-
Fri Aug 21 2020 Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com> [4.14.35-1902.306.1.el7uek]
- net/mlx5e: Poll event queue upon TX timeout before performing full channels recovery (Eran Ben Elisha) [Orabug: 31753102]
- crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535528] {CVE-2020-10769}
- mac80211: Do not send Layer 2 Update frame before authorization (Jouni Malinen) [Orabug: 31473651] {CVE-2019-5108}
- cfg80211/mac80211: make ieee80211_send_layer2_update a public function (Dedy Lansky) [Orabug: 31473651] {CVE-2019-5108}
- sunrpc: use-after-free in svc_process_common() (Vasily Averin) [Orabug: 31351994] {CVE-2018-16884}
- sunrpc: use SVC_NET() in svcauth_gss_* functions (Vasily Averin) [Orabug: 31351994] {CVE-2018-16884}
- RDMA/cxgb4: Do not dma memory off of the stack (Greg KH) [Orabug: 31351782] {CVE-2019-17075}
- btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31351745] {CVE-2019-18885}
- fs/namespace.c: fix mountpoint reference counter race (Piotr Krysiuk) [Orabug: 31350975] {CVE-2020-12114} {CVE-2020-12114}
- kernel/sysctl.c: fix out-of-bounds access when setting file-max (Will Deacon) [Orabug: 31350719] {CVE-2019-14898}
- sysctl: handle overflow for file-max (Christian Brauner) [Orabug: 31350719] {CVE-2019-14898}
- nl80211: validate beacon head (Johannes Berg) [Orabug: 30785180] {CVE-2019-16746}
- cfg80211: Use const more consistently in for_each_element macros (Jouni Malinen) [Orabug: 30785180] {CVE-2019-16746}
- cfg80211: add and use strongly typed element iteration macros (Johannes Berg) [Orabug: 30785180] {CVE-2019-16746}
- net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31755755]
-
Fri Aug 14 2020 Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com> [4.14.35-1902.306.0.el7uek]
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688622]
- can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351220] {CVE-2019-19535}
- rds: Test parameter in rds_ib_recv_cache_put (Hans Westgaard Ry) [Orabug: 31737044]
- vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705120] {CVE-2020-14331} {CVE-2020-14331}
- md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31602420]
- md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31602420]
- random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698084] {CVE-2020-16166}
- x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (Anthony Steinhauser) [Orabug: 31557804] {CVE-2020-10767}
- Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" (Wade Mealing) [Orabug: 31510724] {CVE-2020-10781}
- genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723449]
- bonding: Force slave speed check after link state recovery for 802.3ad (Thomas Falcon) [Orabug: 31730609]
- bonding/802.3ad: fix slave link initialization transition states (Jarod Wilson) [Orabug: 31730609]
- bonding/802.3ad: fix link_failure_count tracking (Jarod Wilson) [Orabug: 31730609]
- bonding: speed/duplex update at NETDEV_UP event (Mahesh Bandewar) [Orabug: 31730609]
- net/rds: Incorrect WARN_ON() (Ka-Cheong Poon) [Orabug: 31718164]
- net/rds: rds_ib_remove_one() should not call rds_ib_dev_free_dev() (Ka-Cheong Poon) [Orabug: 31718164]
- KVM: nVMX: include conditional controls in /dev/kvm KVM_GET_MSRS (Paolo Bonzini) [Orabug: 31699256]
- KVM: x86: introduce is_pae_paging (Paolo Bonzini) [Orabug: 31699256]
- selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore) [Orabug: 31439368] {CVE-2020-10751}
- af_packet: set defaule value for tmo (Mao Wenan) [Orabug: 31439106] {CVE-2019-20812}
- hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380494]
- fix kABI breakage from "netns: provide pure entropy for net_hash_mix()" (Dan Duval) [Orabug: 31351903] {CVE-2019-10638} {CVE-2019-10639}
- netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351903] {CVE-2019-10638} {CVE-2019-10639}
- media: usb: siano: Fix general protection fault in smsusb (Alan Stern) [Orabug: 31351873] {CVE-2019-15218}
- cfg80211: wext: avoid copying malformed SSIDs (Will Deacon) [Orabug: 31351799] {CVE-2019-17133}
- can: gs_usb: gs_can_open(): prevent memory leak (Navid Emamdoost) [Orabug: 31351681] {CVE-2019-19052}
- rtlwifi: prevent memory leak in rtl_usb_probe (Navid Emamdoost) [Orabug: 31351625] {CVE-2019-19063}
- scsi: bfa: release allocated memory in case of error (Navid Emamdoost) [Orabug: 31351613] {CVE-2019-19066}
- ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351571] {CVE-2019-19073}
- ath9k: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351558] {CVE-2019-19074}
- ath10k: fix memory leak (Navid Emamdoost) [Orabug: 31351531] {CVE-2019-19078}
- bcache: fix potential deadlock problem in btree_gc_coalesce (Zhiqiang Liu) [Orabug: 31350645] {CVE-2020-12771}
- rds: ib: Revert "net/rds: Avoid stalled connection due to CM REQ retries" (Håkon Bugge) [Orabug: 31513037]
- rds: Clear reconnect pending bit (Håkon Bugge) [Orabug: 31513037]
-
Tue Aug 04 2020 Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com> [4.14.35-1902.305.4.el7uek]
- ptp: free ptp device pin descriptors properly (Vladis Dronov) [Orabug: 31710994]
-
