[El-errata] ELSA-2025-20365 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Jun 10 14:23:01 UTC 2025
Oracle Linux Security Advisory ELSA-2025-20365
http://linux.oracle.com/errata/ELSA-2025-20365.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
aarch64:
bpftool-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-309.180.4.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek64k-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek64k-core-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek64k-modules-5.15.0-309.180.4.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-5.15.0-309.180.4.el9uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-309.180.4.el9uek.src.rpm
Related CVEs:
CVE-2024-28956
CVE-2024-8805
Description of changes:
[5.15.0-309.180.4.el9uek]
- nvme: unblock ctrl state transition for firmware update (Daniel Wagner)
- nfsd: decrease sc_count directly if fail to queue dl_recall (Li Lingfeng)
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (Rafael J. Wysocki)
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (Xuanqiang Luo)
- usb: chipidea: ci_hdrc_imx: fix usbmisc handling (Fedor Pchelkin)
- Revert "PCI: Avoid reset when disabled via sysfs" (Alex Williamson)
- uek-rpm: CONFIG_PTP_1588_CLOCK_OCP enable for OCI (Vijayendra Suman) [Orabug: 37777354]
- ptp: ocp: let ptp core report driver name instead of the drivers (Vijayendra Suman) [Orabug: 37777354]
- ptp: ocp: Add .getmaxphase ptp_clock_info callback (Rahul Rameshbabu) [Orabug: 37777354]
- ptp: ocp: remove flash image header check fallback (Vadim Fedorenko) [Orabug: 37777354]
- ptp: ocp: expose config and temperature for ART card (Vadim Fedorenko) [Orabug: 37777354]
- ptp: ocp: add serial port of mRO50 MAC on ART card (Vadim Fedorenko) [Orabug: 37777354]
- ptp: ocp: add Orolia timecard support (Vadim Fedorenko) [Orabug: 37777354]
- ptp: ocp: upgrade serial line information (Vadim Fedorenko) [Orabug: 37777354]
- ] ptp: ocp: remove symlink for second GNSS (Vadim Fedorenko) [Orabug: 37777354]
- ptp_ocp: use device_find_any_child() instead of custom approach (Andy Shevchenko) [Orabug: 37777354]
- ptp_ocp: replace kzalloc(x*y) by kcalloc(y, x) (Andy Shevchenko) [Orabug: 37777354]
- ptp_ocp: do not call pci_set_drvdata(pdev, NULL) (Andy Shevchenko) [Orabug: 37777354]
- ptp_ocp: drop duplicate NULL check in ptp_ocp_detach() (Andy Shevchenko) [Orabug: 37777354]
- ptp_ocp: use bits.h macros for all masks (Andy Shevchenko) [Orabug: 37777354]
- ptp: ocp: Add firmware header checks (Vadim Fedorenko) [Orabug: 37777354]
- ptp: ocp: fix PPS source selector debugfs reporting (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: add .init function for sma_op vector (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: vectorize the sma accessor functions (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: constify selectors (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: parameterize input/output sma selectors (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: revise firmware display (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: add Celestica timecard PCI ids (Vadim Fedorenko) [Orabug: 37777354]
- ptp: ocp: Remove #ifdefs around PCI IDs (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: 32-bit fixups for pci start address (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: change sysfs attr group handling (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: have adjtime handle negative delta_ns correctly (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Use DIV64_U64_ROUND_UP for rounding. (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: handle error from nvmem_device_find (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: use snprintf() in ptp_ocp_verify() (Dan Carpenter) [Orabug: 37777354]
- ptp: ocp: Make debugfs variables the correct bitwidth (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Fix PTP_PF_* verification requests (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add 2 more timestampers (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add 4 frequency counters (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Program the signal generators via PTP_CLK_REQ_PEROUT (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add signal generators and update sysfs nodes (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add firmware capability bits for feature gating (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add GND and VCC output selectors (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Rename output selector 'GNSS' to 'GNSS1' (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add ability to disable input selectors. (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add support for selectable SMA directions. (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: add UPF_NO_THRE_TEST flag for serial ports (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Update devlink firmware display path. (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: add nvmem interface for accessing eeprom (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: correct label for error path (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: off by in in ptp_ocp_tod_gnss_name() (Dan Carpenter) [Orabug: 37777354]
