-
Thu Jan 23 2025 Vijayendra Suman <vijayendra.suman@oracle.com> [5.4.17-2136.339.5.1.el8uek]
- Revert "xen/swiotlb: add alignment check for dma buffers" (Harshvardhan Jha) [Orabug: 37510955]
- vfio/iommu_type1: Fix some sanity checks in detach group (Keqian Zhu) [Orabug: 37511007]
- Revert "vfio/iommu_type1: Fix some sanity checks in detach group" (Dongli Zhang) [Orabug: 37511007]
-
Mon Dec 23 2024 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.339.5.el8uek]
- tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() (Nikolay Kuratov)
- vhost_scsi: log write descriptors (Dongli Zhang) [Orabug: 37393533]
- vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang) [Orabug: 37393533]
-
Tue Dec 17 2024 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.339.4.el8uek]
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (Kashyap Desai)
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" (Aurelien Jarno)
- mm: revert "mm: shmem: fix data-race in shmem_getattr()" (Andrew Morton)
- net/ipv6: release expired exception dst cached in socket (Jiri Wiesner) [Orabug: 37434173] {CVE-2024-56644}
- Revert "unicode: Don't special case ignorable code points" (Linus Torvalds)
- powerpc/vdso: Flag VDSO64 entry points as functions (Christophe Leroy)
- Revert "usb: gadget: composite: fix OS descriptors w_value logic" (Michal Vrastil)
-
Thu Dec 12 2024 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.339.3.el8uek]
- Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37364531]
- rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 (William Kucharski) [Orabug: 37265127]
- rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation (William Kucharski) [Orabug: 37265125]
- rds: rds_message_alloc() needlessly zeroes m_used_sgs (William Kucharski) [Orabug: 37265123]
- rds: tracepoint in rds_receive_csum_err() prints pointless information (William Kucharski) [Orabug: 37265121]
- rds: rds_inc_init() should initialize the inc->i_conn_path field (William Kucharski) [Orabug: 37265117]
- rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption (William Kucharski) [Orabug: 37265115]
- md/raid10: fix task hung in raid10d (Li Nan) [Orabug: 37126683]
- md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (Yu Kuai) [Orabug: 37126683]
- md/raid10: avoid deadlock on recovery. (Vitaly Mayatskikh) [Orabug: 37126683]
-
Thu Dec 05 2024 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.339.2.el8uek]
- arm64/cpu_errata: Spectre-BHB mitigation for AMPERE1 expects a loop of 11 iterations. (Miguel Luis) [Orabug: 37027863]
-
Fri Nov 29 2024 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.339.1.el8uek]
- net/rds: report pending-messages count in RDS_INQ response (Devesh Sharma) [Orabug: 35596047] [Orabug: 35316633]
- net/rds: Introduce RDS-INQ feature to RDS protocol (Devesh Sharma) [Orabug: 35316632] [Orabug: 37109336]
- net/rds: Supporting SIOCOUTQ to read pending sends (Devesh Sharma) [Orabug: 34460809] [Orabug: 37072814]
- mm/memory-failure: pass the folio and the page to collect_procs() (Matthew Wilcox (Oracle)) [Orabug: 37270264]
- KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD (Sean Christopherson) [Orabug: 37273706]
- KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding (Sean Christopherson) [Orabug: 37273706]
- objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 37273706] {CVE-2022-29901}
- x86/spec_ctrl: AMD AutoIBRS cannot be dynamically enabled or disabled (Alexandre Chartre) [Orabug: 37310552]
- x86/msr: Add functions to set/clear the bit of an MSR on all cpus (Alexandre Chartre) [Orabug: 37310552]
-
Thu Nov 21 2024 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.338.4.el8uek]
- devlink: fix possible use-after-free and memory leaks in devlink_init() (Vasiliy Kovalev) [Orabug: 37284641] {CVE-2024-26734}
- mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37174200] {CVE-2024-47674}
- mm: add remap_pfn_range_notrack (Christoph Hellwig) [Orabug: 37174200] {CVE-2024-47674}
- mm/memory.c: make remap_pfn_range() reject unaligned addr (Alex Zhang) [Orabug: 37174200] {CVE-2024-47674}
- mm: fix ambiguous comments for better code readability (chenqiwu) [Orabug: 37174200] {CVE-2024-47674}
- mm: clarify a confusing comment for remap_pfn_range() (WANG Wenhu) [Orabug: 37174200] {CVE-2024-47674}
-
Mon Nov 18 2024 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.338.3.el8uek]
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (Antonio Quartulli) [Orabug: 37304754] {CVE-2024-53060}
- rds: Add rds stuck shutdown timeout (Rohit Nair) [Orabug: 37180926]
- ACPI: ioremap: avoid redundant rounding to OS page size (Ard Biesheuvel) [Orabug: 37243611]
- blk-mq: fix missing blk_account_io_done() in error path (Yu Kuai) [Orabug: 37280096]
- Revert "net/mlx5: disable the 'fast unload' feature on Exadata systems" (Qing Huang) [Orabug: 37285309]
-
Mon Nov 18 2024 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.338.2.el8uek]
- LTS tag: v5.4.285 (Sherry Yang)
- mm: krealloc: Fix MTE false alarm in __do_krealloc (Qun-Wei Lin) [Orabug: 37331939] {CVE-2024-53097}
- mac80211: always have ieee80211_sta_restart() (Johannes Berg)
- vt: prevent kernel-infoleak in con_font_get() (Jeongjun Park)
- Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" (Jason-JH.Lin)
- mm: shmem: fix data-race in shmem_getattr() (Jeongjun Park) [Orabug: 37268581] {CVE-2024-50228}
- nilfs2: fix kernel bug due to missing clearing of checked flag (Ryusuke Konishi) [Orabug: 37268589] {CVE-2024-50230}
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (Edward Adam Davis) [Orabug: 37268564] {CVE-2024-50218}
- riscv: Remove unused GENERATING_ASM_OFFSETS (Chunyan Zhang)
- nilfs2: fix potential deadlock with newly created symlinks (Ryusuke Konishi) [Orabug: 37268585] {CVE-2024-50229}
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (Zicheng Qu) [Orabug: 37268598] {CVE-2024-50233}
- wifi: iwlegacy: Clear stale interrupts before resuming device (Ville Syrjälä) [Orabug: 37268603] {CVE-2024-50234}
- wifi: ath10k: Fix memory leak in management tx (Manikanta Pubbisetty) [Orabug: 37268611] {CVE-2024-50236}
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (Felix Fietkau) [Orabug: 37268614] {CVE-2024-50237}
- Revert "driver core: Fix uevent_show() vs driver detach race" (Greg Kroah-Hartman)
- xhci: Fix Link TRB DMA in command ring stopped completion event (Faisal Hassan)
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (Zijun Hu)
- usbip: tools: Fix detach_port() invalid port error path (Zongmin Zhou)
- misc: sgi-gru: Don't disable preemption in GRU driver (Dimitri Sivanich)
- net: amd: mvme147: Fix probe banner message (Daniel Palmer)
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (Xiongfeng Wang)
- drivers/misc: ti-st: Remove unneeded variable in st_tty_open (zhong jiang)
- netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (Pablo Neira Ayuso) [Orabug: 37268671] {CVE-2024-50251}
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (Benoît Monin)
- net: support ip generic csum processing in skb_csum_hwoffload_help (Xin Long)
- bpf: Fix out-of-bounds write in trie_get_next_key() (Byeonguk Jeong) [Orabug: 37268703] {CVE-2024-50262}
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (Pedro Tammela) [Orabug: 37304741] {CVE-2024-53057}
- gtp: allow -1 to be specified as file description from userspace (Pablo Neira Ayuso)
- gtp: simplify error handling code in 'gtp_encap_enable()' (Christophe JAILLET)
- dt-bindings: gpu: Convert Samsung Image Rotator to dt-schema (Maciej Falkowski)
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (Christophe JAILLET)
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (Daniel Gabay) [Orabug: 37304750] {CVE-2024-53059}
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (Emmanuel Grumbach)
- mac80211: Add support to trigger sta disconnect on hardware restart (Youghandhar Chintala)
- mac80211: do drv_reconfig_complete() before restarting all (Johannes Berg)
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (Felix Fietkau)
- cgroup: Fix potential overflow issue when checking max_depth (Xiu Jianfeng)
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [Orabug: 37264076] {CVE-2024-50142}
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning (junhua huang)
- selinux: improve error checking in sel_write_load() (Paul Moore)
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Haiyang Zhang)
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (José Relvas)
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (Ryusuke Konishi) [Orabug: 37252378] {CVE-2024-50116}
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (Shubham Panwar)
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (Christian Heusel)
- drm/amd: Guard against bad data for ATIF ACPI method (Mario Limonciello) [Orabug: 37252384] {CVE-2024-50117}
- ALSA: hda/realtek: Update default depop procedure (Kailang Yang)
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (Andrey Shumilin) [Orabug: 37264275] {CVE-2024-50205}
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (Jinjie Ruan) [Orabug: 37304479] {CVE-2024-50210}
- r8169: avoid unsolicited interrupts (Heiner Kallweit)
- net: sched: fix use-after-free in taprio_change() (Dmitry Antipov) [Orabug: 37252408] {CVE-2024-50127}
- net: usb: usbnet: fix name regression (Oliver Neukum)
- be2net: fix potential memory leak in be_xmit() (Wang Hai) [Orabug: 37264144] {CVE-2024-50167}
- net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() (Wang Hai) [Orabug: 37264150] {CVE-2024-50168}
- tracing: Consider the NULL character when validating the event length (Leo Yan) [Orabug: 37252416] {CVE-2024-50131}
- jfs: Fix sanity check in dbMount (Dave Kleikamp)
- udf: fix uninit-value use in udf_get_fileshortad (Gianfranco Trad) [Orabug: 37264081] {CVE-2024-50143}
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (Hans de Goede) [Orabug: 37252421] {CVE-2024-50134}
- KVM: s390: gaccess: Check if guest address is in memslot (Nico Boehr)
- KVM: s390: gaccess: Cleanup access to guest pages (Janis Schoetterl-Glausch)
- KVM: s390: gaccess: Refactor access address range check (Janis Schoetterl-Glausch)
- KVM: s390: gaccess: Refactor gpa and length calculation (Janis Schoetterl-Glausch)
- arm64: probes: Fix uprobes for big-endian kernels (Mark Rutland) [Orabug: 37264237] {CVE-2024-50194}
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (junhua huang)
