-
Thu Jul 18 2024 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.334.5.el8uek]
- Fix incorrect syntax in UEK6 OL8 kernel-uek.spec (Sherry Yang) [Orabug: 36847358]
- rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36722026]
-
Thu Jul 11 2024 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.334.4.el8uek]
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz)
- netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik) [Orabug: 36835599] {CVE-2024-39503}
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski) [Orabug: 36836328] {CVE-2024-40916}
- vxlan: Fix regression when dropping packets due to invalid src addresses (Daniel Borkmann)
-
Fri Jul 05 2024 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.334.3.el8uek]
- rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529562]
- pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36762919]
-
Thu Jul 04 2024 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.334.2.el8uek]
- LTS tag: v5.4.278 (Alok Tiwari)
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (Daniel J Blueman)
- io_uring: fail NOP if non-zero op flags is passed in (Ming Lei)
- nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov)
- s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger) [Orabug: 36774592] {CVE-2024-38661}
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774598] {CVE-2024-39276}
- sparc: move struct termio to asm/termios.h (Mike Gilbert)
- xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet) [Orabug: 36643449] {CVE-2024-35976}
- net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36720417] {CVE-2024-36971}
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson)
- kdb: Merge identical case statements in kdb_read() (Daniel Thompson)
- kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson)
- kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) [Orabug: 36809288] {CVE-2024-39480}
- sparc64: Fix number of online CPUs (Sam Ravnborg)
- intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin)
- net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774612] {CVE-2024-39301}
- net/ipv6: Fix route deleting failure when metric equals 0 (xu xin)
- crypto: ecrdsa - Fix module auto-load on add_key (Vitaly Chikunov)
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier)
- media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil)
- media: mxl5xx: Move xpt structures off stack (Nathan Chancellor)
- media: mc: mark the media devnode as registered from the, start (Hans Verkuil)
- arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen)
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (Bitterblue Smith)
- arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski)
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (Christoffer Sandberg)
- ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov)
- drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou) [Orabug: 36774657] {CVE-2024-39471}
- media: lgdt3306a: Add a check against null-pointer-def (Zheyu Ma)
- f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu) [Orabug: 36774636] {CVE-2024-39467}
- x86/mm: Remove broken vsyscall emulation code from the page fault code (Linus Torvalds)
- nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753564] {CVE-2024-38583}
- afs: Don't cross .backup mountpoint from backup volume (Marc Dionne)
- mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz)
- binder: fix max_thread type inconsistency (Carlos Llamas)
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever) [Orabug: 36809512] {CVE-2024-36288}
- ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753729] {CVE-2024-38618}
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763551] {CVE-2024-33621}
- spi: stm32: Don't warn about spurious interrupts (Uwe Kleine-König)
- kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada)
- netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal) [Orabug: 36763563] {CVE-2024-36270}
- net:fec: Add fec_enet_deinit() (Xiaolei Wang)
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran)
- smsc95xx: use usbnet->driver_priv (Andre Edich)
- smsc95xx: remove redundant function arguments (Andre Edich)
- enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763836] {CVE-2024-38659}
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763844] {CVE-2024-38780}
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran)
- nvmet: fix ns enable/disable possible hang (Sagi Grimberg)
- spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko)
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug: 36763570] {CVE-2024-36286}
- net: fec: avoid lock evasion when reading pps_enable (Wei Fang)
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763587] {CVE-2024-37353}
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825258] {CVE-2024-39488}
- openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole)
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763591] {CVE-2024-37356}
- params: lift param_set_uint_minmax to common code (Sagi Grimberg)
- ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825262] {CVE-2024-39489}
- sunrpc: fix NFSACL RPC retry on soft mount (Dan Aloni)
- x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada)
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun)
- media: cec: cec-api: add locking in cec_release() (Hans Verkuil)
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Hans Verkuil)
- um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie)
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde)
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (Azeem Shaikh)
- media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763602] {CVE-2024-38621}
- um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768583] {CVE-2024-39292}
- um: Fix return value in ubd_init() (Duoming Zhou)
- drm/msm/dpu: Always flush the slave INTF on the CTL (Marijn Suijten)
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu)
- Input: ims-pcu - fix printf string overflow (Arnd Bergmann)
- libsubcmd: Fix parse-options memory leak (Ian Rogers)
- serial: sh-sci: protect invalidating RXDMA on shutdown (Wolfram Sang)
- f2fs: fix to release node block count in error path of f2fs_new_node_page() (Chao Yu)
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap)
- ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678064] {CVE-2024-36015}
- ppdev: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET)
- stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763763] {CVE-2024-38627}
- usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff)
- microblaze: Remove early printk call from cpuinfo-static.c (Michal Simek)
- microblaze: Remove gcc flag for non existing early_printk.c file (Michal Simek)
- iio: pressure: dps310: support negative temperature values (Thomas Haemmerle)
- greybus: arche-ctrl: move device table to its right location (Arnd Bergmann)
- serial: max3100: Fix bitwise types (Andy Shevchenko)
- serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763814] {CVE-2024-38633}
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug: 36763819] {CVE-2024-38634}
- firmware: dmi-id: add a release callback function (Arnd Bergmann)
- dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni)
- soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart) [Orabug: 36763825] {CVE-2024-38635}
- soundwire: cadence_master: improve PDI allocation (Bard Liao)
- soundwire: intel: don't filter out PDI0/1 (Pierre-Louis Bossart)
- soundwire: cadence/intel: simplify PDI/port mapping (Pierre-Louis Bossart)
- greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763832] {CVE-2024-38637}
- sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov)
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet)
- netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753581] {CVE-2024-38589}
- RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky)
- selftests/kcmp: remove unused open mode (Edward Liaw)
- selftests/kcmp: Make the test output consistent and clear (Gautam Menghani)
- SUNRPC: Fix gss_free_in_token_pages() (Chuck Lever)
- sunrpc: removed redundant procp check (Aleksandr Aprelkov)
- ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara)
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter)
- RDMA/hns: Use complete parentheses in macros (Chengchang Tang)
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (Marek Vasut)
