Oracle Linux 6277 Published by

The following updates have been released for Oracle Linux:

ELSA-2024-12611 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2024-12610 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELBA-2024-12613 Oracle Linux 8 osbuild-composer bug fix update
ELBA-2024-12615 Oracle Linux 8 mdadm bug fix update
ELSA-2024-12618 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2024-12612 Important: Oracle Linux 8 Unbreakable Enterprise kernel-container security update
ELSA-2024-12610 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELBA-2024-12614 Oracle Linux 9 osbuild-composer bug fix update
ELSA-2024-6529 Moderate: Oracle Linux 9 dovecot security update
ELBA-2024-12622 Oracle Linux 9 initscripts bug fix update
ELBA-2024-12617 Oracle Linux 9 selinux-policy bug fix update
ELSA-2024-6567 Moderate: Oracle Linux 9 kernel security update
ELBA-2024-12616 Oracle Linux 9 mdadm bug fix update
[USN-7003-2] Linux kernel vulnerabilities
[USN-7003-1] Linux kernel vulnerabilities




ELSA-2024-12611 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12611

http://linux.oracle.com/errata/ELSA-2024-12611.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-2047.540.4.1.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2047.540.4.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2047.540.4.1.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2047.540.4.1.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2047.540.4.1.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2047.540.4.1.el7uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.540.4.1.el7uek.src.rpm

Related CVEs:

CVE-2023-52796
CVE-2024-33621
CVE-2024-36015
CVE-2024-36016
CVE-2024-36286
CVE-2024-36484
CVE-2024-37353
CVE-2024-37356
CVE-2024-38549
CVE-2024-38558
CVE-2024-38559
CVE-2024-38560
CVE-2024-38565
CVE-2024-38567
CVE-2024-38578
CVE-2024-38579
CVE-2024-38582
CVE-2024-38583
CVE-2024-38589
CVE-2024-38596
CVE-2024-38599
CVE-2024-38601
CVE-2024-38612
CVE-2024-38613
CVE-2024-38618
CVE-2024-38621
CVE-2024-38627
CVE-2024-38633
CVE-2024-38634
CVE-2024-38637
CVE-2024-38659
CVE-2024-38780
CVE-2024-39276
CVE-2024-39292
CVE-2024-39301
CVE-2024-39475
CVE-2024-39480
CVE-2024-39488
CVE-2024-39489
CVE-2024-40968

Description of changes:

[4.14.35-2047.540.4.1.el7uek]
- Revert "selftests/kcmp: Make the test output consistent and clear" (Samasth Norway Ananda) [Orabug: 37029311]

[4.14.35-2047.540.4.el7uek]
- kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson)
- ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno)
- printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36208661]

[4.14.35-2047.540.3.el7uek]
- MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36952386] {CVE-2024-40968}

[4.14.35-2047.540.2.el7uek]
- fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922242]
- cifs: fix panic in smb2_reconnect (Ronnie Sahlberg) [Orabug: 36314494]
- cifs: convert cifs_put_smb_ses from static to global (Dai Ngo) [Orabug: 36314494]
- net: relax socket state check at accept time. (Paolo Abeni) [Orabug: 36768890] {CVE-2024-36484}

[4.14.35-2047.540.1.el7uek]
- x86/cpu: Avoid cpuinfo-induced IPI pileups (Paul E. McKenney) [Orabug: 35773812]
- LTS version v4.14.349 (Yifei Liu)
- x86/kvm: Disable all PV features on crash (Vitaly Kuznetsov)
- x86/kvm: Disable kvmclock on all CPUs on shutdown (Vitaly Kuznetsov)
- x86/kvm: Teardown PV features on boot CPU as well (Vitaly Kuznetsov)
- nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov)
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774600] {CVE-2024-39276}
- sparc: move struct termio to asm/termios.h (Mike Gilbert)
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson)
- kdb: Merge identical case statements in kdb_read() (Daniel Thompson)
- kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson)
- kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) [Orabug: 36809289] {CVE-2024-39480}
- sparc64: Fix number of online CPUs (Sam Ravnborg)
- intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin)
- net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774613] {CVE-2024-39301}
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier)
- netfilter: nft_dynset: relax superfluous check on set updates (Pablo Neira Ayuso)
- netfilter: nft_dynset: report EOPNOTSUPP on missing set feature (Pablo Neira Ayuso)
- netfilter: nf_tables: don't skip expired elements during walk (Pablo Neira Ayuso)
- netfilter: nf_tables: drop map element references from preparation phase (Pablo Neira Ayuso)
- netfilter: nf_tables: pass ctx to nf_tables_expr_destroy() (Pablo Neira Ayuso)
- netfilter: nftables: rename set element data activation/deactivation functions (Pablo Neira Ayuso)
- netfilter: nf_tables: pass context to nft_set_destroy() (Pablo Neira Ayuso)
- netfilter: nf_tables: fix set double-free in abort path (Pablo Neira Ayuso)
- netfilter: nf_tables: add nft_set_is_anonymous() helper (Pablo Neira Ayuso)
- fbdev: savage: Handle err return when savagefb_check_var failed (Cai Xinchen) [Orabug: 36809265] {CVE-2024-39475}
- media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil)
- media: mxl5xx: Move xpt structures off stack (Nathan Chancellor)
- arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen)
- arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski)
- ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov)
- neighbour: fix unaligned access to pneigh_entry (Qingfang DENG)
- nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753565] {CVE-2024-38583}
- fs/nilfs2: convert timers to use timer_setup() (Kees Cook)
- mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz)
- binder: fix max_thread type inconsistency (Carlos Llamas)
- ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753730] {CVE-2024-38618}
- ALSA: timer: Simplify timer hw resolution calls (Takashi Iwai)
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763552] {CVE-2024-33621}
- ipvlan: add ipvlan_route_v6_outbound() helper (Eric Dumazet) [Orabug: 36940543] {CVE-2023-52796}
- ipvlan: properly track tx_errors (Eric Dumazet)
- net: add DEV_STATS_READ() helper (Eric Dumazet)
- kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada)
- net:fec: Add fec_enet_deinit() (Xiaolei Wang)
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran)
- smsc95xx: use usbnet->driver_priv (Andre Edich)
- smsc95xx: remove redundant function arguments (Andre Edich)
- enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763837] {CVE-2024-38659}
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763846] {CVE-2024-38780}
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran)
- nvmet: fix ns enable/disable possible hang (Sagi Grimberg)
- spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko)
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug: 36763571] {CVE-2024-36286}
- net: fec: avoid lock evasion when reading pps_enable (Wei Fang)
- net: fec: remove redundant variable 'inc' (Colin Ian King)
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763588] {CVE-2024-37353}
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825259] {CVE-2024-39488}
- openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole)
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763592] {CVE-2024-37356}
- params: lift param_set_uint_minmax to common code (Sagi Grimberg)
- ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825263] {CVE-2024-39489}
- x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada)
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun)
- media: cec: cec-api: add locking in cec_release() (Hans Verkuil)
- um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie)
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde)
- media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763603] {CVE-2024-38621}
- um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768584] {CVE-2024-39292}
- um: Fix return value in ubd_init() (Duoming Zhou)
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu)
- Input: ims-pcu - fix printf string overflow (Arnd Bergmann)
- libsubcmd: Fix parse-options memory leak (Ian Rogers)
- f2fs: add error prints for debugging mount failure (Sahitya Tummala)
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap)
- ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678065] {CVE-2024-36015}
- stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763764] {CVE-2024-38627}
- usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff)
- greybus: arche-ctrl: move device table to its right location (Arnd Bergmann)
- serial: max3100: Fix bitwise types (Andy Shevchenko)
- serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763815] {CVE-2024-38633}
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug: 36763820] {CVE-2024-38634}
- firmware: dmi-id: add a release callback function (Arnd Bergmann)
- dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni)
- greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763833] {CVE-2024-38637}
- sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov)
- sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax (Valentin Schneider)
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet)
- netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753582] {CVE-2024-38589}
- RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky)
- RDMA/ipoib: Fix use of sizeof() (Kamal Heib)
- selftests/kcmp: remove unused open mode (Edward Liaw)
- selftests/kcmp: Make the test output consistent and clear (Gautam Menghani)
- ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara)
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter)
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt)
- fbdev: sh7760fb: allow modular build (Randy Dunlap)
- media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda)
- media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov)
- powerpc/fsl-soc: hide unused const variable (Arnd Bergmann)
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753415] {CVE-2024-38549}
- fbdev: shmobile: fix snprintf truncation (Arnd Bergmann)
- mtd: rawnand: hynix: fixed typo (Maxim Korotkov)
- ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753711] {CVE-2024-38612}
- ipv6: sr: fix incorrect unregister order (Hangbin Liu)
- ipv6: sr: add missing seg6_local_exit (Hangbin Liu)
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753463] {CVE-2024-38558}
- net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet)
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753600] {CVE-2024-38596}
- m68k: mac: Fix reboot hang on Mac IIci (Finn Thain)
- m68k/mac: Use '030 reset method on SE/30 (Finn Thain)
- m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753715] {CVE-2024-38613}
- net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet)
- wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter)
- scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753468] {CVE-2024-38559}
- scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753473] {CVE-2024-38560}
- Revert "sh: Handle calling csum_partial with misaligned data" (Guenter Roeck)
- sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven)
- wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753486] {CVE-2024-38565}
- wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753509] {CVE-2024-38567}
- macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" (Finn Thain)
- macintosh/via-macii, macintosh/adb-iop: Clean up whitespace (Finn Thain)
- m68k/mac: Add mutual exclusion for IOP interrupt polling (Finn Thain)
- macintosh/via-macii: Remove BUG_ON assertions (Finn Thain)
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui)
- scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov)
- scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang)
- ACPI: disable -Wstringop-truncation (Arnd Bergmann)
- irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu)
- scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney)
- scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney)
- scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney)
- wifi: ath10k: poll service ready message before failing (Baochen Qiang)
- nfsd: drop st_mutex before calling move_to_close_lru() (NeilBrown)
- null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun)
- jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753652] {CVE-2024-38599}
- crypto: ccp - drop platform ifdef checks (Arnd Bergmann)
- parisc: add missing export of __cmpxchg_u8() (Al Viro)
- nilfs2: fix out-of-range warning (Arnd Bergmann)
- ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753537] {CVE-2024-38578}
- firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart)
- crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753542] {CVE-2024-38579}
- ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart)
- ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang)
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang)
- net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas)
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev)
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678069] {CVE-2024-36016}
- nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753558] {CVE-2024-38582}
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi)
- ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753662] {CVE-2024-38601}



