[El-errata] ELSA-2024-12887 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Dec 19 17:19:05 UTC 2024
Oracle Linux Security Advisory ELSA-2024-12887
http://linux.oracle.com/errata/ELSA-2024-12887.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-5.15.0-303.171.5.2.el9uek.x86_64.rpm
kernel-uek-5.15.0-303.171.5.2.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-303.171.5.2.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-303.171.5.2.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-303.171.5.2.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-303.171.5.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-303.171.5.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-303.171.5.2.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-303.171.5.2.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-303.171.5.2.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-303.171.5.2.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-303.171.5.2.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-303.171.5.2.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-303.171.5.2.el9uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-303.171.5.2.el9uek.src.rpm
Related CVEs:
CVE-2023-52904
CVE-2024-26921
CVE-2024-27017
CVE-2024-27072
CVE-2024-36893
CVE-2024-38384
CVE-2024-38545
CVE-2024-38632
CVE-2024-38663
CVE-2024-39463
CVE-2024-40953
CVE-2024-41016
CVE-2024-43816
CVE-2024-43845
CVE-2024-44931
CVE-2024-45001
CVE-2024-46695
CVE-2024-46849
CVE-2024-46852
CVE-2024-46853
CVE-2024-46854
CVE-2024-46855
CVE-2024-46858
CVE-2024-46859
CVE-2024-46865
CVE-2024-47670
CVE-2024-47671
CVE-2024-47672
CVE-2024-47673
CVE-2024-47679
CVE-2024-47684
CVE-2024-47685
CVE-2024-47690
CVE-2024-47692
CVE-2024-47693
CVE-2024-47695
CVE-2024-47696
CVE-2024-47697
CVE-2024-47698
CVE-2024-47699
CVE-2024-47701
CVE-2024-47705
CVE-2024-47709
CVE-2024-47710
CVE-2024-47712
CVE-2024-47713
CVE-2024-47718
CVE-2024-47720
CVE-2024-47723
CVE-2024-47734
CVE-2024-47735
CVE-2024-47737
CVE-2024-47739
CVE-2024-47740
CVE-2024-47742
CVE-2024-47747
CVE-2024-47748
CVE-2024-47749
CVE-2024-47756
CVE-2024-47757
CVE-2024-49851
CVE-2024-49852
CVE-2024-49856
CVE-2024-49858
CVE-2024-49860
CVE-2024-49866
CVE-2024-49867
CVE-2024-49868
CVE-2024-49871
CVE-2024-49875
CVE-2024-49877
CVE-2024-49878
CVE-2024-49879
CVE-2024-49881
CVE-2024-49882
CVE-2024-49883
CVE-2024-49884
CVE-2024-49886
CVE-2024-49889
CVE-2024-49890
CVE-2024-49892
CVE-2024-49894
CVE-2024-49895
CVE-2024-49896
CVE-2024-49900
CVE-2024-49902
CVE-2024-49903
CVE-2024-49907
CVE-2024-49913
CVE-2024-49924
CVE-2024-49927
CVE-2024-49930
CVE-2024-49933
CVE-2024-49935
CVE-2024-49936
CVE-2024-49938
CVE-2024-49944
CVE-2024-49946
CVE-2024-49948
CVE-2024-49949
CVE-2024-49952
CVE-2024-49954
CVE-2024-49955
CVE-2024-49957
CVE-2024-49959
CVE-2024-49962
CVE-2024-49963
CVE-2024-49965
CVE-2024-49966
CVE-2024-49967
CVE-2024-49969
CVE-2024-49973
CVE-2024-49977
CVE-2024-49981
CVE-2024-49982
CVE-2024-49983
CVE-2024-49985
CVE-2024-49993
CVE-2024-49995
CVE-2024-49997
CVE-2024-50000
CVE-2024-50001
CVE-2024-50002
CVE-2024-50003
CVE-2024-50006
CVE-2024-50007
CVE-2024-50008
CVE-2024-50010
CVE-2024-50013
CVE-2024-50015
CVE-2024-50019
CVE-2024-50024
CVE-2024-50031
CVE-2024-50033
CVE-2024-50035
CVE-2024-50038
CVE-2024-50039
CVE-2024-50040
CVE-2024-50041
CVE-2024-50044
CVE-2024-50045
CVE-2024-50046
CVE-2024-50049
CVE-2024-50059
CVE-2024-50062
CVE-2024-50072
CVE-2024-50074
CVE-2024-50082
CVE-2024-50083
CVE-2024-50086
CVE-2024-50089
CVE-2024-50093
CVE-2024-50095
CVE-2024-50096
CVE-2024-50099
CVE-2024-50101
CVE-2024-50103
CVE-2024-50110
CVE-2024-50115
CVE-2024-50116
CVE-2024-50117
CVE-2024-50127
CVE-2024-50128
CVE-2024-50131
CVE-2024-50134
CVE-2024-50141
CVE-2024-50142
CVE-2024-50143
CVE-2024-50148
CVE-2024-50150
CVE-2024-50151
CVE-2024-50153
CVE-2024-50154
CVE-2024-50156
CVE-2024-50160
CVE-2024-50162
CVE-2024-50163
CVE-2024-50167
CVE-2024-50168
CVE-2024-50171
CVE-2024-50179
CVE-2024-50180
CVE-2024-50181
CVE-2024-50182
CVE-2024-50184
CVE-2024-50185
CVE-2024-50188
CVE-2024-50189
CVE-2024-50191
CVE-2024-50192
CVE-2024-50193
CVE-2024-50194
CVE-2024-50195
CVE-2024-50196
CVE-2024-50198
CVE-2024-50199
CVE-2024-50201
CVE-2024-50202
CVE-2024-50205
CVE-2024-50208
CVE-2024-50209
CVE-2024-50210
CVE-2024-50218
CVE-2024-50219
CVE-2024-50228
CVE-2024-50229
CVE-2024-50230
CVE-2024-50232
CVE-2024-50233
CVE-2024-50234
CVE-2024-50236
CVE-2024-50237
CVE-2024-50244
CVE-2024-50245
CVE-2024-50247
CVE-2024-50249
CVE-2024-50251
CVE-2024-50257
CVE-2024-50259
CVE-2024-50262
CVE-2024-53042
CVE-2024-53055
CVE-2024-53057
CVE-2024-53058
CVE-2024-53059
Description of changes:
[5.15.0-303.171.5.2.el9uek]
- build: populate modules_thick.builtin for dirs containing only modules (Nick Alcock) [Orabug: 37393454]
- x86/pkeys: Ensure updated PKRU value is XRSTOR'd (Aruna Ramakrishna) [Orabug: 37384237]
- x86/pkeys: Change caller of update_pkru_in_sigframe() (Aruna Ramakrishna) [Orabug: 37384237]
- Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37383283]
[5.15.0-303.171.5.1.el9uek]
- sunrpc: fix a NULL deref in svc_process() when ->sv_stats doesn't exist (Calum Mackay) [Orabug: 37346134]
[5.15.0-303.171.5.el9uek]
- intel_idle: fix ACPI _CST matching for newer Xeon platforms (Artem Bityutskiy) [Orabug: 37249457]
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (Peter Zijlstra) [Orabug: 37249457]
- perf/tests: Add AMX instructions to x86 instruction decoder test (Adrian Hunter) [Orabug: 37249457]
- x86/insn: Add AMX instructions to the x86 instruction decoder (Adrian Hunter) [Orabug: 37249457]
- intel_idle: add Granite Rapids Xeon support (Artem Bityutskiy) [Orabug: 37249457]
- cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again* (Peter Zijlstra) [Orabug: 37249457]
- intel_idle: Fix false positive RCU splats due to incorrect hardirqs state (Waiman Long) [Orabug: 37249457]
- cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (Peter Zijlstra) [Orabug: 37249457]
- intel_idle: Add a new flag to initialize the AMX state (Chang S. Bae) [Orabug: 37249457]
- x86/fpu: Add a helper to prepare AMX state for low-power CPU idle (Chang S. Bae) [Orabug: 37249457]
- intel_idle: enable interrupts before C1 on Xeons (Artem Bityutskiy) [Orabug: 37249457]
[5.15.0-303.171.4.el9uek]
- rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 (William Kucharski) [Orabug: 37265126]
- rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation (William Kucharski) [Orabug: 37265124]
- rds: rds_message_alloc() needlessly zeroes m_used_sgs (William Kucharski) [Orabug: 37265122]
- rds: tracepoint in rds_receive_csum_err() prints pointless information (William Kucharski) [Orabug: 37265120]
- rds: rds_inc_init() should initialize the inc->i_conn_path field (William Kucharski) [Orabug: 37265116]
- rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption (William Kucharski) [Orabug: 37265114]
- Revert "net/mlx5: disable the 'fast unload' feature on Exadata systems" (Qing Huang) [Orabug: 37285222]
- Revert "net/mlx5: pretend 'fast unload' succeeded on Exadata systems" (Qing Huang) [Orabug: 37285222]
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688618] [Orabug: 37279176]
- blk-mq: fix missing blk_account_io_done() in error path (Yu Kuai) [Orabug: 37228086]
- rds: Add rds stuck shutdown timeout (Rohit Nair) [Orabug: 37214078]
- KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD (Sean Christopherson) [Orabug: 37273739]
- KVM: SVM: Create a stack frame in __svm_sev_es_vcpu_run() (Sean Christopherson) [Orabug: 37273739]
- KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding (Sean Christopherson) [Orabug: 37273739]
- mm/memory-failure: pass the folio and the page to collect_procs() (Matthew Wilcox (Oracle)) [Orabug: 37270260]
- LTS version: v5.15.171 (Vijayendra Suman)
- mac80211: always have ieee80211_sta_restart() (Johannes Berg)
- vt: prevent kernel-infoleak in con_font_get() (Jeongjun Park)
- drm/i915: Fix potential context UAFs (Rob Clark)
- Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" (Jason-JH.Lin)
- mm: shmem: fix data-race in shmem_getattr() (Jeongjun Park) [Orabug: 37268580] {CVE-2024-50228}
- wifi: iwlwifi: mvm: fix 6 GHz scan construction (Johannes Berg) [Orabug: 37304734] {CVE-2024-53055}
- nilfs2: fix kernel bug due to missing clearing of checked flag (Ryusuke Konishi) [Orabug: 37268588] {CVE-2024-50230}
- x86/bugs: Use code segment selector for VERW operand (Pawan Gupta) [Orabug: 37227383] {CVE-2024-50072}
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (Edward Adam Davis) [Orabug: 37268563] {CVE-2024-50218}
- mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves (Matt Fleming) [Orabug: 37268568] {CVE-2024-50219}
- mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations accesses reserves (Mel Gorman)
- mm/page_alloc: explicitly define what alloc flags deplete min reserves (Mel Gorman)
- mm/page_alloc: explicitly record high-order atomic allocations in alloc_flags (Mel Gorman)
- mm/page_alloc: treat RT tasks similar to __GFP_HIGH (Mel Gorman)
- mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE (Mel Gorman)
- mm/page_alloc: split out buddy removal code from rmqueue into separate helper (Mel Gorman)
- mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked() (Wonhyuk Yang)
- mm/page_alloc: call check_new_pages() while zone spinlock is not held (Eric Dumazet)
- riscv: Remove duplicated GET_RM (Chunyan Zhang)
- riscv: Remove unused GENERATING_ASM_OFFSETS (Chunyan Zhang)
- riscv: Use '%u' to format the output of 'cpu' (WangYuli)
- riscv: efi: Set NX compat flag in PE/COFF header (Heinrich Schuchardt)
- riscv: vdso: Prevent the compiler from inserting calls to memset() (Alexandre Ghiti)
- nilfs2: fix potential deadlock with newly created symlinks (Ryusuke Konishi) [Orabug: 37268584] {CVE-2024-50229}
- iio: light: veml6030: fix microlux value calculation (Javier Carrasco)
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (Zicheng Qu) [Orabug: 37268595] {CVE-2024-50232}
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (Zicheng Qu) [Orabug: 37268597] {CVE-2024-50233}
- wifi: iwlegacy: Clear stale interrupts before resuming device (Ville Syrjälä) [Orabug: 37268602] {CVE-2024-50234}
- wifi: ath10k: Fix memory leak in management tx (Manikanta Pubbisetty) [Orabug: 37268610] {CVE-2024-50236}
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (Felix Fietkau) [Orabug: 37268613] {CVE-2024-50237}
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (Basavaraj Natikar)
- xhci: Fix Link TRB DMA in command ring stopped completion event (Faisal Hassan)
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (Javier Carrasco)
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (Zijun Hu)
- usbip: tools: Fix detach_port() invalid port error path (Zongmin Zhou)
- misc: sgi-gru: Don't disable preemption in GRU driver (Dimitri Sivanich)
- net: amd: mvme147: Fix probe banner message (Daniel Palmer)
- scsi: scsi_transport_fc: Allow setting rport state to current state (Benjamin Marzinski)
- fs/ntfs3: Additional check in ni_clear() (Konstantin Komarov) [Orabug: 37268638] {CVE-2024-50244}
- fs/ntfs3: Fix possible deadlock in mi_read (Konstantin Komarov) [Orabug: 37268644] {CVE-2024-50245}
- fs/ntfs3: Fix warning possible deadlock in ntfs_set_state (Konstantin Komarov)
- fs/ntfs3: Check if more than chunk-size bytes are written (Andrew Ballance) [Orabug: 37268655] {CVE-2024-50247}
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (Xiongfeng Wang)
- netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (Pablo Neira Ayuso) [Orabug: 37268670] {CVE-2024-50251}
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (Benoît Monin)
- netfilter: Fix use-after-free in get_info() (Dong Chenchen) [Orabug: 37268689] {CVE-2024-50257}
- bpf: Fix out-of-bounds write in trie_get_next_key() (Byeonguk Jeong) [Orabug: 37268702] {CVE-2024-50262}
- netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (Zichen Xie) [Orabug: 37268697] {CVE-2024-50259}
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (Pedro Tammela) [Orabug: 37304740] {CVE-2024-53057}
- net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (Furong Xu) [Orabug: 37304745] {CVE-2024-53058}
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (Christophe JAILLET)
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (Daniel Gabay) [Orabug: 37304749] {CVE-2024-53059}
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (Emmanuel Grumbach)
- mac80211: Add support to trigger sta disconnect on hardware restart (Youghandhar Chintala)
- mac80211: do drv_reconfig_complete() before restarting all (Johannes Berg)
- RDMA/bnxt_re: synchronize the qp-handle table array (Selvin Xavier)
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (Patrisious Haddad)
- RDMA/cxgb4: Dump vendor specific QP details (Leon Romanovsky)
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (Geert Uytterhoeven)
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (Felix Fietkau)
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (Geert Uytterhoeven)
- cgroup: Fix potential overflow issue when checking max_depth (Xiu Jianfeng)
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (Koba Ko) [Orabug: 37264072] {CVE-2024-50141}
