[El-errata] ELSA-2022-9179 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Feb 28 22:44:43 UTC 2022


Oracle Linux Security Advisory ELSA-2022-9179

http://linux.oracle.com/errata/ELSA-2022-9179.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-2047.511.5.2.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2047.511.5.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2047.511.5.2.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2047.511.5.2.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2047.511.5.2.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2047.511.5.2.el7uek.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-2047.511.5.2.el7uek.src.rpm

Related CVEs:

CVE-2022-0492




Description of changes:

[4.14.35-2047.511.5.2.el7uek]
- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman)  [Orabug: 33876756]  {CVE-2022-0492}
- scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed)  [Orabug: 33876755]

[4.14.35-2047.511.5.1.el7uek]
- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel)  [Orabug: 33836770]

[4.14.35-2047.511.5.el7uek]
- irq/msi: add extra step when both old and new affinity are not current cpu (Joe Jin)  [Orabug: 33789982]
- Revert "rds/ib: Kernel change to extend rds-info functionality" (Rohit Nair)  [Orabug: 33795472]
- smp: always continue to process IRQ work (Stephen Brennan)  [Orabug: 33775326]
- scsi: libiscsi: Fix iscsi_task use after free() (Mike Christie)  [Orabug: 33674803]
- scsi: libiscsi: Drop taskqueuelock (Mike Christie)  [Orabug: 33674803]
- netfilter: fix regression in looped (broad|multi)cast's MAC handling (Ignacy Gawędzki) 
- PM: hibernate: use correct mode for swsusp_close() (Thomas Zeitlhofer) 
- tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware)) 
- binder: fix test regression due to sender_euid change (Todd Kjos) 
- IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (José Expósito)

[4.14.35-2047.511.4.el7uek]
- net/rds: Refactor rds_ib_recv_refill_one (Freddy Carrillo)  [Orabug: 33811840]
- net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan)  [Orabug: 33811824]
- ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna)  [Orabug: 33811779]
- rds: ib: Ack seq not always received in monotonic increasing order (Håkon Bugge)  [Orabug: 33810922]
- arm64: pcie: Intercept Pensando specific SError (Henry Willard)  [Orabug: 33811771]
- arm64: pcie: Change bad_mode hook to cap_pciep_access_in_progress() (Henry Willard)  [Orabug: 33811771]
- arm64: pcie: Remove Pensando SError trapping patch (Henry Willard)  [Orabug: 33811771]
- take care multiple extents in CoW extent converting (Wengang Wang)  [Orabug: 33811755]

[4.14.35-2047.511.3.el7uek]
- scsi: vmw_pvscsi: Set residual data length conditionally (Alexey Makhalov)  [Orabug: 33761308]
- xfs: force the log offline when log intent item recovery fails (Darrick J. Wong)  [Orabug: 33757273]
- xfs: cancel intents immediately if process_intents fails (Darrick J. Wong)  [Orabug: 33757273]
- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland)  [Orabug: 33749641]
- irqchip/gic-v3-its: Allow use of LPI tables in reserved memory (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Register LPI tables with EFI config table (Marc Zyngier)  [Orabug: 33749641]
- efi: add API to reserve memory persistently across kexec reboot (Ard Biesheuvel)  [Orabug: 33749641]
- efi/arm: libstub: add a root memreserve config table (Ard Biesheuvel)  [Orabug: 33749641]
- efi: honour memory reservations passed via a linux specific config table (Ard Biesheuvel)  [Orabug: 33749641]
- irqchip/gic-v3-its: Check that all RDs have the same property table (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Use pre-programmed redistributor tables with kdump kernels (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Allow use of pre-programmed LPI tables (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Keep track of property table's PA and VA (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Move pending table allocation to init time (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Split property table clearing from allocation (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Simplify LPI_PENDBASE_SZ usage (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Change initialization ordering for LPIs (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Cap lpi_id_bits to reduce memory footprint (Jia He)  [Orabug: 33749641]