ELSA-2024-12610 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12610

http://linux.oracle.com/errata/ELSA-2024-12610.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.335.4.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.335.4.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.335.4.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.335.4.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.335.4.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.335.4.el8uek.src.rpm

Related CVEs:

CVE-2022-3566
CVE-2022-3567
CVE-2023-4881
CVE-2023-52628
CVE-2023-52803
CVE-2024-36484
CVE-2024-36894
CVE-2024-36974
CVE-2024-36978
CVE-2024-37078
CVE-2024-38619
CVE-2024-39469
CVE-2024-39487
CVE-2024-39495
CVE-2024-39499
CVE-2024-39501
CVE-2024-39502
CVE-2024-39505
CVE-2024-39506
CVE-2024-39509
CVE-2024-40901
CVE-2024-40902
CVE-2024-40904
CVE-2024-40905
CVE-2024-40912
CVE-2024-40932
CVE-2024-40934
CVE-2024-40941
CVE-2024-40942
CVE-2024-40943
CVE-2024-40945
CVE-2024-40958
CVE-2024-40959
CVE-2024-40960
CVE-2024-40961
CVE-2024-40963
CVE-2024-40968
CVE-2024-40974
CVE-2024-40978
CVE-2024-40980
CVE-2024-40981
CVE-2024-40987
CVE-2024-40988
CVE-2024-40993
CVE-2024-40995
CVE-2024-41006
CVE-2024-41007
CVE-2024-41022
CVE-2024-41034
CVE-2024-41035
CVE-2024-41041
CVE-2024-41044
CVE-2024-41046
CVE-2024-41049
CVE-2024-41087
CVE-2024-41089
CVE-2024-41095
CVE-2024-41097
CVE-2024-42070
CVE-2024-42076
CVE-2024-42084
CVE-2024-42086
CVE-2024-42087
CVE-2024-42089
CVE-2024-42090
CVE-2024-42092
CVE-2024-42093
CVE-2024-42094
CVE-2024-42096
CVE-2024-42097
CVE-2024-42101
CVE-2024-42104
CVE-2024-42105
CVE-2024-42106
CVE-2024-42115
CVE-2024-42119
CVE-2024-42124
CVE-2024-42127
CVE-2024-42143
CVE-2024-42145
CVE-2024-42148
CVE-2024-42153
CVE-2024-42154
CVE-2024-42157
CVE-2024-42223
CVE-2024-42224
CVE-2024-42232
CVE-2024-42236

Description of changes:

[5.4.17-2136.335.4.el8uek]
caches for x86_64. (Imran Khan) [Orabug: 36951041]
- printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36456582]
- kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson)
- driver core: Fix uevent_show() vs driver detach race (Dan Williams)
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-König)
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno)

[5.4.17-2136.335.3.el8uek]
- MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36947196] {CVE-2024-40968}

[5.4.17-2136.335.2.el8uek]
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (Dan Carpenter) [Orabug: 36898075] {CVE-2024-41022}
- net: relax socket state check at accept time. (Paolo Abeni) [Orabug: 36768889] {CVE-2024-36484}
- fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922241]
- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (Chuck Lever) [Orabug: 36908594]
- x86/cpu: Avoid cpuinfo-induced IPI pileups (Paul E. McKenney) [Orabug: 35773811]

