[El-errata] ELSA-2024-12271 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Apr 10 09:34:55 UTC 2024


Oracle Linux Security Advisory ELSA-2024-12271

http://linux.oracle.com/errata/ELSA-2024-12271.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.330.7.1.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.330.7.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.330.7.1.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.330.7.1.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.330.7.1.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.330.7.1.el7uek.x86_64.rpm

aarch64:
kernel-uek-5.4.17-2136.330.7.1.el7uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.330.7.1.el7uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.330.7.1.el7uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.330.7.1.el7uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.330.7.1.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.330.7.1.el7uek.aarch64.rpm
kernel-uek-tools-libs-5.4.17-2136.330.7.1.el7uek.aarch64.rpm
perf-5.4.17-2136.330.7.1.el7uek.aarch64.rpm
python-perf-5.4.17-2136.330.7.1.el7uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.330.7.1.el7uek.src.rpm

Related CVEs:

CVE-2024-0340
CVE-2024-0607
CVE-2024-1086
CVE-2024-2201




Description of changes:

[5.4.17-2136.330.7.1.el7uek]
- KVM: x86: Add BHI_NO (Daniel Sneddon)  [Orabug: 36384803]  {CVE-2024-2201}
- x86/bhi: Mitigate KVM by default (Pawan Gupta)  [Orabug: 36384803]  {CVE-2024-2201}
- x86/bhi: Add BHI mitigation knob (Pawan Gupta)  [Orabug: 36384803]  {CVE-2024-2201}
- x86/bhi: Enumerate Branch History Injection (BHI) bug (Pawan Gupta)  [Orabug: 36384803]  {CVE-2024-2201}
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Daniel Sneddon)  [Orabug: 36384803]  {CVE-2024-2201}
- x86/bhi: Add support for clearing branch history at syscall entry (Pawan Gupta)  [Orabug: 36384803]  {CVE-2024-2201}
- x86/cpufeature: Add missing leaf enumeration (Daniel Sneddon)  [Orabug: 36384803]  {CVE-2024-2201}
- KVM: x86: Use a switch statement and macros in __feature_translate() (Jim Mattson)  [Orabug: 36384803]  {CVE-2024-2201}
- KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Jim Mattson)  [Orabug: 36384803]  {CVE-2024-2201}
- KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Sean Christopherson)  [Orabug: 36384803]  {CVE-2024-2201}
- x86/bugs: Use sysfs_emit() (Borislav Petkov)  [Orabug: 36384803]  {CVE-2024-2201}
- Documentation/hw-vuln: Update spectre doc (Lin Yujun)  [Orabug: 36384803]  {CVE-2024-2201}
- x86/speculation: Reorder SRSO and GDS functions (Alexandre Chartre)  [Orabug: 36384803]  {CVE-2024-2201}
- KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (Jim Mattson)  [Orabug: 36384803]  {CVE-2024-2201}
- KVM: x86: Move reverse CPUID helpers to separate header file (Ricardo Koller)  [Orabug: 36384803]  {CVE-2024-2201}
- KVM: x86: Fix implicit enum conversion goof in scattered reverse CPUID code (Sean Christopherson)  [Orabug: 36384803]  {CVE-2024-2201}
- KVM: x86: Add support for reverse CPUID lookup of scattered features (Sean Christopherson)  [Orabug: 36384803]  {CVE-2024-2201}
- x86/msr: Define new bits in TSX_FORCE_ABORT MSR (Pawan Gupta)  [Orabug: 36384803]  {CVE-2024-2201}
- objtool: Add asm version of STACK_FRAME_NON_STANDARD (Josh Poimboeuf)  [Orabug: 36384803]  {CVE-2024-2201}
- objtool: Only include valid definitions depending on source file type (Julien Thierry)  [Orabug: 36384803]  {CVE-2024-2201}

[5.4.17-2136.330.7.el7uek]
- Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." (Sherry Yang)  [Orabug: 36409910]
- arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts (Johan Hovold) 
- arm64: dts: qcom: add PDC interrupt controller for SDM845 (Lina Iyer) 
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) 
- hv_netvsc: use netif_is_bond_master() instead of open code (Juhee Kang) 
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (Florian Westphal)

