-
Wed Jul 17 2024 Alan Steinberg <alan.steinberg@oracle.com> - [5.14.0-427.26.1.0.1.el9_4.OL9]
- Revert "crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode" [Orabug: 36638086]
- Update module name for cryptographic module [Orabug: 36324521]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
-
Fri Jul 05 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.26.1.el9_4]
- net: ena: Fix incorrect descriptor free behavior (Kamal Heib) [RHEL-39217 RHEL-37430] {CVE-2024-35958}
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Guillaume Nault) [RHEL-41749 RHEL-39837] {CVE-2024-36904}
- mm/mglru: Revert "don't sync disk for each aging cycle" (Waiman Long) [RHEL-44418]
- tipc: fix UAF in error path (Xin Long) [RHEL-34848 RHEL-34280] {CVE-2024-36886}
- selftest/cgroup: Update test_cpuset_prs.sh to match changes (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Make cpuset.cpus.exclusive independent of cpuset.cpus (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Delay setting of CS_CPU_EXCLUSIVE until valid partition (Waiman Long) [RHEL-45139]
- selftest/cgroup: Fix test_cpuset_prs.sh problems reported by test robot (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Fix remote root partition creation problem (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Optimize isolated partition only generate_sched_domains() calls (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Fix retval in update_cpumask() (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Fix a memory leak in update_exclusive_cpumask() (Waiman Long) [RHEL-45139]
- ice: implement AQ download pkg retry (Petr Oros) [RHEL-38907 RHEL-17318]
- redhat: include resolve_btfids in kernel-devel (Viktor Malik) [RHEL-43426 RHEL-40707]
- blk-cgroup: fix list corruption from resetting io stat (cki-backport-bot) [RHEL-44977] {CVE-2024-38663}
- misc: rtsx: do clear express reg every SD_INT (David Arcari) [RHEL-39985 RHEL-33706]
- misc: rtsx: Fix rts5264 driver status incorrect when card removed (David Arcari) [RHEL-39985 RHEL-33706]
- netfilter: tproxy: bail out if IP has been disabled on the device (cki-backport-bot) [RHEL-44371] {CVE-2024-36270}
- lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (cki-backport-bot) [RHEL-44263 RHEL-44261] {CVE-2024-38543}
- r8169: Fix possible ring buffer corruption on fragmented Tx packets. (cki-backport-bot) [RHEL-44039] {CVE-2024-38586}
- net: micrel: Fix receiving the timestamp in the frame for lan8841 (cki-backport-bot) [RHEL-43996] {CVE-2024-38593}
- vt: fix memory overlapping when deleting chars in the buffer (Waiman Long) [RHEL-43379 RHEL-27780] {CVE-2022-48627}
- net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (Kamal Heib) [RHEL-42728 RHEL-34192] {CVE-2024-26858}
- locking/atomic: Make test_and_*_bit() ordered on failure (Paolo Bonzini) [RHEL-45896]
- mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (Rafael Aquini) [RHEL-42659 RHEL-31840] {CVE-2024-26783}
- can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (Jose Ignacio Tornos Martinez) [RHEL-42379 RHEL-31530] {CVE-2023-52638}
- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Ken Cox) [RHEL-42226 RHEL-38715] {CVE-2021-47548}
-
Mon Jul 01 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.25.1.el9_4]
- nvme: fix reconnection fail due to reserved tag allocation (Maurizio Lombardi) [RHEL-42896 RHEL-36896] {CVE-2024-27435}
- net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (cki-backport-bot) [RHEL-43625] {CVE-2021-47596}
- scsi: sg: Avoid race in error handling & drop bogus warn (Ewan D. Milne) [RHEL-36106 RHEL-35659]
- scsi: sg: Avoid sg device teardown race (Ewan D. Milne) [RHEL-36106 RHEL-35659]
- netfilter: nf_tables: use timestamp to check for set element timeout (Florian Westphal) [RHEL-38032 RHEL-33985] {CVE-2024-27397}
- netfilter: nft_set_rbtree: Remove unused variable nft_net (Florian Westphal) [RHEL-38032 RHEL-33985]
- netfilter: nft_set_rbtree: prefer sync gc to async worker (Florian Westphal) [RHEL-38032 RHEL-33985]
- netfilter: nft_set_rbtree: rename gc deactivate+erase function (Florian Westphal) [RHEL-38032 RHEL-33985]
- netfilter: nf_tables: de-constify set commit ops function argument (Florian Westphal) [RHEL-38032 RHEL-33985]
- octeontx2-af: avoid off-by-one read from userspace (Kamal Heib) [RHEL-40486 RHEL-39873] {CVE-2024-36957}
-
Sun Jun 23 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.24.1.el9_4]
- net/bnx2x: Prevent access to a freed page in page_pool (Michal Schmidt) [RHEL-43272 RHEL-23117]