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt)
- drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36678061] {CVE-2024-36014}
- fbdev: sh7760fb: allow modular build (Randy Dunlap)
- platform/x86: wmi: Make two functions static (YueHaibing)
- media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda)
- media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov)
- fbdev: sisfb: hide unused variables (Arnd Bergmann)
- powerpc/fsl-soc: hide unused const variable (Arnd Bergmann)
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753414] {CVE-2024-38549}
- fbdev: shmobile: fix snprintf truncation (Arnd Bergmann)
- mtd: rawnand: hynix: fixed typo (Maxim Korotkov)
- drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan Shanmugam) [Orabug: 36753424] {CVE-2024-38552}
- ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753710] {CVE-2024-38612}
- ipv6: sr: add missing seg6_local_exit (Hangbin Liu)
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753462] {CVE-2024-38558}
- net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet)
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753599] {CVE-2024-38596}
- net: ethernet: cortina: Locking fixes (Linus Walleij)
- m68k: mac: Fix reboot hang on Mac IIci (Finn Thain)
- m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753714] {CVE-2024-38613}
- net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet)
- usb: aqc111: stop lying about skb->truesize (Eric Dumazet)
- wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter)
- scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753467] {CVE-2024-38559}
- scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753472] {CVE-2024-38560}
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (Chen Ni)
- Revert "sh: Handle calling csum_partial with misaligned data" (Guenter Roeck)
- sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven)
- wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753485] {CVE-2024-38565}
- wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753508] {CVE-2024-38567}
- macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" (Finn Thain)
- tcp: avoid premature drops in tcp_add_backlog() (Eric Dumazet)
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei)
- tcp: minor optimization in tcp_add_backlog() (Eric Dumazet)
- wifi: ath10k: populate board data for WCN3990 (Dmitry Baryshkov)
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui)
- x86/purgatory: Switch to the position-independent small code model (Ard Biesheuvel)
- scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov)
- scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang)
- cpufreq: exit() callback is optional (Viresh Kumar) [Orabug: 36753721] {CVE-2024-38615}
- cpufreq: Rearrange locking in cpufreq_remove_dev() (Rafael J. Wysocki)
- cpufreq: Split cpufreq_offline() (Rafael J. Wysocki)
- cpufreq: Reorganize checks in cpufreq_offline() (Rafael J. Wysocki)
- ACPI: disable -Wstringop-truncation (Arnd Bergmann)
- irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu)
- scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney)
- scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney)
- scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV (Andrew Halaney)
- scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney)
- qed: avoid truncating work queue length (Arnd Bergmann)
- wifi: ath10k: poll service ready message before failing (Baochen Qiang)
- md: fix resync softlockup when bitmap size is less than array size (Yu Kuai) [Orabug: 36753648] {CVE-2024-38598}
- null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun)
- jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753651] {CVE-2024-38599}
- s390/cio: fix tracepoint subchannel type field (Peter Oberparleiter)
- crypto: ccp - drop platform ifdef checks (Arnd Bergmann)
- parisc: add missing export of __cmpxchg_u8() (Al Viro)
- nilfs2: fix out-of-range warning (Arnd Bergmann)
- ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753536] {CVE-2024-38578}
- firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart)
- crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753541] {CVE-2024-38579}