- ptp: ocp: Add serial port information to the debug summary (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: adjust utc_tai_offset to TOD info (Vadim Fedorenko) [Orabug: 37777354]
- ptp: ocp: add tod_correction attribute (Vadim Fedorenko) [Orabug: 37777354]
- ptp: ocp: Expose clock status drift and offset (Vadim Fedorenko) [Orabug: 37777354]
- ptp: ocp: add TOD debug information (Vadim Fedorenko) [Orabug: 37777354]
- ptp: ocp: Add ptp_ocp_adjtime_coarse for large adjustments (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Move devlink registration to be last devlink command (Leon Romanovsky) [Orabug: 37777354]
- ptp: ocp: Avoid operator precedence warning in ptp_ocp_summary_show() (Nathan Chancellor) [Orabug: 37777354]
- ptp: ocp: Add timestamp window adjustment (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Have FPGA fold in ns adjustment for adjtime. (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Enable 4th timestamper / PPS generator (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add second GNSS device (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add NMEA output (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add debugfs entry for timecard (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Separate the init and info logic (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add sysfs attribute utc_tai_offset (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add IRIG-B output mode control (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add IRIG-B and DCF blocks (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add SMA selector and controls (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Add third timestamper (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Report error if resource registration fails. (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Skip resources with out of range irqs (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Skip I2C flash read when there is no controller. (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: Parameterize the TOD information display. (Jonathan Lemon) [Orabug: 37777354]
- ptp: ocp: parameterize the i2c driver used (Jonathan Lemon) [Orabug: 37777354]
- vhost-scsi: log event queue write descriptors (Dongli Zhang) [Orabug: 37884058]
- vhost-scsi: log control queue write descriptors (Dongli Zhang) [Orabug: 37884058]
- vhost-scsi: log I/O queue write descriptors (Dongli Zhang) [Orabug: 37884058]
- vhost-scsi: adjust vhost_scsi_get_desc() to log vring descriptors (Dongli Zhang) [Orabug: 37884058]
- vhost: modify vhost_log_write() for broader users (Dongli Zhang) [Orabug: 37884058]
- mm: make page_mapped_in_vma() hugetlb walk aware (Jane Chu) [Orabug: 37956589]
- mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk (zhenwei pi) [Orabug: 37956589]
- ext4: update the backup superblock's at the end of the online resize (Theodore Ts'o) [Orabug: 37356729]
- gve: ignore nonrelevant GSO type bits when processing TSO headers (Joshua Washington) [Orabug: 37356729]
- gve: update gve.rst (Rushil Gupta) [Orabug: 37356729]
- gve: RX path for DQO-QPL (Rushil Gupta) [Orabug: 37356729]
- gve: Tx path for DQO-QPL (Rushil Gupta) [Orabug: 37356729]
- gve: Control path for DQO-QPL (Rushil Gupta) [Orabug: 37356729]
- gve: Fix gve interrupt names (Praveen Kaligineedi) [Orabug: 37356729]
- gve: Handle alternate miss completions (Jeroen de Borst) [Orabug: 37356729]
- gve: Adding a new AdminQ command to verify driver (Jeroen de Borst) [Orabug: 37356729]
- gve: Fix error return code in gve_prefill_rx_pages() (Yang Yingliang) [Orabug: 37356729]
- gve: Reduce alloc and copy costs in the GQ rx path (Shailend Chand) [Orabug: 37356729]
- google/gve:fix repeated words in comments (Jilin Yuan) [Orabug: 37356729]
- gve: Fix spelling mistake "droping" -> "dropping" (Colin Ian King) [Orabug: 37356729]
- gve: enhance no queue page list detection (Haiyue Wang) [Orabug: 37356729]
- gve: Recording rx queue before sending to napi (Tao Liu) [Orabug: 37356729]
- ext4: add ioctls to get/set the ext4 superblock uuid (Jeremy Bongio) [Orabug: 37356729]
