-
Mon Sep 18 2023 Mridula Shastry <mridula.c.shastry@oracle.com> - [5.14.0-284.30.1.el9_2.OL9]
- x86/microcode/intel: Expose collect_cpu_info_early() for IFS
- x86/cpu: Load microcode during restore_processor_state()
- x86/microcode: Rip out the OLD_INTERFACE
- x86/microcode: Default-disable late loading
- x86/microcode: Taint and warn on late loading
- x86/microcode: Remove unnecessary perf callback
- x86/microcode: Print previous version of microcode after reload
- x86/microcode: Rip out the subsys interface gunk
- x86/microcode: Simplify init path even more
- x86/microcode/AMD: Rename a couple of functions {CVE-2023-20593}
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities {CVE-2023-20593}
- x86/microcode: Check CPU capabilities after late microcode update correctly {CVE-2023-20593}
- x86/microcode: Adjust late loading result reporting message {CVE-2023-20593}
- x86/amd: Cache debug register values in percpu variables {CVE-2023-20593}
- x86/microcode: Remove ->request_microcode_user()
- x86/microcode: Kill refresh_fw
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter {CVE-2023-20593}
- x86/microcode: Drop struct ucode_cpu_info.valid
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions {CVE-2023-20593}
- x86/microcode/AMD: Track patch allocation size explicitly
- x86/microcode/AMD: Fix mixed steppings support {CVE-2023-20593}
- x86/microcode/core: Return an error only when necessary {CVE-2023-20593}
- x86/apic: Don't disable x2APIC if locked
- x86/cpu/amd: Move the errata checking functionality up {CVE-2023-20593}
- x86/cpu: Remove redundant extern x86_read_arch_cap_msr()
- x86/cpu, kvm: Add support for CPUID_80000021_EAX
- KVM: x86: Advertise that the SMM_CTL MSR is not supported
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
- x86/cpu: Support AMD Automatic IBRS
- x86/CPU/AMD: Make sure EFER[AIBRSE] is set
- x86/cpu/amd: Add a Zenbleed fix {CVE-2023-20593}
-
Tue Sep 12 2023 Mridula Shastry <mridula.c.shastry@oracle.com> - [5.14.0-284.30.0.1.el9_2.OL9]
- x86/tsx: Add a feature bit for TSX control MSR support {CVE-2023-1637}
- x86/speculation: Restore speculation related MSRs {CVE-2023-1637}
- x86/pm: Save the MSR validity status at context setup {CVE-2023-1637}
- x86/pm: Fix false positive kmemleak report in msr_build_context() {CVE-2023-1637}
- x86/cpu: Restore AMD's DE_CFG MSR after resume {CVE-2023-1637}
- x86/pm: Add enumeration check before spec MSRs {CVE-2023-1637}
- arm64: efi: Execute runtime services from a dedicated {CVE-2023-21102}
- netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE {CVE-2023-3390}
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain {CVE-2023-3390}
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails {CVE-2023-3390}
- netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID {CVE-2023-4147}
- netfilter: nf_tables: do not ignore genmask when looking up chain by id {CVE-2023-31248}
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval {CVE-2023-35001}
- netfilter: nf_tables: fix chain binding transaction logic {CVE-2023-3610}
- netfilter: nft_set_pipapo: fix improper element removal {CVE-2023-4004}
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free {CVE-2023-3776}
-
Thu Aug 03 2023 Mridula Shastry <mridula.c.shastry@oracle.com> - [5.14.0-284.25.1.0.1.el9_2.OL9]
- Fix KVM: x86/mmu: Fix race condition in direct_page_fault [Orabug: 35673032] {CVE-2022-45869}
-
Tue Aug 01 2023 Nagappan Ramasamy Palaniappan <nagappan.ramasamy.palaniappan@oracle.com> - [5.14.0-284.25.1.el9_2.OL9]
- KVM: x86/mmu: Fix race condition in direct_page_fault
- prlimit: do_prlimit needs to have a speculation check {CVE-2023-0458}