- openpromfs: finish conversion to the new mount API (Eric Sandeen)
- nvme: find numa distance only if controller has valid numa id (Nilay Shroff)
- drm/amdkfd: Flush the process wq before creating a kfd_process (Lancelot SIX)
- ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart)
- ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang)
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang)
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (Joshua Ashton)
- net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas)
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev)
- nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753557] {CVE-2024-38582}
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi)
- net: smc91x: Fix m68k kernel compilation for ColdFire CPU (Thorsten Blum)
- ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753661] {CVE-2024-38601}
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678068] {CVE-2024-36016}
-
Thu Jun 27 2024 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.334.1.el8uek]
- rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529583]
- xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36596998]
- xfs: fix sb write verify for lazysbcount (Long Li) [Orabug: 36596998]
- rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613125]
-
Thu Jun 20 2024 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.333.5.el8uek]
- nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (Ryosuke Yasuoka)
- nfc: nci: Fix uninit-value in nci_rx_work (Ryosuke Yasuoka) [Orabug: 36768758] {CVE-2024-38381}
- nfc: nci: Fix kcov check in nci_rx_work() (Tetsuo Handa)
- ipv6: sr: fix incorrect unregister order (Hangbin Liu)
- vxlan: Fix regression when dropping packets due to invalid src addresses (Daniel Borkmann)
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Herbert Xu) [Orabug: 36830461] {CVE-2024-39493}
- fbdev: savage: Handle err return when savagefb_check_var failed (Cai Xinchen) [Orabug: 36809264] {CVE-2024-39475}
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (Dan Carpenter) [Orabug: 36765636] {CVE-2024-38587}
- md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (Yu Kuai) [Orabug: 36809270] {CVE-2024-39476}
- x86/boot: Ignore relocations in .notes sections in walk_relocs() too (Guixiong Wei)
-
Thu Jun 13 2024 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.333.4.el8uek]
- PCI: pciehp: Add Solidigm NVMe to spurious DLLSC quirk (Alan Adamson) [Orabug: 36622673]
- RDS/IB: Add counter to measure when RDS_IB_RX_LIMIT is reached (Hans Westgaard Ry) [Orabug: 36696279]
- net/mlx5e: Fix a race in command alloc flow (Shifeng Li) [Orabug: 36702071]
- Revert "net/mlx5: Add retry mechanism to the command entry index allocation" (Qing Huang) [Orabug: 36702071]
- kallsyms: shuffle kallmodsyms writeout before symbol sort (Nick Alcock) [Orabug: 36722084]
-
Thu Jun 06 2024 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.333.3.el8uek]
- LTS tag: v5.4.277 (Sherry Yang)
- docs: kernel_include.py: Cope with docutils 0.21 (Akira Yokosawa)
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code (Daniel Thompson)
- usb: typec: ucsi: displayport: Fix potential deadlock (Heikki Krogerus)
- drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() (Srinivasan Shanmugam) [Orabug: 36784409] {CVE-2023-52585}
- arm64: dts: qcom: Fix 'interrupt-map' parent address cells (Rob Herring)
- firmware: arm_scmi: Harden accesses to the reset domains (Cristian Marussi)
- smb: client: fix potential OOBs in smb2_parse_contexts() (Paulo Alcantara) [Orabug: 36654336] {CVE-2023-52434}
- net: bcmgenet: synchronize UMAC_CMD access (Doug Berger)
- net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() (Doug Berger)
- net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access (Doug Berger)
- net: bcmgenet: keep MAC in reset until PHY is up (Doug Berger)
- Revert "net: bcmgenet: use RGMII loopback for MAC reset" (Doug Berger)
- ext4: fix bug_on in __es_tree_search (Baokun Li)
- pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (Sergey Shtylyov)
- LTS tag: v5.4.276 (Sherry Yang)
- pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback (Chen-Yu Tsai)
