2024-42276
CVE-2024-42277
CVE-2024-42280
CVE-2024-42281
CVE-2024-42283
CVE-2024-42284
CVE-2024-42285
CVE-2024-42290
CVE-2024-42291
CVE-2024-42292
CVE-2024-42295
CVE-2024-42296
CVE-2024-42297
CVE-2024-42299
CVE-2024-42301
CVE-2024-42302
CVE-2024-42304
CVE-2024-42305
CVE-2024-42306
CVE-2024-42308
CVE-2024-42309
CVE-2024-42310
CVE-2024-42311
CVE-2024-42312
CVE-2024-42313
CVE-2024-42318
CVE-2024-43817
CVE-2024-43821
CVE-2024-43829
CVE-2024-43830
CVE-2024-43834
CVE-2024-43835
CVE-2024-43839
CVE-2024-43841
CVE-2024-43846
CVE-2024-43849
CVE-2024-43853
CVE-2024-43854
CVE-2024-43856
CVE-2024-43858
CVE-2024-43860
CVE-2024-43861
CVE-2024-43863
CVE-2024-43867
CVE-2024-43870
CVE-2024-43871
CVE-2024-43873
CVE-2024-43875
CVE-2024-43879
CVE-2024-43880
CVE-2024-43882
CVE-2024-43883
CVE-2024-43884
CVE-2024-43885
CVE-2024-43889
CVE-2024-43890
CVE-2024-43892
CVE-2024-43893
CVE-2024-43894
CVE-2024-43897
CVE-2024-43902
CVE-2024-43905
CVE-2024-43907
CVE-2024-43908
CVE-2024-43909
CVE-2024-43914
CVE-2024-44934
CVE-2024-44935
CVE-2024-44944
CVE-2024-44946
CVE-2024-44947
CVE-2024-44948
CVE-2024-44954
CVE-2024-44958
CVE-2024-44960
CVE-2024-44965
CVE-2024-44966
CVE-2024-44968
CVE-2024-44969
CVE-2024-44971
CVE-2024-44982
CVE-2024-44983
CVE-2024-44985
CVE-2024-44986
CVE-2024-44987
CVE-2024-44988
CVE-2024-44989
CVE-2024-44990
CVE-2024-44995
CVE-2024-44998
CVE-2024-44999
CVE-2024-45003
CVE-2024-45006
CVE-2024-45007
CVE-2024-45008
CVE-2024-45011
CVE-2024-45016
CVE-2024-45018
CVE-2024-45021
CVE-2024-45025
CVE-2024-45026
CVE-2024-45028
CVE-2024-46673
CVE-2024-46674
CVE-2024-46675
CVE-2024-46676
CVE-2024-46677
CVE-2024-46679
CVE-2024-46685
CVE-2024-46702
CVE-2024-46707
CVE-2024-46713
CVE-2024-46714
CVE-2024-46719
CVE-2024-46721
CVE-2024-46722
CVE-2024-46723
CVE-2024-46724
CVE-2024-46725
CVE-2024-46731
CVE-2024-46732
CVE-2024-46734
CVE-2024-46737
CVE-2024-46739
CVE-2024-46740
CVE-2024-46743
CVE-2024-46744
CVE-2024-46745
CVE-2024-46746
CVE-2024-46747
CVE-2024-46750
CVE-2024-46752
CVE-2024-46755
CVE-2024-46756
CVE-2024-46757
CVE-2024-46758
CVE-2024-46759
CVE-2024-46761
CVE-2024-46763
CVE-2024-46771
CVE-2024-46777
CVE-2024-46780
CVE-2024-46781
CVE-2024-46782
CVE-2024-46783
CVE-2024-46791
CVE-2024-46795
CVE-2024-46798
CVE-2024-46800
CVE-2024-46804
CVE-2024-46805
CVE-2024-46807
CVE-2024-46810
CVE-2024-46814
CVE-2024-46815
CVE-2024-46817
CVE-2024-46818
CVE-2024-46819
CVE-2024-46822
CVE-2024-46828
CVE-2024-46829
CVE-2024-46832
CVE-2024-46839
CVE-2024-46840
CVE-2024-46844
CVE-2024-47663
CVE-2024-47665
CVE-2024-47667
CVE-2024-47668
CVE-2024-47669
CVE-2024-47674
CVE-2024-49863

Description of changes:

[5.15.0-302.167.6.el9uek]
- ice: Add a per-VF limit on number of FDIR filters (Ahmed Zaki) [Orabug: 36964088] {CVE-2024-42291}
- scsi: lpfc: Fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36964437] {CVE-2024-43821}
- power: reset: pwr-mlxbf: support graceful shutdown (Asmaa Mnebhi) [Orabug: 37208029]
- gpio: mlxbf3: Support shutdown() function (Asmaa Mnebhi) [Orabug: 37208029]
- sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() (Liming Sun) [Orabug: 37208029]
- ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199019]
- Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna) [Orabug: 37199019]

[5.15.0-302.167.5.el9uek]
- mm/hugetlb: fix adjusting poison page flag in non-HVO scenario (Jane Chu) [Orabug: 37182268]
- x86/bugs: Adjust SRSO mitigation to new features (Boris Ostrovsky) [Orabug: 37145844]
- net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37093170]
- NFS: remove revoked delegation from server's delegation list (Dai Ngo) [Orabug: 36990366]
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882937] {CVE-2023-52450}