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (Ye Bin) [Orabug: 37264097] {CVE-2024-50148}
- usb: typec: altmode should keep reference to parent (Thadeu Lima de Souza Cascardo) [Orabug: 37264103] {CVE-2024-50150}
- smb: client: fix OOBs when building SMB2_IOCTL request (Paulo Alcantara) [Orabug: 37264108] {CVE-2024-50151}
- genetlink: hold RCU in genlmsg_mcast() (Eric Dumazet)
- net: systemport: fix potential memory leak in bcm_sysport_xmit() (Wang Hai) [Orabug: 37264157] {CVE-2024-50171}
- net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() (Wang Hai)
- macsec: don't increment counters for an unrelated SA (Sabrina Dubroca)
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (Jonathan Marek)
- RDMA/bnxt_re: Return more meaningful error (Kalesh AP)
- ipv4: give an IPv4 dev to blackhole_netdev (Xin Long)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (Anumula Murali Mohan Reddy)
- ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin (Florian Klink)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (Saravanan Vajravel)
- mac80211: Fix NULL ptr deref for injected rate info (Mathy Vanhoef)
- erofs: fix lz4 inplace decompression (Gao Xiang)
- nilfs2: propagate directory read errors from nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37264267] {CVE-2024-50202}
- x86/apic: Always explicitly disarm TSC-deadline timer (Zhang Rui)
- x86/resctrl: Annotate get_mem_config() functions as __init (Nathan Chancellor)
- parport: Proper fix for array out-of-bounds access (Takashi Iwai) [Orabug: 37227436] {CVE-2024-50074}
- USB: serial: option: add Telit FN920C04 MBIM compositions (Daniele Palmas)
- USB: serial: option: add support for Quectel EG916Q-GL (Benjamin B. Frost)
- xhci: Fix incorrect stream context type macro (Mathias Nyman)
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (Luiz Augusto von Dentz)
- Bluetooth: Remove debugfs directory on module init failure (Aaron Thompson)
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: light: opt3001: add missing full-scale range value (Emil Gedenryd)
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (Christophe JAILLET)
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (Javier Carrasco)
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (Javier Carrasco)
- drm/vmwgfx: Handle surface check failure correctly (Nikolay Kuratov)
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Omar Sandoval) [Orabug: 37227404] {CVE-2024-50082}
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (Jim Mattson)
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (Michael Mueller)
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (Thomas Weißschuh)
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (Breno Leitao) [Orabug: 36835837] {CVE-2024-40953}
- wifi: mac80211: fix potential key use-after-free (Johannes Berg)
- mm/swapfile: skip HugeTLB pages for unuse_vma (Liu Shixin) [Orabug: 37264257] {CVE-2024-50199}
- fat: fix uninitialized variable (OGAWA Hirofumi)
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (WangYuli)
- tracing/kprobes: Fix symbol counting logic by looking at modules as well (Andrii Nakryiko)
- tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols (Francis Laniel)
- arm64: probes: Fix simulate_ldr*_literal() (Mark Rutland)
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Rutland) [Orabug: 37252317] {CVE-2024-50099}
- posix-clock: Fix missing timespec64 check in pc_clock_settime() (Jinjie Ruan) [Orabug: 37264242] {CVE-2024-50195}
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (Yonatan Maman) [Orabug: 37252308] {CVE-2024-50096}
- net: Fix an unsafe loop on the list (Anastasia Kovaleva) [Orabug: 37206409] {CVE-2024-50024}
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (SurajSonawane2415)
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (Icenowy Zheng)
- usb: xhci: Fix problem with xhci resume from suspend (Jose Alberto Reguero)
- usb: dwc3: core: Stop processing of pending events if controller is halted (Selvarasu Ganesan)
- Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" (Oliver Neukum)
- HID: plantronics: Workaround for an unexcepted opposite volume key (Wade Wang)
- CDC-NCM: avoid overflow in sanity checking (Oliver Neukum)
- resource: fix region_intersects() vs add_memory_driver_managed() (Huang Ying) [Orabug: 37200931] {CVE-2024-49878}
- lockdep: fix deadlock issue between lockdep and rcu (Zhiguo Niu)
- locking/lockdep: Avoid potential access of invalid memory in lock_class (Waiman Long)
- locking/lockdep: Rework lockdep_lock (Peter Zijlstra)
- locking/lockdep: Fix bad recursion pattern (Peter Zijlstra)
- slip: make slhc_remember() more robust against malicious packets (Eric Dumazet) [Orabug: 37206429] {CVE-2024-50033}
- ppp: fix ppp_async_encode() illegal access (Eric Dumazet) [Orabug: 37206435] {CVE-2024-50035}
- sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (Xin Long)
- net: annotate lockless accesses to sk->sk_max_ack_backlog (Eric Dumazet)
- net: annotate lockless accesses to sk->sk_ack_backlog (Eric Dumazet)
- net: ibm: emac: mal: fix wrong goto (Rosen Penev)
- net/sched: accept TCA_STAB only for root qdisc (Eric Dumazet) [Orabug: 37206457] {CVE-2024-50039}