- irqchip/gic-v3-its: Make its_lock a raw_spin_lock_t (Sebastian Andrzej Siewior)  [Orabug: 33749641]
- irqchip/gic-v3-its: Honor hypervisor enforced LPI range (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3: Expose GICD_TYPER in the rdist structure (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Drop chunk allocation compatibility (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Move minimum LPI requirements to individual busses (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Use full range of LPIs (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Refactor LPI allocator (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Only emit VSYNC if targetting a valid collection (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3-its: Only emit SYNC if targetting a valid collection (Marc Zyngier)  [Orabug: 33749641]
- irqchip/gic-v3: Ensure GICR_CTLR.EnableLPI=0 is observed before enabling (Shanker Donthineni)  [Orabug: 33749641]
- irqchip/gic-v3-its: Pass its_node pointer to each command builder (Marc Zyngier)  [Orabug: 33749641]
- tee: handle lookup of shm with reference count 0 (Jens Wiklander)  [Orabug: 33739583]  {CVE-2021-44733}
- rds/ib: Kernel change to extend rds-info functionality (Rohit Nair)  [Orabug: 33660978]
- net/mlx5: Fix eeprom support for SFP module (Eran Ben Elisha)  [Orabug: 33541468]
- x86/vector: search CPU vector starts from last successfully assigned (Joe Jin)  [Orabug: 33290504]

[4.14.35-2047.511.2.el7uek]
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong)  [Orabug: 33756155]  {CVE-2021-4155}
- net/mlx5e: ethtool, Add support for EEPROM high pages query (Erez Alfasi)  [Orabug: 33755527]
- ethtool: Add SFF-8436 and SFF-8636 max EEPROM length definitions (Erez Alfasi)  [Orabug: 33755527]
- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (George Kennedy)  [Orabug: 33731361]
- uek-rpm: configs: disable CONFIG_USB_GADGET (aloktiw)  [Orabug: 33730434]
- rds: ib: Incorporate the stat counter "ib_rdma_flush_mr_pool_avoided" in the structure "rds_ib_stat_names" (Praveen Kumar Kannoju)  [Orabug: 33720886]
- panic: reinitialize logbuf locks before notifiers (Stephen Brennan)  [Orabug: 33703438]
- panic: disable optimistic spin after halting CPUs (Stephen Brennan)  [Orabug: 33703438]
- atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (Zekun Shen)  [Orabug: 33594985]  {CVE-2021-43975}
- x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Yazen Ghannam)  [Orabug: 33427596]
- EDAC/mce_amd: Add new error descriptions for existing types (Yazen Ghannam)  [Orabug: 33427596]
- x86/mce, EDAC/mce_amd: Print PPIN in machine check records (Smita Koralahalli)  [Orabug: 33427596]
- x86/mce/amd, edac: Remove report_gart_errors (Borislav Petkov)  [Orabug: 33427596]
- x86/mce/amd: Add PPIN support for AMD MCE (Wei Huang)  [Orabug: 33427596]
- x86/mce: Take action on UCNA/Deferred errors again (Jan H. Schönherr)  [Orabug: 33427596]
- xen/mcelog: add PPIN to record when available (Jan Beulich)  [Orabug: 33427596]
- xen/mcelog: drop __MC_MSR_MCGCAP (Jan Beulich)  [Orabug: 33427596]
- x86/MCE/AMD: Don't report L1 BTB MCA errors on some family 17h models (Yazen Ghannam)  [Orabug: 33427596]
- x86/MCE: Add an MCE-record filtering function (Yazen Ghannam)  [Orabug: 33427596]
- EDAC, mce_amd: Print ExtErrorCode and description on a single line (Yazen Ghannam)  [Orabug: 33427596]
- mstflint_access: Update driver code to v4.18.0-1 from Github (Sharath Srinivasan)  [Orabug: 33186485]
- mstflint_access: Update driver code to v4.17.0-1 from Github (Sharath Srinivasan)  [Orabug: 33186485]
- mstflint_access: Add README.txt (Sharath Srinivasan)  [Orabug: 33186485]
- Revert "Revert "net/mlx4_core: Add masking for a few queries on HCA caps"" (Freddy Carrillo)  [Orabug: 32603654]

[4.14.35-2047.511.1.el7uek]
- uek-rpm: Update ol7 locklist with fnic symbols (Saeed Mirzamohammadi)  [Orabug: 33590914]
- mm, oom: dump stack of victim when reaping failed (David Rientjes)  [Orabug: 33647102]
- memcg: prohibit unconditional exceeding the limit of dying tasks (Vasily Averin)  [Orabug: 33647102]