- ACPI: PRM: Change handler_addr type to void pointer (Sudeep Holla)
- ACPI: PRM: Remove unnecessary blank lines (Aubrey Li)
- ksmbd: fix user-after-free from session log off (Namjae Jeon) [Orabug: 37227413] {CVE-2024-50086}
- selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (Donet Tom)
- LTS version: v5.15.170 (Vijayendra Suman)
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [Orabug: 37264074] {CVE-2024-50142}
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (Zichen Xie) [Orabug: 37252324] {CVE-2024-50103}
- net: phy: dp83822: Fix reset pin definitions (Michel Alex)
- serial: protect uart_port_dtr_rts() in uart_shutdown() too (Jiri Slaby (SUSE))
- selinux: improve error checking in sel_write_load() (Paul Moore)
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Haiyang Zhang)
- xfrm: fix one more kernel-infoleak in algo dumping (Petr Vaganov) [Orabug: 37252349] {CVE-2024-50110}
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (José Relvas)
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (Sean Christopherson) [Orabug: 37252372] {CVE-2024-50115}
- openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) (Aleksa Sarai)
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (Ryusuke Konishi) [Orabug: 37252377] {CVE-2024-50116}
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (Shubham Panwar)
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (Christian Heusel)
- drm/amd: Guard against bad data for ATIF ACPI method (Mario Limonciello) [Orabug: 37252383] {CVE-2024-50117}
- btrfs: zoned: fix zone unusable accounting for freed reserved extent (Naohiro Aota)
- ALSA: hda/realtek: Update default depop procedure (Kailang Yang)
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (Andrey Shumilin) [Orabug: 37264274] {CVE-2024-50205}
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (Jiri Olsa)
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (Jinjie Ruan) [Orabug: 37320233] {CVE-2024-50210}
- r8169: avoid unsolicited interrupts (Heiner Kallweit)
- net: sched: fix use-after-free in taprio_change() (Dmitry Antipov) [Orabug: 37252407] {CVE-2024-50127}
- net: wwan: fix global oob in wwan_rtnl_policy (Lin Ma) [Orabug: 37252410] {CVE-2024-50128}
- net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x (Peter Rashleigh)
- net: plip: fix break; causing plip to never transmit (Jakub Boehm)
- be2net: fix potential memory leak in be_xmit() (Wang Hai) [Orabug: 37264143] {CVE-2024-50167}
- net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() (Wang Hai) [Orabug: 37264149] {CVE-2024-50168}
- xfrm: respect ip protocols rules criteria when performing dst lookups (Eyal Birger)
- xfrm: extract dst lookup parameters into a struct (Eyal Birger)
- tracing: Consider the NULL character when validating the event length (Leo Yan) [Orabug: 37252415] {CVE-2024-50131}
- platform/x86: dell-sysman: add support for alienware products (Crag Wang)
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (Alexey Klimov)
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning (junhua huang)
- platform/x86: dell-wmi: Ignore suspend notifications (Armin Wolf)
- udf: fix uninit-value use in udf_get_fileshortad (Gianfranco Trad) [Orabug: 37264080] {CVE-2024-50143}
- arm64: Force position-independent veneers (Mark Rutland)
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (Shengjiu Wang)
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (Alexey Klimov)
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (Hans de Goede) [Orabug: 37252420] {CVE-2024-50134}
- exec: don't WARN for racy path_noexec check (Mateusz Guzik) [Orabug: 37206344] {CVE-2024-50010}
- XHCI: Separate PORT and CAPs macros into dedicated file (Frank Li)
- usb: gadget: Add function wakeup support (Elson Roy Serrao)
- KVM: s390: gaccess: Check if guest address is in memslot (Nico Boehr)
- KVM: s390: gaccess: Cleanup access to guest pages (Janis Schoetterl-Glausch)
- KVM: s390: gaccess: Refactor access address range check (Janis Schoetterl-Glausch)
- KVM: s390: gaccess: Refactor gpa and length calculation (Janis Schoetterl-Glausch)
- arm64: probes: Fix uprobes for big-endian kernels (Mark Rutland) [Orabug: 37264236] {CVE-2024-50194}
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (junhua huang)
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (Ye Bin) [Orabug: 37264096] {CVE-2024-50148}
- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (Heiko Carstens)
- usb: typec: altmode should keep reference to parent (Thadeu Lima de Souza Cascardo) [Orabug: 37264102] {CVE-2024-50150}
- smb: client: fix OOBs when building SMB2_IOCTL request (Paulo Alcantara) [Orabug: 37264107] {CVE-2024-50151}
- scsi: target: core: Fix null-ptr-deref in target_alloc_device() (Wang Hai) [Orabug: 37264112] {CVE-2024-50153}
- genetlink: hold RCU in genlmsg_mcast() (Eric Dumazet)
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Kuniyuki Iwashima) [Orabug: 37264114] {CVE-2024-50154}
- net: systemport: fix potential memory leak in bcm_sysport_xmit() (Wang Hai) [Orabug: 37264156] {CVE-2024-50171}
- net: xilinx: axienet: fix potential memory leak in axienet_start_xmit() (Wang Hai)
- net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid (Li RongQing)
- net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() (Wang Hai)
- macsec: don't increment counters for an unrelated SA (Sabrina Dubroca)
- net: usb: usbnet: fix race in probe failure (Oliver Neukum)
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (Douglas Anderson)
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (Douglas Anderson) [Orabug: 37264122] {CVE-2024-50156}
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (Jonathan Marek)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (Bhargava Chenna Marreddy) [Orabug: 37264280] {CVE-2024-50208}
- RDMA/bnxt_re: Return more meaningful error (Kalesh AP)
- ipv4: give an IPv4 dev to blackhole_netdev (Xin Long)
- RDMA/irdma: Fix misspelling of "accept*" (Alexander Zubkov)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (Anumula Murali Mohan Reddy)
- ALSA: hda/cs8409: Fix possible NULL dereference (Murad Masimov) [Orabug: 37264129] {CVE-2024-50160}
- ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin (Florian Klink)
- x86/resctrl: Avoid overflow in MB settings in bw_validate() (Martin Kletzander)
- RDMA/bnxt_re: Add a check for memory allocation (Kalesh AP) [Orabug: 37264285] {CVE-2024-50209}
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (Saravanan Vajravel)
- bpf: devmap: provide rxq after redirect (Florian Kauer) [Orabug: 37264132] {CVE-2024-50162}
- bpf: Make sure internal and UAPI bpf_redirect flags don't overlap (Toke Høiland-Jørgensen) [Orabug: 37264134] {CVE-2024-50163}
- LTS version: v5.15.169 (Vijayendra Suman)
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (Vasiliy Kovalev)
- powerpc/mm: Always update max/min_low_pfn in mem_topology_setup() (Aneesh Kumar K.V)
- nilfs2: propagate directory read errors from nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37264266] {CVE-2024-50202}
- mptcp: prevent MPC handshake on port-based signal endpoints (Paolo Abeni)
- mptcp: fallback when MPTCP opts are dropped after 1st data (Matthieu Baerts (NGI0))
- tcp: fix mptcp DSS corruption due to large pmtu xmit (Paolo Abeni) [Orabug: 37227408] {CVE-2024-50083}
- mptcp: handle consistently DSS corruption (Paolo Abeni) [Orabug: 37264210] {CVE-2024-50185}
- mptcp: track and update contiguous data status (Geliang Tang)
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Marc Zyngier) [Orabug: 37264231] {CVE-2024-50192}
- pinctrl: ocelot: fix system hang on level based interrupts (Sergey Matsievskiy) [Orabug: 37264246] {CVE-2024-50196}
- x86/entry_32: Clear CPU buffers after register restore in NMI return (Pawan Gupta) [Orabug: 37264234] {CVE-2024-50193}
- x86/entry_32: Do not clobber user EFLAGS.ZF (Pawan Gupta)
- x86/apic: Always explicitly disarm TSC-deadline timer (Zhang Rui)
- x86/resctrl: Annotate get_mem_config() functions as __init (Nathan Chancellor)
- USB: serial: option: add Telit FN920C04 MBIM compositions (Daniele Palmas)
- USB: serial: option: add support for Quectel EG916Q-GL (Benjamin B. Frost)
- xhci: Mitigate failed set dequeue pointer commands (Mathias Nyman)
- xhci: Fix incorrect stream context type macro (Mathias Nyman)
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (Luiz Augusto von Dentz)
- Bluetooth: Remove debugfs directory on module init failure (Aaron Thompson)
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: light: opt3001: add missing full-scale range value (Emil Gedenryd)
- iio: light: veml6030: fix IIO device retrieval from embedded device (Javier Carrasco) [Orabug: 37264254] {CVE-2024-50198}
- iio: light: veml6030: fix ALS sensor resolution (Javier Carrasco)
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (Christophe JAILLET)
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (Javier Carrasco)
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (Javier Carrasco)
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (Javier Carrasco)
- drm/vmwgfx: Handle surface check failure correctly (Nikolay Kuratov)
- drm/radeon: Fix encoder->possible_clones (Ville Syrjälä) [Orabug: 37264263] {CVE-2024-50201}
- io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe)
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Omar Sandoval) [Orabug: 37227403] {CVE-2024-50082}
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (Johannes Wikner)
- x86/bugs: Skip RSB fill at VMEXIT (Johannes Wikner)
- x86/entry: Have entry_ibpb() invalidate return predictions (Johannes Wikner)
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (Johannes Wikner)
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (Jim Mattson)
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (Michael Mueller)
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (Thomas Weißschuh)
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (Lu Baolu) [Orabug: 37252321] {CVE-2024-50101}
- io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer)
- io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe)
- io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer)
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (Wachowski, Karol)
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (Breno Leitao) [Orabug: 36835836] {CVE-2024-40953}
- dm-crypt, dm-verity: disable tasklets (Mikulas Patocka)
- wifi: mac80211: fix potential key use-after-free (Johannes Berg)
- secretmem: disable memfd_secret() if arch cannot set direct map (Patrick Roy) [Orabug: 37264195] {CVE-2024-50182}
- mm/swapfile: skip HugeTLB pages for unuse_vma (Liu Shixin) [Orabug: 37264256] {CVE-2024-50199}
- fat: fix uninitialized variable (OGAWA Hirofumi)
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (Nianyao Tang)
- net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY (Oleksij Rempel)
- arm64: probes: Fix simulate_ldr*_literal() (Mark Rutland)
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Rutland) [Orabug: 37252316] {CVE-2024-50099}
- posix-clock: Fix missing timespec64 check in pc_clock_settime() (Jinjie Ruan) [Orabug: 37264241] {CVE-2024-50195}
- net: enetc: add missing static descriptor and inline keyword (Wei Fang)
- net: enetc: remove xdp_drops statistic from enetc_xdp_drop() (Wei Fang)
- udf: Fix bogus checksum computation in udf_rename() (Jan Kara) [Orabug: 37320204] {CVE-2024-43845}
- udf: Don't return bh from udf_expand_dir_adinicb() (Jan Kara)
- udf: Handle error when expanding directory (Jan Kara)
- udf: Remove old directory iteration code (Jan Kara)
- udf: Convert udf_link() to new directory iteration code (Jan Kara)
- udf: Convert udf_mkdir() to new directory iteration code (Jan Kara)
- udf: Convert udf_add_nondir() to new directory iteration (Jan Kara)
- udf: Implement adding of dir entries using new iteration code (Jan Kara)
- udf: Convert udf_unlink() to new directory iteration code (Jan Kara)
- udf: Convert udf_rmdir() to new directory iteration code (Jan Kara)
- udf: Convert empty_dir() to new directory iteration code (Jan Kara)
- udf: Convert udf_get_parent() to new directory iteration code (Jan Kara)
- udf: Convert udf_lookup() to use new directory iteration code (Jan Kara)
- udf: Convert udf_readdir() to new directory iteration (Jan Kara)
- udf: Convert udf_rename() to new directory iteration code (Jan Kara)
- udf: Provide function to mark entry as deleted using new directory iteration code (Jan Kara)
- udf: Implement searching for directory entry using new iteration code (Jan Kara)
- udf: Move udf_expand_dir_adinicb() to its callsite (Jan Kara)
- udf: Convert udf_expand_dir_adinicb() to new directory iteration (Jan Kara)
- udf: New directory iteration code (Jan Kara)
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (Vasiliy Kovalev)
[5.15.0-303.168.3.el9uek]
- ACPI: CPPC: Make rmw_lock a raw_spin_lock (Pierre Gondois) [Orabug: 37268714] {CVE-2024-50249}
- net: usb: usbnet: fix name regression (Oliver Neukum)
- mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (Matthieu Baerts (NGI0))
- parport: Proper fix for array out-of-bounds access (Takashi Iwai) [Orabug: 37227435] {CVE-2024-50074}