- igb: Do not bring the device up after non-fatal error (Mohamed Khalfella) [Orabug: 37206464] {CVE-2024-50040}
- gpio: aspeed: Use devm_clk api to manage clock source (Billy Tsai)
- gpio: aspeed: Add the flush write to ensure the write complete. (Billy Tsai)
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (Luiz Augusto von Dentz) [Orabug: 37206474] {CVE-2024-50044}
- netfilter: br_netfilter: fix panic with metadata_dst skb (Andy Roulin) [Orabug: 37206482] {CVE-2024-50045}
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (Neal Cardwell)
- tcp: fix to allow timestamp undo if no retransmits were sent (Neal Cardwell)
- SUNRPC: Fix integer overflow in decode_rc_list() (Dan Carpenter)
- ice: fix VLAN replay after reset (Dave Ertman)
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (Bob Pearson)
- fbdev: sisfb: Fix strbuf array overflow (Andrey Shumilin) [Orabug: 37264186] {CVE-2024-50180}
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (Zijun Hu)
- tools/iio: Add memory allocation failure check for trigger_name (Zhu Jun)
- virtio_pmem: Check device status before requesting flush (Philip Chen) [Orabug: 37264205] {CVE-2024-50184}
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (Shawn Shao)
- usb: chipidea: udc: enable suspend interrupt after usb reset (Xu Yang)
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (Yunke Cao)
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (Kaixin Wang) [Orabug: 37206542] {CVE-2024-50059}
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (Alex Williamson)
- i2c: i801: Use a different adapter-name for IDF adapters (Hans de Goede)
- PCI: Add ACS quirk for Qualcomm SA8775P (Subramanian Ananthanarayanan)
- clk: bcm: bcm53573: fix OF node leak in init (Krzysztof Kozlowski)
- ktest.pl: Avoid false positives with grub2 skip regex (Daniel Jordan)
- s390/cpum_sf: Remove WARN_ON_ONCE statements (Thomas Richter)
- ext4: nested locking for xattr inode (Wojciech Gładysz)
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (Gerald Schaefer)
- s390/facility: Disable compile time optimization for decompressor code (Heiko Carstens)
- bpf: Check percpu map value size first (Tao Chen)
- Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (Mathias Krause)
- virtio_console: fix misc probe bugs (Michael S. Tsirkin)
- tracing: Have saved_cmdlines arrays all in one allocation (Steven Rostedt (Google))
- drm/crtc: fix uninitialized variable use even harder (Rob Clark)
- tracing: Remove precision vsnprintf() check from print event (Steven Rostedt (Google))
- net: ethernet: cortina: Drop TSO support (Linus Walleij)
- unicode: Don't special case ignorable code points (Gabriel Krisman Bertazi) [Orabug: 37252274] {CVE-2024-50089}
- ext4: fix inode tree inconsistency caused by ENOMEM (zhanchengbin)
- ACPI: battery: Fix possible crash when unregistering a battery hook (Armin Wolf) [Orabug: 37206092] {CVE-2024-49955}
- ACPI: battery: Simplify battery hook locking (Armin Wolf)
- r8169: add tally counter fields added with RTL8125 (Heiner Kallweit) [Orabug: 37206183] {CVE-2024-49973}
- r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" (Colin Ian King)
- clk: qcom: clk-rpmh: Fix overflow in BCM vote (Mike Tipton)
- clk: qcom: rpmh: Simplify clk_rpmh_bcm_send_cmd() (Stephen Boyd)
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (NeilBrown)
- nfsd: use ktime_get_seconds() for timestamps (Arnd Bergmann)
- uprobes: fix kernel info leak via "[uprobes]" vma (Oleg Nesterov)
- arm64: errata: Expand speculative SSBS workaround once more (Mark Rutland)
- arm64: cputype: Add Neoverse-N3 definitions (Mark Rutland)
- arm64: Add Cortex-715 CPU part definition (Anshuman Khandual)
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- i2c: qcom-geni: Grow a dev pointer to simplify code (Stephen Boyd)
- i2c: qcom-geni: Let firmware specify irq trigger flags (Stephen Boyd)
- gpio: davinci: fix lazy disable (Emanuele Ghidoli)
- btrfs: wait for fixup workers before stopping cleaner kthread during umount (Filipe Manana) [Orabug: 37200897] {CVE-2024-49867}
- btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (Qu Wenruo) [Orabug: 37200903] {CVE-2024-49868}
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (Hans de Goede)
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (Hans de Goede)
- Input: adp5589-keys - fix adp5589_gpio_get_value() (Nuno Sa)
- rtc: at91sam9: fix OF node leak in probe() error path (Krzysztof Kozlowski)
- tomoyo: fallback to realpath if symlink's pathname does not exist (Tetsuo Handa)
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors (Barnabás Czémán)
- media: venus: fix use after free bug in venus_remove due to race condition (Zheng Wang) [Orabug: 37206210] {CVE-2024-49981}
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (Hans Verkuil)
- media: sun4i_csi: Implement link validate for sun4i_csi subdev (Laurent Pinchart)
- clk: rockchip: fix error for unknown clocks (Sebastian Reichel)
- aoe: fix the potential use-after-free problem in more places (Chun-Yi Lee) [Orabug: 37206642] {CVE-2024-49982}
- riscv: define ILLEGAL_POINTER_VALUE for 64bit (Jisheng Zhang)
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (Lizhi Xu) [Orabug: 37200926] {CVE-2024-49877}