- ext4: implement support for get/set fs label (Lukas Czerner) [Orabug: 37356729]
- gve: Add tx|rx-coalesce-usec for DQO (Tao Liu) [Orabug: 37356729]
- gve: Add consumed counts to ethtool stats (Jordan Kim) [Orabug: 37356729]
- gve: Implement suspend/resume/shutdown (Catherine Sullivan) [Orabug: 37356729]
- gve: Add optional metadata descriptor type GVE_TXD_MTD (Willem de Bruijn) [Orabug: 37356729]
- gve: remove memory barrier around seqno (Catherine Sullivan) [Orabug: 37356729]
- gve: Update gve_free_queue_page_list signature (Catherine Sullivan) [Orabug: 37356729]
- gve: Move the irq db indexes out of the ntfy block struct (Catherine Sullivan) [Orabug: 37356729]
- gve: Correct order of processing device options (Jeroen de Borst) [Orabug: 37356729]
- gve: fix for null pointer dereference. (Ameer Hamza) [Orabug: 37356729]
- gve: fix unmatched u64_stats_update_end() (Dan Carpenter) [Orabug: 37356729]
- gve: Add a jumbo-frame device option. (Shailend Chand) [Orabug: 37356729]
- gve: Implement packet continuation for RX. (David Awogbemila) [Orabug: 37356729]
- gve: Allow pageflips on larger pages (Jordan Kim) [Orabug: 37356729]
- gve: Add netif_set_xps_queue call (Catherine Sullivan) [Orabug: 37356729]
- gve: Do lazy cleanup in TX path (Tao Liu) [Orabug: 37356729]
- gve: Add rx buffer pagecnt bias (Catherine Sullivan) [Orabug: 37356729]
- gve: Switch to use napi_complete_done (Yangchun Fu) [Orabug: 37356729]
- gve: Use kvcalloc() instead of kvzalloc() (Gustavo A. R. Silva) [Orabug: 37356729]
- selftests/net: optmem_max became per netns (Eric Dumazet) [Orabug: 37356732]
- tcp: derive delack_max with tcp_rto_min helper (Kevin Yang) [Orabug: 37356732]
- tcp: derive delack_max from rto_min (Eric Dumazet) [Orabug: 37356732]
- tcp: add sysctl_tcp_rto_min_us (Kevin Yang) [Orabug: 37356732]
- tcp: constify tcp_rto_min() and tcp_rto_min_us() argument (Eric Dumazet) [Orabug: 37356732]
- net: constify sk_dst_get() and __sk_dst_get() argument (Eric Dumazet) [Orabug: 37356732]
- net: Namespace-ify sysctl_optmem_max (Eric Dumazet) [Orabug: 37356732]
- net: increase optmem_max default value (Eric Dumazet) [Orabug: 37356732]
- net: phy: dp83867: Fix SGMII FIFO depth for non OF devices (Michael Sit Wei Hong) [Orabug: 37670821]
- net: phy: dp83867: fix get nvmem cell fail (Nikita Shubin) [Orabug: 37670821]
- net: phy: dp83867: implement support for io_impedance_ctrl nvmem cell (Rasmus Villemoes) [Orabug: 37670821]
- net: phy: constify netdev->dev_addr references (Jakub Kicinski) [Orabug: 37670821]
- net: phy: dp83867: introduce critical chip default init for non-of platform (Lay, Kuan Loon) [Orabug: 37670821]
- RDS: use pin_user_pages_fast() (Stephen Brennan) [Orabug: 37872748]
- uek-rpm: Reduce the size of the Bluefield 3 kernel (Henry Willard) [Orabug: 37910874]
- uek-rpm: Make sure dtb directory exists for emb3. (Henry Willard) [Orabug: 37910874]
- uek-rpm: Move the gve kernel module from extra to kernel-uek-core (Samasth Norway Ananda) [Orabug: 37940898]
- platform/mellanox: mlxbf-pmc: Support additional PMC blocks (Shravan Kumar Ramani) [Orabug: 37955981]
- mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() (David Thompson) [Orabug: 37955981]
- mlxbf-bootctl: Support sysfs entries for RTC battery status (Xiangrong Li) [Orabug: 37955981]
- platform/mellanox: mlxbf-bootctl: use sysfs_emit() instead of sprintf() (Ai Chao) [Orabug: 37955981]
- drivers/platform/mellanox: Convert snprintf to sysfs_emit (Li Zhijian) [Orabug: 37955981]
- certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967553]
[5.15.0-309.180.3.el9uek]
- net/mlx5: Reclaim max 50K pages at once (Anand Khoje) [Orabug: 36933755]
- x86/sev: Fix position dependent variable references in startup code (Ard Biesheuvel) [Orabug: 37356711]
- x86/PCI: Export find_cap() to be used in early PCI code (Rayan Dasoriya) [Orabug: 37356711]
- x86/quirks: Scan all busses for early PCI quirks (Rayan Dasoriya) [Orabug: 37356711]
- x86/quirks: Add parameter to clear MSIs early on boot (Rayan Dasoriya) [Orabug: 37356711]
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (Vasant Hegde) [Orabug: 37356711]
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (Vasant Hegde) [Orabug: 37356711]
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (Vasant Hegde) [Orabug: 37356711]
- iommu/amd: Use put_pages_list (Matthew Wilcox (Oracle)) [Orabug: 37356711]
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (Steve Rutherford) [Orabug: 37356711]
- iommu/amd: Simplify pagetable freeing (Robin Murphy) [Orabug: 37356711]
- x86/kvm: Add kexec support for SEV Live Migration. (Ashish Kalra) [Orabug: 37356711]
- nfsd: allow layout state to be admin-revoked. (NeilBrown) [Orabug: 37644985]