- netfilter: xtables: fix typo causing some targets not to load on IPv6 (Pablo Neira Ayuso)
- block, bfq: fix procress reference leakage for bfqq in merge chain (Yu Kuai)
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (Ido Schimmel) [Orabug: 37304697] {CVE-2024-53042}
- usb: dwc3: core: Fix system suspend on TI AM62 platforms (Roger Quadros)
- Revert "driver core: Fix uevent_show() vs driver detach race" (Greg Kroah-Hartman)
- jfs: Fix sanity check in dbMount (Dave Kleikamp)
- octeontx2-af: Fix potential integer overflows on integer shifts (Colin Ian King)
- gtp: allow -1 to be specified as file description from userspace (Pablo Neira Ayuso)
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (Justin Tee) [Orabug: 37070103] {CVE-2024-43816}
- blk-cgroup: Properly propagate the iostat update up the hierarchy (Waiman Long) [Orabug: 37264361]
- blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (Ming Lei) [Orabug: 37264361] {CVE-2024-38384}
- blk-cgroup: fix list corruption from resetting io stat (Ming Lei) [Orabug: 37264361] {CVE-2024-38663}
- blk-cgroup: Flush stats before releasing blkcg_gq (Ming Lei) [Orabug: 37264361]
- blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() (Waiman Long) [Orabug: 37264361]
- blk-cgroup: don't update io stat for root cgroup (Ming Lei) [Orabug: 37264361]
- blk-cgroup: Optimize blkcg_rstat_flush() (Waiman Long) [Orabug: 37264361]
- blk-cgroup: Return -ENOMEM directly in blkcg_css_alloc() error path (Waiman Long) [Orabug: 37264361]
- vfio/iommu_type1: replace kfree with kvfree (Jiacheng Shi) [Orabug: 37263362]
- i2c: i801: Add support for Intel Birch Stream SoC (Jarkko Nikula) [Orabug: 37249533]
- nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37244604]
- virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (Dan Williams) [Orabug: 37070016]
- virt: sevguest: Prep for kernel internal get_ext_report() (Dan Williams) [Orabug: 37070016]
- configfs-tsm: Introduce a shared ABI for attestation reports (Dan Williams) [Orabug: 37070016]
- virt: coco: Add a coco/Makefile and coco/Kconfig (Dan Williams) [Orabug: 37070016]
- virt: sevguest: Fix passing a stack buffer as a scatterlist target (Dan Williams) [Orabug: 37070016]
- x86/sev: Change snp_guest_issue_request()'s fw_err argument (Dionna Glaze) [Orabug: 37070016]
- crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (Peter Gonda) [Orabug: 37070016]
- virt/coco/sev-guest: Double-buffer messages (Dionna Glaze) [Orabug: 37070016]
- virt/coco/sev-guest: Add throttling awareness (Dionna Glaze) [Orabug: 37070016]
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (Borislav Petkov (AMD)) [Orabug: 37070016]
- virt/coco/sev-guest: Do some code style cleanups (Borislav Petkov (AMD)) [Orabug: 37070016]
- virt/coco/sev-guest: Carve out the request issuing logic into a helper (Borislav Petkov (AMD)) [Orabug: 37070016]
- virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (Borislav Petkov (AMD)) [Orabug: 37070016]
- virt/coco/sev-guest: Simplify extended guest request handling (Borislav Petkov (AMD)) [Orabug: 37070016]
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time (Borislav Petkov (AMD)) [Orabug: 37070016]
- x86/sev: Mark snp_abort() noreturn (Borislav Petkov) [Orabug: 37070016]
- kbuild: Drop -Wdeclaration-after-statement (Peter Zijlstra) [Orabug: 37070016]
- apparmor: Free up __cleanup() name (Peter Zijlstra) [Orabug: 37070016]
- fwctl: Expand adaption of code for UEK7 (Liam Merwick) [Orabug: 37070016]
- mm/slab: Add __free() support for kvfree (Dan Williams) [Orabug: 37070016]
- mm: move kvmalloc-related functions to slab.h (Matthew Wilcox (Oracle)) [Orabug: 37070016]
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (Tom Lendacky) [Orabug: 37070016]
- iommu/amd: Do not identity map v2 capable device when snp is enabled (Vasant Hegde) [Orabug: 37070016]
- virt: sevguest: Add CONFIG_CRYPTO dependency (Arnd Bergmann) [Orabug: 37070016]
- virt/sev-guest: Remove unnecessary free in init_crypto() (Rafael Mendonca) [Orabug: 37070016]
- virt/sev-guest: Add a MODULE_ALIAS (Cole Robinson) [Orabug: 37070016]
- virt/sev-guest: Return -EIO if certificate buffer is not large enough (Tom Lendacky) [Orabug: 37070016]
- virt/sev-guest: Prevent IV reuse in the SNP guest driver (Peter Gonda) [Orabug: 37070016]
- x86/compressed/64: Add identity mappings for setup_data entries (Michael Roth) [Orabug: 37070016]
- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (Borislav Petkov (AMD)) [Orabug: 37070016]
- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (Tom Lendacky) [Orabug: 37070016]
- x86/boot: Fix the setup data types max limit (Borislav Petkov) [Orabug: 37070016]
- x86/sev: Don't use cc_platform_has() for early SEV-SNP calls (Tom Lendacky) [Orabug: 37070016]
- x86/sev: Fix calculation of end address based on number of pages (Tom Lendacky) [Orabug: 37070016]
- x86/sev: Fix kernel crash due to late update to read-only ghcb_version (Ashwin Dayanand Kamat) [Orabug: 37070016]
- x86/sev: Add SEV-SNP guest feature negotiation support (Nikunj A Dadhania) [Orabug: 37070016]
- Revert "x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV" (Borislav Petkov) [Orabug: 37070016]
- x86/boot: Don't propagate uninitialized boot_params->cc_blob_address (Michael Roth) [Orabug: 37070016]
- KVM: SVM: Only dump VMSA to klog at KERN_DEBUG level (Peter Gonda) [Orabug: 37070016]
- KVM: SVM: Dump Virtual Machine Save Area (VMSA) to klog (Jarkko Sakkinen) [Orabug: 37070016]
- KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (Sean Christopherson) [Orabug: 37070016]
- iommu/amd: Add support for AVIC when SNP is enabled (Suravee Suthikulpanit) [Orabug: 37070016]
- iommu/amd: Do not support IOMMUv2 APIs when SNP is enabled (Suravee Suthikulpanit) [Orabug: 37070016]
- iommu/amd: Do not support IOMMU_DOMAIN_IDENTITY after SNP is enabled (Suravee Suthikulpanit) [Orabug: 37070016]
- iommu/amd: Set translation valid bit only when IO page tables are in use (Suravee Suthikulpanit) [Orabug: 37070016]
- iommu/amd: Introduce function to check and enable SNP (Brijesh Singh) [Orabug: 37070016]
- iommu/amd: Globally detect SNP support (Suravee Suthikulpanit) [Orabug: 37070016]
- iommu/amd: Process all IVHDs before enabling IOMMU features (Suravee Suthikulpanit) [Orabug: 37070016]
- iommu/amd: Introduce global variable for storing common EFR and EFR2 (Suravee Suthikulpanit) [Orabug: 37070016]
- iommu/amd: Introduce Support for Extended Feature 2 Register (Suravee Suthikulpanit) [Orabug: 37070016]
- x86/sev: Remove duplicated assignment to variable info (Colin Ian King) [Orabug: 37070016]
- x86/sev: Fix address space sparse warning (Borislav Petkov) [Orabug: 37070016]
- x86/sev: Get the AP jump table address from secrets page (Brijesh Singh) [Orabug: 37070016]
- x86/sev: Add missing __init annotations to SEV init routines (Michael Roth) [Orabug: 37070016]
- crypto: ccp - Log when resetting PSP SEV state (Peter Gonda) [Orabug: 37070016]
- virt: sev-guest: Pass the appropriate argument type to iounmap() (Tom Lendacky) [Orabug: 37070016]
- virt: sevguest: Rename the sevguest dir and files to sev-guest (Tom Lendacky) [Orabug: 37070016]
- virt: sevguest: Change driver name to reflect generic SEV support (Tom Lendacky) [Orabug: 37070016]
- x86/boot: Put globals that are accessed early into the .data section (Michael Roth) [Orabug: 37070016]
- virt: sevguest: Fix bool function returning negative value (Haowen Bai) [Orabug: 37070016]
- virt: sevguest: Fix return value check in alloc_shared_pages() (Yang Yingliang) [Orabug: 37070016]
- x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (Peter Gonda) [Orabug: 37070016]
- virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (Michael Roth) [Orabug: 37070016]
- virt: sevguest: Add support to get extended report (Brijesh Singh) [Orabug: 37070016]
- virt: sevguest: Add support to derive key (Brijesh Singh) [Orabug: 37070016]
- virt: Add SEV-SNP guest driver (Brijesh Singh) [Orabug: 37070016]
- x86/sev: Register SEV-SNP guest request platform device (Brijesh Singh) [Orabug: 37070016]
- x86/sev: Provide support for SNP guest request NAEs (Brijesh Singh) [Orabug: 37070016]
- x86/sev: Add a sev= cmdline option (Michael Roth) [Orabug: 37070016]
- x86/sev: Use firmware-validated CPUID for SEV-SNP guests (Michael Roth) [Orabug: 37070016]
- x86/sev: Add SEV-SNP feature detection/setup (Michael Roth) [Orabug: 37070016]
- x86/compressed/64: Add identity mapping for Confidential Computing blob (Michael Roth) [Orabug: 37070016]
- x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (Michael Roth) [Orabug: 37070016]
- x86/compressed: Add SEV-SNP feature detection/setup (Michael Roth) [Orabug: 37070016]
- x86/boot: Add a pointer to Confidential Computing blob in bootparams (Michael Roth) [Orabug: 37070016]
- x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (Michael Roth) [Orabug: 37070016]
- x86/sev: Move MSR-based VMGEXITs for CPUID to helper (Michael Roth) [Orabug: 37070016]
- KVM: x86: Move lookup of indexed CPUID leafs to helper (Michael Roth) [Orabug: 37070016]
- x86/boot: Add Confidential Computing type to setup_data (Brijesh Singh) [Orabug: 37070016]
- x86/compressed/acpi: Move EFI kexec handling into common code (Michael Roth) [Orabug: 37070016]
- x86/compressed/acpi: Move EFI vendor table lookup to helper (Michael Roth) [Orabug: 37070016]
- x86/compressed/acpi: Move EFI config table lookup to helper (Michael Roth) [Orabug: 37070016]
- x86/compressed/acpi: Move EFI system table lookup to helper (Michael Roth) [Orabug: 37070016]
- x86/head/64: Re-enable stack protection (Michael Roth) [Orabug: 37070016]
- x86/sev: Use SEV-SNP AP creation to start secondary CPUs (Tom Lendacky) [Orabug: 37070016]
- x86/sev: Remove do_early_exception() forward declarations (Borislav Petkov) [Orabug: 37070016]
- x86/mm: Validate memory when changing the C-bit (Brijesh Singh) [Orabug: 37070016]
- x86/mm/cpa: Generalize __set_memory_enc_pgtable() (Brijesh Singh) [Orabug: 37070016]
- x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (Brijesh Singh) [Orabug: 37070016]
- x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (Brijesh Singh) [Orabug: 37070016]
- x86/head64: Add missing __head annotation to sme_postprocess_startup() (Marco Bonelli) [Orabug: 37070016]
- x86/head64: Carve out the guest encryption postprocessing into a helper (Borislav Petkov) [Orabug: 37070016]
- x86/sev: Add helper for validating pages in early enc attribute changes (Brijesh Singh) [Orabug: 37070016]
- x86/sev: Register GHCB memory when SEV-SNP is active (Brijesh Singh) [Orabug: 37070016]
- x86/compressed: Register GHCB memory when SEV-SNP is active (Brijesh Singh) [Orabug: 37070016]
- x86/compressed: Add helper for validating pages in the decompression stage (Brijesh Singh) [Orabug: 37070016]
- x86/sev: Check the VMPL level (Brijesh Singh) [Orabug: 37070016]
- x86/sev: Add a helper for the PVALIDATE instruction (Brijesh Singh) [Orabug: 37070016]
- x86/sev: Check SEV-SNP features support (Brijesh Singh) [Orabug: 37070016]
- x86/sev: Save the negotiated GHCB version (Brijesh Singh) [Orabug: 37070016]
- x86/sev: Define the Linux-specific guest termination reasons (Brijesh Singh) [Orabug: 37070016]
- x86/mm: Extend cc_attr to include AMD SEV-SNP (Brijesh Singh) [Orabug: 37070016]
- x86/sev: Detect/setup SEV/SME features earlier in boot (Michael Roth) [Orabug: 37070016]
- x86/compressed/64: Detect/setup SEV/SME features earlier during boot (Michael Roth) [Orabug: 37070016]
- KVM: SVM: Update the SEV-ES save area mapping (Tom Lendacky) [Orabug: 37070016]
- KVM: SVM: Create a separate mapping for the GHCB save area (Tom Lendacky) [Orabug: 37070016] [Orabug: 37070016]
- KVM: SVM: Create a separate mapping for the SEV-ES save area (Tom Lendacky) [Orabug: 37070016]
- KVM: SVM: Define sev_features and VMPL field in the VMSA (Brijesh Singh) [Orabug: 37070016]
- x86/sev: Move common memory encryption code to mem_encrypt.c (Kirill A. Shutemov) [Orabug: 37070016]
- x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c (Kuppuswamy Sathyanarayanan) [Orabug: 37070016]
- x86/sev: Get rid of excessive use of defines (Borislav Petkov) [Orabug: 37070016]
- x86/sev: Shorten GHCB terminate macro names (Brijesh Singh) [Orabug: 37070016]
- x86/coco: Add API to handle encryption mask (Kirill A. Shutemov) [Orabug: 37070016]
- x86/coco: Explicitly declare type of confidential computing platform (Kirill A. Shutemov) [Orabug: 37070016]
- x86/hyperv: Initialize GHCB page in Isolation VM (Tianyu Lan) [Orabug: 37070016]
- x86/cc: Move arch/x86/{kernel/cc_platform.c => coco/core.c} (Kirill A. Shutemov) [Orabug: 37070016]
- x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has() (Tianyu Lan) [Orabug: 37070016]
- crypto: ccp - Add SEV_INIT_EX support (David Rientjes) [Orabug: 37070016]
- crypto: ccp - Add psp_init_on_probe module parameter (Peter Gonda) [Orabug: 37070016]
- crypto: ccp - Add SEV_INIT rc error logging on init (Peter Gonda) [Orabug: 37070016]
- KVM: SVM: Hide SEV migration lockdep goo behind CONFIG_PROVE_LOCKING (Sean Christopherson) [Orabug: 37070016]
- KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL (Sean Christopherson) [Orabug: 37070016]
