-
Wed Oct 30 2024 Darren Archibald <darren.archibald@oracle.com> [5.14.0-427.42.1.0.1.el9_4.OL9]
- Revert "crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode" [Orabug: 36638086]
- Update module name for cryptographic module [Orabug: 36324521]
-
Wed Oct 30 2024 Darren Archibald <darren.archibald@oracle.com> [5.14.0-427.42.1.el9_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
-
Fri Oct 18 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.42.1.el9_4]
- redhat/configs: Add CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Fix BHI retpoline check (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Clarify that syscall hardening isn't a BHI mitigation (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- KVM: x86: Add BHI_NO (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bhi: Mitigate KVM by default (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- perf/x86/amd/lbr: Use freeze based on availability (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- Documentation/kernel-parameters: Add spec_rstack_overflow to mitigations=off (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- KVM: x86: Use a switch statement and macros in __feature_translate() (Maxim Levitsky) [RHEL-45492 RHEL-32430]
- KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Maxim Levitsky) [RHEL-45492 RHEL-32430]
- x86/entry/32: Convert do_fast_syscall_32() to bool return type (Prarit Bhargava) [RHEL-45492 RHEL-25415]
- x86/entry: Add do_SYSENTER_32() prototype (Prarit Bhargava) [RHEL-45492 RHEL-25415]
- x86/bugs: Reset speculation control settings on init (Prarit Bhargava) [RHEL-45492 RHEL-25415]
- mpls: Reduce skb re-allocations due to skb_cow() (Guillaume Nault) [RHEL-61696 RHEL-55145]
- scsi: core: Fix unremoved procfs host directory regression (Ewan D. Milne) [RHEL-39539 RHEL-39601 RHEL-33543 RHEL-35000] {CVE-2024-26935}
- tty: Fix out-of-bound vmalloc access in imageblit (Andrew Halaney) [RHEL-42095 RHEL-24205] {CVE-2021-47383}
- block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-54769 RHEL-54768] {CVE-2024-43854}
- block: cleanup bio_integrity_prep (Ming Lei) [RHEL-54769 RHEL-25988]
- block: refactor to use helper (Ming Lei) [RHEL-54769 RHEL-25988]
- ceph: fix cap ref leak via netfs init_request (Patrick Donnelly) [RHEL-62666 RHEL-61459]
- redhat/configs: Enable CONFIG_OCTEON_EP_VF (CKI Backport Bot) [RHEL-61744 RHEL-25860]
- octeon_ep_vf: add ethtool support (CKI Backport Bot) [RHEL-61744 RHEL-25860]
- octeon_ep_vf: add Tx/Rx processing and interrupt support (CKI Backport Bot) [RHEL-61744 RHEL-25860]
- octeon_ep_vf: add support for ndo ops (CKI Backport Bot) [RHEL-61744 RHEL-25860]
- octeon_ep_vf: add Tx/Rx ring resource setup and cleanup (CKI Backport Bot) [RHEL-61744 RHEL-25860]
- octeon_ep_vf: add VF-PF mailbox communication. (CKI Backport Bot) [RHEL-61744 RHEL-25860]
- octeon_ep_vf: add hardware configuration APIs (CKI Backport Bot) [RHEL-61744 RHEL-25860]
- octeon_ep_vf: Add driver framework and device initialization (CKI Backport Bot) [RHEL-61744 RHEL-25860]
- octeon_ep: support firmware notifications for VFs (CKI Backport Bot) [RHEL-61744 RHEL-25860]
- octeon_ep: control net framework to support VF offloads (CKI Backport Bot) [RHEL-61744 RHEL-25860]
- octeon_ep: PF-VF mailbox version support (CKI Backport Bot) [RHEL-61744 RHEL-25860]
- octeon_ep: add PF-VF mailbox communication (CKI Backport Bot) [RHEL-61744 RHEL-25860]
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Chris von Recklinghausen) [RHEL-62209 RHEL-26268]
- netfilter: nfnetlink_queue: un-break NF_REPEAT (Phil Sutter) [RHEL-62299]
-
Fri Oct 11 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.41.1.el9_4]
- iommu/amd: Fix panic accessing amd_iommu_enable_faulting (Jerry Snitselaar) [RHEL-55507 RHEL-37320 RHEL-40344]
- iommu/vt-d: Allocate DMAR fault interrupts locally (Jerry Snitselaar) [RHEL-55507 RHEL-28780]
- netfilter: nft_inner: validate mandatory meta and payload (Phil Sutter) [RHEL-47488 RHEL-47486] {CVE-2024-39504}
- netfilter: flowtable: initialise extack before use (CKI Backport Bot) [RHEL-58546 RHEL-58544] {CVE-2024-45018}
- ext4: do not create EA inode under buffer lock (Carlos Maiolino) [RHEL-48285 RHEL-48282] {CVE-2024-40972}
- ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (Carlos Maiolino) [RHEL-48285 RHEL-48282] {CVE-2024-40972}
- ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (Carlos Maiolino) [RHEL-48519 RHEL-48517] {CVE-2024-40998}
- ext4: turn quotas off if mount failed after enabling quotas (Carlos Maiolino) [RHEL-48519 RHEL-48517] {CVE-2024-40998}
- mptcp: fix data re-injection from stale subflow (Davide Caratti) [RHEL-59920 RHEL-32669] {CVE-2024-26826}
- xfs: add bounds checking to xlog_recover_process_data (CKI Backport Bot) [RHEL-50864 RHEL-50862] {CVE-2024-41014}
- af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). (Davide Caratti) [RHEL-42771 RHEL-33410]
- af_unix: Fix garbage collector racing against connect() (Davide Caratti) [RHEL-42771 RHEL-33410] {CVE-2024-26923}
- af_unix: fix lockdep positive in sk_diag_dump_icons() (Davide Caratti) [RHEL-42771 RHEL-33410]
- xfs: don't walk off the end of a directory data block (CKI Backport Bot) [RHEL-50887 RHEL-50885] {CVE-2024-41013}
- ipv6: prevent possible NULL dereference in rt6_probe() (Hangbin Liu) [RHEL-48161 RHEL-45826] {CVE-2024-40960}
- mac802154: fix llsec key resources release in mac802154_llsec_key_del (Steve Best) [RHEL-42795 RHEL-34969] {CVE-2024-26961}
- mptcp: ensure snd_una is properly initialized on connect (Florian Westphal) [RHEL-47945 RHEL-47943] {CVE-2024-40931}
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CKI Backport Bot) [RHEL-47560 RHEL-47558] {CVE-2024-40904}
- nvme-multipath: fix io accounting on failover (John Meneghini) [RHEL-59646 RHEL-56635]
- nvme: fix multipath batched completion accounting (John Meneghini) [RHEL-59646 RHEL-56635]
- xfs: fix log recovery buffer allocation for the legacy h_size fixup (Bill O'Donnell) [RHEL-46481 RHEL-46479] {CVE-2024-39472}
- tcp: add sanity checks to rx zerocopy (Paolo Abeni) [RHEL-58403 RHEL-29496] {CVE-2024-26640}
- netpoll: Fix race condition in netpoll_owner_active (CKI Backport Bot) [RHEL-49373 RHEL-49371] {CVE-2024-41005}
- wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CKI Backport Bot) [RHEL-48321 RHEL-48319] {CVE-2024-40977}
- smb: client: fix hang in wait_for_response() for negproto (Jay Shin) [RHEL-61606 RHEL-57983]
- NFSv4.1/pnfs: fix NFS with TLS in pnfs (Benjamin Coddington) [RHEL-61467 RHEL-34576]
- ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [RHEL-61415 RHEL-60255]
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (Davide Caratti) [RHEL-48483 RHEL-44375] {CVE-2024-40995}
- net/sched: taprio: extend minimum interval restriction to entire cycle too (Davide Caratti) [RHEL-44377 RHEL-44375] {CVE-2024-36244}
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (Davide Caratti) [RHEL-44377 RHEL-44375] {CVE-2024-36244}
-
Fri Oct 04 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.40.1.el9_4]
- gfs2: Fix NULL pointer dereference in gfs2_log_flush (CKI Backport Bot) [RHEL-51561 RHEL-51559] {CVE-2024-42079}
- net: stmmac: Separate C22 and C45 transactions for xgmac (CKI Backport Bot) [RHEL-60274 RHEL-6297]
- dmaengine: idxd: Check for driver name match before sva user feature (Jerry Snitselaar) [RHEL-47239 RHEL-44836 RHEL-46619]
- ceph: switch to corrected encoding of max_xattr_size in mdsmap (Xiubo Li) [RHEL-57609 RHEL-26722]
- KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (CKI Backport Bot) [RHEL-46428] {CVE-2024-39483}
- vfs: don't mod negative dentry count when on shrinker list (Brian Foster) [RHEL-60567 RHEL-46609]
- fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (Brian Foster) [RHEL-60567 RHEL-46609]
- x86/bugs: Reverse instruction order of CLEAR_CPU_BUFFERS (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- Revert "x86/bugs: Use fixed addressing for VERW operand" (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- redhat/configs: Enable x86 CONFIG_MITIGATION_RFDS (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- x86/rfds: Mitigate Register File Data Sampling (RFDS) (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- Documentation/hw-vuln: Add documentation for RFDS (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- x86/bugs: Use fixed addressing for VERW operand (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- KVM/VMX: Move VERW closer to VMentry for MDS mitigation (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- x86/entry_32: Add VERW just before userspace transition (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- x86/entry_64: Add VERW just before userspace transition (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- x86/entry: Harden return-to-user (Prarit Bhargava) [RHEL-48713 RHEL-25415]