- bnx2x: new flag for track HW resource allocation (Michal Schmidt) [RHEL-43272 RHEL-23117]
- bnx2x: fix page fault following EEH recovery (Michal Schmidt) [RHEL-43272 RHEL-23117]
- bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (Michal Schmidt) [RHEL-43272 RHEL-23117]
- bnx2x: fix potential memory leak in bnx2x_tpa_stop() (Michal Schmidt) [RHEL-43272 RHEL-23117]
- xen-netfront: Add missing skb_mark_for_recycle (Vitaly Kuznetsov) [RHEL-37626 RHEL-36573] {CVE-2024-27393}
- tools/power/turbostat: Fix uncore frequency file string (David Arcari) [RHEL-34953 RHEL-29239]
- tools/power turbostat: Expand probe_intel_uncore_frequency() (David Arcari) [RHEL-34953 RHEL-29239]
- net/mlx5e: fix a potential double-free in fs_any_create_groups (Kamal Heib) [RHEL-38972 RHEL-37093] {CVE-2023-52667}
- crypto: qat - Fix typo (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Vladis Dronov) [RHEL-38546 RHEL-35816] {CVE-2024-26974}
- crypto: qat - specify firmware files for 402xx (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - validate slices count returned by FW (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - improve error logging to be consistent across features (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - improve error message in adf_get_arbiter_mapping() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - implement dh fallback for primes > 4K (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - implement interface for live migration (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add interface for live migration (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add bank save and restore flows (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - expand CSR operations for QAT GEN4 devices (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - rename get_sla_arr_of_type() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - relocate CSR access code (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - move PFVF compat checker to a function (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - relocate and rename 4xxx PF2VM definitions (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - adf_get_etr_base() helper (Vladis Dronov) [RHEL-38546 RHEL-35816]
- redhat/configs: Add CONFIG_CRYPTO_DEV_QAT_420XX (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - make ring to service map common for QAT GEN4 (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - fix ring to service map for dcc in 420xx (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - fix ring to service map for dcc in 4xxx (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - fix comment structure (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - remove unnecessary description from comment (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - remove double initialization of value (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - avoid division by zero (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - removed unused macro in adf_cnv_dbgfs.c (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - remove unused macros in qat_comp_alg.c (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- Documentation: qat: fix auto_reset section (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - resolve race condition during AER recovery (Vladis Dronov) [RHEL-38546 RHEL-35816] {CVE-2024-26974}
- crypto: qat - change SLAs cleanup flow at shutdown (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - improve aer error reset handling (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - limit heartbeat notifications (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add auto reset on error (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add fatal error notification (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - re-enable sriov after pf reset (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - update PFVF protocol for recovery (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - disable arbitration before reset (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add fatal error notify method (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add heartbeat error simulator (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - avoid memcpy() overflow warning (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - generate dynamically arbiter mappings (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add