- pinctrl: mediatek: remove set but not used variable 'e' (YueHaibing)
- pinctrl: mediatek: Fix some off by one bugs (Dan Carpenter)
- pinctrl: mediatek: Fix fallback behavior for bias_set_combo (Hsin-Yi Wang)
- regulator: core: fix debugfs creation regression (Johan Hovold)
- net: fix out-of-bounds access in ops_init (Thadeu Lima de Souza Cascardo) [Orabug: 36683113] {CVE-2024-36883}
- drm/vmwgfx: Fix invalid reads in fence signaled events (Zack Rusin) [Orabug: 36691528] {CVE-2024-36960}
- dyndbg: fix old BUG_ON in >control parser (Jim Cromie) [Orabug: 36643338] {CVE-2024-35947}
- tipc: fix UAF in error path (Paolo Abeni) [Orabug: 36683231] {CVE-2024-36886}
- usb: gadget: f_fs: Fix a race condition when processing setup packets. (Chris Wulff)
- usb: gadget: composite: fix OS descriptors w_value logic (Peter Korsgaard)
- firewire: nosy: ensure user_length is taken into account when fetching packet contents (Thanassis Avgerinos) [Orabug: 36630450] {CVE-2024-27401}
- net: qede: use return from qede_parse_flow_attr() for flower (Asbjørn Sloth Tønnesen)
- net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (Asbjørn Sloth Tønnesen)
- ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (Eric Dumazet) [Orabug: 36683279] {CVE-2024-36902}
- net: bridge: fix corrupted ethernet header on multicast-to-unicast (Felix Fietkau)
- phonet: fix rtm_phonet_notify() skb allocation (Eric Dumazet) [Orabug: 36683485] {CVE-2024-36946}
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (Roded Zats) [Orabug: 36679451] {CVE-2024-36017}
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (Duoming Zhou) [Orabug: 36630443] {CVE-2024-27399}
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (Duoming Zhou) [Orabug: 36630438] {CVE-2024-27398}
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Kuniyuki Iwashima) [Orabug: 36683292] {CVE-2024-36904}
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (Eric Dumazet) [Orabug: 36683296] {CVE-2024-36905}
- xfrm: Preserve vlan tags for transport mode software GRO (Paul Davey)
- pinctrl: mediatek: Fix fallback call path (Hsin-Yi Wang)
- net:usb:qmi_wwan: support Rolling modules (Vanillan Wang)
- fs/9p: drop inodes immediately on non-.L too (Joakim Sindholt)
- clk: Don't hold prepare_lock when calling kref_put() (Stephen Boyd)
- gpio: crystalcove: Use -ENOTSUPP consistently (Andy Shevchenko)
- gpio: wcove: Use -ENOTSUPP consistently (Andy Shevchenko)
- 9p: explicitly deny setlease attempts (Jeff Layton)
- fs/9p: translate O_TRUNC into OTRUNC (Joakim Sindholt)
- fs/9p: only translate RWX permissions for plain 9P2000 (Joakim Sindholt) [Orabug: 36691538] {CVE-2024-36964}
- selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior (John Stultz)
- MIPS: scall: Save thread_info.syscall unconditionally on entry (Jiaxun Yang)
- gpu: host1x: Do not setup DMA for virtual devices (Thierry Reding)
- scsi: target: Fix SELinux error when systemd-modules loads the target module (Maurizio Lombardi)
- btrfs: always clear PERTRANS metadata during commit (Boris Burkov)
- btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (Boris Burkov)
- tools/power turbostat: Fix Bzy_MHz documentation typo (Peng Liu)
- tools/power turbostat: Fix added raw MSR output (Doug Smythies)
- firewire: ohci: mask bus reset interrupts between ISR and bottom half (Adam Goldman) [Orabug: 36683505] {CVE-2024-36950}
- ata: sata_gemini: Check clk_enable() result (Chen Ni)
- net: bcmgenet: Reset RBUF on first open (Phil Elwell)
- ALSA: line6: Zero-initialize message buffers (Takashi Iwai)
- scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (Saurav Kashyap) [Orabug: 36683368] {CVE-2024-36919}
- net: mark racy access on sk->sk_rcvbuf (linke li)
- wifi: cfg80211: fix rdev_dump_mpp() arguments order (Igor Artemiev)
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (Jeff Johnson)
- gfs2: Fix invalid metadata access in punch_hole (Andrew Price)
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (Justin Tee)
- clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (Jernej Skrabec) [Orabug: 36784417] {CVE-2023-52882}
- tipc: fix a possible memleak in tipc_buf_append (Xin Long) [Orabug: 36683526] {CVE-2024-36954}