- x86/entry: Optimize common_interrupt_return() (Prarit Bhargava) [RHEL-48713 RHEL-25415]
- x86/bugs: Add asm helpers for executing VERW (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746}
- sched: act_ct: take care of padding in struct zones_ht_key (Xin Long) [RHEL-55112 RHEL-50682] {CVE-2024-42272}
- sched: act_ct: add netns into the key of tcf_ct_flow_table (Xin Long) [RHEL-55112 RHEL-28816]
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (CKI Backport Bot) [RHEL-41361] {CVE-2024-35989}
- hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-42115 RHEL-37721] {CVE-2021-47385}
-
Fri Sep 27 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.39.1.el9_4]
- mptcp: ensure snd_nxt is properly initialized on connect (cki-backport-bot) [RHEL-52474 RHEL-39867] {CVE-2024-36889}
- ping: fix address binding wrt vrf (Antoine Tenart) [RHEL-57563 RHEL-50920]
- net/mlx5: Add a timeout to acquire the command queue semaphore (Benjamin Poirier) [RHEL-44227 RHEL-44225] {CVE-2024-38556}
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CKI Backport Bot) [RHEL-48142 RHEL-48140] {CVE-2024-40959}
- ionic: fix use after netif_napi_del() (Michal Schmidt) [RHEL-47636 RHEL-47634] {CVE-2024-39502}
- ionic: clean interrupt before enabling queue to avoid credit race (Michal Schmidt) [RHEL-47636 RHEL-36065]
- Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (Benjamin Poirier) [RHEL-42391 RHEL-24466] {CVE-2023-52658}
- tipc: Return non-zero value from tipc_udp_addr2str() on error (Xin Long) [RHEL-55075 RHEL-55074] {CVE-2024-42284}
- x86: set FSRS automatically on AMD CPUs that have FSRM (Prarit Bhargava) [RHEL-56970 RHEL-25415]
-
Fri Sep 20 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.38.1.el9_4]
- module: avoid allocation if module is already present and ready (Donald Dutile) [RHEL-52417]
- module: move early sanity checks into a helper (Donald Dutile) [RHEL-52417]
- module: extract patient module check into helper (Donald Dutile) [RHEL-52417]
- null_blk: Fix return value of nullb_device_power_store() (Ming Lei) [RHEL-58636 RHEL-39662]
- null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (Ming Lei) [RHEL-58636 RHEL-39662]
- net: sched: sch_multiq: fix possible OOB write in multiq_tune() (cki-backport-bot) [RHEL-43472] {CVE-2024-36978}
- netfilter: nft_flow_offload: release dst in case direct xmit path is used (Florian Westphal) [RHEL-38520 RHEL-33469]
- netfilter: nft_flow_offload: reset dst in route object after setting up flow (Florian Westphal) [RHEL-38520 RHEL-33469] {CVE-2024-27403}
- netfilter: flowtable: simplify route logic (Florian Westphal) [RHEL-38520 RHEL-33469]
- net: psample: fix uninitialized metadata. (Adrian Moreno) [RHEL-56909]
-
Fri Sep 13 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.37.1.el9_4]
- ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses (CKI Backport Bot) [RHEL-42783] {CVE-2024-26947}
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (Mamatha Inamdar) [RHEL-45537 RHEL-25055]
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Steve Best) [RHEL-40517 RHEL-39354] {CVE-2024-36016}
- smb: client: set correct id, uid and cruid for multiuser automounts (Jay Shin) [RHEL-47260 RHEL-31245]
- printk: printk.c: Disable per_console_kthreads on !CONFIG_PREEMPT_RT (Derek Barbosa) [RHEL-39064]
- uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-41275 RHEL-26233] {CVE-2023-52439}
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify (Steve Best) [RHEL-43192 RHEL-39849] {CVE-2024-36899}
- wifi: mac80211: Avoid address calculations via out of bounds array indexing (CKI Backport Bot) [RHEL-51287 RHEL-51285] {CVE-2024-41071}
- Input: cyapa - add missing input core locking to suspend/resume functions (cki-backport-bot) [RHEL-44455] {CVE-2023-52884}
- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Limit number of driver warning messages (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Fix race condition in disconnect handling (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Fix race conditions in suspend/resume handling (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Fix partial packet errors on suspend/resume (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Fix exception on link speed change (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Add missing return code checks (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Remove unused pause frame queue (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Set flow control threshold to prevent packet loss (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Remove unused timer (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Fix white space and style issues (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- sctp: fix association labeling in the duplicate COOKIE-ECHO case (CKI Backport Bot) [RHEL-56745 RHEL-48647]
- ice: xsk: fix txq interrupt mapping (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: improve updating ice_{t,r}x_ring::xsk_pool (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: toggle netif_carrier when setting up XSK pool (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: modify error handling when setting XSK pool in ndo_bpf (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: replace synchronize_rcu with synchronize_net (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: don't busy wait for Rx queue disable in ice_qp_dis() (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: respect netif readiness in AF_XDP ZC related ndo's (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: remove af_xdp_zc_qps bitmap (Petr Oros) [RHEL-52771 RHEL-17486]
- ice: reorder disabling IRQ and NAPI in ice_qp_dis (Petr Oros) [RHEL-52771 RHEL-17486]
- ice: make ice_vsi_cfg_txq() static (Petr Oros) [RHEL-52771 RHEL-17486]
- ice: make ice_vsi_cfg_rxq() static (Petr Oros) [RHEL-52771 RHEL-17486]
- ice: make use of DEFINE_FLEX() for struct ice_aqc_add_tx_qgrp (Petr Oros) [RHEL-52771 RHEL-17486]
- xdp: reflect tail increase for MEM_TYPE_XSK_BUFF_POOL (Petr Oros) [RHEL-52771 RHEL-38863]
- ice: update xdp_rxq_info::frag_size for ZC enabled Rx queue (Petr Oros) [RHEL-52771 RHEL-38863]
- intel: xsk: initialize skb_frag_t::bv_offset in ZC drivers (Petr Oros) [RHEL-52771 RHEL-38863]
- ice: remove redundant xdp_rxq_info registration (Petr Oros) [RHEL-52771 RHEL-38863]
- ice: work on pre-XDP prog frag count (Petr Oros) [RHEL-52771 RHEL-38863]
- xsk: fix usage of multi-buffer BPF helpers for ZC XDP (Petr Oros) [RHEL-52771 RHEL-38863]
- xsk: make xsk_buff_pool responsible for clearing xdp_buff::flags (Petr Oros) [RHEL-52771 RHEL-38863]
- xsk: recycle buffer in case Rx queue was full (Petr Oros) [RHEL-52771 RHEL-38863]
- overflow: add DEFINE_FLEX() for on-stack allocs (Petr Oros) [RHEL-52771 RHEL-30138]
- overflow: Add struct_size_t() helper (Petr Oros) [RHEL-52771 RHEL-30138]
- bpf, sockmap: Prevent lock inversion deadlock in map delete elem (Felix Maurer) [RHEL-41479 RHEL-30107] {CVE-2024-35895}
- xfs: allow SECURE namespace xattrs to use reserved block pool (CKI Backport Bot) [RHEL-54443 RHEL-49806]
- platform/x86/intel-uncore-freq: Don't present root domain on error (David Arcari) [RHEL-43291 RHEL-38558]
- platform/x86/intel-uncore-freq: Increase minor number support (David Arcari) [RHEL-43291 RHEL-38558]
- platform/x86/intel-uncore-freq: Process read/write blocked feature status (David Arcari) [RHEL-43291 RHEL-38558]
- platform/x86/intel/tpmi: Move TPMI ID definition (Steve Best) [RHEL-43291 RHEL-35956]
- ice: fix VSI lists confusion when adding VLANs (CKI Backport Bot) [RHEL-57778 RHEL-20571]
- ice: fix accounting for filters shared by multiple VSIs (CKI Backport Bot) [RHEL-57778 RHEL-20571]
- ice: fix accounting if a VLAN already exists (CKI Backport Bot) [RHEL-57778 RHEL-17486]
-
Fri Sep 06 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.36.1.el9_4]
- scsi: qla2xxx: Fix double free of fcport (Nilesh Javali) [RHEL-39547 RHEL-40034 RHEL-25184 RHEL-35020] {CVE-2024-26929}