- x86/speculation: Allow enabling STIBP with legacy IBRS {CVE-2023-1998}
- ipvlan: Fix out of bounds caused by unclear skb->cb {CVE-2023-3090}
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt {CVE-2023-35788}
-
Thu Jul 20 2023 Mridula Shastry <mridula.c.shastry@oracle.com> - [5.14.0-284.18.1.el9_2.OL9]
- cifs: fix wrong unlock before return from cifs_tree_connect()
- docs: Remove the unnecessary unicode character
- perf vendor events intel: Refresh ivytown metrics and events
- perf vendor events: Update Intel ivytown
- perf vendor events intel: Refresh jaketown metrics and events
- perf vendor events: Update Intel jaketown
- NFSD: RHEL-only bug introduced in fix for COMMIT and NFS4ERR_DELAY loop
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
- workqueue: Fix isolated CPUs interference problem
- sched/core: Fix arch_scale_freq_tick() on tickless systems
- ice: no busy waiting in GNSS thread and for SQ commands
- wdat_wdt: avoid watchdog timeout during reboot
- hugetlbfs: don't delete error page from pagecache
- mm/filemap: fix page end in filemap_get_read_batch
- isched/deadline: Add more reschedule cases to prio_changed_dl()
- sched/rt: Fix bad task migration for rt tasks
- blk-mq: directly poll requests
- KVM: VMX: Fix crash due to uninitialized current_vmcs
- wifi: iwlwifi: mvm: protect TXQ list manipulation
- crypto: jitter - permanent and intermittent health errors
- cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores
- cpufreq: intel_pstate: Read all MSRs on the target CPU
- cpufreq: intel_pstate: Enable HWP IO boost for all servers
- crypto: qat: Update QAT drivers upto v6.2
- info/owners.yaml: Adjust intel_qat subsystem entry
- net: tls: fix possible race condition between do_tls_getsockopt_conf and do_tls_setsockopt_conf() {CVE-2023-28466}
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() {CVE-2023-2194}
- xfs: verify buffer contents when we skip log replay {CVE-2023-2124}
- bluetooth: Perform careful capability checks in hci_sock_ioctl() {CVE-2023-2002}
- netfilter: nf_tables: deactivate anonymous set from preparation phase {CVE-2023-32233}
- perf: Fix check before add_event_to_groups() in perf_group_detach() {CVE-2023-2235}
-
Tue May 09 2023 Natalya Naumova <natalya.naumova@oracle.com> - [5.14.0-284.11.1.el9_2.OL9]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
-
Wed Apr 12 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-284.11.1.el9_2]
- vfio: Make the group FD disassociate from the iommu_group (Alex Williamson) [2180649]
- vfio: Hold a reference to the iommu_group in kvm for SPAPR (Alex Williamson) [2180649]
- vfio: Add vfio_file_is_group() (Alex Williamson) [2180649]
- vfio: Change vfio_group->group_rwsem to a mutex (Alex Williamson) [2180649]
- vfio: Remove the vfio_group->users and users_comp (Alex Williamson) [2180649]
- vfio: Follow a strict lifetime for struct iommu_group (Alex Williamson) [2180649]
-
Wed Apr 05 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-284.10.1.el9_2]
- dm: fix __send_duplicate_bios() to always allow for splitting IO (Benjamin Marzinski) [2184420]
- dm: fix improper splitting for abnormal bios (Benjamin Marzinski) [2184420]
-
Tue Apr 04 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-284.9.1.el9_2]
- ovl: fail on invalid uid/gid mapping at copy up (Miklos Szeredi) [2165345] {CVE-2023-0386}
-
Mon Apr 03 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-284.8.1.el9_2]
- Reinstate "GFS2: free disk inode which is deleted by remote node -V2" (Bob Peterson) [2181344]
- iavf: fix hang on reboot with ice (Stefan Assmann) [2175775]
- xfs: fix off-by-one-block in xfs_discard_folio() (Carlos Maiolino) [2178173]