- KVM: SEV: Init target VMCBs in sev_migrate_from (Peter Gonda) [Orabug: 37070016]
- KVM, SEV: Add KVM_EXIT_SHUTDOWN metadata for SEV-ES (Peter Gonda) [Orabug: 37070016]
- KVM: SEV: Mark nested locking of vcpu->lock (Peter Gonda) [Orabug: 37070016]
- KVM: SVM: Simplify and harden helper to flush SEV guest page(s) (Sean Christopherson) [Orabug: 37070016]
- KVM: SEV: Add cond_resched() to loop in sev_clflush_pages() (Peter Gonda) [Orabug: 37070016]
- KVM: SEV: Allow SEV intra-host migration of VM with mirrors (Peter Gonda) [Orabug: 37070016]
- KVM: SVM: improve split between svm_prepare_guest_switch and sev_es_prepare_guest_switch (Paolo Bonzini) [Orabug: 37070016]
- selftests: KVM: sev_migrate_tests: Add mirror command tests (Peter Gonda) [Orabug: 37070016]
- selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (Peter Gonda) [Orabug: 37070016]
- selftests: KVM: sev_migrate_tests: Fix test_sev_mirror() (Peter Gonda) [Orabug: 37070016]
- KVM: SEV: Mark nested locking of kvm->lock (Wanpeng Li) [Orabug: 37070016]
- KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (Tom Lendacky) [Orabug: 37070016]
- KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (Sean Christopherson) [Orabug: 37070016]
- KVM: SEV: accept signals in sev_lock_two_vms (Paolo Bonzini) [Orabug: 37070016]
- KVM: SEV: do not take kvm->lock when destroying (Paolo Bonzini) [Orabug: 37070016]
- KVM: SEV: Prohibit migration of a VM that has mirrors (Paolo Bonzini) [Orabug: 37070016]
- KVM: SEV: Do COPY_ENC_CONTEXT_FROM with both VMs locked (Paolo Bonzini) [Orabug: 37070016]
- selftests: sev_migrate_tests: add tests for KVM_CAP_VM_COPY_ENC_CONTEXT_FROM (Paolo Bonzini) [Orabug: 37070016]
- KVM: SEV: move mirror status to destination of KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (Paolo Bonzini) [Orabug: 37070016]
- KVM: SEV: cleanup locking for KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (Paolo Bonzini) [Orabug: 37070016]
- KVM: SEV: do not use list_replace_init on an empty list (Paolo Bonzini) [Orabug: 37070016]
- selftests: sev_migrate_tests: free all VMs (Paolo Bonzini) [Orabug: 37070016]
- selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (Paolo Bonzini) [Orabug: 37070016]
- KVM: SEV: Fix typo in and tweak name of cmd_allowed_from_miror() (Sean Christopherson) [Orabug: 37070016]
- KVM: SEV: Drop a redundant setting of sev->asid during initialization (Sean Christopherson) [Orabug: 37070016]
- KVM: SEV: Set sev_info.active after initial checks in sev_guest_init() (Sean Christopherson) [Orabug: 37070016]
- KVM: SEV: unify cgroup cleanup code for svm_vm_migrate_from (Paolo Bonzini) [Orabug: 37070016]
- selftest: KVM: Add intra host migration tests (Peter Gonda) [Orabug: 37070016]
- KVM: selftests: Use pattern matching in .gitignore (Sean Christopherson) [Orabug: 37070016]
- selftest: KVM: Add open sev dev helper (Peter Gonda) [Orabug: 37070016]
- x86/kvm: Add guest support for detecting and enabling SEV Live Migration feature. (Ashish Kalra) [Orabug: 37070016]
- EFI: Introduce the new AMD Memory Encryption GUID. (Ashish Kalra) [Orabug: 37070016]
- mm: x86: Invoke hypercall when page encryption status is changed (Brijesh Singh) [Orabug: 37070016]
- x86/kvm: Add AMD SEV specific Hypercall3 (Brijesh Singh) [Orabug: 37070016]
- KVM: SEV: Add support for SEV-ES intra host migration (Peter Gonda) [Orabug: 37070016]
- KVM: SEV: Add support for SEV intra host migration (Peter Gonda) [Orabug: 37070016]
- KVM: SEV: provide helpers to charge/uncharge misc_cg (Paolo Bonzini) [Orabug: 37070016]
- KVM: SEV: Refactor out sev_es_state struct (Peter Gonda) [Orabug: 37070016]
- x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV (Tianyu Lan) [Orabug: 37070016]
- x86/sev: Allow #VC exceptions on the VC2 stack (Joerg Roedel) [Orabug: 37070016]
- KVM: generalize "bugged" VM to "dead" VM (Paolo Bonzini) [Orabug: 37070016]
- x86/sev: Carve out HV call's return value verification (Borislav Petkov) [Orabug: 37070016]
- KVM: Free new dirty bitmap if creating a new memslot fails (Sean Christopherson) [Orabug: 37070016]
- KVM: Fix comments that refer to the non-existent install_new_memslots() (Jun Miao) [Orabug: 37070016]
- KVM: x86: Retry page fault if MMU reload is pending and root has no sp (Sean Christopherson) [Orabug: 37070016]
- KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that hangs vCPUs (Sean Christopherson) [Orabug: 37070016]
- KVM: Dynamically allocate "new" memslots from the get-go (Sean Christopherson) [Orabug: 37070016]
- KVM: Wait 'til the bitter end to initialize the "new" memslot (Sean Christopherson) [Orabug: 37070016]
- KVM: Optimize overlapping memslots check (Maciej S. Szmigiero) [Orabug: 37070016]
- KVM: Optimize gfn lookup in kvm_zap_gfn_range() (Maciej S. Szmigiero) [Orabug: 37070016]
- KVM: Call kvm_arch_flush_shadow_memslot() on the old slot in kvm_invalidate_memslot() (Maciej S. Szmigiero) [Orabug: 37070016]
- KVM: Keep memslots in tree-based structures instead of array-based ones (Maciej S. Szmigiero) [Orabug: 37070016]
- KVM: s390: Introduce kvm_s390_get_gfn_end() (Maciej S. Szmigiero) [Orabug: 37070016]
- KVM: s390: Add a routine for setting userspace CPU state (Eric Farman) [Orabug: 37070016]
- KVM: Use interval tree to do fast hva lookup in memslots (Maciej S. Szmigiero) [Orabug: 37070016]
- KVM: Resolve memslot ID via a hash table instead of via a static array (Maciej S. Szmigiero) [Orabug: 37070016]
- Revert "kvm: fix possible spectre gadgets in include/linux/kvm_host.h" (Liam Merwick) [Orabug: 37070016]
- KVM: Move WARN on invalid memslot index to update_memslots() (Maciej S. Szmigiero) [Orabug: 37070016]
- KVM: Integrate gfn_to_memslot_approx() into search_memslots() (Maciej S. Szmigiero) [Orabug: 37070016]
- KVM: x86: Use nr_memslot_pages to avoid traversing the memslots array (Maciej S. Szmigiero) [Orabug: 37070016]
- KVM: x86: Don't call kvm_mmu_change_mmu_pages() if the count hasn't changed (Maciej S. Szmigiero) [Orabug: 37070016]
- KVM: Don't make a full copy of the old memslot in __kvm_set_memory_region() (Sean Christopherson) [Orabug: 37070016]
- KVM: s390: Skip gfn/size sanity checks on memslot DELETE or FLAGS_ONLY (Sean Christopherson) [Orabug: 37070016]
- KVM: x86: Don't assume old/new memslots are non-NULL at memslot commit (Sean Christopherson) [Orabug: 37070016]
- KVM: Use prepare/commit hooks to handle generic memslot metadata updates (Sean Christopherson) [Orabug: 37070016]
- KVM: Stop passing kvm_userspace_memory_region to arch memslot hooks (Sean Christopherson) [Orabug: 37070016]
- KVM: x86: Use "new" memslot instead of userspace memory region (Sean Christopherson) [Orabug: 37070016]
- KVM: s390: Use "new" memslot instead of userspace memory region (Sean Christopherson) [Orabug: 37070016]
- KVM: PPC: Avoid referencing userspace memory region in memslot updates (Sean Christopherson) [Orabug: 37070016]
- KVM: MIPS: Drop pr_debug from memslot commit to avoid using "mem" (Sean Christopherson) [Orabug: 37070016]
- KVM: arm64: Use "new" memslot instead of userspace memory region (Sean Christopherson) [Orabug: 37070016]
- KVM: Let/force architectures to deal with arch specific memslot data (Sean Christopherson) [Orabug: 37070016]
- KVM: Use "new" memslot's address space ID instead of dedicated param (Sean Christopherson) [Orabug: 37070016]
- KVM: Resync only arch fields when slots_arch_lock gets reacquired (Maciej S. Szmigiero) [Orabug: 37070016]
- KVM: Open code kvm_delete_memslot() into its only caller (Sean Christopherson) [Orabug: 37070016]
- KVM: Require total number of memslot pages to fit in an unsigned long (Sean Christopherson) [Orabug: 37070016]
- KVM: x86/mmu: Extract zapping of rmaps for gfn range to separate helper (Sean Christopherson) [Orabug: 37070016]
- KVM: x86/mmu: Drop a redundant remote TLB flush in kvm_zap_gfn_range() (Sean Christopherson) [Orabug: 37070016]
- KVM: x86/mmu: Retry page fault if root is invalidated by memslot update (Sean Christopherson) [Orabug: 37070016]
- KVM: x86/mmu: Properly dereference rcu-protected TDP MMU sptep iterator (Sean Christopherson) [Orabug: 37070016]
- KVM: x86/mmu: Don't rebuild page when the page is synced and no tlb flushing is required (Hou Wenlong) [Orabug: 37070016]
- KVM: x86/mmu: Avoid memslot lookup in rmap_add (David Matlack) [Orabug: 37070016]
- KVM: MMU: pass struct kvm_page_fault to mmu_set_spte (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: pass kvm_mmu_page struct to make_spte (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: set ad_disabled in TDP MMU role (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: remove unnecessary argument to mmu_set_spte (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: clean up make_spte return value (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: inline set_spte in FNAME(sync_page) (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: inline set_spte in mmu_set_spte (Paolo Bonzini) [Orabug: 37070016]
- KVM: x86/mmu: Avoid memslot lookup in page_fault_handle_page_track (David Matlack) [Orabug: 37070016]
- KVM: x86/mmu: Pass the memslot around via struct kvm_page_fault (David Matlack) [Orabug: 37070016] [Orabug: 37070016]
- KVM: MMU: unify tdp_mmu_map_set_spte_atomic and tdp_mmu_set_spte_atomic_no_dirty_log (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: mark page dirty in make_spte (Paolo Bonzini) [Orabug: 37070016]
- KVM: x86/mmu: Verify shadow walk doesn't terminate early in page faults (Sean Christopherson) [Orabug: 37070016]
- KVM: MMU: change tracepoints arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: change disallowed_hugepage_adjust() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: change kvm_mmu_hugepage_adjust() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: change fast_page_fault() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: change tdp_mmu_map_handle_target_level() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: change kvm_tdp_mmu_map() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: change FNAME(fetch)() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: change __direct_map() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: change handle_abnormal_pfn() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: change kvm_faultin_pfn() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: change page_fault_handle_page_track() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: change direct_page_fault() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: change mmu->page_fault() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: Introduce struct kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: MMU: pass unadulterated gpa to direct_page_fault (Paolo Bonzini) [Orabug: 37070016]
- KVM: X86: Don't unsync pagetables when speculative (Lai Jiangshan) [Orabug: 37070016]
- KVM: X86: Change kvm_sync_page() to return true when remote flush is needed (Lai Jiangshan) [Orabug: 37070016]
- KVM: X86: Remove kvm_mmu_flush_or_zap() (Lai Jiangshan) [Orabug: 37070016]
- KVM: X86: Don't flush current tlb on shadow page modification (Lai Jiangshan) [Orabug: 37070016]
- net: mana: Fix RX buf alloc_size alignment and atomic op panic (Haiyang Zhang) [Orabug: 37029115] {CVE-2024-45001}
- net/mlx5: pretend 'fast unload' succeeded on Exadata systems (Gerd Rausch) [Orabug: 37224000]
- rds: Do not invoke the transport's recv_path() while in atomic context (Håkon Bugge) [Orabug: 36368605]
[5.15.0-303.168.2.el9uek]
- Revert "rds: ib: Make sure receives are posted before connection is up" (Gerd Rausch) [Orabug: 37244182]
- uek-rpm/ol9/config-mips64: Align MIPS64 Crypto configs with x86_64 (Vijay Kumar) [Orabug: 37218693]
- rds: ib: Avoid reuse of IB MRs when cleaning is in progress (Håkon Bugge) [Orabug: 37206836]
- spec: Set CONFIG_CRYPTO_FIPS_NAME for standard & embedded kernels (Jonah Palmer) [Orabug: 37137136]
- spec: Set CONFIG_CRYPTO_FIPS_NAME for container kernels (Jonah Palmer) [Orabug: 37137136]
- spec: Add UEK release macros for UEK7 (Jonah Palmer) [Orabug: 37137136]
- uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol9 Pensando embedded kernels (Jonah Palmer) [Orabug: 37137136]
- uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol9 T93 embedded kernels (Jonah Palmer) [Orabug: 37137136]
- uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol9 MIPS64 embedded kernels (Jonah Palmer) [Orabug: 37137136]
- uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol8 Bluefield 3 smartnic embedded kernels (Jonah Palmer) [Orabug: 37137136]
- uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol8/ol9 standard kernels (Jonah Palmer) [Orabug: 37137136]
- uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol8/ol9 container kernels (Jonah Palmer) [Orabug: 37137136]
[5.15.0-303.168.1.el9uek]
- LTS version: v5.15.168 (Vijayendra Suman)
- net: xilinx: axienet: Schedule NAPI in two steps (Sean Anderson)
- selftests: net: more strict check in net_helper (Paolo Abeni)
- net: axienet: start napi before enabling Rx/Tx (Andy Chiu)
- ext4: fix warning in ext4_dio_write_end_io() (Jan Kara)