[5.15.0-302.167.4.el9uek]
- LTS version: v5.15.167 (Vijayendra Suman)
- udp: fix receiving fraglist GSO packets (Felix Fietkau)
- memcg: protect concurrent access to mem_cgroup_idr (Shakeel Butt) [Orabug: 36993003] {CVE-2024-43892}
- btrfs: fix race between direct IO write and fsync when using same fd (Filipe Manana) [Orabug: 37195092] {CVE-2024-46734}
- net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Daniel Borkmann)
- x86/mm: Fix PTI for i386 some more (Thomas Gleixner)
- net: drop bad gso csum_start and offset in virtio_net_hdr (Willem de Bruijn) [Orabug: 37195028] {CVE-2024-43897}
- gso: fix dodgy bit handling for GSO_UDP_L4 (Yan Zhai)
- net: change maximum number of UDP segments to 128 (Yuri Benditovich)
- net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation (Willem de Bruijn)
- gpio: rockchip: fix OF node leak in probe() (Krzysztof Kozlowski)
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko)
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (Andy Shevchenko)
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (Matteo Martelli)
- nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074464] {CVE-2024-46737}
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug: 37116411] {CVE-2024-46822}
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (James Morse)
- ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron)
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron)
- workqueue: Improve scalability of workqueue watchdog touch (Nicholas Piggin) [Orabug: 37116487] {CVE-2024-46839}
- workqueue: wq_watchdog_touch is always called with valid CPU (Nicholas Piggin)
- nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074676] {CVE-2024-46780}
- nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang)
- ksmbd: Unlock on in ksmbd_tcp_set_interfaces() (Dan Carpenter)
- ksmbd: unset the binding mark of a reused connection (Namjae Jeon) [Orabug: 37074716] {CVE-2024-46795}
- perf/aux: Fix AUX buffer serialization (Peter Zijlstra) [Orabug: 37070802] {CVE-2024-46713}
- uprobes: Use kzalloc to allocate xol area (Sven Schnelle)
- clocksource/drivers/timer-of: Remove percpu irq related code (Daniel Lezcano)
- clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai)
- clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai)
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (Naman Jain)
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug: 37074472] {CVE-2024-46739}
- nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven)
- binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074476] {CVE-2024-46740}
- usb: dwc3: core: update LC timer as per USB Spec V3.2 (Faisal Hassan)
- iio: adc: ad7124: fix chip ID mismatch (Dumitru Ceclan)
- iio: adc: ad7124: fix config comparison (Dumitru Ceclan)
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (Matteo Martelli)
- iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner)
- staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug: 37159727] {CVE-2024-47663}
- cifs: Check the lease context if we actually got a lease (Ronnie Sahlberg)
- NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (Trond Myklebust)
- ata: pata_macio: Use WARN instead of BUG (Michael Ellerman)
- MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed (Jiaxun Yang) [Orabug: 37116454] {CVE-2024-46832}
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159756] {CVE-2024-47668}
- of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074487] {CVE-2024-46743}
- Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074494] {CVE-2024-46744}
- usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum)
- Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074502] {CVE-2024-46745}
- HID: amd_sfh: free driver_data after destroying hid device (Olivier Sobrie) [Orabug: 37074507] {CVE-2024-46746}
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074512] {CVE-2024-46747}
- s390/vmlinux.lds.S: Move ro_after_init section behind rodata section (Heiko Carstens)
- btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba)
- kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (Zenghui Yu)
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (Jarkko Nikula) [Orabug: 37159737] {CVE-2024-47665}
- net: dpaa: avoid on-stack arrays of NR_CPUS elements (Vladimir Oltean)
- PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074530] {CVE-2024-46750}
- riscv: set trap vector earlier (yang.zhang)
- btrfs: replace BUG_ON() with error handling at update_ref_for_cow() (Filipe Manana) [Orabug: 37074542] {CVE-2024-46752}
- btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116493] {CVE-2024-46840}
- btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik)
- fs/ntfs3: Check more cases when directory is corrupted (Konstantin Komarov)
- smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang)
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074560] {CVE-2024-46755}
- dma-mapping: benchmark: Don't starve others when doing the test (Yicong Yang)
- ext4: fix possible tid_t sequence overflows (Luis Henriques (SUSE))
- drm/amdgpu: Set no_hw_access when VF request full GPU fails (Yifan Zha)
- libbpf: Add NULL checks to bpf_object__{prev_map,next_map} (Andreas Ziegler)
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074565] {CVE-2024-46756}
- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074570] {CVE-2024-46757}
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074578] {CVE-2024-46758}
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074583] {CVE-2024-46759}
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074594] {CVE-2024-46761}
- devres: Initialize an uninitialized struct member (Zijun Hu)
- um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116517] {CVE-2024-46844}
- cgroup: Protect css->cgroup write under css_set_lock (Waiman Long)
- iommu/vt-d: Handle volatile descriptor status read (Jacob Pan)
- dm init: Handle minors larger than 255 (Benjamin Marzinski)
- ASoC: topology: Properly initialize soc_enum values (Amadeusz Sławiński)
- net: dsa: vsc73xx: fix possible subblocks range of CAPT block (Pawel Dembicki)
- net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN (Jonas Gorski)
- fou: Fix null-ptr-deref in GRO. (Kuniyuki Iwashima) [Orabug: 37074606] {CVE-2024-46763}
- gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers (Eric Dumazet)
- gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers (Eric Dumazet)
- bareudp: Fix device stats updates. (Guillaume Nault)
- usbnet: modern method to get random MAC (Oliver Neukum)
- net: usb: don't write directly to netdev->dev_addr (Jakub Kicinski)
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (Larysa Zaremba)
- igc: Unlock on error in igc_io_resume() (Dan Carpenter)
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074692] {CVE-2024-46783}
- platform/x86: dell-smbios: Fix error path in dell_smbios_init() (Aleksandr Mishin)
- igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li)
- can: m_can: Release irq on error in m_can_open (Simon Horman)
- can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074624] {CVE-2024-46771}
- drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (Marek Olšák)
- pcmcia: Use resource_size function on resource object (Jules Irenge)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni)
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (Kishon Vijay Abraham I) [Orabug: 37159749] {CVE-2024-47667}
- media: vivid: don't set HDMI TX controls if there are no HDMI outputs (Hans Verkuil)
- drm/amd/display: Check HDCP returned status (Alex Hung)
- usb: uas: set host status byte on data completion error (Shantanu Goel)
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel)
- leds: spi-byte: Call of_node_put() on error path (Andy Shevchenko)
- media: vivid: fix wrong sizeimage value for mplane (Hans Verkuil)
- udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074664] {CVE-2024-46777}
- netfilter: nf_conncount: fix wrong variable type (Yunjian Wang)
- iommu: sun50i: clear bypass register (Jernej Skrabec)
- af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima)
- irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali Rohár)
- smack: unix sockets: fix accept()ed socket label (Konstantin Andreev)
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai)
- mptcp: pm: send ACK on an active subflow (Matthieu Baerts (NGI0))
- mptcp: pr_debug: add missing
at the end (Matthieu Baerts (NGI0))
- mptcp: pm: skip connecting to already established sf (Matthieu Baerts (NGI0))
- mptcp: pm: do not remove already closed subflows (Matthieu Baerts (NGI0))
- mptcp: pm: ADD_ADDR 0 is not a new address (Matthieu Baerts (NGI0))
- mptcp: close subflow when receiving TCP+FIN (Matthieu Baerts (NGI0))
- mptcp: avoid duplicated SUB_CLOSED events (Matthieu Baerts (NGI0))
- mptcp: pm: avoid possible UaF when selecting endp (Matthieu Baerts (NGI0))
- mptcp: constify a bunch of of helpers (Paolo Abeni)
- mptcp: pm: fullmesh: select the right ID later (Matthieu Baerts (NGI0))
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (Matthieu Baerts (NGI0))
- mptcp: pm: only decrement add_addr_accepted for MPJ req (Matthieu Baerts (NGI0))
- mptcp: pm: re-using ID of unused flushed subflows (Matthieu Baerts (NGI0))
- nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159764] {CVE-2024-47669}
- nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074683] {CVE-2024-46781}
- sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke Høiland-Jørgensen) [Orabug: 37116442] {CVE-2024-46828}
- ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074688] {CVE-2024-46782}
- tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian)
- can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (Simon Arlott) [Orabug: 37074711] {CVE-2024-46791}
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (Satya Priya Kakitapalli)
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (Satya Priya Kakitapalli)
- fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn)
- fuse: update stats for pages in dropped aux writeback list (Joanne Koong)
- mmc: cqhci: Fix checking of CQHCI_HALT state (Seunghwan Baek)
- mmc: sdhci-of-aspeed: fix module autoloading (Liao Chen)
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko)
- Bluetooth: MGMT: Ignore keys being loaded with invalid type (Luiz Augusto von Dentz)
- Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" (Luiz Augusto von Dentz)
- nvme-pci: Add sleep quirk for Samsung 990 Evo (Georg Gottleuber)
- rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116445] {CVE-2024-46829}
- irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() (Ma Ke)
- ata: libata: Fix memory leak for error path in ata_host_alloc() (Zheng Qixing)
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (Maximilien Perreault)
- ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (Terry Cheong)
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg)
- KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing (Ravi Bangoria)
- KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (Maxim Levitsky)
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin) [Orabug: 37074721] {CVE-2024-46798}
- sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074725] {CVE-2024-46800}
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (Richard Fitzgerald)
- ext4: handle redirtying in ext4_bio_write_page() (Jan Kara)
- udf: Limit file size to 4TB (Jan Kara)
- ext4: reject casefold inode flag without casefold feature (Eric Biggers)
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (Nikita Kiryushin) [Orabug: 36753533] {CVE-2024-38577}
- virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964473] {CVE-2024-43835}
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (Bob Zhou) [Orabug: 36993065] {CVE-2024-43905}
- media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda)
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073031] {CVE-2024-46714}
- block: remove the blk_flush_integrity call in blk_integrity_unregister (Christoph Hellwig)
- wifi: cfg80211: make hash table duplicates more survivable (Johannes Berg)
- drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (Marek Vasut) [Orabug: 37116336] {CVE-2024-46810}
- drm/meson: plane: Add error handling (Haoran Liu)
- smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler)
- usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073064] {CVE-2024-46719}
- usbip: Don't submit special requests twice (Simon Holesch)
- rcu/nocb: Remove buggy bypass lock contention mitigation (Frederic Weisbecker)
- ionic: fix potential irq name truncation (Shannon Nelson)
- RDMA/efa: Properly handle unexpected AQ completions (Michael Margolin)
- hwspinlock: Introduce hwspin_lock_bust() (Richard Maina)
- PCI: al: Check IORESOURCE_BUS existence during probe (Aleksandr Mishin)
- cpufreq: scmi: Avoid overflow of target_freq in fast switch (Jagadeesh Kona)
- wifi: iwlwifi: remove fw_running op (Shahar S Matityahu)
- drm/amdgpu: update type of buf size to u32 for eeprom functions (Tao Zhou)
- drm/amd/pm: check negtive return for table entries (Jesse Zhang)
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (Jesse Zhang) [Orabug: 37116393] {CVE-2024-46819}
- drm/amd/pm: check specific index for aldebaran (Jesse Zhang)
- drm/amdgpu: fix the waring dereferencing hive (Jesse Zhang) [Orabug: 37116300] {CVE-2024-46805}
- drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (Ma Jun)
- apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073077] {CVE-2024-46721}
- drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (Michael Chen)
- drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073082] {CVE-2024-46722}
- drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073087] {CVE-2024-46723}
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (Ma Jun) [Orabug: 37073093] {CVE-2024-46724}
- drm/amdgpu: Fix out-of-bounds write warning (Ma Jun) [Orabug: 37073098] {CVE-2024-46725}
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (Ma Jun)
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (Ma Jun)
- drm/amd/amdgpu: Check tbo resource pointer (Asad Kamal) [Orabug: 37116315] {CVE-2024-46807}
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (Hersen Wu)
- drm/amd/display: Check msg_id before processing transcation (Alex Hung) [Orabug: 37116360] {CVE-2024-46814}
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116365] {CVE-2024-46815}
- drm/amd/display: Add array index check for hdcp ddc access (Hersen Wu) [Orabug: 37116295] {CVE-2024-46804}
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug: 37116375] {CVE-2024-46817}
- drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116384] {CVE-2024-46818}
- drm/amdgpu: avoid reading vf2pf info size from FB (Zhigang Luo)
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (Tim Huang)
- drm/amdgpu: fix uninitialized scalar variable warning (Tim Huang)
- drm/amd/pm: fix the Out-of-bounds read warning (Jesse Zhang) [Orabug: 37073129] {CVE-2024-46731}
- drm/amd/pm: fix warning using uninitialized value of max_vid_step (Jesse Zhang)
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (Tim Huang)
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (Ma Jun)
- drm/amdgpu: fix overflowed array index read warning (Tim Huang)
- drm/amd/display: Assign linear_pitch_alignment even for VM (Alvin Lee) [Orabug: 37073135] {CVE-2024-46732}
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun)
- net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian)
- dma-debug: avoid deadlock between dma debug vs printk and netconsole (Rik van Riel)
- i2c: Fix conditional for substituting empty ACPI functions (Richard Fitzgerald)
- ALSA: hda/conexant: Mute speakers at suspend / shutdown (Takashi Iwai)
- ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (Takashi Iwai)
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (Philip Mueller)
- LTS version: v5.15.166 (Vijayendra Suman)
- apparmor: fix policy_unpack_test on big endian systems (Guenter Roeck)
- scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070699] {CVE-2024-46673}
- igc: Fix qbv tx latency by setting gtxoffset (Faizal Rahim)
- igc: Fix reset adapter logics when tx mode change (Faizal Rahim)
- phy: zynqmp: Enable reference clock correctly (Sean Anderson)
- usb: cdnsp: fix for Link TRB with TC (Pawel Laszczak)
- usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (Pawel Laszczak)
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu)
- usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski)
- usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070704] {CVE-2024-46674}
- usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070709] {CVE-2024-46675}
- usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski)
- USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian)
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray)
- soc: qcom: cmd-db: Map shared memory as WC, not WB (Volodymyr Babchuk)
- nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070716] {CVE-2024-46676}
- net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet)
- gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070721] {CVE-2024-46677}
- ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070727] {CVE-2024-46679}
- dmaengine: dw: Add memory bus width verification (Serge Semin)
- dmaengine: dw: Add peripheral bus width verification (Serge Semin)
- phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume (Piyush Mehta)
- phy: xilinx: phy-zynqmp: dynamic clock support for power-save (Piyush Mehta)
- phy: xilinx: add runtime PM support (Piyush Mehta)
- PM: runtime: Add DEFINE_RUNTIME_DEV_PM_OPS() macro (Paul Cercueil)
- PM: core: Add EXPORT[_GPL]_SIMPLE_DEV_PM_OPS macros (Paul Cercueil)
- PM: core: Remove DEFINE_UNIVERSAL_DEV_PM_OPS() macro (Paul Cercueil)
- soundwire: stream: fix programming slave ports for non-continous port maps (Krzysztof Kozlowski)
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964509] {CVE-2024-43853}
- ata: libata-core: Fix null pointer dereference on error (Niklas Cassel) [Orabug: 36897456] {CVE-2024-41098}
- drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867630] {CVE-2024-41011}
- Revert "MIPS: Loongson64: reset: Prioritise firmware service" (Greg Kroah-Hartman)
- mptcp: sched: check both backup in retrans (Matthieu Baerts (NGI0))
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (Haiyang Zhang)
- wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer)
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070743] {CVE-2024-46685}
- pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (Huang-Huang Bao)
- btrfs: run delayed iputs when flushing delalloc (Josef Bacik)
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898008] {CVE-2024-42228}
(Alexander Lobakin)
- Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029136] {CVE-2024-45008}
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 35358656] {CVE-2023-31083}
- mm/numa: no task_numa_fault() call if PTE is changed (Zi Yan)
- mm/numa: no task_numa_fault() call if PMD is changed (Zi Yan)
- ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai)
- hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (Javier Carrasco)
- Revert "drm/amd/display: Validate hw_points_num before using it" (Alex Hung)
- mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten)
- KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (Marc Zyngier) [Orabug: 37070792] {CVE-2024-46707}
- cxgb4: add forgotten u64 ivlan cast before shift (Nikolay Kuratov)
- HID: microsoft: Add rumble support to latest xbox controllers (Siarhei Vishniakou)
- HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke)
- MIPS: Loongson64: Set timer mode in cpu-probe (Jiaxun Yang)
- scsi: core: Fix the return value of scsi_logical_block_count() (Chaotian Jing)
- Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992975] {CVE-2024-43884}
- mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070690] {CVE-2024-45028}
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (Dmitry Baryshkov) [Orabug: 37029059] {CVE-2024-44982}
- drm/msm/dp: reset the link phy params before link training (Abhinav Kumar)
- drm/msm/dpu: don't play tricks with debug macros (Dmitry Baryshkov)
- net: xilinx: axienet: Fix dangling multicast addresses (Sean Anderson)
- net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson)
- netfilter: flowtable: validate vlan header (Pablo Neira Ayuso) [Orabug: 37029063] {CVE-2024-44983}
- ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet) [Orabug: 37029066] {CVE-2024-44985}
- ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029068] {CVE-2024-44986}
- ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029075] {CVE-2024-44987}
- netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070659] {CVE-2024-45016}
- net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029081] {CVE-2024-44988}
- net: dsa: mv88e6xxx: replace ATU violation prints with trace points (Vladimir Oltean)
- net: dsa: mv88e6xxx: read FID when handling ATU violations (Hans J. Schultz)
- dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp() (Dan Carpenter)
- ice: fix ICE_LAST_OFFSET formula (Maciej Fijalkowski)
- bonding: fix xfrm state handling when clearing active slave (Nikolay Aleksandrov)
- bonding: fix xfrm real_dev null pointer dereference (Nikolay Aleksandrov) [Orabug: 37029084] {CVE-2024-44989}
- bonding: fix null pointer deref in bond_ipsec_offload_ok (Nikolay Aleksandrov) [Orabug: 37029087] {CVE-2024-44990}
- bonding: fix bond_ipsec_offload_ok return type (Nikolay Aleksandrov)
- ip6_tunnel: Fix broken GRO (Thomas Bogendoerfer)
- netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior)
- netfilter: nft_counter: Disable BH in nft_counter_offload_stats(). (Sebastian Andrzej Siewior)
- kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013760] {CVE-2024-44946}
- tc-testing: don't access non-existent variable on exception (Simon Horman)
- Bluetooth: SMP: Fix assumption of Central always being Initiator (Luiz Augusto von Dentz)
- Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz)
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (Maximilian Luz)
- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (Long Li)
- dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka)
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (Aurelien Jarno)
- nfsd: make svc_stat per-network namespace instead of global (Josef Bacik)
- nfsd: remove nfsd_stats, make th_cnt a global counter (Josef Bacik)
- nfsd: make all of the nfsd stats per-network namespace (Josef Bacik)
- nfsd: expose /proc/net/sunrpc/nfsd in net namespaces (Josef Bacik)
- nfsd: rename NFSD_NET_* to NFSD_STATS_* (Josef Bacik)
- sunrpc: use the struct net as the svc proc private (Josef Bacik)
- sunrpc: remove ->pg_stats from svc_program (Josef Bacik)
- sunrpc: pass in the sv_stats struct through svc_create_pooled (Josef Bacik)
- nfsd: stop setting ->pg_stats for unused stats (Josef Bacik)
- sunrpc: don't change ->sv_stats if it doesn't exist (Josef Bacik)
- NFSD: Fix frame size warning in svc_export_parse() (Chuck Lever)
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (Chuck Lever)
- NFSD: Refactor the duplicate reply cache shrinker (Chuck Lever)
- NFSD: Replace nfsd_prune_bucket() (Chuck Lever)
- NFSD: Rename nfsd_reply_cache_alloc() (Chuck Lever)
- NFSD: Refactor nfsd_reply_cache_free_locked() (Chuck Lever)
- nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net (Jeff Layton)
- nfsd: move reply cache initialization into nfsd startup (Jeff Layton)
- block: use "unsigned long" for blk_validate_block_size(). (Tetsuo Handa)
- gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029110] {CVE-2024-44999}
- hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang)
- nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg)
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li)
- irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang)
- usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati)
- platform/x86: lg-laptop: fix %s null argument warning (Gergo Koteles)
- clocksource: Make watchdog and suspend-timing multiplication overflow safe (Adrian Hunter)
- s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev)
- openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde)
- NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown)
- nvmet-tcp: do not continue for invalid icreq (Hannes Reinecke)
- net: hns3: add checking for vf id of mailbox (Jian Shen)
- Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz)
- usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-König)
- f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu)
- btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba)
- btrfs: change BUG_ON to assertion in tree_move_down() (David Sterba)
- btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba)
- btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba)
- btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba)
- powerpc/boot: Only free if realloc() succeeds (Michael Ellerman)
- powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming)
- parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller)
- memory: stm32-fmc2-ebi: check regmap_read return value (Christophe Kerello)
- x86: Increase brk randomness entropy for 64-bit systems (Kees Cook)
- md: clean up invalid BUG_ON in md_ioctl (Li Nan)
- netlink: hold nlk->cb_mutex longer in __netlink_dump_start() (Eric Dumazet)
- clocksource/drivers/arm_global_timer: Guard against division by zero (Martin Blumenstingl)
- virtiofs: forbid newlines in tags (Stefan Hajnoczi)
- drm/lima: set gp bus_stop bit before hard reset (Erico Nunes)
- net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook)
- media: drivers/media/dvb-core: copy user arrays safely (Philipp Stanner)
- fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov)
- media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil)
- quota: Remove BUG_ON from dqget() (Jan Kara)
- fuse: fix UAF in rcu pathwalks (Al Viro)
- afs: fix __afs_break_callback() / afs_drop_open_mmap() race (Al Viro)
- ext4: do not trim the group with corrupted block bitmap (Baokun Li)
- nvmet-trace: avoid dereferencing pointer too early (Daniel Wagner)
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan)
- memory: tegra: Skip SID programming if SID registers aren't set (Ashish Mhetre)
- arm64: Fix KASAN random tag seed initialization (Samuel Holland)
- hwmon: (ltc2992) Avoid division by zero (Antoniu Miclaus)
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (Chengfeng Ye)
- wifi: iwlwifi: fw: Fix debugfs command sending (Mukesh Sisodiya)
- wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit)
- gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher)
- scsi: spi: Fix sshdr use (Mike Christie)
- media: qcom: venus: fix incorrect return value (Hans Verkuil)
- binfmt_misc: cleanup on filesystem umount (Christian Brauner)
- staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye)
- drm/amd/display: Validate hw_points_num before using it (Alex Hung)
- staging: iio: resolver: ad2s1210: fix use before initialization (David Lechner)
- media: radio-isa: use dev_name to fill in bus_info (Hans Verkuil)
- i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (Jarkko Nikula)
- i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (Jarkko Nikula)
- s390/smp,mcck: fix early IPI handling (Heiko Carstens)
- RDMA/rtrs: Fix the problem of variable not initialized fully (Zhu Yanjun)
- i2c: riic: avoid potential division by zero (Wolfram Sang)
- wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson)
- wifi: mac80211: fix BA session teardown race (Johannes Berg)
- wifi: cfg80211: check wiphy mutex is held for wdev mutex (Johannes Berg)
- ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb)
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (Parsa Poorshikhian)
- net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029097] {CVE-2024-44995}
- net: hns3: fix wrong use of semaphore up (Jie Wang)
- netfilter: nf_queue: drop packets with cloned unconfirmed conntracks (Florian Westphal)
- netfilter: flowtable: initialise extack before use (Donald Hunter) [Orabug: 37070666] {CVE-2024-45018}
- netfilter: allow ipv6 fragments to arrive on different devices (Tom Hughes)
- mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size (Eugene Syromiatnikov)
- mlxbf_gige: disable RX filters until RX path initialized (David Thompson)
- net: dsa: vsc73xx: check busy flag in MDIO operations (Pawel Dembicki)
- net: dsa: vsc73xx: use read_poll_timeout instead delay loop (Pawel Dembicki)
- net: dsa: vsc73xx: pass value in phy_write operation (Pawel Dembicki)
- net: axienet: Fix register defines comment description (Radhey Shyam Pandey)
- atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029103] {CVE-2024-44998}
- net/mlx5e: Correctly report errors for ethtool rx flows (Cosmin Ratiu)
- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (Faizal Rahim)
- igc: remove I226 Qbv BaseTime restriction (Muhammad Husaini Zulkifli)
- igc: Correct the launchtime offset (Muhammad Husaini Zulkifli)
- s390/uv: Panic for set and remove shared access UVC errors (Claudio Imbrenda)
- drm/amdgpu/jpeg2: properly set atomics vmid field (Alex Deucher)
- memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070671] {CVE-2024-45021}
- drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen)
- btrfs: tree-checker: add dev extent item checks (Qu Wenruo)
- selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei)
- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070679] {CVE-2024-45025}
- bitmap: introduce generic optimized bitmap_size() (Alexander Lobakin)
- btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin)
- fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (Alexander Lobakin)
- vfs: Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029118] {CVE-2024-45003}
- dm persistent data: fix memory allocation failure (Mikulas Patocka)
- dm resume: don't return EINVAL when signalled (Khazhismel Kumykov)
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE (Haibo Xu)
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug: 37070686] {CVE-2024-45026}
- thunderbolt: Mark XDomain as unplugged when router is removed (Mika Westerberg) [Orabug: 37070774] {CVE-2024-46702}
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug: 37029124] {CVE-2024-45006}
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan José Arboleda)
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (Lianqin Hu)
- char: xillybus: Check USB endpoints when probing device (Eli Billauer) [Orabug: 37070649] {CVE-2024-45011}
- char: xillybus: Refine workqueue handling (Eli Billauer)
- char: xillybus: Don't destroy workqueue from work item running on it (Eli Billauer) [Orabug: 37029128] {CVE-2024-45007}
- fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017950] {CVE-2024-44947}
- LTS version: v5.15.165 (Vijayendra Suman)
- Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel)
- media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" (Sean Young)
- ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode (Michael Walle)
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Eric Dumazet) [Orabug: 36897690] {CVE-2024-42114}
- binfmt_flat: Fix corruption when not offsetting data start (Kees Cook) [Orabug: 37029015] {CVE-2024-44966}
- usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed. (Chris Wulff)
- nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli)
- exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984016] {CVE-2024-43882}
- arm64: cpufeature: Fix the visibility of compat hwcaps (Amit Daniel Kachhap)
- arm64: dts: qcom: msm8996: correct #clock-cells for QMP PHY nodes (Dmitry Baryshkov)
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. (Mahesh Salgaonkar) [Orabug: 36897773] {CVE-2024-42126}
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953968] {CVE-2024-42259}
- mptcp: fully established after ADD_ADDR echo on MPJ (Matthieu Baerts (NGI0))
- wifi: mac80211: check basic rates validity (Johannes Berg)
- PCI: dwc: Restore MSI Receiver mask during resume (Jisheng Zhang)
- net: stmmac: Enable mac_managed_pm phylink config (Shenwei Wang)
- netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896845] {CVE-2024-41042}
- netfilter: nf_tables: allow clone callbacks to sleep (Florian Westphal)
- netfilter: nf_tables: bail out if stateful expression provides no .clone (Pablo Neira Ayuso)
- netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso)
- tls: fix race between tx work scheduling and socket close (Jakub Kicinski) [Orabug: 36529710] {CVE-2024-26585}
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (Lukas Wunner) [Orabug: 36964228] {CVE-2024-42302}
- btrfs: fix double inode unlock for direct IO sync writes (Filipe Manana) [Orabug: 37195039] {CVE-2024-43885}
- xfs: fix log recovery buffer allocation for the legacy h_size fixup (Christoph Hellwig) [Orabug: 36809257] {CVE-2024-39472}
- btrfs: fix corruption after buffer fault in during direct IO append write (Filipe Manana)
- selftests: mptcp: join: check backup support in signal endp (Matthieu Baerts (NGI0))
- selftests: mptcp: join: validate backup in MPJ (Matthieu Baerts (NGI0))
- mptcp: pm: fix backup support in signal endpoints (Matthieu Baerts (NGI0))
- mptcp: export local_address (Geliang Tang)
- mptcp: pm: only set request_bkup flag when sending MP_PRIO (Matthieu Baerts (NGI0))
- mptcp: fix bad RCVPRUNED mib accounting (Paolo Abeni)
- mptcp: mib: count MPJ with backup flag (Matthieu Baerts (NGI0))
- mptcp: fix NL PM announced address accounting (Paolo Abeni)
- mptcp: distinguish rcv vs sent backup flag in requests (Matthieu Baerts (NGI0))
- mptcp: sched: check both directions for backup (Matthieu Baerts (NGI0))
- drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann)
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach)
- sched/smt: Fix unbalance sched_smt_present dec/inc (Yang Yingliang) [Orabug: 37028981] {CVE-2024-44958}
- sched/smt: Introduce sched_smt_present_inc/dec() helper (Yang Yingliang)
- x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028935] {CVE-2024-44948}
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (Waiman Long) [Orabug: 36992992] {CVE-2024-43889}
- tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992997] {CVE-2024-43890}
- power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede)
- power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede)
- genirq/irqdesc: Honor caller provided affinity in alloc_desc() (Shay Drory)
- irqchip/xilinx: Fix shift out of bounds (Radhey Shyam Pandey)
- kcov: properly check for softirq context (Andrey Konovalov)
- serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993008] {CVE-2024-43893}
- timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex() (Thomas Gleixner)
- ntp: Safeguard against time_constant overflow (Justin Stitt)
- irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t' (Arseniy Krasnov)
- irqchip/meson-gpio: support more than 8 channels gpio irq (Qianggui Song)
- clocksource: Fix brown-bag boolean thinko in cs_watchdog_read() (Paul E. McKenney)
- clocksource: Scale the watchdog read retries automatically (Feng Tang)
- torture: Enable clocksource watchdog with "tsc=watchdog" (Paul E. McKenney)
- clocksource: Reduce the default clocksource_watchdog() retries to 2 (Waiman Long)
- ntp: Clamp maxerror and esterror to operating range (Justin Stitt)
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (Jason Wang)
- tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37195086] {CVE-2024-44968}
- scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela)
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal)
- usb: gadget: u_serial: Set start_delayed during suspend (Prashanth K)
- usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028987] {CVE-2024-44960}
- USB: serial: debug: do not echo input by default (Marek Marczykowski-Górecki)
- usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992970] {CVE-2024-43883}
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (Takashi Iwai)
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (Steven 'Steve' Kendall)
- ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028956] {CVE-2024-44954}
- drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993013] {CVE-2024-43894}
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (Takashi Iwai)
- spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren)
- kprobes: Fix to check symbol prefixes correctly (Masami Hiramatsu (Google))
- bpf: kprobe: remove unused declaring of bpf_kprobe_override (Menglong Dong)
- i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck)
- spi: spidev: Add missing spi_device_id for bh2228fv (Geert Uytterhoeven)
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (Krzysztof Kozlowski)
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (Krzysztof Kozlowski)
- i2c: smbus: Improve handling of stuck alerts (Guenter Roeck)
- arm64: cputype: Add Cortex-A725 definitions (Mark Rutland)
- arm64: cputype: Add Cortex-X1C definitions (Mark Rutland)
- arm64: cputype: Add Cortex-X925 definitions (Mark Rutland)
- arm64: cputype: Add Cortex-A720 definitions (Mark Rutland)
- arm64: cputype: Add Cortex-X3 definitions (Mark Rutland)
- arm64: cputype: Add Neoverse-V3 definitions (Mark Rutland)
- arm64: cputype: Add Cortex-X4 definitions (Mark Rutland)
- arm64: barrier: Restore spec_bar() macro (Mark Rutland)
- arm64: Add Neoverse-V2 part (Besar Wicaksono)
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space (James Morse)
- ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi)
- sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime (Zheng Zucheng)
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal)
- profiling: remove profile=sleep support (Tetsuo Handa)
- SUNRPC: Fix a race to wake a sync task (Benjamin Coddington)
- s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029019] {CVE-2024-44969}
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi)
- ext4: fix uninitialized variable in ext4_inlinedir_to_tree (Xiaxi Shen)
- media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio)
- media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda)
- drm/amd/display: Add null checker before passing variables (Alex Hung) [Orabug: 36993047] {CVE-2024-43902}
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (Ma Jun) [Orabug: 36993077] {CVE-2024-43907}
- drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993083] {CVE-2024-43908}
- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (Ma Jun) [Orabug: 36993089] {CVE-2024-43909}
- btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana)
- wifi: nl80211: don't give key data to userspace (Johannes Berg)
- udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov)
- PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori)
- selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT (Yonghong Song)
- ACPI: SBS: manage alarm sysfs attribute through psy core (Thomas Weißschuh)
- ACPI: battery: create alarm sysfs attribute atomically (Thomas Weißschuh)
- clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Söderlund)
- md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993126] {CVE-2024-43914}
- md: do not delete safemode_timer in mddev_suspend (Li Nan)
- rcutorture: Fix rcu_torture_fwd_cb_cr() data race (Paul E. McKenney)
- net: fec: Stop PPS on driver remove (Csókás, Bence)
- l2tp: fix lockdep splat (James Chapman)
- net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (Joe Hattori) [Orabug: 37029031] {CVE-2024-44971}
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov)
- net: linkwatch: use system_unbound_wq (Eric Dumazet)
- net: bridge: mcast: wait for previous gc cycles when removing port (Nikolay Aleksandrov) [Orabug: 36993143] {CVE-2024-44934}
- net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983958] {CVE-2024-43861}
- sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993146] {CVE-2024-44935}
- sctp: move hlist_node and hashent out of sctp_ep_common (Xin Long)
- x86/mm: Fix pti_clone_entry_text() for i386 (Peter Zijlstra)
- x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029011] {CVE-2024-44965}
- irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou)
- netfilter: ipset: Add list flush to cancel_gc (Alexander Maltsev)
- mptcp: fix duplicate data handling (Paolo Abeni)
- r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY (Heiner Kallweit)
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke)
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (Zack Rusin) [Orabug: 36983964] {CVE-2024-43863}
- Revert "ALSA: firewire-lib: operate for period elapse event in process context" (Edmund Raile)
- Revert "ALSA: firewire-lib: obsolete workqueue for period update" (Edmund Raile)
- ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (Mavroudis Chatzilazaridis)
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai)
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963807] {CVE-2024-42265}
- HID: wacom: Modify pen IDs (Tatsunosuke Tobita)
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (Patryk Duda)
- power: supply: bq24190_charger: replace deprecated strncpy with strscpy (Justin Stitt)
- riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() (Zhe Qiao) [Orabug: 36963814] {CVE-2024-42267}
- ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Żenczykowski)
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (Shahar Shitrit)
- net: mvpp2: Don't re-use loop iterator (Dan Carpenter)
- net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964005] {CVE-2024-42271}
- rtnetlink: Don't ignore IFLA_TARGET_NETNSID when ifname is specified in rtnl_dellink(). (Kuniyuki Iwashima)
- rtnetlink: enable alt_ifname for setlink/newlink (Florent Fourcot)
- ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (songxiebing)
- drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes)
- drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983978] {CVE-2024-43867}
- MIPS: dts: loongson: Fix ls2k1000-rtc interrupt (Jiaxun Yang)
- MIPS: dts: loongson: Fix liointc IRQ polarity (Jiaxun Yang)
- MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a (Jiaxun Yang)
- MIPS: Loongson64: DTS: Add RTC support to Loongson-2K1000 (Binbin Zhou)
- remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (Aleksandr Mishin)
- drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (Wayne Lin)
- irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964084] {CVE-2024-42290}
- irqchip/imx-irqsteer: Add runtime PM support (Lucas Stach)
- irqchip/imx-irqsteer: Constify irq_chip struct (Lucas Stach)
- irqdomain: Fixed unbalanced fwnode get and put (Herve Codina)
- leds: triggers: Flush pending brightness before activating trigger (Thomas Weißschuh)
- leds: trigger: Call synchronize_rcu() before calling trig->activate() (Hans de Goede)
- leds: trigger: Store brightness set by led_trigger_event() (Heiner Kallweit)
- leds: trigger: Remove unused function led_trigger_rename_static() (Heiner Kallweit)
- leds: trigger: use RCU to protect the led_cdevs list (Johannes Berg)
- drivers: soc: xilinx: check return status of get_api_version() (Jay Buddhabhatti)
- soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver (Michael Tretter)
- ext4: check the extent status again before inserting delalloc block (Zhang Yi)
- ext4: factor out a common helper to query extent map (Zhang Yi)
- ext4: convert to exclusive lock while inserting delalloc extents (Zhang Yi)
- ext4: refactor ext4_da_map_blocks() (Zhang Yi)
- ext4: make ext4_es_insert_extent() return void (Baokun Li)
- sysctl: always initialize i_uid/i_gid (Thomas Weißschuh) [Orabug: 36964269] {CVE-2024-42312}
- arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB (Krishna Kurapati)
- arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB (Krishna Kurapati)
- arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings (Dmitry Baryshkov)
- arm64: dts: qcom: msm8998: drop USB PHY clock index (Johan Hovold)
- arm64: dts: qcom: msm8996: Move '#clock-cells' to QMP PHY child node (Shawn Guo)
- powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC (Esben Haabendal)
- fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (Seth Forshee (DigitalOcean))
- nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964021] {CVE-2024-42276}
- nvme: separate command prep and issue (Jens Axboe)
- nvme: split command copy into a helper (Jens Axboe)
- iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (Artem Chernyshev) [Orabug: 36964025] {CVE-2024-42277}
- ceph: fix incorrect kmalloc size of pagevec mempool (ethanwu)
- ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (Pierre-Louis Bossart)
- spi: spidev: add correct compatible for Rohm BH2228FV (Conor Dooley)
- spi: spidev: order compatibles alphabetically (Krzysztof Kozlowski)
- spidev: Add Silicon Labs EM3581 device compatible (Vincent Tremblay)
- spi: spidev: Replace OF specific code by device property API (Andy Shevchenko)
- spi: spidev: Replace ACPI specific code by device_get_match_data() (Andy Shevchenko)
- spi: spidev: Make probe to fail early if a spidev compatible is used (Javier Martinez Canillas)
- lirc: rc_dev_get_from_fd(): fix file leak (Al Viro)
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (Al Viro)
- apparmor: Fix null pointer deref when receiving skb during sock creation (Xiao Liang)
- mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964031] {CVE-2024-42280}
- bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964037] {CVE-2024-42281}
- net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964043] {CVE-2024-42283}
- net: stmmac: Correct byte order of perfect_match (Simon Horman)
- tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964046] {CVE-2024-42284}
- netfilter: nft_set_pipapo_avx2: disable softinterrupts (Florian Westphal)
- net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg)
- ipv4: Fix incorrect source address in Record Route option (Ido Schimmel)
- MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT)
- bpf, events: Use prog to emit ksymbol event for main program (Hou Tao)
- dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964522] {CVE-2024-43856}
- libbpf: Fix no-args func prototype BTF dumping syntax (Andrii Nakryiko)
- um: time-travel: fix signal blocking race/hang (Johannes Berg)
- um: time-travel: fix time-travel-start option (Johannes Berg)
- phy: cadence-torrent: Check return value on register read (Ma Ke)
- dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (Vignesh Raghavendra)
- jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964529] {CVE-2024-43858}
- kdb: address -Wformat-security warnings (Arnd Bergmann)
- kernel: rerun task_work while freezing in get_signal() (Pavel Begunkov)
- io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov)
- nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964202] {CVE-2024-42295}
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (WangYuli)
- Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (Hilda Wu)
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov)
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov)
- drm/panfrost: Mark simple_ondemand governor as softdep (Dragan Simic)
- MIPS: Loongson64: Test register availability before use (Jiaxun Yang)
- MIPS: Loongson64: reset: Prioritise firmware service (Jiaxun Yang)
- MIPS: Loongson64: Remove memory node for builtin-dtb (Jiaxun Yang)
- MIPS: Loongson64: env: Hook up Loongsson-2K (Jiaxun Yang)
- MIPS: dts: loongson: Fix GMAC phy node (Jiaxun Yang)
- MIPS: ip30: ip30-console: Add missing include (Jiaxun Yang)
- remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964536] {CVE-2024-43860}
- remoteproc: stm32_rproc: Fix mailbox interrupts queuing (Gwenael Treuveur)
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov)
- selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman)
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964053] {CVE-2024-42285}
- platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang)
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner)
- rtc: isl1208: Fix return value of nvmem callbacks (Joy Chakraborty)
- drm/i915/dp: Reset intel_dp->link_trained before retraining the link (Imre Deak)
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (Alex Deucher)
- drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (Nitin Gote)
- perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter)
- perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati)
- perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (Kan Liang)
- perf: Fix event leak upon exit (Frederic Weisbecker) [Orabug: 36983986] {CVE-2024-43870}
- rtc: cmos: Fix return value of nvmem callbacks (Joy Chakraborty)
- mm/numa_balancing: teach mpol_to_str about the balancing mode (Tvrtko Ursulin)
- devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983990] {CVE-2024-43871}
- devres: Fix devm_krealloc() wasting memory (Zijun Hu)
- gve: Fix an edge case for TSO skb validity check (Bailey Forrest)
- kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 37203371] {CVE-2024-42292}
- kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor)
- decompress_bunzip2: fix rare decompression failure (Ross Lagerwall)
- ubi: eba: properly rollback inside self_check_eba (Fedor Pchelkin)
- clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (Bastien Curutchet)
- fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed (Huacai Chen) [Orabug: 36964218] {CVE-2024-42299}
- dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964222] {CVE-2024-42301}
- binder: fix hang of unregistered readers (Carlos Llamas)
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam)
- PCI: dw-rockchip: Fix initial PERST# GPIO value (Niklas Cassel)
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu)
- hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- tools/memory-model: Fix bug in lock.cat (Alan Stern)
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (wangdicheng)
- ALSA: usb-audio: Move HD Webcam quirk to the right place (Takashi Iwai)
- ALSA: usb-audio: Fix microphone sound on HD webcam. (wangdicheng)
- KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (Sean Christopherson)
- media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda)
- jbd2: make jbd2_journal_get_max_txn_bufs() internal (Jan Kara)
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- wifi: mwifiex: Fix interface type change (Rafael Beims)
- selftests/landlock: Add cred_transfer test (Mickaël Salaün)
- io_uring: tighten task exit cancellations (Pavel Begunkov)
- ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964231] {CVE-2024-42304}
- ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964236] {CVE-2024-42305}
- m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati)
- udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964241] {CVE-2024-42306}
- task_work: Introduce task_work_cancel() again (Frederic Weisbecker)
- task_work: s/task_work_cancel()/task_work_cancel_func()/ (Frederic Weisbecker)
- apparmor: use kvfree_sensitive to free data->data (Fedor Pchelkin)
- sched/fair: Use all little CPUs for CPU-bound workloads (Pierre Gondois)
- drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964246] {CVE-2024-42308}
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964252] {CVE-2024-42309}
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964258] {CVE-2024-42310}
- ext2: Verify bitmap and itable block numbers before using them (Jan Kara)
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964264] {CVE-2024-42311}
- ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (Igor Pylypiv)
- media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964274] {CVE-2024-42313}
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Joe Hattori)
- fuse: verify {g,u}id mount options correctly (Eric Sandeen)
- sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks (Tejun Heo)
- ipv6: take care of scope when choosing the src addr (Nicolas Dichtel)
- af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du)
- net: netconsole: Disable target before netpoll cleanup (Breno Leitao)
- tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao)
- dt-bindings: thermal: correct thermal zone node name limit (Krzysztof Kozlowski)
- mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer (Tetsuo Handa)
- mm/hugetlb: fix possible recursive locking detected warning (Miaohe Lin)
- landlock: Don't lose track of restrictions on cred_transfer (Jann Horn) [Orabug: 36964283] {CVE-2024-42318}
- fs/ntfs3: Missed error return (Konstantin Komarov)
- rtc: interface: Add RTC offset to alarm after fix-up (Csókás, Bence)
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi)
- fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP (David Hildenbrand)
- fs/ntfs3: Fix field-spanning write in INDEX_HDR (Konstantin Komarov)
- fs/ntfs3: Replace inode_trylock with inode_lock (Konstantin Komarov)
- pinctrl: freescale: mxs: Fix refcount of child (Peng Fan)
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-König)
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: rockchip: update rk3308 iomux routes (Dmitry Yashin)
- fs/ntfs3: Fix getting file type (Konstantin Komarov)
- fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting (Konstantin Komarov)
- fs/ntfs3: Fix transform resident to nonresident for compressed files (Konstantin Komarov)
- fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT (Konstantin Komarov)
- fs/ntfs3: Use ALIGN kernel macro (Konstantin Komarov)
- net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports (Martin Willi)
- net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports (Martin Willi)
- netfilter: nf_set_pipapo: fix initial map fill (Florian Westphal)
- netfilter: nft_set_pipapo: constify lookup fn args where possible (Florian Westphal)
- netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013754] {CVE-2024-44944}
- bnxt_re: Fix imm_data endianness (Jack Wang)
- RDMA/hns: Fix insufficient extend DB for VFs. (Chengchang Tang)
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (Chengchang Tang)
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (Chengchang Tang)
- macintosh/therm_windtunnel: fix module unload. (Nick Bowler)
- powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman)
- net: missing check virtio (Denis Arefev) [Orabug: 36964424] {CVE-2024-43817}
- vhost/vsock: always initialize seqpacket_allow (Michael S. Tsirkin) [Orabug: 36983999] {CVE-2024-43873}
- PCI: endpoint: Clean up error handling in vpci_scan_bus() (Dan Carpenter) [Orabug: 36984004] {CVE-2024-43875}
- Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov)
- RDMA/device: Return error earlier if port in not valid (Leon Romanovsky)
- mtd: make mtd_test.c a separate module (Arnd Bergmann)
- ASoC: max98088: Check for clk_prepare_enable() error (Chen Ni)
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI)
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky)
- RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky)
- Input: qt1050 - handle CHIP_ID reading error (Andrei Lalaev)
- RDMA/cache: Release GID table even if leak is detected (Leon Romanovsky)
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (Chiara Meiohas)
- coresight: Fix ref leak when of_coresight_parse_endpoint() fails (James Clark)
- clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (Taniya Das)
- clk: qcom: branch: Add helper functions for setting retain bits (Konrad Dybcio)
- PCI: Fix resource double counting on remove & rescan (Ilpo Järvinen)
- SUNRPC: Fixup gss_status tracepoint error output (Benjamin Coddington)
- sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson)
- ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara)
- ext4: don't track ranges in fast_commit if inode has inlined data (Luis Henriques (SUSE))
- ext4: return early for non-eligible fast_commit track events (Ritesh Harjani)
- NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (Olga Kornievskaia)
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server. (NeilBrown)
- xprtrdma: Fix rpcrdma_reqs_reset() (Chuck Lever)
- mfd: omap-usb-tll: Use struct_size to allocate tll (Javier Carrasco)
- mfd: rsmu: Split core code into separate module (Arnd Bergmann)
- perf intel-pt: Fix exclude_guest setting (Adrian Hunter)
- perf intel-pt: Fix aux_watermark calculation for 64-bit size (Adrian Hunter)
- media: venus: flush all buffers in output plane streamoff (Dikshita Agarwal)
- ext4: fix infinite loop when replaying fast_commit (Luis Henriques (SUSE))
- Revert "leds: led-core: Fix refcount leak in of_led_get()" (Luca Ceresoli)
- drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964455] {CVE-2024-43829}
- drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach)
- perf report: Fix condition in sort__sym_cmp() (Namhyung Kim)
- leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug: 36964458] {CVE-2024-43830}
- drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (Hsiao Chien Sung)
- drm/mediatek: Add missing plane settings when async update (Hsiao Chien Sung)
- media: renesas: vsp1: Store RPF partition configuration per RPF instance (Laurent Pinchart)
- media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart)
- media: uvcvideo: Override default flags (Daniel Schaefer)
- saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov)
- media: i2c: Fix imx412 exposure control (Bryan O'Donoghue)
- media: imon: Fix race getting ictx->lock (Ricardo Ribalda)
- media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (Zheng Yejian)
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (Douglas Anderson)
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (Douglas Anderson)
- drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (Friedrich Vock)
- drm/amd/pm: Fix aldebaran pcie speed reporting (Lijo Lazar)
- xdp: fix invalid wait context of page_pool_destroy() (Taehee Yoo) [Orabug: 36964469] {CVE-2024-43834}
- selftests: forwarding: devlink_lib: Wait for udev events after reloading (Amit Cohen)
- bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o (Alan Maguire)
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964479] {CVE-2024-43839}
- bpf: annotate BTF show functions with __printf (Alan Maguire)
- selftests/bpf: Close fd in error path in drop_on_reuseport (Geliang Tang)
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (John Stultz)
- wifi: virt_wifi: don't use strlen() in const context (Johannes Berg)
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (Gaosheng Cui)
- wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964486] {CVE-2024-43841}
- perf: Fix default aux_watermark calculation (Adrian Hunter)
- perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter)
- perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter)
- perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (Adrian Hunter)
- netfilter: nf_tables: rise cap on SELinux secmark context (Pablo Neira Ayuso)
- libbpf: Checking the btf_type kind when fixing variable offsets (Donglin Peng)
- net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csókás, Bence)
- net: fec: Refactor: #define magic constants (Csókás Bence)
- wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug: 36984009] {CVE-2024-43879}
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (Baochen Qiang)
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (Baochen Qiang)
- mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors (Ido Schimmel)
- mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984012] {CVE-2024-43880}
- lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964494] {CVE-2024-43846}
- selftests/bpf: Check length of recv in test_sockmap (Geliang Tang)
- net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined (Guangguan Wang)
- tcp: fix races in tcp_v[46]_err() (Eric Dumazet)
- tcp: fix race in tcp_write_err() (Eric Dumazet)
- tcp: add tcp_done_with_error() helper (Eric Dumazet)
- tcp: annotate lockless access to sk->sk_err (Eric Dumazet)
- tcp: annotate lockless accesses to sk->sk_err_soft (Eric Dumazet)
- net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP (Hagar Hemdan)
- selftests/bpf: Fix prog numbers in test_sockmap (Geliang Tang)
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda)
- firmware: turris-mox-rwtm: Initialize completion before mailbox (Marek Behún)
- firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (Marek Behún)
- firmware: turris-mox-rwtm: Do not complete if there are no waiters (Marek Behún)
- vmlinux.lds.h: catch .bss..L* sections into BSS") (Christophe Leroy)
- ARM: spitz: fix GPIO assignment for backlight (Dmitry Torokhov)
- ARM: pxa: spitz: use gpio descriptors for audio (Arnd Bergmann)
- m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum)
- x86/xen: Convert comma to semicolon (Chen Ni)
- m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen)
- arm64: dts: amlogic: gx: correct hdmi clocks (Jerome Brunet)
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 (Chen-Yu Tsai)
- arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux (Rafał Miłecki)
- arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property (Chen-Yu Tsai)
- ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity (Michael Walle)
- ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects (Michael Walle)
- ARM: dts: imx6qdl-kontron-samx6i: fix board reset (Michael Walle)
- ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset (Michael Walle)
- ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node (Marco Felsch)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman)
- soc: qcom: pdr: fix parsing of domains lists (Dmitry Baryshkov)
- soc: qcom: pdr: protect locator_addr with the main mutex (Dmitry Baryshkov) [Orabug: 36964502] {CVE-2024-43849}
- memory: fsl_ifc: Make FSL_IFC config visible and selectable (Esben Haabendal)
- arm64: dts: qcom: msm8996: specify UFS core_clk frequencies (Dmitry Baryshkov)
- soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers (Stephen Boyd)
- arm64: dts: qcom: sm8250: add power-domain to UFS PHY (Dmitry Baryshkov)
- arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings (Dmitry Baryshkov)
- arm64: dts: qcom: sdm845: add power-domain to UFS PHY (Dmitry Baryshkov)
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck)
- hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck)
- drm/meson: fix canvas release in bind function (Yao Zi)
- pwm: stm32: Always do lazy disabling (Uwe Kleine-König)
- hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung)
- x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Järvinen)
- x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Järvinen)
- x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Järvinen)
- hfsplus: fix to avoid false alarm of circular locking (Chao Yu)
- block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964514] {CVE-2024-43854}
- block: cleanup bio_integrity_prep (Jinyoung Choi)
- block: refactor to use helper (Nitesh Shetty)
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih)
- f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964212] {CVE-2024-42297}
- f2fs: fix return value of f2fs_convert_inline_inode() (Chao Yu) [Orabug: 36964207] {CVE-2024-42296}
- LTS version: v5.15.164 (Vijayendra Suman)
- tap: add missing verification for short frame (Si-Wei Liu) [Orabug: 36879156] {CVE-2024-41090}
- tun: add missing verification for short frame (Dongli Zhang) [Orabug: 36879156] {CVE-2024-41091}
- wifi: rt2x00: use explicitly signed or unsigned types (Jason A. Donenfeld)
- filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36874755] {CVE-2024-41012} {CVE-2024-41020}
- ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused (Shengjiu Wang)
- arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB (Krishna Kurapati)
- arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB (Krishna Kurapati)
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (Seunghun Han)
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (Edson Juliano Drosdeck)
- fs/ntfs3: Validate ff offset (lei lu) [Orabug: 36891672] {CVE-2024-41019}
- jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891666] {CVE-2024-41017}
- ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891654] {CVE-2024-41015}
- Add gitignore file for samples/fanotify/ subdirectory (Linus Torvalds)
- docs: Fix formatting of literal sections in fanotify docs (Gabriel Krisman Bertazi)
- samples: Make fs-monitor depend on libc and headers (Gabriel Krisman Bertazi)
- samples: Add fs error monitoring example (Gabriel Krisman Bertazi)
- wifi: mac80211: disable softirqs for queued frame handling (Johannes Berg)
- mm/damon/core: merge regions aggressively when max_nr_regions is unmet (SeongJae Park)
- minmax: relax check to allow comparison between unsigned arguments and signed constants (David Laight)
- minmax: allow comparisons of 'int' against 'unsigned char/short' (David Laight)
- minmax: allow min()/max()/clamp() if the arguments have the same signedness. (David Laight)
- minmax: fix header inclusions (Andy Shevchenko)
- minmax: clamp more efficiently by avoiding extra comparison (Jason A. Donenfeld)
- minmax: sanity check constant bounds when clamping (Jason A. Donenfeld)
- tracing: Define the is_signed_type() macro once (Bart Van Assche)
- spi: mux: set ctlr->bits_per_word_mask (David Lechner)
- hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896968] {CVE-2024-41059}
- selftests/vDSO: fix clang build errors and warnings (John Hubbard)
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-König)
- riscv: stacktrace: fix usage of ftrace_graph_ret_addr() (Puranjay Mohan)
- fs: better handle deep ancestor chains in is_subdir() (Christian Brauner)
- drm/radeon: check bo_va->bo is non-NULL before using it (Pierre-Eric Pelloux-Prayer) [Orabug: 36896974] {CVE-2024-41060}
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896993] {CVE-2024-41063}
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (Xingui Yang)
- powerpc/eeh: avoid possible crash when edev->pdev changes (Ganesh Goudar) [Orabug: 36897001] {CVE-2024-41064}
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897008] {CVE-2024-41065}
- net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang)
- net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas)
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang)
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (Aivaz Latypov)
- btrfs: qgroup: fix quota root leak after quota disable failure (Filipe Manana) [Orabug: 36897343] {CVE-2024-41078}
- platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (Armin Wolf)
- platform/x86: lg-laptop: Change ACPI device id (Armin Wolf)
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (Armin Wolf)
- platform/x86: wireless-hotkey: Add support for LG Airplane Button (Armin Wolf)
- s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897031] {CVE-2024-41068}
- can: kvaser_usb: fix return value for hif_usb_send_regout (Chen Ni)
- ASoC: ti: omap-hdmi: Fix too long driver name (Primoz Fiser)
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config (Jai Luthra)
- ALSA: dmaengine: Synchronize dma channel after drop() (Jai Luthra)
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium (Thomas GENTY)
- Input: i8042 - add Ayaneo Kun to i8042 quirk table (Tobias Jakobi)
- Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose)
- mips: fix compat_sys_lseek syscall (Arnd Bergmann)
- ALSA: hda/realtek: Add more codec ID to no shutup pins list (Kailang Yang)
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (Alexey Makhalov)
- KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug: 36897047] {CVE-2024-41070}
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897311] {CVE-2024-41072}
- nvme: avoid double free special payload (Chunguang Xu) [Orabug: 36897316] {CVE-2024-41073}
- mei: demote client disconnect warning on suspend to debug (Alexander Usyskin)
- fs/file: fix the check in find_next_fd() (Yuntao Wang)
- kconfig: remove wrong expr_trans_bool() (Masahiro Yamada)
- kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada)
- null_blk: fix validation of block size (Andreas Hindborg) [Orabug: 36897338] {CVE-2024-41077}
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (Wei Li)
- ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897359] {CVE-2024-41081}
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (Eric Dumazet)
- Input: silead - Always support 10 fingers (Hans de Goede)
- selftests/openat2: Fix build warnings on ppc64 (Michael Ellerman)
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov)
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (Ayala Beker)
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (Yedidya Benshimol)
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (Yedidya Benshimol)
- wifi: mac80211: handle tasklet frames before stopping (Johannes Berg)
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande)
- tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (Dhananjay Ugwekar)
- ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf)
- ACPI: EC: Abort address space access upon error (Armin Wolf)
- scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap)
- scsi: qedf: Wait for stag work during unload (Saurav Kashyap)
- scsi: qedf: Don't process stag work during unload and recovery (Saurav Kashyap)
- scsi: core: alua: I/O errors for ALUA state transitions (Martin Wilck)
- scsi: core: Fix a use-after-free (Bart Van Assche)
- bpf: Fix overrunning reservations in ringbuf (Daniel Borkmann) [Orabug: 36850238] {CVE-2024-41009}
- ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu)
- ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada)
- filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874755] {CVE-2024-41012} {CVE-2024-41020}
- gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook)

[5.15.0-302.163.3.el9uek]
- uek-rpm: T93: Enable CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER (Thomas Tai) [Orabug: 37174880]
- mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37174198] {CVE-2024-47674}
- rds/ib: Count memory consumed by rds_page_frag (Hans Westgaard Ry) [Orabug: 37162157]
- uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME properly in embedded kernels (Dave Kleikamp) [Orabug: 37160327]
- fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156522]
- Revert "Documentation/admin-guide/acpi: Move information out of shell script comments" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic-v3: Move partition_create_desc() work to a helper" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic: Collect GIC_IRQ_TYPE definitions into one place" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / irq: Allow a compile-time arg0 for acpi_register_gsi()'s fwspec" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic, gic-v3: Translate fwspec for DT and ACPI systems in the same way" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Provide a helper to walk processor containers" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Add a helper to build a cpumask from a cpu_node" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic-v3: Print DT partitions in the same way as APCI" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic-v3: Build PPI partitions on ACPI systems" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic-v3: select and translate the partition domain" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / irq: Add acpi_register_partitioned_percpu_gsi()" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Find PPTT cache level by ID" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Add a helper to fill a cpumask from a processor container" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Add a helper to fill a cpumask from a cache_id" (Dave Kleikamp) [Orabug: 37144820]
- Revert "drivers: base: cacheinfo: Check per_cpu_cacheinfo() is allocated" (Dave Kleikamp) [Orabug: 37144820]
- Revert "drivers: base: cacheinfo: Add helper to find the cache size from cpu+level" (Dave Kleikamp) [Orabug: 37144820]
- Revert "cacheinfo: Allow for >32-bit cache 'id'" (Dave Kleikamp) [Orabug: 37144820]
- Revert "cacheinfo: Set cache 'id' based on DT data" (Dave Kleikamp) [Orabug: 37144820]
- Revert "cacheinfo: Expose the code to generate a cache-id from a device_node" (Dave Kleikamp) [Orabug: 37144820]
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (Kim Phillips) [Orabug: 37126702]
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (Kim Phillips) [Orabug: 37126702]
- x86/cpu, kvm: Add the Null Selector Clears Base feature (Kim Phillips) [Orabug: 37126702]
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (Kim Phillips) [Orabug: 37126702]
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (Kim Phillips) [Orabug: 37126702]
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (Kim Phillips) [Orabug: 37126702]
- KVM: x86: Advertise that the SMM_CTL MSR is not supported (Jim Mattson) [Orabug: 37126702]
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (Paolo Bonzini) [Orabug: 37126702]
- KVM: x86: skip host CPUID call for hypervisor leaves (Paolo Bonzini) [Orabug: 37126702]
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 37126702]
- amd_hsmp: Update PwrEfficiencyModeSelection message (Suma Hegde) [Orabug: 37123833]
- amd_hsmp: Add support for new error codes returned from firmware (Suma Hegde) [Orabug: 37123833]
- amd_hsmp: Add new HSMP messages of protocol version 7 (Suma Hegde) [Orabug: 37123833]
- IB/mlx5: Fix mlx5_ib_get_vector_irqn() after dynamic IRQ allocation change (Gerd Rausch) [Orabug: 37069671]
- arm64: kdump: increase crashkernel reservation size for crashkernel=auto (Brian Maly) [Orabug: 36949800]
- rds: Support rds-pings with payload (Håkon Bugge) [Orabug: 36847470]
- mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin) [Orabug: 36683092] {CVE-2024-36028}
- mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled (Miaohe Lin) [Orabug: 36597930] {CVE-2024-26987}