[5.4.17-2136.335.1.el8uek]
- LTS tag: v5.4.280 (Alok Tiwari)
- i2c: rcar: bring hardware to known state when probing (Wolfram Sang)
- nilfs2: fix kernel bug on rename operation of broken directory (Ryusuke Konishi) [Orabug: 36896821] {CVE-2024-41034}
- tcp: avoid too many retransmit packets (Eric Dumazet) [Orabug: 36841816] {CVE-2024-41007}
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Eric Dumazet)
- net: tcp: fix unexcepted socket die when snd_wnd is 0 (Menglong Dong)
- tcp: refactor tcp_retransmit_timer() (Eric Dumazet)
- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (felix) [Orabug: 36940547] {CVE-2023-52803}
- libceph: fix race between delayed_work() and ceph_monc_stop() (Ilya Dryomov) [Orabug: 36930128] {CVE-2024-42232}
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (Edson Juliano Drosdeck)
- nvmem: meson-efuse: Fix return value of nvmem callbacks (Joy Chakraborty)
- hpet: Support 32-bit userspace (He Zhe)
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (Alan Stern) [Orabug: 36896826] {CVE-2024-41035}
- usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (Lee Jones) [Orabug: 36930138] {CVE-2024-42236}
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (WangYuli)
- USB: serial: option: add Rolling RW350-GL variants (Vanillan Wang)
- USB: serial: option: add Netprisma LCUK54 series modules (Mank Wang)
- USB: serial: option: add support for Foxconn T99W651 (Slark Xiao)
- USB: serial: option: add Fibocom FM350-GL (Bjørn Mork)
- USB: serial: option: add Telit FN912 rmnet compositions (Daniele Palmas)
- USB: serial: option: add Telit generic core-dump composition (Daniele Palmas)
- ARM: davinci: Convert comma to semicolon (Chen Ni)
- s390: Mark psw in __load_psw_mask() as __unitialized (Sven Schnelle)
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (Kuniyuki Iwashima) [Orabug: 36896842] {CVE-2024-41041}
- ppp: reject claimed-as-LCP but actually malformed packets (Dmitry Antipov) [Orabug: 36896856] {CVE-2024-41044}
- net: ethernet: lantiq_etop: fix double free in detach (Aleksander Jan Bajkowski) [Orabug: 36896863] {CVE-2024-41046}
- net: lantiq_etop: add blank line after declaration (Aleksander Jan Bajkowski)
- octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() (Aleksandr Mishin)
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (Neal Cardwell)
- tcp: add TCP_INFO status for failed client TFO (Jason Baron)
- vfs: don't mod negative dentry count when on shrinker list (Brian Foster)
- fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (linke li)
- filelock: fix potential use-after-free in posix_lock_inode (Jeff Layton) [Orabug: 36896877] {CVE-2024-41049}
- nilfs2: fix incorrect inode allocation from reserved inodes (Ryusuke Konishi)
- nvme-multipath: find NUMA path only for online numa-node (Nilay Shroff)
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (Jian-Hong Pan)
- i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (Piotr Wojtaszczyk) [Orabug: 36897909] {CVE-2024-42153}
- media: dw2102: fix a potential buffer overflow (Mauro Carvalho Chehab)
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds (Ghadi Elie Rahme) [Orabug: 36897886] {CVE-2024-42148}
- drm/amdgpu/atomfirmware: silence UBSAN warning (Alex Deucher)
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (Ma Ke) [Orabug: 36897640] {CVE-2024-42101}
- Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (Jan Kara)
- fsnotify: Do not generate events for O_PATH file descriptors (Jan Kara)
- can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (Jimmy Assarsson)
- mm: optimize the redundant loop of mm_update_owner_next() (Jinliang Zheng)
- nilfs2: add missing check for inode numbers on directory entries (Ryusuke Konishi) [Orabug: 36897652] {CVE-2024-42104}
- nilfs2: fix inode number range checks (Ryusuke Konishi) [Orabug: 36897658] {CVE-2024-42105}
- inet_diag: Initialize pad field in struct inet_diag_req_v2 (Shigeru Yoshida) [Orabug: 36897666] {CVE-2024-42106}
- selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang)
- selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang)
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Sam Sun) [Orabug: 36825248] {CVE-2024-39487}
- tcp_metrics: validate source addr length (Jakub Kicinski) [Orabug: 36897915] {CVE-2024-42154}
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (Neal Cardwell)
- net: tcp better handling of reordering then loss cases (Yuchung Cheng)
- tcp: add ece_ack flag to reno sack functions (Yousuk Seung)
- tcp: tcp_mark_head_lost is only valid for sack-tcp (zhang kai)
- s390/pkey: Wipe sensitive data on failure (Holger Dengler) [Orabug: 36897934] {CVE-2024-42157}
- jffs2: Fix potential illegal address access in jffs2_free_inode (Wang Yong) [Orabug: 36897696] {CVE-2024-42115}
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" (Greg Kurz)
- orangefs: fix out-of-bounds fsid access (Mike Marshall) [Orabug: 36897837] {CVE-2024-42143}
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (Michael Ellerman)
- i2c: i801: Annotate apanel_addr as __ro_after_init (Heiner Kallweit)
- media: dvb-frontends: tda10048: Fix integer overflow (Ricardo Ribalda) [Orabug: 36897976] {CVE-2024-42223}
- media: s2255: Use refcount_t instead of atomic_t for num_channels (Ricardo Ribalda)
- media: dvb-frontends: tda18271c2dd: Remove casting during div (Ricardo Ribalda)
- net: dsa: mv88e6xxx: Correct check for empty list (Simon Horman) [Orabug: 36897982] {CVE-2024-42224}
- Input: ff-core - prefer struct_size over open coded arithmetic (Erick Archer)
- firmware: dmi: Stop decoding on broken entry (Jean Delvare)
- sctp: prefer struct_size over open coded arithmetic (Erick Archer)
- media: dw2102: Don't translate i2c read into write (Michael Bunk)
- drm/amd/display: Skip finding free audio for unknown engine_id (Alex Hung) [Orabug: 36897726] {CVE-2024-42119}
- drm/amdgpu: Initialize timestamp for some legacy SOCs (Ma Jun)
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini) [Orabug: 36897761] {CVE-2024-42124}
- IB/core: Implement a limit on UMAD receive List (Michael Guralnik) [Orabug: 36897847] {CVE-2024-42145}
- media: dvb-usb: dib0700_devices: Add missing release_firmware() (Ricardo Ribalda)
- media: dvb: as102-fe: Fix as10x_register_addr packing (Ricardo Ribalda)
- drm/lima: fix shared irq handling on driver remove (Erico Nunes) [Orabug: 36897779] {CVE-2024-42127}
- LTS tag: v5.4.279 (Alok Tiwari)
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (Alex Bee)
- ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node (Johan Jonker)
- tcp: Fix data races around icsk->icsk_af_ops. (Kuniyuki Iwashima) [Orabug: 34719866] {CVE-2022-3566}
- ipv6: Fix data races around sk->sk_prot. (Kuniyuki Iwashima) [Orabug: 34719906] {CVE-2022-3567}
- ipv6: annotate some data-races around sk->sk_prot (Eric Dumazet)
- nfs: Leave pages in the pagecache if readpage failed (Matthew Wilcox (Oracle))
- pwm: stm32: Refuse too small period requests (Uwe Kleine-König)
- mtd: spinand: macronix: Add support for serial NAND flash (Jaime Liao)
- ftruncate: pass a signed offset (Arnd Bergmann) [Orabug: 36897558] {CVE-2024-42084}
- ata: libata-core: Fix double free on error (Niklas Cassel) [Orabug: 36897374] {CVE-2024-41087}
- batman-adv: Don't accept TT entries for out-of-spec VIDs (Sven Eckelmann)
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke) [Orabug: 36897380] {CVE-2024-41089}
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke) [Orabug: 36897444] {CVE-2024-41095}
- hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann)
- csky, hexagon: fix broken sys_sync_file_range (Arnd Bergmann)
- net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (Oleksij Rempel)
- net: can: j1939: recover socket queue on CAN bus error during BAM transmission (Oleksij Rempel)
- net: can: j1939: Initialize unused data in j1939_send_one() (Shigeru Yoshida) [Orabug: 36897516] {CVE-2024-42076}
- tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois)
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich) [Orabug: 36897451] {CVE-2024-41097}
- usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter)
- usb: gadget: printer: SS+ support (Oliver Neukum)
- net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez)
- iio: chemical: bme680: Fix sensor data read operation (Vasileios Amoiridis)
- iio: chemical: bme680: Fix overflows in compensate() functions (Vasileios Amoiridis) [Orabug: 36897566] {CVE-2024-42086}
- iio: chemical: bme680: Fix calibration data variable (Vasileios Amoiridis)
- iio: chemical: bme680: Fix pressure value output (Vasileios Amoiridis)
- iio: adc: ad7266: Fix variable checking bug (Fernando Yang)
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (Adrian Hunter)
- mmc: sdhci: Do not invert write-protect twice (Adrian Hunter)
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- x86: stop playing stack games in profile_pc() (Linus Torvalds) [Orabug: 36897616] {CVE-2024-42096}
- gpio: davinci: Validate the obtained number of IRQs (Aleksandr Mishin) [Orabug: 36897599] {CVE-2024-42092}
- nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke)
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis)
- media: dvbdev: Initialize sbuf (Ricardo Ribalda)
- ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen) [Orabug: 36897624] {CVE-2024-42097}
- net/dpaa2: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897602] {CVE-2024-42093}
- net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897608] {CVE-2024-42094}
- mtd: partitions: redboot: Added conversion of operands to a larger type (Denis Arefev)
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (Laurent Pinchart) [Orabug: 36897570] {CVE-2024-42087}
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso) [Orabug: 36897500] {CVE-2024-42070}
- parisc: use correct compat recv/recvfrom syscalls (Arnd Bergmann)
- sparc: fix old compat_sys_select() (Arnd Bergmann)
- net: phy: micrel: add Microchip KSZ 9477 to the device table (Enguerrand de Ribaucourt)
- net: phy: mchp: Add support for LAN8814 QUAD PHY (Divya Koppera)
- net: dsa: microchip: fix initial port flush problem (Tristram Ha)
- ASoC: fsl-asoc-card: set priv->pdev before using it (Elinor Montmasson) [Orabug: 36897578] {CVE-2024-42089}
- netfilter: nf_tables: validate family when identifying table via handle (Pablo Neira Ayuso)
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835992] {CVE-2024-40987}
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao)
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao)
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao)
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan) [Orabug: 36897586] {CVE-2024-42090}
- iio: dac: ad5592r: fix temperature channel scaling value (Marc Ferland)
- iio: dac: ad5592r: un-indent code-block for scale read (Alexandru Ardelean)
- iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock (Sergiu Cuciurean)
- x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam)
- PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu)
- perf/core: Fix missing wakeup when waiting for context reference (Haifeng Xu)
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (Jeff Johnson)
- arm64: dts: qcom: qcs404: fix bluetooth device address (Johan Hovold)
- ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski)
- ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski)
- ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski)
- i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi)
- gcov: add support for GCC 14 (Peter Oberparleiter)
- drm/radeon: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835997] {CVE-2024-40988}