- memcg: enable memcg oom-kill for __GFP_NOFAIL (Shakeel Butt)  [Orabug: 33647102]
- memcg, oom: no oom-kill for __GFP_RETRY_MAYFAIL (Shakeel Butt)  [Orabug: 33647102]
- memcg: killed threads should not invoke memcg OOM killer (Tetsuo Handa)  [Orabug: 33647102]
- memcg, oom: notify on oom killer invocation from the charge path (Michal Hocko)  [Orabug: 33647102]
- mm: memcontrol: print proper OOM header when no eligible victim left (Johannes Weiner)  [Orabug: 33647102]
- memcg, oom: move out_of_memory back to the charge path (Michal Hocko)  [Orabug: 33647102]
- rds/ib: Use both iova and key in free_mr socket call (aru kolappan)  [Orabug: 33671340]
- arm64: kexec: Suppress kexec on embedded systems (smartnics) (Henry Willard)  [Orabug: 33699776]
- fget: check that the fd still exists after getting a ref to it (Linus Torvalds)  [Orabug: 33679805]  {CVE-2021-0920}
- fs: add fget_many() and fput_many() (Jens Axboe)  [Orabug: 33679805]
- xfs: remove all COW fork extents when remounting readonly (Darrick J. Wong)  [Orabug: 33676191]
- RDS/IB: Fix error when trying to unallocate ring buffers (Hans Westgaard Ry)  [Orabug: 33620350]
- net: macsec: Severe performance regression in "...preserve ordering" (Venkat Venkatsubra)  [Orabug: 33557957]
- Linux 4.14.256 (Greg Kroah-Hartman) 
- soc/tegra: pmc: Fix imbalanced clock disabling in error code path (Dmitry Osipenko) 
- usb: max-3421: Use driver data instead of maintaining a list of bound devices (Uwe Kleine-König) 
- RDMA/netlink: Add __maybe_unused to static inline in C file (Leon Romanovsky) 
- batman-adv: Don't always reallocate the fragmentation skb head (Sven Eckelmann) 
- batman-adv: Reserve needed_*room for fragments (Sven Eckelmann) 
- batman-adv: Consider fragmentation for needed_headroom (Sven Eckelmann) 
- batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (Linus Lüssing) 
- batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (Linus Lüssing) 
- perf/core: Avoid put_page() when GUP fails (Greg Thelen) 
- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (hongao) 
- drm/udl: fix control-message timeout (Johan Hovold) 
- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (Nguyen Dinh Phi) 
- parisc/sticon: fix reverse colors (Sven Schnelle) 
- btrfs: fix memory ordering between normal and ordered work functions (Nikolay Borisov) 
- mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag (Rustam Kovhaev) 
- hexagon: export raw I/O routines for modules (Nathan Chancellor) 
- tun: fix bonding active backup with arp monitoring (Nicolas Dichtel) 
- perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server (Alexander Antonov) 
- perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server (Alexander Antonov) 
- NFC: reorder the logic in nfc_{un,}register_device (Lin Ma) 
- NFC: reorganize the functions in nci_request (Lin Ma) 
- i40e: Fix NULL ptr dereference on VSI filter sync (Michal Maloszewski) 
- net: virtio_net_hdr_to_skb: count transport header in UFO (Jonathan Davies) 
- platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (Christophe JAILLET) 
- mips: lantiq: add support for clk_get_parent() (Randy Dunlap) 
- mips: bcm63xx: add support for clk_get_parent() (Randy Dunlap) 
- MIPS: generic/yamon-dt: fix uninitialized variable error (Colin Ian King) 
- iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Surabhi Boob) 
- net: bnx2x: fix variable dereferenced before check (Pavel Skripkin) 
- sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (Vincent Donnefort) 
- mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set (Randy Dunlap) 
- sh: define __BIG_ENDIAN for math-emu (Randy Dunlap) 
- sh: fix kconfig unmet dependency warning for FRAME_POINTER (Randy Dunlap) 
- maple: fix wrong return value of maple_bus_init(). (Lu Wei) 
- sh: check return code of request_irq (Nick Desaulniers) 
- powerpc/dcr: Use cmplwi instead of 3-argument cmpli (Michael Ellerman) 
- ALSA: gus: fix null pointer dereference on pointer block (Chengfeng Ye) 
- powerpc/5200: dts: fix memory node unit name (Anatolij Gustschin) 
- scsi: target: Fix alua_tg_pt_gps_count tracking (Mike Christie) 
- scsi: target: Fix ordered tag handling (Mike Christie) 
- MIPS: sni: Fix the build (Bart Van Assche) 
- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Guanghui Feng) 
- usb: host: ohci-tmio: check return value after calling platform_get_resource() (Yang Yingliang) 
- ARM: dts: omap: fix gpmc,mux-add-data type (Roger Quadros) 
- scsi: advansys: Fix kernel pointer leak (Guo Zhi) 
- usb: musb: tusb6010: check return value after calling platform_get_resource() (Yang Yingliang) 
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (James Smart) 
- arm64: zynqmp: Fix serial compatible string (Michal Simek) 
- PCI/MSI: Destroy sysfs before freeing entries (Thomas Gleixner) 
- parisc/entry: fix trace test in syscall exit path (Sven Schnelle) 
- tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (Paul Burton) 
- ext4: fix lazy initialization next schedule time computation in more granular unit (Shaoying Xu) 
- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (Pali Rohár) 
- s390/cio: check the subchannel validity for dev_busid (Vineeth Vijayan) 
- mm, oom: do not trigger out_of_memory from the #PF (Michal Hocko) 
- mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks (Vasily Averin) 
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (Naveen N. Rao) 
- powerpc/bpf: Validate branch ranges (Naveen N. Rao) 
- powerpc/lib: Add helper to check if offset is within conditional branch range (Naveen N. Rao) 
- ARM: 9156/1: drop cc-option fallbacks for architecture selection (Arnd Bergmann) 
- ARM: 9155/1: fix early early_iounmap() (Michał Mirosław) 
- USB: chipidea: fix interrupt deadlock (Johan Hovold) 
- vsock: prevent unnecessary refcnt inc for nonblocking connect (Eiichi Tsukata) 
- nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (Chengfeng Ye) 
- llc: fix out-of-bound array index in llc_sk_dev_hash() (Eric Dumazet) 
- mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() (Miaohe Lin) 
- bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (Huang Guobin) 
- ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (Hans de Goede) 
- net: davinci_emac: Fix interrupt pacing disable (Maxim Kiselev) 
- xen-pciback: Fix return in pm_ctrl_init() (YueHaibing) 
- i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (Christophe JAILLET) 
- scsi: qla2xxx: Turn off target reset during issue_lip (Quinn Tran) 
- ar7: fix kernel builds for compiler test (Jackie Liu) 
- watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (Ahmad Fatoum) 
- m68k: set a default value for MEMORY_RESERVE (Randy Dunlap) 
- dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (Lars-Peter Clausen) 
- netfilter: nfnetlink_queue: fix OOB when mac header was cleared (Florian Westphal) 
- auxdisplay: ht16k33: Fix frame buffer device blanking (Geert Uytterhoeven) 
- auxdisplay: ht16k33: Connect backlight to fbdev (Geert Uytterhoeven) 
- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (Geert Uytterhoeven) 
- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (Claudiu Beznea) 
- mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (Evgeny Novikov) 
- fs: orangefs: fix error return code of orangefs_revalidate_lookup() (Jia-Ju Bai) 
- NFS: Fix deadlocks in nfs_scan_commit_list() (Trond Myklebust) 
- PCI: aardvark: Don't spam about PIO Response Status (Marek Behún) 
- drm/plane-helper: fix uninitialized variable reference (Alex Xu (Hello71)) 
- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (Baptiste Lepers) 
- rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined (Arnaud Pouliquen) 
- apparmor: fix error check (Tom Rix) 
- power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (Hans de Goede) 
- mips: cm: Convert to bitfield API to fix out-of-bounds access (Geert Uytterhoeven) 
- serial: xilinx_uartps: Fix race condition causing stuck TX (Anssi Hannula) 
- ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (Richard Fitzgerald) 
- ASoC: cs42l42: Correct some register default values (Richard Fitzgerald) 
- RDMA/mlx4: Return missed an error if device doesn't support steering (Leon Romanovsky) 
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Dan Carpenter) 
- power: supply: rt5033_battery: Change voltage values to µV (Jakob Hauser) 
- usb: gadget: hid: fix error code in do_config() (Dan Carpenter) 
- serial: 8250_dw: Drop wrong use of ACPI_PTR() (Andy Shevchenko) 
