-
Fri Oct 24 2025 Vijayendra Suman <vijayendra.suman@oracle.com> [5.15.0-313.189.5.2.el9uek]
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38575798] {CVE-2025-38724}
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38575792]
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38575792] {CVE-2025-39964}
-
Fri Oct 10 2025 Vijayendra Suman <vijayendra.suman@oracle.com> [5.15.0-313.189.5.1.el9uek]
- af_unix: Don't leave consecutive consumed OOB skbs. (Kuniyuki Iwashima) [Orabug: 38528187] {CVE-2025-38236}
- fs: writeback: fix use-after-free in __mark_inode_dirty() (Jiufei Xue) [Orabug: 38528183] {CVE-2025-39866}
- rtnetlink: Fix L3 stats disable handling in rtnl_offload_xstats_fill() (Vijayendra Suman) [Orabug: 38528177]
-
Fri Sep 19 2025 Vijayendra Suman <vijayendra.suman@oracle.com> [5.15.0-313.189.5.el9uek]
- net/rds: tracepoints for rds_conn_kref_get and put (Sharath Srinivasan) [Orabug: 37793025]
- net/rds: Add krefs to struct rds_connection (Sharath Srinivasan) [Orabug: 37793025]
- nvme-tcp: sanitize request list handling (Hannes Reinecke) [Orabug: 38175126,38454661] {CVE-2025-38264}
- llist: add interface to check if a node is on a list. (Neil Brown) [Orabug: 38175126] {CVE-2025-38264}
-
Wed Sep 17 2025 Vijayendra Suman <vijayendra.suman@oracle.com> [5.15.0-313.189.4.el9uek]
- uek-rpm: Move ifb module to modules-core (Harshit Mogalapalli) [Orabug: 38224682]
-
Fri Sep 12 2025 Vijayendra Suman <vijayendra.suman@oracle.com> [5.15.0-313.189.3.el9uek]
- x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38424092]
- x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38424092]
- x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38424092]
- x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38424092]
- x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (Josh Poimboeuf) [Orabug: 38424092]
- x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38424092]
- x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38424092]
- Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38424092]
- vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38351770,38454665] {CVE-2025-38618}
- HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254347,38454662] {CVE-2025-38495}
- HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254339,38454666] {CVE-2025-38494}
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38310006,38454664] {CVE-2025-38499}
- igc: fix disabling L1.2 PCI-E link substate on I226 on init (Valdikss) [Orabug: 38343660]
- Input: xpad - set correct controller type for Acer NGR200 (Nilton Perim Neto)
- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (Kuninori Morimoto)
- squashfs: fix memory leak in squashfs_fill_super (Phillip Lougher) [Orabug: 38343660]
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (Arnd Bergmann)
- compiler: remove __ADDRESSABLE_ASM{_STR,}() again (Jan Beulich)
- mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (Tu Jinjiang)
- KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix (Will Deacon)
- benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334975] {CVE-2025-38569}
- smb: client: fix use-after-free in crypt_message when using async crypto (Wang Zhaolong)
- kbuild: userprogs: use correct linker when mixing clang and GNU ld (Thomas Weißschuh)
- ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS (Nathan Chancellor)
- NFSv4.2: another fix for listxattr (Olga Kornievskaia)
- cpuidle: governors: menu: Avoid using invalid recent intervals data (Rafael J. Wysocki)
- netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38395124] {CVE-2025-38727}
- Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (Helge Deller) [Orabug: 38343660]
- bpf, sockmap: Fix panic when calling skb_linearize (Jiayuan Chen) [Orabug: 38394723] {CVE-2025-38165}
- netfilter: nf_tables: adjust lockdep assertions handling (Fedor Pchelkin)
- arm64: errata: Work around AmpereOne's erratum AC04_CPU_23 (D Scott Phillips) [Orabug: 38166347]
- ARM: UEK: Disable arm64 erratum QCOM_FALKOR_ERRATUM_1003 (Boris Ostrovsky) [Orabug: 38166347]
- vhost-scsi: Fix check for inline_sg_cnt exceeding preallocated limit (Alok Tiwari) [Orabug: 38324335]