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (Raju Rangoju)
- dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin)
- regulator: core: Fix modpost error "regulator_get_regmap" undefined (Biju Das)
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum)
- netfilter: ipset: Fix suspicious rcu_dereference_protected() (Jozsef Kadlecsik) [Orabug: 36838634] {CVE-2024-40993}
- virtio_net: checksum offloading handling fix (Heng Qi)
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (David Ruth) [Orabug: 36836019] {CVE-2024-40995}
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (Pedro Tammela)
- netns: Make get_net_ns() handle zero refcount net (Yue Haibing) [Orabug: 36835849] {CVE-2024-40958}
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet) [Orabug: 36835852] {CVE-2024-40959}
- ipv6: prevent possible NULL dereference in rt6_probe() (Eric Dumazet) [Orabug: 36835857] {CVE-2024-40960}
- ipv6: prevent possible NULL deref in fib6_nh_init() (Eric Dumazet) [Orabug: 36835862] {CVE-2024-40961}
- netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia) [Orabug: 36836086] {CVE-2024-41006}
- cipso: fix total option length computation (Ondrej Mosnacek)
- mips: bmips: BCM6358: make sure CBR is correctly set (Christian Marangi) [Orabug: 36835870] {CVE-2024-40963}
- MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Järvinen)
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (Mario Limonciello)
- udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov)
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie)
- powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman)
- powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch) [Orabug: 36835926] {CVE-2024-40974}
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (Uri Arev)
- scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar) [Orabug: 36835947] {CVE-2024-40978}
- drop_monitor: replace spin_lock by raw_spin_lock (Wander Lairson Costa) [Orabug: 36835960] {CVE-2024-40980}
- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet) [Orabug: 36835966] {CVE-2024-40981}
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (Alessandro Carminati (Red Hat))
- rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney)
- i2c: at91: Fix the functionality flags of the slave-only interface (Jean Delvare)
- usb-storage: alauda: Check whether the media is initialized (Shichao Lai) [Orabug: 36753734] {CVE-2024-38619}
- greybus: Fix use-after-free bug in gb_interface_release due to race condition. (Sicong Huang) [Orabug: 36835564] {CVE-2024-39495}
- netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [Orabug: 35814445] {CVE-2023-4881} {CVE-2023-52628}
- hugetlb_encode.h: fix undefined behaviour (34 d_flags instead of re-reading (linke li)
- filelock: fix potential use-after-free in posix_lock_inode (Jeff Layton) [Orabug: 36896875] {CVE-2024-41049}
- nilfs2: fix incorrect inode allocation from reserved inodes (Ryusuke Konishi)
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (Damien Le Moal)
- nfc/nci: Add the inconsistency check between the input data length and count (Edward Adam Davis) [Orabug: 36897796] {CVE-2024-42130}
- kbuild: fix short log for AS in link-vmlinux.sh (Masahiro Yamada)
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (Sagi Grimberg) [Orabug: 36897901] {CVE-2024-42152}
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (hmtheboy154)
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet (hmtheboy154)
- regmap-i2c: Subtract reg size from max_write (Jim Wylder)
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (Kundan Kumar)
- dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails (Fedor Pchelkin)
- nvme-multipath: find NUMA path only for online numa-node (Nilay Shroff)
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (Jian-Hong Pan)
- fs/ntfs3: Mark volume as dirty if xattr is broken (Konstantin Komarov)
- i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (Piotr Wojtaszczyk) [Orabug: 36897908] {CVE-2024-42153}
- clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (Luca Weiss)
- media: dw2102: fix a potential buffer overflow (Mauro Carvalho Chehab)
- ima: Avoid blocking in RCU read-side critical section (GUO Zihua) [Orabug: 36835827] {CVE-2024-40947}
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds (Ghadi Elie Rahme) [Orabug: 36897884] {CVE-2024-42148}
- mtd: rawnand: rockchip: ensure NVDDR timings are rejected (Val Packett)
- mtd: rawnand: Bypass a couple of sanity checks during NAND identification (Miquel Raynal)
- mtd: rawnand: Ensure ECC configuration is propagated to upper layers (Miquel Raynal)
- drm/amdgpu/atomfirmware: silence UBSAN warning (Alex Deucher)
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (Ma Ke) [Orabug: 36897639] {CVE-2024-42101}
- fsnotify: Do not generate events for O_PATH file descriptors (Jan Kara)
- can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (Jimmy Assarsson)
- Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (Zijun Hu) [Orabug: 36897825] {CVE-2024-42137}
- btrfs: fix adding block group to a reclaim list and the unused list during reclaim (Naohiro Aota) [Orabug: 36934739] {CVE-2024-42103}
- mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897802] {CVE-2024-42131}
- mm: optimize the redundant loop of mm_update_owner_next() (Jinliang Zheng)
- nilfs2: add missing check for inode numbers on directory entries (Ryusuke Konishi) [Orabug: 36897651] {CVE-2024-42104}
- nilfs2: fix inode number range checks (Ryusuke Konishi) [Orabug: 36897657] {CVE-2024-42105}
- Revert "igc: fix a log entry using uninitialized netdev" (Sasha Neftin)
- gpiolib: of: add polarity quirk for TSC2005 (Dmitry Torokhov)
- gpiolib: of: add a quirk for reset line polarity for Himax LCDs (Dmitry Torokhov)
- gpiolib: of: factor out code overriding gpio line polarity (Dmitry Torokhov)
- inet_diag: Initialize pad field in struct inet_diag_req_v2 (Shigeru Yoshida) [Orabug: 36897665] {CVE-2024-42106}
- selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang)
- selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang)
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Sam Sun) [Orabug: 36825247] {CVE-2024-39487}
- netfilter: nf_tables: unconditionally flush pending work before notifier (Florian Westphal) [Orabug: 36897676] {CVE-2024-42109}
- riscv: kexec: Avoid deadlock in kexec crash path (Song Shuai) [Orabug: 36897831] {CVE-2024-42140}
- wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko)
- net: allow skb_datagram_iter to be called from any context (Sagi Grimberg)
- e1000e: Fix S0ix residency on corporate systems (Dima Ruinskiy)
- KVM: s390: fix LPSWEY handling (Christian Borntraeger)
- tcp_metrics: validate source addr length (Jakub Kicinski) [Orabug: 36897914] {CVE-2024-42154}
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (Neal Cardwell)
- tools/power turbostat: Remember global max_die_id (Len Brown)
- s390/pkey: Wipe sensitive data on failure (Holger Dengler) [Orabug: 36897933] {CVE-2024-42157}
- jffs2: Fix potential illegal address access in jffs2_free_inode (Wang Yong) [Orabug: 36897693] {CVE-2024-42115}
- bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (Jose E. Marchesi) [Orabug: 36897964] {CVE-2024-42161}
- igc: fix a log entry using uninitialized netdev (Corinna Vinschen) [Orabug: 36897705] {CVE-2024-42116}
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" (Greg Kurz)
- kunit: Fix timeout message (Mickaël Salaün)
- orangefs: fix out-of-bounds fsid access (Mike Marshall) [Orabug: 36897836] {CVE-2024-42143}
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (Michael Ellerman)
- i2c: i801: Annotate apanel_addr as __ro_after_init (Heiner Kallweit)
- media: dvb-frontends: tda10048: Fix integer overflow (Ricardo Ribalda) [Orabug: 36897975] {CVE-2024-42223}
- media: s2255: Use refcount_t instead of atomic_t for num_channels (Ricardo Ribalda)
- media: dvb-frontends: tda18271c2dd: Remove casting during div (Ricardo Ribalda)
- net: dsa: mv88e6xxx: Correct check for empty list (Simon Horman) [Orabug: 36897981] {CVE-2024-42224}
- wifi: mt76: replace skb_put with skb_put_zero (Felix Fietkau) [Orabug: 36897988] {CVE-2024-42225}
- Input: ff-core - prefer struct_size over open coded arithmetic (Erick Archer)
- firmware: dmi: Stop decoding on broken entry (Jean Delvare)
- sctp: prefer struct_size over open coded arithmetic (Erick Archer)
- media: dw2102: Don't translate i2c read into write (Michael Bunk)
- drm/amd/display: Skip finding free audio for unknown engine_id (Alex Hung) [Orabug: 36897725] {CVE-2024-42119}
- drm/amd/display: Check pipe offset before setting vblank (Alex Hung) [Orabug: 36897731] {CVE-2024-42120}
- drm/amd/display: Check index msg_id before read or write (Alex Hung) [Orabug: 36897738] {CVE-2024-42121}
- drm/amdgpu: Initialize timestamp for some legacy SOCs (Ma Jun)
- crypto: aead,cipher - zeroize key buffer after use (Hailey Mothershead) [Orabug: 36898013] {CVE-2024-42229}
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini) [Orabug: 36897759] {CVE-2024-42124}
- IB/core: Implement a limit on UMAD receive List (Michael Guralnik) [Orabug: 36897846] {CVE-2024-42145}
- media: dvb-usb: dib0700_devices: Add missing release_firmware() (Ricardo Ribalda)
- media: dvb: as102-fe: Fix as10x_register_addr packing (Ricardo Ribalda)
- drm/lima: fix shared irq handling on driver remove (Erico Nunes) [Orabug: 36897778] {CVE-2024-42127}
- locking/mutex: Introduce devm_mutex_init() (George Stark)
- Compiler Attributes: Add __uninitialized macro (Heiko Carstens)
- LTS version: v5.15.162 (Vijayendra Suman)
- serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (Udit Kumar)
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (Alex Bee)
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (FUKAUMI Naoki)
- ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node (Johan Jonker)
- KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption (Marc Zyngier)
- efi/x86: Free EFI memory map only when installing a new one. (Ard Biesheuvel)
- efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures (Ard Biesheuvel)
- efi: memmap: Move manipulation routines into x86 arch tree (Ard Biesheuvel)
- efi: Correct comment on efi_memmap_alloc (Liu Zixian)
- drivers: fix typo in firmware/efi/memmap.c (Zheng Zhi Yuan)
- tcp: Fix data races around icsk->icsk_af_ops. (Kuniyuki Iwashima) [Orabug: 34719865] {CVE-2022-3566}
- ipv6: Fix data races around sk->sk_prot. (Kuniyuki Iwashima) [Orabug: 34719905] {CVE-2022-3567}
- ipv6: annotate some data-races around sk->sk_prot (Eric Dumazet)
- nfs: Leave pages in the pagecache if readpage failed (Matthew Wilcox (Oracle))
- pwm: stm32: Refuse too small period requests (Uwe Kleine-König)
- syscalls: fix sys_fanotify_mark prototype (Arnd Bergmann)
- syscalls: fix compat_sys_io_pgetevents_time64 usage (Arnd Bergmann)
- ftruncate: pass a signed offset (Arnd Bergmann) [Orabug: 36897557] {CVE-2024-42084}
- ata: libata-core: Fix double free on error (Niklas Cassel) [Orabug: 36897373] {CVE-2024-41087}
- ata: ahci: Clean up sysfs file on error (Niklas Cassel)
- batman-adv: Don't accept TT entries for out-of-spec VIDs (Sven Eckelmann)
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke) [Orabug: 36897379] {CVE-2024-41089}
- drm/i915/gt: Fix potential UAF by revoke of fence registers (Janusz Krzysztofik) [Orabug: 36897385] {CVE-2024-41092}
- drm/amdgpu: avoid using null object of framebuffer (Julia Zhang) [Orabug: 36897435] {CVE-2024-41093}
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke) [Orabug: 36897442] {CVE-2024-41095}
- hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann)