- video: fbdev: chipsfb: use memset_io() instead of memset() (Christophe Leroy) 
- memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (Dongliang Mu) 
- soc/tegra: Fix an error handling path in tegra_powergate_power_up() (Christophe JAILLET) 
- arm: dts: omap3-gta04a4: accelerometer irq fix (Andreas Kemnade) 
- ALSA: hda: Reduce udelay() at SKL+ position reporting (Takashi Iwai) 
- JFS: fix memleak in jfs_mount (Dongliang Mu) 
- MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT (Jackie Liu) 
- scsi: dc395: Fix error case unwinding (Tong Zhang) 
- ARM: dts: at91: tse850: the emac<->phy interface is rmii (Peter Rosin) 
- ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (Jackie Liu) 
- RDMA/rxe: Fix wrong port_cap_flags (Junji Wei) 
- ibmvnic: Process crqs after enabling interrupts (Sukadev Bhattiprolu) 
- crypto: pcrypt - Delay write to padata->info (Daniel Jordan) 
- net: phylink: avoid mvneta warning when setting pause parameters (Russell King (Oracle)) 
- net: amd-xgbe: Toggle PLL settings during rate change (Shyam Sundar S K) 
- libertas: Fix possible memory leak in probe and disconnect (Wang Hai) 
- libertas_tf: Fix possible memory leak in probe and disconnect (Wang Hai) 
- samples/kretprobes: Fix return value if register_kretprobe() failed (Tiezhu Yang) 
- irq: mips: avoid nested irq_enter() (Mark Rutland) 
- s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() (David Hildenbrand) 
- smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi (Tetsuo Handa) 
- PM: hibernate: fix sparse warnings (Anders Roxell) 
- phy: micrel: ksz8041nl: do not use power down mode (Stefan Agner) 
- mwifiex: Send DELBA requests according to spec (Jonas Dreßler) 
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (Nathan Chancellor) 
- mmc: mxs-mmc: disable regulator on error and in the remove function (Christophe JAILLET) 
- net: stream: don't purge sk_error_queue in sk_stream_kill_queues() (Jakub Kicinski) 
- drm/msm: uninitialized variable in msm_gem_import() (Dan Carpenter) 
- ath10k: fix max antenna gain unit (Sven Eckelmann) 
- hwmon: Fix possible memleak in __hwmon_device_register() (Yang Yingliang) 
- memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (Dan Carpenter) 
- memstick: avoid out-of-range warning (Arnd Bergmann) 
- b43: fix a lower bounds test (Dan Carpenter) 
- b43legacy: fix a lower bounds test (Dan Carpenter) 
- hwrng: mtk - Force runtime pm ops for sleep ops (Markus Schneider-Pargmann) 
- crypto: qat - disregard spurious PFVF interrupts (Giovanni Cabiddu) 
- crypto: qat - detect PFVF collision after ACK (Giovanni Cabiddu) 
- ath9k: Fix potential interrupt storm on queue reset (Linus Lüssing) 
- cpuidle: Fix kobject memory leaks in error paths (Anel Orazgaliyeva) 
- media: cx23885: Fix snd_card_free call on null card pointer (Colin Ian King) 
- media: si470x: Avoid card name truncation (Kees Cook) 
- media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (Christophe JAILLET) 
- media: dvb-usb: fix ununit-value in az6027_rc_query (Pavel Skripkin) 
- cgroup: Make rebind_subsystems() disable v2 controllers all at once (Waiman Long) 
- parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling (Sven Schnelle) 
- task_stack: Fix end_of_stack() for architectures with upwards-growing stack (Helge Deller) 
- parisc: fix warning in flush_tlb_all (Sven Schnelle) 
- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (Yang Yingliang) 
- ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (Arnd Bergmann) 
- gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE (Stephen Suryaputra) 
- ARM: clang: Do not rely on lr register for stacktrace (Masami Hiramatsu) 
- smackfs: use __GFP_NOFAIL for smk_cipso_doi() (Tetsuo Handa) 
- iwlwifi: mvm: disable RX-diversity in powersave (Johannes Berg) 
- PM: hibernate: Get block device exclusively in swsusp_check() (Ye Bin) 
- mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (Zheyu Ma) 
- tracing/cfi: Fix cmp_entries_* functions signature mismatch (Kalesh Singh) 
- lib/xz: Validate the value before assigning it to an enum variable (Lasse Collin) 
- lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (Lasse Collin) 
- memstick: r592: Fix a UAF bug when removing the driver (Zheyu Ma) 
- leaking_addresses: Always print a trailing newline (Kees Cook) 