- net: bridge: fix multicast-to-unicast with fraglist GSO (Felix Fietkau)
- net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 (Marek Behún)
- net: dsa: mv88e6xxx: Add number of MACs in the ATU (Andrew Lunn)
- net: qede: use return from qede_parse_flow_attr() for flow_spec (Asbjørn Sloth Tønnesen)
- net l2tp: drop flow hash on forward (David Bauer)
- nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). (Kuniyuki Iwashima) [Orabug: 36683426] {CVE-2024-36933}
- bna: ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36683431] {CVE-2024-36934}
- s390/mm: Fix clearing storage keys for huge pages (Claudio Imbrenda)
- s390/mm: Fix storage key clearing for guest huge pages (Claudio Imbrenda)
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (Zeng Heng) [Orabug: 36683544] {CVE-2024-36959}
- power: rt9455: hide unused rt9455_boost_voltage_values (Arnd Bergmann)
- nfs: Handle error of rpc_proc_register() in nfs_net_init(). (Kuniyuki Iwashima) [Orabug: 36683443] {CVE-2024-36939}
- nfs: make the rpc_stat per net namespace (Josef Bacik)
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (Josef Bacik)
- sunrpc: add a struct rpc_stats arg to rpc_create_args (Josef Bacik)
- pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE (Chen-Yu Tsai)
- pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic (Chen-Yu Tsai)
- pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (Chen-Yu Tsai)
- pinctrl: mediatek: remove shadow variable declaration (Light Hsieh)
- pinctrl: mediatek: Backward compatible to previous Mediatek's bias-pull usage (Light Hsieh)
- pinctrl: mediatek: Refine mtk_pinconf_get() (Light Hsieh)
- pinctrl: mediatek: Refine mtk_pinconf_get() and mtk_pinconf_set() (Light Hsieh)
- pinctrl: mediatek: Supporting driving setting without mapping current to register value (Light Hsieh)
- pinctrl: mediatek: Check gpio pin number and use binary search in mtk_hw_pin_field_lookup() (Light Hsieh)
- pinctrl: core: delete incorrect free in pinctrl_enable() (Dan Carpenter) [Orabug: 36683460] {CVE-2024-36940}
- wifi: nl80211: don't free NULL coalescing rule (Johannes Berg) [Orabug: 36683464] {CVE-2024-36941}
- dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" (Vinod Koul)
- dmaengine: pl330: issue_pending waits until WFP state (Bumyong Lee)
- LTS tag: v5.4.275 (Sherry Yang)
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (Randy Dunlap)
- udp: preserve the connected status if only UDP cmsg (Yick Xie)
- dm: limit the number of targets and parameter size area (Mikulas Patocka) [Orabug: 36298555] {CVE-2023-52429} {CVE-2024-23851}
- HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up (Nam Cao) [Orabug: 36643496] {CVE-2024-35997}
- i2c: smbus: fix NULL function pointer dereference (Wolfram Sang) [Orabug: 36643468] {CVE-2024-35984}
- idma64: Don't try to serve interrupts when device is powered off (Andy Shevchenko)
- dmaengine: owl: fix register access functions (Arnd Bergmann)
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (Eric Dumazet)
- tcp: Clean up kernel listener's reqsk in inet_twsk_purge() (Kuniyuki Iwashima)
- mtd: diskonchip: work around ubsan link failure (Arnd Bergmann)
- stackdepot: respect __GFP_NOLOCKDEP allocation flag (Andrey Ryabinin)
- net: b44: set pause params only when interface is up (Peter Münster)
- ethernet: Add helper for assigning packet type when dest address does not match device address (Rahul Rameshbabu)
- irqchip/gic-v3-its: Prevent double free on error (Guanrui Huang) [Orabug: 36642469] {CVE-2024-35847}
- drm/amdgpu: Fix leak when GPU memory allocation fails (Mukul Joshi)
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma (Iskander Amara)
- btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (Johannes Thumshirn) [Orabug: 36642481] {CVE-2024-35849}
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (WangYuli)
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (Nathan Chancellor)
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (Robin H. Johnson)
- tracing: Show size of requested perf buffer (Robin H. Johnson)
- drm/amdgpu: validate the parameters of bo mapping operations more clearly (xinhui pan) [Orabug: 36545065] {CVE-2024-26922}