- mm/hugetlb: fix copy_hugetlb_page_range() to check ->pt_share_count (Jane Chu) [Orabug: 38346475]
- Reapply "mm: hugetlb: independent PMD page table shared count" (Jane Chu) [Orabug: 38346475]
- uek-rpm: pensando: enable config options for fips (Joseph Dobosenski) [Orabug: 38354692]
-
Wed Sep 03 2025 Vijayendra Suman <vijayendra.suman@oracle.com> [5.15.0-313.189.2.el9uek]
- LTS version: v5.15.189 (Vijayendra Suman)
- rseq: Fix segfault on registration when rseq_cs is non-zero (Michael Jeanson) [Orabug: 38095071] {CVE-2025-38067}
- x86/mm: Disable hugetlb page table sharing on 32-bit (Jann Horn)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (Hans de Goede)
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324278] {CVE-2025-38540}
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (Zhang Heng)
- vt: add missing notification when switching back to text mode (Nicolas Pitre)
- HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (Akira Inoue)
- net: usb: qmi_wwan: add SIMCom 8230C composition (Xiaowei Li)
- um: vector: Reduce stack usage in vector_eth_configure() (Tiwei Bie)
- atm: idt77252: Add missing `dma_map_error()` (Thomas Fourier)
- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254089] {CVE-2025-38439}
- bnxt_en: Fix DCB ETS validation (Shravya Kn)
- net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() (Alok Tiwari)
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (Sean Nyekjaer)
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (Oleksij Rempel)
- net: appletalk: Fix device refcount leak in atrtr_create() (Kito Xu)
- netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (Eric Dumazet) [Orabug: 38254095] {CVE-2025-38441}
- ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() (Al Viro)
- smb: server: make use of rdma_destroy_qp() (Stefan Metzmacher)
- nbd: fix uaf in nbd_genl_connect() error path (Zheng Qixing) [Orabug: 38254101] {CVE-2025-38443}
- raid10: cleanup memleak at raid10_make_request (Nigel Croxon) [Orabug: 38254105] {CVE-2025-38444}
- md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254108] {CVE-2025-38445}
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug: 38324160] {CVE-2025-38513}
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (Christian König)
- dma-buf: use new iterator in dma_resv_wait_timeout (Christian König)
- dma-buf: add dma_resv_for_each_fence_unlocked v8 (Christian König)
- usb: dwc3: Abort suspend on soft disconnect failure (Kuen-Han Tsai)
- usb: cdnsp: Fix issue with CV Bad Descriptor test (Pawel Laszczak)
- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (Lee Jones)
- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (Pawel Laszczak)
- Input: xpad - support Acer NGR 200 Controller (Nilton Perim Neto)
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (Hongyu Xie)
- usb: xhci: quirk for data loss in ISOC transfers (Raju Rangoju)
- xhci: Allow RPM on the USB controller (1022:43f7) by default (Basavaraj Natikar)
- virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug: 38253833] {CVE-2025-38375}
- netlink: make sure we allow at least one dump skb (Jakub Kicinski)
- netlink: Fix rmem check in netlink_broadcast_deliver(). (Kuniyuki Iwashima)
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (Filipe Manana)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (Filipe Manana)
- Revert "ACPI: battery: negate current when discharging" (Rafael J. Wysocki)
- usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254117] {CVE-2025-38448}
- drm/gem: Fix race in drm_gem_handle_create_tail() (Simona Vetter)
- drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324179] {CVE-2025-38515}
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324185] {CVE-2025-38516}
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (Jp Kobryn)
- x86/mce: Don't remove sysfs if thresholding sysfs init fails (Yazen Ghannam)
- x86/mce/amd: Fix threshold limit reset (Yazen Ghannam)
- xen: replace xen_remap() with memremap() (Juergen Gross)
- jfs: fix null ptr deref in dtInsertEntry (Edward Adam Davis)
- bpf, sockmap: Fix skb refcnt race after locking changes (John Fastabend)
- aoe: avoid potential deadlock at set_capacity (Maksim Kiselev) [Orabug: 36530894] {CVE-2024-26775}
- thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (Lee, Chun-Yi) [Orabug: 37283277] {CVE-2022-48703}
- bpf: fix precision backtracking instruction iteration (Andrii Nakryiko)
- rxrpc: Fix oops due to non-existence of prealloc backlog struct (David Howells)
- net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254146] {CVE-2025-38457}
- atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254152] {CVE-2025-38458}
- atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254160] {CVE-2025-38459}
- atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324308] {CVE-2025-38546}
- atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254166] {CVE-2025-38460}
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (Oleksij Rempel)
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (Oleksij Rempel)
- vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (Michal Luczaj)
- vsock: Fix transport_* TOCTOU (Michal Luczaj) [Orabug: 38254172] {CVE-2025-38461}
- vsock: Fix transport_{g2h,h2g} TOCTOU (Michal Luczaj) [Orabug: 38254175] {CVE-2025-38462}
- tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254180] {CVE-2025-38464}
- netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254187] {CVE-2025-38465}
- fix proc_sys_compare() handling of in-lookup dentries (Al Viro)
- perf: Revert to requiring CAP_SYS_ADMIN for uprobes (Peter Zijlstra) [Orabug: 38254196] {CVE-2025-38466}
- ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (Shengjiu Wang)
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug: 38254202] {CVE-2025-38467}
-
Wed Aug 27 2025 Vijayendra Suman <vijayendra.suman@oracle.com> [5.15.0-313.187.1.el9uek]
- drm/amdgpu: Remove ATC L2 access for MMHUB 2.1.x (Lijo Lazar) [Orabug: 37778293]
- PCI/portdrv: Don't disable AER reporting in get_port_device_capability() (Stefan Roese) [Orabug: 37778293]
- PCI/AER: Enable error reporting when AER is native (Stefan Roese) [Orabug: 37778293]
- PCI/AER: Configure ECRC for every device (Stefan Roese) [Orabug: 37778293]
- net/rds: Add support for RDS_CMSG_TOS (Gerd Rausch) [Orabug: 38058308]
- net/rds: Add support RDS_FEATURE ELF notes (Gerd Rausch) [Orabug: 38063328]
-
Mon Aug 25 2025 Vijayendra Suman <vijayendra.suman@oracle.com> [5.15.0-312.187.5.el9uek]
- Revert "mm: hugetlb: independent PMD page table shared count" (Harshit Mogalapalli) [Orabug: 38327655]
-
Thu Aug 21 2025 Vijayendra Suman <vijayendra.suman@oracle.com> [5.15.0-312.187.4.el9uek]
- rds: Fix NULL ptr deref in xas_start (Håkon Bugge) [Orabug: 38166374]
- KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38319943,38440301] {CVE-2025-39823}
- hugetlb: arm64: add mte support (Dave Kleikamp) [Orabug: 38177800]
-
Wed Aug 13 2025 Vijayendra Suman <vijayendra.suman@oracle.com> [5.15.0-312.187.3.el9uek]
- TIOCSTI: Document CAP_SYS_ADMIN behaviour in Kconfig (Günther Noack) [Orabug: 38255504]
- TIOCSTI: always enable for CAP_SYS_ADMIN (Samuel Thibault) [Orabug: 38255504]
- tty: Fix typo in LEGACY_TIOCSTI Kconfig description (Hanno Böck) [Orabug: 38255504]
- tty: Move TIOCSTI toggle variable before kerndoc (Kees Cook) [Orabug: 38255504]
- tty: Allow TIOCSTI to be disabled (Kees Cook) [Orabug: 38255504]
- tty: Move sysctl setup into "core" tty logic (Kees Cook) [Orabug: 38255504]
- tty: reformat kernel-doc in tty_io.c (Jiri Slaby) [Orabug: 38255504]
- tty: reformat kernel-doc in tty_ldisc.c (Jiri Slaby) [Orabug: 38255504]
- net/mlx5: E-Switch, Fix switching to switchdev mode in MPV (Patrisious Haddad) [Orabug: 38236297]
- net/mlx5: E-Switch, Fix switching to switchdev mode with IB device disabled (Patrisious Haddad) [Orabug: 38236297]
- net/mlx5: E-switch, refactor eswitch mode change (Patrisious Haddad) [Orabug: 38236297]
- IB/mlx5: Support querying eswitch functions from DEVX (Bodong Wang) [Orabug: 38236297]
- RDMA/mlx5: Fix HW counters query for non-representor devices (Patrisious Haddad) [Orabug: 38161800]
- RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad) [Orabug: 38161800]
- Revert "RDMA/mlx5: Fix CC counters query for MPV" (Qing Huang) [Orabug: 38161800]
- RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad) [Orabug: 38118599]