- netfilter: ip6t_rpfilter: Fix regression with VRF interfaces (Phil Sutter)
- net: vrf: determine the dst using the original ifindex for multicast (Antoine Tenart)
- net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev (Andrea Mayer)
- xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup (David Ahern)
- net: geneve: add missing netlink policy and size for IFLA_GENEVE_INNER_PROTO_INHERIT (Eyal Birger)
- block, bfq: fix uaf for accessing waker_bfqq after splitting (Yu Kuai)
- kthread: unpark only parked kthread (Frederic Weisbecker) [Orabug: 37206395] {CVE-2024-50019}
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (Yonatan Maman) [Orabug: 37252307] {CVE-2024-50096}
- mptcp: pm: do not remove closing subflows (Matthieu Baerts (NGI0))
- net: dsa: lan9303: ensure chip reset and wait for READY status (Anatolij Gustschin)
- net: Fix an unsafe loop on the list (Anastasia Kovaleva) [Orabug: 37206408] {CVE-2024-50024}
- net: explicitly clear the sk pointer, when pf->create fails (Ignat Korchagin)
- drm/v3d: Stop the active perfmon before being destroyed (Maíra Canal) [Orabug: 37206424] {CVE-2024-50031}
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (SurajSonawane2415)
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (Icenowy Zheng)
- usb: xhci: Fix problem with xhci resume from suspend (Jose Alberto Reguero)
- usb: dwc3: core: Stop processing of pending events if controller is halted (Selvarasu Ganesan)
- Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" (Oliver Neukum)
- HID: plantronics: Workaround for an unexcepted opposite volume key (Wade Wang)
- resource: fix region_intersects() vs add_memory_driver_managed() (Huang Ying) [Orabug: 37200930] {CVE-2024-49878}
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (Basavaraj Natikar) [Orabug: 37264222] {CVE-2024-50189}
- hwmon: (adt7470) Add missing dependency on REGMAP_I2C (Javier Carrasco)
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (Javier Carrasco)
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (Guenter Roeck)
- x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported (Mitchell Levy)
- RDMA/hns: Fix UAF for cq async event (Chengchang Tang) [Orabug: 36753395] {CVE-2024-38545}
- slip: make slhc_remember() more robust against malicious packets (Eric Dumazet) [Orabug: 37206428] {CVE-2024-50033}
- ppp: fix ppp_async_encode() illegal access (Eric Dumazet) [Orabug: 37206434] {CVE-2024-50035}
- mctp: Handle error of rtnl_register_module(). (Kuniyuki Iwashima)
- rtnetlink: Add bulk registration helpers for rtnetlink message handlers. (Kuniyuki Iwashima)
- net: rtnetlink: add msg kind names (Nikolay Aleksandrov)
- netfilter: fib: check correct rtable in vrf setups (Florian Westphal)
- netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces. (Guillaume Nault)
- netfilter: rpfilter/fib: Populate flowic_l3mdev field (Phil Sutter)
- netfilter: xtables: avoid NFPROTO_UNSPEC where needed (Florian Westphal) [Orabug: 37206449] {CVE-2024-50038}
- sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (Xin Long)
- net: ibm: emac: mal: fix wrong goto (Rosen Penev)
- net/sched: accept TCA_STAB only for root qdisc (Eric Dumazet) [Orabug: 37206456] {CVE-2024-50039}
- igb: Do not bring the device up after non-fatal error (Mohamed Khalfella) [Orabug: 37206463] {CVE-2024-50040}
- i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (Aleksandr Loktionov) [Orabug: 37206468] {CVE-2024-50041}
- ice: Fix netif_is_ice() in Safe Mode (Marcin Szycik)
- gpio: aspeed: Use devm_clk api to manage clock source (Billy Tsai)
- gpio: aspeed: Add the flush write to ensure the write complete. (Billy Tsai)
- net: dsa: b53: fix jumbo frames on 10/100 ports (Jonas Gorski)
- net: dsa: b53: allow lower MTUs on BCM5325/5365 (Jonas Gorski)
- net: dsa: b53: fix max MTU for BCM5325/BCM5365 (Jonas Gorski)
- net: dsa: b53: fix max MTU for 1g switches (Jonas Gorski)
- net: dsa: b53: fix jumbo frame mtu check (Jonas Gorski)
- thermal: intel: int340x: processor: Fix warning during module unload (Zhang Rui) [Orabug: 37252297] {CVE-2024-50093}
- thermal: int340x: processor_thermal: Set feature mask before proc_thermal_add (Srinivas Pandruvada)
- net: phy: bcm84881: Fix some error handling paths (Christophe JAILLET)
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (Luiz Augusto von Dentz) [Orabug: 37206473] {CVE-2024-50044}
- netfilter: br_netfilter: fix panic with metadata_dst skb (Andy Roulin) [Orabug: 37206481] {CVE-2024-50045}
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (Neal Cardwell)
- tcp: fix to allow timestamp undo if no retransmits were sent (Neal Cardwell)
- net: phy: dp83869: fix memory corruption when enabling fiber (Ingo van Lil) [Orabug: 37264220] {CVE-2024-50188}
- NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (Yanjun Zhang) [Orabug: 37206486] {CVE-2024-50046}
- SUNRPC: Fix integer overflow in decode_rc_list() (Dan Carpenter)
- ice: fix VLAN replay after reset (Dave Ertman)
- NFSD: Mark filecache "down" if init fails (Chuck Lever)
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (Bob Pearson)
- fbdev: sisfb: Fix strbuf array overflow (Andrey Shumilin) [Orabug: 37264185] {CVE-2024-50180}
- drm/amd/display: Check null pointer before dereferencing se (Alex Hung) [Orabug: 37206502] {CVE-2024-50049}
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (Zijun Hu)
- tools/iio: Add memory allocation failure check for trigger_name (Zhu Jun)
- virtio_pmem: Check device status before requesting flush (Philip Chen) [Orabug: 37264203] {CVE-2024-50184}
- comedi: ni_routing: tools: Check when the file could not be opened (Ruffalo Lavoisier)
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (Shawn Shao)
- usb: chipidea: udc: enable suspend interrupt after usb reset (Xu Yang)
- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (Peng Fan) [Orabug: 37264190] {CVE-2024-50181}
- remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table (Peng Fan)
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (Yunke Cao)
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (Kaixin Wang) [Orabug: 37206539] {CVE-2024-50059}
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (Alex Williamson)
- i2c: i801: Use a different adapter-name for IDF adapters (Hans de Goede)
- PCI: Add ACS quirk for Qualcomm SA8775P (Subramanian Ananthanarayanan)
- clk: bcm: bcm53573: fix OF node leak in init (Krzysztof Kozlowski)
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (Md Haris Iqbal) [Orabug: 37206562] {CVE-2024-50062}
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (WangYuli)
- RDMA/mad: Improve handling of timed out WRs of mad agent (Saravanan Vajravel) [Orabug: 37252300] {CVE-2024-50095}
- ktest.pl: Avoid false positives with grub2 skip regex (Daniel Jordan)
- s390/cpum_sf: Remove WARN_ON_ONCE statements (Thomas Richter)
- ext4: nested locking for xattr inode (Wojciech Gładysz)
- ext4: don't set SB_RDONLY after filesystem errors (Jan Kara) [Orabug: 37264225] {CVE-2024-50191}
- bpf, x64: Fix a jit convergence issue (Yonghong Song)
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (Gerald Schaefer)
- s390/facility: Disable compile time optimization for decompressor code (Heiko Carstens)
- bpf: Check percpu map value size first (Tao Chen)
- Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (Mathias Krause)
- virtio_console: fix misc probe bugs (Michael S. Tsirkin)
- fs/ntfs3: Refactor enum_rstbl to suppress static checker (Konstantin Komarov)
- selftests: net: Remove executable bits from library scripts (Benjamin Poirier)
- selftests/net: synchronize udpgro tests' tx and rx connection (Lucas Karpinski)
- selftests/net: give more time to udpgro bg processes to complete startup (Adrien Thierry)
- tracing: Have saved_cmdlines arrays all in one allocation (Steven Rostedt (Google))
- drm/crtc: fix uninitialized variable use even harder (Rob Clark)
- tracing: Remove precision vsnprintf() check from print event (Steven Rostedt (Google))
- net: ethernet: cortina: Drop TSO support (Linus Walleij)
- unicode: Don't special case ignorable code points (Gabriel Krisman Bertazi) [Orabug: 37252273] {CVE-2024-50089}
- ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() (Jaroslav Kysela) [Orabug: 36983951] {CVE-2023-52904}
- perf report: Fix segfault when 'sym' sort key is not used (Namhyung Kim)
- 9p: add missing locking around taking dentry fid list (Dominique Martinet) [Orabug: 36774627] {CVE-2024-39463}
- ext4: fix inode tree inconsistency caused by ENOMEM (zhanchengbin)
- Revert "arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings" (Sumit Semwal)
- ACPI: battery: Fix possible crash when unregistering a battery hook (Armin Wolf) [Orabug: 37206091] {CVE-2024-49955}
- ACPI: battery: Simplify battery hook locking (Armin Wolf)
- clk: qcom: gcc-sc8180x: Add GPLL9 support (Satya Priya Kakitapalli)
- r8169: add tally counter fields added with RTL8125 (Heiner Kallweit) [Orabug: 37206182] {CVE-2024-49973}
- r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" (Colin Ian King)
- dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x (Satya Priya Kakitapalli)
- dt-bindings: clock: qcom: Add missing UFS QREF clocks (Manivannan Sadhasivam)
- media: imx335: Fix reset-gpio handling (Umang Jain)
- media: i2c: imx335: Enable regulator supplies (Kieran Bingham)
- drm/rockchip: vop: clear DMA stop bit on RK3066 (Val Packett)
- drm/rockchip: support gamma control on RK3399 (Hugh Cole-Baker)
- drm/rockchip: define gamma registers for RK3399 (Hugh Cole-Baker)
- lib/buildid: harden build ID parsing logic (Andrii Nakryiko)
- build-id: require program headers to be right after ELF header (Alexey Dobriyan)
- drm/amd/display: Allow backlight to go below AMDGPU_DM_DEFAULT_MIN_BACKLIGHT (Mario Limonciello)
- uprobes: fix kernel info leak via "[uprobes]" vma (Oleg Nesterov)
- arm64: cputype: Add Neoverse-N3 definitions (Mark Rutland)
- arm64: Add Cortex-715 CPU part definition (Anshuman Khandual)
- ext4: dax: fix overflowing extents beyond inode size when partially writing (Zhihao Cheng) [Orabug: 37206370] {CVE-2024-50015}
- ext4: properly sync file size update after O_SYNC direct IO (Jan Kara)
- spi: bcm63xx: Fix missing pm_runtime_disable() (Jinjie Ruan)
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (Jinjie Ruan)
- i2c: xiic: Use devm_clk_get_enabled() (Andi Shyti)
- i2c: core: Lock address during client device instantiation (Heiner Kallweit)
- i2c: create debugfs entry per adapter (Wolfram Sang)
- kconfig: qconf: fix buffer overflow in debug links (Masahiro Yamada)
- drm/amd/display: Fix system hang while resume with TBT monitor (Tom Chung) [Orabug: 37206307] {CVE-2024-50003}
- drm/sched: Add locking to drm_sched_entity_modify_sched (Tvrtko Ursulin)
- close_range(): fix the logics in descriptor table trimming (Al Viro)
- tracing/timerlat: Fix a race during cpuhp processing (Wei Li) [Orabug: 37200894] {CVE-2024-49866}
- tracing/hwlat: Fix a race during cpuhp processing (Wei Li)
- gpio: davinci: fix lazy disable (Emanuele Ghidoli)
- btrfs: wait for fixup workers before stopping cleaner kthread during umount (Filipe Manana) [Orabug: 37200896] {CVE-2024-49867}
- btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (Qu Wenruo) [Orabug: 37200902] {CVE-2024-49868}
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (Hans de Goede)
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (Hans de Goede)
- Input: adp5589-keys - fix adp5589_gpio_get_value() (Nuno Sa)
- Input: adp5589-keys - fix NULL pointer dereference (Nuno Sa) [Orabug: 37200911] {CVE-2024-49871}
- rtc: at91sam9: fix OF node leak in probe() error path (Krzysztof Kozlowski)
- net: stmmac: Fix zero-division error when disabling tc cbs (KhaiWenTan) [Orabug: 37206640] {CVE-2024-49977}
- tomoyo: fallback to realpath if symlink's pathname does not exist (Tetsuo Handa)
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors (Barnabás Czémán)
- clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table (Satya Priya Kakitapalli)
- clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable() (Manivannan Sadhasivam)
- media: venus: fix use after free bug in venus_remove due to race condition (Zheng Wang) [Orabug: 37206208] {CVE-2024-49981}
- clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src (Satya Priya Kakitapalli)
- clk: qcom: clk-rpmh: Fix overflow in BCM vote (Mike Tipton)
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (Hans Verkuil)
- media: sun4i_csi: Implement link validate for sun4i_csi subdev (Laurent Pinchart)
- clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks (Dmitry Baryshkov)
- clk: rockchip: fix error for unknown clocks (Sebastian Reichel)
- aoe: fix the potential use-after-free problem in more places (Chun-Yi Lee) [Orabug: 37206641] {CVE-2024-49982}
- NFSD: Fix NFSv4's PUTPUBFH operation (Chuck Lever)
- nfsd: map the EBADMSG to nfserr_io to avoid warning (Li Lingfeng) [Orabug: 37200917] {CVE-2024-49875}
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (NeilBrown)
- perf hist: Update hist symbol when updating maps (Matt Fleming)
- exfat: fix memory leak in exfat_load_bitmap() (Yuezhang Mo) [Orabug: 37206359] {CVE-2024-50013}
- riscv: define ILLEGAL_POINTER_VALUE for 64bit (Jisheng Zhang)