- nfsd: allow delegation state ids to be revoked and then freed (NeilBrown) [Orabug: 37644985]
- nfsd: allow open state ids to be revoked and then freed (NeilBrown) [Orabug: 37644985]
- nfsd: allow lock state ids to be revoked and then freed (NeilBrown) [Orabug: 37644985]
- nfsd: allow admin-revoked NFSv4.0 state to be freed. (NeilBrown) [Orabug: 37644985]
- nfsd: report in /proc/fs/nfsd/clients/*/states when state is admin-revoke (NeilBrown) [Orabug: 37644985]
- nfsd: allow state with no file to appear in /proc/fs/nfsd/clients/*/states (NeilBrown) [Orabug: 37644985]
- nfsd: prepare for supporting admin-revocation of state (NeilBrown) [Orabug: 37644985]
- nfsd: split sc_status out of sc_type (NeilBrown) [Orabug: 37644985]
- nfsd: remove stale comment in nfs4_show_deleg() (NeilBrown) [Orabug: 37644985]
- nfsd: avoid race after unhash_delegation_locked() (NeilBrown) [Orabug: 37644985]
- nfsd: don't call functions with side-effecting inside WARN_ON() (NeilBrown) [Orabug: 37644985]
- NFSD: Add nfsd_seq4_status trace event (Chuck Lever) [Orabug: 37644985]
- NFSD: Clean up nfsd4_encode_layoutreturn() (Chuck Lever) [Orabug: 37644985]
- NFSD: Make @lgp parameter of ->encode_layoutget a const pointer (Chuck Lever) [Orabug: 37644985]
- NFSD: Clean up nfsd4_encode_stateid() (Chuck Lever) [Orabug: 37644985]
- NFSD: Add simple u32, u64, and bool encoders (Chuck Lever) [Orabug: 37644985]
- NFSD: Add encoders for NFSv4 clientids and verifiers (Chuck Lever) [Orabug: 37644985]
- nfsd: add some kerneldoc comments for stateid preprocessing functions (Jeff Layton) [Orabug: 37644985]
- nfsd: eliminate find_deleg_file_locked (Jeff Layton) [Orabug: 37644985]
- nfsd: fix potential race in nfs4_find_file (Jeff Layton) [Orabug: 37644985]
- vhost-scsi: Fix vhost_scsi_send_status() (Dongli Zhang) [Orabug: 37840544]
- vhost-scsi: Fix vhost_scsi_send_bad_target() (Dongli Zhang) [Orabug: 37840544]
- vhost-scsi: protect vq->log_used with vq->mutex (Dongli Zhang) [Orabug: 37840544]
- vhost-scsi: Reduce response iov mem use (Mike Christie) [Orabug: 37840544]
- vhost-scsi: Allocate iov_iter used for unaligned copies when needed (Mike Christie) [Orabug: 37840544]
- vhost-scsi: Stop duplicating se_cmd fields (Mike Christie) [Orabug: 37840544]
- vhost-scsi: Dynamically allocate scatterlists (Mike Christie) [Orabug: 37840544]
- vhost-scsi: Return queue full for page alloc failures during copy (Mike Christie) [Orabug: 37840544]
- vhost-scsi: Add better resource allocation failure handling (Mike Christie) [Orabug: 37840544]
- vhost-scsi: Allocate T10 PI structs only when enabled (Mike Christie) [Orabug: 37840544]
- vhost-scsi: Reduce mem use by moving upages to per queue (Mike Christie) [Orabug: 37840544]
- scsi: target: core: Use RCU helpers for INQUIRY t10_alua_tg_pt_gp (Mike Christie) [Orabug: 37840544]
- scsi: target: Perform ALUA group changes in one step (Mike Christie) [Orabug: 37840544]
- scsi: target: Replace lun_tg_pt_gp_lock with rcu in I/O path (Mike Christie) [Orabug: 37840544]
- scsi: target: Fix write perf due to unneeded throttling (Mike Christie) [Orabug: 37840544]
- vhost scsi: Allow user to control num virtqueues (Mike Christie) [Orabug: 37840544]
- vhost-scsi: Rename vhost_scsi_iov_to_sgl (Mike Christie) [Orabug: 37840544]
- vhost-scsi: unbreak any layout for response (Jason Wang) [Orabug: 37840544]
- Revert "vhost-scsi: protect vq->log_base with vq->mutex" (Mike Christie) [Orabug: 37840544]
- Revert "vhost_scsi: log write descriptors" (Mike Christie) [Orabug: 37840544]
- x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre) [Orabug: 37945824]
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (Pawan Gupta) [Orabug: 37945831]
- x86/bpf: Add IBHF call at end of classic BPF (Daniel Sneddon) [Orabug: 37945831]
- x86/bpf: Call branch history clearing sequence on exit (Daniel Sneddon) [Orabug: 37945831]
- selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
- x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
- x86/its: Add "vmexit" option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
- x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
- x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
- x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
- x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
- Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37945842] {CVE-2024-28956}
- x86/alternatives: Remove faulty optimization (Josh Poimboeuf) [Orabug: 37945842] {CVE-2024-28956}
- x86/alternative: Optimize returns patching (Borislav Petkov (AMD)) [Orabug: 37945842] {CVE-2024-28956}
[5.15.0-309.180.2.el9uek]
- LTS version: v5.15.180 (Vijayendra Suman)