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (Chia-I Wu)
- drm/amdgpu: restrict bo mapping within gpu address limits (Rajneesh Bhardwaj)
- serial: mxs-auart: add spinlock around changing cts state (Emil Kronborg) [Orabug: 36597968] {CVE-2024-27000}
- serial: core: Provide port lock wrappers (Thomas Gleixner)
- af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). (Kuniyuki Iwashima)
- iavf: Fix TC config comparison with existing adapter TC config (Sudheer Mogilappagari)
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (Sindhu Devale) [Orabug: 36643517] {CVE-2024-36004}
- mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work (Ido Schimmel) [Orabug: 36642494] {CVE-2024-35852}
- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (Ido Schimmel) [Orabug: 36643524] {CVE-2024-36006}
- mlxsw: spectrum_acl_tcam: Fix warning during rehash (Ido Schimmel) [Orabug: 36643527] {CVE-2024-36007}
- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (Ido Schimmel) [Orabug: 36642497] {CVE-2024-35853}
- mlxsw: spectrum_acl_tcam: Rate limit error message (Ido Schimmel)
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash (Ido Schimmel) [Orabug: 36642500] {CVE-2024-35854}
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update (Ido Schimmel) [Orabug: 36642505] {CVE-2024-35855}
- mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work (Ido Schimmel)
- net: openvswitch: Fix Use-After-Free in ovs_ct_exit (Hyunwoo Kim) [Orabug: 36630423] {CVE-2024-27395}
- ipvs: Fix checksumming on GSO of SCTP packets (Ismael Luceno)
- net: gtp: Fix Use-After-Free in gtp_dellink (Hyunwoo Kim) [Orabug: 36630427] {CVE-2024-27396}
- net: usb: ax88179_178a: stop lying about skb->truesize (Eric Dumazet)
- NFC: trf7970a: disable all regulators on removal (Paul Geurts)
- mlxsw: core: Unregister EMAD trap using FORWARD action (Ido Schimmel)
- vxlan: drop packets from invalid src-address (David Bauer)
- ARC: [plat-hsdk]: Remove misplaced interrupt-cells property (Alexey Brodkin)
- arm64: dts: mediatek: mt2712: fix validation errors (Rafał Miłecki)
- arm64: dts: mt2712: add ethernet device node (Biao Huang)
- arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block (Rafał Miłecki)
- arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" (Rafał Miłecki)
- arm64: dts: mediatek: mt7622: fix IR nodename (Rafał Miłecki)
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma (Quentin Schulz)
- arm64: dts: rockchip: fix alphabetical ordering RK3399 puma (Iskander Amara)
- KVM: async_pf: Cleanup kvm_setup_async_pf() (Vitaly Kuznetsov)
- nilfs2: fix OOB in nilfs_set_de_type (Jeongjun Park) [Orabug: 36597904] {CVE-2024-26981}
- nouveau: fix instmem race condition around ptr stores (Dave Airlie) [Orabug: 36597921] {CVE-2024-26984}
- fs: sysfs: Fix reference leak in sysfs_break_active_protection() (Alan Stern) [Orabug: 36597942] {CVE-2024-26993}
- speakup: Avoid crash on very long word (Samuel Thibault) [Orabug: 36597947] {CVE-2024-26994}
- usb: Disable USB3 LPM at shutdown (Kai-Heng Feng)
- USB: serial: option: add Telit FN920C04 rmnet compositions (Daniele Palmas)
- USB: serial: option: add Rolling RW101-GL and RW135-GL support (Vanillan Wang)
- USB: serial: option: support Quectel EM060K sub-models (Jerry Meng)
- USB: serial: option: add Lonsung U8300/U9300 product (Coia Prant)
- USB: serial: option: add support for Fibocom FM650/FG650 (Chuanhong Guo)
- USB: serial: option: add Fibocom FM135-GL variants (bolan wang)
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood (Finn Thain) [Orabug: 36597963] {CVE-2024-26999}
- comedi: vmk80xx: fix incomplete endpoint checking (Nikita Zhandarovich) [Orabug: 36597976] {CVE-2024-27001}
- binder: check offset alignment in binder_get_object() (Carlos Llamas) [Orabug: 36579651] {CVE-2024-26926}
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (Eric Biggers)
- clk: Get runtime PM before walking tree during disable_unused (Stephen Boyd) [Orabug: 36597987] {CVE-2024-27004}
- clk: Initialize struct clk_core kref earlier (Stephen Boyd)
- clk: Print an info line before disabling unused clocks (Konrad Dybcio)
- clk: remove extra empty line (Claudiu Beznea)
- clk: Mark 'all_lists' as const (Stephen Boyd)