- ocfs2: fix null-ptr-deref when journal load failed. (Julian Sun) [Orabug: 37206097] {CVE-2024-49957}
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks (Lizhi Xu) [Orabug: 37206137] {CVE-2024-49965}
- ocfs2: cancel dqi_sync_work before freeing oinfo (Joseph Qi) [Orabug: 37206141] {CVE-2024-49966}
- ocfs2: fix uninit-value in ocfs2_get_block() (Joseph Qi)
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (Heming Zhao)
- mm: krealloc: consider spare memory for __GFP_ZERO (Danilo Krummrich)
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (Baokun Li) [Orabug: 37206109] {CVE-2024-49959}
- drm: omapdrm: Add missing check for alloc_ordered_workqueue (Ma Ke) [Orabug: 37200935] {CVE-2024-49879}
- of/irq: Support #msi-cells=<0> in of_msi_get_domain (Andrew Jones)
- parisc: Fix stack start for ADDR_NO_RANDOMIZE personality (Helge Deller)
- parisc: Fix 64-bit userspace syscall path (Helge Deller)
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (Luis Henriques (SUSE))
- ext4: fix double brelse() the buffer of the extents path (Baokun Li) [Orabug: 37200948] {CVE-2024-49882}
- ext4: aovid use-after-free in ext4_ext_insert_extent() (Baokun Li) [Orabug: 37200954] {CVE-2024-49883}
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (Luis Henriques (SUSE))
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (Baokun Li)
- ext4: no need to continue when the number of entries is 1 (Edward Adam Davis) [Orabug: 37206147] {CVE-2024-49967}
- ALSA: core: add isascii() check to card ID generator (Jaroslav Kysela)
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (Thomas Zimmermann)
- parisc: Fix itlb miss handler for 64-bit programs (Helge Deller)
- perf/core: Fix small negative period being ignored (Luo Gengkun)
- spi: bcm63xx: Fix module autoloading (Jinjie Ruan)
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (Krzysztof Kozlowski)
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs (Robert Hancock)
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (Marek Vasut) [Orabug: 37206220] {CVE-2024-49985}
- selftests: vDSO: fix vDSO symbols lookup for powerpc64 (Christophe Leroy)
- selftests: breakpoints: use remaining time to check if suspend succeed (Yifei Liu)
- spi: s3c64xx: fix timeout counters in flush_fifo (Ben Dooks)
- ext4: fix i_data_sem unlock order in ext4_ind_migrate() (Artem Sadovnikov) [Orabug: 37206323] {CVE-2024-50006}
- ext4: ext4_search_dir should return a proper error (Thadeu Lima de Souza Cascardo)
- of/irq: Refer to actual buffer size in of_irq_parse_one() (Geert Uytterhoeven)
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (Geert Uytterhoeven)
- scsi: aacraid: Rearrange order of struct aac_srb_unit (Kees Cook)
- drm/printer: Allow NULL data in devcoredump printer (Matthew Brost)
- drm/amd/display: Initialize get_bytes_per_element's default to 1 (Alex Hung) [Orabug: 37205727] {CVE-2024-49892}
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (Srinivasan Shanmugam) [Orabug: 37205740] {CVE-2024-49894}
- drm/amd/display: Check stream before comparing them (Alex Hung) [Orabug: 37205752] {CVE-2024-49896}
- jfs: Fix uninit-value access of new_ea in ea_buffer (Zhao Mengmeng) [Orabug: 37205778] {CVE-2024-49900}
- jfs: check if leafidx greater than num leaves per dmap tree (Edward Adam Davis) [Orabug: 37205790] {CVE-2024-49902}
- jfs: Fix uaf in dbFreeBits (Edward Adam Davis) [Orabug: 37205795] {CVE-2024-49903}
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (Remington Brasga)
- ata: sata_sil: Rename sil_blacklist to sil_quirks (Damien Le Moal)
- power: reset: brcmstb: Do not go into infinite loop if reset fails (Andrew Davis)
- fbdev: pxafb: Fix possible use after free in pxafb_task() (Kaixin Wang) [Orabug: 37205936] {CVE-2024-49924}
- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (Kees Cook)
- ALSA: hdsp: Break infinite MIDI input flush loop (Takashi Iwai)
- ALSA: asihpi: Fix potential OOB array access (Takashi Iwai) [Orabug: 37206328] {CVE-2024-50007}
- signal: Replace BUG_ON()s (Thomas Gleixner)
- nfp: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (Gustavo A. R. Silva) [Orabug: 37206333] {CVE-2024-50008}
- proc: add config & param to block forcing mem writes (Adrian Ratiu)
- ACPICA: iasl: handle empty connection_node (Aleksandrs Vinarskis)
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (Jason Xing)
- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (Ido Schimmel)
- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). (Kuniyuki Iwashima)
- net: mvpp2: Increase size of queue_name buffer (Simon Horman)
- tipc: guard against string buffer overrun (Simon Horman) [Orabug: 37206278] {CVE-2024-49995}
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (Pei Xiao) [Orabug: 37206124] {CVE-2024-49962}
- ACPI: EC: Do not release locks during operation region accesses (Rafael J. Wysocki)
- wifi: rtw88: select WANT_DEV_COREDUMP (Zong-Zhe Yang)
- net: sched: consistently use rcu_replace_pointer() in taprio_change() (Dmitry Antipov)
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (Armin Wolf)
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (Armin Wolf)
- net: hisilicon: hns_mdio: fix OF node leak in probe() (Krzysztof Kozlowski)