- mmc: sdhci-brcmstb: Initialize base_clk to NULL in sdhci_brcmstb_probe() (Nathan Chancellor)
- tracing: Do not use PERF enums when perf is not defined (Steven Rostedt)
- mm, slab: remove duplicate kernel-doc comment for ksize() (Vlastimil Babka)
- mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume (Kamal Dasu)
- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (Chuck Lever)
- nfsd: put dl_stid if fail to queue dl_recall (Li Lingfeng)
- jfs: add index corruption check to DT_GETPAGE() (Roman Smirnov)
- ext4: fix OOB read when checking dotdot dir (Acs, Jakub)
- ext4: don't over-report free space or inodes in statvfs (Theodore Ts'o)
- tracing/osnoise: Fix possible recursive locking for cpus_read_lock() (Ran Xiaokai)
- tracing: Fix synth event printk format for str fields (Douglas Raillard)
- tracing: Ensure module defining synth event cannot be unloaded while tracing (Douglas Raillard)
- tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu)
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (Karel Balej)
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (Paul Menzel)
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (Murad Masimov)
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn)
- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume (Guilherme G. Piccoli)
- btrfs: handle errors from btrfs_dec_ref() properly (Josef Bacik)
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (Markus Elfring)
- platform/x86: ISST: Correct command storage data length (Srinivas Pandruvada)
- drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (Hersen Wu)
- drm/amd/pm: Fix negative array index read (Jesse Zhang)
- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (Sherry Sun)
- tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform (Sherry Sun)
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (Kamal Dasu)
- mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0 (Kamal Dasu)
- can: flexcan: disable transceiver during system PM (Haibo Chen)
- can: flexcan: only change CAN state when link up in system PM (Haibo Chen)
- arcnet: Add NULL check in com20020pci_probe() (Henry Martin)
- net: fix geneve_opt length integer overflow (Lin Ma)
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (Fernando Fernandez Mancera)
- netfilter: nft_tunnel: fix geneve_opt type confusion addition (Lin Ma)
- tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). (Guillaume Nault)
- vsock: avoid timeout during connect() if the socket is closing (Stefano Garzarella)
- net: mvpp2: Prevent parser TCAM memory corruption (Tobias Waldekranz)
- net_sched: skbprio: Remove overly strict queue assertions (Cong Wang)
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu)
- netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only (Pablo Neira Ayuso)
- ASoC: imx-card: Add NULL check in imx_card_probe() (Henry Martin)
- ntb: intel: Fix using link status DB's (Nikita Shubin)
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Yajun Deng)
- riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra (Juhan Jin)
- spufs: fix a leak in spufs_create_context() (Al Viro)
- spufs: fix a leak on spufs_new_file() failure (Al Viro)
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (Tasos Sahanidis)
- can: statistics: use atomic access in hot path (Oliver Hartkopp)
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (Navon John Lukose)
- drm/amd: Keep display off while going into S4 (Mario Limonciello)
- x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled (Vladis Dronov)
- locking/semaphore: Use wake_q to wake up processes outside lock critical section (Waiman Long)
- sched/deadline: Use online cpus for validating runtime (Shrikanth Hegde)
- ksmbd: fix incorrect validation for num_aces field of smb_acl (Namjae Jeon)
- affs: don't write overlarge OFS data block size fields (Simon Tatham)
- affs: generate OFS sequence numbers starting at 1 (Simon Tatham)
- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (Icenowy Zheng)
- nvme-pci: clean up CMBMSC when registering CMB fails (Icenowy Zheng)
- nvme-tcp: fix possible UAF in nvme_tcp_poll (Sagi Grimberg)
- wifi: iwlwifi: fw: allocate chained SG tables for dump (Johannes Berg)
- sched/smt: Always inline sched_smt_active() (Josh Poimboeuf)
- octeontx2-af: Fix mbox INTR handler when num VFs > 64 (Geetha sowjanya)
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (Giovanni Gherdovich)
- ring-buffer: Fix bytes_dropped calculation issue (Feng Yang)
- ksmbd: use aead_request_free to match aead_request_alloc (Miaoqian Lin)
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (Mark Zhang)
- exfat: fix the infinite loop in exfat_find_last_cluster() (Yuezhang Mo)
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf)
- fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche)
- perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo)
- perf python: Don't keep a raw_data pointer to consumed ring buffer space (Arnaldo Carvalho de Melo)
- perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo)
- perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo)
- i3c: master: svc: Fix missing the IBI rules (Stanley Chu)
- fuse: fix dax truncate/punch_hole fault path (Alistair Popple)
- NFSv4: Don't trigger uneccessary scans for return-on-close delegations (Trond Myklebust)
- ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev)
- kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain)
- perf units: Fix insufficient array space (Arnaldo Carvalho de Melo)
- iio: adc: ad7124: Fix comparison of channel configs (Uwe Kleine-König)
- fs/ntfs3: Fix a couple integer overflows on 32bit systems (Dan Carpenter)
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron)
- coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen)
- soundwire: slave: fix an OF node reference leak in soundwire slave device (Joe Hattori)
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz)
- clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock (Barnabás Czémán)
- crypto: hisilicon/sec2 - fix for aead auth key length (Wenkai Lin)
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn)
- mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad)
- crypto: nx - Fix uninitialised hv_nxc on error (Herbert Xu)
- power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber)
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn)
- clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet)
- clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet)
- clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet)
- pinctrl: tegra: Set SFIO mode to Mux Register (Prathamesh Shete)
- IB/mad: Check available slots before posting receive WRs (Maher Sanalla)
- remoteproc: qcom_q6v5_mss: Handle platforms with one power domain (Luca Weiss)
- RDMA/core: Don't expose hw_counters outside of init net namespace (Roman Gushchin)
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis)
- pinctrl: renesas: rzg2l: Fix missing of_node_put() call (Fabrizio Castro)
- pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro)
- lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal)
- clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock (Vladimir Lypak)
- clk: samsung: Fix UBSAN panic in samsung_clk_init() (Will McVicker)
- libbpf: Fix hypothetical STT_SECTION extern NULL deref case (Andrii Nakryiko)
- remoteproc: qcom_q6v5_pas: Make single-PD handling more robust (Luca Weiss)
- remoteproc: core: Clear table_sz when rproc_shutdown (Peng Fan)
- crypto: hisilicon/sec2 - fix for aead authsize alignment (Wenkai Lin)
- clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet)
- fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov)
- mdacon: rework dependency list (Arnd Bergmann)
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring)
- PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo Järvinen)
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (Dan Carpenter)
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (Thippeswamy Havalige)
- PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter)
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (Vitaliy Shevtsov)
- PCI: Avoid reset when disabled via sysfs (Nishanth Aravamudan)
- PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang)
- PCI: brcmstb: Use internal register to change link capability (Jim Quinlan)
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (Hans Zhang)
- PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden)
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno)
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (AngeloGioacchino Del Regno)
- drm/vkms: Fix use after free and double free on init error (José Expósito)
- drm: xlnx: zynqmp: Fix max dma segment size (Tomi Valkeinen)
- drm/dp_mst: Fix drm RAD print (Wayne Lin)
- drm/bridge: ti-sn65dsi86: Fix multiple instances (Geert Uytterhoeven)
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (Jayesh Choudhary)
- ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai)
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (Jiri Kosina)
- media: platform: allgro-dvt: unregister v4l2_device on the error path (Joe Hattori)
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen)
- lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior)
- PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki)
- thermal: int340x: Add NULL check for adev (Chenyuan Yang)
- EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo)
- EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo)
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo)
- selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher)
- PM: sleep: Adjust check before setting power.must_resume (Rafael J. Wysocki)
- x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann)
- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg)
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan)
- cpufreq: scpi: compare kHz instead of Hz (zuoqian)
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport (Microsoft))
- watch_queue: fix pipe accounting mismatch (Eric Sandeen)
- media: i2c: et8ek8: Don't strip remove function when driver is builtin (Uwe Kleine-König)
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu)
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda)
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda)
- tty: serial: 8250: Add Brainboxes XC devices (Cameron Williams)
- tty: serial: 8250: Add some more device IDs (Cameron Williams)
- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (William Breathitt Gray)
- counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier)
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (Dhruv Deshpande)
- netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy)
- ARM: Remove address checking for MMUless devices (Yanjun Yang)
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook)
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook)
- atm: Fix NULL pointer dereference (Minjoong Kim)
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge)
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge)
- bpf, sockmap: Fix race between element replace and close() (Michal Luczaj)
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (Luiz Augusto von Dentz) {CVE-2024-8805}
- arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S (Justin Klaassen)
- mptcp: Fix data stream corruption in the address announcement (Arthur Mongodin)
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (David Rosca)
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich)
- soc: qcom: pdr: Fix the potential deadlock (Saranya R)
- batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann)
- ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven)
- proc: fix UAF in proc_get_inode() (Ye Bin)
- mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen)
- regulator: check that dummy regulator has been probed before using it (Christian Eggers)
- drm/v3d: Don't run jobs that have errors flagged in its fence (Maíra Canal)
- i2c: omap: fix IRQ storms (Andreas Kemnade)
- Revert "gre: Fix IPv6 link-local address generation." (Guillaume Nault)
- net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma)
- net: atm: fix use after free in lec_send() (Dan Carpenter)
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima)
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima)
- Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter)
- RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (Junxian Huang)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (Junxian Huang)
- RDMA/hns: Fix soft lockup during bt pages loop (Junxian Huang)
- RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt() (Chengchang Tang)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel)
- ARM: dts: bcm2711: Don't mark timer regs unconfigured (Phil Elwell)
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (Kashyap Desai)
- ARM: dts: bcm2711: PL011 UARTs are actually r1p5 (Phil Elwell)
- xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu)
- firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori)
- smb: client: fix potential UAF in cifs_debug_files_proc_show() (Paulo Alcantara)
- smb: client: Fix match_session bug preventing session reuse (Henrique Carvalho)
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (Ma Ke)
- drm/amd/display: Check for invalid input params when building scaling params (Michael Strauss)
- i2c: sis630: Fix an error handling path in sis630_probe() (Christophe JAILLET)
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe JAILLET)
- i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe JAILLET)
- cifs: Fix integer overflow while processing closetimeo mount option (Murad Masimov)
- cifs: Fix integer overflow while processing actimeo mount option (Murad Masimov)
- cifs: Fix integer overflow while processing acdirmax mount option (Murad Masimov)
- cifs: Fix integer overflow while processing acregmax mount option (Murad Masimov)
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe JAILLET)
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov)
- ASoC: ops: Consistently treat platform_max as control value (Charles Keepax)