- clk: Remove prepare_lock hold assertion in __clk_release() (Stephen Boyd)
- drm: nv04: Fix out of bounds access (Mikhail Kobuk) [Orabug: 36597995] {CVE-2024-27008}
- RDMA/rxe: Fix the problem "mutex_destroy missing" (Yanjun.Zhu)
- tun: limit printing rate when illegal packet received by tun dev (Lei Chen) [Orabug: 36598014] {CVE-2024-27013}
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Ziyang Xuan) [Orabug: 36598045] {CVE-2024-27020}
- kprobes: Fix possible use-after-free issue on kprobe registration (Zheng Yejian) [Orabug: 36643370] {CVE-2024-35955}
- selftests/ftrace: Limit length in subsystem-enable tests (Yuanhe Shu)
- btrfs: record delayed inode root in transaction (Boris Burkov)
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (Adam Dunlap)
- selftests: timers: Fix abs() warning in posix_timers test (John Stultz)
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (Gavin Shan)
- drm/client: Fully protect modes[] with dev->mode_config.mutex (Ville Syrjälä) [Orabug: 36643358] {CVE-2024-35950}
- btrfs: qgroup: correctly model root qgroup rsv in convert (Boris Burkov)
- net: ena: Fix potential sign extension issue (David Arinzon)
- af_unix: Fix garbage collector racing against connect() (Michal Luczaj) [Orabug: 36579511] {CVE-2024-26923}
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight. (Kuniyuki Iwashima)
- net/mlx5: Properly link new fs rules into the tree (Cosmin Ratiu) [Orabug: 36643403] {CVE-2024-35960}
- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) [Orabug: 36643432] {CVE-2024-35969}
- ipv4/route: avoid unused-but-set-variable warning (Arnd Bergmann)
- ipv6: fib: hide unused 'pn' variable (Arnd Bergmann)
- geneve: fix header validation in geneve[6]_xmit_skb (Eric Dumazet) [Orabug: 36643443] {CVE-2024-35973}
- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (Petr Tesarik)
- net: openvswitch: fix unwanted error log on timeout policy probing (Ilya Maximets)
- nouveau: fix function cast warning (Arnd Bergmann)
- Bluetooth: Fix memory leak in hci_req_sync_complete() (Dmitry Antipov) [Orabug: 36643454] {CVE-2024-35978}
- batman-adv: Avoid infinite loop trying to resize local TT (Sven Eckelmann) [Orabug: 36643462] {CVE-2024-35982}
-
Thu Jun 06 2024 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.333.2.el8uek]
- slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655469]
- slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655469]
-
Thu May 30 2024 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.333.1.el8uek]
- net/rds: Get RDS statistics for each possible CPU (Anand Khoje) [Orabug: 35830449]
- net/rds: mod reconnect delay on sendmsg() (Sharath Srinivasan) [Orabug: 36307093]
- net/rds: Extend exponential backoff for rds reconnects (Sharath Srinivasan) [Orabug: 36307093]
- RDMA/cm: Use RCU synchronization mechanism to protect cm_id_private xa_load() (Danit Goldberg) [Orabug: 36375215]
- uek-rpm: Enable FUNCTION_GRAPH_RETVAL in UEK6 (Jianfeng Wang) [Orabug: 36460675]
- fgraph: Add declaration of "struct fgraph_ret_regs" (Steven Rostedt (Google)) [Orabug: 36460675]
- x86/ftrace: Enable HAVE_FUNCTION_GRAPH_RETVAL (Donglin Peng) [Orabug: 36460675]
- arm64: ftrace: Enable HAVE_FUNCTION_GRAPH_RETVAL (Donglin Peng) [Orabug: 36460675]
- tracing: Add documentation for funcgraph-retval and funcgraph-retval-hex (Donglin Peng) [Orabug: 36460675]
- function_graph: Support recording and printing the return value of function (Donglin Peng) [Orabug: 36460675]
- fgraph: Make overruns 4 bytes in graph stack structure (Steven Rostedt (VMware)) [Orabug: 36460675]
- block: fix io util% for exadata disk with 1 hw queue (Gulam Mohamed) [Orabug: 36511453]
- Revert "Use inflight IO in io acct of high latency devices" (Gulam Mohamed) [Orabug: 36511453]
- kprobe/ftrace: bail out if ftrace was killed (Stephen Brennan) [Orabug: 36572635]
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (Dongli Zhang) [Orabug: 36592398]
- x86/returnthunk: Allow different return thunks (Peter Zijlstra) [Orabug: 36628382]
- tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. (Kuniyuki Iwashima) [Orabug: 36637454]
- tcp: disable TFO blackhole logic by default (Wei Wang) [Orabug: 36637454]