support for ring pair level telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add support for device telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add admin msgs for telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - include pci.h for GET_DEV() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add support for 420xx devices (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - move fw config related structures (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - relocate portions of qat_4xxx code (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - change signature of uof_get_num_objs() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - relocate and rename get_service_enabled() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- seq_file: add helper macro to define attribute for rw file (Vladis Dronov) [RHEL-38546 RHEL-35816]
- minmax: Introduce {min,max}_array() (Vladis Dronov) [RHEL-38546 RHEL-35816]
-
Fri Jun 14 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.23.1.el9_4]
- net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (Kamal Heib) [RHEL-34050 RHEL-30492] {CVE-2023-52626}
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (Ming Lei) [RHEL-38595 RHEL-36684]
- net/sched: flower: Add lock protection when remove filter handle (Petr Oros) [RHEL-35672 RHEL-33379]
- Bluetooth: Avoid potential use-after-free in hci_error_reset (David Marlin) [RHEL-33913 RHEL-31828] {CVE-2024-26801}
- net: hns3: do not allow call hns3_nic_net_open repeatedly (Jose Ignacio Tornos Martinez) [RHEL-38933 RHEL-37707] {CVE-2021-47400}
- tmpfs: fix Documentation of noswap and huge mount options (Nico Pache) [RHEL-38252 RHEL-31975]
- shmem: add support to ignore swap (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: update documentation (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: skip page split if we're not reclaiming (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: move reclaim check early on writepages() (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: set shmem_writepage() variables early (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: remove check for folio lock on writepage() (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- ice: Add automatic VF reset on Tx MDD events (Petr Oros) [RHEL-39083 RHEL-36317]
- net/ipv6: SKB symmetric hash should incorporate transport ports (Ivan Vecera) [RHEL-37641 RHEL-36218]
- ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [RHEL-37669 RHEL-37511]
- ipv6: sr: fix missing sk_buff release in seg6_input_core (Hangbin Liu) [RHEL-37669 RHEL-37511]
- ipv6: sr: fix invalid unregister error path (Hangbin Liu) [RHEL-37669 RHEL-37511]
- ipv6: sr: fix incorrect unregister order (Hangbin Liu) [RHEL-37669 RHEL-37511]
- ipv6: sr: add missing seg6_local_exit (Hangbin Liu) [RHEL-37669 RHEL-37511]
- block: fix q->blkg_list corruption during disk rebind (Ming Lei) [RHEL-36687 RHEL-33577]
- ice: fix uninitialized dplls mutex usage (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix pin phase adjust updates on PF reset (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix dpll periodic work data updates on PF reset (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix dpll and dpll_pin data access on PF reset (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix dpll input pin phase_adjust value updates (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix connection state of DPLL and out pin (Petr Oros) [RHEL-36716 RHEL-36283]
- redhat: remove the merge subtrees script (Derek Barbosa)
- redhat: rhdocs: delete .get_maintainer.conf (Derek Barbosa)
- redhat: rhdocs: Remove the rhdocs directory (Derek Barbosa)
- net/mlx5: Properly link new fs rules into the tree (Kamal Heib) [RHEL-38954 RHEL-37422] {CVE-2024-35960}
- smb: client: fix UAF in smb2_reconnect_server() (Jay Shin) [RHEL-28943 RHEL-40177 RHEL-37273 RHEL-7986] {CVE-2024-35870}
- smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (Jay Shin) [RHEL-28943 RHEL-31245]
- RHEL: enable CONFIG_AMD_ATL (Aristeu Rozanski) [RHEL-36220 RHEL-26704]
- EDAC/amd64: Use new AMD Address Translation Library (Aristeu Rozanski) [RHEL-36220 RHEL-26704]
- RAS: Introduce AMD Address Translation Library (Aristeu Rozanski) [RHEL-36220 RHEL-26704]
-
Mon Jun 10 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.22.1.el9_4]