- ACPI: battery: Accept charges over the design capacity as full (André Almeida) 
- ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (Tuo Li) 
- tracefs: Have tracefs directories not set OTH permission bits by default (Steven Rostedt (VMware)) 
- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (Anant Thazhemadam) 
- ACPICA: Avoid evaluating methods too early during system resume (Rafael J. Wysocki) 
- ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK (Randy Dunlap) 
- media: mceusb: return without resubmitting URB in case of -EPROTO error. (Rajat Asthana) 
- media: s5p-mfc: Add checking to s5p_mfc_probe(). (Nadezda Lutovinova) 
- media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (Tuo Li) 
- media: uvcvideo: Set capability in s_param (Ricardo Ribalda) 
- media: netup_unidvb: handle interrupt properly according to the firmware (Zheyu Ma) 
- media: mt9p031: Fix corrupted frame after restarting stream (Dirk Bender) 
- mwifiex: Properly initialize private structure on interface type changes (Jonas Dreßler) 
- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (Jonas Dreßler) 
- x86: Increase exception stack sizes (Peter Zijlstra) 
- smackfs: Fix use-after-free in netlbl_catmap_walk() (Pawan Gupta) 
- locking/lockdep: Avoid RCU-induced noinstr fail (Peter Zijlstra) 
- MIPS: lantiq: dma: reset correct number of channel (Aleksander Jan Bajkowski) 
- MIPS: lantiq: dma: add small delay after reset (Aleksander Jan Bajkowski) 
- platform/x86: wmi: do not fail if disabling fails (Barnabás Pőcze) 
- Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo) 
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (Takashi Iwai)   {CVE-2021-3640}
- USB: iowarrior: fix control-message timeouts (Johan Hovold) 
- USB: serial: keyspan: fix memleak on probe errors (Wang Hai) 
- iio: dac: ad5446: Fix ad5622_write() return value (Pekka Korpinen) 
- pinctrl: core: fix possible memory leak in pinctrl_enable() (Yang Yingliang) 
- quota: correct error number in free_dqentry() (Zhang Yi) 
- quota: check block number when reading the block in quota file (Zhang Yi) 
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (Marek Behún) 
- PCI: aardvark: Fix return value of MSI domain .alloc() method (Marek Behún) 
- PCI: aardvark: Do not unmask unused interrupts (Pali Rohár) 
- PCI: aardvark: Do not clear status bits of masked interrupts (Pali Rohár) 
- xen/balloon: add late_initcall_sync() for initial ballooning done (Juergen Gross) 
- ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume (Pavel Skripkin) 
- ALSA: mixer: oss: Fix racy access to slots (Takashi Iwai) 
- serial: core: Fix initializing and restoring termios speed (Pali Rohár) 
- powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found (Xiaoming Ni) 
- power: supply: max17042_battery: use VFSOC for capacity when no rsns (Henrik Grimler) 
- power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (Sebastian Krzyszkowiak) 
- signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT (Eric W. Biederman) 
- signal: Remove the bogus sigkill_pending in ptrace_stop (Eric W. Biederman) 
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (Alok Prasad) 
- wcn36xx: handle connection loss indication (Benjamin Li) 
- libata: fix checking of DMA state (Reimar Döffinger) 
- mwifiex: Read a PCI register after writing the TX ring write pointer (Jonas Dreßler) 
- wcn36xx: Fix HT40 capability for 2Ghz band (Loic Poulain) 
- evm: mark evm_fixmode as __ro_after_init (Austin Kim) 
- rtl8187: fix control-message timeouts (Johan Hovold) 
- PCI: Mark Atheros QCA6174 to avoid bus reset (Ingmar Klein) 
- ath10k: fix division by zero in send path (Johan Hovold) 
- ath10k: fix control-message timeout (Johan Hovold) 
- ath6kl: fix control-message timeout (Johan Hovold) 
- ath6kl: fix division by zero in send path (Johan Hovold) 
- mwifiex: fix division by zero in fw download path (Johan Hovold) 
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (Eric Badger) 
- regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (Krzysztof Kozlowski) 
- regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (Krzysztof Kozlowski) 
- hwmon: (pmbus/lm25066) Add offset coefficients (Zev Weiss) 