[5.15.0-302.163.2.el9uek]
- uek: kabi: Introduce APIs to hide/fake inclusion of headers (Saeed Mirzamohammadi) [Orabug: 37144803]
- uek-rpm: Enable config for Mediatek mt7915E wireless driver (Saeed Mirzamohammadi) [Orabug: 37123534]
- uek-rpm: Update the x86 kABI files for new symbol (Yifei Liu) [Orabug: 37108651]
- KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (Sean Christopherson) [Orabug: 36809298] {CVE-2024-39483}
- net: bridge: xmit: make sure we have at least eth header len bytes (Nikolay Aleksandrov) [Orabug: 36753371] {CVE-2024-38538}
- net: add pskb_may_pull_reason() helper (Eric Dumazet) [Orabug: 36753371] {CVE-2024-38538}

[5.15.0-302.163.1.el9uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37035557] {CVE-2024-49863}
- kpcimgr: Add dynamic memory region allocation feature (Joe Dobosenski) [Orabug: 36983477]



ELSA-2024-12815 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12815

http://linux.oracle.com/errata/ELSA-2024-12815.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
bpftool-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-302.167.6.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-302.167.6.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-302.167.6.el9uek.src.rpm

Related CVEs:

CVE-2023-31083
CVE-2023-52450
CVE-2024-26585
CVE-2024-26987
CVE-2024-36028
CVE-2024-38538
CVE-2024-38577
CVE-2024-39472
CVE-2024-39483
CVE-2024-41009
CVE-2024-41011
CVE-2024-41012
CVE-2024-41015
CVE-2024-41017
CVE-2024-41019
CVE-2024-41020
CVE-2024-41042
CVE-2024-41059
CVE-2024-41060
CVE-2024-41063
CVE-2024-41064
CVE-2024-41065
CVE-2024-41068
CVE-2024-41070
CVE-2024-41072
CVE-2024-41073
CVE-2024-41077
CVE-2024-41078
CVE-2024-41081
CVE-2024-41090
CVE-2024-41091
CVE-2024-41098
CVE-2024-42114
CVE-2024-42126
CVE-2024-42228
CVE-2024-42259
CVE-2024-42265
CVE-2024-42267
CVE-2024-42271
CVE-2024-42276
CVE-2024-42277
CVE-2024-42280
CVE-2024-42281
CVE-2024-42283
CVE-2024-42284
CVE-2024-42285
CVE-2024-42290
CVE-2024-42291
CVE-2024-42292
CVE-2024-42295
CVE-2024-42296
CVE-2024-42297
CVE-2024-42299
CVE-2024-42301
CVE-2024-42302
CVE-2024-42304
CVE-2024-42305
CVE-2024-42306
CVE-2024-42308
CVE-2024-42309
CVE-2024-42310
CVE-2024-42311
CVE-2024-42312
CVE-2024-42313
CVE-2024-42318
CVE-2024-43817
CVE-2024-43821
CVE-2024-43829
CVE-2024-43830
CVE-2024-43834
CVE-2024-43835
CVE-2024-43839
CVE-2024-43841
CVE-2024-43846
CVE-2024-43849
CVE-2024-43853
CVE-2024-43854
CVE-2024-43856
CVE-2024-43858
CVE-2024-43860
CVE-2024-43861
CVE-2024-43863
CVE-2024-43867
CVE-2024-43870
CVE-2024-43871
CVE-2024-43873
CVE-2024-43875
CVE-2024-43879
CVE-2024-43880
CVE-2024-43882
CVE-2024-43883
CVE-2024-43884
CVE-2024-43885
CVE-2024-43889
CVE-2024-43890
CVE-2024-43892
CVE-2024-43893
CVE-2024-43894
CVE-2024-43897
CVE-2024-43902
CVE-2024-43905
CVE-2024-43907
CVE-2024-43908
CVE-2024-43909
CVE-2024-43914
CVE-2024-44934
CVE-2024-44935
CVE-2024-44944
CVE-2024-44946
CVE-2024-44947
CVE-2024-44948
CVE-2024-44954
CVE-2024-44958
CVE-2024-44960
CVE-2024-44965
CVE-2024-44966
CVE-2024-44968
CVE-2024-44969
CVE-2024-44971
CVE-2024-44982
CVE-2024-44983
CVE-2024-44985
CVE-2024-44986
CVE-2024-44987
CVE-2024-44988
CVE-2024-44989
CVE-2024-44990
CVE-2024-44995
CVE-2024-44998
CVE-2024-44999
CVE-2024-45003
CVE-2024-45006
CVE-2024-45007
CVE-2024-45008
CVE-2024-45011
CVE-2024-45016
CVE-2024-45018
CVE-2024-45021
CVE-2024-45025
CVE-2024-45026
CVE-2024-45028
CVE-2024-46673
CVE-2024-46674
CVE-2024-46675
CVE-2024-46676
CVE-2024-46677
CVE-2024-46679
CVE-2024-46685
CVE-2024-46702
CVE-2024-46707
CVE-2024-46713
CVE-2024-46714
CVE-2024-46719
CVE-2024-46721
CVE-2024-46722
CVE-2024-46723
CVE-2024-46724
CVE-2024-46725
CVE-2024-46731
CVE-2024-46732
CVE-2024-46734
CVE-2024-46737
CVE-2024-46739
CVE-2024-46740
CVE-2024-46743
CVE-2024-46744
CVE-2024-46745
CVE-2024-46746
CVE-2024-46747
CVE-2024-46750
CVE-2024-46752
CVE-2024-46755
CVE-2024-46756
CVE-2024-46757
CVE-2024-46758
CVE-2024-46759
CVE-2024-46761
CVE-2024-46763
CVE-2024-46771
CVE-2024-46777
CVE-2024-46780
CVE-2024-46781
CVE-2024-46782
CVE-2024-46783
CVE-2024-46791
CVE-2024-46795
CVE-2024-46798
CVE-2024-46800
CVE-2024-46804
CVE-2024-46805
CVE-2024-46807
CVE-2024-46810
CVE-2024-46814
CVE-2024-46815
CVE-2024-46817
CVE-2024-46818
CVE-2024-46819
CVE-2024-46822
CVE-2024-46828
CVE-2024-46829
CVE-2024-46832
CVE-2024-46839
CVE-2024-46840
CVE-2024-46844
CVE-2024-47663
CVE-2024-47665
CVE-2024-47667
CVE-2024-47668
CVE-2024-47669
CVE-2024-47674
CVE-2024-49863

Description of changes:

[5.15.0-302.167.6.el9uek]
- ice: Add a per-VF limit on number of FDIR filters (Ahmed Zaki) [Orabug: 36964088] {CVE-2024-42291}
- scsi: lpfc: Fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36964437] {CVE-2024-43821}
- power: reset: pwr-mlxbf: support graceful shutdown (Asmaa Mnebhi) [Orabug: 37208029]
- gpio: mlxbf3: Support shutdown() function (Asmaa Mnebhi) [Orabug: 37208029]
- sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() (Liming Sun) [Orabug: 37208029]
- ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199019]
- Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna) [Orabug: 37199019]

[5.15.0-302.167.5.el9uek]
- mm/hugetlb: fix adjusting poison page flag in non-HVO scenario (Jane Chu) [Orabug: 37182268]
- x86/bugs: Adjust SRSO mitigation to new features (Boris Ostrovsky) [Orabug: 37145844]
- net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37093170]
- NFS: remove revoked delegation from server's delegation list (Dai Ngo) [Orabug: 36990366]
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882937] {CVE-2023-52450}