- net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() (Krzysztof Kozlowski)
- net: hisilicon: hip04: fix OF node leak in probe() (Krzysztof Kozlowski)
- ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() (Aleksandr Mishin)
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (Toke Høiland-Jørgensen) [Orabug: 37206029] {CVE-2024-49938}
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (Dmitry Kandybka)
- f2fs: Require FMODE_WRITE for atomic write ioctls (Jann Horn) [Orabug: 37200794] {CVE-2024-47740}
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (Takashi Iwai)
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (Takashi Iwai)
- ALSA: hda/realtek: Fix the push button function for the ALC257 (Oder Chiou)
- sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (Xin Long) [Orabug: 37206051] {CVE-2024-49944}
- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (Anton Danilov)
- net: add more sanity checks to qdisc_pkt_len_init() (Eric Dumazet) [Orabug: 37206064] {CVE-2024-49948}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Eric Dumazet) [Orabug: 37206070] {CVE-2024-49949}
- net: ethernet: lantiq_etop: fix memory disclosure (Aleksander Jan Bajkowski) [Orabug: 37206289] {CVE-2024-49997}
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- Bluetooth: btmrvl_sdio: Refactor irq wakeup (Abhishek Pandit-Subedi)
- netfilter: nf_tables: prevent nf_skb_duplicated corruption (Eric Dumazet) [Orabug: 37206081] {CVE-2024-49952}
- net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED (Phil Sutter)
- net/mlx5: Added cond_resched() to crdump collection (Mohamed Khalfella)
- ieee802154: Fix build error (Jinjie Ruan)
- drivers: net: Fix Kconfig indentation, continued (Krzysztof Kozlowski)
- Minor fixes to the CAIF Transport drivers Kconfig file (rd.dunlab@gmail.com)
- ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [Orabug: 37264181] {CVE-2024-50179}
- mailbox: bcm2835: Fix timeout during suspend mode (Stefan Wahren) [Orabug: 37206130] {CVE-2024-49963}
- mailbox: rockchip: fix a typo in module autoloading (Liao Chen)
- usb: yurex: Fix inconsistent locking bug in yurex_read() (Harshit Mogalapalli)
- i2c: isch: Add missed 'else' (Andy Shevchenko)
- i2c: aspeed: Update the stop sw state when the bus recovery occurs (Tommy Huang)
- mm: only enforce minimum stack gap size if it's sensible (David Gow)
- pps: add an error check in parport_attach (Ma Ke)
- pps: remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET)
- USB: misc: yurex: fix race between read and write (Oliver Neukum)
- usb: yurex: Replace snprintf() with the safer scnprintf() variant (Lee Jones)
- soc: versatile: realview: fix soc_dev leak during device remove (Krzysztof Kozlowski)
- soc: versatile: realview: fix memory leak during device remove (Krzysztof Kozlowski)
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (Sean Anderson)
- PCI: xilinx-nwl: Use irq_data_get_irq_chip_data() (Thomas Gleixner)
- ASoC: meson: axg-card: fix 'use-after-free' (Arseniy Krasnov) [Orabug: 37116540] {CVE-2024-46849}
- ASoC: meson: axg: extract sound card utils (Jerome Brunet)
- nfs: fix memory leak in error path of nfs4_do_reclaim (Li Lingfeng)
- fs: Fix file_set_fowner LSM hook inconsistencies (Mickaël Salaün)
- vfs: fix race between evice_inodes() and find_inode()&iput() (Julian Sun) [Orabug: 37200604] {CVE-2024-47679}
- hwrng: mtk - Use devm_pm_runtime_enable (Guoqing Jiang)
- f2fs: avoid potential int overflow in sanity_check_area_boundary() (Nikita Zhandarovich)
- f2fs: prevent possible int overflow in dir_block_index() (Nikita Zhandarovich)
- debugobjects: Fix conditions in fill_pool() (Zhen Lei)
- wifi: rtw88: 8822c: Fix reported RX band width (Bitterblue Smith)
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (Werner Sembach)
- ACPI: sysfs: validate return type of _STR method (Thomas Weißschuh) [Orabug: 37200878] {CVE-2024-49860}
- drbd: Add NULL check for net_conf to prevent dereference in state validation (Mikhail Lobanov)
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (Qiu-ji Chen)
- tty: rp2: Fix reset with non forgiving PCIe host bridges (Florian Fainelli)
- firmware_loader: Block path traversal (Jann Horn) [Orabug: 37200802] {CVE-2024-47742}
- USB: class: CDC-ACM: fix race between get_serial and set_serial (Oliver Neukum)
- USB: misc: cypress_cy7c63: check for short transfer (Oliver Neukum)
- USB: appledisplay: close race between probe and completion handler (Oliver Neukum)
- drm/amd/display: Round calculated vtotal (Robin Chen)
- soc: versatile: integrator: fix OF node leak in probe() error path (Krzysztof Kozlowski)
- Remove *.orig pattern from .gitignore (Laurent Pinchart)
- crypto: aead,cipher - zeroize key buffer after use (Hailey Mothershead) [Orabug: 36898014] {CVE-2024-42229}
- netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS (Simon Horman)
- net: qrtr: Update packets cloning when broadcasting (Youssef Samir)
- tcp: check skb is non-NULL in tcp_rto_delta_us() (Josh Hunt) [Orabug: 37200624] {CVE-2024-47684}
- net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (Kaixin Wang) [Orabug: 37200818] {CVE-2024-47747}
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Eric Dumazet) [Orabug: 37200630] {CVE-2024-47685}