- btrfs: fix lost error handling when replaying directory deletes (Filipe Manana) 
- vmxnet3: do not stop tx queues after netif_device_detach() (Dongli Zhang) 
- watchdog: Fix OMAP watchdog early handling (Walter Stoll) 
- spi: spl022: fix Microwire full duplex mode (Thomas Perrot) 
- bpf: Prevent increasing bpf_jit_limit above max (Lorenz Bauer) 
- mmc: winbond: don't build on M68K (Randy Dunlap) 
- hyperv/vmbus: include linux/bitops.h (Arnd Bergmann) 
- sfc: Don't use netif_info before net_device setup (Erik Ekman) 
- cavium: Fix return values of the probe function (Zheyu Ma) 
- scsi: qla2xxx: Fix unmap of already freed sgl (Dmitry Bogdanov) 
- cavium: Return negative value when pci_alloc_irq_vectors() fails (Zheyu Ma) 
- x86/irq: Ensure PI wakeup handler is unregistered before module unload (Sean Christopherson) 
- ALSA: timer: Unconditionally unlink slave instances, too (Takashi Iwai) 
- ALSA: timer: Fix use-after-free problem (Wang Wensheng) 
- ALSA: synth: missing check for possible NULL after the call to kstrdup (Austin Kim) 
- ALSA: line6: fix control and interrupt message timeouts (Johan Hovold) 
- ALSA: 6fire: fix control and bulk message timeouts (Johan Hovold) 
- ALSA: ua101: fix division by zero at probe (Johan Hovold) 
- media: ite-cir: IR receiver stop working after receive overflow (Sean Young) 
- tpm: Check for integer overflow in tpm2_map_response_body() (Dan Carpenter) 
- parisc: Fix ptrace check on syscall return (Helge Deller) 
- mmc: dw_mmc: Dont wait for DRTO on Write RSP error (Christian Löhle) 
- ocfs2: fix data corruption on truncate (Jan Kara) 
- libata: fix read log timeout value (Damien Le Moal) 
- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (Takashi Iwai) 
- Input: elantench - fix misreporting trackpoint coordinates (Phoenix Huang) 
- binder: use cred instead of task for selinux checks (Todd Kjos) 
- binder: use euid from cred instead of using task (Todd Kjos) 
- xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (Mathias Nyman) 
- Linux 4.14.255 (Greg Kroah-Hartman) 
- rsi: fix control-message timeout (Johan Hovold) 
- staging: rtl8192u: fix control-message timeouts (Johan Hovold) 
- staging: r8712u: fix control-message timeout (Johan Hovold) 
- comedi: vmk80xx: fix bulk and interrupt message timeouts (Johan Hovold) 
- comedi: vmk80xx: fix bulk-buffer overflow (Johan Hovold) 
- comedi: vmk80xx: fix transfer-buffer overflows (Johan Hovold) 
- comedi: ni_usb6501: fix NULL-deref in command paths (Johan Hovold) 
- comedi: dt9812: fix DMA buffers on stack (Johan Hovold) 
- isofs: Fix out of bound access for corrupted isofs image (Jan Kara) 
- printk/console: Allow to disable console output by using console="" or console=null (Petr Mladek) 
- usb-storage: Add compatibility quirk flags for iODD 2531/2541 (James Buren) 
- usb: musb: Balance list entry in musb_gadget_queue (Viraj Shah) 
- usb: gadget: Mark USB_FSL_QE broken on 64-bit (Geert Uytterhoeven) 
- Revert "x86/kvm: fix vcpu-id indexed array sizes" (Juergen Gross) 
- block: introduce multi-page bvec helpers (Ming Lei) 
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (Mike Marciniszyn) 
- IB/qib: Use struct_size() helper (Gustavo A. R. Silva) 
- ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" (Wang Kefeng) 
- arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed (Arnd Bergmann) 
- mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS (Kirill A. Shutemov) 
- media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Dan Carpenter) 
- scsi: core: Put LLD module refcnt after SCSI device is released (Ming Lei) 
- Linux 4.14.254 (Greg Kroah-Hartman) 
- sctp: add vtag check in sctp_sf_ootb (Xin Long) 
- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (Xin Long) 
- sctp: add vtag check in sctp_sf_violation (Xin Long) 
- sctp: fix the processing for COOKIE_ECHO chunk (Xin Long) 
- sctp: use init_tag from inithdr for ABORT chunk (Xin Long) 
- net: nxp: lpc_eth.c: avoid hang when bringing interface down (Trevor Woerner) 
- nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST (Guenter Roeck) 
- net: batman-adv: fix error handling (Pavel Skripkin) 
- regmap: Fix possible double-free in regcache_rbtree_exit() (Yang Yingliang) 
- net: lan78xx: fix division by zero in send path (Johan Hovold) 
- mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (Haibo Chen) 
- mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (Shawn Guo) 
- mmc: dw_mmc: exynos: fix the finding clock sample value (Jaehoon Chung) 
- mmc: vub300: fix control-message timeouts (Johan Hovold) 
- ipv4: use siphash instead of Jenkins in fnhe_hashfun() (Eric Dumazet) 
- Revert "net: mdiobus: Fix memory leak in __mdiobus_register" (Pavel Skripkin) 
- nfc: port100: fix using -ERRNO as command type mask (Krzysztof Kozlowski) 
- ata: sata_mv: Fix the error handling of mv_chip_id() (Zheyu Ma) 
- usbnet: fix error return code in usbnet_probe() (Wang Hai) 
- usbnet: sanity check for maxpacket (Oliver Neukum) 
- ARM: 8819/1: Remove '-p' from LDFLAGS (Nathan Chancellor) 
- powerpc/bpf: Fix BPF_MOD when imm == 1 (Naveen N. Rao) 
- ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (Arnd Bergmann) 
- ARM: 9134/1: remove duplicate memcpy() definition (Arnd Bergmann) 
- ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (Nick Desaulniers)

[4.14.35-2047.511.0.el7uek]
- Linux 4.14.253 (Greg Kroah-Hartman) 
- ASoC: DAPM: Cover regression by kctl change notification fix (Takashi Iwai) 
- ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (Nick Desaulniers) 
- tracing: Have all levels of checks prevent recursion (Steven Rostedt (VMware)) 
- net: mdiobus: Fix memory leak in __mdiobus_register (Yanfei Xu) 
- ALSA: hda: avoid write to STATESTS if controller is in reset (Kai Vehmanen) 
- platform/x86: intel_scu_ipc: Update timeout value in comment (Prashant Malani) 
- isdn: mISDN: Fix sleeping function called from invalid context (Zheyu Ma) 
- ARM: dts: spear3xx: Fix gmac node (Herve Codina) 
- net: stmmac: add support for dwmac 3.40a (Herve Codina) 
- btrfs: deal with errors when checking if a dir entry exists during log replay (Filipe Manana) 
- netfilter: Kconfig: use 'default y' instead of 'm' for bool config option (Vegard Nossum) 
- isdn: cpai: check ctr->cnr to avoid array index out of bound (Xiaolong Huang) 
- nfc: nci: fix the UAF of rf_conn_info object (Lin Ma) 
- ASoC: DAPM: Fix missing kctl change notifications (Takashi Iwai) 
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (Brendan Grieve) 
- vfs: check fd has read access in kernel_read_file_from_fd() (Matthew Wilcox (Oracle)) 
- elfcore: correct reference to CONFIG_UML (Lukas Bulwahn) 
- ocfs2: mount fails with buffer overflow in strlen (Valentin Vidic) 
- ocfs2: fix data corruption after conversion from inline format (Jan Kara) 
- can: peak_pci: peak_pci_remove(): fix UAF (Zheyu Ma) 
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (Stephane Grosjean) 
- can: rcar_can: fix suspend/resume (Yoshihiro Shimoda) 
- NIOS2: irqflags: rename a redefined register name (Randy Dunlap) 
- netfilter: ipvs: make global sysctl readonly in non-init netns (Antoine Tenart) 
- NFSD: Keep existing listeners on portlist error (Benjamin Coddington) 
- xtensa: xtfpga: Try software restart before simulating CPU reset (Guenter Roeck) 
- xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF (Max Filippov) 
- ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default (Eugen Hristev) 
- uek-rpm: Add _raw_spin_trylock to KABI (John Donnelly)  [Orabug: 33557961]
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich)  [Orabug: 33581183]
- RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib)  [Orabug: 33615343]
- net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann)  [Orabug: 33615357]
- rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju)  [Orabug: 33611440]
- net/mlx5: Remove unnecessary prints from mlx5_enter_error_state. (Anand Khoje)  [Orabug: 33175315]
- net/rds: Don't pummel the subnet-manager (Gerd Rausch)  [Orabug: 33589568]
- x86/clear_page: add alternative for clear_page_clzero() (Ankur Arora)  [Orabug: 33580825]
- x86/asm: add clzero based page clearing (Ankur Arora)  [Orabug: 33580825]
- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on all AMD Zen models (Ankur Arora)  [Orabug: 33580825]
- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (Kim Phillips)  [Orabug: 33580825]
- uek-rpm: Add smartpqi driver module in ueknano kernel (Somasundaram Krishnasamy)  [Orabug: 33590163]




More information about the El-errata mailing list