- ext4: mark fc as ineligible using an handle in ext4_xattr_set() (Luis Henriques (SUSE))
- ext4: use handle to mark fc as ineligible in __track_dentry_update() (Luis Henriques (SUSE))
- ext4: fix fast commit inode enqueueing during a full journal commit (Luis Henriques (SUSE))
- ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (Luis Henriques (SUSE))
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (Luis Henriques (SUSE))
- ext4: update orig_path in ext4_find_extent() (Baokun Li) [Orabug: 37200941] {CVE-2024-49881}
- ext4: fix double brelse() the buffer of the extents path (Baokun Li) [Orabug: 37200947] {CVE-2024-49882}
- ext4: aovid use-after-free in ext4_ext_insert_extent() (Baokun Li) [Orabug: 37200953] {CVE-2024-49883}
- ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (Baokun Li) [Orabug: 37206215] {CVE-2024-49983}
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (Luis Henriques (SUSE))
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (Baokun Li)
- ext4: fix slab-use-after-free in ext4_split_extent_at() (Baokun Li) [Orabug: 37200959] {CVE-2024-49884}
- ext4: correct encrypted dentry name hash when not casefolded (yao.ly)
- ext4: no need to continue when the number of entries is 1 (Edward Adam Davis) [Orabug: 37206145] {CVE-2024-49967}
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (Ai Chao)
- ALSA: line6: add hw monitor volume control to POD HD500X (Hans P. Moller)
- ALSA: usb-audio: Add native DSD support for Luxman D-08u (Jan Lalinsky)
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (Lianqin Hu)
- ALSA: core: add isascii() check to card ID generator (Jaroslav Kysela)
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (Thomas Zimmermann)
- parisc: Fix itlb miss handler for 64-bit programs (Helge Deller)
- perf/core: Fix small negative period being ignored (Luo Gengkun)
- power: supply: hwmon: Fix missing temp1_max_alarm attribute (Hans de Goede)
- spi: bcm63xx: Fix module autoloading (Jinjie Ruan)
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (Krzysztof Kozlowski)
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs (Robert Hancock)
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (Marek Vasut) [Orabug: 37206219] {CVE-2024-49985}
- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (Zach Wade) [Orabug: 37200965] {CVE-2024-49886}
- selftests: vDSO: fix vdso_config for s390 (Heiko Carstens)
- selftests: vDSO: fix ELF hash table entry size for s390x (Jens Remus)
- selftests/mm: fix charge_reserved_hugetlb.sh test (David Hildenbrand)
- selftests: vDSO: fix vDSO symbols lookup for powerpc64 (Christophe Leroy)
- selftests: vDSO: fix vdso_config for powerpc (Christophe Leroy)
- selftests: vDSO: fix vDSO name for powerpc (Christophe Leroy)
- selftests: breakpoints: use remaining time to check if suspend succeed (Yifei Liu)
- spi: s3c64xx: fix timeout counters in flush_fifo (Ben Dooks)
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (Jinjie Ruan)
- usb: typec: tcpm: Check for port partner validity before consuming it (Badhri Jagan Sridharan) [Orabug: 36683242] {CVE-2024-36893}
- blk-integrity: register sysfs attributes on struct device (Thomas Weißschuh)
- blk-integrity: convert to struct device_attribute (Thomas Weißschuh)
- blk-integrity: use sysfs_emit (Thomas Weißschuh)
- ext4: fix i_data_sem unlock order in ext4_ind_migrate() (Artem Sadovnikov) [Orabug: 37206322] {CVE-2024-50006}
- ext4: avoid use-after-free in ext4_ext_show_leaf() (Baokun Li) [Orabug: 37205705] {CVE-2024-49889}
- ext4: ext4_search_dir should return a proper error (Thadeu Lima de Souza Cascardo)
- of/irq: Refer to actual buffer size in of_irq_parse_one() (Geert Uytterhoeven)
- drm/amd/pm: ensure the fw_info is not null before using it (Tim Huang) [Orabug: 37205712] {CVE-2024-49890}
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (Geert Uytterhoeven)
- scsi: aacraid: Rearrange order of struct aac_srb_unit (Kees Cook)
- drm/printer: Allow NULL data in devcoredump printer (Matthew Brost)
- drm/amd/display: Initialize get_bytes_per_element's default to 1 (Alex Hung) [Orabug: 37205726] {CVE-2024-49892}
- drm/amd/display: Fix index out of bounds in DCN30 color transformation (Srinivasan Shanmugam) [Orabug: 37206158] {CVE-2024-49969} {CVE-2024-49895}
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (Srinivasan Shanmugam) [Orabug: 37205739] {CVE-2024-49894}
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (Srinivasan Shanmugam) [Orabug: 37205745] {CVE-2024-49895} {CVE-2024-49969}
- drm/amd/display: Check stream before comparing them (Alex Hung) [Orabug: 37205751] {CVE-2024-49896}
- platform/x86: touchscreen_dmi: add nanote-next quirk (Ckath)
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (Vishnu Sankar)
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (Peng Liu)
- drm/amdgpu: add raven1 gfxoff quirk (Peng Liu)
- jfs: Fix uninit-value access of new_ea in ea_buffer (Zhao Mengmeng) [Orabug: 37205777] {CVE-2024-49900}
- scsi: smartpqi: correct stream detection (Mahesh Rajashekhara)
- jfs: check if leafidx greater than num leaves per dmap tree (Edward Adam Davis) [Orabug: 37205789] {CVE-2024-49902}
- jfs: Fix uaf in dbFreeBits (Edward Adam Davis) [Orabug: 37205794] {CVE-2024-49903}
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (Remington Brasga)
- drm/amd/display: Check null pointers before using dc->clk_mgr (Alex Hung) [Orabug: 37205820] {CVE-2024-49907}
- ata: sata_sil: Rename sil_blacklist to sil_quirks (Damien Le Moal)
- drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (Srinivasan Shanmugam) [Orabug: 37205857] {CVE-2024-49913}
- iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (Sanjay K Kumar) [Orabug: 37206262] {CVE-2024-49993}
- iommu/vt-d: Always reserve a domain ID for identity setup (Lu Baolu)
- power: reset: brcmstb: Do not go into infinite loop if reset fails (Andrew Davis)
- iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux (Marc Gonzalez)
- rcuscale: Provide clear error when async specified without primitives (Paul E. McKenney)
- fbdev: pxafb: Fix possible use after free in pxafb_task() (Kaixin Wang) [Orabug: 37205935] {CVE-2024-49924}
- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (Kees Cook)
- ALSA: hdsp: Break infinite MIDI input flush loop (Takashi Iwai)
- ALSA: asihpi: Fix potential OOB array access (Takashi Iwai) [Orabug: 37206327] {CVE-2024-50007}
- tools/x86/kcpuid: Protect against faulty "max subleaf" values (Ahmed S. Darwish)
- ALSA: usb-audio: Add logitech Audio profile quirk (Joshua Pius)
- ALSA: usb-audio: Define macros for quirk table entries (Takashi Iwai)
- x86/ioapic: Handle allocation failures gracefully (Thomas Gleixner) [Orabug: 37205954] {CVE-2024-49927}
- ALSA: usb-audio: Add input value sanity checks for standard types (Takashi Iwai)
- signal: Replace BUG_ON()s (Thomas Gleixner)
- nfp: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (Gustavo A. R. Silva) [Orabug: 37206332] {CVE-2024-50008}
- wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (Felix Fietkau)
- proc: add config & param to block forcing mem writes (Adrian Ratiu)
- ACPICA: iasl: handle empty connection_node (Aleksandrs Vinarskis)
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (Jason Xing)
- net: atlantic: Avoid warning about potential string truncation (Simon Horman)
- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (Ido Schimmel)
- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). (Kuniyuki Iwashima)
- net: mvpp2: Increase size of queue_name buffer (Simon Horman)
- tipc: guard against string buffer overrun (Simon Horman) [Orabug: 37206276] {CVE-2024-49995}
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (Pei Xiao) [Orabug: 37206122] {CVE-2024-49962}
- ACPI: EC: Do not release locks during operation region accesses (Rafael J. Wysocki)
- wifi: rtw88: select WANT_DEV_COREDUMP (Zong-Zhe Yang)
- wifi: ath11k: fix array out-of-bound access in SoC stats (Karthikeyan Periyasamy) [Orabug: 37205975] {CVE-2024-49930}
- nvme-pci: qdepth 1 quirk (Keith Busch)
- blk_iocost: fix more out of bound shifts (Konstantin Ovsepian) [Orabug: 37205994] {CVE-2024-49933}
- net: sched: consistently use rcu_replace_pointer() in taprio_change() (Dmitry Antipov)
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (Armin Wolf)
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (Armin Wolf)
- ACPI: PAD: fix crash in exit_round_robin() (Seiji Nishikawa) [Orabug: 37206005] {CVE-2024-49935}
- net: hisilicon: hns_mdio: fix OF node leak in probe() (Krzysztof Kozlowski)
- net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() (Krzysztof Kozlowski)
- net: hisilicon: hip04: fix OF node leak in probe() (Krzysztof Kozlowski)
- net/xen-netback: prevent UAF in xenvif_flush_hash() (Jeongjun Park) [Orabug: 37206011] {CVE-2024-49936}
- ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() (Aleksandr Mishin)
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (Toke Høiland-Jørgensen) [Orabug: 37206028] {CVE-2024-49938}
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (Dmitry Kandybka)
- f2fs: Require FMODE_WRITE for atomic write ioctls (Jann Horn) [Orabug: 37200793] {CVE-2024-47740}
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (Takashi Iwai)
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (Hui Wang)
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (Takashi Iwai)
- ALSA: hda/realtek: Fix the push button function for the ALC257 (Oder Chiou)
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (Christophe JAILLET)
- media: usbtv: Remove useless locks in usbtv_video_free() (Benjamin Gaignard) [Orabug: 36598250] {CVE-2024-27072}
- i2c: xiic: Try re-initialization on bus busy timeout (Robert Hancock)
- i2c: xiic: improve error message when transfer fails to start (Marc Ferland)
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (Lars-Peter Clausen)
- i2c: xiic: Fix RX IRQ busy check (Marek Vasut)
- i2c: xiic: Switch from waitqueue to completion (Marek Vasut)
- i2c: xiic: Fix broken locking on tx_msg (Marek Vasut)
- sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (Xin Long) [Orabug: 37206050] {CVE-2024-49944}
- ppp: do not assume bh is held in ppp_channel_bridge_input() (Eric Dumazet) [Orabug: 37206060] {CVE-2024-49946}
- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (Anton Danilov)
- net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check (Shenwei Wang)
- net: stmmac: Disable automatic FCS/Pad stripping (Kurt Kanzenbach)
- stmmac_pci: Fix underflow size in stmmac_rx (Zekun Shen)
- net: add more sanity checks to qdisc_pkt_len_init() (Eric Dumazet) [Orabug: 37206063] {CVE-2024-49948}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Eric Dumazet) [Orabug: 37206069] {CVE-2024-49949}
- net: ethernet: lantiq_etop: fix memory disclosure (Aleksander Jan Bajkowski) [Orabug: 37206288] {CVE-2024-49997}
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- netfilter: nf_tables: prevent nf_skb_duplicated corruption (Eric Dumazet) [Orabug: 37206080] {CVE-2024-49952}
- net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED (Phil Sutter)
- net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (Elena Salomatkina) [Orabug: 37206298] {CVE-2024-50000}
- net/mlx5: Added cond_resched() to crdump collection (Mohamed Khalfella)
- net/mlx5: Fix error path in multi-packet WQE transmit (Gerd Bayer) [Orabug: 37206301] {CVE-2024-50001}
- ieee802154: Fix build error (Jinjie Ruan)
- ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [Orabug: 37264180] {CVE-2024-50179}
- mailbox: bcm2835: Fix timeout during suspend mode (Stefan Wahren) [Orabug: 37206129] {CVE-2024-49963}
- mailbox: rockchip: fix a typo in module autoloading (Liao Chen)
- static_call: Replace pointless WARN_ON() in static_call_module_notify() (Thomas Gleixner) [Orabug: 37206089] {CVE-2024-49954}
- static_call: Handle module init failure correctly in static_call_del_module() (Thomas Gleixner) [Orabug: 37206305] {CVE-2024-50002}
- spi: lpspi: Simplify some error message (Christophe JAILLET)
- usb: yurex: Fix inconsistent locking bug in yurex_read() (Harshit Mogalapalli)
- i2c: isch: Add missed 'else' (Andy Shevchenko)
- i2c: aspeed: Update the stop sw state when the bus recovery occurs (Tommy Huang)
- mm: only enforce minimum stack gap size if it's sensible (David Gow)
- lockdep: fix deadlock issue between lockdep and rcu (Zhiguo Niu)
- bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 (Song Liu)
- x86/entry: Remove unwanted instrumentation in common_interrupt() (Dmitry Vyukov)
- x86/idtentry: Incorporate definitions/declarations of the FRED entries (Xin Li)
- pps: add an error check in parport_attach (Ma Ke)
- pps: remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET)
- usb: xhci: fix loss of data on Cadence xHC (Pawel Laszczak)
- xhci: Add a quirk for writing ERST in high-low order (Daehwan Jung)
- xhci: Preserve RsvdP bits in ERSTBA register correctly (Lukas Wunner)
- xhci: Refactor interrupter code for initial multi interrupter support. (Mathias Nyman)
- xhci: remove xhci_test_trb_in_td_math early development check (Mathias Nyman)
- xhci: fix event ring segment table related masks and variables in header (Mathias Nyman)