- coresight: tmc: sg: Do not leak sg_table (Suzuki K Poulose)
- iio: adc: ad7606: fix standby gpio state to match the documentation (Guillaume Stols)
- iio: adc: ad7606: fix oversampling gpio array (Guillaume Stols)
- f2fs: reduce expensive checkpoint trigger frequency (Chao Yu)
- f2fs: remove unneeded check condition in __f2fs_setxattr() (Chao Yu)
- f2fs: fix to update i_ctime in __f2fs_setxattr() (Chao Yu)
- f2fs: fix typo (Yonggil Song)
- f2fs: enhance to update i_mode and acl atomically in f2fs_setattr() (Chao Yu)
- nfsd: return -EINVAL when namelen is 0 (Li Lingfeng) [Orabug: 37200650] {CVE-2024-47692}
- nfsd: call cache_put if xdr_reserve_space returns NULL (Guoqing Jiang) [Orabug: 37200783] {CVE-2024-47737}
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (Jinjie Ruan)
- RDMA/cxgb4: Added NULL check for lookup_atid (Mikhail Lobanov) [Orabug: 37200824] {CVE-2024-47749}
- riscv: Fix fp alignment bug in perf_callchain_user() (Jinjie Ruan)
- RDMA/hns: Optimize hem allocation performance (Junxian Huang)
- watchdog: imx_sc_wdt: Don't disable WDT in suspend (Jonas Blixt)
- pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function (Wang Jianzheng)
- clk: ti: dra7-atl: Fix leak of of_nodes (David Lechner)
- pinctrl: single: fix missing error code in pcs_probe() (Yang Yingliang)
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (Zhu Yanjun) [Orabug: 37205521] {CVE-2024-47696}
- PCI: xilinx-nwl: Fix register misspelling (Sean Anderson)
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (Dan Carpenter) [Orabug: 37205560] {CVE-2024-47756}
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (Junlin Li) [Orabug: 37200662] {CVE-2024-47697}
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (Junlin Li) [Orabug: 37200669] {CVE-2024-47698}
- clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 (Jonas Karlman)
- perf time-utils: Fix 32-bit nsec parsing (Ian Rogers)
- perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time (Yang Jihong)
- perf sched timehist: Fix missing free of session in perf_sched__timehist() (Yang Jihong)
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (Daniel Borkmann)
- nilfs2: fix potential oob read in nilfs_btree_check_delete() (Ryusuke Konishi) [Orabug: 37200843] {CVE-2024-47757}
- nilfs2: determine empty node blocks as corrupted (Ryusuke Konishi)
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (Ryusuke Konishi) [Orabug: 37200676] {CVE-2024-47699}
- ext4: avoid OOB when system.data xattr changes underneath the filesystem (Thadeu Lima de Souza Cascardo) [Orabug: 37200682] {CVE-2024-47701}
- ext4: return error on ext4_find_inline_entry (Thadeu Lima de Souza Cascardo)
- ext4: avoid negative min_clusters in find_group_orlov() (Kemeng Shi)
- smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso (Jiawei Ye)
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (yangerkun)
- jbd2: introduce/export functions jbd2_journal_submit|finish_inode_data_buffers() (Mauricio Faria de Oliveira)
- kthread: fix task state in kthread worker if being frozen (Chen Yu)
- kthread: add kthread_work tracepoints (Rob Clark)
- xz: cleanup CRC32 edits from 2018 (Lasse Collin)
- selftests/bpf: Fix error compiling test_lru_map.c (Tony Ambardar)
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (Tony Ambardar)
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc (Tony Ambardar)
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (Tony Ambardar)
- tpm: Clean up TPM space after command failure (Jonathan McDowell) [Orabug: 37200851] {CVE-2024-49851}
- xen/swiotlb: add alignment check for dma buffers (Juergen Gross)
- xen: use correct end address of kernel for conflict checking (Juergen Gross)
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (Yuesong Li)
- drm/msm: fix %s null argument error (Sherry Yang)
- ipmi: docs: don't advertise deprecated sysfs entries (Wolfram Sang)
- drm/msm/a5xx: fix races in preemption evaluation stage (Vladimir Lypak)
- drm/msm/a5xx: properly clear preemption records on resume (Vladimir Lypak)
- drm/msm/a5xx: disable preemption in submits by default (Vladimir Lypak)
- drm/msm: Fix incorrect file name output in adreno_request_fw() (Aleksandr Mishin)
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (Jeongjun Park) [Orabug: 37200741] {CVE-2024-47723}
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (Nikita Zhandarovich)
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (Jonas Karlman)
- drm/rockchip: vop: Allow 4096px width scaling (Alex Bee)
- drm/radeon: properly handle vbios fake edid sizing (Alex Deucher)
- drm/radeon: Replace one-element array with flexible-array member (Paulo Miguel Almeida)
- drm/amdgpu: properly handle vbios fake edid sizing (Alex Deucher)
- drm/amdgpu: Replace one-element array with flexible-array member (Paulo Miguel Almeida)
- drm/stm: Fix an error handling path in stm_drm_platform_probe() (Christophe JAILLET)
- mtd: powernv: Add check devm_kasprintf() returned value (Charles Han)
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (Christophe JAILLET)
- power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (Artur Weber)
- power: supply: axp20x_battery: Remove design from min and max voltage (Chris Morgan)