- csky, hexagon: fix broken sys_sync_file_range (Arnd Bergmann)
- sh: rework sync_file_range ABI (Arnd Bergmann)
- kbuild: Install dtb files as 0644 in Makefile.dtbinst (Dragan Simic)
- cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() (Yuntao Wang)
- net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (Oleksij Rempel)
- net: can: j1939: recover socket queue on CAN bus error during BAM transmission (Oleksij Rempel)
- net: can: j1939: Initialize unused data in j1939_send_one() (Shigeru Yoshida) [Orabug: 36897515] {CVE-2024-42076}
- tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois)
- serial: 8250_omap: Implementation of Errata i2310 (Udit Kumar) [Orabug: 36897613] {CVE-2024-42095}
- usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (Meng Li) [Orabug: 36897563] {CVE-2024-42085}
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich) [Orabug: 36897450] {CVE-2024-41097}
- usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter)
- usb: gadget: printer: fix races against disable (Oliver Neukum)
- usb: gadget: printer: SS+ support (Oliver Neukum)
- net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez)
- iio: chemical: bme680: Fix sensor data read operation (Vasileios Amoiridis)
- iio: chemical: bme680: Fix overflows in compensate() functions (Vasileios Amoiridis) [Orabug: 36897565] {CVE-2024-42086}
- iio: chemical: bme680: Fix calibration data variable (Vasileios Amoiridis)
- iio: chemical: bme680: Fix pressure value output (Vasileios Amoiridis)
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (Alexander Sverdlin)
- iio: adc: ad7266: Fix variable checking bug (Fernando Yang)
- i2c: testunit: discard write requests while old command is running (Wolfram Sang)
- i2c: testunit: don't erase registers after STOP (Wolfram Sang)
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (Adrian Hunter)
- mmc: sdhci: Do not invert write-protect twice (Adrian Hunter)
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- ocfs2: fix DIO failure due to insufficient transaction credits (Jan Kara) [Orabug: 36897528] {CVE-2024-42077}
- parisc: use generic sys_fanotify_mark implementation (Arnd Bergmann)
- x86: stop playing stack games in profile_pc() (Linus Torvalds) [Orabug: 36897615] {CVE-2024-42096}
- gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (Kent Gibson)
- gpio: davinci: Validate the obtained number of IRQs (Aleksandr Mishin) [Orabug: 36897598] {CVE-2024-42092}
- drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (Liu Ying)
- nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke)
- drm/radeon/radeon_display: Decrease the size of allocated memory (Erick Archer)
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis)
- media: dvbdev: Initialize sbuf (Ricardo Ribalda)
- ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen) [Orabug: 36897623] {CVE-2024-42097}
- crypto: ecdh - explicitly zeroize private_key (Joachim Vandersmissen) [Orabug: 36897630] {CVE-2024-42098}
- net/dpaa2: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897601] {CVE-2024-42093}
- net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897607] {CVE-2024-42094}
- RDMA/restrack: Fix potential invalid address access (Wenchao Hao) [Orabug: 36897540] {CVE-2024-42080}
- bpf: Add a check for struct bpf_fib_lookup size (Anton Protopopov)
- mtd: partitions: redboot: Added conversion of operands to a larger type (Denis Arefev)
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (Uros Bizjak)
- vduse: Temporarily fail if control queue feature requested (Maxime Coquelin)
- vduse: validate block features only with block devices (Maxime Coquelin)
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (Laurent Pinchart) [Orabug: 36897569] {CVE-2024-42087}
- bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() (Christophe Leroy) [Orabug: 36897491] {CVE-2024-42068}
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso) [Orabug: 36897499] {CVE-2024-42070}
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (Neal Cardwell)
- parisc: use correct compat recv/recvfrom syscalls (Arnd Bergmann)
- sparc: fix compat recv/recvfrom syscalls (Arnd Bergmann)
- sparc: fix old compat_sys_select() (Arnd Bergmann)
- Fix race for duplicate reqsk on identical SYN (luoxuanqiang)
- xdp: Remove WARN() from __xdp_reg_mem_model() (Daniil Dulov) [Orabug: 36897553] {CVE-2024-42082}
- net: phy: micrel: add Microchip KSZ 9477 to the device table (Enguerrand de Ribaucourt)
- ibmvnic: Free any outstanding tx skbs during scrq reset (Nick Child)
- net: dsa: microchip: fix initial port flush problem (Tristram Ha)
- ASoC: fsl-asoc-card: set priv->pdev before using it (Elinor Montmasson) [Orabug: 36897577] {CVE-2024-42089}
- net: stmmac: Assign configured channel value to EXTTS event (Oleksij Rempel)
- net: mdio: add helpers to extract clause 45 regad and devad fields (Russell King (Oracle))
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835991] {CVE-2024-40987}
- cifs: fix typo in module parameter enable_gcm_256 (Steve French)
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao)
- pinctrl: rockchip: use dedicated pinctrl type for RK3328 (Huang-Huang Bao)
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao)
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao)
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan) [Orabug: 36897585] {CVE-2024-42090}
- Input: ili210x - fix ili251x_read_touch_data() return value (John Keeping)
- gve: Clear napi->skb before dev_kfree_skb_any() (Ziwei Xiao) [Orabug: 36835798] {CVE-2024-40937}
- gve: Add RX context. (David Awogbemila)
- ACPI: x86: Force StorageD3Enable on more products (Mario Limonciello)
- ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable (Mario Limonciello)
- smb: client: fix deadlock in smb2_find_smb_tcon() (Enzo Matsumiya) [Orabug: 36774640] {CVE-2024-39468}
- x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam)
- PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu)
- perf/core: Fix missing wakeup when waiting for context reference (Haifeng Xu)
- riscv: fix overlap of allocated page and PTR_ERR (Nam Cao)
- riscv: mm: init: try best to use IS_ENABLED(CONFIG_64BIT) instead of #ifdef (Jisheng Zhang)
- kheaders: explicitly define file modes for archived headers (Matthias Maennich)
- Revert "kheaders: substituting --sort in archive creation" (Masahiro Yamada)
- drm/i915/gt: Disarm breadcrumbs if engines are already idle (Chris Wilson)
- drm/i915/gt: Only kick the signal worker if there's been an update (Chris Wilson)
- ksmbd: ignore trailing slashes in share paths (Nandor Kracser)
- x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL (Tony Luck)
- x86/cpu/vfm: Add new macros to work with (vendor/family/model) values (Tony Luck)
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (Jeff Johnson)
- bcache: fix variable length array abuse in btree_iter (Matthew Mirvish) [Orabug: 36809293] {CVE-2024-39482}
- pmdomain: ti-sci: Fix duplicate PD referrals (Tomi Valkeinen)
- wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power (Bitterblue Smith)
- rtlwifi: rtl8192de: Style clean-ups (Kees Cook)
- ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski)
- ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski)
- ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski)
- perf script: Show also errors for --insn-trace option (Adrian Hunter)
- perf: script: add raw|disasm arguments to --insn-trace option (Changbin Du)
- drm/amd/display: revert Exit idle optimizations before HDCP execution (Martin Leung)
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (Frank Li)
- dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema (Krzysztof Kozlowski)
- i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi)
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (Eric Dumazet)
- kcov: don't lose track of remote references during softirqs (Aleksandr Nogikh)
- gcov: add support for GCC 14 (Peter Oberparleiter)
- drm/radeon: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835996] {CVE-2024-40988}
- drm/i915/mso: using joiner is not possible with eDP MSO (Jani Nikula)
- ALSA: hda/realtek: Limit mic boost on N14AP7 (Edson Juliano Drosdeck)
- KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (Sean Christopherson)
- btrfs: retry block group reclaim without infinite loop (Boris Burkov)
- net: do not leave a dangling sk pointer, when socket creation fails (Ignat Korchagin)
- serial: stm32: rework RX over DMA (Erwan Le Ray)
- RDMA/mlx5: Add check for srq max_sge attribute (Patrisious Haddad) [Orabug: 36836003] {CVE-2024-40990}
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (Raju Rangoju)
- regulator: bd71815: fix ramp values (Kalle Niemi)
- dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin)
- dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() (Nikita Shubin)
- dmaengine: ioatdma: Fix error path in ioat3_dma_probe() (Nikita Shubin)
- dmaengine: ioat: use PCI core macros for PCIe Capability (Bjorn Helgaas)
- dmaengine: ioatdma: Fix leaking on version mismatch (Nikita Shubin)
- dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() (Bjorn Helgaas)
- dmaengine: ioat: switch from 'pci_' to 'dma_' API (Qing Wang)
- dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (Li RongQing) [Orabug: 36835844] {CVE-2024-40956}
- regulator: core: Fix modpost error "regulator_get_regmap" undefined (Biju Das)
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum)
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (Pavan Chebbi)
- seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (Jianguo Wu) [Orabug: 36835846] {CVE-2024-40957}
- netfilter: ipset: Fix suspicious rcu_dereference_protected() (Jozsef Kadlecsik) [Orabug: 36836326] {CVE-2024-40993}
- octeontx2-pf: Add error handling to VLAN unoffload handling (Simon Horman)
- virtio_net: checksum offloading handling fix (Heng Qi)
- net: stmmac: No need to calculate speed divider when offload is disabled (Xiaolei Wang)
- ptp: fix integer overflow in max_vclocks_store (Dan Carpenter) [Orabug: 36836016] {CVE-2024-40994}
- sched: act_ct: add netns into the key of tcf_ct_flow_table (Xin Long)
- net/sched: act_ct: set 'net' pointer when creating new nf_flow_table (Vlad Buslov)
- tipc: force a dst refcount before doing decryption (Xin Long) [Orabug: 36835980] {CVE-2024-40983}
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (David Ruth) [Orabug: 36836018] {CVE-2024-40995}
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (Pedro Tammela)
- qca_spi: Make interrupt remembering atomic (Stefan Wahren)
- netns: Make get_net_ns() handle zero refcount net (Yue Haibing) [Orabug: 36835848] {CVE-2024-40958}
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet) [Orabug: 36835851] {CVE-2024-40959}
- ipv6: prevent possible NULL dereference in rt6_probe() (Eric Dumazet) [Orabug: 36835856] {CVE-2024-40960}
- ipv6: prevent possible NULL deref in fib6_nh_init() (Eric Dumazet) [Orabug: 36835861] {CVE-2024-40961}
- netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia) [Orabug: 36836085] {CVE-2024-41006}
- cipso: fix total option length computation (Ondrej Mosnacek)
- tracing: Build event generation tests only as modules (Masami Hiramatsu (Google))
- mips: bmips: BCM6358: make sure CBR is correctly set (Christian Marangi) [Orabug: 36835869] {CVE-2024-40963}
- MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Järvinen)
- serial: exar: adding missing CTI and Exar PCI ids (Parker Newman)
- serial: imx: Introduce timeout when waiting on transmitter empty (Esben Haabendal) [Orabug: 36835886] {CVE-2024-40967}
- MIPS: Octeon: Add PCIe link status check (Songyang Li) [Orabug: 36835892] {CVE-2024-40968}