[5.4.17-2136.330.6.el7uek]
- eVM: x86: Drop kvm SRCU lock in kvm_vcpu_update_apicv (Alejandro Jimenez)  [Orabug: 36329600]
- KVM: x86: Handle APICv updates for APIC "mode" changes via request (Sean Christopherson)  [Orabug: 36329600]
- blk-mq: fix system hang while doing cpu offline on domU (Shminderjit Singh)  [Orabug: 36366420]

[5.4.17-2136.330.5.el7uek]
- afs: Fix endless loop in directory parsing (David Howells) 
- netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() (Ignat Korchagin) 
- netfilter: nf_tables: set dormant flag on hook register failure (Florian Westphal) 
- scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (Guixin Liu)  [Orabug: 36345168]

[5.4.17-2136.330.4.el7uek]
- Revert "crypto: api - Disallow identical driver names" (Saeed Mirzamohammadi)  [Orabug: 36361379]
- Fix null ptr in rds_tcp_recv_path (Allison Henderson)  [Orabug: 35587415]
- net/rds: print PPID/COMM of process doing user reset on RDS connection (Juan Garcia)  [Orabug: 36248461]

[5.4.17-2136.330.3.el7uek]
- uek: kabi: Add two new exported kABI symbols for ACFS and EDV (Saeed Mirzamohammadi)  [Orabug: 36251861]
- mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga)  [Orabug: 36334309]