- dpll: fix dpll_pin_on_pin_register() for multiple parent pins (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: indent DPLL option type by a tab (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: fix dpll_xa_ref_*_del() for multiple registrations (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: spec: use proper enum for pin capabilities attribute (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: move all dpll<>netdev helpers to dpll code (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: fix build failure due to rcu_dereference_check() on unknown type (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: rely on rcu for netdev_dpll_pin() (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: fix possible deadlock during netlink dump operation (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: check that pin is registered in __dpll_pin_unregister() (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: move xa_erase() call in to match dpll_pin_alloc() error path order (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: expose fractional frequency offset value to user (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: allocate pin ids in cycle (Petr Oros) [RHEL-36572 RHEL-32098]
- dpll: remove leftover mode_supported() op and use mode_get() instead (Petr Oros) [RHEL-36572 RHEL-32098]
- Documentation: dpll: wrap DPLL_CMD_PIN_GET output in a code block (Petr Oros) [RHEL-36572 RHEL-32098]
- Documentation: dpll: Fix code blocks (Petr Oros) [RHEL-36572 RHEL-32098]
- MAINTAINERS: adjust header file entry in DPLL SUBSYSTEM (Petr Oros) [RHEL-36572 RHEL-32098]
- netdev: Remove unneeded semicolon (Petr Oros) [RHEL-36572 RHEL-32098]
- netlink: add variable-length / auto integers (Petr Oros) [RHEL-36572 RHEL-30145]
- netlink: allow be16 and be32 types in all uint policy checks (Ivan Vecera) [RHEL-36572 RHEL-30656]
- net: netlink: recommend policy range validation (Ivan Vecera) [RHEL-36572 RHEL-30344]
- netlink: add nla be16/32 types to minlen array (Ivan Vecera) [RHEL-36572 RHEL-30344]
- netlink: introduce bigendian integer types (Michal Schmidt) [RHEL-36572 RHEL-30344]
- netlink: introduce NLA_POLICY_MAX_BE (Ivan Vecera) [RHEL-36572 RHEL-30344]
- ice: use irq_update_affinity_hint() (Michal Schmidt) [RHEL-38512 RHEL-35293]
- x86/tsc: Defer marking TSC unstable to a worker (Wander Lairson Costa) [RHEL-9296 RHEL-19514]
- x86/smpboot: Make TSC synchronization function call based (David Arcari) [RHEL-9296 RHEL-19514]
- Bluetooth: hci_core: Remove le_restart_scan work (David Marlin) [RHEL-38524 RHEL-30099]
- hwmon: (coretemp) Enlarge per package core count limit (David Arcari) [RHEL-35447 RHEL-22705]
- hwmon: (coretemp) Fix bogus core_id to attr name mapping (David Arcari) [RHEL-35447 RHEL-22705]
- hwmon: (coretemp) Fix out-of-bounds memory access (David Arcari) [RHEL-35447 RHEL-22705]
- perf: arm_cspmu: Reject events meant for other PMUs (Michael Petlan) [RHEL-34991 RHEL-25824]
- smb: client: refresh referral without acquiring refpath_lock (Jay Shin) [RHEL-38904 RHEL-7986]
- smb: client: guarantee refcounted children from parent session (Jay Shin) [RHEL-38904 RHEL-7986]
- smb3: show beginning time for per share stats (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: fix mount when dns_resolver key is not available (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: get rid of dfs code dep in namespace.c (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: get rid of dfs naming in automount code (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: rename cifs_dfs_ref.c to namespace.c (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: ensure to try all targets when finding nested links (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: introduce DFS_CACHE_TGT_LIST() (Jay Shin) [RHEL-38904 RHEL-31245]
- smb: client: remove redundant pointer 'server' (Jay Shin) [RHEL-38904 RHEL-28739]
- smb: client: fix parsing of source mount option (Jay Shin) [RHEL-38904 RHEL-28739]
- integrity: eliminate unnecessary "Problem loading X.509 certificate" msg (Coiby Xu) [RHEL-39933 RHEL-12346]
-
Mon Jun 03 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.21.1.el9_4]
- drm/i915/display: Increase number of fast wake precharge pulses (Mika Penttilä) [RHEL-36534 RHEL-20439]
- drm/i915/psr: Improve fast and IO wake lines calculation (Mika Penttilä) [RHEL-36534 RHEL-20439]
- drm/i915/display: Make intel_dp_aux_fw_sync_len available for PSR code (Mika Penttilä) [RHEL-36534 RHEL-20439]
- smb: client: improve DFS mount check (Jay Shin) [RHEL-36743 RHEL-28739]