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (Mario Limonciello)
- udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov)
- Avoid hw_desc array overrun in dw-axi-dmac (Joao Pinto) [Orabug: 36835903] {CVE-2024-40970}
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie)
- f2fs: remove clear SB_INLINECRYPT flag in default_options (Yunlei He) [Orabug: 36835908] {CVE-2024-40971}
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (Aleksandr Aprelkov)
- power: supply: cros_usbpd: provide ID table for avoiding fallback match (Tzung-Bi Shih)
- powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman)
- powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch) [Orabug: 36835925] {CVE-2024-40974}
- drm/lima: mask irqs in timeout path before hard reset (Erico Nunes) [Orabug: 36835935] {CVE-2024-40976}
- drm/lima: add mask irq callback to gp and pp (Erico Nunes)
- drm/amd/display: Exit idle optimizations before HDCP execution (Nicholas Kazlauskas)
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (Uri Arev)
- ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (Takashi Iwai)
- HID: Add quirk for Logitech Casa touchpad (Sean O'Brien)
- netpoll: Fix race condition in netpoll_owner_active (Breno Leitao) [Orabug: 36836079] {CVE-2024-41005}
- kselftest: arm64: Add a null pointer check (Kunwu Chan)
- scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar) [Orabug: 36835946] {CVE-2024-40978}
- drop_monitor: replace spin_lock by raw_spin_lock (Wander Lairson Costa) [Orabug: 36835959] {CVE-2024-40980}
- af_packet: avoid a false positive warning in packet_setsockopt() (Eric Dumazet)
- wifi: ath9k: work around memset overflow warning (Arnd Bergmann)
- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet) [Orabug: 36835965] {CVE-2024-40981}
- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (Yonghong Song)
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (Alessandro Carminati (Red Hat))
- block/ioctl: prefer different overflow check (Justin Stitt) [Orabug: 36836043] {CVE-2024-41000}
- rcutorture: Fix invalid context warning when enable srcu barrier testing (Zqiang)
- rcutorture: Make stall-tasks directly exit when rcutorture tests end (Zqiang)
- rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney)
- crypto: hisilicon/sec - Fix memory leak for sec resource release (Chenghai Huang) [Orabug: 36836053] {CVE-2024-41002}
- padata: Disable BH when taking works lock on MT path (Herbert Xu)
- Bluetooth: qca: fix info leak when fetching board id (Johan Hovold) [Orabug: 36934735] {CVE-2024-36033}
- Bluetooth: qca: Fix error code in qca_read_fw_build_info() (Dan Carpenter)
- zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (Oleg Nesterov)
- i2c: designware: Fix the functionality flags of the slave-only interface (Jean Delvare)
- i2c: at91: Fix the functionality flags of the slave-only interface (Jean Delvare)
- usb-storage: alauda: Check whether the media is initialized (Shichao Lai) [Orabug: 36753733] {CVE-2024-38619}
- greybus: Fix use-after-free bug in gb_interface_release due to race condition. (Sicong Huang) [Orabug: 36835563] {CVE-2024-39495}
- kbuild: Remove support for Clang's ThinLTO caching (Nathan Chancellor)
- mptcp: pm: update add_addr counters after connect (YonglongLi)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (YonglongLi)
- hugetlb_encode.h: fix undefined behaviour (34 speed with the portTransmitRate from the tc-cbs parameters (Xiaolei Wang)
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (Gal Pressman)
- tcp: fix race in tcp_v6_syn_recv_sock() (Eric Dumazet)
- drm/bridge/panel: Fix runtime warning on panel bridge release (Adam Miotk)
- drm/komeda: check for error-valued pointer (Amjad Ouled-Ameur) [Orabug: 36835673] {CVE-2024-39505}
- liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (Aleksandr Mishin) [Orabug: 36835676] {CVE-2024-39506}
- net: hns3: add cond_resched() to hns3 ring buffer init process (Jie Wang)
- net: hns3: fix kernel crash problem in concurrent scenario (Yonglong Liu) [Orabug: 36835679] {CVE-2024-39507}
- net: sfp: Always call sfp_sm_mod_remove() on remove (Csókás, Bence)
- drm/vmwgfx: 3D disabled should not effect STDU memory limits (Ian Forbes)
- HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (José Expósito) [Orabug: 36835792] {CVE-2024-40934}
- iommu: Return right value in iommu_sva_bind_device() (Lu Baolu) [Orabug: 36835823] {CVE-2024-40945}
- iommu/amd: Fix sysfs leak in iommu init (Kun(llfl))
- iommu/amd: Introduce pci segment structure (Vasant Hegde)
- HID: core: remove unnecessary WARN_ON() in implement() (Nikita Zhandarovich) [Orabug: 36835688] {CVE-2024-39509}
- gpio: tqmx86: store IRQ trigger type and unmask status separately (Matthias Schiffer)
- gpio: tqmx86: fix typo in Kconfig label (Gregor Herburger)
- platform/x86: dell-smbios: Fix wrong token data in sysfs (Armin Wolf)
- platform/x86: dell-smbios-base: Use sysfs_emit() (ye xingchen)
- SUNRPC: return proper error from gss_wrap_req_priv (Chen Hanxiao)
- clk: sifive: Do not register clkdevs for PRCI clocks (Samuel Holland)
- Input: try trimming too long modalias strings (Dmitry Torokhov)
- powerpc/uaccess: Fix build errors seen with GCC 13/14 (Michael Ellerman)
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (Breno Leitao) [Orabug: 36835695] {CVE-2024-40901}
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host (Kuangyi Chiang)
- xhci: Handle TD clearing for multiple streams case (Hector Martin) [Orabug: 36835772] {CVE-2024-40927}
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host (Kuangyi Chiang)
- xhci: Set correct transferred length for cancelled bulk transfers (Mathias Nyman)
- jfs: xattr: fix buffer overflow for invalid xattr (Greg Kroah-Hartman) [Orabug: 36835700] {CVE-2024-40902}
- mei: me: release irq in mei_me_pci_resume error path (Tomas Winkler)
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (Kyle Tso)
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (Alan Stern) [Orabug: 36835708] {CVE-2024-40904}
- nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (Ryusuke Konishi) [Orabug: 36774645] {CVE-2024-39469}
- nilfs2: return the mapped address from nilfs_get_page() (Matthew Wilcox (Oracle))
- nilfs2: Remove check for PageError (Matthew Wilcox (Oracle))
- btrfs: fix leak of qgroup extent records after transaction abort (Filipe Manana)
- wifi: ath10k: fix QCOM_RPROC_COMMON dependency (Dmitry Baryshkov)
- selftests/mm: compaction_test: fix bogus test success on Aarch64 (Dev Jain)
- selftests/mm: conform test to TAP format output (Muhammad Usama Anjum)
- selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (Dev Jain)
- mm/cma: drop incorrect alignment check in cma_init_reserved_mem (Frank van der Linden)
- cma: factor out minimum alignment requirement (David Hildenbrand)
- i2c: acpi: Unbind mux adapters before delete (Hamish Martin) [Orabug: 36774617] {CVE-2024-39362}
- i2c: add fwnode APIs (Russell King (Oracle))
- mmc: davinci: Don't strip remove function when driver is builtin (Uwe Kleine-König) [Orabug: 36809300] {CVE-2024-39484}
- mmc: davinci_mmc: Convert to platform remove callback returning void (Yangtao Li)
- ftrace: Fix possible use-after-free issue in ftrace_location() (Zheng Yejian) [Orabug: 36753573] {CVE-2024-38588}
- x86/ibt,ftrace: Search for __fentry__ location (Peter Zijlstra)
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (Hugo Villeneuve)
- serial: sc16is7xx: replace hardcoded divisor value with BIT() macro (Hugo Villeneuve)
- Bluetooth: qca: fix info leak when fetching fw build id (Johan Hovold) [Orabug: 36683103] {CVE-2024-36032}
- Bluetooth: qca: add support for QCA2066 (Tim Jiang)
- Bluetooth: qca: use switch case for soc type behavior (Neil Armstrong)
- Bluetooth: btqca: Add WCN3988 support (Luca Weiss)
- Bluetooth: btqca: use le32_to_cpu for ver.soc_id (Min-Hua Chen)
- Bluetooth: hci_qca: mark OF related data as maybe unused (Krzysztof Kozlowski)
- skbuff: introduce skb_pull_data (Luiz Augusto von Dentz)
- misc/pvpanic-pci: register attributes via pci_driver (Thomas Weißschuh)
- misc/pvpanic: deduplicate common code (Thomas Weißschuh)
- pvpanic: Indentation fixes here and there (Andy Shevchenko)
- pvpanic: Keep single style across modules (Andy Shevchenko)
- drm/amd/display: Fix incorrect DSC instance for MST (Hersen Wu)
- drm/amd/display: drop unnecessary NULL checks in debugfs (Alexey Kodanev)
- drm/amd/display: Clean up some inconsistent indenting (Jiapeng Chong)
- drm/amd/display: Handle Y carry-over in VCP X.Y calculation (George Shen)
- iio: accel: mxc4005: Reset chip on probe() and resume() (Hans de Goede)
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (Wesley Cheng) [Orabug: 36683254] {CVE-2024-36894}
- usb: gadget: f_fs: use io_data->status consistently (John Keeping)
- ipv6: fix possible race in __fib6_drop_pcpu_from() (Eric Dumazet) [Orabug: 36835713] {CVE-2024-40905}
- af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). (Kuniyuki Iwashima)
- af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). (Kuniyuki Iwashima)
- af_unix: Use skb_queue_empty_lockless() in unix_release_sock(). (Kuniyuki Iwashima)
- af_unix: annotate lockless accesses to sk->sk_err (Eric Dumazet)
- af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). (Kuniyuki Iwashima)
- af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. (Kuniyuki Iwashima)
- af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. (Kuniyuki Iwashima)
- af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb(). (Kuniyuki Iwashima)
- af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). (Kuniyuki Iwashima)
- af_unix: Annotate data-race of sk->sk_state in unix_stream_connect(). (Kuniyuki Iwashima)
- af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). (Kuniyuki Iwashima)
- af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). (Kuniyuki Iwashima)
- af_unix: Annodate data-races around sk->sk_state for writers. (Kuniyuki Iwashima)
- af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. (Kuniyuki Iwashima)
- ptp: Fix error message on failed pin verification (Karol Kolacinski)
- net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (Eric Dumazet) [Orabug: 36748168] {CVE-2024-36974}
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (Jason Xing)
- net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Hangyu Hua) [Orabug: 36748175] {CVE-2024-36978}
- octeontx2-af: Always allocate PF entries from low prioriy zone (Subbaraya Sundeep)
- bpf: Set run context for rawtp test_run callback (Jiri Olsa) [Orabug: 36835722] {CVE-2024-40908}
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (Eric Dumazet)
- net/ncsi: Fix the multi thread manner of NCSI driver (DelphineCCChiu)
- net/ncsi: Simplify Kconfig/dts control flow (Peter Delevoryas)
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (Lingbo Kong)
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation (Emmanuel Grumbach) [Orabug: 36835807] {CVE-2024-40941}
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (Miri Korenblit) [Orabug: 36835779] {CVE-2024-40929}
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (Shahar S Matityahu)
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (Johannes Berg)
- wifi: cfg80211: pmsr: use correct nla_get_uX functions (Lin Ma)
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (Remi Pommarel) [Orabug: 36835729] {CVE-2024-40911}
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (Remi Pommarel) [Orabug: 36835734] {CVE-2024-40912}
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (Nicolas Escande) [Orabug: 36835811] {CVE-2024-40942}