[5.4.17-2136.330.2.el7uek]
- LTS tag: v5.4.269 (Alok Tiwari) 
- bpf: Add map and need_defer parameters to .map_fd_put_ptr() (Hou Tao) 
- of: gpio unittest kfree() wrong object (Frank Rowand) 
- of: unittest: fix EXPECT text for gpio hog errors (Frank Rowand) 
- net: bcmgenet: Fix EEE implementation (Florian Fainelli) 
- Revert "Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting"" (Max Krummenacher) 
- netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (Dan Carpenter) [Orabug: 36229438] {CVE-2024-0607}
- lsm: new security_file_ioctl_compat() hook (Alfred Piccioni) 
- drm/msm/dsi: Enable runtime PM (Konrad Dybcio) 
- PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (Douglas Anderson) 
- PM: runtime: add devm_pm_runtime_enable helper (Dmitry Baryshkov) 
- nilfs2: fix potential bug in end_buffer_async_write (Ryusuke Konishi) 
- sched/membarrier: reduce the ability to hammer on sys_membarrier (Linus Torvalds) 
- net: prevent mss overflow in skb_segment() (Eric Dumazet) 
- netfilter: ipset: Missing gc cancellations fixed (Jozsef Kadlecsik) 
- netfilter: ipset: fix performance regression in swap operation (Jozsef Kadlecsik) 
- KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (Oliver Upton) 
- mips: Fix max_mapnr being uninitialized on early stages (Serge Semin) 
- arch, mm: remove stale mentions of DISCONIGMEM (Mike Rapoport) 
- bus: moxtet: Add spi device table (Sjoerd Simons) 
- tracing: Inform kmemleak of saved_cmdlines allocation (Steven Rostedt (Google)) 
- pmdomain: core: Move the unused cleanup to a _sync initcall (Konrad Dybcio) 
- can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) (Oleksij Rempel) 
- irqchip/irq-brcmstb-l2: Add write memory barrier before exit (Doug Berger) 
- nfp: flower: prevent re-adding mac index for bonded port (Daniel de Villiers) 
- nfp: use correct macro for LengthSelect in BAR config (Daniel Basilio) 
- nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi) 
- nilfs2: fix data corruption in dsync block recovery for small block sizes (Ryusuke Konishi) 
- ALSA: hda/conexant: Add quirk for SWS JS201D (bo liu) 
- mmc: slot-gpio: Allow non-sleeping GPIO ro (Alexander Stein) 
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Steve Wahl) 
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (Aleksander Mazur) 
- serial: max310x: improve crystal stable clock detection (Hugo Villeneuve) 
- serial: max310x: set default value when reading clock ready bit (Hugo Villeneuve) 
- ring-buffer: Clean ring_buffer_poll_wait() error return (Vincent Donnefort) 
- iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC (zhili.liu) 
- staging: iio: ad5933: fix type mismatch regression (David Schiller) 
- tracing: Fix wasted memory in saved_cmdlines logic (Steven Rostedt (Google)) 
- ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li) 
- misc: fastrpc: Mark all sessions as invalid in cb_remove (Ekansh Gupta) 
- binder: signal epoll threads of self-work (Carlos Llamas) 
- ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL (Edson Juliano Drosdeck) 
- xen-netback: properly sync TX responses (Jan Beulich) 
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup (Fedor Pchelkin) 
- kbuild: Fix changing ELF file type for output of gen_btf for big endian (Nathan Chancellor) 
- firewire: core: correct documentation of fw_csr_string() kernel API (Takashi Sakamoto) 
- scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" (Lee Duncan) 
- i2c: i801: Fix block process call transactions (Jean Delvare) 
- i2c: i801: Remove i801_set_block_buffer_mode (Heiner Kallweit) 
- usb: f_mass_storage: forbid async queue when shutdown happen (yuan linyu) 
- USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (Oliver Neukum) 
- HID: wacom: Do not register input devices until after hid_hw_start (Jason Gerecke) 
- HID: wacom: generic: Avoid reporting a serial of '0' to userspace (Tatsunosuke Tobita) 
- mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Zach O'Keefe) 
- tracing/trigger: Fix to return error if failed to alloc snapshot (Masami Hiramatsu (Google)) 
- i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera) 
- MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler (Guenter Roeck) 
- ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (Alexey Khoroshilov) 
- spi: ppc4xx: Drop write-only variable (Uwe Kleine-König) 
- of: unittest: Fix compile in the non-dynamic case (Christian A. Ehrhardt) 
- of: unittest: add overlay gpio test to catch gpio hog problem (Frank Rowand) 
- btrfs: send: return EOPNOTSUPP on unknown flags (David Sterba) 
- btrfs: forbid deleting live subvol qgroup (Boris Burkov) 
- btrfs: forbid creating subvol qgroups (Boris Burkov) 
- netfilter: nft_set_rbtree: skip end interval element from gc (Pablo Neira Ayuso) 