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (Nilesh Javali) [RHEL-39547 RHEL-41325 RHEL-25184 RHEL-35016] {CVE-2024-26930}
- scsi: qla2xxx: Fix command flush on cable pull (Nilesh Javali) [RHEL-39547 RHEL-40029 RHEL-25184 RHEL-35012] {CVE-2024-26931}
- net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Benjamin Coddington) [RHEL-53708 RHEL-53004] {CVE-2024-42246}
- ice: Add netif_device_attach/detach into PF reset flow (CKI Backport Bot) [RHEL-56275 RHEL-56084]
- wifi: mt76: replace skb_put with skb_put_zero (CKI Backport Bot) [RHEL-52368] {CVE-2024-42225}
- cppc_cpufreq: Fix possible null pointer dereference (cki-backport-bot) [RHEL-44145] {CVE-2024-38573}
- ring-buffer: Fix a race between readers and resize checks (cki-backport-bot) [RHEL-43920] {CVE-2024-38601}
- fork: defer linking file vma until vma is fully initialized (Rafael Aquini) [RHEL-35617 RHEL-35022] {CVE-2024-27022}
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CKI Backport Bot) [RHEL-48393 RHEL-48391] {CVE-2024-40984}
- KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes (Maxim Levitsky) [RHEL-41345 RHEL-32430] {CVE-2024-26991}
- net/sched: act_mirred: don't override retval if we already lost the skb (Davide Caratti) [RHEL-42644 RHEL-31724] {CVE-2024-26739}
- net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability (Davide Caratti) [RHEL-42644 RHEL-32137]
- cpufreq: exit() callback is optional (cki-backport-bot) [RHEL-43848] {CVE-2024-38615}
- gfs2: Fix potential glock use-after-free on unmount (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570}
- gfs2: simplify gdlm_put_lock with out_free label (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570}
- gfs2: Remove ill-placed consistency check (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570}
- wifi: nl80211: Avoid address calculations via out of bounds array indexing (Jose Ignacio Tornos Martinez) [RHEL-46505 RHEL-34696] {CVE-2024-38562}
-
Fri Aug 30 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.35.1.el9_4]
- usb-storage: alauda: Check whether the media is initialized (CKI Backport Bot) [RHEL-43716] {CVE-2024-38619}
- ceph: force sending a cap update msg back to MDS for revoke op (Xiubo Li) [RHEL-55437]
- ceph: periodically flush the cap releases (Xiubo Li) [RHEL-55437]
- mm: avoid overflows in dirty throttling logic (Jay Shin) [RHEL-51848 RHEL-50004] {CVE-2024-42131}
- Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (Jay Shin) [RHEL-51701 RHEL-50004] {CVE-2024-42102}
- mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Jay Shin) [RHEL-42628 RHEL-5619] {CVE-2024-26720}
- net: fix out-of-bounds access in ops_init (Paolo Abeni) [RHEL-43188 RHEL-46610] {CVE-2024-36883}
- nvme: avoid double free special payload (CKI Backport Bot) [RHEL-51311] {CVE-2024-41073}
- kernfs: change kernfs_rename_lock into a read-write lock (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: Separate kernfs_pr_cont_buf and rename_lock (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: fix missing kernfs_iattr_rwsem locking (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: Introduce separate rwsem to protect inode attributes (Jay Shin) [RHEL-55253 RHEL-52956]
- xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47894 RHEL-47892] {CVE-2024-40927}
- Bluetooth: af_bluetooth: Fix deadlock (Bastien Nocera) [RHEL-34161] {CVE-2024-26886}
- xdp: Remove WARN() from __xdp_reg_mem_model() (CKI Backport Bot) [RHEL-51586] {CVE-2024-42082}
- nfsd: don't take fi_lock in nfsd_break_deleg_cb() (Benjamin Coddington) [RHEL-42578 RHEL-34875]
- nfsd: fix RELEASE_LOCKOWNER (Benjamin Coddington) [RHEL-42578 RHEL-34875] {CVE-2024-26629}
- net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727]
- net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727]
- net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43729] {CVE-2024-36979}
- efivarfs: force RO when remounting if SetVariable is not supported (Pavel Reichl) [RHEL-42343 RHEL-26588] {CVE-2023-52463}
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (Charles Mirabile) [RHEL-34234 RHEL-1697]
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (Charles Mirabile) [RHEL-34234 RHEL-1697]
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (Scott Weaver) [RHEL-34234 RHEL-1697]