Fri Jul 31 2020 Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com> [4.14.35-1902.305.3.el7uek]
- fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350638] {CVE-2020-10732}
- PCI: vmd: Filter resource type bits from shadow register (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Add device id for VMD device 8086:9A0B (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Fix shadow offsets to reflect spec changes (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Fix config addressing when using bus offsets (Jon Derrick) [Orabug: 31674879]
- PCI/VMD: Configure MPS settings before adding devices (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Add an additional VMD device id to driver device id table (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Add offset to bus numbers if necessary (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Assign membar addresses from shadow registers (Jon Derrick) [Orabug: 31674879]
- PCI: Add Intel VMD devices to pci ids (Jon Derrick) [Orabug: 31674879]
- misc: pvpanic: add crash loaded event (zhenwei pi) [Orabug: 31677099]
- kvm: Increase KVM_USER_MEM_SLOTS for dense memory hotplug (Eric DeVolder) [Orabug: 31694369]
-
Wed Jul 29 2020 Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com> [4.14.35-1902.305.2.el7uek]
- net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31445419] {CVE-2019-20811}
- vfio-pci: protect remap_pfn_range() from simultaneous calls (Ankur Arora) [Orabug: 31663632] {CVE-2020-12888} {CVE-2020-12888}
- crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351639] {CVE-2019-19062}
- iwlwifi: pcie: fix rb_allocator workqueue allocation (Johannes Berg) [Orabug: 31351807] {CVE-2019-16234}
- RDMA/netlink: Do not always generate an ACK for some netlink operations (Håkon Bugge) [Orabug: 31666974]
- Revert "uek-rpm: Move grub boot menu update to posttrans stage." (Somasundaram Krishnasamy) [Orabug: 31358100]
- net: dsa: Do not leave DSA master with NULL netdev_ops (Allen Pais) [Orabug: 31038233]
- rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry) [Orabug: 30358057]
- certs: Remove Oracle cert compiled into the kernel (Eric Snowberg) [Orabug: 31555628]
- CIFS: dump IPC tcon in debug proc file (Aurelien Aptel) [Orabug: 31500374]
- CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (Aurelien Aptel) [Orabug: 31500374]
- CIFS: make IPC a regular tcon (Aurelien Aptel) [Orabug: 31500374]
- CIFS: don't log STATUS_NOT_FOUND errors for DFS (Aurelien Aptel) [Orabug: 31500374]
- efi: Restrict efivar_ssdt_load when the kernel is locked down (Matthew Garrett) [Orabug: 31643409] {CVE-2019-20908}
- uek-rpm: drivers: enable VMD PCIe controller (Todd Vierling) [Orabug: 30646928]
- ext4: fix ext4_empty_dir() for directories with holes (Jan Kara) [Orabug: 31265319] {CVE-2019-19037} {CVE-2019-19037}
- IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31631531]
- ocfs2: change slot number type s16 to u16 (Junxiao Bi) [Orabug: 31480605]
- ocfs2: fix value of OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31480605]
- ocfs2: fix panic on nfs server over ocfs2 (Junxiao Bi) [Orabug: 31480605]
- ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug: 31480605]
- ocfs2: avoid inode removal while nfsd is accessing it (Junxiao Bi) [Orabug: 31480605]
-
Fri Jul 17 2020 Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com> [4.14.35-1902.305.1.el7uek]
- x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (Tony Luck) [Orabug: 31601132]
- libertas: fix a potential NULL pointer dereference (Allen Pais) [Orabug: 31351822] {CVE-2019-16232}
- ext4: work around deleting a file with i_nlink == 0 safely (Theodore Ts'o) [Orabug: 31351013] {CVE-2019-19447}
-
Fri Jul 10 2020 Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com> [4.14.35-1902.305.0.el7uek]
- thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 31564706]
- thermal: support for Marvell Octeon TX2 SoC temperature sensors (Eric Saint-Etienne) [Orabug: 31564706]
- x86/speculation: Prevent rogue cross-process SSBD shutdown (Anthony Steinhauser) [Orabug: 31557902] {CVE-2020-10768}
- psi: Fix double free (Tom Hromatka) [Orabug: 31535640]
- vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio/pci: Mask buggy SR-IOV VF INTx support (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} {CVE-2020-12888}
- vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Jiang Yi) [Orabug: 31439670] {CVE-2020-12888}
- vfio/pci: Pull BAR mapping setup from read-write path (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio_pci: Enable memory accesses before calling pci_map_rom (Eric Auger) [Orabug: 31439670] {CVE-2020-12888}
- vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Sean Christopherson) [Orabug: 31439670] {CVE-2020-12888}
- of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351701] {CVE-2019-19049}
-
Thu Jul 02 2020 Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com> [4.14.35-1902.304.6.el7uek]
- bpf: fix sanitation rewrite in case of non-pointers (Daniel Borkmann) [Orabug: 31552243]
-
Fri Jun 26 2020 Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com> [4.14.35-1902.304.5.el7uek]
