ELSA-2024-9654 Important: Oracle Linux 7 libsoup security update (aarch64)
ELBA-2024-12871 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update
ELSA-2024-12868 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELBA-2024-12871 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update
ELSA-2024-12868 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
ELBA-2024-12870 Oracle Linux 7 squid bug fix update (aarch64)
ELSA-2024-9654 Important: Oracle Linux 7 libsoup security update
ELBA-2024-12870 Oracle Linux 7 squid bug fix update
ELSA-2024-9654 Important: Oracle Linux 7 libsoup security update (aarch64)
Oracle Linux Security Advisory ELSA-2024-9654
http://linux.oracle.com/errata/ELSA-2024-9654.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
libsoup-2.62.2-2.0.1.el7.aarch64.rpm
libsoup-devel-2.62.2-2.0.1.el7.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//libsoup-2.62.2-2.0.1.el7.src.rpm
Related CVEs:
CVE-2024-52530
Description of changes:
[2.62.2-2.0.1]
- Fixed CVE-2024-52530 for smuggling nullbytes in header names [Orabug: 37289659]
ELBA-2024-12871 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update
Oracle Linux Bug Fix Advisory ELBA-2024-12871
http://linux.oracle.com/errata/ELBA-2024-12871.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2136.336.5.3.2.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.336.5.3.2.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.336.5.3.2.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.336.5.3.2.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.336.5.3.2.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.336.5.3.2.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.336.5.3.2.el8uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.336.5.3.2.el8uek.src.rpm
Description of changes:
[5.4.17-2136.336.5.3.2.el8uek]
- A/A Bonding: check port count during RDMA device addition (Arumugam Kolappan) [Orabug: 37361313]
- ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37361312]
- Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna) [Orabug: 37361312]
ELSA-2024-12868 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2024-12868
http://linux.oracle.com/errata/ELSA-2024-12868.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-4.14.35-2047.543.3.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2047.543.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2047.543.3.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2047.543.3.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2047.543.3.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2047.543.3.el7uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.543.3.el7uek.src.rpm
Related CVEs:
CVE-2019-15222
CVE-2021-33655
CVE-2021-3759
CVE-2023-31083
CVE-2024-36971
CVE-2024-42131
CVE-2024-42228
CVE-2024-42259
CVE-2024-42265
CVE-2024-42271
CVE-2024-42280
CVE-2024-42284
CVE-2024-42285
CVE-2024-42289
CVE-2024-42295
CVE-2024-42297
CVE-2024-42301
CVE-2024-42304
CVE-2024-42305
CVE-2024-42309
CVE-2024-42310
CVE-2024-42311
CVE-2024-42313
CVE-2024-43839
CVE-2024-43853
CVE-2024-43854
CVE-2024-43856
CVE-2024-43858
CVE-2024-43860
CVE-2024-43861
CVE-2024-43871
CVE-2024-43882
CVE-2024-43883
CVE-2024-43884
CVE-2024-43890
CVE-2024-43893
CVE-2024-43914
CVE-2024-44944
CVE-2024-44946
CVE-2024-44947
CVE-2024-44948
CVE-2024-44954
CVE-2024-44960
CVE-2024-44968
CVE-2024-44987
CVE-2024-44998
CVE-2024-44999
CVE-2024-45008
CVE-2024-45021
CVE-2024-45028
CVE-2024-46673
CVE-2024-46674
CVE-2024-46675
CVE-2024-46677
CVE-2024-46685
CVE-2024-46721
CVE-2024-46722
CVE-2024-46723
CVE-2024-46743
CVE-2024-46744
CVE-2024-46745
CVE-2024-46750
CVE-2024-46755
CVE-2024-46756
CVE-2024-46757
CVE-2024-46758
CVE-2024-46759
CVE-2024-46761
CVE-2024-46771
CVE-2024-46780
CVE-2024-46781
CVE-2024-46800
CVE-2024-46829
CVE-2024-46840
CVE-2024-46844
CVE-2024-47669
CVE-2024-47696
CVE-2024-47709
CVE-2024-49958
CVE-2024-50074
Description of changes:
[4.14.35-2047.543.3.el7uek]
- rds: Add rds stuck shutdown timeout (Rohit Nair) [Orabug: 37214079]
- gtp: allow -1 to be specified as file description from userspace (Pablo Neira Ayuso)
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (Takashi Iwai)
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). (Kuniyuki Iwashima)
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (Zhu Yanjun)
- parport: Proper fix for array out-of-bounds access (Takashi Iwai)
- net: usb: usbnet: fix name regression (Oliver Neukum)
- Revert "driver core: Fix uevent_show() vs driver detach race" (Greg Kroah-Hartman)
- pinctrl: single: fix missing error code in pcs_probe() (Yang Yingliang)
[4.14.35-2047.543.2.el7uek]
- igb: Do not free the irq resources if they are already freed by igb_close() (Yifei Liu) [Orabug: 37208307]
- ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199021] {CVE-2024-49958}
- Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna) [Orabug: 37199021]
- LTS version v4.14.355 (Yifei Liu)
- Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" (Greg Kroah-Hartman)
- netns: restore ops before calling ops_exit_list (Li RongQing)
- cx82310_eth: fix error return code in cx82310_bind() (Zhang Changzhong)
- rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116447] {CVE-2024-46829}
- locking/rtmutex: Handle non enqueued waiters gracefully in remove_waiter() (Peter Zijlstra)
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko)
- ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron)
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron)
- netns: add pre_exit method to struct pernet_operations (Eric Dumazet)
- net: Add comment about pernet_operations methods and synchronization (Kirill Tkhai)
- nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074678] {CVE-2024-46780}
- nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang)
- nilfs2: use time64_t internally (Arnd Bergmann)
- tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian)
- ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() (Steven Rostedt (VMware))
- uprobes: Use kzalloc to allocate xol area (Sven Schnelle)
- clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai)
- clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai)
- nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven)
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (Matteo Martelli)
- iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner)
- ata: pata_macio: Use WARN instead of BUG (Michael Ellerman)
- of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074490] {CVE-2024-46743}
- Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074496] {CVE-2024-46744}
- usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum)
- Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074504] {CVE-2024-46745}
- btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba)
- PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074533] {CVE-2024-46750}
- btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116495] {CVE-2024-46840}
- btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik)
- smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang)
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074562] {CVE-2024-46755}
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074567] {CVE-2024-46756}
- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074572] {CVE-2024-46757}
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074580] {CVE-2024-46758}
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074586] {CVE-2024-46759}
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074596] {CVE-2024-46761}
- devres: Initialize an uninitialized struct member (Zijun Hu)
- um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116519] {CVE-2024-46844}
- cgroup: Protect css->cgroup write under css_set_lock (Waiman Long)
- iommu/vt-d: Handle volatile descriptor status read (Jacob Pan)
- rfkill: fix spelling mistake contidion to condition (Richard Guy Briggs)
- usbnet: modern method to get random MAC (Oliver Neukum)
- net: usb: don't write directly to netdev->dev_addr (Jakub Kicinski)
- drivers/net/usb: Remove all strcpy() uses (Len Baker)
- cx82310_eth: re-enable ethernet mode after router reboot (Ondrej Zary)
- igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li)
- can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074626] {CVE-2024-46771}
- pcmcia: Use resource_size function on resource object (Jules Irenge)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni)
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel)
- af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima)
- irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali Rohár)
- smack: unix sockets: fix accept()ed socket label (Konstantin Andreev)
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai)
- nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159766] {CVE-2024-47669}
- nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074685] {CVE-2024-46781}
- fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn)
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko)
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg)
- sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074727] {CVE-2024-46800}
- ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (Hillf Danton) [Orabug: 30562949] {CVE-2019-15222}
- ALSA: usb-audio: Sanity checks for each pipe and EP types (Takashi Iwai)
- ALSA: usb-audio: add boot quirk for Axe-Fx III (Alberto Aguirre)
- udf: Limit file size to 4TB (Jan Kara)
- block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964517] {CVE-2024-43854}
- media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda)
- smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler)
- usbip: Don't submit special requests twice (Simon Holesch)
- apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073079] {CVE-2024-46721}
- drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073084] {CVE-2024-46722}
- drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073089] {CVE-2024-46723}
- drm/amdgpu: fix overflowed array index read warning (Tim Huang)
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun)
- usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski)
- usb: dwc3: st: Add of_node_put() before return in probe function (Nishka Dasgupta)
- net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian)
- LTS version v4.14.354 (Yifei Liu)
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (Daniel Vetter)
- ipc: remove memcg accounting for sops objects in do_semtimedop() (Vasily Averin)
- scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070701] {CVE-2024-46673}
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu)
- usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070706] {CVE-2024-46674}
- usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070711] {CVE-2024-46675}
- usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski)
- USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian)
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray)
- net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet)
- gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070723] {CVE-2024-46677}
- net: prevent mss overflow in skb_segment() (Eric Dumazet)
- ida: Fix crash in ida_free when the bitmap is empty (Matthew Wilcox (Oracle))
- net:rds: Fix possible deadlock in rds_message_put (Allison Henderson)
- fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) [Orabug: 34408909] {CVE-2021-33655}
- fbcon: Prevent that screen size is smaller than font size (Helge Deller) [Orabug: 34408909] {CVE-2021-33655}
- printk: Export is_console_locked (Hans de Goede)
- memcg: enable accounting of ipc resources (Vasily Averin) [Orabug: 34214321] {CVE-2021-3759}
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964511] {CVE-2024-43853}
- media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda)
- media: uvcvideo: Use ktime_t for timestamps (Arnd Bergmann)
- filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 (Long Li)
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal)
- dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka)
- wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer)
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070745] {CVE-2024-46685}
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898010] {CVE-2024-42228}
- Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029138] {CVE-2024-45008}
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 36654193] {CVE-2023-31083}
- mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten)
- HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke)
- Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992977] {CVE-2024-43884}
- mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070692] {CVE-2024-45028}
- net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson)
- ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029077] {CVE-2024-44987}
- netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior)
- kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013762] {CVE-2024-44946}
- Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz)
- Bluetooth: hci_core: Fix not handling link timeouts propertly (Luiz Augusto von Dentz)
- Bluetooth: Make use of __check_timeout on hci_sched_le (Luiz Augusto von Dentz)
- block: use "unsigned long" for blk_validate_block_size(). (Tetsuo Handa)
- gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029112] {CVE-2024-44999}
- hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang)
- nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg)
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li)
- irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang)
- usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati)
- s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev)
- openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde)
- NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown)
- Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz)
- usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-König)
- f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu)
- btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba)
- btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba)
- btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba)
- btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba)
- powerpc/boot: Only free if realloc() succeeds (Michael Ellerman)
- powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming)
- parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller)
- md: clean up invalid BUG_ON in md_ioctl (Li Nan)
- net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook)
- scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() (Justin Tee)
- fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov)
- media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil)
- quota: Remove BUG_ON from dqget() (Jan Kara)
- ext4: do not trim the group with corrupted block bitmap (Baokun Li)
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan)
- wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit)
- gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher)
- scsi: spi: Fix sshdr use (Mike Christie)
- binfmt_misc: cleanup on filesystem umount (Christian Brauner)
- staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye)
- wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson)
- ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb)
- atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029106] {CVE-2024-44998}
- btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin)
- overflow: Implement size_t saturating arithmetic helpers (Kees Cook)
- overflow.h: Add flex_array_size() helper (Gustavo A. R. Silva)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin)
- memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070673] {CVE-2024-45021}
- drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen)
- selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei)
- include/linux/bitmap.h: make bitmap_fill() and bitmap_zero() consistent (Andy Shevchenko)
- dm persistent data: fix memory allocation failure (Mikulas Patocka)
- dm resume: don't return EINVAL when signalled (Khazhismel Kumykov)
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan José Arboleda)
- fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017952] {CVE-2024-44947}
- LTS version v4.14.353 (Yifei Liu)
- net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36720418] {CVE-2024-36971}
- nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli)
- exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984018] {CVE-2024-43882}
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953970] {CVE-2024-42259}
- drm/i915: Try GGTT mmapping whole object as partial (Chris Wilson)
- netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso)
- kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor)
- drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann)
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach)
- drm/bridge: analogix_dp: Properly log AUX CH errors (Douglas Anderson)
- drm/bridge: analogix_dp: Reset aux channel if an error occurred (Lin Huang)
- drm/bridge: analogix_dp: Check AUX_EN status when doing AUX transfer (Lin Huang)
- x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028937] {CVE-2024-44948}
- tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992999] {CVE-2024-43890}
- power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede)
- power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede)
- serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993010] {CVE-2024-43893}
- ntp: Safeguard against time_constant overflow (Justin Stitt)
- ntp: Clamp maxerror and esterror to operating range (Justin Stitt)
- tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37242882] {CVE-2024-44968}
- scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela)
- usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028989] {CVE-2024-44960}
- USB: serial: debug: do not echo input by default (Marek Marczykowski-Górecki)
- usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992972] {CVE-2024-43883}
- ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028959] {CVE-2024-44954}
- spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren)
- spi: fsl-lpspi: remove unneeded array (Oleksandr Suvorov)
- spi: lpspi: add the error info of transfer speed setting (Clark Wang)
- spi: lpspi: Add i.MX8 boards support for lpspi (Clark Wang)
- spi: lpspi: Let watermark change with send data length (Clark Wang)
- spi: lpspi: Add slave mode support (Clark Wang)
- spi: lpspi: Replace all "master" with "controller" (Clark Wang)
- spi: lpspi: Switch to SPDX identifier (Fabio Estevam)
- i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck)
- i2c: smbus: Improve handling of stuck alerts (Guenter Roeck)
- i2c: smbus: Don't filter out duplicate alerts (Corey Minyard)
- ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi)
- SUNRPC: Fix a race to wake a sync task (Benjamin Coddington)
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi)
- media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio)
- media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda)
- btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana)
- wifi: nl80211: don't give key data to userspace (Johannes Berg)
- udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov)
- udf: Fix signed/unsigned format specifiers (Steve Magnani)
- PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori)
- clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Söderlund)
- md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993128] {CVE-2024-43914}
- net: fec: Stop PPS on driver remove (Csókás, Bence)
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov)
- net: linkwatch: use system_unbound_wq (Eric Dumazet)
- net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983960] {CVE-2024-43861}
- irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou)
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke)
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai)
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963809] {CVE-2024-42265}
- ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Żenczykowski)
- net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964007] {CVE-2024-42271}
- drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes)
- remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964539] {CVE-2024-43860}
- remoteproc: imx_rproc: Fix ignoring mapping vdev regions (Dong Aisheng)
- remoteproc: imx_rproc: ignore mapping vdev regions (Peng Fan)
- perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter)
- perf/x86/intel/pt: Split ToPA metadata and page layout (Alexander Shishkin)
- perf/x86/intel/pt: Use pointer arithmetics instead in ToPA entry calculation (Alexander Shishkin)
- perf/x86/intel/pt: Use helpers to obtain ToPA entry size (Alexander Shishkin)
- devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983992] {CVE-2024-43871}
- driver core: Cast to (void *) with __force for __percpu pointer (Andy Shevchenko)
- dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964224] {CVE-2024-42301}
- parport: Standardize use of printmode (Joe Perches)
to pr_( (Joe Perches)
- parport: parport_pc: Mark expected switch fall-through (Gustavo A. R. Silva)
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam)
- PCI: rockchip: Make 'ep-gpios' DT property optional (Chen-Yu Tsai)
- mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897804] {CVE-2024-42131}
- mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964033] {CVE-2024-42280}
- tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964048] {CVE-2024-42284}
- net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg)
- ipv4: Fix incorrect source address in Record Route option (Ido Schimmel)
- net: ip_rt_get_source() - use new style struct initializer instead of memset (Maciej Żenczykowski)
- MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT)
- dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964524] {CVE-2024-43856}
- jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964531] {CVE-2024-43858}
- kdb: address -Wformat-security warnings (Arnd Bergmann)
- kdb: Fix bound check compiler warning (Wenlin Kang)
- nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964204] {CVE-2024-42295}
- selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman)
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964055] {CVE-2024-42285}
- RDMA/iwcm: Remove a set-but-not-used variable (Bart Van Assche)
- platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang)
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner)
- perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati)
- scsi: qla2xxx: During vport delete send async logout explicitly (Manish Rangankar) [Orabug: 36964081] {CVE-2024-42289}
- decompress_bunzip2: fix rare decompression failure (Ross Lagerwall)
- ubi: eba: properly rollback inside self_check_eba (Fedor Pchelkin)
- f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964214] {CVE-2024-42297}
- f2fs: prevent newly created inode from being dirtied incorrectly (Daeho Jeong)
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (Saurav Kashyap)
- binder: fix hang of unregistered readers (Carlos Llamas)
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu)
- hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- wifi: mwifiex: Fix interface type change (Rafael Beims)
- ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964233] {CVE-2024-42304}
- ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964238] {CVE-2024-42305}
- m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati)
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964254] {CVE-2024-42309}
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964261] {CVE-2024-42310}
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964266] {CVE-2024-42311}
- media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964276] {CVE-2024-42313}
- ipv6: take care of scope when choosing the src addr (Nicolas Dichtel)
- af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du)
- net: netconsole: Disable target before netpoll cleanup (Breno Leitao)
- tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao)
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi)
- fs/nilfs2: remove some unused macros to tame gcc (Alex Shi)
- pinctrl: freescale: mxs: Fix refcount of child (Peng Fan)
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-König)
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013756] {CVE-2024-44944}
- bnxt_re: Fix imm_data endianness (Jack Wang)
- macintosh/therm_windtunnel: fix module unload. (Nick Bowler)
- powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman)
- Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov)
- mtd: make mtd_test.c a separate module (Arnd Bergmann)
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI)
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky)
- RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky)
- PCI: Fix resource double counting on remove & rescan (Ilpo Järvinen)
- PCI: Equalize hotplug memory and io for occupied and empty slots (Jon Derrick)
- sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson)
- ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara)
- drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach)
- perf report: Fix condition in sort__sym_cmp() (Namhyung Kim)
- media: renesas: vsp1: Store RPF partition configuration per RPF instance (Laurent Pinchart)
- media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart)
- media: v4l: vsp1: Store pipeline pointer in vsp1_entity (Laurent Pinchart)
- saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov)
- media: imon: Fix race getting ictx->lock (Ricardo Ribalda)
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964481] {CVE-2024-43839}
- perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter)
- perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter)
- net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csókás, Bence)
- net: fec: Refactor: #define magic constants (Csókás Bence)
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda)
- m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum)
- x86/xen: Convert comma to semicolon (Chen Ni)
- m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman)
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck)
- hwmon: (max6697) Auto-convert to use SENSOR_DEVICE_ATTR_{RO, RW, WO} (Guenter Roeck)
- hwmon: Introduce SENSOR_DEVICE_ATTR_{RO, RW, WO} and variants (Guenter Roeck)
- hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck)
- pwm: stm32: Always do lazy disabling (Uwe Kleine-König)
- hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung)
- x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Järvinen)
- x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Järvinen)
- x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Järvinen)
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih)
[4.14.35-2047.543.1.el7uek]
- A/A Bonding: check port count during RDMA device addition (Arumugam Kolappan) [Orabug: 37202761]
- net/mlx5: E-Switch, Increase supported number of forward destinations to 32 (Maor Dickman) [Orabug: 36817112]
- net/mlx5e: Parse mirroring action for offloaded TC eswitch flows (Chris Mi) [Orabug: 36817112]
ELBA-2024-12871 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update
Oracle Linux Bug Fix Advisory ELBA-2024-12871
http://linux.oracle.com/errata/ELBA-2024-12871.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2136.336.5.3.2.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.336.5.3.2.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.336.5.3.2.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.336.5.3.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.336.5.3.2.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.336.5.3.2.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.336.5.3.2.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.336.5.3.2.el7uek.x86_64.rpm
aarch64:
kernel-uek-5.4.17-2136.336.5.3.2.el7uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.336.5.3.2.el7uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.336.5.3.2.el7uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.336.5.3.2.el7uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.336.5.3.2.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.336.5.3.2.el7uek.aarch64.rpm
kernel-uek-tools-libs-5.4.17-2136.336.5.3.2.el7uek.aarch64.rpm
perf-5.4.17-2136.336.5.3.2.el7uek.aarch64.rpm
python-perf-5.4.17-2136.336.5.3.2.el7uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.336.5.3.2.el7uek.src.rpm
Description of changes:
[5.4.17-2136.336.5.3.2.el7uek]
- A/A Bonding: check port count during RDMA device addition (Arumugam Kolappan) [Orabug: 37361313]
- ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37361312]
- Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna) [Orabug: 37361312]
ELSA-2024-12868 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
Oracle Linux Security Advisory ELSA-2024-12868
http://linux.oracle.com/errata/ELSA-2024-12868.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
kernel-uek-4.14.35-2047.543.3.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-2047.543.3.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-2047.543.3.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-2047.543.3.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-2047.543.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-2047.543.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-2047.543.3.el7uek.aarch64.rpm
perf-4.14.35-2047.543.3.el7uek.aarch64.rpm
python-perf-4.14.35-2047.543.3.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-2047.543.3.el7uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.543.3.el7uek.src.rpm
Related CVEs:
CVE-2019-15222
CVE-2021-33655
CVE-2021-3759
CVE-2023-31083
CVE-2024-36971
CVE-2024-42131
CVE-2024-42228
CVE-2024-42259
CVE-2024-42265
CVE-2024-42271
CVE-2024-42280
CVE-2024-42284
CVE-2024-42285
CVE-2024-42289
CVE-2024-42295
CVE-2024-42297
CVE-2024-42301
CVE-2024-42304
CVE-2024-42305
CVE-2024-42309
CVE-2024-42310
CVE-2024-42311
CVE-2024-42313
CVE-2024-43839
CVE-2024-43853
CVE-2024-43854
CVE-2024-43856
CVE-2024-43858
CVE-2024-43860
CVE-2024-43861
CVE-2024-43871
CVE-2024-43882
CVE-2024-43883
CVE-2024-43884
CVE-2024-43890
CVE-2024-43893
CVE-2024-43914
CVE-2024-44944
CVE-2024-44946
CVE-2024-44947
CVE-2024-44948
CVE-2024-44954
CVE-2024-44960
CVE-2024-44968
CVE-2024-44987
CVE-2024-44998
CVE-2024-44999
CVE-2024-45008
CVE-2024-45021
CVE-2024-45028
CVE-2024-46673
CVE-2024-46674
CVE-2024-46675
CVE-2024-46677
CVE-2024-46685
CVE-2024-46721
CVE-2024-46722
CVE-2024-46723
CVE-2024-46743
CVE-2024-46744
CVE-2024-46745
CVE-2024-46750
CVE-2024-46755
CVE-2024-46756
CVE-2024-46757
CVE-2024-46758
CVE-2024-46759
CVE-2024-46761
CVE-2024-46771
CVE-2024-46780
CVE-2024-46781
CVE-2024-46800
CVE-2024-46829
CVE-2024-46840
CVE-2024-46844
CVE-2024-47669
CVE-2024-47696
CVE-2024-47709
CVE-2024-49958
CVE-2024-50074
Description of changes:
[4.14.35-2047.543.3.el7uek]
- rds: Add rds stuck shutdown timeout (Rohit Nair) [Orabug: 37214079]
- gtp: allow -1 to be specified as file description from userspace (Pablo Neira Ayuso)
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (Takashi Iwai)
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). (Kuniyuki Iwashima)
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (Zhu Yanjun)
- parport: Proper fix for array out-of-bounds access (Takashi Iwai)
- net: usb: usbnet: fix name regression (Oliver Neukum)
- Revert "driver core: Fix uevent_show() vs driver detach race" (Greg Kroah-Hartman)
- pinctrl: single: fix missing error code in pcs_probe() (Yang Yingliang)
[4.14.35-2047.543.2.el7uek]
- igb: Do not free the irq resources if they are already freed by igb_close() (Yifei Liu) [Orabug: 37208307]
- ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199021] {CVE-2024-49958}
- Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna) [Orabug: 37199021]
- LTS version v4.14.355 (Yifei Liu)
- Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" (Greg Kroah-Hartman)
- netns: restore ops before calling ops_exit_list (Li RongQing)
- cx82310_eth: fix error return code in cx82310_bind() (Zhang Changzhong)
- rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116447] {CVE-2024-46829}
- locking/rtmutex: Handle non enqueued waiters gracefully in remove_waiter() (Peter Zijlstra)
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko)
- ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron)
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron)
- netns: add pre_exit method to struct pernet_operations (Eric Dumazet)
- net: Add comment about pernet_operations methods and synchronization (Kirill Tkhai)
- nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074678] {CVE-2024-46780}
- nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang)
- nilfs2: use time64_t internally (Arnd Bergmann)
- tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian)
- ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() (Steven Rostedt (VMware))
- uprobes: Use kzalloc to allocate xol area (Sven Schnelle)
- clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai)
- clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai)
- nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven)
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (Matteo Martelli)
- iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner)
- ata: pata_macio: Use WARN instead of BUG (Michael Ellerman)
- of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074490] {CVE-2024-46743}
- Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074496] {CVE-2024-46744}
- usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum)
- Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074504] {CVE-2024-46745}
- btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba)
- PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074533] {CVE-2024-46750}
- btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116495] {CVE-2024-46840}
- btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik)
- smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang)
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074562] {CVE-2024-46755}
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074567] {CVE-2024-46756}
- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074572] {CVE-2024-46757}
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074580] {CVE-2024-46758}
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074586] {CVE-2024-46759}
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074596] {CVE-2024-46761}
- devres: Initialize an uninitialized struct member (Zijun Hu)
- um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116519] {CVE-2024-46844}
- cgroup: Protect css->cgroup write under css_set_lock (Waiman Long)
- iommu/vt-d: Handle volatile descriptor status read (Jacob Pan)
- rfkill: fix spelling mistake contidion to condition (Richard Guy Briggs)
- usbnet: modern method to get random MAC (Oliver Neukum)