[5.15.0-302.167.4.el9uek]
- LTS version: v5.15.167 (Vijayendra Suman)
- udp: fix receiving fraglist GSO packets (Felix Fietkau)
- memcg: protect concurrent access to mem_cgroup_idr (Shakeel Butt) [Orabug: 36993003] {CVE-2024-43892}
- btrfs: fix race between direct IO write and fsync when using same fd (Filipe Manana) [Orabug: 37195092] {CVE-2024-46734}
- net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Daniel Borkmann)
- x86/mm: Fix PTI for i386 some more (Thomas Gleixner)
- net: drop bad gso csum_start and offset in virtio_net_hdr (Willem de Bruijn) [Orabug: 37195028] {CVE-2024-43897}
- gso: fix dodgy bit handling for GSO_UDP_L4 (Yan Zhai)
- net: change maximum number of UDP segments to 128 (Yuri Benditovich)
- net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation (Willem de Bruijn)
- gpio: rockchip: fix OF node leak in probe() (Krzysztof Kozlowski)
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko)
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (Andy Shevchenko)
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (Matteo Martelli)
- nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074464] {CVE-2024-46737}
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug: 37116411] {CVE-2024-46822}
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (James Morse)
- ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron)
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron)
- workqueue: Improve scalability of workqueue watchdog touch (Nicholas Piggin) [Orabug: 37116487] {CVE-2024-46839}
- workqueue: wq_watchdog_touch is always called with valid CPU (Nicholas Piggin)
- nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074676] {CVE-2024-46780}
- nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang)
- ksmbd: Unlock on in ksmbd_tcp_set_interfaces() (Dan Carpenter)
- ksmbd: unset the binding mark of a reused connection (Namjae Jeon) [Orabug: 37074716] {CVE-2024-46795}
- perf/aux: Fix AUX buffer serialization (Peter Zijlstra) [Orabug: 37070802] {CVE-2024-46713}
- uprobes: Use kzalloc to allocate xol area (Sven Schnelle)
- clocksource/drivers/timer-of: Remove percpu irq related code (Daniel Lezcano)
- clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai)
- clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai)
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (Naman Jain)
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug: 37074472] {CVE-2024-46739}
- nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven)
- binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074476] {CVE-2024-46740}
- usb: dwc3: core: update LC timer as per USB Spec V3.2 (Faisal Hassan)
- iio: adc: ad7124: fix chip ID mismatch (Dumitru Ceclan)
- iio: adc: ad7124: fix config comparison (Dumitru Ceclan)
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (Matteo Martelli)
- iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner)
- staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug: 37159727] {CVE-2024-47663}
- cifs: Check the lease context if we actually got a lease (Ronnie Sahlberg)
- NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (Trond Myklebust)
- ata: pata_macio: Use WARN instead of BUG (Michael Ellerman)
- MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed (Jiaxun Yang) [Orabug: 37116454] {CVE-2024-46832}
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159756] {CVE-2024-47668}
- of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074487] {CVE-2024-46743}
- Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074494] {CVE-2024-46744}
- usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum)
- Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074502] {CVE-2024-46745}
- HID: amd_sfh: free driver_data after destroying hid device (Olivier Sobrie) [Orabug: 37074507] {CVE-2024-46746}
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074512] {CVE-2024-46747}
- s390/vmlinux.lds.S: Move ro_after_init section behind rodata section (Heiko Carstens)
- btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba)
- kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (Zenghui Yu)
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (Jarkko Nikula) [Orabug: 37159737] {CVE-2024-47665}
- net: dpaa: avoid on-stack arrays of NR_CPUS elements (Vladimir Oltean)
- PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074530] {CVE-2024-46750}
- riscv: set trap vector earlier (yang.zhang)
- btrfs: replace BUG_ON() with error handling at update_ref_for_cow() (Filipe Manana) [Orabug: 37074542] {CVE-2024-46752}
- btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116493] {CVE-2024-46840}
- btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik)
- fs/ntfs3: Check more cases when directory is corrupted (Konstantin Komarov)
- smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang)
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074560] {CVE-2024-46755}
- dma-mapping: benchmark: Don't starve others when doing the test (Yicong Yang)
- ext4: fix possible tid_t sequence overflows (Luis Henriques (SUSE))
- drm/amdgpu: Set no_hw_access when VF request full GPU fails (Yifan Zha)
- libbpf: Add NULL checks to bpf_object__{prev_map,next_map} (Andreas Ziegler)
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074565] {CVE-2024-46756}
- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074570] {CVE-2024-46757}
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074578] {CVE-2024-46758}
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074583] {CVE-2024-46759}
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074594] {CVE-2024-46761}
- devres: Initialize an uninitialized struct member (Zijun Hu)
- um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116517] {CVE-2024-46844}
- cgroup: Protect css->cgroup write under css_set_lock (Waiman Long)
- iommu/vt-d: Handle volatile descriptor status read (Jacob Pan)
- dm init: Handle minors larger than 255 (Benjamin Marzinski)
- ASoC: topology: Properly initialize soc_enum values (Amadeusz Sławiński)
- net: dsa: vsc73xx: fix possible subblocks range of CAPT block (Pawel Dembicki)
- net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN (Jonas Gorski)
- fou: Fix null-ptr-deref in GRO. (Kuniyuki Iwashima) [Orabug: 37074606] {CVE-2024-46763}
- gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers (Eric Dumazet)
- gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers (Eric Dumazet)
- bareudp: Fix device stats updates. (Guillaume Nault)
- usbnet: modern method to get random MAC (Oliver Neukum)
- net: usb: don't write directly to netdev->dev_addr (Jakub Kicinski)
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (Larysa Zaremba)
- igc: Unlock on error in igc_io_resume() (Dan Carpenter)
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074692] {CVE-2024-46783}
- platform/x86: dell-smbios: Fix error path in dell_smbios_init() (Aleksandr Mishin)
- igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li)
- can: m_can: Release irq on error in m_can_open (Simon Horman)
- can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074624] {CVE-2024-46771}
- drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (Marek Olšák)
- pcmcia: Use resource_size function on resource object (Jules Irenge)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni)
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (Kishon Vijay Abraham I) [Orabug: 37159749] {CVE-2024-47667}
- media: vivid: don't set HDMI TX controls if there are no HDMI outputs (Hans Verkuil)
- drm/amd/display: Check HDCP returned status (Alex Hung)
- usb: uas: set host status byte on data completion error (Shantanu Goel)
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel)
- leds: spi-byte: Call of_node_put() on error path (Andy Shevchenko)
- media: vivid: fix wrong sizeimage value for mplane (Hans Verkuil)
- udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074664] {CVE-2024-46777}
- netfilter: nf_conncount: fix wrong variable type (Yunjian Wang)
- iommu: sun50i: clear bypass register (Jernej Skrabec)
- af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima)
- irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali Rohár)
- smack: unix sockets: fix accept()ed socket label (Konstantin Andreev)
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai)
- mptcp: pm: send ACK on an active subflow (Matthieu Baerts (NGI0))
- mptcp: pr_debug: add missing
at the end (Matthieu Baerts (NGI0))
- mptcp: pm: skip connecting to already established sf (Matthieu Baerts (NGI0))
- mptcp: pm: do not remove already closed subflows (Matthieu Baerts (NGI0))
- mptcp: pm: ADD_ADDR 0 is not a new address (Matthieu Baerts (NGI0))
- mptcp: close subflow when receiving TCP+FIN (Matthieu Baerts (NGI0))
- mptcp: avoid duplicated SUB_CLOSED events (Matthieu Baerts (NGI0))
- mptcp: pm: avoid possible UaF when selecting endp (Matthieu Baerts (NGI0))
- mptcp: constify a bunch of of helpers (Paolo Abeni)
- mptcp: pm: fullmesh: select the right ID later (Matthieu Baerts (NGI0))
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (Matthieu Baerts (NGI0))
- mptcp: pm: only decrement add_addr_accepted for MPJ req (Matthieu Baerts (NGI0))
- mptcp: pm: re-using ID of unused flushed subflows (Matthieu Baerts (NGI0))
- nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159764] {CVE-2024-47669}
- nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074683] {CVE-2024-46781}
- sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke Høiland-Jørgensen) [Orabug: 37116442] {CVE-2024-46828}
- ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074688] {CVE-2024-46782}
- tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian)
- can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (Simon Arlott) [Orabug: 37074711] {CVE-2024-46791}
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (Satya Priya Kakitapalli)
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (Satya Priya Kakitapalli)
- fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn)
- fuse: update stats for pages in dropped aux writeback list (Joanne Koong)
- mmc: cqhci: Fix checking of CQHCI_HALT state (Seunghwan Baek)
- mmc: sdhci-of-aspeed: fix module autoloading (Liao Chen)
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko)
- Bluetooth: MGMT: Ignore keys being loaded with invalid type (Luiz Augusto von Dentz)
- Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" (Luiz Augusto von Dentz)
- nvme-pci: Add sleep quirk for Samsung 990 Evo (Georg Gottleuber)
- rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116445] {CVE-2024-46829}
- irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() (Ma Ke)
- ata: libata: Fix memory leak for error path in ata_host_alloc() (Zheng Qixing)
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (Maximilien Perreault)
- ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (Terry Cheong)
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg)
- KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing (Ravi Bangoria)
- KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (Maxim Levitsky)
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin) [Orabug: 37074721] {CVE-2024-46798}
- sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074725] {CVE-2024-46800}
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (Richard Fitzgerald)
- ext4: handle redirtying in ext4_bio_write_page() (Jan Kara)
- udf: Limit file size to 4TB (Jan Kara)
- ext4: reject casefold inode flag without casefold feature (Eric Biggers)
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (Nikita Kiryushin) [Orabug: 36753533] {CVE-2024-38577}
- virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964473] {CVE-2024-43835}
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (Bob Zhou) [Orabug: 36993065] {CVE-2024-43905}
- media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda)
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073031] {CVE-2024-46714}
- block: remove the blk_flush_integrity call in blk_integrity_unregister (Christoph Hellwig)
- wifi: cfg80211: make hash table duplicates more survivable (Johannes Berg)
- drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (Marek Vasut) [Orabug: 37116336] {CVE-2024-46810}
- drm/meson: plane: Add error handling (Haoran Liu)
- smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler)
- usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073064] {CVE-2024-46719}
- usbip: Don't submit special requests twice (Simon Holesch)
- rcu/nocb: Remove buggy bypass lock contention mitigation (Frederic Weisbecker)
- ionic: fix potential irq name truncation (Shannon Nelson)
- RDMA/efa: Properly handle unexpected AQ completions (Michael Margolin)
- hwspinlock: Introduce hwspin_lock_bust() (Richard Maina)
- PCI: al: Check IORESOURCE_BUS existence during probe (Aleksandr Mishin)
- cpufreq: scmi: Avoid overflow of target_freq in fast switch (Jagadeesh Kona)
- wifi: iwlwifi: remove fw_running op (Shahar S Matityahu)
- drm/amdgpu: update type of buf size to u32 for eeprom functions (Tao Zhou)
- drm/amd/pm: check negtive return for table entries (Jesse Zhang)
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (Jesse Zhang) [Orabug: 37116393] {CVE-2024-46819}
- drm/amd/pm: check specific index for aldebaran (Jesse Zhang)
- drm/amdgpu: fix the waring dereferencing hive (Jesse Zhang) [Orabug: 37116300] {CVE-2024-46805}
- drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (Ma Jun)
- apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073077] {CVE-2024-46721}
- drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (Michael Chen)
- drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073082] {CVE-2024-46722}
- drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073087] {CVE-2024-46723}
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (Ma Jun) [Orabug: 37073093] {CVE-2024-46724}
- drm/amdgpu: Fix out-of-bounds write warning (Ma Jun) [Orabug: 37073098] {CVE-2024-46725}
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (Ma Jun)
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (Ma Jun)
- drm/amd/amdgpu: Check tbo resource pointer (Asad Kamal) [Orabug: 37116315] {CVE-2024-46807}
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (Hersen Wu)
- drm/amd/display: Check msg_id before processing transcation (Alex Hung) [Orabug: 37116360] {CVE-2024-46814}
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116365] {CVE-2024-46815}
- drm/amd/display: Add array index check for hdcp ddc access (Hersen Wu) [Orabug: 37116295] {CVE-2024-46804}
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug: 37116375] {CVE-2024-46817}
- drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116384] {CVE-2024-46818}
- drm/amdgpu: avoid reading vf2pf info size from FB (Zhigang Luo)
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (Tim Huang)
- drm/amdgpu: fix uninitialized scalar variable warning (Tim Huang)
- drm/amd/pm: fix the Out-of-bounds read warning (Jesse Zhang) [Orabug: 37073129] {CVE-2024-46731}
- drm/amd/pm: fix warning using uninitialized value of max_vid_step (Jesse Zhang)
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (Tim Huang)
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (Ma Jun)
- drm/amdgpu: fix overflowed array index read warning (Tim Huang)
- drm/amd/display: Assign linear_pitch_alignment even for VM (Alvin Lee) [Orabug: 37073135] {CVE-2024-46732}
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun)
- net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian)
- dma-debug: avoid deadlock between dma debug vs printk and netconsole (Rik van Riel)
- i2c: Fix conditional for substituting empty ACPI functions (Richard Fitzgerald)
- ALSA: hda/conexant: Mute speakers at suspend / shutdown (Takashi Iwai)
- ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (Takashi Iwai)
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (Philip Mueller)
- LTS version: v5.15.166 (Vijayendra Suman)
- apparmor: fix policy_unpack_test on big endian systems (Guenter Roeck)
- scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070699] {CVE-2024-46673}
- igc: Fix qbv tx latency by setting gtxoffset (Faizal Rahim)
- igc: Fix reset adapter logics when tx mode change (Faizal Rahim)
- phy: zynqmp: Enable reference clock correctly (Sean Anderson)
- usb: cdnsp: fix for Link TRB with TC (Pawel Laszczak)
- usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (Pawel Laszczak)
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu)
- usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski)
- usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070704] {CVE-2024-46674}
- usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070709] {CVE-2024-46675}
- usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski)
- USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian)
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray)
- soc: qcom: cmd-db: Map shared memory as WC, not WB (Volodymyr Babchuk)
- nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070716] {CVE-2024-46676}
- net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet)
- gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070721] {CVE-2024-46677}
- ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070727] {CVE-2024-46679}
- dmaengine: dw: Add memory bus width verification (Serge Semin)
- dmaengine: dw: Add peripheral bus width verification (Serge Semin)
- phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume (Piyush Mehta)
- phy: xilinx: phy-zynqmp: dynamic clock support for power-save (Piyush Mehta)
- phy: xilinx: add runtime PM support (Piyush Mehta)
- PM: runtime: Add DEFINE_RUNTIME_DEV_PM_OPS() macro (Paul Cercueil)
- PM: core: Add EXPORT[_GPL]_SIMPLE_DEV_PM_OPS macros (Paul Cercueil)
- PM: core: Remove DEFINE_UNIVERSAL_DEV_PM_OPS() macro (Paul Cercueil)
- soundwire: stream: fix programming slave ports for non-continous port maps (Krzysztof Kozlowski)
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964509] {CVE-2024-43853}
- ata: libata-core: Fix null pointer dereference on error (Niklas Cassel) [Orabug: 36897456] {CVE-2024-41098}
- drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867630] {CVE-2024-41011}
- Revert "MIPS: Loongson64: reset: Prioritise firmware service" (Greg Kroah-Hartman)
- mptcp: sched: check both backup in retrans (Matthieu Baerts (NGI0))
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (Haiyang Zhang)
- wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer)
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070743] {CVE-2024-46685}
- pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (Huang-Huang Bao)
- btrfs: run delayed iputs when flushing delalloc (Josef Bacik)
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898008] {CVE-2024-42228}
(Alexander Lobakin)
- Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029136] {CVE-2024-45008}
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 35358656] {CVE-2023-31083}
- mm/numa: no task_numa_fault() call if PTE is changed (Zi Yan)
- mm/numa: no task_numa_fault() call if PMD is changed (Zi Yan)
- ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai)
- hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (Javier Carrasco)
- Revert "drm/amd/display: Validate hw_points_num before using it" (Alex Hung)
- mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten)
- KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (Marc Zyngier) [Orabug: 37070792] {CVE-2024-46707}
- cxgb4: add forgotten u64 ivlan cast before shift (Nikolay Kuratov)
- HID: microsoft: Add rumble support to latest xbox controllers (Siarhei Vishniakou)
- HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke)
- MIPS: Loongson64: Set timer mode in cpu-probe (Jiaxun Yang)
- scsi: core: Fix the return value of scsi_logical_block_count() (Chaotian Jing)
- Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992975] {CVE-2024-43884}
- mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070690] {CVE-2024-45028}
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (Dmitry Baryshkov) [Orabug: 37029059] {CVE-2024-44982}
- drm/msm/dp: reset the link phy params before link training (Abhinav Kumar)
- drm/msm/dpu: don't play tricks with debug macros (Dmitry Baryshkov)
- net: xilinx: axienet: Fix dangling multicast addresses (Sean Anderson)
- net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson)
- netfilter: flowtable: validate vlan header (Pablo Neira Ayuso) [Orabug: 37029063] {CVE-2024-44983}
- ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet) [Orabug: 37029066] {CVE-2024-44985}
- ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029068] {CVE-2024-44986}
- ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029075] {CVE-2024-44987}
- netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070659] {CVE-2024-45016}
- net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029081] {CVE-2024-44988}
- net: dsa: mv88e6xxx: replace ATU violation prints with trace points (Vladimir Oltean)
- net: dsa: mv88e6xxx: read FID when handling ATU violations (Hans J. Schultz)
- dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp() (Dan Carpenter)
- ice: fix ICE_LAST_OFFSET formula (Maciej Fijalkowski)
- bonding: fix xfrm state handling when clearing active slave (Nikolay Aleksandrov)
- bonding: fix xfrm real_dev null pointer dereference (Nikolay Aleksandrov) [Orabug: 37029084] {CVE-2024-44989}
- bonding: fix null pointer deref in bond_ipsec_offload_ok (Nikolay Aleksandrov) [Orabug: 37029087] {CVE-2024-44990}
- bonding: fix bond_ipsec_offload_ok return type (Nikolay Aleksandrov)
- ip6_tunnel: Fix broken GRO (Thomas Bogendoerfer)
- netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior)
- netfilter: nft_counter: Disable BH in nft_counter_offload_stats(). (Sebastian Andrzej Siewior)
- kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013760] {CVE-2024-44946}
- tc-testing: don't access non-existent variable on exception (Simon Horman)
- Bluetooth: SMP: Fix assumption of Central always being Initiator (Luiz Augusto von Dentz)
- Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz)
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (Maximilian Luz)
- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (Long Li)
- dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka)
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (Aurelien Jarno)
- nfsd: make svc_stat per-network namespace instead of global (Josef Bacik)
- nfsd: remove nfsd_stats, make th_cnt a global counter (Josef Bacik)
- nfsd: make all of the nfsd stats per-network namespace (Josef Bacik)
- nfsd: expose /proc/net/sunrpc/nfsd in net namespaces (Josef Bacik)
- nfsd: rename NFSD_NET_* to NFSD_STATS_* (Josef Bacik)
- sunrpc: use the struct net as the svc proc private (Josef Bacik)
- sunrpc: remove ->pg_stats from svc_program (Josef Bacik)
- sunrpc: pass in the sv_stats struct through svc_create_pooled (Josef Bacik)
- nfsd: stop setting ->pg_stats for unused stats (Josef Bacik)
- sunrpc: don't change ->sv_stats if it doesn't exist (Josef Bacik)
- NFSD: Fix frame size warning in svc_export_parse() (Chuck Lever)
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (Chuck Lever)
- NFSD: Refactor the duplicate reply cache shrinker (Chuck Lever)
- NFSD: Replace nfsd_prune_bucket() (Chuck Lever)
- NFSD: Rename nfsd_reply_cache_alloc() (Chuck Lever)
- NFSD: Refactor nfsd_reply_cache_free_locked() (Chuck Lever)
- nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net (Jeff Layton)
- nfsd: move reply cache initialization into nfsd startup (Jeff Layton)
- block: use "unsigned long" for blk_validate_block_size(). (Tetsuo Handa)
- gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029110] {CVE-2024-44999}
- hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang)
- nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg)
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li)
- irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang)
- usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati)
- platform/x86: lg-laptop: fix %s null argument warning (Gergo Koteles)
- clocksource: Make watchdog and suspend-timing multiplication overflow safe (Adrian Hunter)
- s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev)
- openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde)
- NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown)
- nvmet-tcp: do not continue for invalid icreq (Hannes Reinecke)
- net: hns3: add checking for vf id of mailbox (Jian Shen)
- Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz)
- usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-König)
- f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu)
- btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba)
- btrfs: change BUG_ON to assertion in tree_move_down() (David Sterba)
- btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba)
- btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba)
- btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba)
- powerpc/boot: Only free if realloc() succeeds (Michael Ellerman)
- powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming)
- parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller)
- memory: stm32-fmc2-ebi: check regmap_read return value (Christophe Kerello)
- x86: Increase brk randomness entropy for 64-bit systems (Kees Cook)
- md: clean up invalid BUG_ON in md_ioctl (Li Nan)
- netlink: hold nlk->cb_mutex longer in __netlink_dump_start() (Eric Dumazet)
- clocksource/drivers/arm_global_timer: Guard against division by zero (Martin Blumenstingl)
- virtiofs: forbid newlines in tags (Stefan Hajnoczi)
- drm/lima: set gp bus_stop bit before hard reset (Erico Nunes)
- net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook)
- media: drivers/media/dvb-core: copy user arrays safely (Philipp Stanner)
- fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov)
- media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil)
- quota: Remove BUG_ON from dqget() (Jan Kara)
- fuse: fix UAF in rcu pathwalks (Al Viro)
- afs: fix __afs_break_callback() / afs_drop_open_mmap() race (Al Viro)
- ext4: do not trim the group with corrupted block bitmap (Baokun Li)
- nvmet-trace: avoid dereferencing pointer too early (Daniel Wagner)
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan)
- memory: tegra: Skip SID programming if SID registers aren't set (Ashish Mhetre)
- arm64: Fix KASAN random tag seed initialization (Samuel Holland)
- hwmon: (ltc2992) Avoid division by zero (Antoniu Miclaus)
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (Chengfeng Ye)
- wifi: iwlwifi: fw: Fix debugfs command sending (Mukesh Sisodiya)
- wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit)
- gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher)
- scsi: spi: Fix sshdr use (Mike Christie)
- media: qcom: venus: fix incorrect return value (Hans Verkuil)
- binfmt_misc: cleanup on filesystem umount (Christian Brauner)
- staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye)
- drm/amd/display: Validate hw_points_num before using it (Alex Hung)
- staging: iio: resolver: ad2s1210: fix use before initialization (David Lechner)
- media: radio-isa: use dev_name to fill in bus_info (Hans Verkuil)
- i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (Jarkko Nikula)
- i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (Jarkko Nikula)
- s390/smp,mcck: fix early IPI handling (Heiko Carstens)
- RDMA/rtrs: Fix the problem of variable not initialized fully (Zhu Yanjun)
- i2c: riic: avoid potential division by zero (Wolfram Sang)
- wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson)
- wifi: mac80211: fix BA session teardown race (Johannes Berg)
- wifi: cfg80211: check wiphy mutex is held for wdev mutex (Johannes Berg)
- ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb)
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (Parsa Poorshikhian)
- net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029097] {CVE-2024-44995}
- net: hns3: fix wrong use of semaphore up (Jie Wang)
- netfilter: nf_queue: drop packets with cloned unconfirmed conntracks (Florian Westphal)
- netfilter: flowtable: initialise extack before use (Donald Hunter) [Orabug: 37070666] {CVE-2024-45018}
- netfilter: allow ipv6 fragments to arrive on different devices (Tom Hughes)
- mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size (Eugene Syromiatnikov)
- mlxbf_gige: disable RX filters until RX path initialized (David Thompson)
- net: dsa: vsc73xx: check busy flag in MDIO operations (Pawel Dembicki)
- net: dsa: vsc73xx: use read_poll_timeout instead delay loop (Pawel Dembicki)
- net: dsa: vsc73xx: pass value in phy_write operation (Pawel Dembicki)
- net: axienet: Fix register defines comment description (Radhey Shyam Pandey)
- atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029103] {CVE-2024-44998}
- net/mlx5e: Correctly report errors for ethtool rx flows (Cosmin Ratiu)
- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (Faizal Rahim)
- igc: remove I226 Qbv BaseTime restriction (Muhammad Husaini Zulkifli)
- igc: Correct the launchtime offset (Muhammad Husaini Zulkifli)
- s390/uv: Panic for set and remove shared access UVC errors (Claudio Imbrenda)
- drm/amdgpu/jpeg2: properly set atomics vmid field (Alex Deucher)
- memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070671] {CVE-2024-45021}
- drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen)
- btrfs: tree-checker: add dev extent item checks (Qu Wenruo)
- selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei)
- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070679] {CVE-2024-45025}
- bitmap: introduce generic optimized bitmap_size() (Alexander Lobakin)
- btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin)
- fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (Alexander Lobakin)
- vfs: Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029118] {CVE-2024-45003}
- dm persistent data: fix memory allocation failure (Mikulas Patocka)
- dm resume: don't return EINVAL when signalled (Khazhismel Kumykov)
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE (Haibo Xu)
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug: 37070686] {CVE-2024-45026}
- thunderbolt: Mark XDomain as unplugged when router is removed (Mika Westerberg) [Orabug: 37070774] {CVE-2024-46702}
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug: 37029124] {CVE-2024-45006}
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan José Arboleda)
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (Lianqin Hu)
- char: xillybus: Check USB endpoints when probing device (Eli Billauer) [Orabug: 37070649] {CVE-2024-45011}
- char: xillybus: Refine workqueue handling (Eli Billauer)
- char: xillybus: Don't destroy workqueue from work item running on it (Eli Billauer) [Orabug: 37029128] {CVE-2024-45007}
- fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017950] {CVE-2024-44947}
- LTS version: v5.15.165 (Vijayendra Suman)
- Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel)
- media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" (Sean Young)
- ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode (Michael Walle)
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Eric Dumazet) [Orabug: 36897690] {CVE-2024-42114}
- binfmt_flat: Fix corruption when not offsetting data start (Kees Cook) [Orabug: 37029015] {CVE-2024-44966}
- usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed. (Chris Wulff)
- nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli)
- exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984016] {CVE-2024-43882}
- arm64: cpufeature: Fix the visibility of compat hwcaps (Amit Daniel Kachhap)
- arm64: dts: qcom: msm8996: correct #clock-cells for QMP PHY nodes (Dmitry Baryshkov)
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. (Mahesh Salgaonkar) [Orabug: 36897773] {CVE-2024-42126}
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953968] {CVE-2024-42259}
- mptcp: fully established after ADD_ADDR echo on MPJ (Matthieu Baerts (NGI0))
- wifi: mac80211: check basic rates validity (Johannes Berg)
- PCI: dwc: Restore MSI Receiver mask during resume (Jisheng Zhang)
- net: stmmac: Enable mac_managed_pm phylink config (Shenwei Wang)
- netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896845] {CVE-2024-41042}
- netfilter: nf_tables: allow clone callbacks to sleep (Florian Westphal)
- netfilter: nf_tables: bail out if stateful expression provides no .clone (Pablo Neira Ayuso)
- netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso)
- tls: fix race between tx work scheduling and socket close (Jakub Kicinski) [Orabug: 36529710] {CVE-2024-26585}
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (Lukas Wunner) [Orabug: 36964228] {CVE-2024-42302}
- btrfs: fix double inode unlock for direct IO sync writes (Filipe Manana) [Orabug: 37195039] {CVE-2024-43885}
- xfs: fix log recovery buffer allocation for the legacy h_size fixup (Christoph Hellwig) [Orabug: 36809257] {CVE-2024-39472}
- btrfs: fix corruption after buffer fault in during direct IO append write (Filipe Manana)
- selftests: mptcp: join: check backup support in signal endp (Matthieu Baerts (NGI0))
- selftests: mptcp: join: validate backup in MPJ (Matthieu Baerts (NGI0))
- mptcp: pm: fix backup support in signal endpoints (Matthieu Baerts (NGI0))
- mptcp: export local_address (Geliang Tang)
- mptcp: pm: only set request_bkup flag when sending MP_PRIO (Matthieu Baerts (NGI0))
- mptcp: fix bad RCVPRUNED mib accounting (Paolo Abeni)
- mptcp: mib: count MPJ with backup flag (Matthieu Baerts (NGI0))
- mptcp: fix NL PM announced address accounting (Paolo Abeni)
- mptcp: distinguish rcv vs sent backup flag in requests (Matthieu Baerts (NGI0))
- mptcp: sched: check both directions for backup (Matthieu Baerts (NGI0))
- drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann)
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach)
- sched/smt: Fix unbalance sched_smt_present dec/inc (Yang Yingliang) [Orabug: 37028981] {CVE-2024-44958}
- sched/smt: Introduce sched_smt_present_inc/dec() helper (Yang Yingliang)
- x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028935] {CVE-2024-44948}
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (Waiman Long) [Orabug: 36992992] {CVE-2024-43889}
- tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992997] {CVE-2024-43890}
- power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede)
- power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede)
- genirq/irqdesc: Honor caller provided affinity in alloc_desc() (Shay Drory)
- irqchip/xilinx: Fix shift out of bounds (Radhey Shyam Pandey)
- kcov: properly check for softirq context (Andrey Konovalov)
- serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993008] {CVE-2024-43893}
- timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex() (Thomas Gleixner)
- ntp: Safeguard against time_constant overflow (Justin Stitt)
- irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t' (Arseniy Krasnov)
- irqchip/meson-gpio: support more than 8 channels gpio irq (Qianggui Song)
- clocksource: Fix brown-bag boolean thinko in cs_watchdog_read() (Paul E. McKenney)
- clocksource: Scale the watchdog read retries automatically (Feng Tang)
- torture: Enable clocksource watchdog with "tsc=watchdog" (Paul E. McKenney)
- clocksource: Reduce the default clocksource_watchdog() retries to 2 (Waiman Long)
- ntp: Clamp maxerror and esterror to operating range (Justin Stitt)
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (Jason Wang)
- tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37195086] {CVE-2024-44968}
- scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela)
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal)
- usb: gadget: u_serial: Set start_delayed during suspend (Prashanth K)
- usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028987] {CVE-2024-44960}
- USB: serial: debug: do not echo input by default (Marek Marczykowski-Górecki)
- usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992970] {CVE-2024-43883}
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (Takashi Iwai)
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (Steven 'Steve' Kendall)
- ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028956] {CVE-2024-44954}
- drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993013] {CVE-2024-43894}
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (Takashi Iwai)
- spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren)
- kprobes: Fix to check symbol prefixes correctly (Masami Hiramatsu (Google))
- bpf: kprobe: remove unused declaring of bpf_kprobe_override (Menglong Dong)
- i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck)
- spi: spidev: Add missing spi_device_id for bh2228fv (Geert Uytterhoeven)
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (Krzysztof Kozlowski)
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (Krzysztof Kozlowski)
- i2c: smbus: Improve handling of stuck alerts (Guenter Roeck)
- arm64: cputype: Add Cortex-A725 definitions (Mark Rutland)
- arm64: cputype: Add Cortex-X1C definitions (Mark Rutland)
- arm64: cputype: Add Cortex-X925 definitions (Mark Rutland)
- arm64: cputype: Add Cortex-A720 definitions (Mark Rutland)
- arm64: cputype: Add Cortex-X3 definitions (Mark Rutland)
- arm64: cputype: Add Neoverse-V3 definitions (Mark Rutland)
- arm64: cputype: Add Cortex-X4 definitions (Mark Rutland)
- arm64: barrier: Restore spec_bar() macro (Mark Rutland)
- arm64: Add Neoverse-V2 part (Besar Wicaksono)
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space (James Morse)
- ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi)
- sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime (Zheng Zucheng)
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal)
- profiling: remove profile=sleep support (Tetsuo Handa)
- SUNRPC: Fix a race to wake a sync task (Benjamin Coddington)
- s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029019] {CVE-2024-44969}
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi)
- ext4: fix uninitialized variable in ext4_inlinedir_to_tree (Xiaxi Shen)
- media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio)
- media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda)
- drm/amd/display: Add null checker before passing variables (Alex Hung) [Orabug: 36993047] {CVE-2024-43902}
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (Ma Jun) [Orabug: 36993077] {CVE-2024-43907}
- drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993083] {CVE-2024-43908}
- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (Ma Jun) [Orabug: 36993089] {CVE-2024-43909}
- btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana)
- wifi: nl80211: don't give key data to userspace (Johannes Berg)
- udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov)
- PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori)
- selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT (Yonghong Song)
- ACPI: SBS: manage alarm sysfs attribute through psy core (Thomas Weißschuh)
- ACPI: battery: create alarm sysfs attribute atomically (Thomas Weißschuh)
- clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Söderlund)
- md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993126] {CVE-2024-43914}
- md: do not delete safemode_timer in mddev_suspend (Li Nan)
- rcutorture: Fix rcu_torture_fwd_cb_cr() data race (Paul E. McKenney)
- net: fec: Stop PPS on driver remove (Csókás, Bence)
- l2tp: fix lockdep splat (James Chapman)
- net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (Joe Hattori) [Orabug: 37029031] {CVE-2024-44971}
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov)
- net: linkwatch: use system_unbound_wq (Eric Dumazet)
- net: bridge: mcast: wait for previous gc cycles when removing port (Nikolay Aleksandrov) [Orabug: 36993143] {CVE-2024-44934}
- net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983958] {CVE-2024-43861}
- sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993146] {CVE-2024-44935}
- sctp: move hlist_node and hashent out of sctp_ep_common (Xin Long)
- x86/mm: Fix pti_clone_entry_text() for i386 (Peter Zijlstra)
- x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029011] {CVE-2024-44965}
- irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou)
- netfilter: ipset: Add list flush to cancel_gc (Alexander Maltsev)
- mptcp: fix duplicate data handling (Paolo Abeni)
- r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY (Heiner Kallweit)
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke)
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (Zack Rusin) [Orabug: 36983964] {CVE-2024-43863}
- Revert "ALSA: firewire-lib: operate for period elapse event in process context" (Edmund Raile)
- Revert "ALSA: firewire-lib: obsolete workqueue for period update" (Edmund Raile)
- ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (Mavroudis Chatzilazaridis)
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai)
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963807] {CVE-2024-42265}
- HID: wacom: Modify pen IDs (Tatsunosuke Tobita)
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (Patryk Duda)
- power: supply: bq24190_charger: replace deprecated strncpy with strscpy (Justin Stitt)
- riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() (Zhe Qiao) [Orabug: 36963814] {CVE-2024-42267}
- ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Żenczykowski)
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (Shahar Shitrit)
- net: mvpp2: Don't re-use loop iterator (Dan Carpenter)
- net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964005] {CVE-2024-42271}
- rtnetlink: Don't ignore IFLA_TARGET_NETNSID when ifname is specified in rtnl_dellink(). (Kuniyuki Iwashima)
- rtnetlink: enable alt_ifname for setlink/newlink (Florent Fourcot)
- ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (songxiebing)
- drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes)
- drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983978] {CVE-2024-43867}
- MIPS: dts: loongson: Fix ls2k1000-rtc interrupt (Jiaxun Yang)
- MIPS: dts: loongson: Fix liointc IRQ polarity (Jiaxun Yang)
- MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a (Jiaxun Yang)
- MIPS: Loongson64: DTS: Add RTC support to Loongson-2K1000 (Binbin Zhou)
- remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (Aleksandr Mishin)
- drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (Wayne Lin)
- irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964084] {CVE-2024-42290}
- irqchip/imx-irqsteer: Add runtime PM support (Lucas Stach)
- irqchip/imx-irqsteer: Constify irq_chip struct (Lucas Stach)
- irqdomain: Fixed unbalanced fwnode get and put (Herve Codina)
- leds: triggers: Flush pending brightness before activating trigger (Thomas Weißschuh)
- leds: trigger: Call synchronize_rcu() before calling trig->activate() (Hans de Goede)
- leds: trigger: Store brightness set by led_trigger_event() (Heiner Kallweit)
- leds: trigger: Remove unused function led_trigger_rename_static() (Heiner Kallweit)
- leds: trigger: use RCU to protect the led_cdevs list (Johannes Berg)
- drivers: soc: xilinx: check return status of get_api_version() (Jay Buddhabhatti)
- soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver (Michael Tretter)
- ext4: check the extent status again before inserting delalloc block (Zhang Yi)
- ext4: factor out a common helper to query extent map (Zhang Yi)
- ext4: convert to exclusive lock while inserting delalloc extents (Zhang Yi)
- ext4: refactor ext4_da_map_blocks() (Zhang Yi)
- ext4: make ext4_es_insert_extent() return void (Baokun Li)
- sysctl: always initialize i_uid/i_gid (Thomas Weißschuh) [Orabug: 36964269] {CVE-2024-42312}
- arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB (Krishna Kurapati)
- arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB (Krishna Kurapati)
- arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings (Dmitry Baryshkov)
- arm64: dts: qcom: msm8998: drop USB PHY clock index (Johan Hovold)
- arm64: dts: qcom: msm8996: Move '#clock-cells' to QMP PHY child node (Shawn Guo)
- powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC (Esben Haabendal)
- fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (Seth Forshee (DigitalOcean))
- nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964021] {CVE-2024-42276}
- nvme: separate command prep and issue (Jens Axboe)
- nvme: split command copy into a helper (Jens Axboe)
- iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (Artem Chernyshev) [Orabug: 36964025] {CVE-2024-42277}
- ceph: fix incorrect kmalloc size of pagevec mempool (ethanwu)
- ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (Pierre-Louis Bossart)
- spi: spidev: add correct compatible for Rohm BH2228FV (Conor Dooley)
- spi: spidev: order compatibles alphabetically (Krzysztof Kozlowski)
- spidev: Add Silicon Labs EM3581 device compatible (Vincent Tremblay)
- spi: spidev: Replace OF specific code by device property API (Andy Shevchenko)
- spi: spidev: Replace ACPI specific code by device_get_match_data() (Andy Shevchenko)
- spi: spidev: Make probe to fail early if a spidev compatible is used (Javier Martinez Canillas)
- lirc: rc_dev_get_from_fd(): fix file leak (Al Viro)
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (Al Viro)
- apparmor: Fix null pointer deref when receiving skb during sock creation (Xiao Liang)
- mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964031] {CVE-2024-42280}
- bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964037] {CVE-2024-42281}
- net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964043] {CVE-2024-42283}
- net: stmmac: Correct byte order of perfect_match (Simon Horman)
- tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964046] {CVE-2024-42284}
- netfilter: nft_set_pipapo_avx2: disable softinterrupts (Florian Westphal)
- net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg)
- ipv4: Fix incorrect source address in Record Route option (Ido Schimmel)
- MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT)
- bpf, events: Use prog to emit ksymbol event for main program (Hou Tao)
- dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964522] {CVE-2024-43856}
- libbpf: Fix no-args func prototype BTF dumping syntax (Andrii Nakryiko)
- um: time-travel: fix signal blocking race/hang (Johannes Berg)
- um: time-travel: fix time-travel-start option (Johannes Berg)
- phy: cadence-torrent: Check return value on register read (Ma Ke)
- dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (Vignesh Raghavendra)
- jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964529] {CVE-2024-43858}
- kdb: address -Wformat-security warnings (Arnd Bergmann)
- kernel: rerun task_work while freezing in get_signal() (Pavel Begunkov)
- io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov)
- nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964202] {CVE-2024-42295}
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (WangYuli)
- Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (Hilda Wu)
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov)
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov)
- drm/panfrost: Mark simple_ondemand governor as softdep (Dragan Simic)
- MIPS: Loongson64: Test register availability before use (Jiaxun Yang)
- MIPS: Loongson64: reset: Prioritise firmware service (Jiaxun Yang)
- MIPS: Loongson64: Remove memory node for builtin-dtb (Jiaxun Yang)
- MIPS: Loongson64: env: Hook up Loongsson-2K (Jiaxun Yang)
- MIPS: dts: loongson: Fix GMAC phy node (Jiaxun Yang)
- MIPS: ip30: ip30-console: Add missing include (Jiaxun Yang)
- remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964536] {CVE-2024-43860}
- remoteproc: stm32_rproc: Fix mailbox interrupts queuing (Gwenael Treuveur)
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov)
- selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman)
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964053] {CVE-2024-42285}
- platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang)
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner)
- rtc: isl1208: Fix return value of nvmem callbacks (Joy Chakraborty)
- drm/i915/dp: Reset intel_dp->link_trained before retraining the link (Imre Deak)
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (Alex Deucher)
- drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (Nitin Gote)
- perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter)
- perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati)
- perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (Kan Liang)
- perf: Fix event leak upon exit (Frederic Weisbecker) [Orabug: 36983986] {CVE-2024-43870}
- rtc: cmos: Fix return value of nvmem callbacks (Joy Chakraborty)
- mm/numa_balancing: teach mpol_to_str about the balancing mode (Tvrtko Ursulin)
- devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983990] {CVE-2024-43871}
- devres: Fix devm_krealloc() wasting memory (Zijun Hu)
- gve: Fix an edge case for TSO skb validity check (Bailey Forrest)
- kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 37203371] {CVE-2024-42292}
- kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor)
- decompress_bunzip2: fix rare decompression failure (Ross Lagerwall)
- ubi: eba: properly rollback inside self_check_eba (Fedor Pchelkin)
- clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (Bastien Curutchet)
- fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed (Huacai Chen) [Orabug: 36964218] {CVE-2024-42299}
- dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964222] {CVE-2024-42301}
- binder: fix hang of unregistered readers (Carlos Llamas)
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam)
- PCI: dw-rockchip: Fix initial PERST# GPIO value (Niklas Cassel)
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu)
- hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- tools/memory-model: Fix bug in lock.cat (Alan Stern)
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (wangdicheng)
- ALSA: usb-audio: Move HD Webcam quirk to the right place (Takashi Iwai)
- ALSA: usb-audio: Fix microphone sound on HD webcam. (wangdicheng)
- KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (Sean Christopherson)
- media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda)
- jbd2: make jbd2_journal_get_max_txn_bufs() internal (Jan Kara)
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- wifi: mwifiex: Fix interface type change (Rafael Beims)
- selftests/landlock: Add cred_transfer test (Mickaël Salaün)
- io_uring: tighten task exit cancellations (Pavel Begunkov)
- ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964231] {CVE-2024-42304}
- ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964236] {CVE-2024-42305}
- m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati)
- udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964241] {CVE-2024-42306}
- task_work: Introduce task_work_cancel() again (Frederic Weisbecker)
- task_work: s/task_work_cancel()/task_work_cancel_func()/ (Frederic Weisbecker)
- apparmor: use kvfree_sensitive to free data->data (Fedor Pchelkin)
- sched/fair: Use all little CPUs for CPU-bound workloads (Pierre Gondois)
- drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964246] {CVE-2024-42308}
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964252] {CVE-2024-42309}
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964258] {CVE-2024-42310}
- ext2: Verify bitmap and itable block numbers before using them (Jan Kara)
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964264] {CVE-2024-42311}
- ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (Igor Pylypiv)
- media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964274] {CVE-2024-42313}
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Joe Hattori)
- fuse: verify {g,u}id mount options correctly (Eric Sandeen)
- sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks (Tejun Heo)
- ipv6: take care of scope when choosing the src addr (Nicolas Dichtel)
- af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du)
- net: netconsole: Disable target before netpoll cleanup (Breno Leitao)
- tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao)
- dt-bindings: thermal: correct thermal zone node name limit (Krzysztof Kozlowski)
- mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer (Tetsuo Handa)
- mm/hugetlb: fix possible recursive locking detected warning (Miaohe Lin)
- landlock: Don't lose track of restrictions on cred_transfer (Jann Horn) [Orabug: 36964283] {CVE-2024-42318}
- fs/ntfs3: Missed error return (Konstantin Komarov)
- rtc: interface: Add RTC offset to alarm after fix-up (Csókás, Bence)
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi)
- fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP (David Hildenbrand)
- fs/ntfs3: Fix field-spanning write in INDEX_HDR (Konstantin Komarov)
- fs/ntfs3: Replace inode_trylock with inode_lock (Konstantin Komarov)
- pinctrl: freescale: mxs: Fix refcount of child (Peng Fan)
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-König)
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: rockchip: update rk3308 iomux routes (Dmitry Yashin)
- fs/ntfs3: Fix getting file type (Konstantin Komarov)
- fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting (Konstantin Komarov)
- fs/ntfs3: Fix transform resident to nonresident for compressed files (Konstantin Komarov)
- fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT (Konstantin Komarov)
- fs/ntfs3: Use ALIGN kernel macro (Konstantin Komarov)
- net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports (Martin Willi)
- net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports (Martin Willi)
- netfilter: nf_set_pipapo: fix initial map fill (Florian Westphal)
- netfilter: nft_set_pipapo: constify lookup fn args where possible (Florian Westphal)
- netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013754] {CVE-2024-44944}
- bnxt_re: Fix imm_data endianness (Jack Wang)
- RDMA/hns: Fix insufficient extend DB for VFs. (Chengchang Tang)
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (Chengchang Tang)
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (Chengchang Tang)
- macintosh/therm_windtunnel: fix module unload. (Nick Bowler)
- powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman)
- net: missing check virtio (Denis Arefev) [Orabug: 36964424] {CVE-2024-43817}
- vhost/vsock: always initialize seqpacket_allow (Michael S. Tsirkin) [Orabug: 36983999] {CVE-2024-43873}
- PCI: endpoint: Clean up error handling in vpci_scan_bus() (Dan Carpenter) [Orabug: 36984004] {CVE-2024-43875}
- Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov)
- RDMA/device: Return error earlier if port in not valid (Leon Romanovsky)
- mtd: make mtd_test.c a separate module (Arnd Bergmann)
- ASoC: max98088: Check for clk_prepare_enable() error (Chen Ni)
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI)
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky)
- RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky)
- Input: qt1050 - handle CHIP_ID reading error (Andrei Lalaev)
- RDMA/cache: Release GID table even if leak is detected (Leon Romanovsky)
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (Chiara Meiohas)
- coresight: Fix ref leak when of_coresight_parse_endpoint() fails (James Clark)
- clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (Taniya Das)
- clk: qcom: branch: Add helper functions for setting retain bits (Konrad Dybcio)
- PCI: Fix resource double counting on remove & rescan (Ilpo Järvinen)
- SUNRPC: Fixup gss_status tracepoint error output (Benjamin Coddington)
- sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson)
- ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara)
- ext4: don't track ranges in fast_commit if inode has inlined data (Luis Henriques (SUSE))
- ext4: return early for non-eligible fast_commit track events (Ritesh Harjani)
- NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (Olga Kornievskaia)
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server. (NeilBrown)
- xprtrdma: Fix rpcrdma_reqs_reset() (Chuck Lever)
- mfd: omap-usb-tll: Use struct_size to allocate tll (Javier Carrasco)
- mfd: rsmu: Split core code into separate module (Arnd Bergmann)
- perf intel-pt: Fix exclude_guest setting (Adrian Hunter)
- perf intel-pt: Fix aux_watermark calculation for 64-bit size (Adrian Hunter)
- media: venus: flush all buffers in output plane streamoff (Dikshita Agarwal)
- ext4: fix infinite loop when replaying fast_commit (Luis Henriques (SUSE))
- Revert "leds: led-core: Fix refcount leak in of_led_get()" (Luca Ceresoli)
- drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964455] {CVE-2024-43829}
- drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach)
- perf report: Fix condition in sort__sym_cmp() (Namhyung Kim)
- leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug: 36964458] {CVE-2024-43830}
- drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (Hsiao Chien Sung)
- drm/mediatek: Add missing plane settings when async update (Hsiao Chien Sung)
- media: renesas: vsp1: Store RPF partition configuration per RPF instance (Laurent Pinchart)
- media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart)
- media: uvcvideo: Override default flags (Daniel Schaefer)
- saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov)
- media: i2c: Fix imx412 exposure control (Bryan O'Donoghue)
- media: imon: Fix race getting ictx->lock (Ricardo Ribalda)
- media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (Zheng Yejian)
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (Douglas Anderson)
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (Douglas Anderson)
- drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (Friedrich Vock)
- drm/amd/pm: Fix aldebaran pcie speed reporting (Lijo Lazar)
- xdp: fix invalid wait context of page_pool_destroy() (Taehee Yoo) [Orabug: 36964469] {CVE-2024-43834}
- selftests: forwarding: devlink_lib: Wait for udev events after reloading (Amit Cohen)
- bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o (Alan Maguire)
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964479] {CVE-2024-43839}
- bpf: annotate BTF show functions with __printf (Alan Maguire)
- selftests/bpf: Close fd in error path in drop_on_reuseport (Geliang Tang)
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (John Stultz)
- wifi: virt_wifi: don't use strlen() in const context (Johannes Berg)
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (Gaosheng Cui)
- wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964486] {CVE-2024-43841}
- perf: Fix default aux_watermark calculation (Adrian Hunter)
- perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter)
- perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter)
- perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (Adrian Hunter)
- netfilter: nf_tables: rise cap on SELinux secmark context (Pablo Neira Ayuso)
- libbpf: Checking the btf_type kind when fixing variable offsets (Donglin Peng)
- net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csókás, Bence)
- net: fec: Refactor: #define magic constants (Csókás Bence)
- wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug: 36984009] {CVE-2024-43879}
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (Baochen Qiang)
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (Baochen Qiang)
- mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors (Ido Schimmel)
- mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984012] {CVE-2024-43880}
- lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964494] {CVE-2024-43846}
- selftests/bpf: Check length of recv in test_sockmap (Geliang Tang)
- net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined (Guangguan Wang)
- tcp: fix races in tcp_v[46]_err() (Eric Dumazet)
- tcp: fix race in tcp_write_err() (Eric Dumazet)
- tcp: add tcp_done_with_error() helper (Eric Dumazet)
- tcp: annotate lockless access to sk->sk_err (Eric Dumazet)
- tcp: annotate lockless accesses to sk->sk_err_soft (Eric Dumazet)
- net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP (Hagar Hemdan)
- selftests/bpf: Fix prog numbers in test_sockmap (Geliang Tang)
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda)
- firmware: turris-mox-rwtm: Initialize completion before mailbox (Marek Behún)
- firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (Marek Behún)
- firmware: turris-mox-rwtm: Do not complete if there are no waiters (Marek Behún)
- vmlinux.lds.h: catch .bss..L* sections into BSS") (Christophe Leroy)
- ARM: spitz: fix GPIO assignment for backlight (Dmitry Torokhov)
- ARM: pxa: spitz: use gpio descriptors for audio (Arnd Bergmann)
- m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum)
- x86/xen: Convert comma to semicolon (Chen Ni)
- m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen)
- arm64: dts: amlogic: gx: correct hdmi clocks (Jerome Brunet)
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 (Chen-Yu Tsai)
- arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux (Rafał Miłecki)
- arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property (Chen-Yu Tsai)
- ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity (Michael Walle)
- ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects (Michael Walle)
- ARM: dts: imx6qdl-kontron-samx6i: fix board reset (Michael Walle)
- ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset (Michael Walle)
- ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node (Marco Felsch)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman)
- soc: qcom: pdr: fix parsing of domains lists (Dmitry Baryshkov)
- soc: qcom: pdr: protect locator_addr with the main mutex (Dmitry Baryshkov) [Orabug: 36964502] {CVE-2024-43849}
- memory: fsl_ifc: Make FSL_IFC config visible and selectable (Esben Haabendal)
- arm64: dts: qcom: msm8996: specify UFS core_clk frequencies (Dmitry Baryshkov)
- soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers (Stephen Boyd)
- arm64: dts: qcom: sm8250: add power-domain to UFS PHY (Dmitry Baryshkov)
- arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings (Dmitry Baryshkov)
- arm64: dts: qcom: sdm845: add power-domain to UFS PHY (Dmitry Baryshkov)
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck)
- hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck)
- drm/meson: fix canvas release in bind function (Yao Zi)
- pwm: stm32: Always do lazy disabling (Uwe Kleine-König)
- hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung)
- x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Järvinen)
- x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Järvinen)
- x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Järvinen)
- hfsplus: fix to avoid false alarm of circular locking (Chao Yu)
- block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964514] {CVE-2024-43854}
- block: cleanup bio_integrity_prep (Jinyoung Choi)
- block: refactor to use helper (Nitesh Shetty)
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih)
- f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964212] {CVE-2024-42297}
- f2fs: fix return value of f2fs_convert_inline_inode() (Chao Yu) [Orabug: 36964207] {CVE-2024-42296}
- LTS version: v5.15.164 (Vijayendra Suman)
- tap: add missing verification for short frame (Si-Wei Liu) [Orabug: 36879156] {CVE-2024-41090}
- tun: add missing verification for short frame (Dongli Zhang) [Orabug: 36879156] {CVE-2024-41091}
- wifi: rt2x00: use explicitly signed or unsigned types (Jason A. Donenfeld)
- filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36874755] {CVE-2024-41012} {CVE-2024-41020}
- ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused (Shengjiu Wang)
- arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB (Krishna Kurapati)
- arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB (Krishna Kurapati)
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (Seunghun Han)
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (Edson Juliano Drosdeck)
- fs/ntfs3: Validate ff offset (lei lu) [Orabug: 36891672] {CVE-2024-41019}
- jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891666] {CVE-2024-41017}
- ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891654] {CVE-2024-41015}
- Add gitignore file for samples/fanotify/ subdirectory (Linus Torvalds)
- docs: Fix formatting of literal sections in fanotify docs (Gabriel Krisman Bertazi)
- samples: Make fs-monitor depend on libc and headers (Gabriel Krisman Bertazi)
- samples: Add fs error monitoring example (Gabriel Krisman Bertazi)
- wifi: mac80211: disable softirqs for queued frame handling (Johannes Berg)
- mm/damon/core: merge regions aggressively when max_nr_regions is unmet (SeongJae Park)
- minmax: relax check to allow comparison between unsigned arguments and signed constants (David Laight)
- minmax: allow comparisons of 'int' against 'unsigned char/short' (David Laight)
- minmax: allow min()/max()/clamp() if the arguments have the same signedness. (David Laight)
- minmax: fix header inclusions (Andy Shevchenko)
- minmax: clamp more efficiently by avoiding extra comparison (Jason A. Donenfeld)
- minmax: sanity check constant bounds when clamping (Jason A. Donenfeld)
- tracing: Define the is_signed_type() macro once (Bart Van Assche)
- spi: mux: set ctlr->bits_per_word_mask (David Lechner)
- hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896968] {CVE-2024-41059}
- selftests/vDSO: fix clang build errors and warnings (John Hubbard)
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-König)
- riscv: stacktrace: fix usage of ftrace_graph_ret_addr() (Puranjay Mohan)
- fs: better handle deep ancestor chains in is_subdir() (Christian Brauner)
- drm/radeon: check bo_va->bo is non-NULL before using it (Pierre-Eric Pelloux-Prayer) [Orabug: 36896974] {CVE-2024-41060}
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896993] {CVE-2024-41063}
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (Xingui Yang)
- powerpc/eeh: avoid possible crash when edev->pdev changes (Ganesh Goudar) [Orabug: 36897001] {CVE-2024-41064}
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897008] {CVE-2024-41065}
- net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang)
- net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas)
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang)
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (Aivaz Latypov)
- btrfs: qgroup: fix quota root leak after quota disable failure (Filipe Manana) [Orabug: 36897343] {CVE-2024-41078}
- platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (Armin Wolf)
- platform/x86: lg-laptop: Change ACPI device id (Armin Wolf)
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (Armin Wolf)
- platform/x86: wireless-hotkey: Add support for LG Airplane Button (Armin Wolf)
- s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897031] {CVE-2024-41068}
- can: kvaser_usb: fix return value for hif_usb_send_regout (Chen Ni)
- ASoC: ti: omap-hdmi: Fix too long driver name (Primoz Fiser)
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config (Jai Luthra)
- ALSA: dmaengine: Synchronize dma channel after drop() (Jai Luthra)
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium (Thomas GENTY)
- Input: i8042 - add Ayaneo Kun to i8042 quirk table (Tobias Jakobi)
- Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose)
- mips: fix compat_sys_lseek syscall (Arnd Bergmann)
- ALSA: hda/realtek: Add more codec ID to no shutup pins list (Kailang Yang)
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (Alexey Makhalov)
- KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug: 36897047] {CVE-2024-41070}
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897311] {CVE-2024-41072}
- nvme: avoid double free special payload (Chunguang Xu) [Orabug: 36897316] {CVE-2024-41073}
- mei: demote client disconnect warning on suspend to debug (Alexander Usyskin)
- fs/file: fix the check in find_next_fd() (Yuntao Wang)
- kconfig: remove wrong expr_trans_bool() (Masahiro Yamada)
- kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada)
- null_blk: fix validation of block size (Andreas Hindborg) [Orabug: 36897338] {CVE-2024-41077}
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (Wei Li)
- ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897359] {CVE-2024-41081}
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (Eric Dumazet)
- Input: silead - Always support 10 fingers (Hans de Goede)
- selftests/openat2: Fix build warnings on ppc64 (Michael Ellerman)
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov)
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (Ayala Beker)
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (Yedidya Benshimol)
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (Yedidya Benshimol)
- wifi: mac80211: handle tasklet frames before stopping (Johannes Berg)
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande)
- tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (Dhananjay Ugwekar)
- ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf)
- ACPI: EC: Abort address space access upon error (Armin Wolf)
- scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap)
- scsi: qedf: Wait for stag work during unload (Saurav Kashyap)
- scsi: qedf: Don't process stag work during unload and recovery (Saurav Kashyap)
- scsi: core: alua: I/O errors for ALUA state transitions (Martin Wilck)
- scsi: core: Fix a use-after-free (Bart Van Assche)
- bpf: Fix overrunning reservations in ringbuf (Daniel Borkmann) [Orabug: 36850238] {CVE-2024-41009}
- ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu)
- ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada)
- filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874755] {CVE-2024-41012} {CVE-2024-41020}
- gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook)

[5.15.0-302.163.3.el9uek]
- uek-rpm: T93: Enable CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER (Thomas Tai) [Orabug: 37174880]
- mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37174198] {CVE-2024-47674}
- rds/ib: Count memory consumed by rds_page_frag (Hans Westgaard Ry) [Orabug: 37162157]
- uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME properly in embedded kernels (Dave Kleikamp) [Orabug: 37160327]
- fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156522]
- Revert "Documentation/admin-guide/acpi: Move information out of shell script comments" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic-v3: Move partition_create_desc() work to a helper" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic: Collect GIC_IRQ_TYPE definitions into one place" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / irq: Allow a compile-time arg0 for acpi_register_gsi()'s fwspec" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic, gic-v3: Translate fwspec for DT and ACPI systems in the same way" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Provide a helper to walk processor containers" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Add a helper to build a cpumask from a cpu_node" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic-v3: Print DT partitions in the same way as APCI" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic-v3: Build PPI partitions on ACPI systems" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic-v3: select and translate the partition domain" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / irq: Add acpi_register_partitioned_percpu_gsi()" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Find PPTT cache level by ID" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Add a helper to fill a cpumask from a processor container" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Add a helper to fill a cpumask from a cache_id" (Dave Kleikamp) [Orabug: 37144820]
- Revert "drivers: base: cacheinfo: Check per_cpu_cacheinfo() is allocated" (Dave Kleikamp) [Orabug: 37144820]
- Revert "drivers: base: cacheinfo: Add helper to find the cache size from cpu+level" (Dave Kleikamp) [Orabug: 37144820]
- Revert "cacheinfo: Allow for >32-bit cache 'id'" (Dave Kleikamp) [Orabug: 37144820]
- Revert "cacheinfo: Set cache 'id' based on DT data" (Dave Kleikamp) [Orabug: 37144820]
- Revert "cacheinfo: Expose the code to generate a cache-id from a device_node" (Dave Kleikamp) [Orabug: 37144820]
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (Kim Phillips) [Orabug: 37126702]
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (Kim Phillips) [Orabug: 37126702]
- x86/cpu, kvm: Add the Null Selector Clears Base feature (Kim Phillips) [Orabug: 37126702]
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (Kim Phillips) [Orabug: 37126702]
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (Kim Phillips) [Orabug: 37126702]
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (Kim Phillips) [Orabug: 37126702]
- KVM: x86: Advertise that the SMM_CTL MSR is not supported (Jim Mattson) [Orabug: 37126702]
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (Paolo Bonzini) [Orabug: 37126702]
- KVM: x86: skip host CPUID call for hypervisor leaves (Paolo Bonzini) [Orabug: 37126702]
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 37126702]
- amd_hsmp: Update PwrEfficiencyModeSelection message (Suma Hegde) [Orabug: 37123833]
- amd_hsmp: Add support for new error codes returned from firmware (Suma Hegde) [Orabug: 37123833]
- amd_hsmp: Add new HSMP messages of protocol version 7 (Suma Hegde) [Orabug: 37123833]
- IB/mlx5: Fix mlx5_ib_get_vector_irqn() after dynamic IRQ allocation change (Gerd Rausch) [Orabug: 37069671]
- arm64: kdump: increase crashkernel reservation size for crashkernel=auto (Brian Maly) [Orabug: 36949800]
- rds: Support rds-pings with payload (Håkon Bugge) [Orabug: 36847470]
- mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin) [Orabug: 36683092] {CVE-2024-36028}
- mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled (Miaohe Lin) [Orabug: 36597930] {CVE-2024-26987}