- acpi: disallow loading configfs acpi tables when locked down (Jason A. Donenfeld) [Orabug: 31493187]
- selftests/bpf: do not run test_kmod.sh for UEK5 (Alan Maguire) [Orabug: 31540213]
- bpf: do not allow root to mangle valid pointers (Alexei Starovoitov) [Orabug: 31540213]
- x86/mitigations: reset default value for srbds_mitigation (Mihai Carabas) [Orabug: 31515075]
- x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai Carabas) [Orabug: 31515075]
- x86/mitigations: update MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug: 31515075]
- p54usb: Fix race between disconnect and firmware loading (Alan Stern) [Orabug: 31351863] {CVE-2019-15220}
- media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351671] {CVE-2019-19054}
- mm: Fix mremap not considering huge pmd devmap (Fan Yang) [Orabug: 31452398] {CVE-2020-10757} {CVE-2020-10757}
- tcp: implement coalescing on backlog queue (Eric Dumazet) [Orabug: 31517079]
- tcp: drop dst in tcp_add_backlog() (Eric Dumazet) [Orabug: 31517079]
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (Daniel Borkmann) [Orabug: 31517079]
-
Fri Jun 19 2020 Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com> [4.14.35-1902.304.4.el7uek]
- rds: Fix potential use after free in rds_ib_inc_free (Hans Westgaard Ry) [Orabug: 31504054]
- cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM (Josh Poimboeuf) [Orabug: 31421904]
- RDMA/cm: Spurious WARNING triggered in cm_destroy_id() (Ka-Cheong Poon) [Orabug: 31483289]
- RDMA/cm: Make sure the cm_id is in the IB_CM_IDLE state in destroy (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Allow ib_send_cm_sidr_rep() to be done under lock (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Allow ib_send_cm_rej() to be done under lock (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Allow ib_send_cm_drep() to be done under lock (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Allow ib_send_cm_dreq() to be done under lock (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Add some lockdep assertions for cm_id_priv->lock (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Make the destroy_id flow more robust (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Remove a race freeing timewait_info (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Use refcount_t type for refcount variable (Danit Goldberg) [Orabug: 31483289]
- net/rds: NULL pointer de-reference in rds_ib_add_one() (Ka-Cheong Poon) [Orabug: 31501438]
- scsi: mpt3sas: Introduce module parameter to override queue depth (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Fix memset() in non-RDPQ mode (Suganath Prabu S) [Orabug: 31486216]
- scsi: mpt3sas: Fix reply queue count in non RDPQ mode (Suganath Prabu S) [Orabug: 31486216]
- scsi: mpt3sas: Remove unused including <linux/version.h> (Samuel Zou) [Orabug: 31486216]
- scsi: mpt3sas: Fix double free warnings (Suganath Prabu S) [Orabug: 31486216]
- scsi: mpt3sas: Disable DIF when prot_mask set to zero (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Capture IOC data for debugging purposes (Suganath Prabu) [Orabug: 31486216]
- scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (Jason Yan) [Orabug: 31486216]
- scsi: mpt3sas: Remove NULL check before freeing function (Jason Yan) [Orabug: 31486216]
- scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (Suganath Prabu) [Orabug: 31486216]
- scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (Suganath Prabu) [Orabug: 31486216]
- scsi: mpt3sas: Separate out RDPQ allocation to new function (Suganath Prabu) [Orabug: 31486216]
- scsi: mpt3sas: Rename function name is_MSB_are_same (Suganath Prabu) [Orabug: 31486216]
- scsi: mpt3sas: Don't change the DMA coherent mask after allocations (Christoph Hellwig) [Orabug: 31486216]
- scsi: mpt3sas: use true,false for bool variables (Jason Yan) [Orabug: 31486216]
- scsi: mpt3sas: Update drive version to 33.100.00.00 (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Remove usage of device_busy counter (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Print function name in which cmd timed out (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Optimize mpt3sas driver logging (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: print in which path firmware fault occurred (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Handle CoreDump state from watchdog thread (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Add support IOCs new state named COREDUMP (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: renamed _base_after_reset_handler function (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Add support for NVMe shutdown (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Update MPI Headers to v02.00.57 (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Fix double free in attach error handling (Dan Carpenter) [Orabug: 31486216]
- scsi: mpt3sas: change allocation option (Tomas Henzl) [Orabug: 31486216]
- KVM: VMX: check descriptor table exits on instruction emulation (Oliver Upton) [Orabug: 31397358]