- net: stmmac: xgmac: fix a typo of register name in DPP safety handling (Furong Xu) 
- net: stmmac: xgmac: use #define for string constants (Simon Horman) 
- vhost: use kzalloc() instead of kmalloc() followed by memset() (Prathu Baronia) [Orabug: 36192400] {CVE-2024-0340}
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (Hans de Goede) 
- USB: serial: cp210x: add ID for IMST iM871A-USB (Leonard Dallmayr) 
- USB: serial: option: add Fibocom FM101-GL variant (Puliang Lu) 
- USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e (JackBB Wu) 
- net/af_iucv: clean up a try_then_request_module() (Julian Wiedmann) 
- netfilter: nft_ct: reject direction for ct id (Pablo Neira Ayuso) 
- netfilter: nft_compat: restrict match/target protocol to u16 (Pablo Neira Ayuso) 
- netfilter: nft_compat: reject unused compat flag (Pablo Neira Ayuso) 
- ppp_async: limit MRU to 64K (Eric Dumazet) 
- tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (Shigeru Yoshida) 
- rxrpc: Fix response to PING RESPONSE ACKs to a dead call (David Howells) 
- inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet) 
- hwmon: (coretemp) Fix bogus core_id to attr name mapping (Zhang Rui) 
- hwmon: (coretemp) Fix out-of-bounds memory access (Zhang Rui) 
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (Loic Prylli) 
- atm: idt77252: fix a memleak in open_card_ubr0 (Zhipeng Lu) 
- selftests: net: avoid just another constant wait (Paolo Abeni) 
- net: stmmac: xgmac: fix handling of DPP safety error for DMA channels (Furong Xu) 
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Tony Lindgren) 
- dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (Frank Li) 
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (Yoshihiro Shimoda) 
- dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA (Christophe JAILLET) 
- dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA (Christophe JAILLET) 
- bonding: remove print in bond_verify_device_path (Zhengchao Shao) 
- HID: apple: Add 2021 magic keyboard FN key mapping (Benjamin Berg) 
- HID: apple: Swap the Fn and Left Control keys on Apple keyboards (free5lot) 
- HID: apple: Add support for the 2021 Magic Keyboard (Alex Henrie) 
path (Breno Leitao) 
- af_unix: fix lockdep positive in sk_diag_dump_icons() (Eric Dumazet) 
- net: ipv4: fix a memleak in ip_setup_cork (Zhipeng Lu) 
- netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Pablo Neira Ayuso) 
- netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger (Pablo Neira Ayuso) 
- llc: call sock_orphan() at release time (Eric Dumazet) 
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (Helge Deller) 
- ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() (Christophe JAILLET) 
- ixgbe: Refactor overtemp event handling (Jedrzej Jagielski) 
- ixgbe: Refactor returning internal error codes (Jedrzej Jagielski) 
- ixgbe: Remove non-inclusive language (Piotr Skajewski) 
- net: remove unneeded break (Tom Rix) 
- scsi: isci: Fix an error code problem in isci_io_request_build() (Su Hui) 
- wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (Edward Adam Davis) 
- perf: Fix the nr_addr_filters fix (Peter Zijlstra) 
- drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (Srinivasan Shanmugam) 
- ceph: fix deadlock or deadcode of misusing dget() (Xiubo Li) 
- blk-mq: fix IO hang from sbitmap wakeup race (Ming Lei) 
- virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings (Zhu Yanjun) 
- libsubcmd: Fix memory leak in uniq() (Ian Rogers) 
- PCI/AER: Decode Requester ID when no error info found (Bjorn Helgaas) 
- fs/kernfs/dir: obey S_ISGID (Max Kellermann) 
- usb: hub: Replace hardcoded quirk value with BIT() macro (Hardik Gajjar) 
- PCI: switchtec: Fix stdev_release() crash after surprise hot remove (Daniel Stodden) 
- PCI: Only override AMD USB controller if required (Guilherme G. Piccoli) 
- mfd: ti_am335x_tscadc: Fix TI SoC dependencies (Peter Robinson) 
- i3c: master: cdns: Update maximum prescaler value for i2c clock (Harshit Shah) 
- um: net: Fix return type of uml_net_start_xmit() (Nathan Chancellor) 
- um: Don't use vfprintf() for os_info() (Benjamin Berg) 
- um: Fix naming clash between UML and scheduler (Anton Ivanov) 
- leds: trigger: panic: Don't register panic notifier if creating the trigger failed (Heiner Kallweit) 
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (Srinivasan Shanmugam) 
- drm/amdgpu: Let KFD sync with VM fences (Felix Kuehling) 
- clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() (Kuan-Wei Chiu) 
- clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() (Kuan-Wei Chiu) 
- drm/msm/dpu: Ratelimit framedone timeout msgs (Rob Clark) 
- media: ddbridge: fix an error code problem in ddb_probe (Su Hui) 