[5.15.0-302.163.2.el9uek]
- uek: kabi: Introduce APIs to hide/fake inclusion of headers (Saeed Mirzamohammadi) [Orabug: 37144803]
- uek-rpm: Enable config for Mediatek mt7915E wireless driver (Saeed Mirzamohammadi) [Orabug: 37123534]
- uek-rpm: Update the x86 kABI files for new symbol (Yifei Liu) [Orabug: 37108651]
- KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (Sean Christopherson) [Orabug: 36809298] {CVE-2024-39483}
- net: bridge: xmit: make sure we have at least eth header len bytes (Nikolay Aleksandrov) [Orabug: 36753371] {CVE-2024-38538}
- net: add pskb_may_pull_reason() helper (Eric Dumazet) [Orabug: 36753371] {CVE-2024-38538}

[5.15.0-302.163.1.el9uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37035557] {CVE-2024-49863}
- kpcimgr: Add dynamic memory region allocation feature (Joe Dobosenski) [Orabug: 36983477]



ELSA-2024-9051 Important: Oracle Linux 9 podman security update


Oracle Linux Security Advisory ELSA-2024-9051

http://linux.oracle.com/errata/ELSA-2024-9051.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
podman-4.9.4-16.0.1.el9_4.x86_64.rpm
podman-docker-4.9.4-16.0.1.el9_4.noarch.rpm
podman-plugins-4.9.4-16.0.1.el9_4.x86_64.rpm
podman-remote-4.9.4-16.0.1.el9_4.x86_64.rpm
podman-tests-4.9.4-16.0.1.el9_4.x86_64.rpm

aarch64:
podman-4.9.4-16.0.1.el9_4.aarch64.rpm
podman-docker-4.9.4-16.0.1.el9_4.noarch.rpm
podman-plugins-4.9.4-16.0.1.el9_4.aarch64.rpm
podman-remote-4.9.4-16.0.1.el9_4.aarch64.rpm
podman-tests-4.9.4-16.0.1.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//podman-4.9.4-16.0.1.el9_4.src.rpm

Related CVEs:

CVE-2024-9407
CVE-2024-9675
CVE-2024-9676

Description of changes:

[4.9.4-16.0.1]
- Fixes issue of podman execvp error while using podmansh [Orabug: 36073625]
- Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655]
- Add devices on container startup, not on creation
- Backport fast gzip for compression [Orabug: 36420418]
- overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]
- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404]

[4:4.9.4-16]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/70e4d02)
- Resolves: RHEL-65451

[4:4.9.4-15]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/1866072)
- Resolves: RHEL-61868

[4:4.9.4-14]
- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel
( https://github.com/containers/podman/commit/235a22c)
- Resolves: RHEL-61154



ELSA-2024-12815 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12815

http://linux.oracle.com/errata/ELSA-2024-12815.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-302.167.6.el8uek.x86_64.rpm
kernel-uek-5.15.0-302.167.6.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-302.167.6.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-302.167.6.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-302.167.6.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-302.167.6.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-302.167.6.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-302.167.6.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-302.167.6.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-302.167.6.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-302.167.6.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-302.167.6.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-302.167.6.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-302.167.6.el8uek.x86_64.rpm

aarch64:
bpftool-5.15.0-302.167.6.el8uek.aarch64.rpm
kernel-uek-5.15.0-302.167.6.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-302.167.6.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-302.167.6.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-302.167.6.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-302.167.6.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-302.167.6.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-302.167.6.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-302.167.6.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-302.167.6.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-302.167.6.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-302.167.6.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-302.167.6.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-302.167.6.el8uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.15.0-302.167.6.el8uek.src.rpm

Related CVEs:

CVE-2023-31083
CVE-2023-52450
CVE-2024-26585
CVE-2024-26987
CVE-2024-36028
CVE-2024-38538
CVE-2024-38577
CVE-2024-39472
CVE-2024-39483
CVE-2024-41009
CVE-2024-41011
CVE-2024-41012
CVE-2024-41015
CVE-2024-41017
CVE-2024-41019
CVE-2024-41020
CVE-2024-41042
CVE-2024-41059
CVE-2024-41060
CVE-2024-41063
CVE-2024-41064
CVE-2024-41065
CVE-2024-41068
CVE-2024-41070
CVE-2024-41072
CVE-2024-41073
CVE-2024-41077
CVE-2024-41078
CVE-2024-41081
CVE-2024-41090
CVE-2024-41091
CVE-2024-41098
CVE-2024-42114
CVE-2024-42126
CVE-2024-42228
CVE-2024-42259
CVE-2024-42265
CVE-2024-42267
CVE-2024-42271
CVE-2024-42276
CVE-2024-42277
CVE-2024-42280
CVE-2024-42281
CVE-2024-42283
CVE-2024-42284
CVE-2024-42285
CVE-2024-42290
CVE-2024-42291
CVE-2024-42292
CVE-2024-42295
CVE-2024-42296
CVE-2024-42297
CVE-2024-42299
CVE-2024-42301
CVE-2024-42302
CVE-2024-42304
CVE-2024-42305
CVE-2024-42306
CVE-2024-42308
CVE-2024-42309
CVE-2024-42310
CVE-2024-42311
CVE-2024-42312
CVE-2024-42313
CVE-2024-42318
CVE-2024-43817
CVE-2024-43821
CVE-2024-43829
CVE-2024-43830
CVE-2024-43834
CVE-2024-43835
CVE-2024-43839
CVE-2024-43841
CVE-2024-43846
CVE-2024-43849
CVE-2024-43853
CVE-2024-43854
CVE-2024-43856
CVE-2024-43858
CVE-2024-43860
CVE-2024-43861
CVE-2024-43863
CVE-2024-43867
CVE-2024-43870
CVE-2024-43871
CVE-2024-43873
CVE-2024-43875
CVE-2024-43879
CVE-2024-43880
CVE-2024-43882
CVE-2024-43883
CVE-2024-43884
CVE-2024-43885
CVE-2024-43889
CVE-2024-43890
CVE-2024-43892
CVE-2024-43893
CVE-2024-43894
CVE-2024-43897
CVE-2024-43902
CVE-2024-43905
CVE-2024-43907
CVE-2024-43908
CVE-2024-43909
CVE-2024-43914
CVE-2024-44934
CVE-2024-44935
CVE-2024-44944
CVE-2024-44946
CVE-2024-44947
CVE-2024-44948
CVE-2024-44954
CVE-2024-44958
CVE-2024-44960
CVE-2024-44965
CVE-2024-44966
CVE-2024-44968
CVE-2024-44969
CVE-2024-44971
CVE-2024-44982
CVE-2024-44983
CVE-2024-44985
CVE-2024-44986
CVE-2024-44987
CVE-2024-44988
CVE-2024-44989
CVE-2024-44990
CVE-2024-44995
CVE-2024-44998
CVE-2024-44999
CVE-2024-45003
CVE-2024-45006
CVE-2024-45007
CVE-2024-45008
CVE-2024-45011
CVE-2024-45016
CVE-2024-45018
CVE-2024-45021
CVE-2024-45025
CVE-2024-45026
CVE-2024-45028
CVE-2024-46673
CVE-2024-46674
CVE-2024-46675
CVE-2024-46676
CVE-2024-46677
CVE-2024-46679
CVE-2024-46685
CVE-2024-46702
CVE-2024-46707
CVE-2024-46713
CVE-2024-46714
CVE-2024-46719
CVE-2024-46721
CVE-2024-46722
CVE-2024-46723
CVE-2024-46724
CVE-2024-46725
CVE-2024-46731
CVE-2024-46732
CVE-2024-46734
CVE-2024-46737
CVE-2024-46739
CVE-2024-46740
CVE-2024-46743
CVE-2024-46744
CVE-2024-46745
CVE-2024-46746
CVE-2024-46747
CVE-2024-46750
CVE-2024-46752
CVE-2024-46755
CVE-2024-46756
CVE-2024-46757
CVE-2024-46758
CVE-2024-46759
CVE-2024-46761
CVE-2024-46763
CVE-2024-46771
CVE-2024-46777
CVE-2024-46780
CVE-2024-46781
CVE-2024-46782
CVE-2024-46783
CVE-2024-46791
CVE-2024-46795
CVE-2024-46798
CVE-2024-46800
CVE-2024-46804
CVE-2024-46805
CVE-2024-46807
CVE-2024-46810
CVE-2024-46814
CVE-2024-46815
CVE-2024-46817
CVE-2024-46818
CVE-2024-46819
CVE-2024-46822
CVE-2024-46828
CVE-2024-46829
CVE-2024-46832
CVE-2024-46839
CVE-2024-46840
CVE-2024-46844
CVE-2024-47663
CVE-2024-47665
CVE-2024-47667
CVE-2024-47668
CVE-2024-47669
CVE-2024-47674
CVE-2024-49863

Description of changes:

[5.15.0-302.167.6.el8uek]
- ice: Add a per-VF limit on number of FDIR filters (Ahmed Zaki) [Orabug: 36964088] {CVE-2024-42291}
- scsi: lpfc: Fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36964437] {CVE-2024-43821}
- power: reset: pwr-mlxbf: support graceful shutdown (Asmaa Mnebhi) [Orabug: 37208029]
- gpio: mlxbf3: Support shutdown() function (Asmaa Mnebhi) [Orabug: 37208029]
- sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() (Liming Sun) [Orabug: 37208029]
- ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199019]
- Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna) [Orabug: 37199019]

[5.15.0-302.167.5.el8uek]
- mm/hugetlb: fix adjusting poison page flag in non-HVO scenario (Jane Chu) [Orabug: 37182268]
- x86/bugs: Adjust SRSO mitigation to new features (Boris Ostrovsky) [Orabug: 37145844]
- net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37093170]
- NFS: remove revoked delegation from server's delegation list (Dai Ngo) [Orabug: 36990366]
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882937] {CVE-2023-52450}