- tcp: fix races in tcp_abort() (Eric Dumazet)
- lib/buildid: Handle memfd_secret() files in build_id_parse() (Andrii Nakryiko)
- qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li)
- drm/amd/display: Fix slab-use-after-free on hdcp_work (Mario Limonciello)
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung)
- drm/amd/display: Restore correct backlight brightness after a GPU reset (Mario Limonciello)
- drm/atomic: Filter out redundant DPMS calls (Ville Syrjälä)
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest)
- USB: serial: option: match on interface class for Telit FN990B (Johan Hovold)
- USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda)
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng)
- block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei)
- drm/nouveau: Do not override forced connector status (Thomas Zimmermann)
- mptcp: safety check before fallback (Matthieu Baerts (NGI0))
- x86/irq: Define trace events conditionally (Arnd Bergmann)
- fuse: don't truncate cached, mutated symlink (Miklos Szeredi)
- ASoC: tas2764: Set the SDOUT polarity correctly (Hector Martin)
- ASoC: tas2764: Fix power control mask (Hector Martin)
- ASoC: tas2770: Fix volume scale (Hector Martin)
- nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner)
- sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin)
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li)
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (Stephan Gerhold)
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (Terry Cheong)
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays. (Vitaly Rodionov)
- ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto)
- thermal/cpufreq_cooling: Remove structure member documentation (Daniel Lezcano)
- s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter)
- sched: Clarify wake_up_q()'s write to task->wake_q.next (Jann Horn)
- HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao (AceLan))
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu)
- vboxsf: fix building with GCC 15 (Brahmajit Das)
- alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support (Eric W. Biederman)
- ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding)
- scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm)
- scsi: core: Use GFP_NOIO to avoid circular locking dependency (Rik van Riel)
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du)
- powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori)
- hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko)
- nvme-fc: go straight to connecting state when initializing (Daniel Wagner)
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran)
- net/mlx5: Bridge, fix the crash caused by LAG state check (Jianbo Liu)
- net: openvswitch: remove misbehaving actions length check (Ilya Maximets)
- openvswitch: Use kmalloc_size_roundup() to match ksize() usage (Kees Cook)
- slab: Introduce kmalloc_size_roundup() (Kees Cook)
- gre: Fix IPv6 link-local address generation. (Guillaume Nault)
- netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin)
- net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang)
- ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter)
- netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju)
- net/mlx5: handle errors in mlx5_chains_create_table() (Wentao Liang)
- Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley)
- netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao)
- net: dsa: mv88e6xxx: Verify after ATU Load ops (Joseph Huang)
- ice: fix memory leak in aRFS after reset (Grzegorz Nitka)
- netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. (Sebastian Andrzej Siewior)
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber)
- fbdev: hyperv_fb: iounmap() the correct memory when removing a device (Michael Kelley)
- ipv6: Fix signed integer overflow in __ip6_append_data (Wang Yufen)
- sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov)
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse)
- vlan: fix memory leak in vlan_newlink() (Eric Dumazet)
[5.15.0-309.179.1.el9uek]
- x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800728]
- x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800728]
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov (AMD)) [Orabug: 37800728]
- x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov (AMD)) [Orabug: 37800728]
- x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov (AMD)) [Orabug: 37800728]
- x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov (AMD)) [Orabug: 37800728]
- x86/microcode/AMD: Stash BSP's CPUID(1).EAX (Boris Ostrovsky) [Orabug: 37800728]
More information about the El-errata
mailing list