- net: mana: Fix Rx DMA datasize and skb_over_panic (Cathy Avery) [RHEL-37622 RHEL-9872]
-
Thu May 23 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.20.1.el9_4]
- ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-33968 RHEL-31732] {CVE-2024-26735}
- idpf: fix kernel panic on unknown packet types (Michal Schmidt) [RHEL-36145 RHEL-29035]
- idpf: refactor some missing field get/prep conversions (Michal Schmidt) [RHEL-36145 RHEL-29035]
- PCI: Fix pci_rh_check_status() call semantics (Luiz Capitulino) [RHEL-36541 RHEL-35032]
- cxgb4: Properly lock TX queue for the selftest. (John B. Wyatt IV) [RHEL-36530 RHEL-31990 RHEL-9354]
-
Mon May 20 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.19.1.el9_4]
- x86/mce: Cleanup mce_usable_address() (Prarit Bhargava) [RHEL-33810 RHEL-25415]
- x86/mce: Define amd_mce_usable_address() (Prarit Bhargava) [RHEL-33810 RHEL-25415]
- x86/MCE/AMD: Split amd_mce_is_memory_error() (Prarit Bhargava) [RHEL-33810 RHEL-25415]
- fs: sysfs: Fix reference leak in sysfs_break_active_protection() (Ewan D. Milne) [RHEL-35302 RHEL-35078] {CVE-2024-26993}
-
Mon May 13 2024 Scott Weaver <scweaver@redhat.com> [5.14.0-427.18.1.el9_4]
- netfilter: nf_tables: disallow anonymous set with timeout flag (Phil Sutter) [RHEL-32971 RHEL-30082] {CVE-2024-26642}
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (Phil Sutter) [RHEL-33070 RHEL-30078] {CVE-2024-26643}
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (Phil Sutter) [RHEL-32963 RHEL-31345] {CVE-2024-26673}
- netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Phil Sutter) [RHEL-32963 RHEL-31345] {CVE-2024-26673}
- arm64: tlb: Fix TLBI RANGE operand (Shaoqin Huang) [RHEL-33412 RHEL-26259]
- arm64/mm: Modify range-based tlbi to decrement scale (Shaoqin Huang) [RHEL-33412 RHEL-26259]
- rh_messages.h: mark mlx5 on Bluefield-3 as unmaintained (Scott Weaver) [RHEL-35878 RHEL-33061]
- net: ip_tunnel: prevent perpetual headroom growth (Guillaume Nault) [RHEL-33934 RHEL-31816] {CVE-2024-26804}
- gitlab-ci: use zstream builder container image (Michael Hofmann)
- selftests: net: gro fwd: update vxlan GRO test expectations (Antoine Tenart) [RHEL-30910 RHEL-19729]
- udp: prevent local UDP tunnel packets from being GROed (Antoine Tenart) [RHEL-30910 RHEL-19729]
- udp: do not transition UDP GRO fraglist partial checksums to unnecessary (Antoine Tenart) [RHEL-30910 RHEL-19729]
- gro: fix ownership transfer (Antoine Tenart) [RHEL-30910 RHEL-19729]
- udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [RHEL-30910 RHEL-19729]
- bpf, tcx: Get rid of tcx_link_const (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add additional mprog query test coverage (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Make seen_tc* variable tests more robust (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Test query on empty mprog and pass revision into attach (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Adapt assert_mprog_count to always expect 0 count (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Test bpf_mprog query API via libbpf and raw syscall (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftest/bpf: Add various selftests for program limits (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpf: Refuse unused attributes in bpf_prog_{attach,detach} (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpf: Handle bpf_mprog_query with NULL entry (Felix Maurer) [RHEL-33062 RHEL-28590]
- net: Fix skb consume leak in sch_handle_egress (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add various more tcx test cases (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add test for detachment on empty mprog entry (Felix Maurer) [RHEL-33062 RHEL-28590]
- tcx: Fix splat during dev unregister (Felix Maurer) [RHEL-33062 RHEL-28590]
- tcx: Fix splat in ingress_destroy upon tcx_entry_free (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add mprog API tests for BPF tcx links (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add mprog API tests for BPF tcx opts (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpf: Add fd-based tcx multi-prog infra with link support (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpftool: Implement link show support for tcx (Artem Savkov) [RHEL-33062 RHEL-23643]
- bpftool: Extend net dump with tcx progs (Artem Savkov) [RHEL-33062 RHEL-23643]
- bpf: fix precision backtracking instruction iteration (Jay Shin) [RHEL-35230 RHEL-23643]