[5.15.0-302.167.4.el8uek]
- LTS version: v5.15.167 (Vijayendra Suman)
- udp: fix receiving fraglist GSO packets (Felix Fietkau)
- memcg: protect concurrent access to mem_cgroup_idr (Shakeel Butt) [Orabug: 36993003] {CVE-2024-43892}
- btrfs: fix race between direct IO write and fsync when using same fd (Filipe Manana) [Orabug: 37195092] {CVE-2024-46734}
- net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Daniel Borkmann)
- x86/mm: Fix PTI for i386 some more (Thomas Gleixner)
- net: drop bad gso csum_start and offset in virtio_net_hdr (Willem de Bruijn) [Orabug: 37195028] {CVE-2024-43897}
- gso: fix dodgy bit handling for GSO_UDP_L4 (Yan Zhai)
- net: change maximum number of UDP segments to 128 (Yuri Benditovich)
- net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation (Willem de Bruijn)
- gpio: rockchip: fix OF node leak in probe() (Krzysztof Kozlowski)
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko)
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (Andy Shevchenko)
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (Matteo Martelli)
- nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074464] {CVE-2024-46737}
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug: 37116411] {CVE-2024-46822}
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (James Morse)
- ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron)
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron)
- workqueue: Improve scalability of workqueue watchdog touch (Nicholas Piggin) [Orabug: 37116487] {CVE-2024-46839}
- workqueue: wq_watchdog_touch is always called with valid CPU (Nicholas Piggin)
- nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074676] {CVE-2024-46780}
- nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang)
- ksmbd: Unlock on in ksmbd_tcp_set_interfaces() (Dan Carpenter)
- ksmbd: unset the binding mark of a reused connection (Namjae Jeon) [Orabug: 37074716] {CVE-2024-46795}
- perf/aux: Fix AUX buffer serialization (Peter Zijlstra) [Orabug: 37070802] {CVE-2024-46713}
- uprobes: Use kzalloc to allocate xol area (Sven Schnelle)
- clocksource/drivers/timer-of: Remove percpu irq related code (Daniel Lezcano)
- clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai)
- clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai)
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (Naman Jain)
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug: 37074472] {CVE-2024-46739}
- nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven)
- binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074476] {CVE-2024-46740}
- usb: dwc3: core: update LC timer as per USB Spec V3.2 (Faisal Hassan)
- iio: adc: ad7124: fix chip ID mismatch (Dumitru Ceclan)
- iio: adc: ad7124: fix config comparison (Dumitru Ceclan)
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (Matteo Martelli)
- iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner)
- staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug: 37159727] {CVE-2024-47663}
- cifs: Check the lease context if we actually got a lease (Ronnie Sahlberg)
- NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (Trond Myklebust)
- ata: pata_macio: Use WARN instead of BUG (Michael Ellerman)
- MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed (Jiaxun Yang) [Orabug: 37116454] {CVE-2024-46832}
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159756] {CVE-2024-47668}
- of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074487] {CVE-2024-46743}
- Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074494] {CVE-2024-46744}
- usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum)
- Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074502] {CVE-2024-46745}
- HID: amd_sfh: free driver_data after destroying hid device (Olivier Sobrie) [Orabug: 37074507] {CVE-2024-46746}
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074512] {CVE-2024-46747}
- s390/vmlinux.lds.S: Move ro_after_init section behind rodata section (Heiko Carstens)
- btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba)
- kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (Zenghui Yu)
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (Jarkko Nikula) [Orabug: 37159737] {CVE-2024-47665}
- net: dpaa: avoid on-stack arrays of NR_CPUS elements (Vladimir Oltean)
- PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074530] {CVE-2024-46750}
- riscv: set trap vector earlier (yang.zhang)
- btrfs: replace BUG_ON() with error handling at update_ref_for_cow() (Filipe Manana) [Orabug: 37074542] {CVE-2024-46752}
- btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116493] {CVE-2024-46840}
- btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik)
- fs/ntfs3: Check more cases when directory is corrupted (Konstantin Komarov)
- smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang)
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074560] {CVE-2024-46755}
- dma-mapping: benchmark: Don't starve others when doing the test (Yicong Yang)
- ext4: fix possible tid_t sequence overflows (Luis Henriques (SUSE))
- drm/amdgpu: Set no_hw_access when VF request full GPU fails (Yifan Zha)
- libbpf: Add NULL checks to bpf_object__{prev_map,next_map} (Andreas Ziegler)
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074565] {CVE-2024-46756}
- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074570] {CVE-2024-46757}
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074578] {CVE-2024-46758}
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074583] {CVE-2024-46759}
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074594] {CVE-2024-46761}
- devres: Initialize an uninitialized struct member (Zijun Hu)
- um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116517] {CVE-2024-46844}
- cgroup: Protect css->cgroup write under css_set_lock (Waiman Long)
- iommu/vt-d: Handle volatile descriptor status read (Jacob Pan)
- dm init: Handle minors larger than 255 (Benjamin Marzinski)
- ASoC: topology: Properly initialize soc_enum values (Amadeusz Sławiński)
- net: dsa: vsc73xx: fix possible subblocks range of CAPT block (Pawel Dembicki)
- net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN (Jonas Gorski)
- fou: Fix null-ptr-deref in GRO. (Kuniyuki Iwashima) [Orabug: 37074606] {CVE-2024-46763}
- gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers (Eric Dumazet)
- gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers (Eric Dumazet)
- bareudp: Fix device stats updates. (Guillaume Nault)
- usbnet: modern method to get random MAC (Oliver Neukum)
- net: usb: don't write directly to netdev->dev_addr (Jakub Kicinski)
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (Larysa Zaremba)
- igc: Unlock on error in igc_io_resume() (Dan Carpenter)
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074692] {CVE-2024-46783}
- platform/x86: dell-smbios: Fix error path in dell_smbios_init() (Aleksandr Mishin)
- igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li)
- can: m_can: Release irq on error in m_can_open (Simon Horman)
- can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074624] {CVE-2024-46771}
- drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (Marek Olšák)
- pcmcia: Use resource_size function on resource object (Jules Irenge)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni)
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (Kishon Vijay Abraham I) [Orabug: 37159749] {CVE-2024-47667}
- media: vivid: don't set HDMI TX controls if there are no HDMI outputs (Hans Verkuil)
- drm/amd/display: Check HDCP returned status (Alex Hung)
- usb: uas: set host status byte on data completion error (Shantanu Goel)
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel)
- leds: spi-byte: Call of_node_put() on error path (Andy Shevchenko)
- media: vivid: fix wrong sizeimage value for mplane (Hans Verkuil)
- udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074664] {CVE-2024-46777}
- netfilter: nf_conncount: fix wrong variable type (Yunjian Wang)
- iommu: sun50i: clear bypass register (Jernej Skrabec)
- af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima)
- irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali Rohár)
- smack: unix sockets: fix accept()ed socket label (Konstantin Andreev)
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai)
- mptcp: pm: send ACK on an active subflow (Matthieu Baerts (NGI0))
- mptcp: pr_debug: add missing
at the end (Matthieu Baerts (NGI0))
- mptcp: pm: skip connecting to already established sf (Matthieu Baerts (NGI0))
- mptcp: pm: do not remove already closed subflows (Matthieu Baerts (NGI0))
- mptcp: pm: ADD_ADDR 0 is not a new address (Matthieu Baerts (NGI0))
- mptcp: close subflow when receiving TCP+FIN (Matthieu Baerts (NGI0))
- mptcp: avoid duplicated SUB_CLOSED events (Matthieu Baerts (NGI0))
- mptcp: pm: avoid possible UaF when selecting endp (Matthieu Baerts (NGI0))
- mptcp: constify a bunch of of helpers (Paolo Abeni)
- mptcp: pm: fullmesh: select the right ID later (Matthieu Baerts (NGI0))
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (Matthieu Baerts (NGI0))
- mptcp: pm: only decrement add_addr_accepted for MPJ req (Matthieu Baerts (NGI0))
- mptcp: pm: re-using ID of unused flushed subflows (Matthieu Baerts (NGI0))
- nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159764] {CVE-2024-47669}
- nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074683] {CVE-2024-46781}
- sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke Høiland-Jørgensen) [Orabug: 37116442] {CVE-2024-46828}
- ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074688] {CVE-2024-46782}
- tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian)
- can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (Simon Arlott) [Orabug: 37074711] {CVE-2024-46791}
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (Satya Priya Kakitapalli)
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (Satya Priya Kakitapalli)
- fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn)
- fuse: update stats for pages in dropped aux writeback list (Joanne Koong)
- mmc: cqhci: Fix checking of CQHCI_HALT state (Seunghwan Baek)
- mmc: sdhci-of-aspeed: fix module autoloading (Liao Chen)
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko)
- Bluetooth: MGMT: Ignore keys being loaded with invalid type (Luiz Augusto von Dentz)
- Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" (Luiz Augusto von Dentz)
- nvme-pci: Add sleep quirk for Samsung 990 Evo (Georg Gottleuber)
- rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116445] {CVE-2024-46829}
- irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() (Ma Ke)
- ata: libata: Fix memory leak for error path in ata_host_alloc() (Zheng Qixing)
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (Maximilien Perreault)
- ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (Terry Cheong)
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg)
- KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing (Ravi Bangoria)
- KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (Maxim Levitsky)
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin) [Orabug: 37074721] {CVE-2024-46798}
- sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074725] {CVE-2024-46800}
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (Richard Fitzgerald)
- ext4: handle redirtying in ext4_bio_write_page() (Jan Kara)
- udf: Limit file size to 4TB (Jan Kara)
- ext4: reject casefold inode flag without casefold feature (Eric Biggers)
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (Nikita Kiryushin) [Orabug: 36753533] {CVE-2024-38577}
- virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964473] {CVE-2024-43835}
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (Bob Zhou) [Orabug: 36993065] {CVE-2024-43905}
- media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda)
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073031] {CVE-2024-46714}
- block: remove the blk_flush_integrity call in blk_integrity_unregister (Christoph Hellwig)
- wifi: cfg80211: make hash table duplicates more survivable (Johannes Berg)
- drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (Marek Vasut) [Orabug: 37116336] {CVE-2024-46810}
- drm/meson: plane: Add error handling (Haoran Liu)
- smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler)
- usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073064] {CVE-2024-46719}
- usbip: Don't submit special requests twice (Simon Holesch)
- rcu/nocb: Remove buggy bypass lock contention mitigation (Frederic Weisbecker)
- ionic: fix potential irq name truncation (Shannon Nelson)
- RDMA/efa: Properly handle unexpected AQ completions (Michael Margolin)
- hwspinlock: Introduce hwspin_lock_bust() (Richard Maina)
- PCI: al: Check IORESOURCE_BUS existence during probe (Aleksandr Mishin)
- cpufreq: scmi: Avoid overflow of target_freq in fast switch (Jagadeesh Kona)
- wifi: iwlwifi: remove fw_running op (Shahar S Matityahu)
- drm/amdgpu: update type of buf size to u32 for eeprom functions (Tao Zhou)
- drm/amd/pm: check negtive return for table entries (Jesse Zhang)
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (Jesse Zhang) [Orabug: 37116393] {CVE-2024-46819}
- drm/amd/pm: check specific index for aldebaran (Jesse Zhang)
- drm/amdgpu: fix the waring dereferencing hive (Jesse Zhang) [Orabug: 37116300] {CVE-2024-46805}
- drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (Ma Jun)
- apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073077] {CVE-2024-46721}
- drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (Michael Chen)
- drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073082] {CVE-2024-46722}
- drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073087] {CVE-2024-46723}
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (Ma Jun) [Orabug: 37073093] {CVE-2024-46724}
- drm/amdgpu: Fix out-of-bounds write warning (Ma Jun) [Orabug: 37073098] {CVE-2024-46725}
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (Ma Jun)
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (Ma Jun)
- drm/amd/amdgpu: Check tbo resource pointer (Asad Kamal) [Orabug: 37116315] {CVE-2024-46807}
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (Hersen Wu)
- drm/amd/display: Check msg_id before processing transcation (Alex Hung) [Orabug: 37116360] {CVE-2024-46814}
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116365] {CVE-2024-46815}
- drm/amd/display: Add array index check for hdcp ddc access (Hersen Wu) [Orabug: 37116295] {CVE-2024-46804}
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug: 37116375] {CVE-2024-46817}
- drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116384] {CVE-2024-46818}
- drm/amdgpu: avoid reading vf2pf info size from FB (Zhigang Luo)
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (Tim Huang)
- drm/amdgpu: fix uninitialized scalar variable warning (Tim Huang)
- drm/amd/pm: fix the Out-of-bounds read warning (Jesse Zhang) [Orabug: 37073129] {CVE-2024-46731}
- drm/amd/pm: fix warning using uninitialized value of max_vid_step (Jesse Zhang)
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (Tim Huang)
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (Ma Jun)
- drm/amdgpu: fix overflowed array index read warning (Tim Huang)
- drm/amd/display: Assign linear_pitch_alignment even for VM (Alvin Lee) [Orabug: 37073135] {CVE-2024-46732}
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun)
- net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian)
- dma-debug: avoid deadlock between dma debug vs printk and netconsole (Rik van Riel)
- i2c: Fix conditional for substituting empty ACPI functions (Richard Fitzgerald)
- ALSA: hda/conexant: Mute speakers at suspend / shutdown (Takashi Iwai)
- ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (Takashi Iwai)
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (Philip Mueller)
- LTS version: v5.15.166 (Vijayendra Suman)
- apparmor: fix policy_unpack_test on big endian systems (Guenter Roeck)
- scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070699] {CVE-2024-46673}
- igc: Fix qbv tx latency by setting gtxoffset (Faizal Rahim)
- igc: Fix reset adapter logics when tx mode change (Faizal Rahim)
- phy: zynqmp: Enable reference clock correctly (Sean Anderson)
- usb: cdnsp: fix for Link TRB with TC (Pawel Laszczak)
- usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (Pawel Laszczak)
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu)
- usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski)
- usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070704] {CVE-2024-46674}
- usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070709] {CVE-2024-46675}
- usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski)
- USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian)
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray)
- soc: qcom: cmd-db: Map shared memory as WC, not WB (Volodymyr Babchuk)
- nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070716] {CVE-2024-46676}
- net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet)
- gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070721] {CVE-2024-46677}
- ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070727] {CVE-2024-46679}
- dmaengine: dw: Add memory bus width verification (Serge Semin)
- dmaengine: dw: Add peripheral bus width verification (Serge Semin)
- phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume (Piyush Mehta)
- phy: xilinx: phy-zynqmp: dynamic clock support for power-save (Piyush Mehta)
- phy: xilinx: add runtime PM support (Piyush Mehta)
- PM: runtime: Add DEFINE_RUNTIME_DEV_PM_OPS() macro (Paul Cercueil)
- PM: core: Add EXPORT[_GPL]_SIMPLE_DEV_PM_OPS macros (Paul Cercueil)
- PM: core: Remove DEFINE_UNIVERSAL_DEV_PM_OPS() macro (Paul Cercueil)
- soundwire: stream: fix programming slave ports for non-continous port maps (Krzysztof Kozlowski)
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964509] {CVE-2024-43853}
- ata: libata-core: Fix null pointer dereference on error (Niklas Cassel) [Orabug: 36897456] {CVE-2024-41098}
- drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867630] {CVE-2024-41011}
- Revert "MIPS: Loongson64: reset: Prioritise firmware service" (Greg Kroah-Hartman)
- mptcp: sched: check both backup in retrans (Matthieu Baerts (NGI0))
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (Haiyang Zhang)
- wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer)
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070743] {CVE-2024-46685}
- pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (Huang-Huang Bao)
- btrfs: run delayed iputs when flushing delalloc (Josef Bacik)
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898008] {CVE-2024-42228}
(Alexander Lobakin)
- Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029136] {CVE-2024-45008}
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 35358656] {CVE-2023-31083}
- mm/numa: no task_numa_fault() call if PTE is changed (Zi Yan)
- mm/numa: no task_numa_fault() call if PMD is changed (Zi Yan)
- ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai)
- hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (Javier Carrasco)
- Revert "drm/amd/display: Validate hw_points_num before using it" (Alex Hung)
- mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten)
- KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (Marc Zyngier) [Orabug: 37070792] {CVE-2024-46707}
- cxgb4: add forgotten u64 ivlan cast before shift (Nikolay Kuratov)
- HID: microsoft: Add rumble support to latest xbox controllers (Siarhei Vishniakou)
- HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke)
- MIPS: Loongson64: Set timer mode in cpu-probe (Jiaxun Yang)
- scsi: core: Fix the return value of scsi_logical_block_count() (Chaotian Jing)
- Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992975] {CVE-2024-43884}
- mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070690] {CVE-2024-45028}
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (Dmitry Baryshkov) [Orabug: 37029059] {CVE-2024-44982}
- drm/msm/dp: reset the link phy params before link training (Abhinav Kumar)
- drm/msm/dpu: don't play tricks with debug macros (Dmitry Baryshkov)
- net: xilinx: axienet: Fix dangling multicast addresses (Sean Anderson)
- net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson)
- netfilter: flowtable: validate vlan header (Pablo Neira Ayuso) [Orabug: 37029063] {CVE-2024-44983}
- ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet) [Orabug: 37029066] {CVE-2024-44985}
- ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029068] {CVE-2024-44986}
- ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029075] {CVE-2024-44987}
- netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070659] {CVE-2024-45016}
- net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029081] {CVE-2024-44988}
- net: dsa: mv88e6xxx: replace ATU violation prints with trace points (Vladimir Oltean)
- net: dsa: mv88e6xxx: read FID when handling ATU violations (Hans J. Schultz)
- dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp() (Dan Carpenter)
- ice: fix ICE_LAST_OFFSET formula (Maciej Fijalkowski)
- bonding: fix xfrm state handling when clearing active slave (Nikolay Aleksandrov)
- bonding: fix xfrm real_dev null pointer dereference (Nikolay Aleksandrov) [Orabug: 37029084] {CVE-2024-44989}
- bonding: fix null pointer deref in bond_ipsec_offload_ok (Nikolay Aleksandrov) [Orabug: 37029087] {CVE-2024-44990}
- bonding: fix bond_ipsec_offload_ok return type (Nikolay Aleksandrov)
- ip6_tunnel: Fix broken GRO (Thomas Bogendoerfer)
- netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior)
- netfilter: nft_counter: Disable BH in nft_counter_offload_stats(). (Sebastian Andrzej Siewior)
- kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013760] {CVE-2024-44946}
- tc-testing: don't access non-existent variable on exception (Simon Horman)
- Bluetooth: SMP: Fix assumption of Central always being Initiator (Luiz Augusto von Dentz)
- Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz)
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (Maximilian Luz)
- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (Long Li)
- dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka)
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (Aurelien Jarno)
- nfsd: make svc_stat per-network namespace instead of global (Josef Bacik)
- nfsd: remove nfsd_stats, make th_cnt a global counter (Josef Bacik)
- nfsd: make all of the nfsd stats per-network namespace (Josef Bacik)
- nfsd: expose /proc/net/sunrpc/nfsd in net namespaces (Josef Bacik)
- nfsd: rename NFSD_NET_* to NFSD_STATS_* (Josef Bacik)
- sunrpc: use the struct net as the svc proc private (Josef Bacik)
- sunrpc: remove ->pg_stats from svc_program (Josef Bacik)
- sunrpc: pass in the sv_stats struct through svc_create_pooled (Josef Bacik)
- nfsd: stop setting ->pg_stats for unused stats (Josef Bacik)
- sunrpc: don't change ->sv_stats if it doesn't exist (Josef Bacik)
- NFSD: Fix frame size warning in svc_export_parse() (Chuck Lever)
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (Chuck Lever)
- NFSD: Refactor the duplicate reply cache shrinker (Chuck Lever)
- NFSD: Replace nfsd_prune_bucket() (Chuck Lever)
- NFSD: Rename nfsd_reply_cache_alloc() (Chuck Lever)
- NFSD: Refactor nfsd_reply_cache_free_locked() (Chuck Lever)
- nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net (Jeff Layton)
- nfsd: move reply cache initialization into nfsd startup (Jeff Layton)
- block: use "unsigned long" for blk_validate_block_size(). (Tetsuo Handa)
- gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029110] {CVE-2024-44999}
- hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang)
- nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg)
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li)
- irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang)
- usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati)
- platform/x86: lg-laptop: fix %s null argument warning (Gergo Koteles)
- clocksource: Make watchdog and suspend-timing multiplication overflow safe (Adrian Hunter)
- s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev)
- openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde)
- NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown)
- nvmet-tcp: do not continue for invalid icreq (Hannes Reinecke)
- net: hns3: add checking for vf id of mailbox (Jian Shen)
- Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz)
- usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-König)
- f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu)
- btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba)
- btrfs: change BUG_ON to assertion in tree_move_down() (David Sterba)
- btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba)
- btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba)
- btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba)
- powerpc/boot: Only free if realloc() succeeds (Michael Ellerman)
- powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming)
- parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller)
- memory: stm32-fmc2-ebi: check regmap_read return value (Christophe Kerello)
- x86: Increase brk randomness entropy for 64-bit systems (Kees Cook)
- md: clean up invalid BUG_ON in md_ioctl (Li Nan)
- netlink: hold nlk->cb_mutex longer in __netlink_dump_start() (Eric Dumazet)
- clocksource/drivers/arm_global_timer: Guard against division by zero (Martin Blumenstingl)
- virtiofs: forbid newlines in tags (Stefan Hajnoczi)
- drm/lima: set gp bus_stop bit before hard reset (Erico Nunes)
- net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook)
- media: drivers/media/dvb-core: copy user arrays safely (Philipp Stanner)
- fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov)
- media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil)
- quota: Remove BUG_ON from dqget() (Jan Kara)
- fuse: fix UAF in rcu pathwalks (Al Viro)
- afs: fix __afs_break_callback() / afs_drop_open_mmap() race (Al Viro)
- ext4: do not trim the group with corrupted block bitmap (Baokun Li)
- nvmet-trace: avoid dereferencing pointer too early (Daniel Wagner)
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan)
- memory: tegra: Skip SID programming if SID registers aren't set (Ashish Mhetre)
- arm64: Fix KASAN random tag seed initialization (Samuel Holland)
- hwmon: (ltc2992) Avoid division by zero (Antoniu Miclaus)
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (Chengfeng Ye)
- wifi: iwlwifi: fw: Fix debugfs command sending (Mukesh Sisodiya)
- wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit)
- gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher)
- scsi: spi: Fix sshdr use (Mike Christie)
- media: qcom: venus: fix incorrect return value (Hans Verkuil)
- binfmt_misc: cleanup on filesystem umount (Christian Brauner)
- staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye)
- drm/amd/display: Validate hw_points_num before using it (Alex Hung)
- staging: iio: resolver: ad2s1210: fix use before initialization (David Lechner)
- media: radio-isa: use dev_name to fill in bus_info (Hans Verkuil)
- i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (Jarkko Nikula)
- i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (Jarkko Nikula)
- s390/smp,mcck: fix early IPI handling (Heiko Carstens)
- RDMA/rtrs: Fix the problem of variable not initialized fully (Zhu Yanjun)
- i2c: riic: avoid potential division by zero (Wolfram Sang)
- wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson)
- wifi: mac80211: fix BA session teardown race (Johannes Berg)
- wifi: cfg80211: check wiphy mutex is held for wdev mutex (Johannes Berg)
- ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb)
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (Parsa Poorshikhian)
- net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029097] {CVE-2024-44995}
- net: hns3: fix wrong use of semaphore up (Jie Wang)
- netfilter: nf_queue: drop packets with cloned unconfirmed conntracks (Florian Westphal)
- netfilter: flowtable: initialise extack before use (Donald Hunter) [Orabug: 37070666] {CVE-2024-45018}
- netfilter: allow ipv6 fragments to arrive on different devices (Tom Hughes)
- mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size (Eugene Syromiatnikov)
- mlxbf_gige: disable RX filters until RX path initialized (David Thompson)
- net: dsa: vsc73xx: check busy flag in MDIO operations (Pawel Dembicki)
- net: dsa: vsc73xx: use read_poll_timeout instead delay loop (Pawel Dembicki)
- net: dsa: vsc73xx: pass value in phy_write operation (Pawel Dembicki)
- net: axienet: Fix register defines comment description (Radhey Shyam Pandey)
- atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029103] {CVE-2024-44998}
- net/mlx5e: Correctly report errors for ethtool rx flows (Cosmin Ratiu)
- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (Faizal Rahim)
- igc: remove I226 Qbv BaseTime restriction (Muhammad Husaini Zulkifli)
- igc: Correct the launchtime offset (Muhammad Husaini Zulkifli)
- s390/uv: Panic for set and remove shared access UVC errors (Claudio Imbrenda)
- drm/amdgpu/jpeg2: properly set atomics vmid field (Alex Deucher)
- memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070671] {CVE-2024-45021}
- drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen)
- btrfs: tree-checker: add dev extent item checks (Qu Wenruo)
- selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei)
- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070679] {CVE-2024-45025}
- bitmap: introduce generic optimized bitmap_size() (Alexander Lobakin)
- btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin)
- fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (Alexander Lobakin)
- vfs: Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029118] {CVE-2024-45003}
- dm persistent data: fix memory allocation failure (Mikulas Patocka)
- dm resume: don't return EINVAL when signalled (Khazhismel Kumykov)
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE (Haibo Xu)
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug: 37070686] {CVE-2024-45026}
- thunderbolt: Mark XDomain as unplugged when router is removed (Mika Westerberg) [Orabug: 37070774] {CVE-2024-46702}
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug: 37029124] {CVE-2024-45006}
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan José Arboleda)
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (Lianqin Hu)
- char: xillybus: Check USB endpoints when probing device (Eli Billauer) [Orabug: 37070649] {CVE-2024-45011}
- char: xillybus: Refine workqueue handling (Eli Billauer)
- char: xillybus: Don't destroy workqueue from work item running on it (Eli Billauer) [Orabug: 37029128] {CVE-2024-45007}
- fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017950] {CVE-2024-44947}
- LTS version: v5.15.165 (Vijayendra Suman)
- Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel)
- media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" (Sean Young)
- ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode (Michael Walle)
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Eric Dumazet) [Orabug: 36897690] {CVE-2024-42114}
- binfmt_flat: Fix corruption when not offsetting data start (Kees Cook) [Orabug: 37029015] {CVE-2024-44966}
- usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed. (Chris Wulff)
- nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli)
- exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984016] {CVE-2024-43882}
- arm64: cpufeature: Fix the visibility of compat hwcaps (Amit Daniel Kachhap)
- arm64: dts: qcom: msm8996: correct #clock-cells for QMP PHY nodes (Dmitry Baryshkov)
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. (Mahesh Salgaonkar) [Orabug: 36897773] {CVE-2024-42126}
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953968] {CVE-2024-42259}
- mptcp: fully established after ADD_ADDR echo on MPJ (Matthieu Baerts (NGI0))
- wifi: mac80211: check basic rates validity (Johannes Berg)
- PCI: dwc: Restore MSI Receiver mask during resume (Jisheng Zhang)
- net: stmmac: Enable mac_managed_pm phylink config (Shenwei Wang)
- netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896845] {CVE-2024-41042}
- netfilter: nf_tables: allow clone callbacks to sleep (Florian Westphal)
- netfilter: nf_tables: bail out if stateful expression provides no .clone (Pablo Neira Ayuso)
- netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso)
- tls: fix race between tx work scheduling and socket close (Jakub Kicinski) [Orabug: 36529710] {CVE-2024-26585}
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (Lukas Wunner) [Orabug: 36964228] {CVE-2024-42302}
- btrfs: fix double inode unlock for direct IO sync writes (Filipe Manana) [Orabug: 37195039] {CVE-2024-43885}
- xfs: fix log recovery buffer allocation for the legacy h_size fixup (Christoph Hellwig) [Orabug: 36809257] {CVE-2024-39472}
- btrfs: fix corruption after buffer fault in during direct IO append write (Filipe Manana)
- selftests: mptcp: join: check backup support in signal endp (Matthieu Baerts (NGI0))
- selftests: mptcp: join: validate backup in MPJ (Matthieu Baerts (NGI0))
- mptcp: pm: fix backup support in signal endpoints (Matthieu Baerts (NGI0))
- mptcp: export local_address (Geliang Tang)
- mptcp: pm: only set request_bkup flag when sending MP_PRIO (Matthieu Baerts (NGI0))
- mptcp: fix bad RCVPRUNED mib accounting (Paolo Abeni)
- mptcp: mib: count MPJ with backup flag (Matthieu Baerts (NGI0))
- mptcp: fix NL PM announced address accounting (Paolo Abeni)
- mptcp: distinguish rcv vs sent backup flag in requests (Matthieu Baerts (NGI0))
- mptcp: sched: check both directions for backup (Matthieu Baerts (NGI0))
- drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann)
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach)
- sched/smt: Fix unbalance sched_smt_present dec/inc (Yang Yingliang) [Orabug: 37028981] {CVE-2024-44958}
- sched/smt: Introduce sched_smt_present_inc/dec() helper (Yang Yingliang)
- x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028935] {CVE-2024-44948}
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (Waiman Long) [Orabug: 36992992] {CVE-2024-43889}
- tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992997] {CVE-2024-43890}
- power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede)
- power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede)
- genirq/irqdesc: Honor caller provided affinity in alloc_desc() (Shay Drory)
- irqchip/xilinx: Fix shift out of bounds (Radhey Shyam Pandey)
- kcov: properly check for softirq context (Andrey Konovalov)
- serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993008] {CVE-2024-43893}
- timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex() (Thomas Gleixner)
- ntp: Safeguard against time_constant overflow (Justin Stitt)
- irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t' (Arseniy Krasnov)
- irqchip/meson-gpio: support more than 8 channels gpio irq (Qianggui Song)
- clocksource: Fix brown-bag boolean thinko in cs_watchdog_read() (Paul E. McKenney)
- clocksource: Scale the watchdog read retries automatically (Feng Tang)
- torture: Enable clocksource watchdog with "tsc=watchdog" (Paul E. McKenney)
- clocksource: Reduce the default clocksource_watchdog() retries to 2 (Waiman Long)
- ntp: Clamp maxerror and esterror to operating range (Justin Stitt)
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (Jason Wang)
- tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37195086] {CVE-2024-44968}
- scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela)
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal)
- usb: gadget: u_serial: Set start_delayed during suspend (Prashanth K)
- usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028987] {CVE-2024-44960}
- USB: serial: debug: do not echo input by default (Marek Marczykowski-Górecki)
- usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992970] {CVE-2024-43883}
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (Takashi Iwai)
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (Steven 'Steve' Kendall)
- ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028956] {CVE-2024-44954}
- drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993013] {CVE-2024-43894}
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (Takashi Iwai)
- spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren)
- kprobes: Fix to check symbol prefixes correctly (Masami Hiramatsu (Google))
- bpf: kprobe: remove unused declaring of bpf_kprobe_override (Menglong Dong)
- i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck)
- spi: spidev: Add missing spi_device_id for bh2228fv (Geert Uytterhoeven)
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (Krzysztof Kozlowski)
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (Krzysztof Kozlowski)
- i2c: smbus: Improve handling of stuck alerts (Guenter Roeck)
- arm64: cputype: Add Cortex-A725 definitions (Mark Rutland)
- arm64: cputype: Add Cortex-X1C definitions (Mark Rutland)
- arm64: cputype: Add Cortex-X925 definitions (Mark Rutland)
- arm64: cputype: Add Cortex-A720 definitions (Mark Rutland)
- arm64: cputype: Add Cortex-X3 definitions (Mark Rutland)
- arm64: cputype: Add Neoverse-V3 definitions (Mark Rutland)
- arm64: cputype: Add Cortex-X4 definitions (Mark Rutland)
- arm64: barrier: Restore spec_bar() macro (Mark Rutland)
- arm64: Add Neoverse-V2 part (Besar Wicaksono)
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space (James Morse)
- ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi)
- sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime (Zheng Zucheng)
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal)
- profiling: remove profile=sleep support (Tetsuo Handa)
- SUNRPC: Fix a race to wake a sync task (Benjamin Coddington)
- s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029019] {CVE-2024-44969}
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi)
- ext4: fix uninitialized variable in ext4_inlinedir_to_tree (Xiaxi Shen)
- media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio)
- media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda)
- drm/amd/display: Add null checker before passing variables (Alex Hung) [Orabug: 36993047] {CVE-2024-43902}
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (Ma Jun) [Orabug: 36993077] {CVE-2024-43907}
- drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993083] {CVE-2024-43908}
- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (Ma Jun) [Orabug: 36993089] {CVE-2024-43909}
- btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana)
- wifi: nl80211: don't give key data to userspace (Johannes Berg)
- udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov)
- PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori)
- selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT (Yonghong Song)
- ACPI: SBS: manage alarm sysfs attribute through psy core (Thomas Weißschuh)
- ACPI: battery: create alarm sysfs attribute atomically (Thomas Weißschuh)
- clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Söderlund)
- md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993126] {CVE-2024-43914}
- md: do not delete safemode_timer in mddev_suspend (Li Nan)
- rcutorture: Fix rcu_torture_fwd_cb_cr() data race (Paul E. McKenney)
- net: fec: Stop PPS on driver remove (Csókás, Bence)
- l2tp: fix lockdep splat (James Chapman)
- net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (Joe Hattori) [Orabug: 37029031] {CVE-2024-44971}
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov)
- net: linkwatch: use system_unbound_wq (Eric Dumazet)
- net: bridge: mcast: wait for previous gc cycles when removing port (Nikolay Aleksandrov) [Orabug: 36993143] {CVE-2024-44934}
- net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983958] {CVE-2024-43861}
- sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993146] {CVE-2024-44935}
- sctp: move hlist_node and hashent out of sctp_ep_common (Xin Long)
- x86/mm: Fix pti_clone_entry_text() for i386 (Peter Zijlstra)
- x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029011] {CVE-2024-44965}
- irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou)
- netfilter: ipset: Add list flush to cancel_gc (Alexander Maltsev)
- mptcp: fix duplicate data handling (Paolo Abeni)
- r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY (Heiner Kallweit)
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke)
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (Zack Rusin) [Orabug: 36983964] {CVE-2024-43863}
- Revert "ALSA: firewire-lib: operate for period elapse event in process context" (Edmund Raile)
- Revert "ALSA: firewire-lib: obsolete workqueue for period update" (Edmund Raile)
- ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (Mavroudis Chatzilazaridis)
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai)
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963807] {CVE-2024-42265}
- HID: wacom: Modify pen IDs (Tatsunosuke Tobita)
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (Patryk Duda)
- power: supply: bq24190_charger: replace deprecated strncpy with strscpy (Justin Stitt)
- riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() (Zhe Qiao) [Orabug: 36963814] {CVE-2024-42267}
- ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Żenczykowski)
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (Shahar Shitrit)
- net: mvpp2: Don't re-use loop iterator (Dan Carpenter)
- net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964005] {CVE-2024-42271}
- rtnetlink: Don't ignore IFLA_TARGET_NETNSID when ifname is specified in rtnl_dellink(). (Kuniyuki Iwashima)
- rtnetlink: enable alt_ifname for setlink/newlink (Florent Fourcot)
- ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (songxiebing)
- drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes)
- drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983978] {CVE-2024-43867}
- MIPS: dts: loongson: Fix ls2k1000-rtc interrupt (Jiaxun Yang)
- MIPS: dts: loongson: Fix liointc IRQ polarity (Jiaxun Yang)
- MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a (Jiaxun Yang)
- MIPS: Loongson64: DTS: Add RTC support to Loongson-2K1000 (Binbin Zhou)
- remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (Aleksandr Mishin)
- drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (Wayne Lin)
- irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964084] {CVE-2024-42290}
- irqchip/imx-irqsteer: Add runtime PM support (Lucas Stach)
- irqchip/imx-irqsteer: Constify irq_chip struct (Lucas Stach)
- irqdomain: Fixed unbalanced fwnode get and put (Herve Codina)
- leds: triggers: Flush pending brightness before activating trigger (Thomas Weißschuh)
- leds: trigger: Call synchronize_rcu() before calling trig->activate() (Hans de Goede)
- leds: trigger: Store brightness set by led_trigger_event() (Heiner Kallweit)
- leds: trigger: Remove unused function led_trigger_rename_static() (Heiner Kallweit)
- leds: trigger: use RCU to protect the led_cdevs list (Johannes Berg)
- drivers: soc: xilinx: check return status of get_api_version() (Jay Buddhabhatti)
- soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver (Michael Tretter)
- ext4: check the extent status again before inserting delalloc block (Zhang Yi)
- ext4: factor out a common helper to query extent map (Zhang Yi)
- ext4: convert to exclusive lock while inserting delalloc extents (Zhang Yi)
- ext4: refactor ext4_da_map_blocks() (Zhang Yi)
- ext4: make ext4_es_insert_extent() return void (Baokun Li)
- sysctl: always initialize i_uid/i_gid (Thomas Weißschuh) [Orabug: 36964269] {CVE-2024-42312}
- arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB (Krishna Kurapati)
- arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB (Krishna Kurapati)
- arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings (Dmitry Baryshkov)
- arm64: dts: qcom: msm8998: drop USB PHY clock index (Johan Hovold)
- arm64: dts: qcom: msm8996: Move '#clock-cells' to QMP PHY child node (Shawn Guo)
- powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC (Esben Haabendal)
- fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (Seth Forshee (DigitalOcean))
- nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964021] {CVE-2024-42276}
- nvme: separate command prep and issue (Jens Axboe)
- nvme: split command copy into a helper (Jens Axboe)
- iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (Artem Chernyshev) [Orabug: 36964025] {CVE-2024-42277}
- ceph: fix incorrect kmalloc size of pagevec mempool (ethanwu)
- ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (Pierre-Louis Bossart)
- spi: spidev: add correct compatible for Rohm BH2228FV (Conor Dooley)
- spi: spidev: order compatibles alphabetically (Krzysztof Kozlowski)
- spidev: Add Silicon Labs EM3581 device compatible (Vincent Tremblay)
- spi: spidev: Replace OF specific code by device property API (Andy Shevchenko)
- spi: spidev: Replace ACPI specific code by device_get_match_data() (Andy Shevchenko)
- spi: spidev: Make probe to fail early if a spidev compatible is used (Javier Martinez Canillas)
- lirc: rc_dev_get_from_fd(): fix file leak (Al Viro)
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (Al Viro)
- apparmor: Fix null pointer deref when receiving skb during sock creation (Xiao Liang)
- mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964031] {CVE-2024-42280}
- bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964037] {CVE-2024-42281}
- net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964043] {CVE-2024-42283}
- net: stmmac: Correct byte order of perfect_match (Simon Horman)
- tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964046] {CVE-2024-42284}
- netfilter: nft_set_pipapo_avx2: disable softinterrupts (Florian Westphal)
- net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg)
- ipv4: Fix incorrect source address in Record Route option (Ido Schimmel)
- MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT)
- bpf, events: Use prog to emit ksymbol event for main program (Hou Tao)
- dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964522] {CVE-2024-43856}
- libbpf: Fix no-args func prototype BTF dumping syntax (Andrii Nakryiko)
- um: time-travel: fix signal blocking race/hang (Johannes Berg)
- um: time-travel: fix time-travel-start option (Johannes Berg)
- phy: cadence-torrent: Check return value on register read (Ma Ke)
- dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (Vignesh Raghavendra)
- jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964529] {CVE-2024-43858}
- kdb: address -Wformat-security warnings (Arnd Bergmann)
- kernel: rerun task_work while freezing in get_signal() (Pavel Begunkov)
- io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov)
- nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964202] {CVE-2024-42295}
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (WangYuli)
- Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (Hilda Wu)
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov)
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov)
- drm/panfrost: Mark simple_ondemand governor as softdep (Dragan Simic)
- MIPS: Loongson64: Test register availability before use (Jiaxun Yang)
- MIPS: Loongson64: reset: Prioritise firmware service (Jiaxun Yang)
- MIPS: Loongson64: Remove memory node for builtin-dtb (Jiaxun Yang)
- MIPS: Loongson64: env: Hook up Loongsson-2K (Jiaxun Yang)
- MIPS: dts: loongson: Fix GMAC phy node (Jiaxun Yang)
- MIPS: ip30: ip30-console: Add missing include (Jiaxun Yang)
- remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964536] {CVE-2024-43860}
- remoteproc: stm32_rproc: Fix mailbox interrupts queuing (Gwenael Treuveur)
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov)
- selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman)
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964053] {CVE-2024-42285}
- platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang)
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner)
- rtc: isl1208: Fix return value of nvmem callbacks (Joy Chakraborty)
- drm/i915/dp: Reset intel_dp->link_trained before retraining the link (Imre Deak)
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (Alex Deucher)
- drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (Nitin Gote)
- perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter)
- perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati)
- perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (Kan Liang)
- perf: Fix event leak upon exit (Frederic Weisbecker) [Orabug: 36983986] {CVE-2024-43870}
- rtc: cmos: Fix return value of nvmem callbacks (Joy Chakraborty)
- mm/numa_balancing: teach mpol_to_str about the balancing mode (Tvrtko Ursulin)
- devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983990] {CVE-2024-43871}
- devres: Fix devm_krealloc() wasting memory (Zijun Hu)
- gve: Fix an edge case for TSO skb validity check (Bailey Forrest)
- kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 37203371] {CVE-2024-42292}
- kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor)
- decompress_bunzip2: fix rare decompression failure (Ross Lagerwall)
- ubi: eba: properly rollback inside self_check_eba (Fedor Pchelkin)
- clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (Bastien Curutchet)
- fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed (Huacai Chen) [Orabug: 36964218] {CVE-2024-42299}
- dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964222] {CVE-2024-42301}
- binder: fix hang of unregistered readers (Carlos Llamas)
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam)
- PCI: dw-rockchip: Fix initial PERST# GPIO value (Niklas Cassel)
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu)
- hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- tools/memory-model: Fix bug in lock.cat (Alan Stern)
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (wangdicheng)
- ALSA: usb-audio: Move HD Webcam quirk to the right place (Takashi Iwai)
- ALSA: usb-audio: Fix microphone sound on HD webcam. (wangdicheng)
- KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (Sean Christopherson)
- media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda)
- jbd2: make jbd2_journal_get_max_txn_bufs() internal (Jan Kara)
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- wifi: mwifiex: Fix interface type change (Rafael Beims)
- selftests/landlock: Add cred_transfer test (Mickaël Salaün)
- io_uring: tighten task exit cancellations (Pavel Begunkov)
- ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964231] {CVE-2024-42304}
- ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964236] {CVE-2024-42305}
- m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati)
- udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964241] {CVE-2024-42306}
- task_work: Introduce task_work_cancel() again (Frederic Weisbecker)
- task_work: s/task_work_cancel()/task_work_cancel_func()/ (Frederic Weisbecker)
- apparmor: use kvfree_sensitive to free data->data (Fedor Pchelkin)
- sched/fair: Use all little CPUs for CPU-bound workloads (Pierre Gondois)
- drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964246] {CVE-2024-42308}
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964252] {CVE-2024-42309}
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964258] {CVE-2024-42310}
- ext2: Verify bitmap and itable block numbers before using them (Jan Kara)
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964264] {CVE-2024-42311}
- ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (Igor Pylypiv)
- media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964274] {CVE-2024-42313}
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Joe Hattori)
- fuse: verify {g,u}id mount options correctly (Eric Sandeen)
- sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks (Tejun Heo)
- ipv6: take care of scope when choosing the src addr (Nicolas Dichtel)
- af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du)
- net: netconsole: Disable target before netpoll cleanup (Breno Leitao)
- tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao)
- dt-bindings: thermal: correct thermal zone node name limit (Krzysztof Kozlowski)
- mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer (Tetsuo Handa)
- mm/hugetlb: fix possible recursive locking detected warning (Miaohe Lin)
- landlock: Don't lose track of restrictions on cred_transfer (Jann Horn) [Orabug: 36964283] {CVE-2024-42318}
- fs/ntfs3: Missed error return (Konstantin Komarov)
- rtc: interface: Add RTC offset to alarm after fix-up (Csókás, Bence)
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi)
- fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP (David Hildenbrand)
- fs/ntfs3: Fix field-spanning write in INDEX_HDR (Konstantin Komarov)
- fs/ntfs3: Replace inode_trylock with inode_lock (Konstantin Komarov)
- pinctrl: freescale: mxs: Fix refcount of child (Peng Fan)
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-König)
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: rockchip: update rk3308 iomux routes (Dmitry Yashin)
- fs/ntfs3: Fix getting file type (Konstantin Komarov)
- fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting (Konstantin Komarov)
- fs/ntfs3: Fix transform resident to nonresident for compressed files (Konstantin Komarov)
- fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT (Konstantin Komarov)
- fs/ntfs3: Use ALIGN kernel macro (Konstantin Komarov)
- net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports (Martin Willi)
- net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports (Martin Willi)
- netfilter: nf_set_pipapo: fix initial map fill (Florian Westphal)
- netfilter: nft_set_pipapo: constify lookup fn args where possible (Florian Westphal)
- netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013754] {CVE-2024-44944}
- bnxt_re: Fix imm_data endianness (Jack Wang)
- RDMA/hns: Fix insufficient extend DB for VFs. (Chengchang Tang)
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (Chengchang Tang)
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (Chengchang Tang)
- macintosh/therm_windtunnel: fix module unload. (Nick Bowler)
- powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman)
- net: missing check virtio (Denis Arefev) [Orabug: 36964424] {CVE-2024-43817}
- vhost/vsock: always initialize seqpacket_allow (Michael S. Tsirkin) [Orabug: 36983999] {CVE-2024-43873}
- PCI: endpoint: Clean up error handling in vpci_scan_bus() (Dan Carpenter) [Orabug: 36984004] {CVE-2024-43875}
- Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov)
- RDMA/device: Return error earlier if port in not valid (Leon Romanovsky)
- mtd: make mtd_test.c a separate module (Arnd Bergmann)
- ASoC: max98088: Check for clk_prepare_enable() error (Chen Ni)
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI)
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky)
- RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky)
- Input: qt1050 - handle CHIP_ID reading error (Andrei Lalaev)
- RDMA/cache: Release GID table even if leak is detected (Leon Romanovsky)
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (Chiara Meiohas)
- coresight: Fix ref leak when of_coresight_parse_endpoint() fails (James Clark)
- clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (Taniya Das)
- clk: qcom: branch: Add helper functions for setting retain bits (Konrad Dybcio)
- PCI: Fix resource double counting on remove & rescan (Ilpo Järvinen)
- SUNRPC: Fixup gss_status tracepoint error output (Benjamin Coddington)
- sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson)
- ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara)
- ext4: don't track ranges in fast_commit if inode has inlined data (Luis Henriques (SUSE))
- ext4: return early for non-eligible fast_commit track events (Ritesh Harjani)
- NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (Olga Kornievskaia)
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server. (NeilBrown)
- xprtrdma: Fix rpcrdma_reqs_reset() (Chuck Lever)
- mfd: omap-usb-tll: Use struct_size to allocate tll (Javier Carrasco)
- mfd: rsmu: Split core code into separate module (Arnd Bergmann)
- perf intel-pt: Fix exclude_guest setting (Adrian Hunter)
- perf intel-pt: Fix aux_watermark calculation for 64-bit size (Adrian Hunter)
- media: venus: flush all buffers in output plane streamoff (Dikshita Agarwal)
- ext4: fix infinite loop when replaying fast_commit (Luis Henriques (SUSE))
- Revert "leds: led-core: Fix refcount leak in of_led_get()" (Luca Ceresoli)
- drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964455] {CVE-2024-43829}
- drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach)
- perf report: Fix condition in sort__sym_cmp() (Namhyung Kim)
- leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug: 36964458] {CVE-2024-43830}
- drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (Hsiao Chien Sung)
- drm/mediatek: Add missing plane settings when async update (Hsiao Chien Sung)
- media: renesas: vsp1: Store RPF partition configuration per RPF instance (Laurent Pinchart)
- media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart)
- media: uvcvideo: Override default flags (Daniel Schaefer)
- saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov)
- media: i2c: Fix imx412 exposure control (Bryan O'Donoghue)
- media: imon: Fix race getting ictx->lock (Ricardo Ribalda)
- media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (Zheng Yejian)
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (Douglas Anderson)
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (Douglas Anderson)
- drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (Friedrich Vock)
- drm/amd/pm: Fix aldebaran pcie speed reporting (Lijo Lazar)
- xdp: fix invalid wait context of page_pool_destroy() (Taehee Yoo) [Orabug: 36964469] {CVE-2024-43834}
- selftests: forwarding: devlink_lib: Wait for udev events after reloading (Amit Cohen)
- bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o (Alan Maguire)
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964479] {CVE-2024-43839}
- bpf: annotate BTF show functions with __printf (Alan Maguire)
- selftests/bpf: Close fd in error path in drop_on_reuseport (Geliang Tang)
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (John Stultz)
- wifi: virt_wifi: don't use strlen() in const context (Johannes Berg)
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (Gaosheng Cui)
- wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964486] {CVE-2024-43841}
- perf: Fix default aux_watermark calculation (Adrian Hunter)
- perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter)
- perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter)
- perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (Adrian Hunter)
- netfilter: nf_tables: rise cap on SELinux secmark context (Pablo Neira Ayuso)
- libbpf: Checking the btf_type kind when fixing variable offsets (Donglin Peng)
- net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csókás, Bence)
- net: fec: Refactor: #define magic constants (Csókás Bence)
- wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug: 36984009] {CVE-2024-43879}
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (Baochen Qiang)
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (Baochen Qiang)
- mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors (Ido Schimmel)
- mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984012] {CVE-2024-43880}
- lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964494] {CVE-2024-43846}
- selftests/bpf: Check length of recv in test_sockmap (Geliang Tang)
- net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined (Guangguan Wang)
- tcp: fix races in tcp_v[46]_err() (Eric Dumazet)
- tcp: fix race in tcp_write_err() (Eric Dumazet)
- tcp: add tcp_done_with_error() helper (Eric Dumazet)
- tcp: annotate lockless access to sk->sk_err (Eric Dumazet)
- tcp: annotate lockless accesses to sk->sk_err_soft (Eric Dumazet)
- net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP (Hagar Hemdan)
- selftests/bpf: Fix prog numbers in test_sockmap (Geliang Tang)
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda)
- firmware: turris-mox-rwtm: Initialize completion before mailbox (Marek Behún)
- firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (Marek Behún)
- firmware: turris-mox-rwtm: Do not complete if there are no waiters (Marek Behún)
- vmlinux.lds.h: catch .bss..L* sections into BSS") (Christophe Leroy)
- ARM: spitz: fix GPIO assignment for backlight (Dmitry Torokhov)
- ARM: pxa: spitz: use gpio descriptors for audio (Arnd Bergmann)
- m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum)
- x86/xen: Convert comma to semicolon (Chen Ni)
- m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen)
- arm64: dts: amlogic: gx: correct hdmi clocks (Jerome Brunet)
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 (Chen-Yu Tsai)
- arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux (Rafał Miłecki)
- arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property (Chen-Yu Tsai)
- ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity (Michael Walle)
- ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects (Michael Walle)
- ARM: dts: imx6qdl-kontron-samx6i: fix board reset (Michael Walle)
- ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset (Michael Walle)
- ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node (Marco Felsch)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman)
- soc: qcom: pdr: fix parsing of domains lists (Dmitry Baryshkov)
- soc: qcom: pdr: protect locator_addr with the main mutex (Dmitry Baryshkov) [Orabug: 36964502] {CVE-2024-43849}
- memory: fsl_ifc: Make FSL_IFC config visible and selectable (Esben Haabendal)
- arm64: dts: qcom: msm8996: specify UFS core_clk frequencies (Dmitry Baryshkov)
- soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers (Stephen Boyd)
- arm64: dts: qcom: sm8250: add power-domain to UFS PHY (Dmitry Baryshkov)
- arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings (Dmitry Baryshkov)
- arm64: dts: qcom: sdm845: add power-domain to UFS PHY (Dmitry Baryshkov)
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck)
- hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck)
- drm/meson: fix canvas release in bind function (Yao Zi)
- pwm: stm32: Always do lazy disabling (Uwe Kleine-König)
- hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung)
- x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Järvinen)
- x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Järvinen)
- x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Järvinen)
- hfsplus: fix to avoid false alarm of circular locking (Chao Yu)
- block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964514] {CVE-2024-43854}
- block: cleanup bio_integrity_prep (Jinyoung Choi)
- block: refactor to use helper (Nitesh Shetty)
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih)
- f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964212] {CVE-2024-42297}
- f2fs: fix return value of f2fs_convert_inline_inode() (Chao Yu) [Orabug: 36964207] {CVE-2024-42296}
- LTS version: v5.15.164 (Vijayendra Suman)
- tap: add missing verification for short frame (Si-Wei Liu) [Orabug: 36879156] {CVE-2024-41090}
- tun: add missing verification for short frame (Dongli Zhang) [Orabug: 36879156] {CVE-2024-41091}
- wifi: rt2x00: use explicitly signed or unsigned types (Jason A. Donenfeld)
- filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36874755] {CVE-2024-41012} {CVE-2024-41020}
- ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused (Shengjiu Wang)
- arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB (Krishna Kurapati)
- arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB (Krishna Kurapati)
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (Seunghun Han)
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (Edson Juliano Drosdeck)
- fs/ntfs3: Validate ff offset (lei lu) [Orabug: 36891672] {CVE-2024-41019}
- jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891666] {CVE-2024-41017}
- ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891654] {CVE-2024-41015}
- Add gitignore file for samples/fanotify/ subdirectory (Linus Torvalds)
- docs: Fix formatting of literal sections in fanotify docs (Gabriel Krisman Bertazi)
- samples: Make fs-monitor depend on libc and headers (Gabriel Krisman Bertazi)
- samples: Add fs error monitoring example (Gabriel Krisman Bertazi)
- wifi: mac80211: disable softirqs for queued frame handling (Johannes Berg)
- mm/damon/core: merge regions aggressively when max_nr_regions is unmet (SeongJae Park)
- minmax: relax check to allow comparison between unsigned arguments and signed constants (David Laight)
- minmax: allow comparisons of 'int' against 'unsigned char/short' (David Laight)
- minmax: allow min()/max()/clamp() if the arguments have the same signedness. (David Laight)
- minmax: fix header inclusions (Andy Shevchenko)
- minmax: clamp more efficiently by avoiding extra comparison (Jason A. Donenfeld)
- minmax: sanity check constant bounds when clamping (Jason A. Donenfeld)
- tracing: Define the is_signed_type() macro once (Bart Van Assche)
- spi: mux: set ctlr->bits_per_word_mask (David Lechner)
- hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896968] {CVE-2024-41059}
- selftests/vDSO: fix clang build errors and warnings (John Hubbard)
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-König)
- riscv: stacktrace: fix usage of ftrace_graph_ret_addr() (Puranjay Mohan)
- fs: better handle deep ancestor chains in is_subdir() (Christian Brauner)
- drm/radeon: check bo_va->bo is non-NULL before using it (Pierre-Eric Pelloux-Prayer) [Orabug: 36896974] {CVE-2024-41060}
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896993] {CVE-2024-41063}
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (Xingui Yang)
- powerpc/eeh: avoid possible crash when edev->pdev changes (Ganesh Goudar) [Orabug: 36897001] {CVE-2024-41064}
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897008] {CVE-2024-41065}
- net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang)
- net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas)
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang)
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (Aivaz Latypov)
- btrfs: qgroup: fix quota root leak after quota disable failure (Filipe Manana) [Orabug: 36897343] {CVE-2024-41078}
- platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (Armin Wolf)
- platform/x86: lg-laptop: Change ACPI device id (Armin Wolf)
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (Armin Wolf)
- platform/x86: wireless-hotkey: Add support for LG Airplane Button (Armin Wolf)
- s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897031] {CVE-2024-41068}
- can: kvaser_usb: fix return value for hif_usb_send_regout (Chen Ni)
- ASoC: ti: omap-hdmi: Fix too long driver name (Primoz Fiser)
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config (Jai Luthra)
- ALSA: dmaengine: Synchronize dma channel after drop() (Jai Luthra)
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium (Thomas GENTY)
- Input: i8042 - add Ayaneo Kun to i8042 quirk table (Tobias Jakobi)
- Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose)
- mips: fix compat_sys_lseek syscall (Arnd Bergmann)
- ALSA: hda/realtek: Add more codec ID to no shutup pins list (Kailang Yang)
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (Alexey Makhalov)
- KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug: 36897047] {CVE-2024-41070}
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897311] {CVE-2024-41072}
- nvme: avoid double free special payload (Chunguang Xu) [Orabug: 36897316] {CVE-2024-41073}
- mei: demote client disconnect warning on suspend to debug (Alexander Usyskin)
- fs/file: fix the check in find_next_fd() (Yuntao Wang)
- kconfig: remove wrong expr_trans_bool() (Masahiro Yamada)
- kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada)
- null_blk: fix validation of block size (Andreas Hindborg) [Orabug: 36897338] {CVE-2024-41077}
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (Wei Li)
- ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897359] {CVE-2024-41081}
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (Eric Dumazet)
- Input: silead - Always support 10 fingers (Hans de Goede)
- selftests/openat2: Fix build warnings on ppc64 (Michael Ellerman)
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov)
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (Ayala Beker)
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (Yedidya Benshimol)
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (Yedidya Benshimol)
- wifi: mac80211: handle tasklet frames before stopping (Johannes Berg)
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande)
- tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (Dhananjay Ugwekar)
- ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf)
- ACPI: EC: Abort address space access upon error (Armin Wolf)
- scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap)
- scsi: qedf: Wait for stag work during unload (Saurav Kashyap)
- scsi: qedf: Don't process stag work during unload and recovery (Saurav Kashyap)
- scsi: core: alua: I/O errors for ALUA state transitions (Martin Wilck)
- scsi: core: Fix a use-after-free (Bart Van Assche)
- bpf: Fix overrunning reservations in ringbuf (Daniel Borkmann) [Orabug: 36850238] {CVE-2024-41009}
- ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu)
- ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada)
- filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874755] {CVE-2024-41012} {CVE-2024-41020}
- gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook)