- net: usb: don't write directly to netdev->dev_addr (Jakub Kicinski)
- drivers/net/usb: Remove all strcpy() uses (Len Baker)
- cx82310_eth: re-enable ethernet mode after router reboot (Ondrej Zary)
- igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li)
- can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074626] {CVE-2024-46771}
- pcmcia: Use resource_size function on resource object (Jules Irenge)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni)
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel)
- af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima)
- irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali Rohár)
- smack: unix sockets: fix accept()ed socket label (Konstantin Andreev)
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai)
- nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159766] {CVE-2024-47669}
- nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074685] {CVE-2024-46781}
- fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn)
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko)
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg)
- sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074727] {CVE-2024-46800}
- ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (Hillf Danton) [Orabug: 30562949] {CVE-2019-15222}
- ALSA: usb-audio: Sanity checks for each pipe and EP types (Takashi Iwai)
- ALSA: usb-audio: add boot quirk for Axe-Fx III (Alberto Aguirre)
- udf: Limit file size to 4TB (Jan Kara)
- block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964517] {CVE-2024-43854}
- media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda)
- smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler)
- usbip: Don't submit special requests twice (Simon Holesch)
- apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073079] {CVE-2024-46721}
- drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073084] {CVE-2024-46722}
- drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073089] {CVE-2024-46723}
- drm/amdgpu: fix overflowed array index read warning (Tim Huang)
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun)
- usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski)
- usb: dwc3: st: Add of_node_put() before return in probe function (Nishka Dasgupta)
- net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian)
- LTS version v4.14.354 (Yifei Liu)
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (Daniel Vetter)
- ipc: remove memcg accounting for sops objects in do_semtimedop() (Vasily Averin)
- scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070701] {CVE-2024-46673}
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu)
- usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070706] {CVE-2024-46674}
- usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070711] {CVE-2024-46675}
- usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski)
- USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian)
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray)
- net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet)
- gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070723] {CVE-2024-46677}
- net: prevent mss overflow in skb_segment() (Eric Dumazet)
- ida: Fix crash in ida_free when the bitmap is empty (Matthew Wilcox (Oracle))
- net:rds: Fix possible deadlock in rds_message_put (Allison Henderson)
- fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) [Orabug: 34408909] {CVE-2021-33655}
- fbcon: Prevent that screen size is smaller than font size (Helge Deller) [Orabug: 34408909] {CVE-2021-33655}
- printk: Export is_console_locked (Hans de Goede)
- memcg: enable accounting of ipc resources (Vasily Averin) [Orabug: 34214321] {CVE-2021-3759}
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964511] {CVE-2024-43853}
- media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda)
- media: uvcvideo: Use ktime_t for timestamps (Arnd Bergmann)
- filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 (Long Li)
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal)
- dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka)
- wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer)
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070745] {CVE-2024-46685}
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898010] {CVE-2024-42228}
- Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029138] {CVE-2024-45008}
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 36654193] {CVE-2023-31083}
- mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten)
- HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke)
- Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992977] {CVE-2024-43884}
- mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070692] {CVE-2024-45028}
- net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson)
- ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029077] {CVE-2024-44987}
- netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior)
- kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013762] {CVE-2024-44946}
- Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz)
- Bluetooth: hci_core: Fix not handling link timeouts propertly (Luiz Augusto von Dentz)
- Bluetooth: Make use of __check_timeout on hci_sched_le (Luiz Augusto von Dentz)
- block: use "unsigned long" for blk_validate_block_size(). (Tetsuo Handa)
- gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029112] {CVE-2024-44999}
- hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang)
- nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg)
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li)
- irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang)
- usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati)
- s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev)
- openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde)
- NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown)
- Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz)
- usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-König)
- f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu)
- btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba)
- btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba)
- btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba)
- btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba)
- powerpc/boot: Only free if realloc() succeeds (Michael Ellerman)
- powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming)
- parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller)
- md: clean up invalid BUG_ON in md_ioctl (Li Nan)
- net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook)
- scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() (Justin Tee)
- fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov)
- media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil)
- quota: Remove BUG_ON from dqget() (Jan Kara)
- ext4: do not trim the group with corrupted block bitmap (Baokun Li)
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan)
- wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit)
- gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher)
- scsi: spi: Fix sshdr use (Mike Christie)
- binfmt_misc: cleanup on filesystem umount (Christian Brauner)
- staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye)
- wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson)
- ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb)
- atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029106] {CVE-2024-44998}
- btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin)
- overflow: Implement size_t saturating arithmetic helpers (Kees Cook)
- overflow.h: Add flex_array_size() helper (Gustavo A. R. Silva)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin)
- memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070673] {CVE-2024-45021}
- drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen)
- selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei)
- include/linux/bitmap.h: make bitmap_fill() and bitmap_zero() consistent (Andy Shevchenko)
- dm persistent data: fix memory allocation failure (Mikulas Patocka)
- dm resume: don't return EINVAL when signalled (Khazhismel Kumykov)
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan José Arboleda)
- fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017952] {CVE-2024-44947}
- LTS version v4.14.353 (Yifei Liu)
- net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36720418] {CVE-2024-36971}
- nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli)
- exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984018] {CVE-2024-43882}
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953970] {CVE-2024-42259}
- drm/i915: Try GGTT mmapping whole object as partial (Chris Wilson)
- netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso)
- kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor)
- drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann)
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach)
- drm/bridge: analogix_dp: Properly log AUX CH errors (Douglas Anderson)
- drm/bridge: analogix_dp: Reset aux channel if an error occurred (Lin Huang)
- drm/bridge: analogix_dp: Check AUX_EN status when doing AUX transfer (Lin Huang)
- x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028937] {CVE-2024-44948}
- tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992999] {CVE-2024-43890}
- power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede)
- power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede)
- serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993010] {CVE-2024-43893}
- ntp: Safeguard against time_constant overflow (Justin Stitt)
- ntp: Clamp maxerror and esterror to operating range (Justin Stitt)
- tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37242882] {CVE-2024-44968}
- scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela)
- usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028989] {CVE-2024-44960}
- USB: serial: debug: do not echo input by default (Marek Marczykowski-Górecki)
- usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992972] {CVE-2024-43883}
- ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028959] {CVE-2024-44954}
- spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren)
- spi: fsl-lpspi: remove unneeded array (Oleksandr Suvorov)
- spi: lpspi: add the error info of transfer speed setting (Clark Wang)
- spi: lpspi: Add i.MX8 boards support for lpspi (Clark Wang)
- spi: lpspi: Let watermark change with send data length (Clark Wang)
- spi: lpspi: Add slave mode support (Clark Wang)
- spi: lpspi: Replace all "master" with "controller" (Clark Wang)
- spi: lpspi: Switch to SPDX identifier (Fabio Estevam)
- i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck)
- i2c: smbus: Improve handling of stuck alerts (Guenter Roeck)
- i2c: smbus: Don't filter out duplicate alerts (Corey Minyard)
- ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi)
- SUNRPC: Fix a race to wake a sync task (Benjamin Coddington)
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi)
- media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio)
- media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda)
- btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana)
- wifi: nl80211: don't give key data to userspace (Johannes Berg)
- udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov)
- udf: Fix signed/unsigned format specifiers (Steve Magnani)
- PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori)
- clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Söderlund)
- md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993128] {CVE-2024-43914}
- net: fec: Stop PPS on driver remove (Csókás, Bence)
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov)
- net: linkwatch: use system_unbound_wq (Eric Dumazet)
- net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983960] {CVE-2024-43861}
- irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou)
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke)
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai)
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963809] {CVE-2024-42265}
- ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Żenczykowski)
- net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964007] {CVE-2024-42271}
- drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes)
- remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964539] {CVE-2024-43860}
- remoteproc: imx_rproc: Fix ignoring mapping vdev regions (Dong Aisheng)
- remoteproc: imx_rproc: ignore mapping vdev regions (Peng Fan)
- perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter)
- perf/x86/intel/pt: Split ToPA metadata and page layout (Alexander Shishkin)
- perf/x86/intel/pt: Use pointer arithmetics instead in ToPA entry calculation (Alexander Shishkin)
- perf/x86/intel/pt: Use helpers to obtain ToPA entry size (Alexander Shishkin)
- devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983992] {CVE-2024-43871}
- driver core: Cast to (void *) with __force for __percpu pointer (Andy Shevchenko)
- dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964224] {CVE-2024-42301}
- parport: Standardize use of printmode (Joe Perches)
to pr_( (Joe Perches)
- parport: parport_pc: Mark expected switch fall-through (Gustavo A. R. Silva)
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam)
- PCI: rockchip: Make 'ep-gpios' DT property optional (Chen-Yu Tsai)
- mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897804] {CVE-2024-42131}
- mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964033] {CVE-2024-42280}
- tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964048] {CVE-2024-42284}
- net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg)
- ipv4: Fix incorrect source address in Record Route option (Ido Schimmel)
- net: ip_rt_get_source() - use new style struct initializer instead of memset (Maciej Żenczykowski)
- MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT)
- dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964524] {CVE-2024-43856}
- jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964531] {CVE-2024-43858}
- kdb: address -Wformat-security warnings (Arnd Bergmann)
- kdb: Fix bound check compiler warning (Wenlin Kang)
- nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964204] {CVE-2024-42295}
- selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman)
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964055] {CVE-2024-42285}
- RDMA/iwcm: Remove a set-but-not-used variable (Bart Van Assche)
- platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang)
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner)
- perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati)
- scsi: qla2xxx: During vport delete send async logout explicitly (Manish Rangankar) [Orabug: 36964081] {CVE-2024-42289}
- decompress_bunzip2: fix rare decompression failure (Ross Lagerwall)
- ubi: eba: properly rollback inside self_check_eba (Fedor Pchelkin)
- f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964214] {CVE-2024-42297}
- f2fs: prevent newly created inode from being dirtied incorrectly (Daeho Jeong)
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (Saurav Kashyap)
- binder: fix hang of unregistered readers (Carlos Llamas)
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu)
- hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- wifi: mwifiex: Fix interface type change (Rafael Beims)
- ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964233] {CVE-2024-42304}
- ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964238] {CVE-2024-42305}
- m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati)
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964254] {CVE-2024-42309}
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964261] {CVE-2024-42310}
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964266] {CVE-2024-42311}
- media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964276] {CVE-2024-42313}
- ipv6: take care of scope when choosing the src addr (Nicolas Dichtel)
- af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du)
- net: netconsole: Disable target before netpoll cleanup (Breno Leitao)
- tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao)
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi)
- fs/nilfs2: remove some unused macros to tame gcc (Alex Shi)
- pinctrl: freescale: mxs: Fix refcount of child (Peng Fan)
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-König)
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang)
- netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013756] {CVE-2024-44944}
- bnxt_re: Fix imm_data endianness (Jack Wang)
- macintosh/therm_windtunnel: fix module unload. (Nick Bowler)
- powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman)
- Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov)
- mtd: make mtd_test.c a separate module (Arnd Bergmann)
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI)
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky)
- RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky)
- PCI: Fix resource double counting on remove & rescan (Ilpo Järvinen)
- PCI: Equalize hotplug memory and io for occupied and empty slots (Jon Derrick)
- sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson)
- ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara)
- drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach)
- perf report: Fix condition in sort__sym_cmp() (Namhyung Kim)
- media: renesas: vsp1: Store RPF partition configuration per RPF instance (Laurent Pinchart)
- media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart)
- media: v4l: vsp1: Store pipeline pointer in vsp1_entity (Laurent Pinchart)
- saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov)
- media: imon: Fix race getting ictx->lock (Ricardo Ribalda)
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964481] {CVE-2024-43839}
- perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter)
- perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter)
- net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csókás, Bence)
- net: fec: Refactor: #define magic constants (Csókás Bence)
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda)
- m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum)
- x86/xen: Convert comma to semicolon (Chen Ni)
- m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman)
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck)
- hwmon: (max6697) Auto-convert to use SENSOR_DEVICE_ATTR_{RO, RW, WO} (Guenter Roeck)
- hwmon: Introduce SENSOR_DEVICE_ATTR_{RO, RW, WO} and variants (Guenter Roeck)
- hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck)
- pwm: stm32: Always do lazy disabling (Uwe Kleine-König)
- hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung)
- x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Järvinen)
- x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Järvinen)
- x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Järvinen)
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih)
[4.14.35-2047.543.1.el7uek]
- A/A Bonding: check port count during RDMA device addition (Arumugam Kolappan) [Orabug: 37202761]
- net/mlx5: E-Switch, Increase supported number of forward destinations to 32 (Maor Dickman) [Orabug: 36817112]
- net/mlx5e: Parse mirroring action for offloaded TC eswitch flows (Chris Mi) [Orabug: 36817112]
ELBA-2024-12870 Oracle Linux 7 squid bug fix update (aarch64)
Oracle Linux Bug Fix Advisory ELBA-2024-12870
http://linux.oracle.com/errata/ELBA-2024-12870.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
aarch64:
squid-3.5.20-17.0.5.el7_9.10.aarch64.rpm
squid-migration-script-3.5.20-17.0.5.el7_9.10.aarch64.rpm
squid-sysvinit-3.5.20-17.0.5.el7_9.10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//squid-3.5.20-17.0.5.el7_9.10.src.rpm
Description of changes:
[7:3.5.20-17.0.5.10]
- Fix Oracle patch application [Orabug: 37326730]
ELSA-2024-9654 Important: Oracle Linux 7 libsoup security update
Oracle Linux Security Advisory ELSA-2024-9654
http://linux.oracle.com/errata/ELSA-2024-9654.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
libsoup-2.62.2-2.0.1.el7.i686.rpm
libsoup-2.62.2-2.0.1.el7.x86_64.rpm
libsoup-devel-2.62.2-2.0.1.el7.i686.rpm
libsoup-devel-2.62.2-2.0.1.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//libsoup-2.62.2-2.0.1.el7.src.rpm
Related CVEs:
CVE-2024-52530
Description of changes:
[2.62.2-2.0.1]
- Fixed CVE-2024-52530 for smuggling nullbytes in header names [Orabug: 37289659]
ELBA-2024-12870 Oracle Linux 7 squid bug fix update
Oracle Linux Bug Fix Advisory ELBA-2024-12870
http://linux.oracle.com/errata/ELBA-2024-12870.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
squid-3.5.20-17.0.5.el7_9.10.x86_64.rpm
squid-migration-script-3.5.20-17.0.5.el7_9.10.x86_64.rpm
squid-sysvinit-3.5.20-17.0.5.el7_9.10.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//squid-3.5.20-17.0.5.el7_9.10.src.rpm
Description of changes:
[7:3.5.20-17.0.5.10]
- Fix Oracle patch application [Orabug: 37326730]