- USB: misc: yurex: fix race between read and write (Oliver Neukum)
- usb: yurex: Replace snprintf() with the safer scnprintf() variant (Lee Jones)
- soc: versatile: realview: fix soc_dev leak during device remove (Krzysztof Kozlowski)
- soc: versatile: realview: fix memory leak during device remove (Krzysztof Kozlowski)
- padata: use integer wrap around to prevent deadlock on seq_nr overflow (VanGiang Nguyen) [Orabug: 37200789] {CVE-2024-47739}
- EDAC/igen6: Fix conversion of system address to physical memory address (Qiuxu Zhuo)
- nfs: fix memory leak in error path of nfs4_do_reclaim (Li Lingfeng)
- fs: Fix file_set_fowner LSM hook inconsistencies (Mickaël Salaün)
- vfs: fix race between evice_inodes() and find_inode()&iput() (Julian Sun) [Orabug: 37200603] {CVE-2024-47679}
- arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (Dragan Simic)
- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (Dragan Simic)
- hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (Gaosheng Cui)
- hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (Gaosheng Cui)
- hwrng: mtk - Use devm_pm_runtime_enable (Guoqing Jiang)
- f2fs: avoid potential int overflow in sanity_check_area_boundary() (Nikita Zhandarovich)
- f2fs: prevent possible int overflow in dir_block_index() (Nikita Zhandarovich)
- debugobjects: Fix conditions in fill_pool() (Zhen Lei)
- wifi: mt76: mt7615: check devm_kasprintf() returned value (Ma Ke)
- wifi: rtw88: 8822c: Fix reported RX band width (Bitterblue Smith)
- perf/x86/intel/pt: Fix sampling synchronization (Adrian Hunter)
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (Ard Biesheuvel) [Orabug: 37200864] {CVE-2024-49858}
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (Werner Sembach)
- ACPI: sysfs: validate return type of _STR method (Thomas Weißschuh) [Orabug: 37200877] {CVE-2024-49860}
- drbd: Add NULL check for net_conf to prevent dereference in state validation (Mikhail Lobanov)
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (Qiu-ji Chen)
- crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (Pavan Kumar Paluri)
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them. (Mathias Nyman)
- tty: rp2: Fix reset with non forgiving PCIe host bridges (Florian Fainelli)
- firmware_loader: Block path traversal (Jann Horn) [Orabug: 37200801] {CVE-2024-47742}
- bus: integrator-lm: fix OF node leak in probe() (Krzysztof Kozlowski)
- usb: dwc2: drd: fix clock gating on USB role switch (Tomas Marek)
- usb: cdnsp: Fix incorrect usb_request status (Pawel Laszczak)
- USB: class: CDC-ACM: fix race between get_serial and set_serial (Oliver Neukum)
- USB: misc: cypress_cy7c63: check for short transfer (Oliver Neukum)
- USB: appledisplay: close race between probe and completion handler (Oliver Neukum)
- usbnet: fix cyclical race on disconnect with work queue (Oliver Neukum)
- scsi: mac_scsi: Disallow bus errors during PDMA send (Finn Thain)
- scsi: mac_scsi: Refactor polling loop (Finn Thain)
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (Finn Thain)
- drm/amd/display: Validate backlight caps are sane (Mario Limonciello)
- drm/amd/display: Round calculated vtotal (Robin Chen)
- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (Werner Sembach)
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (Werner Sembach)
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (Werner Sembach)
- Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" (Roman Smirnov)
- soc: versatile: integrator: fix OF node leak in probe() error path (Krzysztof Kozlowski)
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (Ma Ke)
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (Sean Anderson)
- Remove *.orig pattern from .gitignore (Laurent Pinchart)
- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Scott Mayhew) [Orabug: 37070761] {CVE-2024-46695}
- vfio/pci: fix potential memory leak in vfio_intx_enable() (Ye Bin) [Orabug: 36765615] {CVE-2024-38632}
- x86/mm: Switch to new Intel CPU model defines (Tony Luck)
- Input: goodix - use the new soc_intel_is_byt() helper (Hans de Goede)
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (Fangzhi Zuo)
- netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS (Simon Horman)
- netfilter: nf_tables: Keep deleted flowtable hooks until after RCU (Phil Sutter)
- bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() (Jiwon Kim) [Orabug: 37200774] {CVE-2024-47734}
- net: qrtr: Update packets cloning when broadcasting (Youssef Samir)
- tcp: check skb is non-NULL in tcp_rto_delta_us() (Josh Hunt) [Orabug: 37200622] {CVE-2024-47684}
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (Thomas Weißschuh)
- net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (Kaixin Wang) [Orabug: 37200817] {CVE-2024-47747}
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Eric Dumazet) [Orabug: 37200629] {CVE-2024-47685}
- net: xilinx: axienet: Fix packet counting (Sean Anderson)
- net: axienet: Switch to 64-bit RX/TX statistics (Robert Hancock)
- net: axienet: Use NAPI for TX completion path (Robert Hancock)
- net: axienet: Be more careful about updating tx_bd_tail (Robert Hancock)
- net: axienet: add coalesce timer ethtool configuration (Robert Hancock)
- net: axienet: reduce default RX interrupt threshold to 1 (Robert Hancock)
- net: axienet: implement NAPI and GRO receive (Robert Hancock)
- net: axienet: don't set IRQ timer when IRQ delay not used (Robert Hancock)
- net: axienet: Clean up DMA start/stop and error handling (Robert Hancock)
- net: axienet: Clean up device used for DMA calls (Robert Hancock)
- Revert "dm: requeue IO if mapping table not yet available" (Mikulas Patocka)
- vhost_vdpa: assign irq bypass producer token correctly (Jason Wang) [Orabug: 37200820] {CVE-2024-47748}
- vdpa: Add eventfd for the vdpa callback (Xie Yongji)
- interconnect: qcom: sm8250: Enable sync_state (Konrad Dybcio)
- coresight: tmc: sg: Do not leak sg_table (Suzuki K Poulose)
- iio: adc: ad7606: fix standby gpio state to match the documentation (Guillaume Stols)
- iio: adc: ad7606: fix oversampling gpio array (Guillaume Stols)
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (Jinjie Ruan)
- spi: lpspi: release requested DMA channels (Alexander Stein)
- spi: lpspi: Silence error message upon deferred probe (Alexander Stein)
- f2fs: get rid of online repaire on corrupted directory (Chao Yu) [Orabug: 37200641] {CVE-2024-47690}
- f2fs: clean up w/ dotdot_name (Chao Yu)
- f2fs: introduce F2FS_IPU_HONOR_OPU_WRITE ipu policy (Chao Yu)
- f2fs: fix to wait page writeback before setting gcing flag (Chao Yu)
- f2fs: optimize error handling in redirty_blocks (Jack Qiu)
- f2fs: reduce expensive checkpoint trigger frequency (Chao Yu)
- f2fs: remove unneeded check condition in __f2fs_setxattr() (Chao Yu)
- f2fs: fix to update i_ctime in __f2fs_setxattr() (Chao Yu)
- f2fs: fix typo (Yonggil Song)
- nfsd: return -EINVAL when namelen is 0 (Li Lingfeng) [Orabug: 37200649] {CVE-2024-47692}
- nfsd: call cache_put if xdr_reserve_space returns NULL (Guoqing Jiang) [Orabug: 37200782] {CVE-2024-47737}
- ntb_perf: Fix printk format (Max Hawking)
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (Jinjie Ruan)
- RDMA/irdma: fix error message in irdma_modify_qp_roce() (Vitaliy Shevtsov)
- RDMA/cxgb4: Added NULL check for lookup_atid (Mikhail Lobanov) [Orabug: 37200823] {CVE-2024-47749}
- riscv: Fix fp alignment bug in perf_callchain_user() (Jinjie Ruan)
- RDMA/hns: Optimize hem allocation performance (Junxian Huang)
- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (Junxian Huang)
- RDMA/hns: Refactor the abnormal interrupt handler function (Haoyue Xu)
- RDMA/hns: Fix the wrong type of return value of the interrupt handler (Haoyue Xu)
- RDMA/hns: Remove unused abnormal interrupt of type RAS (Haoyue Xu)
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (Chengchang Tang) [Orabug: 37200776] {CVE-2024-47735}
- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (wenglianfa)
- RDMA/hns: Don't modify rq next block addr in HIP09 QPC (Junxian Huang)
- watchdog: imx_sc_wdt: Don't disable WDT in suspend (Jonas Blixt)
- IB/core: Fix ib_cache_setup_one error flow cleanup (Patrisious Haddad) [Orabug: 37200653] {CVE-2024-47693}
- pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function (Wang Jianzheng)
- pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource() (Yangtao Li)
- nfsd: fix refcount leak when file is unhashed after being found (Jeff Layton)
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (Jeff Layton)
- clk: ti: dra7-atl: Fix leak of of_nodes (David Lechner)
- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (Md Haris Iqbal) [Orabug: 37200658] {CVE-2024-47695}
- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (Jack Wang)
- pinctrl: single: fix missing error code in pcs_probe() (Yang Yingliang)
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (Zhu Yanjun) [Orabug: 37205520] {CVE-2024-47696}
- PCI: xilinx-nwl: Clean up clock on probe failure/removal (Sean Anderson)
- PCI: xilinx-nwl: Fix register misspelling (Sean Anderson)
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (Dan Carpenter) [Orabug: 37205559] {CVE-2024-47756}
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (Junlin Li) [Orabug: 37200661] {CVE-2024-47697}
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (Junlin Li) [Orabug: 37200668] {CVE-2024-47698}
- Input: ilitek_ts_i2c - add report id message validation (Emanuele Ghidoli)
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync (Emanuele Ghidoli)
- clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 (Jonas Karlman)
- remoteproc: imx_rproc: Initialize workqueue earlier (Peng Fan)
- remoteproc: imx_rproc: Correct ddr alias for i.MX8M (Peng Fan)
- clk: imx: imx8qxp: Parent should be initialized earlier than the clock (Peng Fan)
- clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk (Peng Fan)
- clk: imx: imx8mp: fix clock tree update of TF-A managed clocks (Zhipeng Wang)
- perf time-utils: Fix 32-bit nsec parsing (Ian Rogers)
- perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time (Yang Jihong)
- perf sched timehist: Fix missing free of session in perf_sched__timehist() (Yang Jihong)
- perf mem: Free the allocated sort string, fixing a leak (Namhyung Kim)
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (Daniel Borkmann)
- nilfs2: fix potential oob read in nilfs_btree_check_delete() (Ryusuke Konishi) [Orabug: 37200842] {CVE-2024-47757}
- nilfs2: determine empty node blocks as corrupted (Ryusuke Konishi)
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (Ryusuke Konishi) [Orabug: 37200675] {CVE-2024-47699}
- ext4: avoid OOB when system.data xattr changes underneath the filesystem (Thadeu Lima de Souza Cascardo) [Orabug: 37200681] {CVE-2024-47701}
- ext4: return error on ext4_find_inline_entry (Thadeu Lima de Souza Cascardo)
- ext4: avoid negative min_clusters in find_group_orlov() (Kemeng Shi)
- ext4: avoid potential buffer_head leak in __ext4_new_inode() (Kemeng Shi)
- ext4: avoid buffer_head leak in ext4_mark_inode_used() (Kemeng Shi)
- smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso (Jiawei Ye)
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (yangerkun)
- kthread: fix task state in kthread worker if being frozen (Chen Yu)
- xz: cleanup CRC32 edits from 2018 (Lasse Collin)
- selftests/bpf: Fix C++ compile error from missing _Bool type (Tony Ambardar)
- selftests/bpf: Fix error compiling test_lru_map.c (Tony Ambardar)
- selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (Tony Ambardar)
- selftests/bpf: Fix compiling core_reloc.c with musl-libc (Tony Ambardar)
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (Tony Ambardar)
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc (Tony Ambardar)
- selftests/bpf: Fix compiling kfree_skb.c with musl-libc (Tony Ambardar)
- selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (Tony Ambardar)
- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (Tony Ambardar)
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (Tony Ambardar)
- tpm: Clean up TPM space after command failure (Jonathan McDowell) [Orabug: 37200850] {CVE-2024-49851}
- xen/swiotlb: add alignment check for dma buffers (Juergen Gross)
- xen: use correct end address of kernel for conflict checking (Juergen Gross)
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (Yuesong Li)
- drm/msm: fix %s null argument error (Sherry Yang)
- ipmi: docs: don't advertise deprecated sysfs entries (Wolfram Sang)
- drm/msm/a5xx: workaround early ring-buffer emptiness check (Vladimir Lypak)
- drm/msm: Drop priv->lastctx (Rob Clark)
- drm/msm/a5xx: fix races in preemption evaluation stage (Vladimir Lypak)
- drm/msm/a5xx: properly clear preemption records on resume (Vladimir Lypak)
- drm/msm/a5xx: disable preemption in submits by default (Vladimir Lypak)
- drm/msm: Fix incorrect file name output in adreno_request_fw() (Aleksandr Mishin)
- powerpc/8xx: Fix kernel vs user address comparison (Christophe Leroy)
- powerpc/8xx: Fix initial memory mapping (Christophe Leroy)
- powerpc/32: Remove 'noltlbs' kernel parameter (Christophe Leroy)
- powerpc/32: Remove the 'nobats' kernel parameter (Christophe Leroy)