[5.15.0-302.163.3.el8uek]
- uek-rpm: T93: Enable CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER (Thomas Tai) [Orabug: 37174880]
- mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37174198] {CVE-2024-47674}
- rds/ib: Count memory consumed by rds_page_frag (Hans Westgaard Ry) [Orabug: 37162157]
- uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME properly in embedded kernels (Dave Kleikamp) [Orabug: 37160327]
- fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156522]
- Revert "Documentation/admin-guide/acpi: Move information out of shell script comments" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic-v3: Move partition_create_desc() work to a helper" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic: Collect GIC_IRQ_TYPE definitions into one place" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / irq: Allow a compile-time arg0 for acpi_register_gsi()'s fwspec" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic, gic-v3: Translate fwspec for DT and ACPI systems in the same way" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Provide a helper to walk processor containers" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Add a helper to build a cpumask from a cpu_node" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic-v3: Print DT partitions in the same way as APCI" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic-v3: Build PPI partitions on ACPI systems" (Dave Kleikamp) [Orabug: 37144820]
- Revert "irqchip/gic-v3: select and translate the partition domain" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / irq: Add acpi_register_partitioned_percpu_gsi()" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Find PPTT cache level by ID" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Add a helper to fill a cpumask from a processor container" (Dave Kleikamp) [Orabug: 37144820]
- Revert "ACPI / PPTT: Add a helper to fill a cpumask from a cache_id" (Dave Kleikamp) [Orabug: 37144820]
- Revert "drivers: base: cacheinfo: Check per_cpu_cacheinfo() is allocated" (Dave Kleikamp) [Orabug: 37144820]
- Revert "drivers: base: cacheinfo: Add helper to find the cache size from cpu+level" (Dave Kleikamp) [Orabug: 37144820]
- Revert "cacheinfo: Allow for >32-bit cache 'id'" (Dave Kleikamp) [Orabug: 37144820]
- Revert "cacheinfo: Set cache 'id' based on DT data" (Dave Kleikamp) [Orabug: 37144820]
- Revert "cacheinfo: Expose the code to generate a cache-id from a device_node" (Dave Kleikamp) [Orabug: 37144820]
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (Kim Phillips) [Orabug: 37126702]
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (Kim Phillips) [Orabug: 37126702]
- x86/cpu, kvm: Add the Null Selector Clears Base feature (Kim Phillips) [Orabug: 37126702]
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (Kim Phillips) [Orabug: 37126702]
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (Kim Phillips) [Orabug: 37126702]
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (Kim Phillips) [Orabug: 37126702]
- KVM: x86: Advertise that the SMM_CTL MSR is not supported (Jim Mattson) [Orabug: 37126702]
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (Paolo Bonzini) [Orabug: 37126702]
- KVM: x86: skip host CPUID call for hypervisor leaves (Paolo Bonzini) [Orabug: 37126702]
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 37126702]
- amd_hsmp: Update PwrEfficiencyModeSelection message (Suma Hegde) [Orabug: 37123833]
- amd_hsmp: Add support for new error codes returned from firmware (Suma Hegde) [Orabug: 37123833]
- amd_hsmp: Add new HSMP messages of protocol version 7 (Suma Hegde) [Orabug: 37123833]
- IB/mlx5: Fix mlx5_ib_get_vector_irqn() after dynamic IRQ allocation change (Gerd Rausch) [Orabug: 37069671]
- arm64: kdump: increase crashkernel reservation size for crashkernel=auto (Brian Maly) [Orabug: 36949800]
- rds: Support rds-pings with payload (Håkon Bugge) [Orabug: 36847470]
- mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin) [Orabug: 36683092] {CVE-2024-36028}
- mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled (Miaohe Lin) [Orabug: 36597930] {CVE-2024-26987}

[5.15.0-302.163.2.el8uek]
- uek: kabi: Introduce APIs to hide/fake inclusion of headers (Saeed Mirzamohammadi) [Orabug: 37144803]
- uek-rpm: Enable config for Mediatek mt7915E wireless driver (Saeed Mirzamohammadi) [Orabug: 37123534]
- uek-rpm: Update the x86 kABI files for new symbol (Yifei Liu) [Orabug: 37108651]
- KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (Sean Christopherson) [Orabug: 36809298] {CVE-2024-39483}
- net: bridge: xmit: make sure we have at least eth header len bytes (Nikolay Aleksandrov) [Orabug: 36753371] {CVE-2024-38538}
- net: add pskb_may_pull_reason() helper (Eric Dumazet) [Orabug: 36753371] {CVE-2024-38538}

[5.15.0-302.163.1.el8uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37035557] {CVE-2024-49863}
- kpcimgr: Add dynamic memory region allocation feature (Joe Dobosenski) [Orabug: 36983477]



ELSA-2024-12813 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12813

http://linux.oracle.com/errata/ELSA-2024-12813.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.337.5.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.337.5.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.337.5.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.337.5.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.337.5.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.337.5.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.337.5.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.337.5.el8uek.src.rpm

Related CVEs:

CVE-2023-31083
CVE-2024-26951
CVE-2024-36028
CVE-2024-41011
CVE-2024-41098
CVE-2024-42228
CVE-2024-43835
CVE-2024-43853
CVE-2024-43854
CVE-2024-43884
CVE-2024-44946
CVE-2024-44947
CVE-2024-44987
CVE-2024-44988
CVE-2024-44995
CVE-2024-44998
CVE-2024-44999
CVE-2024-45003
CVE-2024-45006
CVE-2024-45008
CVE-2024-45016
CVE-2024-45021
CVE-2024-45025
CVE-2024-45026
CVE-2024-45028
CVE-2024-46673
CVE-2024-46674
CVE-2024-46675
CVE-2024-46676
CVE-2024-46677
CVE-2024-46679
CVE-2024-46685
CVE-2024-46714
CVE-2024-46719
CVE-2024-46721
CVE-2024-46722
CVE-2024-46723
CVE-2024-46737
CVE-2024-46739
CVE-2024-46740
CVE-2024-46743
CVE-2024-46744
CVE-2024-46745
CVE-2024-46747
CVE-2024-46750
CVE-2024-46755
CVE-2024-46756
CVE-2024-46757
CVE-2024-46758
CVE-2024-46759
CVE-2024-46761
CVE-2024-46771
CVE-2024-46777
CVE-2024-46780
CVE-2024-46781
CVE-2024-46782
CVE-2024-46783
CVE-2024-46798
CVE-2024-46800
CVE-2024-46815
CVE-2024-46817
CVE-2024-46818
CVE-2024-46822
CVE-2024-46828
CVE-2024-46829
CVE-2024-46840
CVE-2024-46844
CVE-2024-47663
CVE-2024-47667
CVE-2024-47668
CVE-2024-47669
CVE-2024-49863
CVE-2024-49958

Description of changes:

[5.4.17-2136.337.5.el8uek]
- net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37093177]

[5.4.17-2136.337.4.el8uek]
- ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199020]
- Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna) [Orabug: 37199020]
- net/rds: Make send+receive IRQ assignments visible to user-space (Gerd Rausch) [Orabug: 36987151]
- igb: Do not free the irq resources if they are already freed by igb_close() (Yifei Liu) [Orabug: 37005245]
- A/A Bonding: check port count during RDMA device addition (Arumugam Kolappan) [Orabug: 36579195]

[5.4.17-2136.337.3.el8uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37137548] {CVE-2024-49863}
- rds/ib: Count memory consumed by rds_page_frag (Hans Westgaard Ry) [Orabug: 37172717]
- fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156523]
- mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin) [Orabug: 36683094] {CVE-2024-36028}
- uek: Disable /proc/uek under Xen and under non-Exadata systems (Konrad Rzeszutek Wilk) [Orabug: 37170992]
- uek: Add force_noio runtime option. (Konrad Rzeszutek Wilk) [Orabug: 37145327]
- treewide: Make the force_noio parameter be writable. (Konrad Rzeszutek Wilk) [Orabug: 37145327]
- treewide: Sample foo_bar_force_noio before use (Håkon Bugge) [Orabug: 37145327]
- workqueue: Add Oracle specific code to modify the flags of tasks. (Konrad Rzeszutek Wilk) [Orabug: 37145327]
- net/mlx5: Free IRQ rmap and notifier on kernel shutdown (Saeed Mahameed) [Orabug: 36706485]
- net/mlx5: Free irqs only on shutdown callback (Shay Drory) [Orabug: 36706485]
- kpcimgr: Add dynamic memory region allocation feature (Joe Dobosenski) [Orabug: 36983478]
- uek: kabi: Introduce APIs to hide/fake inclusion of headers (Saeed Mirzamohammadi) [Orabug: 37097450]
- RDMA/cma: Always set static rate to 0 for RoCE (Mark Zhang) [Orabug: 37100215]
- net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (Valentine Fatiev) [Orabug: 37104450]
- net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path (Valentine Fatiev) [Orabug: 37099359]

[5.4.17-2136.337.2.el8uek]
- LTS tag: v5.4.284 (Sherry Yang)
- Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" (Greg Kroah-Hartman)
- cx82310_eth: fix error return code in cx82310_bind() (Zhang Changzhong)
- net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Daniel Borkmann)
- rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116446] {CVE-2024-46829}
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko)
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (Andy Shevchenko)
- nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074465] {CVE-2024-46737}
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug: 37116413] {CVE-2024-46822}
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (James Morse)
- ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron)
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron)
- nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074677] {CVE-2024-46780}
- nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang)
- tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian)
- ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() (Steven Rostedt (VMware))
- uprobes: Use kzalloc to allocate xol area (Sven Schnelle)
- clocksource/drivers/timer-of: Remove percpu irq related code (Daniel Lezcano)
- clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai)
- clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai)
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (Naman Jain)
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug: 37074473] {CVE-2024-46739}
- nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven)
- binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074477] {CVE-2024-46740}
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (Matteo Martelli)
- iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner)
- staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug: 37159728] {CVE-2024-47663}
- NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (Trond Myklebust)
- ata: pata_macio: Use WARN instead of BUG (Michael Ellerman)
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159757] {CVE-2024-47668}
- of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074488] {CVE-2024-46743}
- Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074495] {CVE-2024-46744}
- usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum)
- Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074503] {CVE-2024-46745}
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074513] {CVE-2024-46747}
- btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba)
- PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074532] {CVE-2024-46750}
- btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116494] {CVE-2024-46840}
- btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik)
- smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang)
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074561] {CVE-2024-46755}
- libbpf: Add NULL checks to bpf_object__{prev_map,next_map} (Andreas Ziegler)
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074566] {CVE-2024-46756}
- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074571] {CVE-2024-46757}
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074579] {CVE-2024-46758}
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074584] {CVE-2024-46759}
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074595] {CVE-2024-46761}
- devres: Initialize an uninitialized struct member (Zijun Hu)
- um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116518] {CVE-2024-46844}
- cgroup: Protect css->cgroup write under css_set_lock (Waiman Long)
- iommu/vt-d: Handle volatile descriptor status read (Jacob Pan)
- dm init: Handle minors larger than 255 (Benjamin Marzinski)
- ASoC: topology: Properly initialize soc_enum values (Amadeusz Sławiński)
- net: dsa: vsc73xx: fix possible subblocks range of CAPT block (Pawel Dembicki)
- net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN (Jonas Gorski)
- net: bridge: fdb: convert added_by_external_learn to use bitops (Nikolay Aleksandrov)
- net: bridge: fdb: convert added_by_user to bitops (Nikolay Aleksandrov)
- net: bridge: fdb: convert is_sticky to bitops (Nikolay Aleksandrov)
- net: bridge: fdb: convert is_static to bitops (Nikolay Aleksandrov)
- net: bridge: fdb: convert is_local to bitops (Nikolay Aleksandrov)
- usbnet: modern method to get random MAC (Oliver Neukum)
- net: usb: don't write directly to netdev->dev_addr (Jakub Kicinski)
- drivers/net/usb: Remove all strcpy() uses (Len Baker)
- cx82310_eth: re-enable ethernet mode after router reboot (Ondrej Zary)
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074693] {CVE-2024-46783}
- platform/x86: dell-smbios: Fix error path in dell_smbios_init() (Aleksandr Mishin)
- can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074625] {CVE-2024-46771}
- pcmcia: Use resource_size function on resource object (Jules Irenge)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni)
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (Kishon Vijay Abraham I) [Orabug: 37159750] {CVE-2024-47667}
- usb: uas: set host status byte on data completion error (Shantanu Goel)
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel)
- udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074665] {CVE-2024-46777}
- netfilter: nf_conncount: fix wrong variable type (Yunjian Wang)
- af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima)
- irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali Rohár)
- smack: unix sockets: fix accept()ed socket label (Konstantin Andreev)
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai)
- nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159765] {CVE-2024-47669}
- nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074684] {CVE-2024-46781}
- sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke Høiland-Jørgensen) [Orabug: 37116443] {CVE-2024-46828}
- ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074689] {CVE-2024-46782}
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (Satya Priya Kakitapalli)
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (Satya Priya Kakitapalli)
- clk: hi6220: use CLK_OF_DECLARE_DRIVER (Peter Griffin)
- reset: hi6220: Add support for AO reset controller (Peter Griffin)
- fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn)
- fuse: update stats for pages in dropped aux writeback list (Joanne Koong)
- mmc: sdhci-of-aspeed: fix module autoloading (Liao Chen)
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko)
- irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() (Ma Ke)
- ata: libata: Fix memory leak for error path in ata_host_alloc() (Zheng Qixing)
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg)
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin) [Orabug: 37074722] {CVE-2024-46798}
- sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074726] {CVE-2024-46800}
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (Richard Fitzgerald)
- udf: Limit file size to 4TB (Jan Kara)
- virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964474] {CVE-2024-43835}
- net: set SOCK_RCU_FREE before inserting socket into hashtable (Stanislav Fomichev)
- block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964515] {CVE-2024-43854}
- media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda)
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073032] {CVE-2024-46714}
- wifi: cfg80211: make hash table duplicates more survivable (Johannes Berg)
- smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler)
- usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073065] {CVE-2024-46719}
- usbip: Don't submit special requests twice (Simon Holesch)
- ionic: fix potential irq name truncation (Shannon Nelson)
- apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073078] {CVE-2024-46721}
- drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (Michael Chen)
- drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073083] {CVE-2024-46722}
- drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073088] {CVE-2024-46723}
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (Hersen Wu)
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116366] {CVE-2024-46815}
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug: 37116376] {CVE-2024-46817}
- drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116385] {CVE-2024-46818}
- drm/amdgpu: fix overflowed array index read warning (Tim Huang)
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun)
- net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian)
- i2c: Fix conditional for substituting empty ACPI functions (Richard Fitzgerald)
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (Philip Mueller)
- LTS tag: v5.4.283 (Sherry Yang)
- scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070700] {CVE-2024-46673}
- net: dsa: mv8e6xxx: Fix stub function parameters (Andrew Lunn)
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu)
- usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski)
- usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070705] {CVE-2024-46674}
- usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070710] {CVE-2024-46675}
- usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski)
- USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian)
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray)
- soc: qcom: cmd-db: Map shared memory as WC, not WB (Volodymyr Babchuk)
- nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070717] {CVE-2024-46676}
- nfc: pn533: Add autopoll capability (Lars Poeschel)
- nfc: pn533: Add dev_up/dev_down hooks to phy_ops (Lars Poeschel)
- net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet)
- gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070722] {CVE-2024-46677}
- ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070728] {CVE-2024-46679}
- r8152: Factor out OOB link list waits (Prashant Malani)
- soundwire: stream: fix programming slave ports for non-continous port maps (Krzysztof Kozlowski)
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964510] {CVE-2024-43853}
- ata: libata-core: Fix null pointer dereference on error (Niklas Cassel) [Orabug: 36897457] {CVE-2024-41098}
- media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda)
- drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867631] {CVE-2024-41011}
- wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer)
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070744] {CVE-2024-46685}
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898009] {CVE-2024-42228}
(Alexander Lobakin)
- Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029137] {CVE-2024-45008}
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 36654191] {CVE-2023-31083}
- mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten)
- cxgb4: add forgotten u64 ivlan cast before shift (Nikolay Kuratov)
- HID: microsoft: Add rumble support to latest xbox controllers (Siarhei Vishniakou)
- HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke)
- Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992976] {CVE-2024-43884}
- mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070691] {CVE-2024-45028}
- drm/msm/dpu: don't play tricks with debug macros (Dmitry Baryshkov)
- drm/msm: use drm_debug_enabled() to check for debug categories (Jani Nikula)
- net: xilinx: axienet: Fix dangling multicast addresses (Sean Anderson)
- net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson)
- ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029076] {CVE-2024-44987}
- netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070660] {CVE-2024-45016}
- net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029082] {CVE-2024-44988}
- net: dsa: mv88e6xxx: replace ATU violation prints with trace points (Vladimir Oltean)
- net: dsa: mv88e6xxx: read FID when handling ATU violations (Hans J. Schultz)
- net: dsa: mv88e6xxx: global1_atu: Add helper for get next (Andrew Lunn)
- net: dsa: mv88e6xxx: global2: Expose ATU stats register (Andrew Lunn)
- netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior)
- kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013761] {CVE-2024-44946}
- tc-testing: don't access non-existent variable on exception (Simon Horman)
- Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz)
- Bluetooth: hci_core: Fix not handling link timeouts propertly (Luiz Augusto von Dentz)
- Bluetooth: Make use of __check_timeout on hci_sched_le (Luiz Augusto von Dentz)
- dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka)
- dm: do not use waitqueue for request-based DM (Ming Lei)
- dm mpath: pass IO start time to path selector (Gabriel Krisman Bertazi)
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (Aurelien Jarno)
- block: use "unsigned long" for blk_validate_block_size(). (Tetsuo Handa)
- gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029111] {CVE-2024-44999}
- hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang)
- nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg)
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li)
- irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang)
- usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati)
- s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev)
- openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde)
- NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown)
- nvmet-tcp: do not continue for invalid icreq (Hannes Reinecke)
- Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz)
- nvme: clear caller pointer on identify failure (Keith Busch)
- usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-König)
- f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu)
- btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba)
- btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba)
- btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba)
- btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba)
- powerpc/boot: Only free if realloc() succeeds (Michael Ellerman)
- powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming)
- parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller)
- x86: Increase brk randomness entropy for 64-bit systems (Kees Cook)
- md: clean up invalid BUG_ON in md_ioctl (Li Nan)
- virtiofs: forbid newlines in tags (Stefan Hajnoczi)
- drm/lima: set gp bus_stop bit before hard reset (Erico Nunes)
- net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook)
- scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() (Justin Tee)
- fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov)
- media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil)
- quota: Remove BUG_ON from dqget() (Jan Kara)
- ext4: do not trim the group with corrupted block bitmap (Baokun Li)
- nvmet-trace: avoid dereferencing pointer too early (Daniel Wagner)
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan)
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (Chengfeng Ye)
- wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit)
- gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher)
- scsi: spi: Fix sshdr use (Mike Christie)
- binfmt_misc: cleanup on filesystem umount (Christian Brauner)
- staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye)
- media: radio-isa: use dev_name to fill in bus_info (Hans Verkuil)
- i2c: riic: avoid potential division by zero (Wolfram Sang)
- wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson)
- ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb)
- net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029098] {CVE-2024-44995}
- net: dsa: vsc73xx: pass value in phy_write operation (Pawel Dembicki)
- net: axienet: Fix register defines comment description (Radhey Shyam Pandey)
- net: axienet: Autodetect 64-bit DMA capability (Andre Przywara)
- net: axienet: Upgrade descriptors to hold 64-bit addresses (Andre Przywara)
- net: axienet: Wrap DMA pointer writes to prepare for 64 bit (Andre Przywara)
- net: axienet: Drop MDIO interrupt registers from ethtools dump (Andre Przywara)
- net: axienet: Check for DMA mapping errors (Andre Przywara)
- net: axienet: Factor out TX descriptor chain cleanup (Andre Przywara)
- net: axienet: Improve DMA error handling (Andre Przywara)
- net: axienet: Fix DMA descriptor cleanup path (Andre Przywara)
- atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029105] {CVE-2024-44998}
- net/mlx5e: Correctly report errors for ethtool rx flows (Cosmin Ratiu)
- s390/uv: Panic for set and remove shared access UVC errors (Claudio Imbrenda)
- btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin)
- overflow: Implement size_t saturating arithmetic helpers (Kees Cook)
- overflow.h: Add flex_array_size() helper (Gustavo A. R. Silva)
- memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070672] {CVE-2024-45021}
- drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen)
- selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei)
- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070680] {CVE-2024-45025}
- bitmap: introduce generic optimized bitmap_size() (Alexander Lobakin)
- vfs: Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029119] {CVE-2024-45003}
- dm persistent data: fix memory allocation failure (Mikulas Patocka)
- dm resume: don't return EINVAL when signalled (Khazhismel Kumykov)
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE (Haibo Xu)
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug: 37070687] {CVE-2024-45026}
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug: 37029125] {CVE-2024-45006}
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan José Arboleda)
- fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017951] {CVE-2024-44947}

[5.4.17-2136.337.1.el8uek]
- wireguard: netlink: check for dangling peer via is_dead instead of empty list (Jason A. Donenfeld) [Orabug: 36596766] {CVE-2024-26951}
- xsigo: add prefix xve/xsvnic with gro and __path_find (Alok Tiwari) [Orabug: 37089693]



ELSA-2024-8922 Low: Oracle Linux 8 bzip2 security update


Oracle Linux Security Advisory ELSA-2024-8922

http://linux.oracle.com/errata/ELSA-2024-8922.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bzip2-1.0.6-27.0.1.el8_10.x86_64.rpm
bzip2-devel-1.0.6-27.0.1.el8_10.i686.rpm
bzip2-devel-1.0.6-27.0.1.el8_10.x86_64.rpm
bzip2-libs-1.0.6-27.0.1.el8_10.i686.rpm
bzip2-libs-1.0.6-27.0.1.el8_10.x86_64.rpm

aarch64:
bzip2-1.0.6-27.0.1.el8_10.aarch64.rpm
bzip2-devel-1.0.6-27.0.1.el8_10.aarch64.rpm
bzip2-libs-1.0.6-27.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//bzip2-1.0.6-27.0.1.el8_10.src.rpm

Related CVEs:

CVE-2019-12900

Description of changes:

[1.0.6-27.0.1]
- CVE-2019-12900: Accept as many selectors as the file format allows [Orabug: 37266061]

[1.0.6-27]
- Fixes out of bounds access in BZ2_decompress (RHEL-64929)



ELSA-2024-9056 Moderate: Oracle Linux 8 gstreamer1-plugins-base security update


Oracle Linux Security Advisory ELSA-2024-9056

http://linux.oracle.com/errata/ELSA-2024-9056.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
gstreamer1-plugins-base-1.16.1-4.0.1.el8_10.i686.rpm
gstreamer1-plugins-base-1.16.1-4.0.1.el8_10.x86_64.rpm
gstreamer1-plugins-base-devel-1.16.1-4.0.1.el8_10.i686.rpm
gstreamer1-plugins-base-devel-1.16.1-4.0.1.el8_10.x86_64.rpm

aarch64:
gstreamer1-plugins-base-1.16.1-4.0.1.el8_10.aarch64.rpm
gstreamer1-plugins-base-devel-1.16.1-4.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//gstreamer1-plugins-base-1.16.1-4.0.1.el8_10.src.rpm

Related CVEs:

CVE-2024-4453

Description of changes:

[1.16.1-4.0.1]
- Update origin URL [Orabug: 36209826]

[1.16.1-4]
- CVE-2024-4453 gstreamer1: EXIF Metadata Parsing Integer Overflow
- Resolves: RHEL-38509



ELBA-2024-8827 Oracle Linux 8 rust-toolset:ol8 bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2024-8827

http://linux.oracle.com/errata/ELBA-2024-8827.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
cargo-1.79.0-2.module+el8.10.0+90433+1880e38c.x86_64.rpm
clippy-1.79.0-2.module+el8.10.0+90433+1880e38c.x86_64.rpm
rust-1.79.0-2.module+el8.10.0+90433+1880e38c.x86_64.rpm
rust-analyzer-1.79.0-2.module+el8.10.0+90433+1880e38c.x86_64.rpm
rust-debugger-common-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-doc-1.79.0-2.module+el8.10.0+90433+1880e38c.x86_64.rpm
rustfmt-1.79.0-2.module+el8.10.0+90433+1880e38c.x86_64.rpm
rust-gdb-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-lldb-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-src-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-std-static-1.79.0-2.module+el8.10.0+90433+1880e38c.x86_64.rpm
rust-std-static-wasm32-unknown-unknown-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-std-static-wasm32-wasi-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-std-static-wasm32-wasip1-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-toolset-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm

aarch64:
cargo-1.79.0-2.module+el8.10.0+90433+1880e38c.aarch64.rpm
clippy-1.79.0-2.module+el8.10.0+90433+1880e38c.aarch64.rpm
rust-1.79.0-2.module+el8.10.0+90433+1880e38c.aarch64.rpm
rust-analyzer-1.79.0-2.module+el8.10.0+90433+1880e38c.aarch64.rpm
rust-debugger-common-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-doc-1.79.0-2.module+el8.10.0+90433+1880e38c.aarch64.rpm
rustfmt-1.79.0-2.module+el8.10.0+90433+1880e38c.aarch64.rpm
rust-gdb-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-lldb-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-src-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-std-static-1.79.0-2.module+el8.10.0+90433+1880e38c.aarch64.rpm
rust-std-static-wasm32-unknown-unknown-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-std-static-wasm32-wasi-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-std-static-wasm32-wasip1-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm
rust-toolset-1.79.0-2.module+el8.10.0+90433+1880e38c.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//rust-1.79.0-2.module+el8.10.0+90433+1880e38c.src.rpm

Description of changes:

[1.79.0-2]
- Disable jump threading of float equality

[1.79.0-1]
- Update to 1.79.0

[1.78.0-1]
- Update to 1.78.0
- Make std-static-wasm* noarch again

[1.77.2-1]
- Update to 1.77.2.

[1.76.0-1]
- Update to 1.76.0.
- Sync rust-toolset macros to rust-packaging v25.2



ELSA-2024-12813 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12813

http://linux.oracle.com/errata/ELSA-2024-12813.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.337.5.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.337.5.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.337.5.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.337.5.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.337.5.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.337.5.el8uek.src.rpm

Related CVEs:

CVE-2023-31083
CVE-2024-26951
CVE-2024-36028
CVE-2024-41011
CVE-2024-41098
CVE-2024-42228
CVE-2024-43835
CVE-2024-43853
CVE-2024-43854
CVE-2024-43884
CVE-2024-44946
CVE-2024-44947
CVE-2024-44987
CVE-2024-44988
CVE-2024-44995
CVE-2024-44998
CVE-2024-44999
CVE-2024-45003
CVE-2024-45006
CVE-2024-45008
CVE-2024-45016
CVE-2024-45021
CVE-2024-45025
CVE-2024-45026
CVE-2024-45028
CVE-2024-46673
CVE-2024-46674
CVE-2024-46675
CVE-2024-46676
CVE-2024-46677
CVE-2024-46679
CVE-2024-46685
CVE-2024-46714
CVE-2024-46719
CVE-2024-46721
CVE-2024-46722
CVE-2024-46723
CVE-2024-46737
CVE-2024-46739
CVE-2024-46740
CVE-2024-46743
CVE-2024-46744
CVE-2024-46745
CVE-2024-46747
CVE-2024-46750
CVE-2024-46755
CVE-2024-46756
CVE-2024-46757
CVE-2024-46758
CVE-2024-46759
CVE-2024-46761
CVE-2024-46771
CVE-2024-46777
CVE-2024-46780
CVE-2024-46781
CVE-2024-46782
CVE-2024-46783
CVE-2024-46798
CVE-2024-46800
CVE-2024-46815
CVE-2024-46817
CVE-2024-46818
CVE-2024-46822
CVE-2024-46828
CVE-2024-46829
CVE-2024-46840
CVE-2024-46844
CVE-2024-47663
CVE-2024-47667
CVE-2024-47668
CVE-2024-47669
CVE-2024-49863
CVE-2024-49958

Description of changes:

[5.4.17-2136.337.5.el8uek]
- net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37093177]

[5.4.17-2136.337.4.el8uek]
- ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199020]
- Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna) [Orabug: 37199020]
- net/rds: Make send+receive IRQ assignments visible to user-space (Gerd Rausch) [Orabug: 36987151]
- igb: Do not free the irq resources if they are already freed by igb_close() (Yifei Liu) [Orabug: 37005245]
- A/A Bonding: check port count during RDMA device addition (Arumugam Kolappan) [Orabug: 36579195]

[5.4.17-2136.337.3.el8uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37137548] {CVE-2024-49863}
- rds/ib: Count memory consumed by rds_page_frag (Hans Westgaard Ry) [Orabug: 37172717]
- fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156523]
- mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin) [Orabug: 36683094] {CVE-2024-36028}
- uek: Disable /proc/uek under Xen and under non-Exadata systems (Konrad Rzeszutek Wilk) [Orabug: 37170992]
- uek: Add force_noio runtime option. (Konrad Rzeszutek Wilk) [Orabug: 37145327]
- treewide: Make the force_noio parameter be writable. (Konrad Rzeszutek Wilk) [Orabug: 37145327]
- treewide: Sample foo_bar_force_noio before use (Håkon Bugge) [Orabug: 37145327]
- workqueue: Add Oracle specific code to modify the flags of tasks. (Konrad Rzeszutek Wilk) [Orabug: 37145327]
- net/mlx5: Free IRQ rmap and notifier on kernel shutdown (Saeed Mahameed) [Orabug: 36706485]
- net/mlx5: Free irqs only on shutdown callback (Shay Drory) [Orabug: 36706485]
- kpcimgr: Add dynamic memory region allocation feature (Joe Dobosenski) [Orabug: 36983478]
- uek: kabi: Introduce APIs to hide/fake inclusion of headers (Saeed Mirzamohammadi) [Orabug: 37097450]
- RDMA/cma: Always set static rate to 0 for RoCE (Mark Zhang) [Orabug: 37100215]
- net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (Valentine Fatiev) [Orabug: 37104450]
- net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path (Valentine Fatiev) [Orabug: 37099359]