ELSA-2024-12612 Important: Oracle Linux 8 Unbreakable Enterprise kernel-container security update


Oracle Linux Security Advisory ELSA-2024-12612

http://linux.oracle.com/errata/ELSA-2024-12612.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-container-5.4.17-2136.335.4.el8.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.335.4.el8.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-container-5.4.17-2136.335.4.el8.src.rpm

Related CVEs:

CVE-2024-40968
CVE-2024-41022
CVE-2024-36484
CVE-2024-41034
CVE-2024-41007
CVE-2023-52803
CVE-2024-42232
CVE-2024-41035
CVE-2024-42236
CVE-2024-41041
CVE-2024-41044
CVE-2024-41046
CVE-2024-41049
CVE-2024-42153
CVE-2024-42148
CVE-2024-42101
CVE-2024-42104
CVE-2024-42105
CVE-2024-42106
CVE-2024-39487
CVE-2024-42154
CVE-2024-42157
CVE-2024-42115
CVE-2024-42143
CVE-2024-42223
CVE-2024-42224
CVE-2024-42119
CVE-2024-42124
CVE-2024-42145
CVE-2024-42127
CVE-2022-3566
CVE-2022-3567
CVE-2024-42084
CVE-2024-41087
CVE-2024-41089
CVE-2024-41095
CVE-2024-42076
CVE-2024-41097
CVE-2024-42086
CVE-2024-42096
CVE-2024-42092
CVE-2024-42097
CVE-2024-42093
CVE-2024-42094
CVE-2024-42087
CVE-2024-42070
CVE-2024-42089
CVE-2024-40987
CVE-2024-42090
CVE-2024-40988
CVE-2024-40993
CVE-2024-40995
CVE-2024-40958
CVE-2024-40959
CVE-2024-40960
CVE-2024-40961
CVE-2024-41006
CVE-2024-40963
CVE-2024-40974
CVE-2024-40978
CVE-2024-40980
CVE-2024-40981
CVE-2024-38619
CVE-2024-39495
CVE-2023-4881
CVE-2023-52628
CVE-2024-37078
CVE-2024-40943
CVE-2024-39499
CVE-2024-40932
CVE-2024-39501
CVE-2024-39502
CVE-2024-39505
CVE-2024-39506
CVE-2024-40934
CVE-2024-40945
CVE-2024-39509
CVE-2024-40901
CVE-2024-40902
CVE-2024-40904
CVE-2024-39469
CVE-2024-36894
CVE-2024-40905
CVE-2024-36974
CVE-2024-36978
CVE-2024-40941
CVE-2024-40912
CVE-2024-40942

Description of changes:

[5.4.17-2136.335.4.el8]
- mm: memcg/slab: enable kmalloc-cg- caches for x86_64. (Imran Khan) [Orabug: 36951041]
- printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36456582]
- kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson)
- driver core: Fix uevent_show() vs driver detach race (Dan Williams)
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-König)
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno)

[5.4.17-2136.335.3.el8]
- MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36947196]

[5.4.17-2136.335.2.el8]
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (Dan Carpenter)
- net: relax socket state check at accept time. (Paolo Abeni)
- fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922241]
- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (Chuck Lever) [Orabug: 36908594]
- x86/cpu: Avoid cpuinfo-induced IPI pileups (Paul E. McKenney) [Orabug: 35773811]