- drm/mediatek: Use spin_lock_irqsave() for CRTC event lock (Fei Shao)
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (Jeongjun Park) [Orabug: 37200739] {CVE-2024-47723}
- scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (Dan Carpenter) [Orabug: 37200855] {CVE-2024-49852}
- drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (Liu Ying)
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (Nikita Zhandarovich)
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (Jonas Karlman)
- drm/rockchip: vop: Allow 4096px width scaling (Alex Bee)
- scsi: NCR5380: Check for phase match during PDMA fixup (Finn Thain)
- scsi: NCR5380: Add SCp members to struct NCR5380_cmd (Finn Thain)
- drm/radeon: properly handle vbios fake edid sizing (Alex Deucher)
- drm/radeon: Replace one-element array with flexible-array member (Paulo Miguel Almeida)
- drm/amdgpu: properly handle vbios fake edid sizing (Alex Deucher)
- drm/amdgpu: Replace one-element array with flexible-array member (Paulo Miguel Almeida)
- drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (Srinivasan Shanmugam) [Orabug: 37200736] {CVE-2024-47720}
- drm/stm: Fix an error handling path in stm_drm_platform_probe() (Christophe JAILLET)
- pmdomain: core: Harden inter-column space in debug summary (Geert Uytterhoeven)
- mtd: powernv: Add check devm_kasprintf() returned value (Charles Han)
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (Christophe JAILLET)
- power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (Artur Weber)
- power: supply: axp20x_battery: Remove design from min and max voltage (Chris Morgan)
- hwmon: (ntc_thermistor) fix module autoloading (Yuntao Liu)
- mtd: slram: insert break after errors in parsing the map (Mirsad Todorovac)
- hwmon: (max16065) Fix alarm attributes (Guenter Roeck)
- hwmon: (max16065) Remove use of i2c_match_id() (Andrew Davis)
- i2c: Add i2c_get_match_data() (Biju Das)
- hwmon: (max16065) Fix overflows seen when writing limits (Guenter Roeck)
- m68k: Fix kernel_clone_args.flags in m68k_clone() (Finn Thain)
- clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (Ankit Agrawal)
- reset: k210: fix OF node leak in probe() error path (Krzysztof Kozlowski)
- reset: berlin: fix OF node leak in probe() error path (Krzysztof Kozlowski)
- ARM: versatile: fix OF node leak in CPUs prepare (Krzysztof Kozlowski)
- ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property (Krzysztof Kozlowski)
- ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks (Alexander Dahl)
- arm64: dts: renesas: r9a07g044: Correct GICD and GICR sizes (Lad Prabhakar)
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (Andy Shevchenko)
- spi: ppc4xx: handle irq_of_parse_and_map() errors (Ma Ke)
- block: fix potential invalid pointer dereference in blk_add_partition (Riyan Dhiman) [Orabug: 37200698] {CVE-2024-47705}
- block: print symbolic error name instead of error code (Christian Heusel)
- block, bfq: don't break merge chain in bfq_split_bfqq() (Yu Kuai)
- block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (Yu Kuai)
- block, bfq: fix possible UAF for bfqq->bic with merge chain (Yu Kuai)
- net: tipc: avoid possible garbage value (Su Hui)
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (Justin Iurman)
- r8169: disable ALDPS per default for RTL8125 (Heiner Kallweit)
- net: enetc: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- bareudp: Pull inner IP header on xmit. (Guillaume Nault)
- geneve: Fix incorrect inner network header offset when innerprotoinherit is set (Gal Pressman)
- net: geneve: support IPv4/IPv6 as inner protocol (Eyal Birger)
- bareudp: Pull inner IP header in bareudp_udp_encap_recv(). (Guillaume Nault)
- Bluetooth: btusb: Fix not handling ZPL/short-transfer (Luiz Augusto von Dentz)
- can: m_can: m_can_close(): stop clocks after device has been shut down (Marc Kleine-Budde)
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). (Kuniyuki Iwashima) [Orabug: 37205475] {CVE-2024-47709}
- sock_map: Add a cond_resched() in sock_hash_free() (Eric Dumazet) [Orabug: 37200714] {CVE-2024-47710}
- wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (Jiawei Ye) [Orabug: 37205501] {CVE-2024-47712}
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (Dmitry Antipov) [Orabug: 37200719] {CVE-2024-47713}
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (Dmitry Antipov)
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality (Howard Hsu)
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (Dmitry Antipov)
- x86/sgx: Fix deadlock in SGX NUMA node search (Aaron Lu) [Orabug: 37200860] {CVE-2024-49856}
- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (Nishanth Menon)
- netfilter: nf_tables: remove annotation to access set timeout while holding lock (Pablo Neira Ayuso)
- netfilter: nf_tables: reject expiration higher than timeout (Pablo Neira Ayuso)
- netfilter: nf_tables: reject element expiration with no timeout (Pablo Neira Ayuso)
- netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire (Pablo Neira Ayuso)
- ACPI: CPPC: Fix MASK_VAL() usage (Clément Léger)
- ACPI: bus: Avoid using CPPC if not supported by firmware (Rafael J. Wysocki)
- can: j1939: use correct function name in comment (Zhang Changzhong)
- padata: Honor the caller's alignment in case of chunk_size 0 (Kamlesh Gurudasani)
- wifi: iwlwifi: mvm: increase the time between ranging measurements (Avraham Stern)
- mount: handle OOM on mnt_warn_timestamp_expiry (Olaf Hering)
- fs/namespace: fnic: Switch to use %ptTd (Andy Shevchenko)
- mount: warn only once about timestamp range expiration (Anthony Iliopoulos)
- fs: explicitly unregister per-superblock BDIs (Christoph Hellwig)
- wifi: rtw88: remove CPT execution branch never used (Dmitry Kandybka)
- net: stmmac: dwmac-loongson: Init ref and PTP clocks rate (Yanteng Si)
- wifi: ath9k: Remove error checks when creating debugfs entries (Toke Høiland-Jørgensen)
- wifi: ath9k: fix parameter check in ath9k_init_debug() (Minjie Du)
- ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (Aleksandr Mishin)
- crypto: xor - fix template benchmarking (Helge Deller)
- wifi: rtw88: always wait for both firmware loading attempts (Dmitry Antipov) [Orabug: 37200733] {CVE-2024-47718}
- EDAC/synopsys: Fix error injection on Zynq UltraScale+ (Shubhrajyoti Datta)
- EDAC/synopsys: Fix ECC status and IRQ control race condition (Serge Semin)
- EDAC/synopsys: Re-enable the error interrupts on v3 hw (Sherry Sun)
- EDAC/synopsys: Use the correct register to disable the error interrupt on v3 hw (Sherry Sun)
- EDAC/synopsys: Add support for version 3 of the Synopsys EDAC DDR (Dinh Nguyen)
- USB: usbtmc: prevent kernel-usb-infoleak (Edward Adam Davis) [Orabug: 37159777] {CVE-2024-47671}
- USB: serial: pl2303: add device id for Macrosilicon MS3020 (Junhao Xie)
- gpiolib: cdev: Ignore reconfiguration without direction (Kent Gibson)
- inet: inet_defrag: prevent sk release while still in use (Florian Westphal) [Orabug: 36545059] {CVE-2024-26921}
- gpio: prevent potential speculation leaks in gpio_device_get_desc() (Hagar Hemdan) [Orabug: 36993133] {CVE-2024-44931}
- Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex" (Ping-Ke Shih)
- netfilter: nf_tables: missing iterator type in lookup walk (Pablo Neira Ayuso)
- netfilter: nft_set_pipapo: walk over current view on netlink dump (Pablo Neira Ayuso) [Orabug: 36598033] {CVE-2024-27017}
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (Ferry Meng) [Orabug: 36891660] {CVE-2024-41016}
- ocfs2: add bounds checking to ocfs2_xattr_find_entry() (Ferry Meng) [Orabug: 37159772] {CVE-2024-47670}
- spi: spidev: Add missing spi_device_id for jg10309-01 (Geert Uytterhoeven)
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (Michael Kelley)
- spi: bcm63xx: Enable module autoloading (Liao Chen)
- drm: komeda: Fix an issue related to normalized zpos (hongchi.peng)
- spi: spidev: Add an entry for elgin,jg10309-01 (Fabio Estevam)
- ASoC: tda7419: fix module autoloading (Liao Chen)
- ASoC: intel: fix module autoloading (Liao Chen)
- wifi: iwlwifi: clear trans->state earlier upon error (Emmanuel Grumbach)
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead (Emmanuel Grumbach) [Orabug: 37159780] {CVE-2024-47672}
- wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (Emmanuel Grumbach) [Orabug: 37159785] {CVE-2024-47673}
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (Daniel Gabay)
- wifi: iwlwifi: lower message level for FW buffer destination (Benjamin Berg)
- net: ftgmac100: Ensure tx descriptor updates are visible (Jacky Chou)
- microblaze: don't treat zero reserved memory regions as error (Mike Rapoport)
- pinctrl: at91: make it work with current gpiolib (Thomas Blocher)
- scsi: lpfc: Fix overflow build issue (Sherry Yang)
- ALSA: hda/realtek - FIxed ALC285 headphone no sound (Kailang Yang)
- ALSA: hda/realtek - Fixed ALC256 headphone no sound (Kailang Yang)
- ASoC: allow module autoloading for table db1200_pids (Hongbo Li)
- ASoC: meson: axg-card: fix 'use-after-free' (Arseniy Krasnov) [Orabug: 37116539] {CVE-2024-46849}
- dma-buf: heaps: Fix off-by-one in CMA heap fault handler (T.J. Mercier) [Orabug: 37116545] {CVE-2024-46852}
- soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" (Krzysztof Kozlowski)
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug (Han Xu) [Orabug: 37116547] {CVE-2024-46853}
- net: dpaa: Pad packets to ETH_ZLEN (Sean Anderson) [Orabug: 37116550] {CVE-2024-46854}
- netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [Orabug: 37116554] {CVE-2024-46855}
- net: ftgmac100: Enable TX interrupt to avoid TX timeout (Jacky Chou)
- fou: fix initialization of grc (Muhammad Usama Anjum) [Orabug: 37195062] {CVE-2024-46865}
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (Carolina Jubran)
- net/mlx5: Explicitly set scheduling element and TSAR type (Carolina Jubran)
- net/mlx5e: Add missing link modes to ptys2ethtool_map (Shahar Shitrit)
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (Sriram Yagnaraman)
- ice: fix accounting for filters shared by multiple VSIs (Jacob Keller)
- hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (Patryk Biel)
- hwmon: (pmbus) Introduce and use write_byte_data callback (Mårten Lindahl)
- selftests/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected() (Michal Luczaj)
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (Andy Shevchenko)
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (FUKAUMI Naoki)
- fs/ntfs3: Use kvfree to free memory allocated by kvmalloc (Konstantin Komarov)
- net: tighten bad gso csum offset check in virtio_net_hdr (Willem de Bruijn)
- minmax: reduce min/max macro expansion in atomisp driver (Lorenzo Stoakes)
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (Quentin Schulz)
- mptcp: pm: Fix uaf in __timer_delete_sync (Edward Adam Davis) [Orabug: 37116564] {CVE-2024-46858}
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (Hans de Goede)
- platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (Hans de Goede) [Orabug: 37116566] {CVE-2024-46859}
- NFS: Avoid unnecessary rescanning of the per-server delegation list (Trond Myklebust)
- NFSv4: Fix clearing of layout segments in layoutreturn (Trond Myklebust)
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (Takashi Iwai)
- drm/msm/adreno: Fix error return if missing firmware-name (Rob Clark)
- platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (Maximilian Luz)
- scripts: kconfig: merge_config: config files: add a trailing newline (Anders Roxell)
- HID: multitouch: Add support for GT7868Q (Dmitry Savin)
- Input: synaptics - enable SMBus for HP Elitebook 840 G2 (Jonathan Denose)
- Input: ads7846 - ratelimit the spi_sync error message (Marek Vasut)
- btrfs: update target inode's ctime on unlink (Jeff Layton)
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (Christophe Leroy)
- net: phy: vitesse: repair vsc73xx autonegotiation (Pawel Dembicki)
- net: ethernet: use ip_hdrlen() instead of bit shift (Moon Yeounsu)
- usbnet: ipheth: fix carrier detection in modes 1 and 4 (Foster Snowhill)
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (Lizhi Xu) [Orabug: 37200925] {CVE-2024-49877}
- ocfs2: fix null-ptr-deref when journal load failed. (Julian Sun) [Orabug: 37206096] {CVE-2024-49957}
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks (Lizhi Xu) [Orabug: 37206135] {CVE-2024-49965}
- ocfs2: cancel dqi_sync_work before freeing oinfo (Joseph Qi) [Orabug: 37206140] {CVE-2024-49966}
- ocfs2: fix uninit-value in ocfs2_get_block() (Joseph Qi)
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (Heming Zhao)
- mm: krealloc: consider spare memory for __GFP_ZERO (Danilo Krummrich)
- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (Kemeng Shi)
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (Baokun Li) [Orabug: 37206108] {CVE-2024-49959}
- drm: omapdrm: Add missing check for alloc_ordered_workqueue (Ma Ke) [Orabug: 37200934] {CVE-2024-49879}
in of_msi_get_domain (Andrew Jones)
- parisc: Fix stack start for ADDR_NO_RANDOMIZE personality (Helge Deller)
- parisc: Fix 64-bit userspace syscall path (Helge Deller)
More information about the El-errata
mailing list