- power: supply: axp20x_battery: allow disabling battery charging (Hermann Lauer)
- hwmon: (ntc_thermistor) fix module autoloading (Yuntao Liu)
- mtd: slram: insert break after errors in parsing the map (Mirsad Todorovac)
- hwmon: (max16065) Fix overflows seen when writing limits (Guenter Roeck)
- clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (Ankit Agrawal)
- reset: berlin: fix OF node leak in probe() error path (Krzysztof Kozlowski)
- ARM: versatile: fix OF node leak in CPUs prepare (Krzysztof Kozlowski)
- ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property (Krzysztof Kozlowski)
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (Andy Shevchenko)
- spi: ppc4xx: handle irq_of_parse_and_map() errors (Ma Ke)
- block, bfq: don't break merge chain in bfq_split_bfqq() (Yu Kuai)
- block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (Yu Kuai)
- block, bfq: fix possible UAF for bfqq->bic with merge chain (Yu Kuai)
- net: tipc: avoid possible garbage value (Su Hui)
- Bluetooth: btusb: Fix not handling ZPL/short-transfer (Luiz Augusto von Dentz)
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). (Kuniyuki Iwashima) [Orabug: 37205476] {CVE-2024-47709}
- sock_map: Add a cond_resched() in sock_hash_free() (Eric Dumazet) [Orabug: 37200715] {CVE-2024-47710}
- wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (Jiawei Ye) [Orabug: 37205503] {CVE-2024-47712}
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (Dmitry Antipov) [Orabug: 37200721] {CVE-2024-47713}
- mac80211: parse radiotap header when selecting Tx queue (Mathy Vanhoef)
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (Dmitry Antipov)
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (Dmitry Antipov)
- netfilter: nf_tables: reject expiration higher than timeout (Pablo Neira Ayuso)
- netfilter: nf_tables: reject element expiration with no timeout (Pablo Neira Ayuso)
- netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire (Pablo Neira Ayuso)
- can: j1939: use correct function name in comment (Zhang Changzhong)
- mount: handle OOM on mnt_warn_timestamp_expiry (Olaf Hering)
- fs/namespace: fnic: Switch to use %ptTd (Andy Shevchenko)
- mount: warn only once about timestamp range expiration (Anthony Iliopoulos)
- fs: explicitly unregister per-superblock BDIs (Christoph Hellwig)
- wifi: ath9k: Remove error checks when creating debugfs entries (Toke Høiland-Jørgensen)
- wifi: ath9k: fix parameter check in ath9k_init_debug() (Minjie Du)
- ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (Aleksandr Mishin)
- USB: usbtmc: prevent kernel-usb-infoleak (Edward Adam Davis) [Orabug: 37159778] {CVE-2024-47671}
- USB: serial: pl2303: add device id for Macrosilicon MS3020 (Junhao Xie)
- bpf: Fix DEVMAP_HASH overflow check on 32-bit arches (Toke Høiland-Jørgensen) [Orabug: 36544917] {CVE-2024-26885}
- inet: inet_defrag: prevent sk release while still in use (Florian Westphal) [Orabug: 36545060] {CVE-2024-26921}
- gpio: prevent potential speculation leaks in gpio_device_get_desc() (Hagar Hemdan) [Orabug: 36993135] {CVE-2024-44931}
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (Ferry Meng) [Orabug: 36891661] {CVE-2024-41016}
- ocfs2: add bounds checking to ocfs2_xattr_find_entry() (Ferry Meng) [Orabug: 37159773] {CVE-2024-47670}
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (Michael Kelley)
- spi: bcm63xx: Enable module autoloading (Liao Chen)
- drm: komeda: Fix an issue related to normalized zpos (hongchi.peng)
- ASoC: tda7419: fix module autoloading (Liao Chen)
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead (Emmanuel Grumbach) [Orabug: 37159781] {CVE-2024-47672}
- wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() (Daniel Gabay)
- net: ftgmac100: Ensure tx descriptor updates are visible (Jacky Chou)
- microblaze: don't treat zero reserved memory regions as error (Mike Rapoport)
- pinctrl: at91: make it work with current gpiolib (Thomas Blocher)
- ALSA: hda/realtek - FIxed ALC285 headphone no sound (Kailang Yang)
- ALSA: hda/realtek - Fixed ALC256 headphone no sound (Kailang Yang)
- ASoC: allow module autoloading for table db1200_pids (Hongbo Li)
- soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" (Krzysztof Kozlowski)
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug (Han Xu) [Orabug: 37116548] {CVE-2024-46853}
- net: dpaa: Pad packets to ETH_ZLEN (Sean Anderson) [Orabug: 37116551] {CVE-2024-46854}
- net: ftgmac100: Enable TX interrupt to avoid TX timeout (Jacky Chou)
- net/mlx5e: Add missing link modes to ptys2ethtool_map (Shahar Shitrit)
- ice: fix accounting for filters shared by multiple VSIs (Jacob Keller)
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (Quentin Schulz)
- scripts: kconfig: merge_config: config files: add a trailing newline (Anders Roxell)
- net: phy: vitesse: repair vsc73xx autonegotiation (Pawel Dembicki)
- net: ethernet: use ip_hdrlen() instead of bit shift (Moon Yeounsu)
- usbnet: ipheth: fix carrier detection in modes 1 and 4 (Foster Snowhill)
-
Thu Nov 07 2024 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.338.1.el8uek]
- rds: ib: Avoid reuse of IB MRs when cleaning is in progress (Håkon Bugge) [Orabug: 33387996]