[5.4.17-2136.335.1.el8]
- LTS tag: v5.4.280 (Alok Tiwari)
- i2c: rcar: bring hardware to known state when probing (Wolfram Sang)
- nilfs2: fix kernel bug on rename operation of broken directory (Ryusuke Konishi)
- tcp: avoid too many retransmit packets (Eric Dumazet)
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Eric Dumazet)
- net: tcp: fix unexcepted socket die when snd_wnd is 0 (Menglong Dong)
- tcp: refactor tcp_retransmit_timer() (Eric Dumazet)
- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (felix)
- libceph: fix race between delayed_work() and ceph_monc_stop() (Ilya Dryomov)
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (Edson Juliano Drosdeck)
- nvmem: meson-efuse: Fix return value of nvmem callbacks (Joy Chakraborty)
- hpet: Support 32-bit userspace (He Zhe)
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (Alan Stern)
- usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (Lee Jones)
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (WangYuli)
- USB: serial: option: add Rolling RW350-GL variants (Vanillan Wang)
- USB: serial: option: add Netprisma LCUK54 series modules (Mank Wang)
- USB: serial: option: add support for Foxconn T99W651 (Slark Xiao)
- USB: serial: option: add Fibocom FM350-GL (Bjørn Mork)
- USB: serial: option: add Telit FN912 rmnet compositions (Daniele Palmas)
- USB: serial: option: add Telit generic core-dump composition (Daniele Palmas)
- ARM: davinci: Convert comma to semicolon (Chen Ni)
- s390: Mark psw in __load_psw_mask() as __unitialized (Sven Schnelle)
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (Kuniyuki Iwashima)
- ppp: reject claimed-as-LCP but actually malformed packets (Dmitry Antipov)
- net: ethernet: lantiq_etop: fix double free in detach (Aleksander Jan Bajkowski)
- net: lantiq_etop: add blank line after declaration (Aleksander Jan Bajkowski)
- octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() (Aleksandr Mishin)
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (Neal Cardwell)
- tcp: add TCP_INFO status for failed client TFO (Jason Baron)
- vfs: don't mod negative dentry count when on shrinker list (Brian Foster)
- fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (linke li)
- filelock: fix potential use-after-free in posix_lock_inode (Jeff Layton)
- nilfs2: fix incorrect inode allocation from reserved inodes (Ryusuke Konishi)
- nvme-multipath: find NUMA path only for online numa-node (Nilay Shroff)
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (Jian-Hong Pan)
- i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (Piotr Wojtaszczyk)
- media: dw2102: fix a potential buffer overflow (Mauro Carvalho Chehab)
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds (Ghadi Elie Rahme)
- drm/amdgpu/atomfirmware: silence UBSAN warning (Alex Deucher)
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (Ma Ke)
- Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (Jan Kara)
- fsnotify: Do not generate events for O_PATH file descriptors (Jan Kara)
- can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (Jimmy Assarsson)
- mm: optimize the redundant loop of mm_update_owner_next() (Jinliang Zheng)
- nilfs2: add missing check for inode numbers on directory entries (Ryusuke Konishi)
- nilfs2: fix inode number range checks (Ryusuke Konishi)
- inet_diag: Initialize pad field in struct inet_diag_req_v2 (Shigeru Yoshida)
- selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang)
- selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang)
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Sam Sun)
- tcp_metrics: validate source addr length (Jakub Kicinski)
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (Neal Cardwell)
- net: tcp better handling of reordering then loss cases (Yuchung Cheng)
- tcp: add ece_ack flag to reno sack functions (Yousuk Seung)
- tcp: tcp_mark_head_lost is only valid for sack-tcp (zhang kai)
- s390/pkey: Wipe sensitive data on failure (Holger Dengler)
- jffs2: Fix potential illegal address access in jffs2_free_inode (Wang Yong)
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" (Greg Kurz)
- orangefs: fix out-of-bounds fsid access (Mike Marshall)
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (Michael Ellerman)
- i2c: i801: Annotate apanel_addr as __ro_after_init (Heiner Kallweit)
- media: dvb-frontends: tda10048: Fix integer overflow (Ricardo Ribalda)
- media: s2255: Use refcount_t instead of atomic_t for num_channels (Ricardo Ribalda)
- media: dvb-frontends: tda18271c2dd: Remove casting during div (Ricardo Ribalda)
- net: dsa: mv88e6xxx: Correct check for empty list (Simon Horman)
- Input: ff-core - prefer struct_size over open coded arithmetic (Erick Archer)
- firmware: dmi: Stop decoding on broken entry (Jean Delvare)
- sctp: prefer struct_size over open coded arithmetic (Erick Archer)
- media: dw2102: Don't translate i2c read into write (Michael Bunk)
- drm/amd/display: Skip finding free audio for unknown engine_id (Alex Hung)
- drm/amdgpu: Initialize timestamp for some legacy SOCs (Ma Jun)
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini)
- IB/core: Implement a limit on UMAD receive List (Michael Guralnik)
- media: dvb-usb: dib0700_devices: Add missing release_firmware() (Ricardo Ribalda)
- media: dvb: as102-fe: Fix as10x_register_addr packing (Ricardo Ribalda)
- drm/lima: fix shared irq handling on driver remove (Erico Nunes)
- LTS tag: v5.4.279 (Alok Tiwari)
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (Alex Bee)
- ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node (Johan Jonker)
- tcp: Fix data races around icsk->icsk_af_ops. (Kuniyuki Iwashima)
- ipv6: Fix data races around sk->sk_prot. (Kuniyuki Iwashima)
- ipv6: annotate some data-races around sk->sk_prot (Eric Dumazet)
- nfs: Leave pages in the pagecache if readpage failed (Matthew Wilcox (Oracle))
- pwm: stm32: Refuse too small period requests (Uwe Kleine-König)
- mtd: spinand: macronix: Add support for serial NAND flash (Jaime Liao)
- ftruncate: pass a signed offset (Arnd Bergmann)
- ata: libata-core: Fix double free on error (Niklas Cassel)
- batman-adv: Don't accept TT entries for out-of-spec VIDs (Sven Eckelmann)
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke)
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke)
- hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann)
- csky, hexagon: fix broken sys_sync_file_range (Arnd Bergmann)
- net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (Oleksij Rempel)
- net: can: j1939: recover socket queue on CAN bus error during BAM transmission (Oleksij Rempel)
- net: can: j1939: Initialize unused data in j1939_send_one() (Shigeru Yoshida)
- tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois)
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich)
- usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter)
- usb: gadget: printer: SS+ support (Oliver Neukum)
- net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez)
- iio: chemical: bme680: Fix sensor data read operation (Vasileios Amoiridis)
- iio: chemical: bme680: Fix overflows in compensate() functions (Vasileios Amoiridis)
- iio: chemical: bme680: Fix calibration data variable (Vasileios Amoiridis)
- iio: chemical: bme680: Fix pressure value output (Vasileios Amoiridis)
- iio: adc: ad7266: Fix variable checking bug (Fernando Yang)
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (Adrian Hunter)
- mmc: sdhci: Do not invert write-protect twice (Adrian Hunter)
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- x86: stop playing stack games in profile_pc() (Linus Torvalds)
- gpio: davinci: Validate the obtained number of IRQs (Aleksandr Mishin)
- nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke)
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis)
- media: dvbdev: Initialize sbuf (Ricardo Ribalda)
- ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen)
- net/dpaa2: Avoid explicit cpumask var allocation on stack (Dawei Li)
- net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li)
- mtd: partitions: redboot: Added conversion of operands to a larger type (Denis Arefev)
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (Laurent Pinchart)
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso)
- parisc: use correct compat recv/recvfrom syscalls (Arnd Bergmann)
- sparc: fix old compat_sys_select() (Arnd Bergmann)
- net: phy: micrel: add Microchip KSZ 9477 to the device table (Enguerrand de Ribaucourt)
- net: phy: mchp: Add support for LAN8814 QUAD PHY (Divya Koppera)
- net: dsa: microchip: fix initial port flush problem (Tristram Ha)
- ASoC: fsl-asoc-card: set priv->pdev before using it (Elinor Montmasson)
- netfilter: nf_tables: validate family when identifying table via handle (Pablo Neira Ayuso)
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher)
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao)
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao)
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao)
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan)
- iio: dac: ad5592r: fix temperature channel scaling value (Marc Ferland)
- iio: dac: ad5592r: un-indent code-block for scale read (Alexandru Ardelean)
- iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock (Sergiu Cuciurean)
- x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam)
- PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu)
- perf/core: Fix missing wakeup when waiting for context reference (Haifeng Xu)
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (Jeff Johnson)
- arm64: dts: qcom: qcs404: fix bluetooth device address (Johan Hovold)
- ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski)
- ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski)
- ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski)
- i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi)
- gcov: add support for GCC 14 (Peter Oberparleiter)
- drm/radeon: fix UBSAN warning in kv_dpm.c (Alex Deucher)
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (Raju Rangoju)
- dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin)
- regulator: core: Fix modpost error "regulator_get_regmap" undefined (Biju Das)
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum)
- netfilter: ipset: Fix suspicious rcu_dereference_protected() (Jozsef Kadlecsik)
- virtio_net: checksum offloading handling fix (Heng Qi)
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (David Ruth)
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (Pedro Tammela)
- netns: Make get_net_ns() handle zero refcount net (Yue Haibing)
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet)
- ipv6: prevent possible NULL dereference in rt6_probe() (Eric Dumazet)
- ipv6: prevent possible NULL deref in fib6_nh_init() (Eric Dumazet)
- netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia)
- cipso: fix total option length computation (Ondrej Mosnacek)
- mips: bmips: BCM6358: make sure CBR is correctly set (Christian Marangi)
- MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Järvinen)
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (Mario Limonciello)
- udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov)
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie)
- powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman)
- powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch)
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (Uri Arev)
- scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar)
- drop_monitor: replace spin_lock by raw_spin_lock (Wander Lairson Costa)
- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet)
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (Alessandro Carminati (Red Hat))
- rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney)
- i2c: at91: Fix the functionality flags of the slave-only interface (Jean Delvare)
- usb-storage: alauda: Check whether the media is initialized (Shichao Lai)
- greybus: Fix use-after-free bug in gb_interface_release due to race condition. (Sicong Huang)
- netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal)
- hugetlb_encode.h: fix undefined behaviour (34 icsk_af_ops. (Kuniyuki Iwashima) [Orabug: 34719866] {CVE-2022-3566}
- ipv6: Fix data races around sk->sk_prot. (Kuniyuki Iwashima) [Orabug: 34719906] {CVE-2022-3567}
- ipv6: annotate some data-races around sk->sk_prot (Eric Dumazet)
- nfs: Leave pages in the pagecache if readpage failed (Matthew Wilcox (Oracle))
- pwm: stm32: Refuse too small period requests (Uwe Kleine-König)
- mtd: spinand: macronix: Add support for serial NAND flash (Jaime Liao)
- ftruncate: pass a signed offset (Arnd Bergmann) [Orabug: 36897558] {CVE-2024-42084}
- ata: libata-core: Fix double free on error (Niklas Cassel) [Orabug: 36897374] {CVE-2024-41087}
- batman-adv: Don't accept TT entries for out-of-spec VIDs (Sven Eckelmann)
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke) [Orabug: 36897380] {CVE-2024-41089}
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke) [Orabug: 36897444] {CVE-2024-41095}
- hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann)
- csky, hexagon: fix broken sys_sync_file_range (Arnd Bergmann)
- net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (Oleksij Rempel)
- net: can: j1939: recover socket queue on CAN bus error during BAM transmission (Oleksij Rempel)
- net: can: j1939: Initialize unused data in j1939_send_one() (Shigeru Yoshida) [Orabug: 36897516] {CVE-2024-42076}
- tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois)
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich) [Orabug: 36897451] {CVE-2024-41097}
- usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter)
- usb: gadget: printer: SS+ support (Oliver Neukum)
- net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez)
- iio: chemical: bme680: Fix sensor data read operation (Vasileios Amoiridis)
- iio: chemical: bme680: Fix overflows in compensate() functions (Vasileios Amoiridis) [Orabug: 36897566] {CVE-2024-42086}
- iio: chemical: bme680: Fix calibration data variable (Vasileios Amoiridis)
- iio: chemical: bme680: Fix pressure value output (Vasileios Amoiridis)
- iio: adc: ad7266: Fix variable checking bug (Fernando Yang)
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (Adrian Hunter)
- mmc: sdhci: Do not invert write-protect twice (Adrian Hunter)
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- x86: stop playing stack games in profile_pc() (Linus Torvalds) [Orabug: 36897616] {CVE-2024-42096}
- gpio: davinci: Validate the obtained number of IRQs (Aleksandr Mishin) [Orabug: 36897599] {CVE-2024-42092}
- nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke)
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis)
- media: dvbdev: Initialize sbuf (Ricardo Ribalda)
- ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen) [Orabug: 36897624] {CVE-2024-42097}
- net/dpaa2: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897602] {CVE-2024-42093}
- net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897608] {CVE-2024-42094}
- mtd: partitions: redboot: Added conversion of operands to a larger type (Denis Arefev)
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (Laurent Pinchart) [Orabug: 36897570] {CVE-2024-42087}
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso) [Orabug: 36897500] {CVE-2024-42070}
- parisc: use correct compat recv/recvfrom syscalls (Arnd Bergmann)
- sparc: fix old compat_sys_select() (Arnd Bergmann)
- net: phy: micrel: add Microchip KSZ 9477 to the device table (Enguerrand de Ribaucourt)
- net: phy: mchp: Add support for LAN8814 QUAD PHY (Divya Koppera)
- net: dsa: microchip: fix initial port flush problem (Tristram Ha)
- ASoC: fsl-asoc-card: set priv->pdev before using it (Elinor Montmasson) [Orabug: 36897578] {CVE-2024-42089}
- netfilter: nf_tables: validate family when identifying table via handle (Pablo Neira Ayuso)
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835992] {CVE-2024-40987}
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao)
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao)
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao)
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan) [Orabug: 36897586] {CVE-2024-42090}
- iio: dac: ad5592r: fix temperature channel scaling value (Marc Ferland)
- iio: dac: ad5592r: un-indent code-block for scale read (Alexandru Ardelean)
- iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock (Sergiu Cuciurean)
- x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam)
- PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu)
- perf/core: Fix missing wakeup when waiting for context reference (Haifeng Xu)
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (Jeff Johnson)
- arm64: dts: qcom: qcs404: fix bluetooth device address (Johan Hovold)
- ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski)
- ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski)
- ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski)
- i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi)
- gcov: add support for GCC 14 (Peter Oberparleiter)
- drm/radeon: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835997] {CVE-2024-40988}
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (Raju Rangoju)
- dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin)
- regulator: core: Fix modpost error "regulator_get_regmap" undefined (Biju Das)
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum)
- netfilter: ipset: Fix suspicious rcu_dereference_protected() (Jozsef Kadlecsik) [Orabug: 36838634] {CVE-2024-40993}
- virtio_net: checksum offloading handling fix (Heng Qi)
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (David Ruth) [Orabug: 36836019] {CVE-2024-40995}
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (Pedro Tammela)
- netns: Make get_net_ns() handle zero refcount net (Yue Haibing) [Orabug: 36835849] {CVE-2024-40958}
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet) [Orabug: 36835852] {CVE-2024-40959}
- ipv6: prevent possible NULL dereference in rt6_probe() (Eric Dumazet) [Orabug: 36835857] {CVE-2024-40960}
- ipv6: prevent possible NULL deref in fib6_nh_init() (Eric Dumazet) [Orabug: 36835862] {CVE-2024-40961}
- netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia) [Orabug: 36836086] {CVE-2024-41006}
- cipso: fix total option length computation (Ondrej Mosnacek)
- mips: bmips: BCM6358: make sure CBR is correctly set (Christian Marangi) [Orabug: 36835870] {CVE-2024-40963}
- MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Järvinen)
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (Mario Limonciello)
- udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov)
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie)
- powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman)
- powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch) [Orabug: 36835926] {CVE-2024-40974}
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (Uri Arev)
- scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar) [Orabug: 36835947] {CVE-2024-40978}
- drop_monitor: replace spin_lock by raw_spin_lock (Wander Lairson Costa) [Orabug: 36835960] {CVE-2024-40980}
- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet) [Orabug: 36835966] {CVE-2024-40981}
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (Alessandro Carminati (Red Hat))
- rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney)
- i2c: at91: Fix the functionality flags of the slave-only interface (Jean Delvare)
- usb-storage: alauda: Check whether the media is initialized (Shichao Lai) [Orabug: 36753734] {CVE-2024-38619}
- greybus: Fix use-after-free bug in gb_interface_release due to race condition. (Sicong Huang) [Orabug: 36835564] {CVE-2024-39495}
- netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [Orabug: 35814445] {CVE-2023-4881} {CVE-2023-52628}
- hugetlb_encode.h: fix undefined behaviour (34