- IB/ipoib: Fix mcast list locking (Daniel Vacek) 
- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (Douglas Anderson) 
- ALSA: hda: Intel: add HDA_ARL PCI ID support (Pierre-Louis Bossart) 
- PCI: add INTEL_HDA_ARL to pci_ids.h (Pierre-Louis Bossart) 
- media: rockchip: rga: fix swizzling for RGB formats (Michael Tretter) 
- media: stk1160: Fixed high volume of stk1160_dbg messages (Ghanshyam Agrawal) 
- drm/mipi-dsi: Fix detach call without attach (Tomi Valkeinen) 
- drm/framebuffer: Fix use of uninitialized variable (Tomi Valkeinen) 
- drm/drm_file: fix use of uninitialized variable (Tomi Valkeinen) 
- RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Jack Wang) 
- fast_dput(): handle underflows gracefully (Al Viro) 
- ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (Cristian Ciocaltea) 
- f2fs: fix to check return value of f2fs_reserve_new_block() (Chao Yu) 
- wifi: cfg80211: free beacon_ies when overridden from hidden BSS (Benjamin Berg) 
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (Su Hui) 
- wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (Zenm Chen) 
- arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property (Mao Jinlong) 
- arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property (Mao Jinlong) 
- md: Whenassemble the array, consult the superblock of the freshest device (Alex Lyakas) 
- block: prevent an integer overflow in bvec_try_merge_hw_page (Christoph Hellwig) 
- ARM: dts: imx23/28: Fix the DMA controller node name (Fabio Estevam) 
- ARM: dts: imx23-sansa: Use preferred i2c-gpios properties (Fabio Estevam) 
- ARM: dts: imx27-apf27dev: Fix LED name (Fabio Estevam) 
- ARM: dts: imx25/27: Pass timing0 (Fabio Estevam) 
- ARM: dts: imx1: Fix sram node (Fabio Estevam) 
- ARM: dts: imx27: Fix sram node (Fabio Estevam) 
- ARM: dts: imx: Use flash at 0,0 pattern (Fabio Estevam) 
- ARM: dts: imx25/27-eukrea: Fix RTC node name (Fabio Estevam) 
- ARM: dts: rockchip: fix rk3036 hdmi ports node (Johan Jonker) 
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (Hannes Reinecke) 
- scsi: libfc: Don't schedule abort twice (Hannes Reinecke) 
- wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang) 
- ARM: dts: imx7s: Fix nand-controller #size-cells (Alexander Stein) 
- ARM: dts: imx7s: Fix lcdif compatible (Alexander Stein) 
- ARM: dts: imx7d: Fix coresight funnel ports (Alexander Stein) 
- bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk (Zhengchao Shao) 
- PCI: Add no PM reset quirk for NVIDIA Spectrum devices (Ido Schimmel) 
- scsi: lpfc: Fix possible file string name overflow when updating firmware (Justin Tee) 
- selftests/bpf: Fix pyperf180 compilation failure with clang18 (Yonghong Song) 
- selftests/bpf: satisfy compiler by having explicit return in btf test (Andrii Nakryiko) 
- wifi: rt2x00: restart beacon queue when hardware reset (Shiji Yang) 
- ext4: avoid online resizing failures due to oversized flex bg (Baokun Li) 
- ext4: remove unnecessary check from alloc_flex_gd() (Baokun Li) 
- ext4: unify the type of flexbg_size to unsigned int (Baokun Li) 
- ext4: fix inconsistent between segment fstrim and full fstrim (Ye Bin) 
- ecryptfs: Reject casefold directory inodes (Gabriel Krisman Bertazi) 
- SUNRPC: Fix a suspicious RCU usage warning (Anna Schumaker) 
- KVM: s390: fix setting of fpc register (Heiko Carstens) 
- s390/ptrace: handle setting of fpc register correctly (Heiko Carstens) 
- jfs: fix array-index-out-of-bounds in diNewExt (Edward Adam Davis) 
- rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (Oleg Nesterov) 
- afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (Oleg Nesterov) 
- crypto: stm32/crc32 - fix parsing list of devices (Thomas Bourgoin) 
- pstore/ram: Fix crash when setting number of cpus to an odd number (Weichen Chen) 
- jfs: fix uaf in jfs_evict_inode (Edward Adam Davis) 
- jfs: fix array-index-out-of-bounds in dbAdjTree (Manas Ghandat) 
- jfs: fix slab-out-of-bounds Read in dtSearch (Manas Ghandat) 
- UBSAN: array-index-out-of-bounds in dtSplitRoot (Osama Muhammad) 
- FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (Osama Muhammad) 
- ACPI: extlog: fix NULL pointer dereference check (Prarit Bhargava) 
- PNP: ACPI: fix fortify warning (Dmitry Antipov) 
- ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (Yuluo Qiu) 
- audit: Send netlink ACK before setting connection in auditd_set (Chris Riches) 
- regulator: core: Only increment use_count when enable_count changes (Rui Zhang) 
- perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file (Greg KH) 
- x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (Zhiquan Li) 
- powerpc/lib: Validate size for vector operations (Naveen N Rao) 
- powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE (Stephen Rothwell) 
- powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (Michael Ellerman) 
- powerpc: Fix build error due to is_valid_bugaddr() (Michael Ellerman) 
- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Kunwu Chan) 
- x86/entry/ia32: Ensure s32 is sign extended to s64 (Richard Palethorpe) 
- tick/sched: Preserve number of idle sleeps across CPU hotplug events (Tim Chen) 
- mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan (Xi Ruoyao) 
- spi: bcm-qspi: fix SFDP BFPT read by usig mspi read (Kamal Dasu) 
- gpio: eic-sprd: Clear interrupt after set the interrupt type (Wenhua Lin) 
- drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (Fedor Pchelkin) 
- drm/exynos: fix accidental on-stack copy of exynos_drm_plane (Arnd Bergmann) 
- drm/bridge: nxp-ptn3460: simplify some error checking (Dan Carpenter) 
- drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (Dan Carpenter) 
- drm: Don't unref the same fb many times by mistake due to deadlock handling (Ville Syrjälä) 
- gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (Mario Limonciello) 
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36251144] {CVE-2024-1086}
- rbd: don't move requests to the running list on errors (Ilya Dryomov) 
- btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (Qu Wenruo) 
- btrfs: don't warn if discard range is not aligned to sector (David Sterba) 
- btrfs: tree-checker: fix inline ref size in error messages (Chung-Chiang Cheng) 
- btrfs: ref-verify: free ref cache before clearing mount opt (Fedor Pchelkin) 
- net: fec: fix the unhandled context fault from smmu (Shenwei Wang) 
- fjes: fix memleaks in fjes_hw_setup (Zhipeng Lu) 
- netfilter: nf_tables: validate NFPROTO_* family (Pablo Neira Ayuso) 
- netfilter: nf_tables: restrict anonymous set and map names to 16 bytes (Florian Westphal) 
- net/mlx5e: fix a double-free in arfs_create_groups (Zhipeng Lu) 
- net/mlx5: Use kfree(ft->g) in arfs_create_groups() (Denis Efremov) 
- net/mlx5: DR, Use the right GVMI number for drop action (Yevgeny Kliteynik) 
- netlink: fix potential sleeping issue in mqueue_flush_file (Zhengchao Shao) 
- tcp: Add memory barrier to tcp_push() (Salvatore Dipietro) 
- afs: Hide silly-rename files from userspace (David Howells) 
- tracing: Ensure visibility when inserting an element into tracing_map (Petr Pavlu) 
- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (Sharath Srinivasan) 
- llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima) 
- llc: make llc_ui_sendmsg() more robust against bonding changes (Eric Dumazet) 
- vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING (Lin Ma) 
- net/smc: fix illegal rmb_desc access in SMC-D connection dump (Wen Gu) 
- x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum (Maciej S. Szmigiero) 
- powerpc: Use always instead of always-y in for crtsavres.o (Nathan Chancellor) 
- fs: move S_ISGID stripping into the vfs_*() helpers (Yang Xu) 
- fs: add mode_strip_sgid() helper (Yang Xu) 
- mtd: spinand: macronix: Fix MX35LFxGE4AD page size (JaimeLiao) 
- block: Remove special-casing of compound pages (Matthew Wilcox (Oracle)) 
- rename(): fix the locking of subdirectories (Al Viro) 
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (Zhihao Cheng) 
- nouveau/vmm: don't set addr on the fail path to avoid warning (Dave Airlie) 
- mmc: core: Use mrq.sbc in close-ended ffu (Avri Altman) 
- arm64: dts: qcom: sdm845: fix USB wakeup interrupt types (Johan Hovold) 
- parisc/firmware: Fix F-extend for PDC addresses (Helge Deller) 
- rpmsg: virtio: Free driver_override when rpmsg_remove() (Xiaolei Wang) 
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu) 
- PM: hibernate: Enforce ordering during image compression/decompression (Hongchen Zhang) 
- crypto: api - Disallow identical driver names (Herbert Xu) 
- ext4: allow for the last group to be marked as trimmed (Suraj Jitindar Singh) 
- serial: sc16is7xx: add check for unsupported SPI modes during probe (Hugo Villeneuve) 
- spi: introduce SPI_MODE_X_MASK macro (Oleksij Rempel) 
- serial: sc16is7xx: set safe default SPI clock frequency (Hugo Villeneuve) 
- units: add the HZ macros (Daniel Lezcano) 
- units: change from 'L' to 'UL' (Daniel Lezcano) 
- units: Add Watt units (Daniel Lezcano) 
- PCI: mediatek: Clear interrupt status before dispatching handler (qizhong cheng)

[5.4.17-2136.330.1.el7uek]
- mm: hwpoison: handle non-anonymous THP correctly (Yang Shi)  [Orabug: 36223690]
- mm,hwpoison: unify THP handling for hard and soft offline (Oscar Salvador)  [Orabug: 36223690]
- mm: hwpoison: remove the unnecessary THP check (Yang Shi)  [Orabug: 36223690]




More information about the El-errata mailing list