[5.4.17-2136.337.2.el8uek]
- LTS tag: v5.4.284 (Sherry Yang)
- Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" (Greg Kroah-Hartman)
- cx82310_eth: fix error return code in cx82310_bind() (Zhang Changzhong)
- net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Daniel Borkmann)
- rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116446] {CVE-2024-46829}
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko)
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (Andy Shevchenko)
- nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074465] {CVE-2024-46737}
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug: 37116413] {CVE-2024-46822}
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (James Morse)
- ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron)
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron)
- nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074677] {CVE-2024-46780}
- nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang)
- tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian)
- ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() (Steven Rostedt (VMware))
- uprobes: Use kzalloc to allocate xol area (Sven Schnelle)
- clocksource/drivers/timer-of: Remove percpu irq related code (Daniel Lezcano)
- clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai)
- clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai)
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (Naman Jain)
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug: 37074473] {CVE-2024-46739}
- nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven)
- binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074477] {CVE-2024-46740}
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (Matteo Martelli)
- iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner)
- staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug: 37159728] {CVE-2024-47663}
- NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (Trond Myklebust)
- ata: pata_macio: Use WARN instead of BUG (Michael Ellerman)
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159757] {CVE-2024-47668}
- of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074488] {CVE-2024-46743}
- Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074495] {CVE-2024-46744}
- usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum)
- Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074503] {CVE-2024-46745}
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074513] {CVE-2024-46747}
- btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba)
- PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074532] {CVE-2024-46750}
- btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116494] {CVE-2024-46840}
- btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik)
- smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang)
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074561] {CVE-2024-46755}
- libbpf: Add NULL checks to bpf_object__{prev_map,next_map} (Andreas Ziegler)
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074566] {CVE-2024-46756}
- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074571] {CVE-2024-46757}
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074579] {CVE-2024-46758}
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074584] {CVE-2024-46759}
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074595] {CVE-2024-46761}
- devres: Initialize an uninitialized struct member (Zijun Hu)
- um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116518] {CVE-2024-46844}
- cgroup: Protect css->cgroup write under css_set_lock (Waiman Long)
- iommu/vt-d: Handle volatile descriptor status read (Jacob Pan)
- dm init: Handle minors larger than 255 (Benjamin Marzinski)
- ASoC: topology: Properly initialize soc_enum values (Amadeusz Sławiński)
- net: dsa: vsc73xx: fix possible subblocks range of CAPT block (Pawel Dembicki)
- net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN (Jonas Gorski)
- net: bridge: fdb: convert added_by_external_learn to use bitops (Nikolay Aleksandrov)
- net: bridge: fdb: convert added_by_user to bitops (Nikolay Aleksandrov)
- net: bridge: fdb: convert is_sticky to bitops (Nikolay Aleksandrov)
- net: bridge: fdb: convert is_static to bitops (Nikolay Aleksandrov)
- net: bridge: fdb: convert is_local to bitops (Nikolay Aleksandrov)
- usbnet: modern method to get random MAC (Oliver Neukum)
- net: usb: don't write directly to netdev->dev_addr (Jakub Kicinski)
- drivers/net/usb: Remove all strcpy() uses (Len Baker)
- cx82310_eth: re-enable ethernet mode after router reboot (Ondrej Zary)
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074693] {CVE-2024-46783}
- platform/x86: dell-smbios: Fix error path in dell_smbios_init() (Aleksandr Mishin)
- can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074625] {CVE-2024-46771}
- pcmcia: Use resource_size function on resource object (Jules Irenge)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni)
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (Kishon Vijay Abraham I) [Orabug: 37159750] {CVE-2024-47667}
- usb: uas: set host status byte on data completion error (Shantanu Goel)
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel)
- udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074665] {CVE-2024-46777}
- netfilter: nf_conncount: fix wrong variable type (Yunjian Wang)
- af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima)
- irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali Rohár)
- smack: unix sockets: fix accept()ed socket label (Konstantin Andreev)
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai)
- nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159765] {CVE-2024-47669}
- nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074684] {CVE-2024-46781}
- sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke Høiland-Jørgensen) [Orabug: 37116443] {CVE-2024-46828}
- ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074689] {CVE-2024-46782}
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (Satya Priya Kakitapalli)
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (Satya Priya Kakitapalli)
- clk: hi6220: use CLK_OF_DECLARE_DRIVER (Peter Griffin)
- reset: hi6220: Add support for AO reset controller (Peter Griffin)
- fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn)
- fuse: update stats for pages in dropped aux writeback list (Joanne Koong)
- mmc: sdhci-of-aspeed: fix module autoloading (Liao Chen)
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko)
- irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() (Ma Ke)
- ata: libata: Fix memory leak for error path in ata_host_alloc() (Zheng Qixing)
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg)
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin) [Orabug: 37074722] {CVE-2024-46798}
- sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074726] {CVE-2024-46800}
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (Richard Fitzgerald)
- udf: Limit file size to 4TB (Jan Kara)
- virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964474] {CVE-2024-43835}
- net: set SOCK_RCU_FREE before inserting socket into hashtable (Stanislav Fomichev)
- block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964515] {CVE-2024-43854}
- media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda)
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073032] {CVE-2024-46714}
- wifi: cfg80211: make hash table duplicates more survivable (Johannes Berg)
- smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler)
- usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073065] {CVE-2024-46719}
- usbip: Don't submit special requests twice (Simon Holesch)
- ionic: fix potential irq name truncation (Shannon Nelson)
- apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073078] {CVE-2024-46721}
- drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (Michael Chen)
- drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073083] {CVE-2024-46722}
- drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073088] {CVE-2024-46723}
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (Hersen Wu)
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116366] {CVE-2024-46815}
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug: 37116376] {CVE-2024-46817}
- drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116385] {CVE-2024-46818}
- drm/amdgpu: fix overflowed array index read warning (Tim Huang)
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun)
- net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian)
- i2c: Fix conditional for substituting empty ACPI functions (Richard Fitzgerald)
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (Philip Mueller)
- LTS tag: v5.4.283 (Sherry Yang)
- scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070700] {CVE-2024-46673}
- net: dsa: mv8e6xxx: Fix stub function parameters (Andrew Lunn)
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu)
- usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski)
- usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070705] {CVE-2024-46674}
- usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070710] {CVE-2024-46675}
- usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski)
- USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian)
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray)
- soc: qcom: cmd-db: Map shared memory as WC, not WB (Volodymyr Babchuk)
- nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070717] {CVE-2024-46676}
- nfc: pn533: Add autopoll capability (Lars Poeschel)
- nfc: pn533: Add dev_up/dev_down hooks to phy_ops (Lars Poeschel)
- net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet)
- gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070722] {CVE-2024-46677}
- ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070728] {CVE-2024-46679}
- r8152: Factor out OOB link list waits (Prashant Malani)
- soundwire: stream: fix programming slave ports for non-continous port maps (Krzysztof Kozlowski)
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964510] {CVE-2024-43853}
- ata: libata-core: Fix null pointer dereference on error (Niklas Cassel) [Orabug: 36897457] {CVE-2024-41098}
- media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda)
- drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867631] {CVE-2024-41011}
- wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer)
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070744] {CVE-2024-46685}
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898009] {CVE-2024-42228}
(Alexander Lobakin)
- Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029137] {CVE-2024-45008}
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 36654191] {CVE-2023-31083}
- mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten)
- cxgb4: add forgotten u64 ivlan cast before shift (Nikolay Kuratov)
- HID: microsoft: Add rumble support to latest xbox controllers (Siarhei Vishniakou)
- HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke)
- Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992976] {CVE-2024-43884}
- mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070691] {CVE-2024-45028}
- drm/msm/dpu: don't play tricks with debug macros (Dmitry Baryshkov)
- drm/msm: use drm_debug_enabled() to check for debug categories (Jani Nikula)
- net: xilinx: axienet: Fix dangling multicast addresses (Sean Anderson)
- net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson)
- ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029076] {CVE-2024-44987}
- netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070660] {CVE-2024-45016}
- net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029082] {CVE-2024-44988}
- net: dsa: mv88e6xxx: replace ATU violation prints with trace points (Vladimir Oltean)
- net: dsa: mv88e6xxx: read FID when handling ATU violations (Hans J. Schultz)
- net: dsa: mv88e6xxx: global1_atu: Add helper for get next (Andrew Lunn)
- net: dsa: mv88e6xxx: global2: Expose ATU stats register (Andrew Lunn)
- netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior)
- kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013761] {CVE-2024-44946}
- tc-testing: don't access non-existent variable on exception (Simon Horman)
- Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz)
- Bluetooth: hci_core: Fix not handling link timeouts propertly (Luiz Augusto von Dentz)
- Bluetooth: Make use of __check_timeout on hci_sched_le (Luiz Augusto von Dentz)
- dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka)
- dm: do not use waitqueue for request-based DM (Ming Lei)
- dm mpath: pass IO start time to path selector (Gabriel Krisman Bertazi)
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (Aurelien Jarno)
- block: use "unsigned long" for blk_validate_block_size(). (Tetsuo Handa)
- gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029111] {CVE-2024-44999}
- hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang)
- nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg)
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li)
- irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang)
- usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati)
- s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev)
- openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde)
- NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown)
- nvmet-tcp: do not continue for invalid icreq (Hannes Reinecke)
- Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz)
- nvme: clear caller pointer on identify failure (Keith Busch)
- usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-König)
- f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu)
- btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba)
- btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba)
- btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba)
- btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba)
- powerpc/boot: Only free if realloc() succeeds (Michael Ellerman)
- powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming)
- parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller)
- x86: Increase brk randomness entropy for 64-bit systems (Kees Cook)
- md: clean up invalid BUG_ON in md_ioctl (Li Nan)
- virtiofs: forbid newlines in tags (Stefan Hajnoczi)
- drm/lima: set gp bus_stop bit before hard reset (Erico Nunes)
- net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook)
- scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() (Justin Tee)
- fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov)
- media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil)
- quota: Remove BUG_ON from dqget() (Jan Kara)
- ext4: do not trim the group with corrupted block bitmap (Baokun Li)
- nvmet-trace: avoid dereferencing pointer too early (Daniel Wagner)
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan)
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (Chengfeng Ye)
- wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit)
- gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher)
- scsi: spi: Fix sshdr use (Mike Christie)
- binfmt_misc: cleanup on filesystem umount (Christian Brauner)
- staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye)
- media: radio-isa: use dev_name to fill in bus_info (Hans Verkuil)
- i2c: riic: avoid potential division by zero (Wolfram Sang)
- wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson)
- ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb)
- net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029098] {CVE-2024-44995}
- net: dsa: vsc73xx: pass value in phy_write operation (Pawel Dembicki)
- net: axienet: Fix register defines comment description (Radhey Shyam Pandey)
- net: axienet: Autodetect 64-bit DMA capability (Andre Przywara)
- net: axienet: Upgrade descriptors to hold 64-bit addresses (Andre Przywara)
- net: axienet: Wrap DMA pointer writes to prepare for 64 bit (Andre Przywara)
- net: axienet: Drop MDIO interrupt registers from ethtools dump (Andre Przywara)
- net: axienet: Check for DMA mapping errors (Andre Przywara)
- net: axienet: Factor out TX descriptor chain cleanup (Andre Przywara)
- net: axienet: Improve DMA error handling (Andre Przywara)
- net: axienet: Fix DMA descriptor cleanup path (Andre Przywara)
- atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029105] {CVE-2024-44998}
- net/mlx5e: Correctly report errors for ethtool rx flows (Cosmin Ratiu)
- s390/uv: Panic for set and remove shared access UVC errors (Claudio Imbrenda)
- btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin)
- overflow: Implement size_t saturating arithmetic helpers (Kees Cook)
- overflow.h: Add flex_array_size() helper (Gustavo A. R. Silva)
- memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070672] {CVE-2024-45021}
- drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen)
- selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei)
- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070680] {CVE-2024-45025}
- bitmap: introduce generic optimized bitmap_size() (Alexander Lobakin)
- vfs: Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029119] {CVE-2024-45003}
- dm persistent data: fix memory allocation failure (Mikulas Patocka)
- dm resume: don't return EINVAL when signalled (Khazhismel Kumykov)
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE (Haibo Xu)
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug: 37070687] {CVE-2024-45026}
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug: 37029125] {CVE-2024-45006}
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan José Arboleda)
- fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017951] {CVE-2024-44947}

[5.4.17-2136.337.1.el8uek]
- wireguard: netlink: check for dangling peer via is_dead instead of empty list (Jason A. Donenfeld) [Orabug: 36596766] {CVE-2024-26951}
- xsigo: add prefix xve/xsvnic with gro and __path_find (Alok Tiwari) [Orabug: 37089693]



ELSA-2024-12813 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12813

http://linux.oracle.com/errata/ELSA-2024-12813.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.337.5.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.337.5.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.337.5.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.337.5.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.337.5.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.337.5.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.337.5.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.337.5.el7uek.x86_64.rpm

aarch64:
kernel-uek-5.4.17-2136.337.5.el7uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.337.5.el7uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.337.5.el7uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.337.5.el7uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.337.5.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.337.5.el7uek.aarch64.rpm
kernel-uek-tools-libs-5.4.17-2136.337.5.el7uek.aarch64.rpm
perf-5.4.17-2136.337.5.el7uek.aarch64.rpm
python-perf-5.4.17-2136.337.5.el7uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.337.5.el7uek.src.rpm

Related CVEs:

CVE-2023-31083
CVE-2024-26951
CVE-2024-36028
CVE-2024-41011
CVE-2024-41098
CVE-2024-42228
CVE-2024-43835
CVE-2024-43853
CVE-2024-43854
CVE-2024-43884
CVE-2024-44946
CVE-2024-44947
CVE-2024-44987
CVE-2024-44988
CVE-2024-44995
CVE-2024-44998
CVE-2024-44999
CVE-2024-45003
CVE-2024-45006
CVE-2024-45008
CVE-2024-45016
CVE-2024-45021
CVE-2024-45025
CVE-2024-45026
CVE-2024-45028
CVE-2024-46673
CVE-2024-46674
CVE-2024-46675
CVE-2024-46676
CVE-2024-46677
CVE-2024-46679
CVE-2024-46685
CVE-2024-46714
CVE-2024-46719
CVE-2024-46721
CVE-2024-46722
CVE-2024-46723
CVE-2024-46737
CVE-2024-46739
CVE-2024-46740
CVE-2024-46743
CVE-2024-46744
CVE-2024-46745
CVE-2024-46747
CVE-2024-46750
CVE-2024-46755
CVE-2024-46756
CVE-2024-46757
CVE-2024-46758
CVE-2024-46759
CVE-2024-46761
CVE-2024-46771
CVE-2024-46777
CVE-2024-46780
CVE-2024-46781
CVE-2024-46782
CVE-2024-46783
CVE-2024-46798
CVE-2024-46800
CVE-2024-46815
CVE-2024-46817
CVE-2024-46818
CVE-2024-46822
CVE-2024-46828
CVE-2024-46829
CVE-2024-46840
CVE-2024-46844
CVE-2024-47663
CVE-2024-47667
CVE-2024-47668
CVE-2024-47669
CVE-2024-49863
CVE-2024-49958

Description of changes:

[5.4.17-2136.337.5.el7uek]
- net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37093177]

[5.4.17-2136.337.4.el7uek]
- ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199020]
- Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna) [Orabug: 37199020]
- net/rds: Make send+receive IRQ assignments visible to user-space (Gerd Rausch) [Orabug: 36987151]
- igb: Do not free the irq resources if they are already freed by igb_close() (Yifei Liu) [Orabug: 37005245]
- A/A Bonding: check port count during RDMA device addition (Arumugam Kolappan) [Orabug: 36579195]

[5.4.17-2136.337.3.el7uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37137548] {CVE-2024-49863}
- rds/ib: Count memory consumed by rds_page_frag (Hans Westgaard Ry) [Orabug: 37172717]
- fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156523]
- mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin) [Orabug: 36683094] {CVE-2024-36028}
- uek: Disable /proc/uek under Xen and under non-Exadata systems (Konrad Rzeszutek Wilk) [Orabug: 37170992]
- uek: Add force_noio runtime option. (Konrad Rzeszutek Wilk) [Orabug: 37145327]
- treewide: Make the force_noio parameter be writable. (Konrad Rzeszutek Wilk) [Orabug: 37145327]
- treewide: Sample foo_bar_force_noio before use (Håkon Bugge) [Orabug: 37145327]
- workqueue: Add Oracle specific code to modify the flags of tasks. (Konrad Rzeszutek Wilk) [Orabug: 37145327]
- net/mlx5: Free IRQ rmap and notifier on kernel shutdown (Saeed Mahameed) [Orabug: 36706485]
- net/mlx5: Free irqs only on shutdown callback (Shay Drory) [Orabug: 36706485]
- kpcimgr: Add dynamic memory region allocation feature (Joe Dobosenski) [Orabug: 36983478]
- uek: kabi: Introduce APIs to hide/fake inclusion of headers (Saeed Mirzamohammadi) [Orabug: 37097450]
- RDMA/cma: Always set static rate to 0 for RoCE (Mark Zhang) [Orabug: 37100215]
- net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (Valentine Fatiev) [Orabug: 37104450]
- net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path (Valentine Fatiev) [Orabug: 37099359]

[5.4.17-2136.337.2.el7uek]
- LTS tag: v5.4.284 (Sherry Yang)
- Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" (Greg Kroah-Hartman)
- cx82310_eth: fix error return code in cx82310_bind() (Zhang Changzhong)
- net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Daniel Borkmann)
- rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116446] {CVE-2024-46829}
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko)
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (Andy Shevchenko)
- nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074465] {CVE-2024-46737}
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug: 37116413] {CVE-2024-46822}
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (James Morse)
- ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron)
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron)
- nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074677] {CVE-2024-46780}
- nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang)
- tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian)
- ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() (Steven Rostedt (VMware))
- uprobes: Use kzalloc to allocate xol area (Sven Schnelle)
- clocksource/drivers/timer-of: Remove percpu irq related code (Daniel Lezcano)
- clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai)
- clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai)
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (Naman Jain)
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug: 37074473] {CVE-2024-46739}
- nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven)
- binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074477] {CVE-2024-46740}
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (Matteo Martelli)
- iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner)
- staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug: 37159728] {CVE-2024-47663}
- NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (Trond Myklebust)
- ata: pata_macio: Use WARN instead of BUG (Michael Ellerman)
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159757] {CVE-2024-47668}
- of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074488] {CVE-2024-46743}
- Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074495] {CVE-2024-46744}
- usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum)
- Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074503] {CVE-2024-46745}
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074513] {CVE-2024-46747}
- btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba)
- PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074532] {CVE-2024-46750}
- btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116494] {CVE-2024-46840}
- btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik)
- smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang)
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074561] {CVE-2024-46755}
- libbpf: Add NULL checks to bpf_object__{prev_map,next_map} (Andreas Ziegler)
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074566] {CVE-2024-46756}
- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074571] {CVE-2024-46757}
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074579] {CVE-2024-46758}
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074584] {CVE-2024-46759}
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074595] {CVE-2024-46761}
- devres: Initialize an uninitialized struct member (Zijun Hu)
- um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116518] {CVE-2024-46844}
- cgroup: Protect css->cgroup write under css_set_lock (Waiman Long)
- iommu/vt-d: Handle volatile descriptor status read (Jacob Pan)
- dm init: Handle minors larger than 255 (Benjamin Marzinski)
- ASoC: topology: Properly initialize soc_enum values (Amadeusz Sławiński)
- net: dsa: vsc73xx: fix possible subblocks range of CAPT block (Pawel Dembicki)
- net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN (Jonas Gorski)
- net: bridge: fdb: convert added_by_external_learn to use bitops (Nikolay Aleksandrov)
- net: bridge: fdb: convert added_by_user to bitops (Nikolay Aleksandrov)
- net: bridge: fdb: convert is_sticky to bitops (Nikolay Aleksandrov)
- net: bridge: fdb: convert is_static to bitops (Nikolay Aleksandrov)
- net: bridge: fdb: convert is_local to bitops (Nikolay Aleksandrov)
- usbnet: modern method to get random MAC (Oliver Neukum)
- net: usb: don't write directly to netdev->dev_addr (Jakub Kicinski)
- drivers/net/usb: Remove all strcpy() uses (Len Baker)
- cx82310_eth: re-enable ethernet mode after router reboot (Ondrej Zary)
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074693] {CVE-2024-46783}
- platform/x86: dell-smbios: Fix error path in dell_smbios_init() (Aleksandr Mishin)
- can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074625] {CVE-2024-46771}
- pcmcia: Use resource_size function on resource object (Jules Irenge)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni)
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (Kishon Vijay Abraham I) [Orabug: 37159750] {CVE-2024-47667}
- usb: uas: set host status byte on data completion error (Shantanu Goel)
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel)
- udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074665] {CVE-2024-46777}
- netfilter: nf_conncount: fix wrong variable type (Yunjian Wang)
- af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima)
- irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali Rohár)
- smack: unix sockets: fix accept()ed socket label (Konstantin Andreev)
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai)
- nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159765] {CVE-2024-47669}
- nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074684] {CVE-2024-46781}
- sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke Høiland-Jørgensen) [Orabug: 37116443] {CVE-2024-46828}
- ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074689] {CVE-2024-46782}
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (Satya Priya Kakitapalli)
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (Satya Priya Kakitapalli)
- clk: hi6220: use CLK_OF_DECLARE_DRIVER (Peter Griffin)
- reset: hi6220: Add support for AO reset controller (Peter Griffin)
- fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn)
- fuse: update stats for pages in dropped aux writeback list (Joanne Koong)
- mmc: sdhci-of-aspeed: fix module autoloading (Liao Chen)
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko)
- irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() (Ma Ke)
- ata: libata: Fix memory leak for error path in ata_host_alloc() (Zheng Qixing)
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg)
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin) [Orabug: 37074722] {CVE-2024-46798}
- sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074726] {CVE-2024-46800}
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (Richard Fitzgerald)
- udf: Limit file size to 4TB (Jan Kara)
- virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964474] {CVE-2024-43835}
- net: set SOCK_RCU_FREE before inserting socket into hashtable (Stanislav Fomichev)
- block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964515] {CVE-2024-43854}
- media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda)
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073032] {CVE-2024-46714}
- wifi: cfg80211: make hash table duplicates more survivable (Johannes Berg)
- smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler)
- usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073065] {CVE-2024-46719}
- usbip: Don't submit special requests twice (Simon Holesch)
- ionic: fix potential irq name truncation (Shannon Nelson)
- apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073078] {CVE-2024-46721}
- drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (Michael Chen)
- drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073083] {CVE-2024-46722}
- drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073088] {CVE-2024-46723}
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (Hersen Wu)
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116366] {CVE-2024-46815}
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug: 37116376] {CVE-2024-46817}
- drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116385] {CVE-2024-46818}
- drm/amdgpu: fix overflowed array index read warning (Tim Huang)
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun)
- net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian)
- i2c: Fix conditional for substituting empty ACPI functions (Richard Fitzgerald)
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (Philip Mueller)
- LTS tag: v5.4.283 (Sherry Yang)
- scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070700] {CVE-2024-46673}
- net: dsa: mv8e6xxx: Fix stub function parameters (Andrew Lunn)
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu)
- usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski)
- usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070705] {CVE-2024-46674}
- usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070710] {CVE-2024-46675}
- usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski)
- USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian)
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray)
- soc: qcom: cmd-db: Map shared memory as WC, not WB (Volodymyr Babchuk)
- nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070717] {CVE-2024-46676}
- nfc: pn533: Add autopoll capability (Lars Poeschel)
- nfc: pn533: Add dev_up/dev_down hooks to phy_ops (Lars Poeschel)
- net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet)
- gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070722] {CVE-2024-46677}
- ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070728] {CVE-2024-46679}
- r8152: Factor out OOB link list waits (Prashant Malani)
- soundwire: stream: fix programming slave ports for non-continous port maps (Krzysztof Kozlowski)
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964510] {CVE-2024-43853}
- ata: libata-core: Fix null pointer dereference on error (Niklas Cassel) [Orabug: 36897457] {CVE-2024-41098}
- media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda)
- drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867631] {CVE-2024-41011}
- wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer)
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070744] {CVE-2024-46685}
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898009] {CVE-2024-42228}
(Alexander Lobakin)
- Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029137] {CVE-2024-45008}
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 36654191] {CVE-2023-31083}
- mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten)
- cxgb4: add forgotten u64 ivlan cast before shift (Nikolay Kuratov)
- HID: microsoft: Add rumble support to latest xbox controllers (Siarhei Vishniakou)
- HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke)
- Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992976] {CVE-2024-43884}
- mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070691] {CVE-2024-45028}
- drm/msm/dpu: don't play tricks with debug macros (Dmitry Baryshkov)
- drm/msm: use drm_debug_enabled() to check for debug categories (Jani Nikula)
- net: xilinx: axienet: Fix dangling multicast addresses (Sean Anderson)
- net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson)
- ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029076] {CVE-2024-44987}
- netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070660] {CVE-2024-45016}
- net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029082] {CVE-2024-44988}
- net: dsa: mv88e6xxx: replace ATU violation prints with trace points (Vladimir Oltean)
- net: dsa: mv88e6xxx: read FID when handling ATU violations (Hans J. Schultz)
- net: dsa: mv88e6xxx: global1_atu: Add helper for get next (Andrew Lunn)
- net: dsa: mv88e6xxx: global2: Expose ATU stats register (Andrew Lunn)
- netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior)
- kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013761] {CVE-2024-44946}
- tc-testing: don't access non-existent variable on exception (Simon Horman)
- Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz)
- Bluetooth: hci_core: Fix not handling link timeouts propertly (Luiz Augusto von Dentz)
- Bluetooth: Make use of __check_timeout on hci_sched_le (Luiz Augusto von Dentz)
- dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka)
- dm: do not use waitqueue for request-based DM (Ming Lei)
- dm mpath: pass IO start time to path selector (Gabriel Krisman Bertazi)
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (Aurelien Jarno)
- block: use "unsigned long" for blk_validate_block_size(). (Tetsuo Handa)
- gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029111] {CVE-2024-44999}
- hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang)
- nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg)
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li)
- irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang)
- usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati)
- s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev)
- openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde)
- NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown)
- nvmet-tcp: do not continue for invalid icreq (Hannes Reinecke)
- Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz)
- nvme: clear caller pointer on identify failure (Keith Busch)
- usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-König)
- f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu)
- btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba)
- btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba)
- btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba)
- btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba)
- powerpc/boot: Only free if realloc() succeeds (Michael Ellerman)
- powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming)
- parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller)
- x86: Increase brk randomness entropy for 64-bit systems (Kees Cook)
- md: clean up invalid BUG_ON in md_ioctl (Li Nan)
- virtiofs: forbid newlines in tags (Stefan Hajnoczi)
- drm/lima: set gp bus_stop bit before hard reset (Erico Nunes)
- net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook)
- scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() (Justin Tee)
- fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov)
- media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil)
- quota: Remove BUG_ON from dqget() (Jan Kara)
- ext4: do not trim the group with corrupted block bitmap (Baokun Li)
- nvmet-trace: avoid dereferencing pointer too early (Daniel Wagner)
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan)
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (Chengfeng Ye)
- wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit)
- gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher)
- scsi: spi: Fix sshdr use (Mike Christie)
- binfmt_misc: cleanup on filesystem umount (Christian Brauner)
- staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye)
- media: radio-isa: use dev_name to fill in bus_info (Hans Verkuil)
- i2c: riic: avoid potential division by zero (Wolfram Sang)
- wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson)
- ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb)
- net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029098] {CVE-2024-44995}
- net: dsa: vsc73xx: pass value in phy_write operation (Pawel Dembicki)
- net: axienet: Fix register defines comment description (Radhey Shyam Pandey)
- net: axienet: Autodetect 64-bit DMA capability (Andre Przywara)
- net: axienet: Upgrade descriptors to hold 64-bit addresses (Andre Przywara)
- net: axienet: Wrap DMA pointer writes to prepare for 64 bit (Andre Przywara)
- net: axienet: Drop MDIO interrupt registers from ethtools dump (Andre Przywara)
- net: axienet: Check for DMA mapping errors (Andre Przywara)
- net: axienet: Factor out TX descriptor chain cleanup (Andre Przywara)
- net: axienet: Improve DMA error handling (Andre Przywara)
- net: axienet: Fix DMA descriptor cleanup path (Andre Przywara)
- atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029105] {CVE-2024-44998}
- net/mlx5e: Correctly report errors for ethtool rx flows (Cosmin Ratiu)
- s390/uv: Panic for set and remove shared access UVC errors (Claudio Imbrenda)
- btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin)
- overflow: Implement size_t saturating arithmetic helpers (Kees Cook)
- overflow.h: Add flex_array_size() helper (Gustavo A. R. Silva)
- memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070672] {CVE-2024-45021}
- drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen)
- selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei)
- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070680] {CVE-2024-45025}
- bitmap: introduce generic optimized bitmap_size() (Alexander Lobakin)
- vfs: Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029119] {CVE-2024-45003}
- dm persistent data: fix memory allocation failure (Mikulas Patocka)
- dm resume: don't return EINVAL when signalled (Khazhismel Kumykov)
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE (Haibo Xu)
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug: 37070687] {CVE-2024-45026}
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug: 37029125] {CVE-2024-45006}
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan José Arboleda)
- fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017951] {CVE-2024-44947}

[5.4.17-2136.337.1.el7uek]
- wireguard: netlink: check for dangling peer via is_dead instead of empty list (Jason A. Donenfeld) [Orabug: 36596766] {CVE-2024-26951}
- xsigo: add prefix xve/xsvnic with gro and __path_find (Alok Tiwari) [Orabug: 37089693]



ELSA-2024-12814 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12814

http://linux.oracle.com/errata/ELSA-2024-12814.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-2047.542.2.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2047.542.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2047.542.2.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2047.542.2.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2047.542.2.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2047.542.2.el7uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.542.2.el7uek.src.rpm

Related CVEs:

CVE-2024-41012
CVE-2024-41015
CVE-2024-41017
CVE-2024-41020
CVE-2024-41059
CVE-2024-41063
CVE-2024-41068
CVE-2024-41072
CVE-2024-41081

Description of changes:

[4.14.35-2047.542.2.el7uek]
- fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156524]
- lib/math: move int_pow() from pwm_bl.c for wider use (Andy Shevchenko) [Orabug: 37156524]

[4.14.35-2047.542.1.el7uek]
- genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (Dongli Zhang) [Orabug: 37132827]
- net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (Valentine Fatiev) [Orabug: 37104452]
- RDMA/cma: Always set static rate to 0 for RoCE (Mark Zhang) [Orabug: 37100216]
- net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path (Valentine Fatiev) [Orabug: 37099360]
- LTS version v4.14.352 (Yifei Liu)
- filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36874759] {CVE-2024-41012} {CVE-2024-41020}
- jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891668] {CVE-2024-41017}
- ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891656] {CVE-2024-41015}
- ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu)
- ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada)
- filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874759] {CVE-2024-41012} {CVE-2024-41020}
- hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896970] {CVE-2024-41059}
- selftests/vDSO: fix clang build errors and warnings (John Hubbard)
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-König)
- fs: better handle deep ancestor chains in is_subdir() (Christian Brauner)
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896995] {CVE-2024-41063}
- net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang)
- net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas)
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang)
- s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897034] {CVE-2024-41068}
- Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose)
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897313] {CVE-2024-41072}
- mei: demote client disconnect warning on suspend to debug (Alexander Usyskin)
- fs/file: fix the check in find_next_fd() (Yuntao Wang)
- kconfig: remove wrong expr_trans_bool() (Masahiro Yamada)
- kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada)
- ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897361] {CVE-2024-41081}
- Input: silead - Always support 10 fingers (Hans de Goede)
- Input: silead - add support for capactive home button found on some x86 tablets (Hans de Goede)
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov)
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande)
- ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf)
- ACPI: EC: Abort address space access upon error (Armin Wolf)
- scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap)
- gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook)



ELSA-2024-12814 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-12814

http://linux.oracle.com/errata/ELSA-2024-12814.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-2047.542.2.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-2047.542.2.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-2047.542.2.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-2047.542.2.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-2047.542.2.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-2047.542.2.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-2047.542.2.el7uek.aarch64.rpm
perf-4.14.35-2047.542.2.el7uek.aarch64.rpm
python-perf-4.14.35-2047.542.2.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-2047.542.2.el7uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.542.2.el7uek.src.rpm

Related CVEs:

CVE-2024-41012
CVE-2024-41015
CVE-2024-41017
CVE-2024-41020
CVE-2024-41059
CVE-2024-41063
CVE-2024-41068
CVE-2024-41072
CVE-2024-41081

Description of changes:

[4.14.35-2047.542.2.el7uek]
- fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156524]
- lib/math: move int_pow() from pwm_bl.c for wider use (Andy Shevchenko) [Orabug: 37156524]

[4.14.35-2047.542.1.el7uek]
- genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (Dongli Zhang) [Orabug: 37132827]
- net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (Valentine Fatiev) [Orabug: 37104452]
- RDMA/cma: Always set static rate to 0 for RoCE (Mark Zhang) [Orabug: 37100216]
- net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path (Valentine Fatiev) [Orabug: 37099360]
- LTS version v4.14.352 (Yifei Liu)
- filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36874759] {CVE-2024-41012} {CVE-2024-41020}
- jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891668] {CVE-2024-41017}
- ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891656] {CVE-2024-41015}
- ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu)
- ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada)
- filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874759] {CVE-2024-41012} {CVE-2024-41020}
- hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896970] {CVE-2024-41059}
- selftests/vDSO: fix clang build errors and warnings (John Hubbard)
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-König)
- fs: better handle deep ancestor chains in is_subdir() (Christian Brauner)
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896995] {CVE-2024-41063}
- net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang)
- net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas)
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang)
- s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897034] {CVE-2024-41068}
- Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose)
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897313] {CVE-2024-41072}
- mei: demote client disconnect warning on suspend to debug (Alexander Usyskin)
- fs/file: fix the check in find_next_fd() (Yuntao Wang)
- kconfig: remove wrong expr_trans_bool() (Masahiro Yamada)
- kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada)
- ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897361] {CVE-2024-41081}
- Input: silead - Always support 10 fingers (Hans de Goede)
- Input: silead - add support for capactive home button found on some x86 tablets (Hans de Goede)
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov)
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande)
- ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf)
- ACPI: EC: Abort address space access upon error (Armin Wolf)
- scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap)
- gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook)