From el-errata at oss.oracle.com Mon Sep 1 15:16:37 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 01 Sep 2025 08:16:37 -0700 Subject: [El-errata] ELSA-2025-14900 Moderate: Oracle Linux 8 python39:3.9 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-14900 http://linux.oracle.com/errata/ELSA-2025-14900.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python39-Cython-0.29.21-5.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-attrs-20.3.0-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-debug-3.9.20-2.module+el8.10.0+90647+49247197.x86_64.rpm python39-iniconfig-1.1.1-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-more-itertools-8.5.0-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-packaging-20.4-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pluggy-0.13.1-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-py-1.10.0-1.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pybind11-2.7.1-1.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-pybind11-devel-2.7.1-1.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-pyparsing-2.4.7-5.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pytest-6.0.2-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-wcwidth-0.2.5-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-3.9.20-2.module+el8.10.0+90647+49247197.x86_64.rpm python39-cffi-1.14.3-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-chardet-3.0.4-19.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-cryptography-3.3.1-3.0.1.module+el8.10.0+90269+2fa22b99.x86_64.rpm python39-devel-3.9.20-2.module+el8.10.0+90647+49247197.x86_64.rpm python39-idle-3.9.20-2.module+el8.10.0+90647+49247197.x86_64.rpm python39-idna-2.10-4.module+el8.10.0+90341+71ca88f4.noarch.rpm python39-libs-3.9.20-2.module+el8.10.0+90647+49247197.x86_64.rpm python39-lxml-4.6.5-1.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-mod_wsgi-4.7.1-7.module+el8.10.0+90647+49247197.1.x86_64.rpm python39-numpy-1.19.4-3.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-numpy-doc-1.19.4-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-numpy-f2py-1.19.4-3.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-pip-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-pip-wheel-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-ply-3.11-10.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-psutil-5.8.0-4.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-psycopg2-2.8.6-3.module+el8.10.0+90269+2fa22b99.x86_64.rpm python39-psycopg2-doc-2.8.6-3.module+el8.10.0+90269+2fa22b99.x86_64.rpm python39-psycopg2-tests-2.8.6-3.module+el8.10.0+90269+2fa22b99.x86_64.rpm python39-pycparser-2.20-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-PyMySQL-0.10.1-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pysocks-1.7.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pyyaml-5.4.1-1.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-requests-2.25.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-rpm-macros-3.9.20-2.module+el8.10.0+90647+49247197.noarch.rpm python39-scipy-1.5.4-5.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-setuptools-50.3.2-7.module+el8.10.0+90647+49247197.noarch.rpm python39-setuptools-wheel-50.3.2-7.module+el8.10.0+90647+49247197.noarch.rpm python39-six-1.15.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-test-3.9.20-2.module+el8.10.0+90647+49247197.x86_64.rpm python39-tkinter-3.9.20-2.module+el8.10.0+90647+49247197.x86_64.rpm python39-toml-0.10.1-5.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-urllib3-1.25.10-5.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-wheel-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm aarch64: python39-3.9.20-2.module+el8.10.0+90647+49247197.aarch64.rpm python39-cffi-1.14.3-2.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-chardet-3.0.4-19.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-cryptography-3.3.1-3.0.1.module+el8.10.0+90269+2fa22b99.aarch64.rpm python39-devel-3.9.20-2.module+el8.10.0+90647+49247197.aarch64.rpm python39-idle-3.9.20-2.module+el8.10.0+90647+49247197.aarch64.rpm python39-idna-2.10-4.module+el8.10.0+90341+71ca88f4.noarch.rpm python39-libs-3.9.20-2.module+el8.10.0+90647+49247197.aarch64.rpm python39-lxml-4.6.5-1.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-mod_wsgi-4.7.1-7.module+el8.10.0+90647+49247197.1.aarch64.rpm python39-numpy-1.19.4-3.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-numpy-doc-1.19.4-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-numpy-f2py-1.19.4-3.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-pip-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-pip-wheel-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-ply-3.11-10.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-psutil-5.8.0-4.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-psycopg2-2.8.6-3.module+el8.10.0+90269+2fa22b99.aarch64.rpm python39-psycopg2-doc-2.8.6-3.module+el8.10.0+90269+2fa22b99.aarch64.rpm python39-psycopg2-tests-2.8.6-3.module+el8.10.0+90269+2fa22b99.aarch64.rpm python39-pycparser-2.20-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-PyMySQL-0.10.1-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pysocks-1.7.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pyyaml-5.4.1-1.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-requests-2.25.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-rpm-macros-3.9.20-2.module+el8.10.0+90647+49247197.noarch.rpm python39-scipy-1.5.4-5.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-setuptools-50.3.2-7.module+el8.10.0+90647+49247197.noarch.rpm python39-setuptools-wheel-50.3.2-7.module+el8.10.0+90647+49247197.noarch.rpm python39-six-1.15.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-test-3.9.20-2.module+el8.10.0+90647+49247197.aarch64.rpm python39-tkinter-3.9.20-2.module+el8.10.0+90647+49247197.aarch64.rpm python39-toml-0.10.1-5.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-urllib3-1.25.10-5.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-wheel-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-Cython-0.29.21-5.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-attrs-20.3.0-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-debug-3.9.20-2.module+el8.10.0+90647+49247197.aarch64.rpm python39-iniconfig-1.1.1-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-more-itertools-8.5.0-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-packaging-20.4-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pluggy-0.13.1-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-py-1.10.0-1.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pybind11-2.7.1-1.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-pybind11-devel-2.7.1-1.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-pyparsing-2.4.7-5.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pytest-6.0.2-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-wcwidth-0.2.5-3.module+el8.9.0+90016+9c2d6573.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/mod_wsgi-4.7.1-7.module+el8.10.0+90647+49247197.1.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/numpy-1.19.4-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python39-3.9.20-2.module+el8.10.0+90647+49247197.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python3x-pip-20.2.4-9.module+el8.10.0+90269+2fa22b99.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python3x-setuptools-50.3.2-7.module+el8.10.0+90647+49247197.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python3x-six-1.15.0-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-cffi-1.14.3-2.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-chardet-3.0.4-19.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-cryptography-3.3.1-3.0.1.module+el8.10.0+90269+2fa22b99.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-idna-2.10-4.module+el8.10.0+90341+71ca88f4.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-lxml-4.6.5-1.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-ply-3.11-10.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-psutil-5.8.0-4.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-psycopg2-2.8.6-3.module+el8.10.0+90269+2fa22b99.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-pycparser-2.20-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-PyMySQL-0.10.1-2.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-pysocks-1.7.1-4.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-requests-2.25.0-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-toml-0.10.1-5.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-urllib3-1.25.10-5.module+el8.10.0+90269+2fa22b99.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/PyYAML-5.4.1-1.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/scipy-1.5.4-5.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/Cython-0.29.21-5.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/pybind11-2.7.1-1.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/pytest-6.0.2-2.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python3x-pyparsing-2.4.7-5.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-attrs-20.3.0-2.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-iniconfig-1.1.1-2.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-more-itertools-8.5.0-2.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-packaging-20.4-4.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-pluggy-0.13.1-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-py-1.10.0-1.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/python-wcwidth-0.2.5-3.module+el8.9.0+90016+9c2d6573.src.rpm Related CVEs: CVE-2025-8194 CVE-2025-47273 Description of changes: mod_wsgi numpy python39 [3.9.20-2] - Security fix for CVE-2025-8194 Resolves: RHEL-106359 python3x-pip python3x-setuptools [50.3.2-7] - Security fix for CVE-2025-47273 Resolves: RHEL-104339 python3x-six python-cffi python-chardet python-cryptography python-idna python-lxml python-ply python-psutil python-psycopg2 python-pycparser python-PyMySQL python-pysocks python-requests python-toml python-urllib3 python-wheel PyYAML scipy Cython pybind11 pytest python3x-pyparsing python-attrs python-iniconfig python-more-itertools python-packaging python-pluggy python-py python-wcwidth From el-errata at oss.oracle.com Mon Sep 1 15:16:42 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 01 Sep 2025 08:16:42 -0700 Subject: [El-errata] ELSA-2025-14878 Important: Oracle Linux 9 postgresql security update Message-ID: Oracle Linux Security Advisory ELSA-2025-14878 http://linux.oracle.com/errata/ELSA-2025-14878.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: postgresql-13.22-1.el9_6.x86_64.rpm postgresql-contrib-13.22-1.el9_6.x86_64.rpm postgresql-docs-13.22-1.el9_6.x86_64.rpm postgresql-plperl-13.22-1.el9_6.x86_64.rpm postgresql-plpython3-13.22-1.el9_6.x86_64.rpm postgresql-pltcl-13.22-1.el9_6.x86_64.rpm postgresql-private-devel-13.22-1.el9_6.x86_64.rpm postgresql-private-libs-13.22-1.el9_6.x86_64.rpm postgresql-server-13.22-1.el9_6.x86_64.rpm postgresql-server-devel-13.22-1.el9_6.x86_64.rpm postgresql-static-13.22-1.el9_6.x86_64.rpm postgresql-test-13.22-1.el9_6.x86_64.rpm postgresql-test-rpm-macros-13.22-1.el9_6.noarch.rpm postgresql-upgrade-13.22-1.el9_6.x86_64.rpm postgresql-upgrade-devel-13.22-1.el9_6.x86_64.rpm aarch64: postgresql-13.22-1.el9_6.aarch64.rpm postgresql-contrib-13.22-1.el9_6.aarch64.rpm postgresql-docs-13.22-1.el9_6.aarch64.rpm postgresql-plperl-13.22-1.el9_6.aarch64.rpm postgresql-plpython3-13.22-1.el9_6.aarch64.rpm postgresql-pltcl-13.22-1.el9_6.aarch64.rpm postgresql-private-devel-13.22-1.el9_6.aarch64.rpm postgresql-private-libs-13.22-1.el9_6.aarch64.rpm postgresql-server-13.22-1.el9_6.aarch64.rpm postgresql-server-devel-13.22-1.el9_6.aarch64.rpm postgresql-static-13.22-1.el9_6.aarch64.rpm postgresql-test-13.22-1.el9_6.aarch64.rpm postgresql-test-rpm-macros-13.22-1.el9_6.noarch.rpm postgresql-upgrade-13.22-1.el9_6.aarch64.rpm postgresql-upgrade-devel-13.22-1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/postgresql-13.22-1.el9_6.src.rpm Related CVEs: CVE-2025-8714 CVE-2025-8715 Description of changes: [13.22-1] - Update to 13.22 [13.18-1] - Update to 13.18 From el-errata at oss.oracle.com Wed Sep 3 03:40:35 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 02 Sep 2025 20:40:35 -0700 Subject: [El-errata] ELSA-2025-15017 Important: Oracle Linux 8 udisks2 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15017 http://linux.oracle.com/errata/ELSA-2025-15017.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libudisks2-2.9.0-16.el8_10.1.i686.rpm libudisks2-2.9.0-16.el8_10.1.x86_64.rpm libudisks2-devel-2.9.0-16.el8_10.1.i686.rpm libudisks2-devel-2.9.0-16.el8_10.1.x86_64.rpm udisks2-2.9.0-16.el8_10.1.x86_64.rpm udisks2-iscsi-2.9.0-16.el8_10.1.x86_64.rpm udisks2-lsm-2.9.0-16.el8_10.1.x86_64.rpm udisks2-lvm2-2.9.0-16.el8_10.1.x86_64.rpm aarch64: libudisks2-2.9.0-16.el8_10.1.aarch64.rpm libudisks2-devel-2.9.0-16.el8_10.1.aarch64.rpm udisks2-2.9.0-16.el8_10.1.aarch64.rpm udisks2-iscsi-2.9.0-16.el8_10.1.aarch64.rpm udisks2-lsm-2.9.0-16.el8_10.1.aarch64.rpm udisks2-lvm2-2.9.0-16.el8_10.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/udisks2-2.9.0-16.el8_10.1.src.rpm Related CVEs: CVE-2025-8067 Description of changes: [2.9.0-16.1] - udiskslinuxmanager: Add lower bounds check to fd_index (CVE-2025-8067) (RHEL-109408) From el-errata at oss.oracle.com Wed Sep 3 03:40:53 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 02 Sep 2025 20:40:53 -0700 Subject: [El-errata] ELSA-2025-14983 Moderate: Oracle Linux 9 mod_http2 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-14983 http://linux.oracle.com/errata/ELSA-2025-14983.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: mod_http2-2.0.26-4.el9_6.1.x86_64.rpm aarch64: mod_http2-2.0.26-4.el9_6.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/mod_http2-2.0.26-4.el9_6.1.src.rpm Related CVEs: CVE-2025-49630 Description of changes: [2.0.26-4.1] - Resolves: RHEL-99956 - CVE-2025-49630 httpd: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module From el-errata at oss.oracle.com Wed Sep 3 03:40:52 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 02 Sep 2025 20:40:52 -0700 Subject: [El-errata] ELSA-2025-14862 Important: Oracle Linux 9 postgresql:15 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-14862 http://linux.oracle.com/errata/ELSA-2025-14862.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: pgaudit-1.7.0-1.module+el9.2.0+21134+ceb95ed9.x86_64.rpm pg_repack-1.4.8-2.module+el9.5.0+90424+300303e9.x86_64.rpm postgres-decoderbufs-1.9.7-1.Final.module+el9.2.0+21134+ceb95ed9.x86_64.rpm postgresql-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-contrib-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-docs-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-plperl-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-plpython3-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-pltcl-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-private-devel-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-private-libs-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-server-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-server-devel-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-static-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-test-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-test-rpm-macros-15.14-1.0.1.module+el9.6.0+90648+e6f151be.noarch.rpm postgresql-upgrade-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm postgresql-upgrade-devel-15.14-1.0.1.module+el9.6.0+90648+e6f151be.x86_64.rpm aarch64: pgaudit-1.7.0-1.module+el9.2.0+21134+ceb95ed9.aarch64.rpm pg_repack-1.4.8-2.module+el9.5.0+90424+300303e9.aarch64.rpm postgres-decoderbufs-1.9.7-1.Final.module+el9.2.0+21134+ceb95ed9.aarch64.rpm postgresql-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-contrib-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-docs-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-plperl-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-plpython3-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-pltcl-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-private-devel-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-private-libs-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-server-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-server-devel-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-static-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-test-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-test-rpm-macros-15.14-1.0.1.module+el9.6.0+90648+e6f151be.noarch.rpm postgresql-upgrade-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm postgresql-upgrade-devel-15.14-1.0.1.module+el9.6.0+90648+e6f151be.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/pgaudit-1.7.0-1.module+el9.2.0+21134+ceb95ed9.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/pg_repack-1.4.8-2.module+el9.5.0+90424+300303e9.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/postgres-decoderbufs-1.9.7-1.Final.module+el9.2.0+21134+ceb95ed9.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/postgresql-15.14-1.0.1.module+el9.6.0+90648+e6f151be.src.rpm Related CVEs: CVE-2025-8714 CVE-2025-8715 Description of changes: pgaudit [1.7.0-1] - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: #2128410 pg_repack [1.4.8-2] - Add new build dependencies to fix build with lz4 enabled - Related: RHEL-47350 [1.4.8-1] - Update to version 1.4.8 - Postgresql 15 is supported - Related: #2128410 postgres-decoderbufs [1.9.7-1.Final] - Iitial import for postgresql 15 stream - Related: #2128410 postgresql [15.14-1.0.1] - Update to v15.14 [15.12-1] - Update to 15.12 [15.10-1] - Update to 15.10 - Fixes: CVE-2024-10976 CVE-2024-10978 CVE-2024-10979 [15.8-2] - Fix build on 15.8 [15.8-1] - Update to 15.8 [15.6-3] - Remove /var/run/postgresql - Related: RHEL-51271 [15.6-2] - Enable lz4 and zstd support [15.6-1] - Update to 15.6 and 13.14 - Fix CVE-2024-0985 [15.5-1] - update to 15.5 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-39418 From el-errata at oss.oracle.com Wed Sep 3 03:40:55 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 02 Sep 2025 20:40:55 -0700 Subject: [El-errata] ELSA-2025-15007 Moderate: Oracle Linux 9 python3.12 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15007 http://linux.oracle.com/errata/ELSA-2025-15007.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: python3.12-3.12.9-1.el9_6.2.i686.rpm python3.12-3.12.9-1.el9_6.2.x86_64.rpm python3.12-debug-3.12.9-1.el9_6.2.i686.rpm python3.12-debug-3.12.9-1.el9_6.2.x86_64.rpm python3.12-devel-3.12.9-1.el9_6.2.i686.rpm python3.12-devel-3.12.9-1.el9_6.2.x86_64.rpm python3.12-idle-3.12.9-1.el9_6.2.i686.rpm python3.12-idle-3.12.9-1.el9_6.2.x86_64.rpm python3.12-libs-3.12.9-1.el9_6.2.i686.rpm python3.12-libs-3.12.9-1.el9_6.2.x86_64.rpm python3.12-test-3.12.9-1.el9_6.2.i686.rpm python3.12-test-3.12.9-1.el9_6.2.x86_64.rpm python3.12-tkinter-3.12.9-1.el9_6.2.i686.rpm python3.12-tkinter-3.12.9-1.el9_6.2.x86_64.rpm aarch64: python3.12-3.12.9-1.el9_6.2.aarch64.rpm python3.12-debug-3.12.9-1.el9_6.2.aarch64.rpm python3.12-devel-3.12.9-1.el9_6.2.aarch64.rpm python3.12-idle-3.12.9-1.el9_6.2.aarch64.rpm python3.12-libs-3.12.9-1.el9_6.2.aarch64.rpm python3.12-test-3.12.9-1.el9_6.2.aarch64.rpm python3.12-tkinter-3.12.9-1.el9_6.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/python3.12-3.12.9-1.el9_6.2.src.rpm Related CVEs: CVE-2025-8194 Description of changes: [3.12.9-1.2] - Security fix for CVE-2025-8194 Resolves: RHEL-106370 From el-errata at oss.oracle.com Wed Sep 3 03:40:56 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 02 Sep 2025 20:40:56 -0700 Subject: [El-errata] ELSA-2025-15010 Moderate: Oracle Linux 9 python3.11 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15010 http://linux.oracle.com/errata/ELSA-2025-15010.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: python3.11-3.11.11-2.el9_6.2.i686.rpm python3.11-3.11.11-2.el9_6.2.x86_64.rpm python3.11-debug-3.11.11-2.el9_6.2.i686.rpm python3.11-debug-3.11.11-2.el9_6.2.x86_64.rpm python3.11-devel-3.11.11-2.el9_6.2.i686.rpm python3.11-devel-3.11.11-2.el9_6.2.x86_64.rpm python3.11-idle-3.11.11-2.el9_6.2.i686.rpm python3.11-idle-3.11.11-2.el9_6.2.x86_64.rpm python3.11-libs-3.11.11-2.el9_6.2.i686.rpm python3.11-libs-3.11.11-2.el9_6.2.x86_64.rpm python3.11-test-3.11.11-2.el9_6.2.i686.rpm python3.11-test-3.11.11-2.el9_6.2.x86_64.rpm python3.11-tkinter-3.11.11-2.el9_6.2.i686.rpm python3.11-tkinter-3.11.11-2.el9_6.2.x86_64.rpm aarch64: python3.11-3.11.11-2.el9_6.2.aarch64.rpm python3.11-debug-3.11.11-2.el9_6.2.aarch64.rpm python3.11-devel-3.11.11-2.el9_6.2.aarch64.rpm python3.11-idle-3.11.11-2.el9_6.2.aarch64.rpm python3.11-libs-3.11.11-2.el9_6.2.aarch64.rpm python3.11-test-3.11.11-2.el9_6.2.aarch64.rpm python3.11-tkinter-3.11.11-2.el9_6.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/python3.11-3.11.11-2.el9_6.2.src.rpm Related CVEs: CVE-2025-8194 Description of changes: [3.11.11-2.2] - Security fix for CVE-2025-8194 Resolves: RHEL-106366 From el-errata at oss.oracle.com Wed Sep 3 03:40:57 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 02 Sep 2025 20:40:57 -0700 Subject: [El-errata] ELSA-2025-15018 Important: Oracle Linux 9 udisks2 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15018 http://linux.oracle.com/errata/ELSA-2025-15018.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libudisks2-2.9.4-11.0.1.el9_6.1.i686.rpm libudisks2-2.9.4-11.0.1.el9_6.1.x86_64.rpm libudisks2-devel-2.9.4-11.0.1.el9_6.1.i686.rpm libudisks2-devel-2.9.4-11.0.1.el9_6.1.x86_64.rpm udisks2-2.9.4-11.0.1.el9_6.1.x86_64.rpm udisks2-iscsi-2.9.4-11.0.1.el9_6.1.x86_64.rpm udisks2-lsm-2.9.4-11.0.1.el9_6.1.x86_64.rpm udisks2-lvm2-2.9.4-11.0.1.el9_6.1.x86_64.rpm aarch64: libudisks2-2.9.4-11.0.1.el9_6.1.aarch64.rpm libudisks2-devel-2.9.4-11.0.1.el9_6.1.aarch64.rpm udisks2-2.9.4-11.0.1.el9_6.1.aarch64.rpm udisks2-iscsi-2.9.4-11.0.1.el9_6.1.aarch64.rpm udisks2-lsm-2.9.4-11.0.1.el9_6.1.aarch64.rpm udisks2-lvm2-2.9.4-11.0.1.el9_6.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/udisks2-2.9.4-11.0.1.el9_6.1.src.rpm Related CVEs: CVE-2025-8067 Description of changes: [2.9.4-11.0.1.1] - Enable btrfs support for OL supported arches [Orabug: 37464632] [2.9.4-11.1] - udiskslinuxmanager: Add lower bounds check to fd_index (CVE-2025-8067) (RHEL-109417) [2.9.4-11] - udiskslinuxblockobject: Try issuing BLKRRPART ioctl harder - lvm2: Refactor udisks_daemon_util_lvm2_wipe_block() [2.9.4-10] - tests: Fix targetcli_config.json (RHEL-16229) From el-errata at oss.oracle.com Wed Sep 3 03:40:59 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 02 Sep 2025 20:40:59 -0700 Subject: [El-errata] ELSA-2025-15019 Moderate: Oracle Linux 9 python3.9 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15019 http://linux.oracle.com/errata/ELSA-2025-15019.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: python-unversioned-command-3.9.21-2.el9_6.2.noarch.rpm python3-3.9.21-2.el9_6.2.i686.rpm python3-3.9.21-2.el9_6.2.x86_64.rpm python3-debug-3.9.21-2.el9_6.2.i686.rpm python3-debug-3.9.21-2.el9_6.2.x86_64.rpm python3-devel-3.9.21-2.el9_6.2.i686.rpm python3-devel-3.9.21-2.el9_6.2.x86_64.rpm python3-idle-3.9.21-2.el9_6.2.i686.rpm python3-idle-3.9.21-2.el9_6.2.x86_64.rpm python3-libs-3.9.21-2.el9_6.2.i686.rpm python3-libs-3.9.21-2.el9_6.2.x86_64.rpm python3-test-3.9.21-2.el9_6.2.i686.rpm python3-test-3.9.21-2.el9_6.2.x86_64.rpm python3-tkinter-3.9.21-2.el9_6.2.i686.rpm python3-tkinter-3.9.21-2.el9_6.2.x86_64.rpm aarch64: python-unversioned-command-3.9.21-2.el9_6.2.noarch.rpm python3-3.9.21-2.el9_6.2.aarch64.rpm python3-debug-3.9.21-2.el9_6.2.aarch64.rpm python3-devel-3.9.21-2.el9_6.2.aarch64.rpm python3-idle-3.9.21-2.el9_6.2.aarch64.rpm python3-libs-3.9.21-2.el9_6.2.aarch64.rpm python3-test-3.9.21-2.el9_6.2.aarch64.rpm python3-tkinter-3.9.21-2.el9_6.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/python3.9-3.9.21-2.el9_6.2.src.rpm Related CVEs: CVE-2025-8194 Description of changes: [3.9.21-2.2] - Security fix for CVE-2025-8194 Resolves: RHEL-106375 From el-errata at oss.oracle.com Wed Sep 3 03:41:00 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 02 Sep 2025 20:41:00 -0700 Subject: [El-errata] ELSA-2025-15023 Moderate: Oracle Linux 9 httpd security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15023 http://linux.oracle.com/errata/ELSA-2025-15023.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: httpd-2.4.62-4.0.1.el9_6.4.x86_64.rpm httpd-core-2.4.62-4.0.1.el9_6.4.x86_64.rpm httpd-devel-2.4.62-4.0.1.el9_6.4.x86_64.rpm httpd-filesystem-2.4.62-4.0.1.el9_6.4.noarch.rpm httpd-manual-2.4.62-4.0.1.el9_6.4.noarch.rpm httpd-tools-2.4.62-4.0.1.el9_6.4.x86_64.rpm mod_ldap-2.4.62-4.0.1.el9_6.4.x86_64.rpm mod_lua-2.4.62-4.0.1.el9_6.4.x86_64.rpm mod_proxy_html-2.4.62-4.0.1.el9_6.4.x86_64.rpm mod_session-2.4.62-4.0.1.el9_6.4.x86_64.rpm mod_ssl-2.4.62-4.0.1.el9_6.4.x86_64.rpm aarch64: httpd-2.4.62-4.0.1.el9_6.4.aarch64.rpm httpd-core-2.4.62-4.0.1.el9_6.4.aarch64.rpm httpd-devel-2.4.62-4.0.1.el9_6.4.aarch64.rpm httpd-filesystem-2.4.62-4.0.1.el9_6.4.noarch.rpm httpd-manual-2.4.62-4.0.1.el9_6.4.noarch.rpm httpd-tools-2.4.62-4.0.1.el9_6.4.aarch64.rpm mod_ldap-2.4.62-4.0.1.el9_6.4.aarch64.rpm mod_lua-2.4.62-4.0.1.el9_6.4.aarch64.rpm mod_proxy_html-2.4.62-4.0.1.el9_6.4.aarch64.rpm mod_session-2.4.62-4.0.1.el9_6.4.aarch64.rpm mod_ssl-2.4.62-4.0.1.el9_6.4.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/httpd-2.4.62-4.0.1.el9_6.4.src.rpm Related CVEs: CVE-2024-47252 CVE-2025-23048 CVE-2025-49812 Description of changes: [2.4.62-4.0.1.4] - Replace index.html with Oracle's index page oracle_index.html. [2.4.62-4.4] - Resolves: RHEL-99949 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade [2.4.62-4.1] - Resolves: RHEL-99972 - CVE-2024-47252 httpd: insufficient escaping of user-supplied data in mod_ssl - Resolves: RHEL-99963 - CVE-2025-23048 httpd: access control bypass by trusted clients is possible using TLS 1.3 session resumption - Resolves: RHEL-102079 - stickysession field does not work when specifying it in the query parameter after upgrade to 9.5 [2.4.62-4] - Resolves: RHEL-66488 - Apache HTTPD no longer parse PHP files with unicode characters in the name [2.4.62-3] - Resolves: RHEL-68660 - RewriteRule proxying to UDS (unix domain socket) configured in .htaccess doesn't work on httpd-2.4.62-1 [2.4.62-2] - mod_ssl: fix loading keys via ENGINE API Resolves: RHEL-36755 [2.4.62-1] - new version 2.4.62 - Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix [2.4.59-7] - Resolves: RHEL-49856: htcacheclean.service missing [Install] section [2.4.59-6] - mod_ssl: restore SSL_OP_NO_RENEGOTIATE support Related: RHEL-14668 [2.4.59-5] - mod_ssl: defer ENGINE_finish() calls to a cleanup Resolves: RHEL-36755 [2.4.59-4] - Resolves: RHEL-6575 - [RFE] httpd use systemd-sysusers [2.4.59-3] - Related: RHEL-14668 - RFE: httpd rebase to 2.4.59 [2.4.59-2] - Resolves: RHEL-35870 - httpd mod_cgi/cgid unification [2.4.59-1] - new version 2.4.59 - Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59 - Resolves: RHEL-31856 - httpd: HTTP response splitting (CVE-2023-38709) - Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple modules (CVE-2024-24795) [2.4.57-8] - mod_xml2enc: fix media type handling Resolves: RHEL-17686 - mod_dav: add DavBasePath Resolves: RHEL-6600 [2.4.57-7] - Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) [2.4.57-6] - Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType - mod_dav_fs: add global mutex around lockdb interaction From el-errata at oss.oracle.com Wed Sep 3 03:41:06 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 02 Sep 2025 20:41:06 -0700 Subject: [El-errata] ELSA-2025-14984 Moderate: Oracle Linux 10 python3.12 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-14984 http://linux.oracle.com/errata/ELSA-2025-14984.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: python-unversioned-command-3.12.9-2.0.1.el10_0.3.noarch.rpm python3-3.12.9-2.0.1.el10_0.3.x86_64.rpm python3-debug-3.12.9-2.0.1.el10_0.3.x86_64.rpm python3-devel-3.12.9-2.0.1.el10_0.3.x86_64.rpm python3-idle-3.12.9-2.0.1.el10_0.3.x86_64.rpm python3-libs-3.12.9-2.0.1.el10_0.3.x86_64.rpm python3-test-3.12.9-2.0.1.el10_0.3.x86_64.rpm python3-tkinter-3.12.9-2.0.1.el10_0.3.x86_64.rpm aarch64: python-unversioned-command-3.12.9-2.0.1.el10_0.3.noarch.rpm python3-3.12.9-2.0.1.el10_0.3.aarch64.rpm python3-debug-3.12.9-2.0.1.el10_0.3.aarch64.rpm python3-devel-3.12.9-2.0.1.el10_0.3.aarch64.rpm python3-idle-3.12.9-2.0.1.el10_0.3.aarch64.rpm python3-libs-3.12.9-2.0.1.el10_0.3.aarch64.rpm python3-test-3.12.9-2.0.1.el10_0.3.aarch64.rpm python3-tkinter-3.12.9-2.0.1.el10_0.3.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/python3.12-3.12.9-2.0.1.el10_0.3.src.rpm Related CVEs: CVE-2025-8194 Description of changes: [3.12.9-2.0.1.3] - Remove upstream URL reference [3.12.9-2.3] - Security fix for CVE-2025-8194 Resolves: RHEL-106370 [3.12.9-2.2] - Enable PAC and BTI protections for aarch64 - Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 - Resolves: RHEL-98058, RHEL-98020, RHEL-97809, RHEL-98184, RHEL-98211 [3.12.9-2.1] - Apply Intel's CET for mitigation against control-flow hijacking attacks From el-errata at oss.oracle.com Wed Sep 3 17:48:23 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 3 Sep 2025 21:48:23 +0400 Subject: [El-errata] New Ksplice updates for RHCK 9 (ELSA-2025-14420) Message-ID: Synopsis: ELSA-2025-14420 can now be patched using Ksplice CVEs: CVE-2022-49402 CVE-2025-37914 CVE-2025-38417 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-14420. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-14420.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2022-49402: Kernel crash in Kernel Function Tracer driver. * CVE-2025-37914: Use-after-free in Enhanced transmission selection scheduler (ETS) driver. * CVE-2025-38417: Memory leak in Switchdev driver. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Thu Sep 4 08:35:28 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 04 Sep 2025 01:35:28 -0700 Subject: [El-errata] ELSA-2025-10357 Important: Oracle Linux 7 pam security update Message-ID: Oracle Linux Security Advisory ELSA-2025-10357 http://linux.oracle.com/errata/ELSA-2025-10357.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: pam-1.1.8-23.0.3.el7.i686.rpm pam-1.1.8-23.0.3.el7.x86_64.rpm pam-devel-1.1.8-23.0.3.el7.i686.rpm pam-devel-1.1.8-23.0.3.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/pam-1.1.8-23.0.3.el7.src.rpm Related CVEs: CVE-2025-6020 Description of changes: [1.1.8-23.0.3] - pam_namespace: fix potential privilege escalation CVE-2025-6020 [Orabug: 38156729] From el-errata at oss.oracle.com Thu Sep 4 08:35:36 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 04 Sep 2025 01:35:36 -0700 Subject: [El-errata] ELSA-2025-15008 Moderate: Oracle Linux 8 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15008 http://linux.oracle.com/errata/ELSA-2025-15008.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-abi-stablelists-4.18.0-553.72.1.el8_10.noarch.rpm kernel-core-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-cross-headers-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-debug-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-debug-core-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-debug-devel-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-debug-modules-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-devel-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-doc-4.18.0-553.72.1.el8_10.noarch.rpm kernel-headers-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-modules-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-modules-extra-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-tools-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-tools-libs-4.18.0-553.72.1.el8_10.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.72.1.el8_10.x86_64.rpm perf-4.18.0-553.72.1.el8_10.x86_64.rpm python3-perf-4.18.0-553.72.1.el8_10.x86_64.rpm aarch64: bpftool-4.18.0-553.72.1.el8_10.aarch64.rpm kernel-cross-headers-4.18.0-553.72.1.el8_10.aarch64.rpm kernel-headers-4.18.0-553.72.1.el8_10.aarch64.rpm kernel-tools-4.18.0-553.72.1.el8_10.aarch64.rpm kernel-tools-libs-4.18.0-553.72.1.el8_10.aarch64.rpm kernel-tools-libs-devel-4.18.0-553.72.1.el8_10.aarch64.rpm perf-4.18.0-553.72.1.el8_10.aarch64.rpm python3-perf-4.18.0-553.72.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.72.1.el8_10.src.rpm Related CVEs: CVE-2025-38211 CVE-2025-38332 CVE-2025-38464 CVE-2025-38477 Description of changes: [4.18.0-553.72.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772] [4.18.0-553.72.1.el8_10] - scsi: lpfc: Use memcpy() for BIOS version (Ewan D. Milne) [RHEL-105927] {CVE-2025-38332} - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (David Arcari) [RHEL-103371] - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Michal Schmidt) [RHEL-104260] {CVE-2025-38211} - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (Michal Schmidt) [RHEL-104260] {CVE-2024-47696} - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Michal Schmidt) [RHEL-104260] {CVE-2024-42285} - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (CKI Backport Bot) [RHEL-106312] {CVE-2025-38477} - net/sched: sch_qfq: Fix race condition on qfq_aggregate (CKI Backport Bot) [RHEL-106312] {CVE-2025-38477} - cxgb4: use port number to set mac addr (CKI Backport Bot) [RHEL-75976] - net/sched: Abort __tc_modify_qdisc if parent class does not exist (CKI Backport Bot) [RHEL-107894] - aacraid: fix a buffer overflow (Tomas Henzl) [RHEL-62313] - filemap: remove use of wait bookmarks (Brian Foster) [RHEL-107181] - x86/efistub: Omit physical KASLR when memory reservations exist (Ricardo Robaina) [RHEL-82369] - efi/libstub: Check return value of efi_parse_options (Ricardo Robaina) [RHEL-82369] - efi/x86: Support builtin command line (Ricardo Robaina) [RHEL-82369] - tipc: Fix use-after-free in tipc_conn_close(). (CKI Backport Bot) [RHEL-106635] {CVE-2025-38464} - sbitmap: remove stale comment in sbq_calc_wake_batch (Ming Lei) [RHEL-81758] - block: Fix lockdep warning in blk_mq_mark_tag_wait (Ming Lei) [RHEL-81758] - blk-mq: fix potential io hang by wrong 'wake_batch' (Ming Lei) [RHEL-81758] - lib/sbitmap: define swap_lock as raw_spinlock_t (Ming Lei) [RHEL-81758] - sbitmap: fix io hung due to race on sbitmap_word::cleared (Ming Lei) [RHEL-81758] - sbitmap: use READ_ONCE to access map->word (Ming Lei) [RHEL-81758] - sbitmap: fix batching wakeup (Ming Lei) [RHEL-81758] - sbitmap: correct wake_batch recalculation to avoid potential IO hung (Ming Lei) [RHEL-81758] - sbitmap: add sbitmap_find_bit to remove repeat code in __sbitmap_get/__sbitmap_get_shallow (Ming Lei) [RHEL-81758] - sbitmap: rewrite sbitmap_find_bit_in_index to reduce repeat code (Ming Lei) [RHEL-81758] - sbitmap: remove redundant check in __sbitmap_queue_get_batch (Ming Lei) [RHEL-81758] - sbitmap: remove unnecessary calculation of alloc_hint in __sbitmap_get_shallow (Ming Lei) [RHEL-81758] - sbitmap: Use atomic_long_try_cmpxchg in __sbitmap_queue_get_batch (Ming Lei) [RHEL-81758] - sbitmap: remove unnecessary code in __sbitmap_queue_get_batch (Ming Lei) [RHEL-81758] - lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (Ming Lei) [RHEL-81758] - lib/sbitmap: kill 'depth' from sbitmap_word (Ming Lei) [RHEL-81758] - sbitmap: add __sbitmap_queue_get_batch() (Ming Lei) [RHEL-81758] - sbitmap: Try each queue to wake up at least one waiter (Ming Lei) [RHEL-81758] - wait: Return number of exclusive waiters awaken (Ming Lei) [RHEL-81758] - sched/wait: Deduplicate code with do-while (Ming Lei) [RHEL-81758] - sbitmap: Advance the queue index before waking up a queue (Ming Lei) [RHEL-81758] - sbitmap: Use single per-bitmap counting to wake up queued tags (Ming Lei) [RHEL-81758] - blk-mq: Fix wrong wakeup batch configuration which will cause hang (Ming Lei) [RHEL-81758] - blk-mq: fix tag_get wait task can't be awakened (Ming Lei) [RHEL-81758] From el-errata at oss.oracle.com Thu Sep 4 08:35:38 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 04 Sep 2025 01:35:38 -0700 Subject: [El-errata] ELSA-2025-15021 Important: Oracle Linux 8 postgresql:13 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15021 http://linux.oracle.com/errata/ELSA-2025-15021.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: pgaudit-1.5.0-1.module+el8.9.0+90098+1560b6c2.x86_64.rpm pg_repack-1.4.6-3.module+el8.9.0+90098+1560b6c2.x86_64.rpm postgres-decoderbufs-0.10.0-2.module+el8.9.0+90098+1560b6c2.x86_64.rpm postgresql-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm postgresql-contrib-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm postgresql-docs-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm postgresql-plperl-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm postgresql-plpython3-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm postgresql-pltcl-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm postgresql-server-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm postgresql-server-devel-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm postgresql-static-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm postgresql-test-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm postgresql-test-rpm-macros-13.22-1.module+el8.10.0+90650+9f37c94f.noarch.rpm postgresql-upgrade-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm postgresql-upgrade-devel-13.22-1.module+el8.10.0+90650+9f37c94f.x86_64.rpm aarch64: pgaudit-1.5.0-1.module+el8.9.0+90098+1560b6c2.aarch64.rpm pg_repack-1.4.6-3.module+el8.9.0+90098+1560b6c2.aarch64.rpm postgres-decoderbufs-0.10.0-2.module+el8.9.0+90098+1560b6c2.aarch64.rpm postgresql-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm postgresql-contrib-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm postgresql-docs-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm postgresql-plperl-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm postgresql-plpython3-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm postgresql-pltcl-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm postgresql-server-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm postgresql-server-devel-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm postgresql-static-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm postgresql-test-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm postgresql-test-rpm-macros-13.22-1.module+el8.10.0+90650+9f37c94f.noarch.rpm postgresql-upgrade-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm postgresql-upgrade-devel-13.22-1.module+el8.10.0+90650+9f37c94f.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/pgaudit-1.5.0-1.module+el8.9.0+90098+1560b6c2.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/pg_repack-1.4.6-3.module+el8.9.0+90098+1560b6c2.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/postgres-decoderbufs-0.10.0-2.module+el8.9.0+90098+1560b6c2.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/postgresql-13.22-1.module+el8.10.0+90650+9f37c94f.src.rpm Related CVEs: CVE-2025-8714 CVE-2025-8715 Description of changes: pgaudit [1.5.0-1] - Update to version 1.5.0 Related: #1855776 pg_repack [1.4.6-3] - Release bump - enable gating [1.4.6-2] - Rebuild - Resolves:#1954442 [1.4.6-1] - Rebase to upstream release 1.4.6 [1.4.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [1.4.5-1] - Initial packaging postgres-decoderbufs [0.10.0-2] - Release bump for rebuild against libpq-12.1-3 * Wed Oct 09 2019 Patrik Novotn? Oracle Linux Security Advisory ELSA-2025-15022 http://linux.oracle.com/errata/ELSA-2025-15022.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: pgaudit-1.7.0-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm pg_repack-1.4.8-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgres-decoderbufs-1.9.7-1.Final.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-contrib-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-docs-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-plperl-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-plpython3-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-pltcl-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-private-devel-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-private-libs-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-server-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-server-devel-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-static-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-test-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-test-rpm-macros-15.14-1.module+el8.10.0+90649+ea50904a.noarch.rpm postgresql-upgrade-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm postgresql-upgrade-devel-15.14-1.module+el8.10.0+90649+ea50904a.x86_64.rpm aarch64: pgaudit-1.7.0-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm pg_repack-1.4.8-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgres-decoderbufs-1.9.7-1.Final.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-contrib-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-docs-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-plperl-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-plpython3-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-pltcl-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-private-devel-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-private-libs-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-server-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-server-devel-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-static-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-test-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-test-rpm-macros-15.14-1.module+el8.10.0+90649+ea50904a.noarch.rpm postgresql-upgrade-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm postgresql-upgrade-devel-15.14-1.module+el8.10.0+90649+ea50904a.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/pgaudit-1.7.0-1.module+el8.9.0+90110+d8a562d5.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/pg_repack-1.4.8-1.module+el8.9.0+90110+d8a562d5.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/postgres-decoderbufs-1.9.7-1.Final.module+el8.9.0+90110+d8a562d5.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/postgresql-15.14-1.module+el8.10.0+90649+ea50904a.src.rpm Related CVEs: CVE-2025-8714 CVE-2025-8715 Description of changes: pgaudit [1.7.0-1] - Update to 1.7.0 - Support postgresql 15 - Related: #2128241 pg_repack [1.4.8-1] - Update to version 1.4.8 - Postgresql 15 is supported - Related: #2128241 [1.4.6-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 postgres-decoderbufs [1.9.7-1.Final] - Iitial import for postgresql 15 stream - Related: #2128241 [1.4.0-4.Final] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1.4.0-3.Final] - Build jit based on what postgresql server does Related: #1933048 [1.4.0-2.Final] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [1.4.0-1.Final] - Update to new release 1.4.0 [1.1.0-0.6.Final] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [1.1.0-0.5.Final] - Rebuilt for protobuf 3.14 [1.1.0-0.4.Final] - Rebuilt for protobuf 3.13 [1.1.0-0.3.Final] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [1.1.0-0.2.Final] - Rebuilt for protobuf 3.12 [1.1.0-0.1.Final] - Update to 1.1.0.Final [1.0.0-0.1.Beta3] - Update to 1.0.0-Beta3 - Drop BR: postgis-devel [0.10.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [0.10.0-1] [0.9.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [0.9.5-1] - Initial RPM packaging postgresql [15.14-1] - Update to 15.14 From el-errata at oss.oracle.com Thu Sep 4 08:35:43 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 04 Sep 2025 01:35:43 -0700 Subject: [El-errata] ELSA-2025-15115 Important: Oracle Linux 8 postgresql:12 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15115 http://linux.oracle.com/errata/ELSA-2025-15115.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: pgaudit-1.4.0-7.module+el8.10.0+90397+67dad74f.x86_64.rpm pg_repack-1.4.6-3.module+el8.9.0+90107+c48bae1a.x86_64.rpm postgres-decoderbufs-0.10.0-2.module+el8.9.0+90107+c48bae1a.x86_64.rpm postgresql-12.22-5.module+el8.10.0+90651+1a81e7f2.x86_64.rpm postgresql-contrib-12.22-5.module+el8.10.0+90651+1a81e7f2.x86_64.rpm postgresql-docs-12.22-5.module+el8.10.0+90651+1a81e7f2.x86_64.rpm postgresql-plperl-12.22-5.module+el8.10.0+90651+1a81e7f2.x86_64.rpm postgresql-plpython3-12.22-5.module+el8.10.0+90651+1a81e7f2.x86_64.rpm postgresql-pltcl-12.22-5.module+el8.10.0+90651+1a81e7f2.x86_64.rpm postgresql-server-12.22-5.module+el8.10.0+90651+1a81e7f2.x86_64.rpm postgresql-server-devel-12.22-5.module+el8.10.0+90651+1a81e7f2.x86_64.rpm postgresql-static-12.22-5.module+el8.10.0+90651+1a81e7f2.x86_64.rpm postgresql-test-12.22-5.module+el8.10.0+90651+1a81e7f2.x86_64.rpm postgresql-test-rpm-macros-12.22-5.module+el8.10.0+90651+1a81e7f2.noarch.rpm postgresql-upgrade-12.22-5.module+el8.10.0+90651+1a81e7f2.x86_64.rpm postgresql-upgrade-devel-12.22-5.module+el8.10.0+90651+1a81e7f2.x86_64.rpm aarch64: pgaudit-1.4.0-7.module+el8.10.0+90397+67dad74f.aarch64.rpm pg_repack-1.4.6-3.module+el8.9.0+90107+c48bae1a.aarch64.rpm postgres-decoderbufs-0.10.0-2.module+el8.9.0+90107+c48bae1a.aarch64.rpm postgresql-12.22-5.module+el8.10.0+90651+1a81e7f2.aarch64.rpm postgresql-contrib-12.22-5.module+el8.10.0+90651+1a81e7f2.aarch64.rpm postgresql-docs-12.22-5.module+el8.10.0+90651+1a81e7f2.aarch64.rpm postgresql-plperl-12.22-5.module+el8.10.0+90651+1a81e7f2.aarch64.rpm postgresql-plpython3-12.22-5.module+el8.10.0+90651+1a81e7f2.aarch64.rpm postgresql-pltcl-12.22-5.module+el8.10.0+90651+1a81e7f2.aarch64.rpm postgresql-server-12.22-5.module+el8.10.0+90651+1a81e7f2.aarch64.rpm postgresql-server-devel-12.22-5.module+el8.10.0+90651+1a81e7f2.aarch64.rpm postgresql-static-12.22-5.module+el8.10.0+90651+1a81e7f2.aarch64.rpm postgresql-test-12.22-5.module+el8.10.0+90651+1a81e7f2.aarch64.rpm postgresql-test-rpm-macros-12.22-5.module+el8.10.0+90651+1a81e7f2.noarch.rpm postgresql-upgrade-12.22-5.module+el8.10.0+90651+1a81e7f2.aarch64.rpm postgresql-upgrade-devel-12.22-5.module+el8.10.0+90651+1a81e7f2.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/pgaudit-1.4.0-7.module+el8.10.0+90397+67dad74f.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/pg_repack-1.4.6-3.module+el8.9.0+90107+c48bae1a.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/postgres-decoderbufs-0.10.0-2.module+el8.9.0+90107+c48bae1a.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/postgresql-12.22-5.module+el8.10.0+90651+1a81e7f2.src.rpm Related CVEs: CVE-2025-8714 CVE-2025-8715 Description of changes: pgaudit pg_repack postgres-decoderbufs postgresql [12.22-5] - Fix previous Backport [12.22-4] - Backport CVE-2025-8715 From el-errata at oss.oracle.com Thu Sep 4 08:35:50 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 04 Sep 2025 01:35:50 -0700 Subject: [El-errata] ELSA-2025-15011 Important: Oracle Linux 9 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15011 http://linux.oracle.com/errata/ELSA-2025-15011.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-abi-stablelists-5.14.0-570.39.1.0.1.el9_6.noarch.rpm kernel-core-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-cross-headers-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-debug-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-debug-core-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-matched-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-core-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-extra-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-debug-uki-virt-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-devel-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-devel-matched-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-doc-5.14.0-570.39.1.0.1.el9_6.noarch.rpm kernel-headers-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-modules-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-modules-core-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-modules-extra-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-tools-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-devel-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-addons-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm libperf-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm perf-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm python3-perf-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm rtla-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm rv-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm aarch64: kernel-cross-headers-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm kernel-headers-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm kernel-tools-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-devel-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm libperf-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm perf-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm python3-perf-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm rtla-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm rv-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-570.39.1.0.1.el9_6.src.rpm Related CVEs: CVE-2025-37823 CVE-2025-38200 CVE-2025-38211 CVE-2025-38350 CVE-2025-38461 CVE-2025-38464 CVE-2025-38500 Description of changes: [5.14.0-570.39.1.0.1.el9_6.OL9] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764] [5.14.0-570.39.1.el9_6] - xfrm: interface: fix use-after-free after changing collect_md xfrm interface (CKI Backport Bot) [RHEL-109529] {CVE-2025-38500} - Merge: net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response [rhel-9.6.z] (Maxim Levitsky) [RHEL-58904] - s390/pci: Serialize device addition and removal (Mete Durlu) [RHEL-102036] - s390/pci: Allow re-add of a reserved but not yet removed device (Mete Durlu) [RHEL-102036] - s390/pci: Prevent self deletion in disable_slot() (Mete Durlu) [RHEL-102036] - s390/pci: Remove redundant bus removal and disable from zpci_release_device() (Mete Durlu) [RHEL-102036] - s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (Thomas Huth) [RHEL-102036] {CVE-2025-37946} - s390/pci: Fix missing check for zpci_create_device() error return (Mete Durlu) [RHEL-102036] {CVE-2025-37974} - s390/pci: Fix potential double remove of hotplug slot (Thomas Huth) [RHEL-102036] {CVE-2024-56699} - s390/pci: remove hotplug slot when releasing the device (Thomas Huth) [RHEL-102036] - s390/pci: introduce lock to synchronize state of zpci_dev's (Thomas Huth) [RHEL-102036] - s390/pci: rename lock member in struct zpci_dev (Thomas Huth) [RHEL-102036] - net/sched: Abort __tc_modify_qdisc if parent class does not exist (CKI Backport Bot) [RHEL-107895] - i40e: report VF tx_dropped with tx_errors instead of tx_discards (Dennis Chen) [RHEL-105137] - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (Mete Durlu) [RHEL-94815] - s390/pci: Fix handling of isolated VFs (CKI Backport Bot) [RHEL-85387] - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (CKI Backport Bot) [RHEL-85387] - s390/pci: Fix SR-IOV for PFs initially in standby (CKI Backport Bot) [RHEL-85387] - tipc: Fix use-after-free in tipc_conn_close(). (CKI Backport Bot) [RHEL-106651] {CVE-2025-38464} - Revert "smb: client: fix TCP timers deadlock after rmmod" (Paulo Alcantara) [RHEL-106415] {CVE-2025-22077} - Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" (Paulo Alcantara) [RHEL-106415] - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (Paulo Alcantara) [RHEL-106415] - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (David Arcari) [RHEL-103555] [5.14.0-570.38.1.el9_6] - net/sched: ets: use old 'nbands' while purging unused classes (CKI Backport Bot) [RHEL-107537] {CVE-2025-38350} - net/sched: Always pass notifications when child class becomes empty (Ivan Vecera) [RHEL-93387] {CVE-2025-38350} - net_sched: ets: fix a race in ets_qdisc_change() (Ivan Vecera) [RHEL-107537] {CVE-2025-38107} - sch_htb: make htb_deactivate() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-37953} - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Ivan Vecera) [RHEL-93387] {CVE-2025-37798} - sch_qfq: make qfq_qlen_notify() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-38350} - sch_drr: make drr_qlen_notify() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-38350} - sch_htb: make htb_qlen_notify() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-37932} - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CKI Backport Bot) [RHEL-107630] {CVE-2025-37823} - i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CKI Backport Bot) [RHEL-106046] {CVE-2025-38200} - vsock: Fix transport_* TOCTOU (CKI Backport Bot) [RHEL-106003] {CVE-2025-38461} - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CKI Backport Bot) [RHEL-104273] {CVE-2025-38211} From el-errata at oss.oracle.com Thu Sep 4 08:35:51 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 04 Sep 2025 01:35:51 -0700 Subject: [El-errata] ELSA-2025-15099 Important: Oracle Linux 9 pam security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15099 http://linux.oracle.com/errata/ELSA-2025-15099.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: pam-1.5.1-26.0.1.el9_6.i686.rpm pam-1.5.1-26.0.1.el9_6.x86_64.rpm pam-devel-1.5.1-26.0.1.el9_6.i686.rpm pam-devel-1.5.1-26.0.1.el9_6.x86_64.rpm pam-docs-1.5.1-26.0.1.el9_6.x86_64.rpm aarch64: pam-1.5.1-26.0.1.el9_6.aarch64.rpm pam-devel-1.5.1-26.0.1.el9_6.aarch64.rpm pam-docs-1.5.1-26.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/pam-1.5.1-26.0.1.el9_6.src.rpm Related CVEs: CVE-2025-6020 CVE-2025-8941 Description of changes: [1.5.1-26.0.1] - pam_limits: fix use after free in pam_sm_open_session [Orabug: 36406534] [1.5.1-26] - pam_namespace: fix potential privilege escalation. Resolves: CVE-2025-6020 and RHEL-96729 From el-errata at oss.oracle.com Thu Sep 4 08:35:57 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 04 Sep 2025 01:35:57 -0700 Subject: [El-errata] ELSA-2025-15020 Important: Oracle Linux 10 udisks2 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15020 http://linux.oracle.com/errata/ELSA-2025-15020.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: libudisks2-2.10.90-5.0.1.el10_0.1.x86_64.rpm libudisks2-devel-2.10.90-5.0.1.el10_0.1.x86_64.rpm udisks2-2.10.90-5.0.1.el10_0.1.x86_64.rpm udisks2-iscsi-2.10.90-5.0.1.el10_0.1.x86_64.rpm udisks2-lsm-2.10.90-5.0.1.el10_0.1.x86_64.rpm udisks2-lvm2-2.10.90-5.0.1.el10_0.1.x86_64.rpm aarch64: libudisks2-2.10.90-5.0.1.el10_0.1.aarch64.rpm libudisks2-devel-2.10.90-5.0.1.el10_0.1.aarch64.rpm udisks2-2.10.90-5.0.1.el10_0.1.aarch64.rpm udisks2-iscsi-2.10.90-5.0.1.el10_0.1.aarch64.rpm udisks2-lsm-2.10.90-5.0.1.el10_0.1.aarch64.rpm udisks2-lvm2-2.10.90-5.0.1.el10_0.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/udisks2-2.10.90-5.0.1.el10_0.1.src.rpm Related CVEs: CVE-2025-8067 Description of changes: [2.10.90-5.0.1.1] - Enable btrfs support for OL supported arches [Orabug: 37464632] [2.10.90-5.1] - udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067) [2.10.90-5] - mdraid: Avoid acquiring system inhibit lock for external array operations (RHEL-74012) [2.10.90-4] - Rebase to upstream 2.10.90 (pre-)release - lvm2: Try opening for unused device detection harder (RHEL-39935) [2.10.90-3.gitdb54112e] - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018 [2.10.90-2.gitdb54112e] - Fix Requires: for modules - Fix gating tests [2.10.90-1.gitdb54112e] - Rebase to git snapshot as of 2024-07-25 [2.10.1-5] - Bump release for June 2024 mass rebuild [2.10.1-4] - Use SPDX license tags for subpackages [2.10.1-3] - Use a SPDX license tag - udiskslinuxblockobject: Try issuing BLKRRPART ioctl harder - udiskslinuxmanager: Fix use after free - tests: Fix targetcli_config.json [2.10.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [2.10.1-1] - Version 2.10.1 - Default to ntfs-3g for stability reasons (#2182206) - Use Recommends: for filesystem tools (#2169848) [2.10.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild [2.10.0-1] - Version 2.10.0 [2.9.4-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild [2.9.4-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild [2.9.4-4] - Fix gtk-doc annotations [2.9.4-3] - Require ntfs-3g (#2058506) [2.9.4-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild [2.9.4-1] - Version 2.9.4 - Fixes CVE-2021-3802 (#2003650) [2.9.3-1] - Version 2.9.3 [2.9.2-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild [2.9.2-5] - Switch the default encryption to LUKS2 [2.9.2-4] - Fix a couple of issues found by Coverity - Ignore systemd "Extended Boot Loader" GPT partition [2.9.2-3] - Fix FAT mkfs with dosfstools >= 4.2 - udiskslinuxdriveata: Use GTask to apply configuration in a thread - Limit allowed module names - 80-udisks2.rules: Ignore Apple boot partition from livecd-tools [2.9.2-2] - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. [2.9.2-1] - Version 2.9.2 [2.9.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [2.9.1-2] - Fix conditional around polkit Recommends for building on EL7 [2.9.1-1] - Version 2.9.1 - Renamed zram-setup at .service to udisks2-zram-setup at .service [2.9.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [2.9.0-1] - Version 2.9.0 [2.8.4-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [2.8.4-3] - Don't trigger udev if socket is not accessible [2.8.4-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [2.8.4-1] - Version 2.8.4 [2.8.3-1] - Version 2.8.3 [2.8.2-2] - Update for tmpfiles.d snippet [2.8.2-1] - Version 2.8.2 [2.8.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [2.8.1-1] - Version 2.8.1 [2.8.0-2] - Backport PR #576 to fix udev multipath device check (see RHBZ#1628192) [2.8.0-1] - Version 2.8.0 [2.7.7-3] - Rebuild for new libconfig [2.7.7-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [2.7.7-1] - Version 2.7.7 [2.7.6-1] - Version 2.7.6 [2.7.5-2] - Switch to %ldconfig_scriptlets [2.7.5-1] - Version 2.7.5 [2.7.4-1] - Version 2.7.4 [2.7.3-1] - Version 2.7.3 [2.7.2-1] - Version 2.7.2 [2.7.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [2.7.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.7.1-1] - Version 2.7.1 [2.7.0-3] - Do not try to remove changed_blacklist hash table in finalize [2.7.0-2] - Fix how UDisksClient filters property changes [2.7.0-1] - Version 2.7.0 [2.6.5-1] - Version 2.6.5 [2.6.4-1] - Version 2.6.4 [2.6.3-1] - Version 2.6.3 [2.6.2-1] - Version 2.6.2; aimed to replace udisks2 [2.6.0-3] - Add support for libblockdev-part plugin which replaces parted calls [2.6.0-2] - Fix permissions set for storaged_lsm.conf so it is readable only by root [2.6.0-1] - Upgrade to 2.6.0 [2.5.0-3] - Package template zram-setup at .service file [2.5.0-2] - Add udisksd configuration file and its man page [2.5.0-1] - UDisks2 drop-in replacement [2.4.0-3] - Redesign subpackage dependencies - Make GTK documentation generation configurable [2.4.0-2] - Reload udev rules and trigger events when installed [2.4.0-1] - Upgrade to 2.4.0 [2.3.0-2] - Add Fedora/RHEL package configuration options [2.3.0-1] - Change BuildRequires from pkgconfig macro to -devel packages - Upgrade to 2.3.0 [2.2.0-1] - Upgrade to 2.2.0 [2.1.1-1] - Upgrade to 2.1.1 [2.1.0-4] - Add Requires for storaged modules [2.1.0-3] - Changes for EPEL-7 - Lower systemd required version to 208 - Rewrite BuildRequires for systemd-devel [2.1.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.1.0-1] - Update to upstream 2.1.0 [2.0.0-1] - Rebase to the new Storaged implementation - Upstream: https://storaged.org [0.3.1-1] - Update to upstream 0.3.1 [0.3.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [0.3.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [0.3.0-1] - Update to upstream 0.3.0 [0.2.0-1] - Update to upstream 0.2.0 [0.1.0-2] - Removed double systemd BuildRequire - Rewritten summary and description [0.1.0-1] - Rename from udisks2-lvm From el-errata at oss.oracle.com Thu Sep 4 08:35:58 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 04 Sep 2025 01:35:58 -0700 Subject: [El-errata] ELSA-2025-15095 Moderate: Oracle Linux 10 httpd security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15095 http://linux.oracle.com/errata/ELSA-2025-15095.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: httpd-2.4.63-1.0.1.el10_0.2.x86_64.rpm httpd-core-2.4.63-1.0.1.el10_0.2.x86_64.rpm httpd-devel-2.4.63-1.0.1.el10_0.2.x86_64.rpm httpd-filesystem-2.4.63-1.0.1.el10_0.2.noarch.rpm httpd-manual-2.4.63-1.0.1.el10_0.2.noarch.rpm httpd-tools-2.4.63-1.0.1.el10_0.2.x86_64.rpm mod_ldap-2.4.63-1.0.1.el10_0.2.x86_64.rpm mod_lua-2.4.63-1.0.1.el10_0.2.x86_64.rpm mod_proxy_html-2.4.63-1.0.1.el10_0.2.x86_64.rpm mod_session-2.4.63-1.0.1.el10_0.2.x86_64.rpm mod_ssl-2.4.63-1.0.1.el10_0.2.x86_64.rpm aarch64: httpd-2.4.63-1.0.1.el10_0.2.aarch64.rpm httpd-core-2.4.63-1.0.1.el10_0.2.aarch64.rpm httpd-devel-2.4.63-1.0.1.el10_0.2.aarch64.rpm httpd-filesystem-2.4.63-1.0.1.el10_0.2.noarch.rpm httpd-manual-2.4.63-1.0.1.el10_0.2.noarch.rpm httpd-tools-2.4.63-1.0.1.el10_0.2.aarch64.rpm mod_ldap-2.4.63-1.0.1.el10_0.2.aarch64.rpm mod_lua-2.4.63-1.0.1.el10_0.2.aarch64.rpm mod_proxy_html-2.4.63-1.0.1.el10_0.2.aarch64.rpm mod_session-2.4.63-1.0.1.el10_0.2.aarch64.rpm mod_ssl-2.4.63-1.0.1.el10_0.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/httpd-2.4.63-1.0.1.el10_0.2.src.rpm Related CVEs: CVE-2024-47252 CVE-2025-23048 CVE-2025-49812 Description of changes: [2.4.63-1.0.1.2] - Replace index.html with Oracle's index page oracle_index.html. From el-errata at oss.oracle.com Fri Sep 5 03:32:06 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 04 Sep 2025 20:32:06 -0700 Subject: [El-errata] ELSA-2025-15123 Moderate: Oracle Linux 8 httpd:2.4 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15123 http://linux.oracle.com/errata/ELSA-2025-15123.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: httpd-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm mod_http2-1.15.7-10.module+el8.10.0+90652+bef864ba.4.x86_64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm aarch64: httpd-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm mod_http2-1.15.7-10.module+el8.10.0+90652+bef864ba.4.aarch64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/httpd-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/mod_http2-1.15.7-10.module+el8.10.0+90652+bef864ba.4.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm Related CVEs: CVE-2024-47252 CVE-2025-23048 CVE-2025-49630 CVE-2025-49812 Description of changes: httpd [2.4.37-65.5.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65.5] - Resolves: RHEL-99944 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade - Resolves: RHEL-99969 - CVE-2024-47252 httpd: insufficient escaping of user-supplied data in mod_ssl - Resolves: RHEL-99961 - CVE-2025-23048 httpd: access control bypass by trusted clients is possible using TLS 1.3 session resumption [2.4.37-65.4] - Resolves: RHEL-87641 - apache Bug 63192 - mod_ratelimit breaks HEAD requests [2.4.37-65.3] - Resolves: RHEL-56068 - Apache HTTPD no longer parse PHP files with unicode characters in the name [2.4.37-65.2] - Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend applications whose response headers are malicious or exploitable (CVE-2024-38476) - Resolves: RHEL-53022 - Regression introduced by CVE-2024-38474 fix [2.4.37-65.1] - Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474) - Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in mod_proxy (CVE-2024-38473) - Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475) - Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference in mod_proxy (CVE-2024-38477) - Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF in mod_rewrite (CVE-2024-39573) mod_http2 [1.15.7-10.4] - Resolves: RHEL-105186 - httpd:2.4/httpd: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module (CVE-2025-49630) [1.15.7-10.3] - Resolves: RHEL-58454 - mod_proxy_http2 failures after CVE-2024-38477 fix - Resolves: RHEL-59017 - random failures in other requests on http/2 stream when client resets one request [1.15.7-10.2] - Resolves: RHEL-71575: Wrong Content-Type when proxying using H2 protocol [1.15.7-10.1] - Resolves: RHEL-46214 - Access logs and ErrorDocument don't work when HTTP431 occurs using http/2 on RHEL8 mod_md From el-errata at oss.oracle.com Fri Sep 5 03:32:13 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 04 Sep 2025 20:32:13 -0700 Subject: [El-errata] ELBA-2025-15008-1 Oracle Linux 8 kernel bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15008-1 http://linux.oracle.com/errata/ELBA-2025-15008-1.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-abi-stablelists-4.18.0-553.72.1.0.1.el8_10.noarch.rpm kernel-core-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-cross-headers-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-debug-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-debug-core-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-debug-devel-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-debug-modules-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-devel-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-doc-4.18.0-553.72.1.0.1.el8_10.noarch.rpm kernel-headers-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-modules-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-modules-extra-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-tools-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-tools-libs-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm perf-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm python3-perf-4.18.0-553.72.1.0.1.el8_10.x86_64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.72.1.0.1.el8_10.src.rpm Description of changes: [4.18.0-553.72.1.0.1.el8_10.OL8] - scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230] [4.18.0-553.72.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772] [4.18.0-553.72.1.el8_10] - scsi: lpfc: Use memcpy() for BIOS version (Ewan D. Milne) [RHEL-105927] {CVE-2025-38332} - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (David Arcari) [RHEL-103371] - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Michal Schmidt) [RHEL-104260] {CVE-2025-38211} - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (Michal Schmidt) [RHEL-104260] {CVE-2024-47696} - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Michal Schmidt) [RHEL-104260] {CVE-2024-42285} - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (CKI Backport Bot) [RHEL-106312] {CVE-2025-38477} - net/sched: sch_qfq: Fix race condition on qfq_aggregate (CKI Backport Bot) [RHEL-106312] {CVE-2025-38477} - cxgb4: use port number to set mac addr (CKI Backport Bot) [RHEL-75976] - net/sched: Abort __tc_modify_qdisc if parent class does not exist (CKI Backport Bot) [RHEL-107894] - aacraid: fix a buffer overflow (Tomas Henzl) [RHEL-62313] - filemap: remove use of wait bookmarks (Brian Foster) [RHEL-107181] - x86/efistub: Omit physical KASLR when memory reservations exist (Ricardo Robaina) [RHEL-82369] - efi/libstub: Check return value of efi_parse_options (Ricardo Robaina) [RHEL-82369] - efi/x86: Support builtin command line (Ricardo Robaina) [RHEL-82369] - tipc: Fix use-after-free in tipc_conn_close(). (CKI Backport Bot) [RHEL-106635] {CVE-2025-38464} - sbitmap: remove stale comment in sbq_calc_wake_batch (Ming Lei) [RHEL-81758] - block: Fix lockdep warning in blk_mq_mark_tag_wait (Ming Lei) [RHEL-81758] - blk-mq: fix potential io hang by wrong 'wake_batch' (Ming Lei) [RHEL-81758] - lib/sbitmap: define swap_lock as raw_spinlock_t (Ming Lei) [RHEL-81758] - sbitmap: fix io hung due to race on sbitmap_word::cleared (Ming Lei) [RHEL-81758] - sbitmap: use READ_ONCE to access map->word (Ming Lei) [RHEL-81758] - sbitmap: fix batching wakeup (Ming Lei) [RHEL-81758] - sbitmap: correct wake_batch recalculation to avoid potential IO hung (Ming Lei) [RHEL-81758] - sbitmap: add sbitmap_find_bit to remove repeat code in __sbitmap_get/__sbitmap_get_shallow (Ming Lei) [RHEL-81758] - sbitmap: rewrite sbitmap_find_bit_in_index to reduce repeat code (Ming Lei) [RHEL-81758] - sbitmap: remove redundant check in __sbitmap_queue_get_batch (Ming Lei) [RHEL-81758] - sbitmap: remove unnecessary calculation of alloc_hint in __sbitmap_get_shallow (Ming Lei) [RHEL-81758] - sbitmap: Use atomic_long_try_cmpxchg in __sbitmap_queue_get_batch (Ming Lei) [RHEL-81758] - sbitmap: remove unnecessary code in __sbitmap_queue_get_batch (Ming Lei) [RHEL-81758] - lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (Ming Lei) [RHEL-81758] - lib/sbitmap: kill 'depth' from sbitmap_word (Ming Lei) [RHEL-81758] - sbitmap: add __sbitmap_queue_get_batch() (Ming Lei) [RHEL-81758] - sbitmap: Try each queue to wake up at least one waiter (Ming Lei) [RHEL-81758] - wait: Return number of exclusive waiters awaken (Ming Lei) [RHEL-81758] - sched/wait: Deduplicate code with do-while (Ming Lei) [RHEL-81758] - sbitmap: Advance the queue index before waking up a queue (Ming Lei) [RHEL-81758] - sbitmap: Use single per-bitmap counting to wake up queued tags (Ming Lei) [RHEL-81758] - blk-mq: Fix wrong wakeup batch configuration which will cause hang (Ming Lei) [RHEL-81758] - blk-mq: fix tag_get wait task can't be awakened (Ming Lei) [RHEL-81758] From el-errata at oss.oracle.com Fri Sep 5 03:32:18 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 04 Sep 2025 20:32:18 -0700 Subject: [El-errata] ELSA-2025-15005 Moderate: Oracle Linux 10 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15005 http://linux.oracle.com/errata/ELSA-2025-15005.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-abi-stablelists-6.12.0-55.30.1.0.1.el10_0.noarch.rpm kernel-core-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-cross-headers-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-debug-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-debug-core-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-debug-devel-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-debug-devel-matched-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-debug-modules-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-debug-modules-core-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-debug-modules-extra-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-debug-uki-virt-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-devel-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-devel-matched-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-doc-6.12.0-55.30.1.0.1.el10_0.noarch.rpm kernel-headers-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-modules-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-modules-core-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-modules-extra-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-tools-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-tools-libs-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-tools-libs-devel-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-uki-virt-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm kernel-uki-virt-addons-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm libperf-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm perf-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm python3-perf-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm rtla-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm rv-6.12.0-55.30.1.0.1.el10_0.x86_64.rpm aarch64: kernel-cross-headers-6.12.0-55.30.1.0.1.el10_0.aarch64.rpm kernel-headers-6.12.0-55.30.1.0.1.el10_0.aarch64.rpm kernel-tools-6.12.0-55.30.1.0.1.el10_0.aarch64.rpm kernel-tools-libs-6.12.0-55.30.1.0.1.el10_0.aarch64.rpm kernel-tools-libs-devel-6.12.0-55.30.1.0.1.el10_0.aarch64.rpm libperf-6.12.0-55.30.1.0.1.el10_0.aarch64.rpm perf-6.12.0-55.30.1.0.1.el10_0.aarch64.rpm python3-perf-6.12.0-55.30.1.0.1.el10_0.aarch64.rpm rtla-6.12.0-55.30.1.0.1.el10_0.aarch64.rpm rv-6.12.0-55.30.1.0.1.el10_0.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-55.30.1.0.1.el10_0.src.rpm Related CVEs: CVE-2025-22058 CVE-2025-37823 CVE-2025-38211 CVE-2025-38220 CVE-2025-38461 CVE-2025-38464 CVE-2025-38472 Description of changes: [6.12.0-55.30.1.0.1] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Update module name for cryptographic module [Orabug: 37400433] [6.12.0-55.30.1.el10_0] - tipc: Fix use-after-free in tipc_conn_close(). - CVE-2025-38464 - Bump internal version to 55.30.1 - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too - CVE-2025-37823 - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs - s390/pci: Fix handling of isolated VFs - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() - s390/pci: Fix SR-IOV for PFs initially in standby - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction - CVE-2025-38211 - udp: Fix memory accounting leak. - CVE-2025-22058 - udp: Fix multiple wraparounds of sk->sk_rmem_alloc. - ext4: only dirty folios when data journaling regular files - CVE-2025-38220 - vsock: Fix transport_* TOCTOU - CVE-2025-38461 - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry - CVE-2025-38472 From el-errata at oss.oracle.com Tue Sep 9 09:54:12 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 9 Sep 2025 13:54:12 +0400 Subject: [El-errata] New Ksplice updates for RHCK 9 (ELSA-2025-15011) Message-ID: Synopsis: ELSA-2025-15011 can now be patched using Ksplice CVEs: CVE-2025-37798 CVE-2025-37823 CVE-2025-37953 CVE-2025-38107 CVE-2025-38211 CVE-2025-38350 CVE-2025-38457 CVE-2025-38461 CVE-2025-38464 CVE-2025-38500 CVE-2025-38684 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-15011. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-15011.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2025-37798: Use-after-free in Fair Queue Controlled Delay (CODEL) driver. * CVE-2025-37823: Use-after-free in Hierarchical Fair Service Curve (HFSC) driver. * CVE-2025-37953: Null pointer dereference in Hierarchical Token Bucket (HTB) driver. * CVE-2025-38107: Integer overflow in Enhanced transmission selection scheduler (ETS). * CVE-2025-38211: Use-after-free in InfiniBand driver. * CVE-2025-38457: Null pointer dereference in QoS and/or fair queueing driver. * CVE-2025-38461: Denial-of-service in Virtual Socket protocol driver. * CVE-2025-38464: Use-after-free in TIPC Protocol driver. * CVE-2025-38500: Use-after-free in Transformation virtual interface driver. * CVE-2025-38684, CVE-2025-38350: Use-after-free in Packet Scheduler subsystem. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Tue Sep 9 11:58:05 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:05 -0700 Subject: [El-errata] ELBA-2025-20550 Oracle Linux 7 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20550 http://linux.oracle.com/errata/ELBA-2025-20550.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.43.el7.noarch.rpm iwl100-firmware-39.31.5.1-999.43.el7.noarch.rpm iwl105-firmware-18.168.6.1-999.43.el7.noarch.rpm iwl135-firmware-18.168.6.1-999.43.el7.noarch.rpm iwl2000-firmware-18.168.6.1-999.43.el7.noarch.rpm iwl2030-firmware-18.168.6.1-999.43.el7.noarch.rpm iwl3160-firmware-22.0.7.0-999.43.el7.noarch.rpm iwl3945-firmware-15.32.2.9-999.43.el7.noarch.rpm iwl4965-firmware-228.61.2.24-999.43.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.43.el7.noarch.rpm iwl5150-firmware-8.24.2.2-999.43.el7.noarch.rpm iwl6000-firmware-9.221.4.1-999.43.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-999.43.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-999.43.el7.noarch.rpm iwl6050-firmware-41.28.5.1-999.43.el7.noarch.rpm iwl7260-firmware-22.0.7.0-999.43.el7.noarch.rpm iwlax2xx-firmware-20250828-999.43.el7.noarch.rpm linux-firmware-20250828-999.43.git260ff424.el7.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/linux-firmware-20250828-999.43.git260ff424.el7.src.rpm Description of changes: [20250828-999.43.git260ff424.el7] - Rebase to latest upstream [Orabug: 38200684] - Solve conflicts caused by symbolic link changes [Orabug: 38206139] [20250826-999.42.git356f06bf.el7] - Handling downgrade issue for Nvidia firmware changes [Orabug: 38303112] [20250611-999.41.git356f06bf.el7] - Rebase to latest upstream [Orabug: 38028345] [20250423-999.40.git32f3227b.el7] - Rebase to latest upstream [Orabug: 37868435] [20250319-999.39.git430633ec.el7] - Rebase to latest upstream [Orabug: 37729115] [20250203-999.38.git0fd450ee.el7] - Rebase to latest upstream [Orabug: 37535629] [20241213-999.36.git2cdfe09e.el7] - Rebase to latest upstream [Orabug: 37405529] From el-errata at oss.oracle.com Tue Sep 9 11:58:13 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:13 -0700 Subject: [El-errata] ELBA-2025-8412 Oracle Linux 8 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-8412 http://linux.oracle.com/errata/ELBA-2025-8412.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.43.el8.noarch.rpm iwl100-firmware-39.31.5.1-999.43.el8.noarch.rpm iwl105-firmware-18.168.6.1-999.43.el8.noarch.rpm iwl135-firmware-18.168.6.1-999.43.el8.noarch.rpm iwl2000-firmware-18.168.6.1-999.43.el8.noarch.rpm iwl2030-firmware-18.168.6.1-999.43.el8.noarch.rpm iwl3160-firmware-25.30.13.0-999.43.el8.noarch.rpm iwl3945-firmware-15.32.2.9-999.43.el8.noarch.rpm iwl4965-firmware-228.61.2.24-999.43.el8.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.43.el8.noarch.rpm iwl5150-firmware-8.24.2.2-999.43.el8.noarch.rpm iwl6000-firmware-9.221.4.1-999.43.el8.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.43.el8.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.43.el8.noarch.rpm iwl6050-firmware-41.28.5.1-999.43.el8.noarch.rpm iwl7260-firmware-25.30.13.0-999.43.el8.noarch.rpm iwlax2xx-firmware-20250828-999.43.el8.noarch.rpm libertas-sd8686-firmware-20250828-999.43.git260ff424.el8.noarch.rpm libertas-sd8787-firmware-20250828-999.43.git260ff424.el8.noarch.rpm libertas-usb8388-firmware-20250828-999.43.git260ff424.el8.noarch.rpm libertas-usb8388-olpc-firmware-20250828-999.43.git260ff424.el8.noarch.rpm linux-firmware-20250828-999.43.git260ff424.el8.noarch.rpm linux-firmware-core-20250828-999.43.git260ff424.el8.noarch.rpm aarch64: iwl1000-firmware-39.31.5.1-999.43.el8.noarch.rpm iwl100-firmware-39.31.5.1-999.43.el8.noarch.rpm iwl105-firmware-18.168.6.1-999.43.el8.noarch.rpm iwl135-firmware-18.168.6.1-999.43.el8.noarch.rpm iwl2000-firmware-18.168.6.1-999.43.el8.noarch.rpm iwl2030-firmware-18.168.6.1-999.43.el8.noarch.rpm iwl3160-firmware-25.30.13.0-999.43.el8.noarch.rpm iwl3945-firmware-15.32.2.9-999.43.el8.noarch.rpm iwl4965-firmware-228.61.2.24-999.43.el8.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.43.el8.noarch.rpm iwl5150-firmware-8.24.2.2-999.43.el8.noarch.rpm iwl6000-firmware-9.221.4.1-999.43.el8.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.43.el8.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.43.el8.noarch.rpm iwl6050-firmware-41.28.5.1-999.43.el8.noarch.rpm iwl7260-firmware-25.30.13.0-999.43.el8.noarch.rpm iwlax2xx-firmware-20250828-999.43.el8.noarch.rpm libertas-sd8686-firmware-20250828-999.43.git260ff424.el8.noarch.rpm libertas-sd8787-firmware-20250828-999.43.git260ff424.el8.noarch.rpm libertas-usb8388-firmware-20250828-999.43.git260ff424.el8.noarch.rpm libertas-usb8388-olpc-firmware-20250828-999.43.git260ff424.el8.noarch.rpm linux-firmware-20250828-999.43.git260ff424.el8.noarch.rpm linux-firmware-core-20250828-999.43.git260ff424.el8.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/linux-firmware-20250828-999.43.git260ff424.el8.src.rpm Description of changes: [20250828-999.43.git260ff424.el8] - Rebase to latest upstream [Orabug: 38200684] - Solve conflicts caused by symbolic link changes [Orabug: 38206139] From el-errata at oss.oracle.com Tue Sep 9 11:58:12 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:12 -0700 Subject: [El-errata] ELBA-2025-20548 Oracle Linux 8 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20548 http://linux.oracle.com/errata/ELBA-2025-20548.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.42.el8.noarch.rpm iwl100-firmware-39.31.5.1-999.42.el8.noarch.rpm iwl105-firmware-18.168.6.1-999.42.el8.noarch.rpm iwl135-firmware-18.168.6.1-999.42.el8.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.el8.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.el8.noarch.rpm iwl3160-firmware-25.30.13.0-999.42.el8.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.el8.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.el8.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.el8.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.el8.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.el8.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.42.el8.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.42.el8.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.el8.noarch.rpm iwl7260-firmware-25.30.13.0-999.42.el8.noarch.rpm iwlax2xx-firmware-20250826-999.42.el8.noarch.rpm libertas-sd8686-firmware-20250826-999.42.git356f06bf.el8.noarch.rpm libertas-sd8787-firmware-20250826-999.42.git356f06bf.el8.noarch.rpm libertas-usb8388-firmware-20250826-999.42.git356f06bf.el8.noarch.rpm libertas-usb8388-olpc-firmware-20250826-999.42.git356f06bf.el8.noarch.rpm linux-firmware-20250826-999.42.git356f06bf.el8.noarch.rpm linux-firmware-core-20250826-999.42.git356f06bf.el8.noarch.rpm aarch64: iwl1000-firmware-39.31.5.1-999.42.el8.noarch.rpm iwl100-firmware-39.31.5.1-999.42.el8.noarch.rpm iwl105-firmware-18.168.6.1-999.42.el8.noarch.rpm iwl135-firmware-18.168.6.1-999.42.el8.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.el8.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.el8.noarch.rpm iwl3160-firmware-25.30.13.0-999.42.el8.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.el8.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.el8.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.el8.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.el8.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.el8.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.42.el8.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.42.el8.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.el8.noarch.rpm iwl7260-firmware-25.30.13.0-999.42.el8.noarch.rpm iwlax2xx-firmware-20250826-999.42.el8.noarch.rpm libertas-sd8686-firmware-20250826-999.42.git356f06bf.el8.noarch.rpm libertas-sd8787-firmware-20250826-999.42.git356f06bf.el8.noarch.rpm libertas-usb8388-firmware-20250826-999.42.git356f06bf.el8.noarch.rpm libertas-usb8388-olpc-firmware-20250826-999.42.git356f06bf.el8.noarch.rpm linux-firmware-20250826-999.42.git356f06bf.el8.noarch.rpm linux-firmware-core-20250826-999.42.git356f06bf.el8.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/linux-firmware-20250826-999.42.git356f06bf.el8.src.rpm Description of changes: [20250826-999.42.git356f06bf.el8] - Handling downgrade issue for Nvidia firmware changes [Orabug: 38303112] From el-errata at oss.oracle.com Tue Sep 9 11:58:30 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:30 -0700 Subject: [El-errata] ELBA-2025-10697 Oracle Linux 9 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-10697 http://linux.oracle.com/errata/ELBA-2025-10697.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.43.el9.noarch.rpm iwl100-firmware-39.31.5.1-999.43.el9.noarch.rpm iwl105-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl135-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl2000-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl2030-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl3160-firmware-25.30.13.0-999.43.el9.noarch.rpm iwl3945-firmware-15.32.2.9-999.43.el9.noarch.rpm iwl4965-firmware-228.61.2.24-999.43.el9.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.43.el9.noarch.rpm iwl5150-firmware-8.24.2.2-999.43.el9.noarch.rpm iwl6000-firmware-9.221.4.1-999.43.el9.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl6050-firmware-41.28.5.1-999.43.el9.noarch.rpm iwl7260-firmware-25.30.13.0-999.43.el9.noarch.rpm iwlax2xx-firmware-20250828-999.43.el9.noarch.rpm libertas-sd8686-firmware-20250828-999.43.git260ff424.el9.noarch.rpm libertas-sd8787-firmware-20250828-999.43.git260ff424.el9.noarch.rpm libertas-usb8388-firmware-20250828-999.43.git260ff424.el9.noarch.rpm libertas-usb8388-olpc-firmware-20250828-999.43.git260ff424.el9.noarch.rpm linux-firmware-20250828-999.43.git260ff424.el9.noarch.rpm linux-firmware-core-20250828-999.43.git260ff424.el9.noarch.rpm linux-firmware-whence-20250828-999.43.git260ff424.el9.noarch.rpm liquidio-firmware-20250828-999.43.git260ff424.el9.noarch.rpm netronome-firmware-20250828-999.43.git260ff424.el9.noarch.rpm aarch64: iwl1000-firmware-39.31.5.1-999.43.el9.noarch.rpm iwl100-firmware-39.31.5.1-999.43.el9.noarch.rpm iwl105-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl135-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl2000-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl2030-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl3160-firmware-25.30.13.0-999.43.el9.noarch.rpm iwl3945-firmware-15.32.2.9-999.43.el9.noarch.rpm iwl4965-firmware-228.61.2.24-999.43.el9.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.43.el9.noarch.rpm iwl5150-firmware-8.24.2.2-999.43.el9.noarch.rpm iwl6000-firmware-9.221.4.1-999.43.el9.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl6050-firmware-41.28.5.1-999.43.el9.noarch.rpm iwl7260-firmware-25.30.13.0-999.43.el9.noarch.rpm iwlax2xx-firmware-20250828-999.43.el9.noarch.rpm libertas-sd8686-firmware-20250828-999.43.git260ff424.el9.noarch.rpm libertas-sd8787-firmware-20250828-999.43.git260ff424.el9.noarch.rpm libertas-usb8388-firmware-20250828-999.43.git260ff424.el9.noarch.rpm libertas-usb8388-olpc-firmware-20250828-999.43.git260ff424.el9.noarch.rpm linux-firmware-20250828-999.43.git260ff424.el9.noarch.rpm linux-firmware-core-20250828-999.43.git260ff424.el9.noarch.rpm linux-firmware-whence-20250828-999.43.git260ff424.el9.noarch.rpm liquidio-firmware-20250828-999.43.git260ff424.el9.noarch.rpm netronome-firmware-20250828-999.43.git260ff424.el9.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/linux-firmware-20250828-999.43.git260ff424.el9.src.rpm Description of changes: [20250828-999.43.git260ff424.el9] - Rebase to latest upstream [Orabug: 38200684] - Solve conflicts caused by symbolic link changes [Orabug: 38206139] From el-errata at oss.oracle.com Tue Sep 9 11:58:27 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:27 -0700 Subject: [El-errata] ELBA-2025-20547 Oracle Linux 9 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20547 http://linux.oracle.com/errata/ELBA-2025-20547.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.42.el9.noarch.rpm iwl100-firmware-39.31.5.1-999.42.el9.noarch.rpm iwl105-firmware-18.168.6.1-999.42.el9.noarch.rpm iwl135-firmware-18.168.6.1-999.42.el9.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.el9.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.el9.noarch.rpm iwl3160-firmware-25.30.13.0-999.42.el9.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.el9.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.el9.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.el9.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.el9.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.el9.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.42.el9.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.42.el9.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.el9.noarch.rpm iwl7260-firmware-25.30.13.0-999.42.el9.noarch.rpm iwlax2xx-firmware-20250826-999.42.el9.noarch.rpm libertas-sd8686-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm libertas-sd8787-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm libertas-usb8388-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm libertas-usb8388-olpc-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm linux-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm linux-firmware-core-20250826-999.42.git356f06bf.el9.noarch.rpm linux-firmware-whence-20250826-999.42.git356f06bf.el9.noarch.rpm liquidio-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm netronome-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm aarch64: iwl1000-firmware-39.31.5.1-999.42.el9.noarch.rpm iwl100-firmware-39.31.5.1-999.42.el9.noarch.rpm iwl105-firmware-18.168.6.1-999.42.el9.noarch.rpm iwl135-firmware-18.168.6.1-999.42.el9.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.el9.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.el9.noarch.rpm iwl3160-firmware-25.30.13.0-999.42.el9.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.el9.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.el9.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.el9.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.el9.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.el9.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.42.el9.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.42.el9.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.el9.noarch.rpm iwl7260-firmware-25.30.13.0-999.42.el9.noarch.rpm iwlax2xx-firmware-20250826-999.42.el9.noarch.rpm libertas-sd8686-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm libertas-sd8787-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm libertas-usb8388-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm libertas-usb8388-olpc-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm linux-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm linux-firmware-core-20250826-999.42.git356f06bf.el9.noarch.rpm linux-firmware-whence-20250826-999.42.git356f06bf.el9.noarch.rpm liquidio-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm netronome-firmware-20250826-999.42.git356f06bf.el9.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/linux-firmware-20250826-999.42.git356f06bf.el9.src.rpm Description of changes: [20250826-999.42.git356f06bf.el9] - Handling downgrade issue for Nvidia firmware changes [Orabug: 38303112] From el-errata at oss.oracle.com Tue Sep 9 11:58:28 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:28 -0700 Subject: [El-errata] ELSA-2025-20552 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20552 http://linux.oracle.com/errata/ELSA-2025-20552.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.15.0-312.187.5.el9uek.aarch64.rpm bpftool-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-container-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-core-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-312.187.5.el9uek.noarch.rpm kernel-uek-modules-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek64k-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek64k-core-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek64k-devel-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek64k-modules-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek64k-modules-extra-5.15.0-312.187.5.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-312.187.5.el9uek.src.rpm Related CVEs: CVE-2024-26726 CVE-2024-57883 CVE-2025-37948 CVE-2025-37958 CVE-2025-37963 CVE-2025-38000 CVE-2025-38001 CVE-2025-38003 CVE-2025-38004 CVE-2025-38034 CVE-2025-38035 CVE-2025-38037 CVE-2025-38043 CVE-2025-38044 CVE-2025-38048 CVE-2025-38051 CVE-2025-38052 CVE-2025-38058 CVE-2025-38061 CVE-2025-38065 CVE-2025-38066 CVE-2025-38068 CVE-2025-38072 CVE-2025-38075 CVE-2025-38077 CVE-2025-38078 CVE-2025-38079 CVE-2025-38083 CVE-2025-38084 CVE-2025-38085 CVE-2025-38086 CVE-2025-38088 CVE-2025-38090 CVE-2025-38094 CVE-2025-38100 CVE-2025-38102 CVE-2025-38103 CVE-2025-38107 CVE-2025-38108 CVE-2025-38111 CVE-2025-38112 CVE-2025-38115 CVE-2025-38119 CVE-2025-38120 CVE-2025-38122 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38143 CVE-2025-38145 CVE-2025-38146 CVE-2025-38147 CVE-2025-38153 CVE-2025-38154 CVE-2025-38157 CVE-2025-38159 CVE-2025-38160 CVE-2025-38161 CVE-2025-38163 CVE-2025-38167 CVE-2025-38173 CVE-2025-38174 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38193 CVE-2025-38194 CVE-2025-38197 CVE-2025-38200 CVE-2025-38203 CVE-2025-38204 CVE-2025-38206 CVE-2025-38211 CVE-2025-38212 CVE-2025-38214 CVE-2025-38218 CVE-2025-38219 CVE-2025-38222 CVE-2025-38226 CVE-2025-38227 CVE-2025-38229 CVE-2025-38230 CVE-2025-38231 CVE-2025-38237 CVE-2025-38245 CVE-2025-38249 CVE-2025-38251 CVE-2025-38257 CVE-2025-38262 CVE-2025-38263 CVE-2025-38273 CVE-2025-38280 CVE-2025-38285 CVE-2025-38286 CVE-2025-38293 CVE-2025-38298 CVE-2025-38305 CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38319 CVE-2025-38320 CVE-2025-38323 CVE-2025-38324 CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38336 CVE-2025-38337 CVE-2025-38342 CVE-2025-38344 CVE-2025-38345 CVE-2025-38346 CVE-2025-38348 CVE-2025-38350 CVE-2025-38352 CVE-2025-38362 CVE-2025-38363 CVE-2025-38371 CVE-2025-38377 CVE-2025-38380 CVE-2025-38384 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38391 CVE-2025-38393 CVE-2025-38395 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38403 CVE-2025-38404 CVE-2025-38406 CVE-2025-38410 CVE-2025-38412 CVE-2025-38415 CVE-2025-38416 CVE-2025-38418 CVE-2025-38419 CVE-2025-38420 CVE-2025-38424 CVE-2025-38428 CVE-2025-38430 CVE-2025-38498 Description of changes: [5.15.0-312.187.5.el9uek] - Revert "mm: hugetlb: independent PMD page table shared count" (Harshit Mogalapalli) [Orabug: 38327655] [5.15.0-312.187.4.el9uek] - rds: Fix NULL ptr deref in xas_start (H?kon Bugge) [Orabug: 38166374] - KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38319943] - hugetlb: arm64: add mte support (Dave Kleikamp) [Orabug: 38177800] [5.15.0-312.187.3.el9uek] - TIOCSTI: Document CAP_SYS_ADMIN behaviour in Kconfig (G?nther Noack) [Orabug: 38255504] - TIOCSTI: always enable for CAP_SYS_ADMIN (Samuel Thibault) [Orabug: 38255504] - tty: Fix typo in LEGACY_TIOCSTI Kconfig description (Hanno B?ck) [Orabug: 38255504] - tty: Move TIOCSTI toggle variable before kerndoc (Kees Cook) [Orabug: 38255504] - tty: Allow TIOCSTI to be disabled (Kees Cook) [Orabug: 38255504] - tty: Move sysctl setup into "core" tty logic (Kees Cook) [Orabug: 38255504] - tty: reformat kernel-doc in tty_io.c (Jiri Slaby) [Orabug: 38255504] - tty: reformat kernel-doc in tty_ldisc.c (Jiri Slaby) [Orabug: 38255504] - net/mlx5: E-Switch, Fix switching to switchdev mode in MPV (Patrisious Haddad) [Orabug: 38236297] - net/mlx5: E-Switch, Fix switching to switchdev mode with IB device disabled (Patrisious Haddad) [Orabug: 38236297] - net/mlx5: E-switch, refactor eswitch mode change (Patrisious Haddad) [Orabug: 38236297] - IB/mlx5: Support querying eswitch functions from DEVX (Bodong Wang) [Orabug: 38236297] - RDMA/mlx5: Fix HW counters query for non-representor devices (Patrisious Haddad) [Orabug: 38161800] - RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad) [Orabug: 38161800] - Revert "RDMA/mlx5: Fix CC counters query for MPV" (Qing Huang) [Orabug: 38161800] - RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad) [Orabug: 38118599] [5.15.0-312.187.2.el9uek] - EDAC: Octeon: Fix compile error by replacing sdei_init() with acpi_sdei_init() (Vijayendra Suman) [Orabug: 38294908] - LTS version: v5.15.187 (Vijayendra Suman) - usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38309912] {CVE-2025-38404} - platform/x86: think-lmi: Create ksets consecutively (Kurt Borja) - Logitech C-270 even more broken (Oliver Neukum) - i2c/designware: Fix an initialization issue (Michael J. Ruhl) [Orabug: 38253850] {CVE-2025-38380} - usb: cdnsp: do not disable slot for disabled slot (Peter Chen) - xhci: dbc: Flush queued requests before stopping dbc (Mathias Nyman) - xhci: dbctty: disable ECHO flag by default (?ukasz Bartosik) - platform/x86: dell-wmi-sysman: Fix class device unregistration (Kurt Borja) - platform/x86: think-lmi: Fix class device unregistration (Kurt Borja) - dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai) - net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats (Ioana Ciornei) - dpaa2-eth: Update SINGLE_STEP register access (Radu Bulie) - dpaa2-eth: Update dpni_get_single_step_cfg command (Radu Bulie) - ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier) - NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust) - drm/v3d: Disable interrupts before resetting the GPU (Ma?ra Canal) [Orabug: 38253820] {CVE-2025-38371} - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253906] {CVE-2025-38395} - regulator: gpio: Add input_supply support in gpio_regulator_config (Jerome Neanne) - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (Avri Altman) - rcu: Return early if callback is not specified (Uladzislau Rezki) - mtd: spinand: fix memory leak of ECC engine conf (Pablo Martin-Gomez) [Orabug: 38253863] {CVE-2025-38384} - ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253874] {CVE-2025-38386} - wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253945] {CVE-2025-38406} - wifi: mac80211: drop invalid source address OCB frames (Johannes Berg) - scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (Maurizio Lombardi) [Orabug: 38253914] {CVE-2025-38399} - powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan) - ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg) - ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai) - ALSA: sb: Don't allow changing the DMA mode during operations (Takashi Iwai) - drm/msm: Fix a fence leak in submit error path (Rob Clark) [Orabug: 38253967] {CVE-2025-38410} - nui: Fix dma_mapping_error() check (Thomas Fourier) - rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju) [Orabug: 38253841] {CVE-2025-38377} - enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari) - amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju) - lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter) - igc: disable L1.2 PCI-E link substate to avoid performance issue (Vitaly Lifshits) - drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253886] {CVE-2025-38389} - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (Kurt Borja) [Orabug: 38253976] {CVE-2025-38412} - drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter) - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark) - drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski) - btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana) - scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche) - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier) - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (Thomas Fourier) - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (Benjamin Coddington) [Orabug: 38253900] {CVE-2025-38393} - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253922] {CVE-2025-38400} - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253880] {CVE-2025-38387} - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson) - mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky) - mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu) [Orabug: 38253927] {CVE-2025-38401} - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu) - usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253893] {CVE-2025-38391} - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih) - vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253936] {CVE-2025-38403} - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (Mateusz Jo?czyk) - ARM: 9354/1: ptrace: Use bitfield helpers (Geert Uytterhoeven) - btrfs: don't drop extent_map for free space inode on write error (Josef Bacik) [Orabug: 36530624] {CVE-2024-26726} - arm64: Restrict pagetable teardown to avoid false warning (Dev Jain) - s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS (Nathan Chancellor) - s390/entry: Fix last breaking event handling in case of stack corruption (Heiko Carstens) - media: uvcvideo: Rollback non processed entities on error (Ricardo Ribalda) - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (Dexuan Cui) - drm/amd/display: Add null pointer check for get_first_active_display() (Xu Wang) [Orabug: 38253794] {CVE-2025-38362} - drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready (Aradhya Bhatia) - drm/bridge: cdns-dsi: Check return value when getting default PHY config (Aradhya Bhatia) - drm/bridge: cdns-dsi: Fix connecting to next bridge (Aradhya Bhatia) - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (Aradhya Bhatia) - drm/amdkfd: Fix race in GWS queue scheduling (Jay Cornwall) - drm/udl: Unregister device before cleaning up on disconnect (Thomas Zimmermann) - drm/tegra: Fix a possible null pointer dereference (Qiu-Ji Chen) [Orabug: 38253800] {CVE-2025-38363} - drm/tegra: Assign plane type before registration (Thierry Reding) - HID: wacom: fix kobject reference count leak (Qasim Ijaz) - HID: wacom: fix memory leak on sysfs attribute creation failure (Qasim Ijaz) - HID: wacom: fix memory leak on kobject creation failure (Qasim Ijaz) - btrfs: update superblock's device bytes_used when dropping chunk (Mark Harmstone) - dm-raid: fix variable in journal device check (Heinz Mauelshagen) - Bluetooth: L2CAP: Fix L2CAP MTU negotiation (Fr?d?ric Danis) - dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive (Yao Zi) - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (Nathan Chancellor) - net: selftests: fix TCP packet checksum (Jakub Kicinski) - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug: 38175043] {CVE-2025-38245} - net: enetc: Correct endianness handling in _enetc_rd_reg64 (Simon Horman) - um: ubd: Add missing error check in start_io_thread() (Tiwei Bie) - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors (Stefano Garzarella) - af_unix: Don't set -ECONNRESET for consumed OOB skb. (Kuniyuki Iwashima) - wifi: mac80211: fix beacon interval calculation overflow (Lachlan Hodges) - libbpf: Fix null pointer dereference in btf_dump__free on allocation failure (Yuan Chen) - attach_recursive_mnt(): do not lock the covering tree when sliding something under it (Al Viro) - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug: 38175063] {CVE-2025-38249} - atm: clip: prevent NULL deref in clip_push() (Eric Dumazet) [Orabug: 38175077] {CVE-2025-38251} - s390/pkey: Prevent overflow in size calculation for memdup_user() (Fedor Pchelkin) [Orabug: 38175091] {CVE-2025-38257} - i2c: robotfuzz-osif: disable zero-length read messages (Wolfram Sang) - i2c: tiny-usb: disable zero-length read messages (Wolfram Sang) - platform/x86: ideapad-laptop: use usleep_range() for EC polling (Rongrong) - dummycon: Trigger redraw when switching consoles with deferred takeover (Thomas Zimmermann) - tty: vt: make consw::con_switch() return a bool (Jiri Slaby) - tty: vt: sanitize arguments of consw::con_clear() (Jiri Slaby) - tty: vt: make init parameter of consw::con_init() a bool (Jiri Slaby) - vgacon: remove unneeded forward declarations (Jiri Slaby) - vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen() (Jiri Slaby) - tty/vt: consolemap: rename and document struct uni_pagedir (Jiri Slaby) - fbcon: delete a few unneeded forward decl (Daniel Vetter) - uio_hv_generic: Align ring size to system page (Long Li) - uio_hv_generic: Query the ringbuffer size for device (Saurabh Singh Sengar) - Drivers: hv: vmbus: Add utility function for querying ring size (Saurabh Singh Sengar) - Drivers: hv: Rename 'alloced' to 'allocated' (Vitaly Kuznetsov) - f2fs: don't over-report free space or inodes in statvfs (Chao Yu) - media: imx-jpeg: Drop the first error frames (Ming Qian) - clk: ti: am43xx: Add clkctrl data for am43xx ADC1 (Miquel Raynal) - media: omap3isp: use sgtable-based scatterlist wrappers (Marek Szyprowski) - media: davinci: vpif: Fix memory leak in probe error path (Dmitry Nikiforov) - jfs: validate AG parameters in dbMount() to prevent crashes (Vasiliy Kovalev) [Orabug: 38158700] {CVE-2025-38230} - fs/jfs: consolidate sanity checking in dbMount (Dave Kleikamp) - ovl: Check for NULL d_inode() in ovl_dentry_upper() (Kees Cook) - ceph: fix possible integer overflow in ceph_zero_objects() (Dmitry Kandybka) - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (Mario Limonciello) - ALSA: hda: Add new pci id for AMD GPU display HD audio controller (Vijendar Mukunda) - ALSA: hda: Ignore unsol events for cards being shut down (Cezary Rojewski) - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (Jos Wang) - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (Robert Hodaszi) - usb: Add checks for snprintf() calls in usb_alloc_dev() (Andy Shevchenko) - usb: common: usb-conn-gpio: use a unique name for usb connector device (Chance Yang) - tty: serial: uartlite: register uart driver in init (Jakub Lewalski) [Orabug: 38175113] {CVE-2025-38262} - usb: potential integer overflow in usbg_make_tpg() (Chen Yufeng) - usb: dwc2: also exit clock_gating when stopping udc while suspended (Michael Grzeschik) - coresight: Only check bottom two claim bits (James Clark) - um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h (Sami Tolvanen) - iio: pressure: zpa2326: Use aligned_s64 for the timestamp (Jonathan Cameron) - bcache: fix NULL pointer in cache_set_flush() (Linggang Zeng) [Orabug: 38175119] {CVE-2025-38263} - md/md-bitmap: fix dm-raid max_write_behind setting (Yu Kuai) - dmaengine: xilinx_dma: Set dma_device directions (Thomas Gessler) - ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension (Namjae Jeon) - hwmon: (pmbus/max34440) Fix support for max34451 (Alexis Czezar Torreno) - leds: multicolor: Fix intensity setting while SW blinking (Sven Schwermer) - mfd: max14577: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski) - mailbox: Not protect module_put with spin_lock_irqsave (Peng Fan) - NFSv4.2: fix listxattr to return selinux security label (Olga Kornievskaia) - NFSv4: Always set NLINK even if the server doesn't support it (Han Young) - cifs: Fix cifs_query_path_info() for Windows NT servers (Pali Roh?r) - LTS version: v5.15.186 (Vijayendra Suman) - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (Kees Cook) - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (Vitaliy Shevtsov) - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() (Tengda Wu) [Orabug: 38180595] {CVE-2025-38320} - perf: Fix sample vs do_exit() (Peter Zijlstra) [Orabug: 38254029] {CVE-2025-38424} - s390/pci: Fix __pcilg_mio_inuser() inline assembly (Heiko Carstens) - bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE (Paul Chaignon) - net: Fix checksum update for ILA adj-transport (Paul Chaignon) - ext4: avoid remount errors with 'abort' mount option (Jan Kara) - ext4: make 'abort' mount option handling standard (Jan Kara) - mm/huge_memory: fix dereferencing invalid pmd migration entry (Gavin Guo) [Orabug: 37976983] {CVE-2025-37958} - net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158476] {CVE-2025-38193} - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (James Morse) - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (James Morse) [Orabug: 37977005] {CVE-2025-37963} - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (James Morse) [Orabug: 37976929] {CVE-2025-37948} - arm64: spectre: increase parameters that can be used to turn off bhb mitigation individually (Liu Song) - arm64: proton-pack: Expose whether the branchy loop k value (James Morse) - arm64: proton-pack: Expose whether the platform is mitigated by firmware (James Morse) - arm64: insn: Add support for encoding DSB (James Morse) - arm64: insn: add encoders for atomic operations (Hou Tao) - arm64: move AARCH64_BREAK_FAULT into insn-def.h (Hou Tao) - serial: sh-sci: Increment the runtime usage counter for the earlycon device (Claudiu Beznea) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms (Geert Uytterhoeven) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert time (Colin Foster) - ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board (Shengyu Qu) - net: atm: fix /proc/net/atm/lec handling (Eric Dumazet) [Orabug: 38158405] {CVE-2025-38180} - net: atm: add lec_mutex (Eric Dumazet) [Orabug: 38180611] {CVE-2025-38323} - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (Kuniyuki Iwashima) [Orabug: 38158412] {CVE-2025-38181} - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (Haixia Qu) [Orabug: 38158424] {CVE-2025-38184} - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Neal Cardwell) - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). (Kuniyuki Iwashima) [Orabug: 38158433] {CVE-2025-38185} - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). (Kuniyuki Iwashima) [Orabug: 38180617] {CVE-2025-38324} - wifi: carl9170: do not ping device which has failed to load firmware (Dmitry Antipov) [Orabug: 38254010] {CVE-2025-38420} - ptp: fix breakage after ptp_vclock_in_use() rework (Vladimir Oltean) - net: ice: Perform accurate aRFS flow match (Krishna Kumar) - aoe: clean device rq_list in aoedev_downdev() (Justin Sanders) [Orabug: 38180627] {CVE-2025-38326} - pldmfw: Select CRC32 when PLDMFW is selected (Simon Horman) - hwmon: (occ) fix unaligned accesses (Arnd Bergmann) - hwmon: (occ) Rework attribute registration for stack usage (Arnd Bergmann) - hwmon: (occ) Add soft minimum power cap attribute (Eddie James) - drm/nouveau/bl: increase buffer size to avoid truncate warning (Jacob Keller) - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (Krzysztof Kozlowski) - erofs: remove unused trace event erofs_destroy_inode (Gao Xiang) - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (Jann Horn) [Orabug: 38132180] {CVE-2025-38085} - mm: hugetlb: independent PMD page table shared count (Liu Shixin) [Orabug: 37484959] {CVE-2024-57883} - mm/hugetlb: unshare page tables during VMA split, not before (Jann Horn) [Orabug: 38132171] {CVE-2025-38084} - iio: accel: fxls8962af: Fix temperature calculation (Sean Nyekjaer) - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (Jonathan Lane) - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (Takashi Iwai) - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (Wangdicheng) - Input: sparcspkr - avoid unannotated fall-through (Yuli Wang) - block: default BLOCK_LEGACY_AUTOLOAD to y (Christoph Hellwig) - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (Terry Junge) [Orabug: 38152876] {CVE-2025-38103} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. (Kuniyuki Iwashima) [Orabug: 38158457] {CVE-2025-38190} - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (Stephen Smalley) - selftests/x86: Add a test to detect infinite SIGTRAP handler loop (Xin Li) - udmabuf: use sgtable-based scatterlist wrappers (Marek Szyprowski) - scsi: s390: zfcp: Ensure synchronous unit_add (Peter Oberparleiter) - scsi: storvsc: Increase the timeouts to storvsc_timeout (Dexuan Cui) - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (Fedor Pchelkin) [Orabug: 38180635] {CVE-2025-38328} - jffs2: check that raw node were preallocated before writing summary (Artem Sadovnikov) [Orabug: 38158483] {CVE-2025-38194} - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (Andrew Morton) [Orabug: 38137453] {CVE-2025-38090} - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (Narayana Murty N) - platform/x86: dell_rbu: Stop overwriting data buffer (Stuart Hayes) - platform/x86: dell_rbu: Fix list usage (Stuart Hayes) [Orabug: 38158494] {CVE-2025-38197} - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" (Alexander Sverdlin) - tee: Prevent size calculation wraparound on 32-bit kernels (Jann Horn) - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY (Sukrut Bellary) - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (Laurentiu Tudor) - watchdog: da9052_wdt: respect TWDMIN (Marcus Folkesson) - octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() (Xu Wang) - bpf, sockmap: Fix data lost during EAGAIN retries (Jiayuan Chen) - i40e: fix MMIO write access to an invalid page in i40e_clear_hw (Kyungwook Boo) [Orabug: 38158517] {CVE-2025-38200} - sock: Correct error checking condition for (assign|release)_proto_idx() (Zijun Hu) - scsi: lpfc: Use memcpy() for BIOS version (Daniel Wagner) [Orabug: 38180667] {CVE-2025-38332} - pinctrl: mcp23s08: Reset all pins to input at probe (Mike Looijmans) - software node: Correct a OOB check in software_node_get_reference_args() (Zijun Hu) [Orabug: 38180730] {CVE-2025-38342} - vxlan: Do not treat dst cache initialization errors as fatal (Ido Schimmel) - net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions (Yong Wang) - iommu/amd: Ensure GA log notifier callbacks finish running before module unload (Sean Christopherson) - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (Justin Tee) - libbpf: Add identical pointer detection to btf_dedup_is_equiv() (Alan Maguire) - clk: rockchip: rk3036: mark ddrphy as critical (Heiko Stuebner) - wifi: mac80211: do not offer a mesh path if forwarding is disabled (Benjamin Berg) - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info (Jason Xing) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (Gabor Juhos) - net: atlantic: generate software timestamp just before the doorbell (Jason Xing) - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT (Sebastian Andrzej Siewior) - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows (Eric Dumazet) - tcp: always seek for minimal rtt in tcp_rcv_rtt_update() (Eric Dumazet) - net: dlink: add synchronization for stats update (Moon Yeounsu) - i2c: npcm: Add clock toggle recovery (Tali Perry) - cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs (Mike Tipton) - sctp: Do not wake readers in __sctp_write_space() (Petr Malat) - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (Henk Vergonet) - emulex/benet: correct command version selection in be_cmd_get_stats() (Alok Tiwari) - i2c: designware: Invoke runtime suspend on quick slave re-registration (Tan En De) - tipc: use kfree_sensitive() for aead cleanup (Zilin Guan) - net: macb: Check return value of dma_set_mask_and_coherent() (Sergio Perez Gonzalez) - cpufreq: Force sync policy boost with global boost on sysfs update (Viresh Kumar) - thermal/drivers/qcom/tsens: Update conditions to strictly evaluate for IP v2+ (George Moussalem) - pmdomain: ti: Fix STANDBY handling of PER power domain (Sukrut Bellary) - nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults (Simon Schuster) - media: i2c: imx334: update mode_3840x2160_regs array (Shravan Chippa) - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() (Xu Wang) [Orabug: 38175013] {CVE-2025-38237} - media: tc358743: ignore video while HPD is low (Hans Verkuil) - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB (Amber Lin) - drm/msm/dpu: don't select single flush for active CTL blocks (Dmitry Baryshkov) - jfs: Fix null-ptr-deref in jfs_ioc_trim (Dylan Wolff) [Orabug: 38158545] {CVE-2025-38203} - drm/amdgpu/gfx9: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx8: fix CSIB handling (Alex Deucher) - ext4: prevent stale extent cache entries caused by concurrent get es_cache (Zhang Yi) - sunrpc: fix race in cache cleanup causing stale nextcheck time (Long Li) - media: rkvdec: Initialize the m2m context before the controls (Nicolas Dufresne) - media: ti: cal: Fix wrong goto on error path (Tomi Valkeinen) - jfs: fix array-index-out-of-bounds read in add_missing_indices (Aditya Dutt) [Orabug: 38158552] {CVE-2025-38204} - ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in ext4_ext_remove_space() (Zhang Yi) - drm/amdgpu/gfx7: fix CSIB handling (Alex Deucher) - media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition (Nas Chung) - media: ccs-pll: Better validate VT PLL branch (Sakari Ailus) - drm/amdgpu/gfx10: fix CSIB handling (Alex Deucher) - media: i2c: imx334: Fix runtime PM handling in remove function (Tarang Raval) - drm/msm/a6xx: Increase HFI response timeout (Akhil P Oommen) - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() (Srinivasan Shanmugam) - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition (Nas Chung) - drm/msm/hdmi: add runtime PM calls to DDC transfer function (Dmitry Baryshkov) - media: i2c: imx334: Enable runtime PM before sub-device registration (Tarang Raval) - drm/bridge: anx7625: change the gpiod_set_value API (Ayushi Makhija) - exfat: fix double free in delayed_free (Namjae Jeon) [Orabug: 38158566] {CVE-2025-38206} - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() (Damon Ding) - sunrpc: update nextcheck time when adding new cache entries (Long Li) - drm/amdgpu/gfx6: fix CSIB handling (Alex Deucher) - ACPI: battery: negate current when discharging (Peter Marheine) - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (Charan Teja Kalla) - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (Yuanjun Gong) - ACPICA: utilities: Fix overflow check in vsnprintf() (Philip Redkin) - power: supply: bq27xxx: Retrieve again when busy (Jerry Lv) - ACPICA: fix acpi parse and parseext cache leaks (Seunghun Han) [Orabug: 38180747] {CVE-2025-38344} - ACPI: bus: Bail out if acpi_kobj registration fails (Armin Wolf) - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (Hector Martin) - ACPICA: Avoid sequence overread in call to strncmp() (Ahmed Salem) - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (Guilherme G. Piccoli) - ACPICA: fix acpi operand cache leak in dswstate.c (Seunghun Han) [Orabug: 38180755] {CVE-2025-38345} - iio: adc: ad7606_spi: fix reg write value mask (David Lechner) - iio: imu: inv_icm42600: Fix temperature calculation (Sean Nyekjaer) - iio: accel: fxls8962af: Fix temperature scan element sign (Sean Nyekjaer) - PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() (Diederik de Haas) - PCI: Fix lock symmetry in pci_slot_unlock() (Ilpo J?rvinen) - PCI: Add ACS quirk for Loongson PCIe (Huacai Chen) - PCI: cadence-ep: Correct PBA offset in .set_msix() callback (Niklas Cassel) - uio_hv_generic: Use correct size for interrupt and monitor pages (Long Li) - remoteproc: core: Release rproc->clean_table after rproc_attach() fails (Xiaolei Wang) [Orabug: 38254002] {CVE-2025-38418} - remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (Xiaolei Wang) [Orabug: 38254006] {CVE-2025-38419} - regulator: max14577: Add error check for max14577_read_reg() (Xu Wang) - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS (Khem Raj) - staging: iio: ad5933: Correct settling cycles encoding per datasheet (Gabriel) - net: ch9200: fix uninitialised access during mii_nway_restart (Qasim Ijaz) [Orabug: 38132188] {CVE-2025-38086} - ftrace: Fix UAF when lookup kallsym after ftrace disabled (Ye Bin) [Orabug: 38180767] {CVE-2025-38346} - dm-mirror: fix a tiny race condition (Mikulas Patocka) - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (Xu Wang) - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (Xu Wang) - mm: fix ratelimit_pages update error in dirty_ratio_handler() (Jinliang Zheng) - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug: 38158591] {CVE-2025-38211} - ipc: fix to protect IPCS lookups using RCU (Jeongjun Park) [Orabug: 38158597] {CVE-2025-38212} - clk: meson-g12a: add missing fclk_div2 to spicc (Da Xue) - parisc: fix building with gcc-15 (Arnd Bergmann) - vgacon: Add check for vc_origin address range in vgacon_scroll() (Gong, Ruiqi) - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (Murad Masimov) [Orabug: 38158614] {CVE-2025-38214} - EDAC/altera: Use correct write width with the INTTEST register (Niravkumar L Rabara) - NFC: nci: uart: Set tty->disc_data only in success path (Krzysztof Kozlowski) [Orabug: 38253991] {CVE-2025-38416} - f2fs: fix to do sanity check on sit_bitmap_size (Chao Yu) [Orabug: 38158639] {CVE-2025-38218} - f2fs: prevent kernel warning due to negative i_nlink from corrupted image (Jaegeuk Kim) [Orabug: 38158647] {CVE-2025-38219} - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (Dan Carpenter) [Orabug: 38254053] {CVE-2025-38428} - ext4: ensure i_size is smaller than maxbytes (Zhang Yi) - ext4: factor out ext4_get_maxbytes() (Zhang Yi) - ext4: fix calculation of credits for extent tree modification (Jan Kara) - ext4: inline: fix len overflow in ext4_prepare_inline_data (Thadeu Lima de Souza Cascardo) [Orabug: 38158661] {CVE-2025-38222} - bus: fsl-mc: fix GET/SET_TAILDROP command ids (Wan Junjie) - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (Ioana Ciornei) - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tasos Sahanidis) [Orabug: 38180696] {CVE-2025-38336} - can: tcan4x5x: fix power regulator retrieval during probe (Brett Werling) - bus: mhi: host: Fix conflict between power_up and SYSERR (Jeffrey Hugo) - ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 (Andreas Kemnade) - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() (Ross Stutterheim) - media: uvcvideo: Fix deferred probing error (Ricardo Ribalda) - media: uvcvideo: Send control events for partial succeeds (Ricardo Ribalda) - media: uvcvideo: Return the number of processed controls (Ricardo Ribalda) - media: vivid: Change the siize of the composing (Denis Arefev) [Orabug: 38158680] {CVE-2025-38226} - media: vidtv: Terminating the subsequent process of initialization failure (Edward Adam Davis) [Orabug: 38158685] {CVE-2025-38227} - media: videobuf2: use sgtable-based scatterlist wrappers (Marek Szyprowski) - media: venus: Fix probe error handling (Loic Poulain) - media: v4l2-dev: fix error handling in __video_register_device() (Ma Ke) - media: gspca: Add error handling for stv06xx_read_sensor() (Xu Wang) - media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158691] {CVE-2025-38229} - media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case (Sakari Ailus) - media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div (Sakari Ailus) - media: ccs-pll: Start OP pre-PLL multiplier search from correct value (Sakari Ailus) - media: ccs-pll: Start VT pre-PLL multiplier search from correct value (Sakari Ailus) - media: ov8856: suppress probe deferral errors (Johan Hovold) - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (Mingcong Bai) - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (Jeongjun Park) [Orabug: 38180706] {CVE-2025-38337} - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (Li Lingfeng) [Orabug: 38158706] {CVE-2025-38231} - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (Neil Brown) [Orabug: 38254061] {CVE-2025-38430} - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (Christian Lamparter) [Orabug: 38180782] {CVE-2025-38348} - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (Xu Wang) - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (Xu Wang) - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (Gautam Menghani) - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (Martin Blumenstingl) - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (Xu Wang) - gfs2: move msleep to sleepable context (Alexander Aring) - crypto: marvell/cesa - Do not chain submitted requests (Herbert Xu) - configfs: Do not override creating attribute file failure in populate_attrs() (Zijun Hu) - xfs: allow inode inactivation during a ro mount log recovery (Darrick J. Wong) - kbuild: hdrcheck: fix cross build with clang (Arnd Bergmann) - kbuild: userprogs: fix bitsize and target detection on clang (Thomas Wei?schuh) - drm/meson: Use 1000ULL when operating with mode->clock (I Hsin Cheng) - net: usb: aqc111: debug info before sanitation (Oliver Neukum) - calipso: unlock rcu before returning -EAFNOSUPPORT (Eric Dumazet) - x86/iopl: Cure TIF_IO_BITMAP inconsistencies (Thomas Gleixner) [Orabug: 38152863] {CVE-2025-38100} - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (Stefano Stabellini) - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() (Amit Sunil Dhamne) - usb: Flush altsetting 0 endpoints before reinitializating them after reset. (Mathias Nyman) - usb: cdnsp: Fix issue with detecting USB 3.2 speed (Pawel Laszczak) - usb: cdnsp: Fix issue with detecting command completion event (Pawel Laszczak) - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152868] {CVE-2025-38102} - drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang (Nathan Chancellor) - kbuild: Add KBUILD_CPPFLAGS to as-option invocation (Nathan Chancellor) - kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS (Masahiro Yamada) - kbuild: Add CLANG_FLAGS to as-instr (Nathan Chancellor) - mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation (Nathan Chancellor) - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang (Nathan Chancellor) - kbuild: Update assembler calls to use proper flags and language target (Nick Desaulniers) - MIPS: Prefer cc-option for additions to cflags (Nathan Chancellor) - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option (Nathan Chancellor) - x86/boot/compressed: prefer cc-option for CFLAGS additions (Nick Desaulniers) - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [Orabug: 38223086] {CVE-2025-38352} - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (David Heimann) - perf: Ensure bpf_perf_link path is properly serialized (Peter Zijlstra) - nvmet-fcloop: access fcpreq only when holding reqlock (Daniel Wagner) - fs/filesystems: Fix potential unsigned integer underflow in fs_name() (Zijun Hu) - net_sched: ets: fix a race in ets_qdisc_change() (Eric Dumazet) [Orabug: 38152893] {CVE-2025-38107} - sch_ets: make est_qlen_notify() idempotent (Cong Wang) - net_sched: tbf: fix a race in tbf_change() (Eric Dumazet) - net_sched: red: fix a race in __red_change() (Eric Dumazet) [Orabug: 38152898] {CVE-2025-38108} - net_sched: prio: fix a race in prio_tune() (Eric Dumazet) [Orabug: 38105333] {CVE-2025-38083} - net/mlx5: Fix return value when searching for existing flow group (Patrisious Haddad) - net/mlx5: Ensure fw pages are always allocated on same NUMA (Moshe Shemesh) - net/mdiobus: Fix potential out-of-bounds read/write access (Jakub Raczynski) [Orabug: 38152911] {CVE-2025-38111} - net: mdio: C22 is now optional, EOPNOTSUPP if not provided (Andrew Lunn) - macsec: MACsec SCI assignment for ES = 0 (Carlos Fernandez) - net: Fix TOCTOU issue in sk_is_readable() (Michal Luczaj) [Orabug: 38152915] {CVE-2025-38112} - i40e: retry VFLR handling if there is ongoing VF reset (Robert Malz) - i40e: return false from i40e_reset_vf if reset is in progress (Robert Malz) - drm/meson: fix more rounding issues with 59.94Hz modes (Martin Blumenstingl) - drm/meson: use vclk_freq instead of pixel_freq in debug print (Martin Blumenstingl) - drm/meson: fix debug log statement when setting the HDMI clocks (Martin Blumenstingl) - drm/meson: use unsigned long long / Hz for frequency types (Martin Blumenstingl) - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (Haren Myneni) - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (Ritesh Harjani) [Orabug: 38137444] {CVE-2025-38088} - net_sched: sch_sfq: fix a potential crash on gso_skb handling (Eric Dumazet) [Orabug: 38152922] {CVE-2025-38115} - scsi: iscsi: Fix incorrect error path labels for flashnode operations (Alok Tiwari) - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (Caleb Connolly) - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (Jeongjun Park) [Orabug: 38180545] {CVE-2025-38305} - scsi: core: ufs: Fix a hang in the error handler (Sanjeev Yadav) [Orabug: 38152945] {CVE-2025-38119} - serial: sh-sci: Clean sci_ports[0] after at earlycon exit (Claudiu Beznea) - serial: sh-sci: Move runtime PM enable to sci_probe_single() (Claudiu Beznea) - serial: sh-sci: Check if TX data was written to device in .tx_empty() (Claudiu Beznea) - arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 (Judith Mendez) - arm64: dts: ti: k3-am65-main: Fix sdhci node properties (Judith Mendez) - arm64: dts: ti: k3-am65-main: Drop deprecated ti,otap-del-sel property (Nishanth Menon) - Input: synaptics-rmi - fix crash with unsupported versions of F34 (Dmitry Torokhov) - Input: synaptics-rmi4 - convert to use sysfs_emit() APIs (Zhang Songyi) - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() (Dan Carpenter) - do_change_type(): refuse to operate on unmounted/not ours mounts (Al Viro) [Orabug: 38256449] {CVE-2025-38498} - fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) (Al Viro) - seg6: Fix validation of nexthop addresses (Ido Schimmel) [Orabug: 38180555] {CVE-2025-38310} - wireguard: device: enable threaded NAPI (Mirco Barone) - netfilter: nf_set_pipapo_avx2: fix initial map fill (Florian Westphal) [Orabug: 38152957] {CVE-2025-38120} - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (Alok Tiwari) [Orabug: 38152965] {CVE-2025-38122} - vmxnet3: correctly report gso type for UDP tunnels (Ronak Doshi) - net: dsa: tag_brcm: legacy: fix pskb_may_pull length (?lvaro Fern?ndez Rojas) - ice: create new Tx scheduler nodes for new queues only (Michal Kubiak) - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (Luiz Augusto von Dentz) - spi: bcm63xx-hsspi: fix shared reset (?lvaro Fern?ndez Rojas) - spi: bcm63xx-spi: fix shared reset (?lvaro Fern?ndez Rojas) - net/mlx4_en: Prevent potential integer overflow calculating Hz (Dan Carpenter) - driver: net: ethernet: mtk_star_emac: fix suspend/resume issue (Yanqing Wang) - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (Alok Tiwari) - net: stmmac: platform: guarantee uniqueness of bus_id (Quentin Schulz) - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (Nicolas Pitre) - MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a (Yuli Wang) - iio: adc: ad7124: Fix 3dB filter frequency reading (Uwe Kleine-K?nig) - serial: Fix potential null-ptr-deref in mlb_usio_probe() (Henry Martin) [Orabug: 38153011] {CVE-2025-38135} - usb: renesas_usbhs: Reorder clock handling and power management in probe (Lad Prabhakar) [Orabug: 38153016] {CVE-2025-38136} - PCI/DPC: Initialize aer_err_info before using it (Bjorn Helgaas) - dmaengine: ti: Add NULL check in udma_probe() (Henry Martin) [Orabug: 38153029] {CVE-2025-38138} - PCI: cadence: Fix runtime atomic count underflow (Hans Zhang) - rtc: sh: assign correct interrupts with DT (Wolfram Sang) - perf record: Fix incorrect --user-regs comments (Dapeng Mi) - perf tests switch-tracking: Fix timestamp comparison (Leo Yan) - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (Alexey Gladkov) - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (Christophe Jaillet) - rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() (Dan Carpenter) - remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe (Dan Carpenter) - perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 (Adrian Hunter) - backlight: pm8941: Add NULL check in wled_configure() (Henry Martin) [Orabug: 38153050] {CVE-2025-38143} - perf ui browser hists: Set actions->thread before calling do_zoom_thread() (Arnaldo Carvalho de Melo) - perf build: Warn when libdebuginfod devel files are not available (Arnaldo Carvalho de Melo) - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180565] {CVE-2025-38312} - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153059] {CVE-2025-38145} - soc: aspeed: lpc: Fix impossible judgment condition (Su Hui) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (Quentin Schulz) - ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device (Dmitry Baryshkov) - bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180572] {CVE-2025-38313} - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (Ryusuke Konishi) - nilfs2: add pointer check for nilfs_direct_propagate() (Xu Wang) - ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery (Murad Masimov) - Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253984] {CVE-2025-38415} - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (Adam Ford) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (Adam Ford) - ARM: dts: at91: at91sam9263: fix NAND chip selects (Wolfram Sang) - ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select (Wolfram Sang) - f2fs: fix to correct check conditions in f2fs_cross_rename (Zhiguo Niu) - f2fs: use d_inode(dentry) cleanup dentry->d_inode (Zhiguo Niu) - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames (Horatiu Vultur) - net: openvswitch: Fix the dead loop of MPLS parse (Faicker Mo) [Orabug: 38153064] {CVE-2025-38146} - calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153069] {CVE-2025-38147} - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy (Thangaraj Samynathan) - bpf: Avoid __bpf_prog_ret0_warn when jit fails (Kafai Wan) [Orabug: 38180470] {CVE-2025-38280} - net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153088] {CVE-2025-38153} - netfilter: nft_tunnel: fix geneve_opt dump (Fernando Fernandez Mancera) - bpf, sockmap: Avoid using sk_socket after free when sending (Jiayuan Chen) [Orabug: 38153094] {CVE-2025-38154} - vfio/type1: Fix error unwind in migration dirty bitmap allocation (Li Rongqing) - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (Florian Westphal) - wifi: ath9k_htc: Abort software beacon handling if disabled (Toke H?iland-J?rgensen) [Orabug: 38153109] {CVE-2025-38157} - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (Alexey Kodanev) [Orabug: 38153121] {CVE-2025-38159} - s390/bpf: Store backchain even for leaf progs (Ilya Leoshkevich) - clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz (Vincent Knecht) - bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180488] {CVE-2025-38285} - pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180494] {CVE-2025-38286} - libbpf: Use proper errno value in nlattr (Anton Protopopov) - ktls, sockmap: Fix missing uncharge operation (Jiayuan Chen) - clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (Henry Martin) [Orabug: 38153131] {CVE-2025-38160} - clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs (Luca Weiss) - bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (Anton Protopopov) - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (Patrisious Haddad) [Orabug: 38153138] {CVE-2025-38161} - netfilter: nft_quota: match correctly when the quota just depleted (Zhongqiu Duan) - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (Huajian Yang) - libbpf: Use proper errno value in linker (Anton Protopopov) - f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() (Chao Yu) - f2fs: clean up w/ fscrypt_is_bounce_page() (Chao Yu) - iommu: Protect against overflow in iommu_pgsize() (Jason Gunthorpe) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (Junxian Huang) - wifi: rtw88: do not ignore hardware read error during DPK (Dmitry Antipov) - libbpf: Fix buffer overflow in bpf_object__init_prog (Viktor Malik) - net: ncsi: Fix GCPS 64-bit member variables (Hari Kalavakunta) - f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153149] {CVE-2025-38163} - bpf, sockmap: fix duplicated data transmission (Jiayuan Chen) - IB/cm: use rwlock for MAD agent lock (Jacob Moroni) - wifi: ath11k: fix node corruption in ar->arvifs list (Stone Zhang) [Orabug: 38180515] {CVE-2025-38293} - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (Huang Yiwei) - drm/tegra: rgb: Fix the unbound reference count (Biju Das) - drm/vkms: Adjust vkms_state->active_planes allocation type (Kees Cook) - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (Biju Das) - selftests/seccomp: fix syscall_restart test for arm compat (Neill Kapron) - firmware: psci: Fix refcount leak in psci_dt_init (Miaoqian Lin) - m68k: mac: Fix macintosh_config for Mac II (Finn Thain) - fs/ntfs3: handle hdr_first_de() return value (Andrey Vatoropin) [Orabug: 38153172] {CVE-2025-38167} - media: rkvdec: Fix frame size enumeration (Jonas Karlman) - drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (Charles Han) [Orabug: 38180589] {CVE-2025-38319} - spi: sh-msiof: Fix maximum DMA transfer size (Geert Uytterhoeven) - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" (Armin Wolf) - x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (Jiaqing Zhao) - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (Zijun Hu) - power: reset: at91-reset: Optimize at91_reset() (Alexander Shiyan) - EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180524] {CVE-2025-38298} - crypto: sun8i-ce - move fallback ahash_request to the end of the struct (Ovidiu Panait) - crypto: xts - Only add ecb if it is not already there (Herbert Xu) - crypto: lrw - Only add ecb if it is not already there (Herbert Xu) - crypto: marvell/cesa - Avoid empty transfer descriptor (Herbert Xu) - crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153188] {CVE-2025-38173} - x86/cpu: Sanitize CPUID(0x80000000) output (Ahmed S. Darwish) - crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions (Corentin Labbe) - perf/core: Fix broken throttling when max_samples_per_tick=1 (Qing Wang) - gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher) - thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158383] {CVE-2025-38174} - usb: usbtmc: Fix timeout value in get_stb (Dave Penkler) - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (Charles Yeh) - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (Hongyu Xie) - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (Jiayi Li) - rtc: Fix offset calculation for .start_secs < 0 (Alexandre Mergnat) - rtc: Make rtc_time64_to_tm() support dates before 1970 (Alexandre Mergnat) - pinctrl: armada-37xx: set GPIO output value before setting direction (Gabor Juhos) - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (Gabor Juhos) [5.15.0-312.185.1.el9uek] - uek-rpm: mips: Disable CONFIG_TRANSPARENT_HUGEPAGE (Dave Kleikamp) [Orabug: 38280961] - KVM: x86/MMU: Allow faulting at hugepages during dirty tracking (Joao Martins) [Orabug: 36409415] - KVM: x86/MMU: Dirty tracking without write-protection for shadow paging (Joao Martins) [Orabug: 36409415] - KVM: x86/MMU: Track rmap present pages (Joao Martins) [Orabug: 36409415] - nvme: check for valid nvme_identify_ns() before using it (Ewan D. Milne) [Orabug: 38207640] - nvme: bring back auto-removal of deleted namespaces during sequential scan (Christoph Hellwig) [Orabug: 38207640] - rds: tcp: block BH in TCP callbacks (Eric Dumazet) [Orabug: 38236843] From el-errata at oss.oracle.com Tue Sep 9 11:58:06 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:06 -0700 Subject: [El-errata] ELSA-2025-13789 Moderate: Oracle Linux 7 libxml2 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-13789 http://linux.oracle.com/errata/ELSA-2025-13789.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: libxml2-2.9.1-6.0.11.el7_9.6.i686.rpm libxml2-2.9.1-6.0.11.el7_9.6.x86_64.rpm libxml2-devel-2.9.1-6.0.11.el7_9.6.i686.rpm libxml2-devel-2.9.1-6.0.11.el7_9.6.x86_64.rpm libxml2-python-2.9.1-6.0.11.el7_9.6.x86_64.rpm libxml2-static-2.9.1-6.0.11.el7_9.6.i686.rpm libxml2-static-2.9.1-6.0.11.el7_9.6.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/libxml2-2.9.1-6.0.11.el7_9.6.src.rpm Related CVEs: CVE-2025-32415 Description of changes: [2.9.1-6.0.11.6] - Fix CVE-2025-32415: Fix heap buffer overflow [Orabug: 38310750] From el-errata at oss.oracle.com Tue Sep 9 11:58:21 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:21 -0700 Subject: [El-errata] ELSA-2025-20552 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20552 http://linux.oracle.com/errata/ELSA-2025-20552.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-5.15.0-312.187.5.el8uek.x86_64.rpm kernel-uek-5.15.0-312.187.5.el8uek.x86_64.rpm kernel-uek-core-5.15.0-312.187.5.el8uek.x86_64.rpm kernel-uek-debug-5.15.0-312.187.5.el8uek.x86_64.rpm kernel-uek-debug-core-5.15.0-312.187.5.el8uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-312.187.5.el8uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-312.187.5.el8uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-312.187.5.el8uek.x86_64.rpm kernel-uek-devel-5.15.0-312.187.5.el8uek.x86_64.rpm kernel-uek-doc-5.15.0-312.187.5.el8uek.noarch.rpm kernel-uek-modules-5.15.0-312.187.5.el8uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-312.187.5.el8uek.x86_64.rpm kernel-uek-container-5.15.0-312.187.5.el8uek.x86_64.rpm kernel-uek-container-debug-5.15.0-312.187.5.el8uek.x86_64.rpm aarch64: bpftool-5.15.0-312.187.5.el8uek.aarch64.rpm kernel-uek-5.15.0-312.187.5.el8uek.aarch64.rpm kernel-uek-core-5.15.0-312.187.5.el8uek.aarch64.rpm kernel-uek-debug-5.15.0-312.187.5.el8uek.aarch64.rpm kernel-uek-debug-core-5.15.0-312.187.5.el8uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-312.187.5.el8uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-312.187.5.el8uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-312.187.5.el8uek.aarch64.rpm kernel-uek-devel-5.15.0-312.187.5.el8uek.aarch64.rpm kernel-uek-doc-5.15.0-312.187.5.el8uek.noarch.rpm kernel-uek-modules-5.15.0-312.187.5.el8uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-312.187.5.el8uek.aarch64.rpm kernel-uek-container-5.15.0-312.187.5.el8uek.aarch64.rpm kernel-uek-container-debug-5.15.0-312.187.5.el8uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-312.187.5.el8uek.src.rpm Related CVEs: CVE-2024-26726 CVE-2024-57883 CVE-2025-37948 CVE-2025-37958 CVE-2025-37963 CVE-2025-38000 CVE-2025-38001 CVE-2025-38003 CVE-2025-38004 CVE-2025-38034 CVE-2025-38035 CVE-2025-38037 CVE-2025-38043 CVE-2025-38044 CVE-2025-38048 CVE-2025-38051 CVE-2025-38052 CVE-2025-38058 CVE-2025-38061 CVE-2025-38065 CVE-2025-38066 CVE-2025-38068 CVE-2025-38072 CVE-2025-38075 CVE-2025-38077 CVE-2025-38078 CVE-2025-38079 CVE-2025-38083 CVE-2025-38084 CVE-2025-38085 CVE-2025-38086 CVE-2025-38088 CVE-2025-38090 CVE-2025-38094 CVE-2025-38100 CVE-2025-38102 CVE-2025-38103 CVE-2025-38107 CVE-2025-38108 CVE-2025-38111 CVE-2025-38112 CVE-2025-38115 CVE-2025-38119 CVE-2025-38120 CVE-2025-38122 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38143 CVE-2025-38145 CVE-2025-38146 CVE-2025-38147 CVE-2025-38153 CVE-2025-38154 CVE-2025-38157 CVE-2025-38159 CVE-2025-38160 CVE-2025-38161 CVE-2025-38163 CVE-2025-38167 CVE-2025-38173 CVE-2025-38174 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38193 CVE-2025-38194 CVE-2025-38197 CVE-2025-38200 CVE-2025-38203 CVE-2025-38204 CVE-2025-38206 CVE-2025-38211 CVE-2025-38212 CVE-2025-38214 CVE-2025-38218 CVE-2025-38219 CVE-2025-38222 CVE-2025-38226 CVE-2025-38227 CVE-2025-38229 CVE-2025-38230 CVE-2025-38231 CVE-2025-38237 CVE-2025-38245 CVE-2025-38249 CVE-2025-38251 CVE-2025-38257 CVE-2025-38262 CVE-2025-38263 CVE-2025-38273 CVE-2025-38280 CVE-2025-38285 CVE-2025-38286 CVE-2025-38293 CVE-2025-38298 CVE-2025-38305 CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38319 CVE-2025-38320 CVE-2025-38323 CVE-2025-38324 CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38336 CVE-2025-38337 CVE-2025-38342 CVE-2025-38344 CVE-2025-38345 CVE-2025-38346 CVE-2025-38348 CVE-2025-38350 CVE-2025-38352 CVE-2025-38362 CVE-2025-38363 CVE-2025-38371 CVE-2025-38377 CVE-2025-38380 CVE-2025-38384 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38391 CVE-2025-38393 CVE-2025-38395 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38403 CVE-2025-38404 CVE-2025-38406 CVE-2025-38410 CVE-2025-38412 CVE-2025-38415 CVE-2025-38416 CVE-2025-38418 CVE-2025-38419 CVE-2025-38420 CVE-2025-38424 CVE-2025-38428 CVE-2025-38430 CVE-2025-38498 Description of changes: [5.15.0-312.187.5.el8uek] - Revert "mm: hugetlb: independent PMD page table shared count" (Harshit Mogalapalli) [Orabug: 38327655] [5.15.0-312.187.4.el8uek] - rds: Fix NULL ptr deref in xas_start (H?kon Bugge) [Orabug: 38166374] - KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38319943] - hugetlb: arm64: add mte support (Dave Kleikamp) [Orabug: 38177800] [5.15.0-312.187.3.el8uek] - TIOCSTI: Document CAP_SYS_ADMIN behaviour in Kconfig (G?nther Noack) [Orabug: 38255504] - TIOCSTI: always enable for CAP_SYS_ADMIN (Samuel Thibault) [Orabug: 38255504] - tty: Fix typo in LEGACY_TIOCSTI Kconfig description (Hanno B?ck) [Orabug: 38255504] - tty: Move TIOCSTI toggle variable before kerndoc (Kees Cook) [Orabug: 38255504] - tty: Allow TIOCSTI to be disabled (Kees Cook) [Orabug: 38255504] - tty: Move sysctl setup into "core" tty logic (Kees Cook) [Orabug: 38255504] - tty: reformat kernel-doc in tty_io.c (Jiri Slaby) [Orabug: 38255504] - tty: reformat kernel-doc in tty_ldisc.c (Jiri Slaby) [Orabug: 38255504] - net/mlx5: E-Switch, Fix switching to switchdev mode in MPV (Patrisious Haddad) [Orabug: 38236297] - net/mlx5: E-Switch, Fix switching to switchdev mode with IB device disabled (Patrisious Haddad) [Orabug: 38236297] - net/mlx5: E-switch, refactor eswitch mode change (Patrisious Haddad) [Orabug: 38236297] - IB/mlx5: Support querying eswitch functions from DEVX (Bodong Wang) [Orabug: 38236297] - RDMA/mlx5: Fix HW counters query for non-representor devices (Patrisious Haddad) [Orabug: 38161800] - RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad) [Orabug: 38161800] - Revert "RDMA/mlx5: Fix CC counters query for MPV" (Qing Huang) [Orabug: 38161800] - RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad) [Orabug: 38118599] [5.15.0-312.187.2.el8uek] - EDAC: Octeon: Fix compile error by replacing sdei_init() with acpi_sdei_init() (Vijayendra Suman) [Orabug: 38294908] - LTS version: v5.15.187 (Vijayendra Suman) - usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38309912] {CVE-2025-38404} - platform/x86: think-lmi: Create ksets consecutively (Kurt Borja) - Logitech C-270 even more broken (Oliver Neukum) - i2c/designware: Fix an initialization issue (Michael J. Ruhl) [Orabug: 38253850] {CVE-2025-38380} - usb: cdnsp: do not disable slot for disabled slot (Peter Chen) - xhci: dbc: Flush queued requests before stopping dbc (Mathias Nyman) - xhci: dbctty: disable ECHO flag by default (?ukasz Bartosik) - platform/x86: dell-wmi-sysman: Fix class device unregistration (Kurt Borja) - platform/x86: think-lmi: Fix class device unregistration (Kurt Borja) - dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai) - net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats (Ioana Ciornei) - dpaa2-eth: Update SINGLE_STEP register access (Radu Bulie) - dpaa2-eth: Update dpni_get_single_step_cfg command (Radu Bulie) - ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier) - NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust) - drm/v3d: Disable interrupts before resetting the GPU (Ma?ra Canal) [Orabug: 38253820] {CVE-2025-38371} - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253906] {CVE-2025-38395} - regulator: gpio: Add input_supply support in gpio_regulator_config (Jerome Neanne) - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (Avri Altman) - rcu: Return early if callback is not specified (Uladzislau Rezki) - mtd: spinand: fix memory leak of ECC engine conf (Pablo Martin-Gomez) [Orabug: 38253863] {CVE-2025-38384} - ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253874] {CVE-2025-38386} - wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253945] {CVE-2025-38406} - wifi: mac80211: drop invalid source address OCB frames (Johannes Berg) - scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (Maurizio Lombardi) [Orabug: 38253914] {CVE-2025-38399} - powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan) - ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg) - ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai) - ALSA: sb: Don't allow changing the DMA mode during operations (Takashi Iwai) - drm/msm: Fix a fence leak in submit error path (Rob Clark) [Orabug: 38253967] {CVE-2025-38410} - nui: Fix dma_mapping_error() check (Thomas Fourier) - rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju) [Orabug: 38253841] {CVE-2025-38377} - enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari) - amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju) - lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter) - igc: disable L1.2 PCI-E link substate to avoid performance issue (Vitaly Lifshits) - drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253886] {CVE-2025-38389} - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (Kurt Borja) [Orabug: 38253976] {CVE-2025-38412} - drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter) - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark) - drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski) - btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana) - scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche) - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier) - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (Thomas Fourier) - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (Benjamin Coddington) [Orabug: 38253900] {CVE-2025-38393} - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253922] {CVE-2025-38400} - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253880] {CVE-2025-38387} - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson) - mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky) - mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu) [Orabug: 38253927] {CVE-2025-38401} - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu) - usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253893] {CVE-2025-38391} - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih) - vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253936] {CVE-2025-38403} - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (Mateusz Jo?czyk) - ARM: 9354/1: ptrace: Use bitfield helpers (Geert Uytterhoeven) - btrfs: don't drop extent_map for free space inode on write error (Josef Bacik) [Orabug: 36530624] {CVE-2024-26726} - arm64: Restrict pagetable teardown to avoid false warning (Dev Jain) - s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS (Nathan Chancellor) - s390/entry: Fix last breaking event handling in case of stack corruption (Heiko Carstens) - media: uvcvideo: Rollback non processed entities on error (Ricardo Ribalda) - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (Dexuan Cui) - drm/amd/display: Add null pointer check for get_first_active_display() (Xu Wang) [Orabug: 38253794] {CVE-2025-38362} - drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready (Aradhya Bhatia) - drm/bridge: cdns-dsi: Check return value when getting default PHY config (Aradhya Bhatia) - drm/bridge: cdns-dsi: Fix connecting to next bridge (Aradhya Bhatia) - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (Aradhya Bhatia) - drm/amdkfd: Fix race in GWS queue scheduling (Jay Cornwall) - drm/udl: Unregister device before cleaning up on disconnect (Thomas Zimmermann) - drm/tegra: Fix a possible null pointer dereference (Qiu-Ji Chen) [Orabug: 38253800] {CVE-2025-38363} - drm/tegra: Assign plane type before registration (Thierry Reding) - HID: wacom: fix kobject reference count leak (Qasim Ijaz) - HID: wacom: fix memory leak on sysfs attribute creation failure (Qasim Ijaz) - HID: wacom: fix memory leak on kobject creation failure (Qasim Ijaz) - btrfs: update superblock's device bytes_used when dropping chunk (Mark Harmstone) - dm-raid: fix variable in journal device check (Heinz Mauelshagen) - Bluetooth: L2CAP: Fix L2CAP MTU negotiation (Fr?d?ric Danis) - dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive (Yao Zi) - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (Nathan Chancellor) - net: selftests: fix TCP packet checksum (Jakub Kicinski) - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug: 38175043] {CVE-2025-38245} - net: enetc: Correct endianness handling in _enetc_rd_reg64 (Simon Horman) - um: ubd: Add missing error check in start_io_thread() (Tiwei Bie) - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors (Stefano Garzarella) - af_unix: Don't set -ECONNRESET for consumed OOB skb. (Kuniyuki Iwashima) - wifi: mac80211: fix beacon interval calculation overflow (Lachlan Hodges) - libbpf: Fix null pointer dereference in btf_dump__free on allocation failure (Yuan Chen) - attach_recursive_mnt(): do not lock the covering tree when sliding something under it (Al Viro) - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug: 38175063] {CVE-2025-38249} - atm: clip: prevent NULL deref in clip_push() (Eric Dumazet) [Orabug: 38175077] {CVE-2025-38251} - s390/pkey: Prevent overflow in size calculation for memdup_user() (Fedor Pchelkin) [Orabug: 38175091] {CVE-2025-38257} - i2c: robotfuzz-osif: disable zero-length read messages (Wolfram Sang) - i2c: tiny-usb: disable zero-length read messages (Wolfram Sang) - platform/x86: ideapad-laptop: use usleep_range() for EC polling (Rongrong) - dummycon: Trigger redraw when switching consoles with deferred takeover (Thomas Zimmermann) - tty: vt: make consw::con_switch() return a bool (Jiri Slaby) - tty: vt: sanitize arguments of consw::con_clear() (Jiri Slaby) - tty: vt: make init parameter of consw::con_init() a bool (Jiri Slaby) - vgacon: remove unneeded forward declarations (Jiri Slaby) - vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen() (Jiri Slaby) - tty/vt: consolemap: rename and document struct uni_pagedir (Jiri Slaby) - fbcon: delete a few unneeded forward decl (Daniel Vetter) - uio_hv_generic: Align ring size to system page (Long Li) - uio_hv_generic: Query the ringbuffer size for device (Saurabh Singh Sengar) - Drivers: hv: vmbus: Add utility function for querying ring size (Saurabh Singh Sengar) - Drivers: hv: Rename 'alloced' to 'allocated' (Vitaly Kuznetsov) - f2fs: don't over-report free space or inodes in statvfs (Chao Yu) - media: imx-jpeg: Drop the first error frames (Ming Qian) - clk: ti: am43xx: Add clkctrl data for am43xx ADC1 (Miquel Raynal) - media: omap3isp: use sgtable-based scatterlist wrappers (Marek Szyprowski) - media: davinci: vpif: Fix memory leak in probe error path (Dmitry Nikiforov) - jfs: validate AG parameters in dbMount() to prevent crashes (Vasiliy Kovalev) [Orabug: 38158700] {CVE-2025-38230} - fs/jfs: consolidate sanity checking in dbMount (Dave Kleikamp) - ovl: Check for NULL d_inode() in ovl_dentry_upper() (Kees Cook) - ceph: fix possible integer overflow in ceph_zero_objects() (Dmitry Kandybka) - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (Mario Limonciello) - ALSA: hda: Add new pci id for AMD GPU display HD audio controller (Vijendar Mukunda) - ALSA: hda: Ignore unsol events for cards being shut down (Cezary Rojewski) - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (Jos Wang) - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (Robert Hodaszi) - usb: Add checks for snprintf() calls in usb_alloc_dev() (Andy Shevchenko) - usb: common: usb-conn-gpio: use a unique name for usb connector device (Chance Yang) - tty: serial: uartlite: register uart driver in init (Jakub Lewalski) [Orabug: 38175113] {CVE-2025-38262} - usb: potential integer overflow in usbg_make_tpg() (Chen Yufeng) - usb: dwc2: also exit clock_gating when stopping udc while suspended (Michael Grzeschik) - coresight: Only check bottom two claim bits (James Clark) - um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h (Sami Tolvanen) - iio: pressure: zpa2326: Use aligned_s64 for the timestamp (Jonathan Cameron) - bcache: fix NULL pointer in cache_set_flush() (Linggang Zeng) [Orabug: 38175119] {CVE-2025-38263} - md/md-bitmap: fix dm-raid max_write_behind setting (Yu Kuai) - dmaengine: xilinx_dma: Set dma_device directions (Thomas Gessler) - ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension (Namjae Jeon) - hwmon: (pmbus/max34440) Fix support for max34451 (Alexis Czezar Torreno) - leds: multicolor: Fix intensity setting while SW blinking (Sven Schwermer) - mfd: max14577: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski) - mailbox: Not protect module_put with spin_lock_irqsave (Peng Fan) - NFSv4.2: fix listxattr to return selinux security label (Olga Kornievskaia) - NFSv4: Always set NLINK even if the server doesn't support it (Han Young) - cifs: Fix cifs_query_path_info() for Windows NT servers (Pali Roh?r) - LTS version: v5.15.186 (Vijayendra Suman) - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (Kees Cook) - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (Vitaliy Shevtsov) - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() (Tengda Wu) [Orabug: 38180595] {CVE-2025-38320} - perf: Fix sample vs do_exit() (Peter Zijlstra) [Orabug: 38254029] {CVE-2025-38424} - s390/pci: Fix __pcilg_mio_inuser() inline assembly (Heiko Carstens) - bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE (Paul Chaignon) - net: Fix checksum update for ILA adj-transport (Paul Chaignon) - ext4: avoid remount errors with 'abort' mount option (Jan Kara) - ext4: make 'abort' mount option handling standard (Jan Kara) - mm/huge_memory: fix dereferencing invalid pmd migration entry (Gavin Guo) [Orabug: 37976983] {CVE-2025-37958} - net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158476] {CVE-2025-38193} - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (James Morse) - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (James Morse) [Orabug: 37977005] {CVE-2025-37963} - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (James Morse) [Orabug: 37976929] {CVE-2025-37948} - arm64: spectre: increase parameters that can be used to turn off bhb mitigation individually (Liu Song) - arm64: proton-pack: Expose whether the branchy loop k value (James Morse) - arm64: proton-pack: Expose whether the platform is mitigated by firmware (James Morse) - arm64: insn: Add support for encoding DSB (James Morse) - arm64: insn: add encoders for atomic operations (Hou Tao) - arm64: move AARCH64_BREAK_FAULT into insn-def.h (Hou Tao) - serial: sh-sci: Increment the runtime usage counter for the earlycon device (Claudiu Beznea) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms (Geert Uytterhoeven) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert time (Colin Foster) - ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board (Shengyu Qu) - net: atm: fix /proc/net/atm/lec handling (Eric Dumazet) [Orabug: 38158405] {CVE-2025-38180} - net: atm: add lec_mutex (Eric Dumazet) [Orabug: 38180611] {CVE-2025-38323} - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (Kuniyuki Iwashima) [Orabug: 38158412] {CVE-2025-38181} - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (Haixia Qu) [Orabug: 38158424] {CVE-2025-38184} - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Neal Cardwell) - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). (Kuniyuki Iwashima) [Orabug: 38158433] {CVE-2025-38185} - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). (Kuniyuki Iwashima) [Orabug: 38180617] {CVE-2025-38324} - wifi: carl9170: do not ping device which has failed to load firmware (Dmitry Antipov) [Orabug: 38254010] {CVE-2025-38420} - ptp: fix breakage after ptp_vclock_in_use() rework (Vladimir Oltean) - net: ice: Perform accurate aRFS flow match (Krishna Kumar) - aoe: clean device rq_list in aoedev_downdev() (Justin Sanders) [Orabug: 38180627] {CVE-2025-38326} - pldmfw: Select CRC32 when PLDMFW is selected (Simon Horman) - hwmon: (occ) fix unaligned accesses (Arnd Bergmann) - hwmon: (occ) Rework attribute registration for stack usage (Arnd Bergmann) - hwmon: (occ) Add soft minimum power cap attribute (Eddie James) - drm/nouveau/bl: increase buffer size to avoid truncate warning (Jacob Keller) - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (Krzysztof Kozlowski) - erofs: remove unused trace event erofs_destroy_inode (Gao Xiang) - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (Jann Horn) [Orabug: 38132180] {CVE-2025-38085} - mm: hugetlb: independent PMD page table shared count (Liu Shixin) [Orabug: 37484959] {CVE-2024-57883} - mm/hugetlb: unshare page tables during VMA split, not before (Jann Horn) [Orabug: 38132171] {CVE-2025-38084} - iio: accel: fxls8962af: Fix temperature calculation (Sean Nyekjaer) - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (Jonathan Lane) - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (Takashi Iwai) - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (Wangdicheng) - Input: sparcspkr - avoid unannotated fall-through (Yuli Wang) - block: default BLOCK_LEGACY_AUTOLOAD to y (Christoph Hellwig) - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (Terry Junge) [Orabug: 38152876] {CVE-2025-38103} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. (Kuniyuki Iwashima) [Orabug: 38158457] {CVE-2025-38190} - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (Stephen Smalley) - selftests/x86: Add a test to detect infinite SIGTRAP handler loop (Xin Li) - udmabuf: use sgtable-based scatterlist wrappers (Marek Szyprowski) - scsi: s390: zfcp: Ensure synchronous unit_add (Peter Oberparleiter) - scsi: storvsc: Increase the timeouts to storvsc_timeout (Dexuan Cui) - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (Fedor Pchelkin) [Orabug: 38180635] {CVE-2025-38328} - jffs2: check that raw node were preallocated before writing summary (Artem Sadovnikov) [Orabug: 38158483] {CVE-2025-38194} - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (Andrew Morton) [Orabug: 38137453] {CVE-2025-38090} - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (Narayana Murty N) - platform/x86: dell_rbu: Stop overwriting data buffer (Stuart Hayes) - platform/x86: dell_rbu: Fix list usage (Stuart Hayes) [Orabug: 38158494] {CVE-2025-38197} - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" (Alexander Sverdlin) - tee: Prevent size calculation wraparound on 32-bit kernels (Jann Horn) - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY (Sukrut Bellary) - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (Laurentiu Tudor) - watchdog: da9052_wdt: respect TWDMIN (Marcus Folkesson) - octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() (Xu Wang) - bpf, sockmap: Fix data lost during EAGAIN retries (Jiayuan Chen) - i40e: fix MMIO write access to an invalid page in i40e_clear_hw (Kyungwook Boo) [Orabug: 38158517] {CVE-2025-38200} - sock: Correct error checking condition for (assign|release)_proto_idx() (Zijun Hu) - scsi: lpfc: Use memcpy() for BIOS version (Daniel Wagner) [Orabug: 38180667] {CVE-2025-38332} - pinctrl: mcp23s08: Reset all pins to input at probe (Mike Looijmans) - software node: Correct a OOB check in software_node_get_reference_args() (Zijun Hu) [Orabug: 38180730] {CVE-2025-38342} - vxlan: Do not treat dst cache initialization errors as fatal (Ido Schimmel) - net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions (Yong Wang) - iommu/amd: Ensure GA log notifier callbacks finish running before module unload (Sean Christopherson) - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (Justin Tee) - libbpf: Add identical pointer detection to btf_dedup_is_equiv() (Alan Maguire) - clk: rockchip: rk3036: mark ddrphy as critical (Heiko Stuebner) - wifi: mac80211: do not offer a mesh path if forwarding is disabled (Benjamin Berg) - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info (Jason Xing) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (Gabor Juhos) - net: atlantic: generate software timestamp just before the doorbell (Jason Xing) - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT (Sebastian Andrzej Siewior) - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows (Eric Dumazet) - tcp: always seek for minimal rtt in tcp_rcv_rtt_update() (Eric Dumazet) - net: dlink: add synchronization for stats update (Moon Yeounsu) - i2c: npcm: Add clock toggle recovery (Tali Perry) - cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs (Mike Tipton) - sctp: Do not wake readers in __sctp_write_space() (Petr Malat) - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (Henk Vergonet) - emulex/benet: correct command version selection in be_cmd_get_stats() (Alok Tiwari) - i2c: designware: Invoke runtime suspend on quick slave re-registration (Tan En De) - tipc: use kfree_sensitive() for aead cleanup (Zilin Guan) - net: macb: Check return value of dma_set_mask_and_coherent() (Sergio Perez Gonzalez) - cpufreq: Force sync policy boost with global boost on sysfs update (Viresh Kumar) - thermal/drivers/qcom/tsens: Update conditions to strictly evaluate for IP v2+ (George Moussalem) - pmdomain: ti: Fix STANDBY handling of PER power domain (Sukrut Bellary) - nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults (Simon Schuster) - media: i2c: imx334: update mode_3840x2160_regs array (Shravan Chippa) - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() (Xu Wang) [Orabug: 38175013] {CVE-2025-38237} - media: tc358743: ignore video while HPD is low (Hans Verkuil) - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB (Amber Lin) - drm/msm/dpu: don't select single flush for active CTL blocks (Dmitry Baryshkov) - jfs: Fix null-ptr-deref in jfs_ioc_trim (Dylan Wolff) [Orabug: 38158545] {CVE-2025-38203} - drm/amdgpu/gfx9: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx8: fix CSIB handling (Alex Deucher) - ext4: prevent stale extent cache entries caused by concurrent get es_cache (Zhang Yi) - sunrpc: fix race in cache cleanup causing stale nextcheck time (Long Li) - media: rkvdec: Initialize the m2m context before the controls (Nicolas Dufresne) - media: ti: cal: Fix wrong goto on error path (Tomi Valkeinen) - jfs: fix array-index-out-of-bounds read in add_missing_indices (Aditya Dutt) [Orabug: 38158552] {CVE-2025-38204} - ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in ext4_ext_remove_space() (Zhang Yi) - drm/amdgpu/gfx7: fix CSIB handling (Alex Deucher) - media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition (Nas Chung) - media: ccs-pll: Better validate VT PLL branch (Sakari Ailus) - drm/amdgpu/gfx10: fix CSIB handling (Alex Deucher) - media: i2c: imx334: Fix runtime PM handling in remove function (Tarang Raval) - drm/msm/a6xx: Increase HFI response timeout (Akhil P Oommen) - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() (Srinivasan Shanmugam) - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition (Nas Chung) - drm/msm/hdmi: add runtime PM calls to DDC transfer function (Dmitry Baryshkov) - media: i2c: imx334: Enable runtime PM before sub-device registration (Tarang Raval) - drm/bridge: anx7625: change the gpiod_set_value API (Ayushi Makhija) - exfat: fix double free in delayed_free (Namjae Jeon) [Orabug: 38158566] {CVE-2025-38206} - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() (Damon Ding) - sunrpc: update nextcheck time when adding new cache entries (Long Li) - drm/amdgpu/gfx6: fix CSIB handling (Alex Deucher) - ACPI: battery: negate current when discharging (Peter Marheine) - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (Charan Teja Kalla) - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (Yuanjun Gong) - ACPICA: utilities: Fix overflow check in vsnprintf() (Philip Redkin) - power: supply: bq27xxx: Retrieve again when busy (Jerry Lv) - ACPICA: fix acpi parse and parseext cache leaks (Seunghun Han) [Orabug: 38180747] {CVE-2025-38344} - ACPI: bus: Bail out if acpi_kobj registration fails (Armin Wolf) - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (Hector Martin) - ACPICA: Avoid sequence overread in call to strncmp() (Ahmed Salem) - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (Guilherme G. Piccoli) - ACPICA: fix acpi operand cache leak in dswstate.c (Seunghun Han) [Orabug: 38180755] {CVE-2025-38345} - iio: adc: ad7606_spi: fix reg write value mask (David Lechner) - iio: imu: inv_icm42600: Fix temperature calculation (Sean Nyekjaer) - iio: accel: fxls8962af: Fix temperature scan element sign (Sean Nyekjaer) - PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() (Diederik de Haas) - PCI: Fix lock symmetry in pci_slot_unlock() (Ilpo J?rvinen) - PCI: Add ACS quirk for Loongson PCIe (Huacai Chen) - PCI: cadence-ep: Correct PBA offset in .set_msix() callback (Niklas Cassel) - uio_hv_generic: Use correct size for interrupt and monitor pages (Long Li) - remoteproc: core: Release rproc->clean_table after rproc_attach() fails (Xiaolei Wang) [Orabug: 38254002] {CVE-2025-38418} - remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (Xiaolei Wang) [Orabug: 38254006] {CVE-2025-38419} - regulator: max14577: Add error check for max14577_read_reg() (Xu Wang) - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS (Khem Raj) - staging: iio: ad5933: Correct settling cycles encoding per datasheet (Gabriel) - net: ch9200: fix uninitialised access during mii_nway_restart (Qasim Ijaz) [Orabug: 38132188] {CVE-2025-38086} - ftrace: Fix UAF when lookup kallsym after ftrace disabled (Ye Bin) [Orabug: 38180767] {CVE-2025-38346} - dm-mirror: fix a tiny race condition (Mikulas Patocka) - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (Xu Wang) - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (Xu Wang) - mm: fix ratelimit_pages update error in dirty_ratio_handler() (Jinliang Zheng) - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug: 38158591] {CVE-2025-38211} - ipc: fix to protect IPCS lookups using RCU (Jeongjun Park) [Orabug: 38158597] {CVE-2025-38212} - clk: meson-g12a: add missing fclk_div2 to spicc (Da Xue) - parisc: fix building with gcc-15 (Arnd Bergmann) - vgacon: Add check for vc_origin address range in vgacon_scroll() (Gong, Ruiqi) - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (Murad Masimov) [Orabug: 38158614] {CVE-2025-38214} - EDAC/altera: Use correct write width with the INTTEST register (Niravkumar L Rabara) - NFC: nci: uart: Set tty->disc_data only in success path (Krzysztof Kozlowski) [Orabug: 38253991] {CVE-2025-38416} - f2fs: fix to do sanity check on sit_bitmap_size (Chao Yu) [Orabug: 38158639] {CVE-2025-38218} - f2fs: prevent kernel warning due to negative i_nlink from corrupted image (Jaegeuk Kim) [Orabug: 38158647] {CVE-2025-38219} - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (Dan Carpenter) [Orabug: 38254053] {CVE-2025-38428} - ext4: ensure i_size is smaller than maxbytes (Zhang Yi) - ext4: factor out ext4_get_maxbytes() (Zhang Yi) - ext4: fix calculation of credits for extent tree modification (Jan Kara) - ext4: inline: fix len overflow in ext4_prepare_inline_data (Thadeu Lima de Souza Cascardo) [Orabug: 38158661] {CVE-2025-38222} - bus: fsl-mc: fix GET/SET_TAILDROP command ids (Wan Junjie) - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (Ioana Ciornei) - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tasos Sahanidis) [Orabug: 38180696] {CVE-2025-38336} - can: tcan4x5x: fix power regulator retrieval during probe (Brett Werling) - bus: mhi: host: Fix conflict between power_up and SYSERR (Jeffrey Hugo) - ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 (Andreas Kemnade) - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() (Ross Stutterheim) - media: uvcvideo: Fix deferred probing error (Ricardo Ribalda) - media: uvcvideo: Send control events for partial succeeds (Ricardo Ribalda) - media: uvcvideo: Return the number of processed controls (Ricardo Ribalda) - media: vivid: Change the siize of the composing (Denis Arefev) [Orabug: 38158680] {CVE-2025-38226} - media: vidtv: Terminating the subsequent process of initialization failure (Edward Adam Davis) [Orabug: 38158685] {CVE-2025-38227} - media: videobuf2: use sgtable-based scatterlist wrappers (Marek Szyprowski) - media: venus: Fix probe error handling (Loic Poulain) - media: v4l2-dev: fix error handling in __video_register_device() (Ma Ke) - media: gspca: Add error handling for stv06xx_read_sensor() (Xu Wang) - media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158691] {CVE-2025-38229} - media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case (Sakari Ailus) - media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div (Sakari Ailus) - media: ccs-pll: Start OP pre-PLL multiplier search from correct value (Sakari Ailus) - media: ccs-pll: Start VT pre-PLL multiplier search from correct value (Sakari Ailus) - media: ov8856: suppress probe deferral errors (Johan Hovold) - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (Mingcong Bai) - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (Jeongjun Park) [Orabug: 38180706] {CVE-2025-38337} - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (Li Lingfeng) [Orabug: 38158706] {CVE-2025-38231} - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (Neil Brown) [Orabug: 38254061] {CVE-2025-38430} - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (Christian Lamparter) [Orabug: 38180782] {CVE-2025-38348} - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (Xu Wang) - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (Xu Wang) - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (Gautam Menghani) - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (Martin Blumenstingl) - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (Xu Wang) - gfs2: move msleep to sleepable context (Alexander Aring) - crypto: marvell/cesa - Do not chain submitted requests (Herbert Xu) - configfs: Do not override creating attribute file failure in populate_attrs() (Zijun Hu) - xfs: allow inode inactivation during a ro mount log recovery (Darrick J. Wong) - kbuild: hdrcheck: fix cross build with clang (Arnd Bergmann) - kbuild: userprogs: fix bitsize and target detection on clang (Thomas Wei?schuh) - drm/meson: Use 1000ULL when operating with mode->clock (I Hsin Cheng) - net: usb: aqc111: debug info before sanitation (Oliver Neukum) - calipso: unlock rcu before returning -EAFNOSUPPORT (Eric Dumazet) - x86/iopl: Cure TIF_IO_BITMAP inconsistencies (Thomas Gleixner) [Orabug: 38152863] {CVE-2025-38100} - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (Stefano Stabellini) - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() (Amit Sunil Dhamne) - usb: Flush altsetting 0 endpoints before reinitializating them after reset. (Mathias Nyman) - usb: cdnsp: Fix issue with detecting USB 3.2 speed (Pawel Laszczak) - usb: cdnsp: Fix issue with detecting command completion event (Pawel Laszczak) - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152868] {CVE-2025-38102} - drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang (Nathan Chancellor) - kbuild: Add KBUILD_CPPFLAGS to as-option invocation (Nathan Chancellor) - kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS (Masahiro Yamada) - kbuild: Add CLANG_FLAGS to as-instr (Nathan Chancellor) - mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation (Nathan Chancellor) - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang (Nathan Chancellor) - kbuild: Update assembler calls to use proper flags and language target (Nick Desaulniers) - MIPS: Prefer cc-option for additions to cflags (Nathan Chancellor) - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option (Nathan Chancellor) - x86/boot/compressed: prefer cc-option for CFLAGS additions (Nick Desaulniers) - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [Orabug: 38223086] {CVE-2025-38352} - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (David Heimann) - perf: Ensure bpf_perf_link path is properly serialized (Peter Zijlstra) - nvmet-fcloop: access fcpreq only when holding reqlock (Daniel Wagner) - fs/filesystems: Fix potential unsigned integer underflow in fs_name() (Zijun Hu) - net_sched: ets: fix a race in ets_qdisc_change() (Eric Dumazet) [Orabug: 38152893] {CVE-2025-38107} - sch_ets: make est_qlen_notify() idempotent (Cong Wang) - net_sched: tbf: fix a race in tbf_change() (Eric Dumazet) - net_sched: red: fix a race in __red_change() (Eric Dumazet) [Orabug: 38152898] {CVE-2025-38108} - net_sched: prio: fix a race in prio_tune() (Eric Dumazet) [Orabug: 38105333] {CVE-2025-38083} - net/mlx5: Fix return value when searching for existing flow group (Patrisious Haddad) - net/mlx5: Ensure fw pages are always allocated on same NUMA (Moshe Shemesh) - net/mdiobus: Fix potential out-of-bounds read/write access (Jakub Raczynski) [Orabug: 38152911] {CVE-2025-38111} - net: mdio: C22 is now optional, EOPNOTSUPP if not provided (Andrew Lunn) - macsec: MACsec SCI assignment for ES = 0 (Carlos Fernandez) - net: Fix TOCTOU issue in sk_is_readable() (Michal Luczaj) [Orabug: 38152915] {CVE-2025-38112} - i40e: retry VFLR handling if there is ongoing VF reset (Robert Malz) - i40e: return false from i40e_reset_vf if reset is in progress (Robert Malz) - drm/meson: fix more rounding issues with 59.94Hz modes (Martin Blumenstingl) - drm/meson: use vclk_freq instead of pixel_freq in debug print (Martin Blumenstingl) - drm/meson: fix debug log statement when setting the HDMI clocks (Martin Blumenstingl) - drm/meson: use unsigned long long / Hz for frequency types (Martin Blumenstingl) - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (Haren Myneni) - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (Ritesh Harjani) [Orabug: 38137444] {CVE-2025-38088} - net_sched: sch_sfq: fix a potential crash on gso_skb handling (Eric Dumazet) [Orabug: 38152922] {CVE-2025-38115} - scsi: iscsi: Fix incorrect error path labels for flashnode operations (Alok Tiwari) - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (Caleb Connolly) - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (Jeongjun Park) [Orabug: 38180545] {CVE-2025-38305} - scsi: core: ufs: Fix a hang in the error handler (Sanjeev Yadav) [Orabug: 38152945] {CVE-2025-38119} - serial: sh-sci: Clean sci_ports[0] after at earlycon exit (Claudiu Beznea) - serial: sh-sci: Move runtime PM enable to sci_probe_single() (Claudiu Beznea) - serial: sh-sci: Check if TX data was written to device in .tx_empty() (Claudiu Beznea) - arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 (Judith Mendez) - arm64: dts: ti: k3-am65-main: Fix sdhci node properties (Judith Mendez) - arm64: dts: ti: k3-am65-main: Drop deprecated ti,otap-del-sel property (Nishanth Menon) - Input: synaptics-rmi - fix crash with unsupported versions of F34 (Dmitry Torokhov) - Input: synaptics-rmi4 - convert to use sysfs_emit() APIs (Zhang Songyi) - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() (Dan Carpenter) - do_change_type(): refuse to operate on unmounted/not ours mounts (Al Viro) [Orabug: 38256449] {CVE-2025-38498} - fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) (Al Viro) - seg6: Fix validation of nexthop addresses (Ido Schimmel) [Orabug: 38180555] {CVE-2025-38310} - wireguard: device: enable threaded NAPI (Mirco Barone) - netfilter: nf_set_pipapo_avx2: fix initial map fill (Florian Westphal) [Orabug: 38152957] {CVE-2025-38120} - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (Alok Tiwari) [Orabug: 38152965] {CVE-2025-38122} - vmxnet3: correctly report gso type for UDP tunnels (Ronak Doshi) - net: dsa: tag_brcm: legacy: fix pskb_may_pull length (?lvaro Fern?ndez Rojas) - ice: create new Tx scheduler nodes for new queues only (Michal Kubiak) - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (Luiz Augusto von Dentz) - spi: bcm63xx-hsspi: fix shared reset (?lvaro Fern?ndez Rojas) - spi: bcm63xx-spi: fix shared reset (?lvaro Fern?ndez Rojas) - net/mlx4_en: Prevent potential integer overflow calculating Hz (Dan Carpenter) - driver: net: ethernet: mtk_star_emac: fix suspend/resume issue (Yanqing Wang) - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (Alok Tiwari) - net: stmmac: platform: guarantee uniqueness of bus_id (Quentin Schulz) - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (Nicolas Pitre) - MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a (Yuli Wang) - iio: adc: ad7124: Fix 3dB filter frequency reading (Uwe Kleine-K?nig) - serial: Fix potential null-ptr-deref in mlb_usio_probe() (Henry Martin) [Orabug: 38153011] {CVE-2025-38135} - usb: renesas_usbhs: Reorder clock handling and power management in probe (Lad Prabhakar) [Orabug: 38153016] {CVE-2025-38136} - PCI/DPC: Initialize aer_err_info before using it (Bjorn Helgaas) - dmaengine: ti: Add NULL check in udma_probe() (Henry Martin) [Orabug: 38153029] {CVE-2025-38138} - PCI: cadence: Fix runtime atomic count underflow (Hans Zhang) - rtc: sh: assign correct interrupts with DT (Wolfram Sang) - perf record: Fix incorrect --user-regs comments (Dapeng Mi) - perf tests switch-tracking: Fix timestamp comparison (Leo Yan) - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (Alexey Gladkov) - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (Christophe Jaillet) - rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() (Dan Carpenter) - remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe (Dan Carpenter) - perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 (Adrian Hunter) - backlight: pm8941: Add NULL check in wled_configure() (Henry Martin) [Orabug: 38153050] {CVE-2025-38143} - perf ui browser hists: Set actions->thread before calling do_zoom_thread() (Arnaldo Carvalho de Melo) - perf build: Warn when libdebuginfod devel files are not available (Arnaldo Carvalho de Melo) - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180565] {CVE-2025-38312} - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153059] {CVE-2025-38145} - soc: aspeed: lpc: Fix impossible judgment condition (Su Hui) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (Quentin Schulz) - ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device (Dmitry Baryshkov) - bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180572] {CVE-2025-38313} - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (Ryusuke Konishi) - nilfs2: add pointer check for nilfs_direct_propagate() (Xu Wang) - ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery (Murad Masimov) - Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253984] {CVE-2025-38415} - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (Adam Ford) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (Adam Ford) - ARM: dts: at91: at91sam9263: fix NAND chip selects (Wolfram Sang) - ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select (Wolfram Sang) - f2fs: fix to correct check conditions in f2fs_cross_rename (Zhiguo Niu) - f2fs: use d_inode(dentry) cleanup dentry->d_inode (Zhiguo Niu) - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames (Horatiu Vultur) - net: openvswitch: Fix the dead loop of MPLS parse (Faicker Mo) [Orabug: 38153064] {CVE-2025-38146} - calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153069] {CVE-2025-38147} - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy (Thangaraj Samynathan) - bpf: Avoid __bpf_prog_ret0_warn when jit fails (Kafai Wan) [Orabug: 38180470] {CVE-2025-38280} - net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153088] {CVE-2025-38153} - netfilter: nft_tunnel: fix geneve_opt dump (Fernando Fernandez Mancera) - bpf, sockmap: Avoid using sk_socket after free when sending (Jiayuan Chen) [Orabug: 38153094] {CVE-2025-38154} - vfio/type1: Fix error unwind in migration dirty bitmap allocation (Li Rongqing) - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (Florian Westphal) - wifi: ath9k_htc: Abort software beacon handling if disabled (Toke H?iland-J?rgensen) [Orabug: 38153109] {CVE-2025-38157} - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (Alexey Kodanev) [Orabug: 38153121] {CVE-2025-38159} - s390/bpf: Store backchain even for leaf progs (Ilya Leoshkevich) - clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz (Vincent Knecht) - bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180488] {CVE-2025-38285} - pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180494] {CVE-2025-38286} - libbpf: Use proper errno value in nlattr (Anton Protopopov) - ktls, sockmap: Fix missing uncharge operation (Jiayuan Chen) - clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (Henry Martin) [Orabug: 38153131] {CVE-2025-38160} - clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs (Luca Weiss) - bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (Anton Protopopov) - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (Patrisious Haddad) [Orabug: 38153138] {CVE-2025-38161} - netfilter: nft_quota: match correctly when the quota just depleted (Zhongqiu Duan) - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (Huajian Yang) - libbpf: Use proper errno value in linker (Anton Protopopov) - f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() (Chao Yu) - f2fs: clean up w/ fscrypt_is_bounce_page() (Chao Yu) - iommu: Protect against overflow in iommu_pgsize() (Jason Gunthorpe) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (Junxian Huang) - wifi: rtw88: do not ignore hardware read error during DPK (Dmitry Antipov) - libbpf: Fix buffer overflow in bpf_object__init_prog (Viktor Malik) - net: ncsi: Fix GCPS 64-bit member variables (Hari Kalavakunta) - f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153149] {CVE-2025-38163} - bpf, sockmap: fix duplicated data transmission (Jiayuan Chen) - IB/cm: use rwlock for MAD agent lock (Jacob Moroni) - wifi: ath11k: fix node corruption in ar->arvifs list (Stone Zhang) [Orabug: 38180515] {CVE-2025-38293} - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (Huang Yiwei) - drm/tegra: rgb: Fix the unbound reference count (Biju Das) - drm/vkms: Adjust vkms_state->active_planes allocation type (Kees Cook) - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (Biju Das) - selftests/seccomp: fix syscall_restart test for arm compat (Neill Kapron) - firmware: psci: Fix refcount leak in psci_dt_init (Miaoqian Lin) - m68k: mac: Fix macintosh_config for Mac II (Finn Thain) - fs/ntfs3: handle hdr_first_de() return value (Andrey Vatoropin) [Orabug: 38153172] {CVE-2025-38167} - media: rkvdec: Fix frame size enumeration (Jonas Karlman) - drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (Charles Han) [Orabug: 38180589] {CVE-2025-38319} - spi: sh-msiof: Fix maximum DMA transfer size (Geert Uytterhoeven) - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" (Armin Wolf) - x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (Jiaqing Zhao) - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (Zijun Hu) - power: reset: at91-reset: Optimize at91_reset() (Alexander Shiyan) - EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180524] {CVE-2025-38298} - crypto: sun8i-ce - move fallback ahash_request to the end of the struct (Ovidiu Panait) - crypto: xts - Only add ecb if it is not already there (Herbert Xu) - crypto: lrw - Only add ecb if it is not already there (Herbert Xu) - crypto: marvell/cesa - Avoid empty transfer descriptor (Herbert Xu) - crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153188] {CVE-2025-38173} - x86/cpu: Sanitize CPUID(0x80000000) output (Ahmed S. Darwish) - crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions (Corentin Labbe) - perf/core: Fix broken throttling when max_samples_per_tick=1 (Qing Wang) - gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher) - thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158383] {CVE-2025-38174} - usb: usbtmc: Fix timeout value in get_stb (Dave Penkler) - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (Charles Yeh) - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (Hongyu Xie) - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (Jiayi Li) - rtc: Fix offset calculation for .start_secs < 0 (Alexandre Mergnat) - rtc: Make rtc_time64_to_tm() support dates before 1970 (Alexandre Mergnat) - pinctrl: armada-37xx: set GPIO output value before setting direction (Gabor Juhos) - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (Gabor Juhos) [5.15.0-312.185.1.el8uek] - uek-rpm: mips: Disable CONFIG_TRANSPARENT_HUGEPAGE (Dave Kleikamp) [Orabug: 38280961] - KVM: x86/MMU: Allow faulting at hugepages during dirty tracking (Joao Martins) [Orabug: 36409415] - KVM: x86/MMU: Dirty tracking without write-protection for shadow paging (Joao Martins) [Orabug: 36409415] - KVM: x86/MMU: Track rmap present pages (Joao Martins) [Orabug: 36409415] - nvme: check for valid nvme_identify_ns() before using it (Ewan D. Milne) [Orabug: 38207640] - nvme: bring back auto-removal of deleted namespaces during sequential scan (Christoph Hellwig) [Orabug: 38207640] - rds: tcp: block BH in TCP callbacks (Eric Dumazet) [Orabug: 38236843] From el-errata at oss.oracle.com Tue Sep 9 11:58:03 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:03 -0700 Subject: [El-errata] ELBA-2025-20549 Oracle Linux 7 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20549 http://linux.oracle.com/errata/ELBA-2025-20549.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.42.el7.noarch.rpm iwl100-firmware-39.31.5.1-999.42.el7.noarch.rpm iwl105-firmware-18.168.6.1-999.42.el7.noarch.rpm iwl135-firmware-18.168.6.1-999.42.el7.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.el7.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.el7.noarch.rpm iwl3160-firmware-22.0.7.0-999.42.el7.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.el7.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.el7.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.el7.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-999.42.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-999.42.el7.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.el7.noarch.rpm iwl7260-firmware-22.0.7.0-999.42.el7.noarch.rpm iwlax2xx-firmware-20250826-999.42.el7.noarch.rpm linux-firmware-20250826-999.42.git356f06bf.el7.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/linux-firmware-20250826-999.42.git356f06bf.el7.src.rpm Description of changes: [20250826-999.42.git356f06bf.el7] - Handling downgrade issue for Nvidia firmware changes [Orabug: 38303112] [20250611-999.41.git356f06bf.el7] - Rebase to latest upstream [Orabug: 38028345] [20250423-999.40.git32f3227b.el7] - Rebase to latest upstream [Orabug: 37868435] [20250319-999.39.git430633ec.el7] - Rebase to latest upstream [Orabug: 37729115] [20250203-999.38.git0fd450ee.el7] - Rebase to latest upstream [Orabug: 37535629] [20241213-999.36.git2cdfe09e.el7] - Rebase to latest upstream [Orabug: 37405529] From el-errata at oss.oracle.com Tue Sep 9 11:58:31 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:31 -0700 Subject: [El-errata] ELBA-2025-12877 Oracle Linux 9 linux-firmware bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-12877 http://linux.oracle.com/errata/ELBA-2025-12877.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.43.el9.noarch.rpm iwl100-firmware-39.31.5.1-999.43.el9.noarch.rpm iwl105-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl135-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl2000-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl2030-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl3160-firmware-25.30.13.0-999.43.el9.noarch.rpm iwl3945-firmware-15.32.2.9-999.43.el9.noarch.rpm iwl4965-firmware-228.61.2.24-999.43.el9.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.43.el9.noarch.rpm iwl5150-firmware-8.24.2.2-999.43.el9.noarch.rpm iwl6000-firmware-9.221.4.1-999.43.el9.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl6050-firmware-41.28.5.1-999.43.el9.noarch.rpm iwl7260-firmware-25.30.13.0-999.43.el9.noarch.rpm iwlax2xx-firmware-20250828-999.43.el9.noarch.rpm libertas-sd8686-firmware-20250828-999.43.git260ff424.el9.noarch.rpm libertas-sd8787-firmware-20250828-999.43.git260ff424.el9.noarch.rpm libertas-usb8388-firmware-20250828-999.43.git260ff424.el9.noarch.rpm libertas-usb8388-olpc-firmware-20250828-999.43.git260ff424.el9.noarch.rpm linux-firmware-20250828-999.43.git260ff424.el9.noarch.rpm linux-firmware-core-20250828-999.43.git260ff424.el9.noarch.rpm linux-firmware-whence-20250828-999.43.git260ff424.el9.noarch.rpm liquidio-firmware-20250828-999.43.git260ff424.el9.noarch.rpm netronome-firmware-20250828-999.43.git260ff424.el9.noarch.rpm aarch64: iwl1000-firmware-39.31.5.1-999.43.el9.noarch.rpm iwl100-firmware-39.31.5.1-999.43.el9.noarch.rpm iwl105-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl135-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl2000-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl2030-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl3160-firmware-25.30.13.0-999.43.el9.noarch.rpm iwl3945-firmware-15.32.2.9-999.43.el9.noarch.rpm iwl4965-firmware-228.61.2.24-999.43.el9.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.43.el9.noarch.rpm iwl5150-firmware-8.24.2.2-999.43.el9.noarch.rpm iwl6000-firmware-9.221.4.1-999.43.el9.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.43.el9.noarch.rpm iwl6050-firmware-41.28.5.1-999.43.el9.noarch.rpm iwl7260-firmware-25.30.13.0-999.43.el9.noarch.rpm iwlax2xx-firmware-20250828-999.43.el9.noarch.rpm libertas-sd8686-firmware-20250828-999.43.git260ff424.el9.noarch.rpm libertas-sd8787-firmware-20250828-999.43.git260ff424.el9.noarch.rpm libertas-usb8388-firmware-20250828-999.43.git260ff424.el9.noarch.rpm libertas-usb8388-olpc-firmware-20250828-999.43.git260ff424.el9.noarch.rpm linux-firmware-20250828-999.43.git260ff424.el9.noarch.rpm linux-firmware-core-20250828-999.43.git260ff424.el9.noarch.rpm linux-firmware-whence-20250828-999.43.git260ff424.el9.noarch.rpm liquidio-firmware-20250828-999.43.git260ff424.el9.noarch.rpm netronome-firmware-20250828-999.43.git260ff424.el9.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/linux-firmware-20250828-999.43.git260ff424.el9.src.rpm Description of changes: [20250828-999.43.git260ff424.el9] - Rebase to latest upstream [Orabug: 38200684] - Solve conflicts caused by symbolic link changes [Orabug: 38206139] From el-errata at oss.oracle.com Tue Sep 9 11:58:39 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:39 -0700 Subject: [El-errata] ELSA-2025-20552 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20552 http://linux.oracle.com/errata/ELSA-2025-20552.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-5.15.0-312.187.5.el9uek.x86_64.rpm kernel-uek-5.15.0-312.187.5.el9uek.x86_64.rpm kernel-uek-core-5.15.0-312.187.5.el9uek.x86_64.rpm kernel-uek-debug-5.15.0-312.187.5.el9uek.x86_64.rpm kernel-uek-debug-core-5.15.0-312.187.5.el9uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-312.187.5.el9uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-312.187.5.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-312.187.5.el9uek.x86_64.rpm kernel-uek-devel-5.15.0-312.187.5.el9uek.x86_64.rpm kernel-uek-doc-5.15.0-312.187.5.el9uek.noarch.rpm kernel-uek-modules-5.15.0-312.187.5.el9uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-312.187.5.el9uek.x86_64.rpm kernel-uek-container-5.15.0-312.187.5.el9uek.x86_64.rpm kernel-uek-container-debug-5.15.0-312.187.5.el9uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-312.187.5.el9uek.src.rpm Related CVEs: CVE-2024-26726 CVE-2024-57883 CVE-2025-37948 CVE-2025-37958 CVE-2025-37963 CVE-2025-38000 CVE-2025-38001 CVE-2025-38003 CVE-2025-38004 CVE-2025-38034 CVE-2025-38035 CVE-2025-38037 CVE-2025-38043 CVE-2025-38044 CVE-2025-38048 CVE-2025-38051 CVE-2025-38052 CVE-2025-38058 CVE-2025-38061 CVE-2025-38065 CVE-2025-38066 CVE-2025-38068 CVE-2025-38072 CVE-2025-38075 CVE-2025-38077 CVE-2025-38078 CVE-2025-38079 CVE-2025-38083 CVE-2025-38084 CVE-2025-38085 CVE-2025-38086 CVE-2025-38088 CVE-2025-38090 CVE-2025-38094 CVE-2025-38100 CVE-2025-38102 CVE-2025-38103 CVE-2025-38107 CVE-2025-38108 CVE-2025-38111 CVE-2025-38112 CVE-2025-38115 CVE-2025-38119 CVE-2025-38120 CVE-2025-38122 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38143 CVE-2025-38145 CVE-2025-38146 CVE-2025-38147 CVE-2025-38153 CVE-2025-38154 CVE-2025-38157 CVE-2025-38159 CVE-2025-38160 CVE-2025-38161 CVE-2025-38163 CVE-2025-38167 CVE-2025-38173 CVE-2025-38174 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38193 CVE-2025-38194 CVE-2025-38197 CVE-2025-38200 CVE-2025-38203 CVE-2025-38204 CVE-2025-38206 CVE-2025-38211 CVE-2025-38212 CVE-2025-38214 CVE-2025-38218 CVE-2025-38219 CVE-2025-38222 CVE-2025-38226 CVE-2025-38227 CVE-2025-38229 CVE-2025-38230 CVE-2025-38231 CVE-2025-38237 CVE-2025-38245 CVE-2025-38249 CVE-2025-38251 CVE-2025-38257 CVE-2025-38262 CVE-2025-38263 CVE-2025-38273 CVE-2025-38280 CVE-2025-38285 CVE-2025-38286 CVE-2025-38293 CVE-2025-38298 CVE-2025-38305 CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38319 CVE-2025-38320 CVE-2025-38323 CVE-2025-38324 CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38336 CVE-2025-38337 CVE-2025-38342 CVE-2025-38344 CVE-2025-38345 CVE-2025-38346 CVE-2025-38348 CVE-2025-38350 CVE-2025-38352 CVE-2025-38362 CVE-2025-38363 CVE-2025-38371 CVE-2025-38377 CVE-2025-38380 CVE-2025-38384 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38391 CVE-2025-38393 CVE-2025-38395 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38403 CVE-2025-38404 CVE-2025-38406 CVE-2025-38410 CVE-2025-38412 CVE-2025-38415 CVE-2025-38416 CVE-2025-38418 CVE-2025-38419 CVE-2025-38420 CVE-2025-38424 CVE-2025-38428 CVE-2025-38430 CVE-2025-38498 Description of changes: [5.15.0-312.187.5.el9uek] - Revert "mm: hugetlb: independent PMD page table shared count" (Harshit Mogalapalli) [Orabug: 38327655] [5.15.0-312.187.4.el9uek] - rds: Fix NULL ptr deref in xas_start (H?kon Bugge) [Orabug: 38166374] - KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38319943] - hugetlb: arm64: add mte support (Dave Kleikamp) [Orabug: 38177800] [5.15.0-312.187.3.el9uek] - TIOCSTI: Document CAP_SYS_ADMIN behaviour in Kconfig (G?nther Noack) [Orabug: 38255504] - TIOCSTI: always enable for CAP_SYS_ADMIN (Samuel Thibault) [Orabug: 38255504] - tty: Fix typo in LEGACY_TIOCSTI Kconfig description (Hanno B?ck) [Orabug: 38255504] - tty: Move TIOCSTI toggle variable before kerndoc (Kees Cook) [Orabug: 38255504] - tty: Allow TIOCSTI to be disabled (Kees Cook) [Orabug: 38255504] - tty: Move sysctl setup into "core" tty logic (Kees Cook) [Orabug: 38255504] - tty: reformat kernel-doc in tty_io.c (Jiri Slaby) [Orabug: 38255504] - tty: reformat kernel-doc in tty_ldisc.c (Jiri Slaby) [Orabug: 38255504] - net/mlx5: E-Switch, Fix switching to switchdev mode in MPV (Patrisious Haddad) [Orabug: 38236297] - net/mlx5: E-Switch, Fix switching to switchdev mode with IB device disabled (Patrisious Haddad) [Orabug: 38236297] - net/mlx5: E-switch, refactor eswitch mode change (Patrisious Haddad) [Orabug: 38236297] - IB/mlx5: Support querying eswitch functions from DEVX (Bodong Wang) [Orabug: 38236297] - RDMA/mlx5: Fix HW counters query for non-representor devices (Patrisious Haddad) [Orabug: 38161800] - RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad) [Orabug: 38161800] - Revert "RDMA/mlx5: Fix CC counters query for MPV" (Qing Huang) [Orabug: 38161800] - RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad) [Orabug: 38118599] [5.15.0-312.187.2.el9uek] - EDAC: Octeon: Fix compile error by replacing sdei_init() with acpi_sdei_init() (Vijayendra Suman) [Orabug: 38294908] - LTS version: v5.15.187 (Vijayendra Suman) - usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38309912] {CVE-2025-38404} - platform/x86: think-lmi: Create ksets consecutively (Kurt Borja) - Logitech C-270 even more broken (Oliver Neukum) - i2c/designware: Fix an initialization issue (Michael J. Ruhl) [Orabug: 38253850] {CVE-2025-38380} - usb: cdnsp: do not disable slot for disabled slot (Peter Chen) - xhci: dbc: Flush queued requests before stopping dbc (Mathias Nyman) - xhci: dbctty: disable ECHO flag by default (?ukasz Bartosik) - platform/x86: dell-wmi-sysman: Fix class device unregistration (Kurt Borja) - platform/x86: think-lmi: Fix class device unregistration (Kurt Borja) - dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai) - net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats (Ioana Ciornei) - dpaa2-eth: Update SINGLE_STEP register access (Radu Bulie) - dpaa2-eth: Update dpni_get_single_step_cfg command (Radu Bulie) - ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier) - NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust) - drm/v3d: Disable interrupts before resetting the GPU (Ma?ra Canal) [Orabug: 38253820] {CVE-2025-38371} - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253906] {CVE-2025-38395} - regulator: gpio: Add input_supply support in gpio_regulator_config (Jerome Neanne) - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (Avri Altman) - rcu: Return early if callback is not specified (Uladzislau Rezki) - mtd: spinand: fix memory leak of ECC engine conf (Pablo Martin-Gomez) [Orabug: 38253863] {CVE-2025-38384} - ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253874] {CVE-2025-38386} - wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253945] {CVE-2025-38406} - wifi: mac80211: drop invalid source address OCB frames (Johannes Berg) - scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (Maurizio Lombardi) [Orabug: 38253914] {CVE-2025-38399} - powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan) - ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg) - ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai) - ALSA: sb: Don't allow changing the DMA mode during operations (Takashi Iwai) - drm/msm: Fix a fence leak in submit error path (Rob Clark) [Orabug: 38253967] {CVE-2025-38410} - nui: Fix dma_mapping_error() check (Thomas Fourier) - rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju) [Orabug: 38253841] {CVE-2025-38377} - enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari) - amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju) - lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter) - igc: disable L1.2 PCI-E link substate to avoid performance issue (Vitaly Lifshits) - drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253886] {CVE-2025-38389} - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (Kurt Borja) [Orabug: 38253976] {CVE-2025-38412} - drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter) - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark) - drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski) - btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana) - scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche) - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier) - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (Thomas Fourier) - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (Benjamin Coddington) [Orabug: 38253900] {CVE-2025-38393} - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253922] {CVE-2025-38400} - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253880] {CVE-2025-38387} - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson) - mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky) - mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu) [Orabug: 38253927] {CVE-2025-38401} - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu) - usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253893] {CVE-2025-38391} - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih) - vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253936] {CVE-2025-38403} - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (Mateusz Jo?czyk) - ARM: 9354/1: ptrace: Use bitfield helpers (Geert Uytterhoeven) - btrfs: don't drop extent_map for free space inode on write error (Josef Bacik) [Orabug: 36530624] {CVE-2024-26726} - arm64: Restrict pagetable teardown to avoid false warning (Dev Jain) - s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS (Nathan Chancellor) - s390/entry: Fix last breaking event handling in case of stack corruption (Heiko Carstens) - media: uvcvideo: Rollback non processed entities on error (Ricardo Ribalda) - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (Dexuan Cui) - drm/amd/display: Add null pointer check for get_first_active_display() (Xu Wang) [Orabug: 38253794] {CVE-2025-38362} - drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready (Aradhya Bhatia) - drm/bridge: cdns-dsi: Check return value when getting default PHY config (Aradhya Bhatia) - drm/bridge: cdns-dsi: Fix connecting to next bridge (Aradhya Bhatia) - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (Aradhya Bhatia) - drm/amdkfd: Fix race in GWS queue scheduling (Jay Cornwall) - drm/udl: Unregister device before cleaning up on disconnect (Thomas Zimmermann) - drm/tegra: Fix a possible null pointer dereference (Qiu-Ji Chen) [Orabug: 38253800] {CVE-2025-38363} - drm/tegra: Assign plane type before registration (Thierry Reding) - HID: wacom: fix kobject reference count leak (Qasim Ijaz) - HID: wacom: fix memory leak on sysfs attribute creation failure (Qasim Ijaz) - HID: wacom: fix memory leak on kobject creation failure (Qasim Ijaz) - btrfs: update superblock's device bytes_used when dropping chunk (Mark Harmstone) - dm-raid: fix variable in journal device check (Heinz Mauelshagen) - Bluetooth: L2CAP: Fix L2CAP MTU negotiation (Fr?d?ric Danis) - dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive (Yao Zi) - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (Nathan Chancellor) - net: selftests: fix TCP packet checksum (Jakub Kicinski) - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug: 38175043] {CVE-2025-38245} - net: enetc: Correct endianness handling in _enetc_rd_reg64 (Simon Horman) - um: ubd: Add missing error check in start_io_thread() (Tiwei Bie) - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors (Stefano Garzarella) - af_unix: Don't set -ECONNRESET for consumed OOB skb. (Kuniyuki Iwashima) - wifi: mac80211: fix beacon interval calculation overflow (Lachlan Hodges) - libbpf: Fix null pointer dereference in btf_dump__free on allocation failure (Yuan Chen) - attach_recursive_mnt(): do not lock the covering tree when sliding something under it (Al Viro) - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug: 38175063] {CVE-2025-38249} - atm: clip: prevent NULL deref in clip_push() (Eric Dumazet) [Orabug: 38175077] {CVE-2025-38251} - s390/pkey: Prevent overflow in size calculation for memdup_user() (Fedor Pchelkin) [Orabug: 38175091] {CVE-2025-38257} - i2c: robotfuzz-osif: disable zero-length read messages (Wolfram Sang) - i2c: tiny-usb: disable zero-length read messages (Wolfram Sang) - platform/x86: ideapad-laptop: use usleep_range() for EC polling (Rongrong) - dummycon: Trigger redraw when switching consoles with deferred takeover (Thomas Zimmermann) - tty: vt: make consw::con_switch() return a bool (Jiri Slaby) - tty: vt: sanitize arguments of consw::con_clear() (Jiri Slaby) - tty: vt: make init parameter of consw::con_init() a bool (Jiri Slaby) - vgacon: remove unneeded forward declarations (Jiri Slaby) - vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen() (Jiri Slaby) - tty/vt: consolemap: rename and document struct uni_pagedir (Jiri Slaby) - fbcon: delete a few unneeded forward decl (Daniel Vetter) - uio_hv_generic: Align ring size to system page (Long Li) - uio_hv_generic: Query the ringbuffer size for device (Saurabh Singh Sengar) - Drivers: hv: vmbus: Add utility function for querying ring size (Saurabh Singh Sengar) - Drivers: hv: Rename 'alloced' to 'allocated' (Vitaly Kuznetsov) - f2fs: don't over-report free space or inodes in statvfs (Chao Yu) - media: imx-jpeg: Drop the first error frames (Ming Qian) - clk: ti: am43xx: Add clkctrl data for am43xx ADC1 (Miquel Raynal) - media: omap3isp: use sgtable-based scatterlist wrappers (Marek Szyprowski) - media: davinci: vpif: Fix memory leak in probe error path (Dmitry Nikiforov) - jfs: validate AG parameters in dbMount() to prevent crashes (Vasiliy Kovalev) [Orabug: 38158700] {CVE-2025-38230} - fs/jfs: consolidate sanity checking in dbMount (Dave Kleikamp) - ovl: Check for NULL d_inode() in ovl_dentry_upper() (Kees Cook) - ceph: fix possible integer overflow in ceph_zero_objects() (Dmitry Kandybka) - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (Mario Limonciello) - ALSA: hda: Add new pci id for AMD GPU display HD audio controller (Vijendar Mukunda) - ALSA: hda: Ignore unsol events for cards being shut down (Cezary Rojewski) - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (Jos Wang) - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (Robert Hodaszi) - usb: Add checks for snprintf() calls in usb_alloc_dev() (Andy Shevchenko) - usb: common: usb-conn-gpio: use a unique name for usb connector device (Chance Yang) - tty: serial: uartlite: register uart driver in init (Jakub Lewalski) [Orabug: 38175113] {CVE-2025-38262} - usb: potential integer overflow in usbg_make_tpg() (Chen Yufeng) - usb: dwc2: also exit clock_gating when stopping udc while suspended (Michael Grzeschik) - coresight: Only check bottom two claim bits (James Clark) - um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h (Sami Tolvanen) - iio: pressure: zpa2326: Use aligned_s64 for the timestamp (Jonathan Cameron) - bcache: fix NULL pointer in cache_set_flush() (Linggang Zeng) [Orabug: 38175119] {CVE-2025-38263} - md/md-bitmap: fix dm-raid max_write_behind setting (Yu Kuai) - dmaengine: xilinx_dma: Set dma_device directions (Thomas Gessler) - ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension (Namjae Jeon) - hwmon: (pmbus/max34440) Fix support for max34451 (Alexis Czezar Torreno) - leds: multicolor: Fix intensity setting while SW blinking (Sven Schwermer) - mfd: max14577: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski) - mailbox: Not protect module_put with spin_lock_irqsave (Peng Fan) - NFSv4.2: fix listxattr to return selinux security label (Olga Kornievskaia) - NFSv4: Always set NLINK even if the server doesn't support it (Han Young) - cifs: Fix cifs_query_path_info() for Windows NT servers (Pali Roh?r) - LTS version: v5.15.186 (Vijayendra Suman) - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (Kees Cook) - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (Vitaliy Shevtsov) - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() (Tengda Wu) [Orabug: 38180595] {CVE-2025-38320} - perf: Fix sample vs do_exit() (Peter Zijlstra) [Orabug: 38254029] {CVE-2025-38424} - s390/pci: Fix __pcilg_mio_inuser() inline assembly (Heiko Carstens) - bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE (Paul Chaignon) - net: Fix checksum update for ILA adj-transport (Paul Chaignon) - ext4: avoid remount errors with 'abort' mount option (Jan Kara) - ext4: make 'abort' mount option handling standard (Jan Kara) - mm/huge_memory: fix dereferencing invalid pmd migration entry (Gavin Guo) [Orabug: 37976983] {CVE-2025-37958} - net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158476] {CVE-2025-38193} - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (James Morse) - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (James Morse) [Orabug: 37977005] {CVE-2025-37963} - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (James Morse) [Orabug: 37976929] {CVE-2025-37948} - arm64: spectre: increase parameters that can be used to turn off bhb mitigation individually (Liu Song) - arm64: proton-pack: Expose whether the branchy loop k value (James Morse) - arm64: proton-pack: Expose whether the platform is mitigated by firmware (James Morse) - arm64: insn: Add support for encoding DSB (James Morse) - arm64: insn: add encoders for atomic operations (Hou Tao) - arm64: move AARCH64_BREAK_FAULT into insn-def.h (Hou Tao) - serial: sh-sci: Increment the runtime usage counter for the earlycon device (Claudiu Beznea) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms (Geert Uytterhoeven) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert time (Colin Foster) - ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board (Shengyu Qu) - net: atm: fix /proc/net/atm/lec handling (Eric Dumazet) [Orabug: 38158405] {CVE-2025-38180} - net: atm: add lec_mutex (Eric Dumazet) [Orabug: 38180611] {CVE-2025-38323} - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (Kuniyuki Iwashima) [Orabug: 38158412] {CVE-2025-38181} - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (Haixia Qu) [Orabug: 38158424] {CVE-2025-38184} - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Neal Cardwell) - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). (Kuniyuki Iwashima) [Orabug: 38158433] {CVE-2025-38185} - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). (Kuniyuki Iwashima) [Orabug: 38180617] {CVE-2025-38324} - wifi: carl9170: do not ping device which has failed to load firmware (Dmitry Antipov) [Orabug: 38254010] {CVE-2025-38420} - ptp: fix breakage after ptp_vclock_in_use() rework (Vladimir Oltean) - net: ice: Perform accurate aRFS flow match (Krishna Kumar) - aoe: clean device rq_list in aoedev_downdev() (Justin Sanders) [Orabug: 38180627] {CVE-2025-38326} - pldmfw: Select CRC32 when PLDMFW is selected (Simon Horman) - hwmon: (occ) fix unaligned accesses (Arnd Bergmann) - hwmon: (occ) Rework attribute registration for stack usage (Arnd Bergmann) - hwmon: (occ) Add soft minimum power cap attribute (Eddie James) - drm/nouveau/bl: increase buffer size to avoid truncate warning (Jacob Keller) - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (Krzysztof Kozlowski) - erofs: remove unused trace event erofs_destroy_inode (Gao Xiang) - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (Jann Horn) [Orabug: 38132180] {CVE-2025-38085} - mm: hugetlb: independent PMD page table shared count (Liu Shixin) [Orabug: 37484959] {CVE-2024-57883} - mm/hugetlb: unshare page tables during VMA split, not before (Jann Horn) [Orabug: 38132171] {CVE-2025-38084} - iio: accel: fxls8962af: Fix temperature calculation (Sean Nyekjaer) - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (Jonathan Lane) - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (Takashi Iwai) - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (Wangdicheng) - Input: sparcspkr - avoid unannotated fall-through (Yuli Wang) - block: default BLOCK_LEGACY_AUTOLOAD to y (Christoph Hellwig) - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (Terry Junge) [Orabug: 38152876] {CVE-2025-38103} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. (Kuniyuki Iwashima) [Orabug: 38158457] {CVE-2025-38190} - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (Stephen Smalley) - selftests/x86: Add a test to detect infinite SIGTRAP handler loop (Xin Li) - udmabuf: use sgtable-based scatterlist wrappers (Marek Szyprowski) - scsi: s390: zfcp: Ensure synchronous unit_add (Peter Oberparleiter) - scsi: storvsc: Increase the timeouts to storvsc_timeout (Dexuan Cui) - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (Fedor Pchelkin) [Orabug: 38180635] {CVE-2025-38328} - jffs2: check that raw node were preallocated before writing summary (Artem Sadovnikov) [Orabug: 38158483] {CVE-2025-38194} - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (Andrew Morton) [Orabug: 38137453] {CVE-2025-38090} - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (Narayana Murty N) - platform/x86: dell_rbu: Stop overwriting data buffer (Stuart Hayes) - platform/x86: dell_rbu: Fix list usage (Stuart Hayes) [Orabug: 38158494] {CVE-2025-38197} - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" (Alexander Sverdlin) - tee: Prevent size calculation wraparound on 32-bit kernels (Jann Horn) - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY (Sukrut Bellary) - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (Laurentiu Tudor) - watchdog: da9052_wdt: respect TWDMIN (Marcus Folkesson) - octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() (Xu Wang) - bpf, sockmap: Fix data lost during EAGAIN retries (Jiayuan Chen) - i40e: fix MMIO write access to an invalid page in i40e_clear_hw (Kyungwook Boo) [Orabug: 38158517] {CVE-2025-38200} - sock: Correct error checking condition for (assign|release)_proto_idx() (Zijun Hu) - scsi: lpfc: Use memcpy() for BIOS version (Daniel Wagner) [Orabug: 38180667] {CVE-2025-38332} - pinctrl: mcp23s08: Reset all pins to input at probe (Mike Looijmans) - software node: Correct a OOB check in software_node_get_reference_args() (Zijun Hu) [Orabug: 38180730] {CVE-2025-38342} - vxlan: Do not treat dst cache initialization errors as fatal (Ido Schimmel) - net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions (Yong Wang) - iommu/amd: Ensure GA log notifier callbacks finish running before module unload (Sean Christopherson) - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (Justin Tee) - libbpf: Add identical pointer detection to btf_dedup_is_equiv() (Alan Maguire) - clk: rockchip: rk3036: mark ddrphy as critical (Heiko Stuebner) - wifi: mac80211: do not offer a mesh path if forwarding is disabled (Benjamin Berg) - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info (Jason Xing) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (Gabor Juhos) - net: atlantic: generate software timestamp just before the doorbell (Jason Xing) - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT (Sebastian Andrzej Siewior) - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows (Eric Dumazet) - tcp: always seek for minimal rtt in tcp_rcv_rtt_update() (Eric Dumazet) - net: dlink: add synchronization for stats update (Moon Yeounsu) - i2c: npcm: Add clock toggle recovery (Tali Perry) - cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs (Mike Tipton) - sctp: Do not wake readers in __sctp_write_space() (Petr Malat) - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (Henk Vergonet) - emulex/benet: correct command version selection in be_cmd_get_stats() (Alok Tiwari) - i2c: designware: Invoke runtime suspend on quick slave re-registration (Tan En De) - tipc: use kfree_sensitive() for aead cleanup (Zilin Guan) - net: macb: Check return value of dma_set_mask_and_coherent() (Sergio Perez Gonzalez) - cpufreq: Force sync policy boost with global boost on sysfs update (Viresh Kumar) - thermal/drivers/qcom/tsens: Update conditions to strictly evaluate for IP v2+ (George Moussalem) - pmdomain: ti: Fix STANDBY handling of PER power domain (Sukrut Bellary) - nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults (Simon Schuster) - media: i2c: imx334: update mode_3840x2160_regs array (Shravan Chippa) - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() (Xu Wang) [Orabug: 38175013] {CVE-2025-38237} - media: tc358743: ignore video while HPD is low (Hans Verkuil) - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB (Amber Lin) - drm/msm/dpu: don't select single flush for active CTL blocks (Dmitry Baryshkov) - jfs: Fix null-ptr-deref in jfs_ioc_trim (Dylan Wolff) [Orabug: 38158545] {CVE-2025-38203} - drm/amdgpu/gfx9: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx8: fix CSIB handling (Alex Deucher) - ext4: prevent stale extent cache entries caused by concurrent get es_cache (Zhang Yi) - sunrpc: fix race in cache cleanup causing stale nextcheck time (Long Li) - media: rkvdec: Initialize the m2m context before the controls (Nicolas Dufresne) - media: ti: cal: Fix wrong goto on error path (Tomi Valkeinen) - jfs: fix array-index-out-of-bounds read in add_missing_indices (Aditya Dutt) [Orabug: 38158552] {CVE-2025-38204} - ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in ext4_ext_remove_space() (Zhang Yi) - drm/amdgpu/gfx7: fix CSIB handling (Alex Deucher) - media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition (Nas Chung) - media: ccs-pll: Better validate VT PLL branch (Sakari Ailus) - drm/amdgpu/gfx10: fix CSIB handling (Alex Deucher) - media: i2c: imx334: Fix runtime PM handling in remove function (Tarang Raval) - drm/msm/a6xx: Increase HFI response timeout (Akhil P Oommen) - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() (Srinivasan Shanmugam) - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition (Nas Chung) - drm/msm/hdmi: add runtime PM calls to DDC transfer function (Dmitry Baryshkov) - media: i2c: imx334: Enable runtime PM before sub-device registration (Tarang Raval) - drm/bridge: anx7625: change the gpiod_set_value API (Ayushi Makhija) - exfat: fix double free in delayed_free (Namjae Jeon) [Orabug: 38158566] {CVE-2025-38206} - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() (Damon Ding) - sunrpc: update nextcheck time when adding new cache entries (Long Li) - drm/amdgpu/gfx6: fix CSIB handling (Alex Deucher) - ACPI: battery: negate current when discharging (Peter Marheine) - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (Charan Teja Kalla) - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (Yuanjun Gong) - ACPICA: utilities: Fix overflow check in vsnprintf() (Philip Redkin) - power: supply: bq27xxx: Retrieve again when busy (Jerry Lv) - ACPICA: fix acpi parse and parseext cache leaks (Seunghun Han) [Orabug: 38180747] {CVE-2025-38344} - ACPI: bus: Bail out if acpi_kobj registration fails (Armin Wolf) - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (Hector Martin) - ACPICA: Avoid sequence overread in call to strncmp() (Ahmed Salem) - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (Guilherme G. Piccoli) - ACPICA: fix acpi operand cache leak in dswstate.c (Seunghun Han) [Orabug: 38180755] {CVE-2025-38345} - iio: adc: ad7606_spi: fix reg write value mask (David Lechner) - iio: imu: inv_icm42600: Fix temperature calculation (Sean Nyekjaer) - iio: accel: fxls8962af: Fix temperature scan element sign (Sean Nyekjaer) - PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() (Diederik de Haas) - PCI: Fix lock symmetry in pci_slot_unlock() (Ilpo J?rvinen) - PCI: Add ACS quirk for Loongson PCIe (Huacai Chen) - PCI: cadence-ep: Correct PBA offset in .set_msix() callback (Niklas Cassel) - uio_hv_generic: Use correct size for interrupt and monitor pages (Long Li) - remoteproc: core: Release rproc->clean_table after rproc_attach() fails (Xiaolei Wang) [Orabug: 38254002] {CVE-2025-38418} - remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (Xiaolei Wang) [Orabug: 38254006] {CVE-2025-38419} - regulator: max14577: Add error check for max14577_read_reg() (Xu Wang) - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS (Khem Raj) - staging: iio: ad5933: Correct settling cycles encoding per datasheet (Gabriel) - net: ch9200: fix uninitialised access during mii_nway_restart (Qasim Ijaz) [Orabug: 38132188] {CVE-2025-38086} - ftrace: Fix UAF when lookup kallsym after ftrace disabled (Ye Bin) [Orabug: 38180767] {CVE-2025-38346} - dm-mirror: fix a tiny race condition (Mikulas Patocka) - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (Xu Wang) - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (Xu Wang) - mm: fix ratelimit_pages update error in dirty_ratio_handler() (Jinliang Zheng) - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug: 38158591] {CVE-2025-38211} - ipc: fix to protect IPCS lookups using RCU (Jeongjun Park) [Orabug: 38158597] {CVE-2025-38212} - clk: meson-g12a: add missing fclk_div2 to spicc (Da Xue) - parisc: fix building with gcc-15 (Arnd Bergmann) - vgacon: Add check for vc_origin address range in vgacon_scroll() (Gong, Ruiqi) - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (Murad Masimov) [Orabug: 38158614] {CVE-2025-38214} - EDAC/altera: Use correct write width with the INTTEST register (Niravkumar L Rabara) - NFC: nci: uart: Set tty->disc_data only in success path (Krzysztof Kozlowski) [Orabug: 38253991] {CVE-2025-38416} - f2fs: fix to do sanity check on sit_bitmap_size (Chao Yu) [Orabug: 38158639] {CVE-2025-38218} - f2fs: prevent kernel warning due to negative i_nlink from corrupted image (Jaegeuk Kim) [Orabug: 38158647] {CVE-2025-38219} - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (Dan Carpenter) [Orabug: 38254053] {CVE-2025-38428} - ext4: ensure i_size is smaller than maxbytes (Zhang Yi) - ext4: factor out ext4_get_maxbytes() (Zhang Yi) - ext4: fix calculation of credits for extent tree modification (Jan Kara) - ext4: inline: fix len overflow in ext4_prepare_inline_data (Thadeu Lima de Souza Cascardo) [Orabug: 38158661] {CVE-2025-38222} - bus: fsl-mc: fix GET/SET_TAILDROP command ids (Wan Junjie) - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (Ioana Ciornei) - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tasos Sahanidis) [Orabug: 38180696] {CVE-2025-38336} - can: tcan4x5x: fix power regulator retrieval during probe (Brett Werling) - bus: mhi: host: Fix conflict between power_up and SYSERR (Jeffrey Hugo) - ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 (Andreas Kemnade) - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() (Ross Stutterheim) - media: uvcvideo: Fix deferred probing error (Ricardo Ribalda) - media: uvcvideo: Send control events for partial succeeds (Ricardo Ribalda) - media: uvcvideo: Return the number of processed controls (Ricardo Ribalda) - media: vivid: Change the siize of the composing (Denis Arefev) [Orabug: 38158680] {CVE-2025-38226} - media: vidtv: Terminating the subsequent process of initialization failure (Edward Adam Davis) [Orabug: 38158685] {CVE-2025-38227} - media: videobuf2: use sgtable-based scatterlist wrappers (Marek Szyprowski) - media: venus: Fix probe error handling (Loic Poulain) - media: v4l2-dev: fix error handling in __video_register_device() (Ma Ke) - media: gspca: Add error handling for stv06xx_read_sensor() (Xu Wang) - media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158691] {CVE-2025-38229} - media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case (Sakari Ailus) - media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div (Sakari Ailus) - media: ccs-pll: Start OP pre-PLL multiplier search from correct value (Sakari Ailus) - media: ccs-pll: Start VT pre-PLL multiplier search from correct value (Sakari Ailus) - media: ov8856: suppress probe deferral errors (Johan Hovold) - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (Mingcong Bai) - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (Jeongjun Park) [Orabug: 38180706] {CVE-2025-38337} - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (Li Lingfeng) [Orabug: 38158706] {CVE-2025-38231} - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (Neil Brown) [Orabug: 38254061] {CVE-2025-38430} - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (Christian Lamparter) [Orabug: 38180782] {CVE-2025-38348} - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (Xu Wang) - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (Xu Wang) - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (Gautam Menghani) - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (Martin Blumenstingl) - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (Xu Wang) - gfs2: move msleep to sleepable context (Alexander Aring) - crypto: marvell/cesa - Do not chain submitted requests (Herbert Xu) - configfs: Do not override creating attribute file failure in populate_attrs() (Zijun Hu) - xfs: allow inode inactivation during a ro mount log recovery (Darrick J. Wong) - kbuild: hdrcheck: fix cross build with clang (Arnd Bergmann) - kbuild: userprogs: fix bitsize and target detection on clang (Thomas Wei?schuh) - drm/meson: Use 1000ULL when operating with mode->clock (I Hsin Cheng) - net: usb: aqc111: debug info before sanitation (Oliver Neukum) - calipso: unlock rcu before returning -EAFNOSUPPORT (Eric Dumazet) - x86/iopl: Cure TIF_IO_BITMAP inconsistencies (Thomas Gleixner) [Orabug: 38152863] {CVE-2025-38100} - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (Stefano Stabellini) - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() (Amit Sunil Dhamne) - usb: Flush altsetting 0 endpoints before reinitializating them after reset. (Mathias Nyman) - usb: cdnsp: Fix issue with detecting USB 3.2 speed (Pawel Laszczak) - usb: cdnsp: Fix issue with detecting command completion event (Pawel Laszczak) - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152868] {CVE-2025-38102} - drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang (Nathan Chancellor) - kbuild: Add KBUILD_CPPFLAGS to as-option invocation (Nathan Chancellor) - kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS (Masahiro Yamada) - kbuild: Add CLANG_FLAGS to as-instr (Nathan Chancellor) - mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation (Nathan Chancellor) - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang (Nathan Chancellor) - kbuild: Update assembler calls to use proper flags and language target (Nick Desaulniers) - MIPS: Prefer cc-option for additions to cflags (Nathan Chancellor) - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option (Nathan Chancellor) - x86/boot/compressed: prefer cc-option for CFLAGS additions (Nick Desaulniers) - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [Orabug: 38223086] {CVE-2025-38352} - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (David Heimann) - perf: Ensure bpf_perf_link path is properly serialized (Peter Zijlstra) - nvmet-fcloop: access fcpreq only when holding reqlock (Daniel Wagner) - fs/filesystems: Fix potential unsigned integer underflow in fs_name() (Zijun Hu) - net_sched: ets: fix a race in ets_qdisc_change() (Eric Dumazet) [Orabug: 38152893] {CVE-2025-38107} - sch_ets: make est_qlen_notify() idempotent (Cong Wang) - net_sched: tbf: fix a race in tbf_change() (Eric Dumazet) - net_sched: red: fix a race in __red_change() (Eric Dumazet) [Orabug: 38152898] {CVE-2025-38108} - net_sched: prio: fix a race in prio_tune() (Eric Dumazet) [Orabug: 38105333] {CVE-2025-38083} - net/mlx5: Fix return value when searching for existing flow group (Patrisious Haddad) - net/mlx5: Ensure fw pages are always allocated on same NUMA (Moshe Shemesh) - net/mdiobus: Fix potential out-of-bounds read/write access (Jakub Raczynski) [Orabug: 38152911] {CVE-2025-38111} - net: mdio: C22 is now optional, EOPNOTSUPP if not provided (Andrew Lunn) - macsec: MACsec SCI assignment for ES = 0 (Carlos Fernandez) - net: Fix TOCTOU issue in sk_is_readable() (Michal Luczaj) [Orabug: 38152915] {CVE-2025-38112} - i40e: retry VFLR handling if there is ongoing VF reset (Robert Malz) - i40e: return false from i40e_reset_vf if reset is in progress (Robert Malz) - drm/meson: fix more rounding issues with 59.94Hz modes (Martin Blumenstingl) - drm/meson: use vclk_freq instead of pixel_freq in debug print (Martin Blumenstingl) - drm/meson: fix debug log statement when setting the HDMI clocks (Martin Blumenstingl) - drm/meson: use unsigned long long / Hz for frequency types (Martin Blumenstingl) - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (Haren Myneni) - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (Ritesh Harjani) [Orabug: 38137444] {CVE-2025-38088} - net_sched: sch_sfq: fix a potential crash on gso_skb handling (Eric Dumazet) [Orabug: 38152922] {CVE-2025-38115} - scsi: iscsi: Fix incorrect error path labels for flashnode operations (Alok Tiwari) - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (Caleb Connolly) - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (Jeongjun Park) [Orabug: 38180545] {CVE-2025-38305} - scsi: core: ufs: Fix a hang in the error handler (Sanjeev Yadav) [Orabug: 38152945] {CVE-2025-38119} - serial: sh-sci: Clean sci_ports[0] after at earlycon exit (Claudiu Beznea) - serial: sh-sci: Move runtime PM enable to sci_probe_single() (Claudiu Beznea) - serial: sh-sci: Check if TX data was written to device in .tx_empty() (Claudiu Beznea) - arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 (Judith Mendez) - arm64: dts: ti: k3-am65-main: Fix sdhci node properties (Judith Mendez) - arm64: dts: ti: k3-am65-main: Drop deprecated ti,otap-del-sel property (Nishanth Menon) - Input: synaptics-rmi - fix crash with unsupported versions of F34 (Dmitry Torokhov) - Input: synaptics-rmi4 - convert to use sysfs_emit() APIs (Zhang Songyi) - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() (Dan Carpenter) - do_change_type(): refuse to operate on unmounted/not ours mounts (Al Viro) [Orabug: 38256449] {CVE-2025-38498} - fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) (Al Viro) - seg6: Fix validation of nexthop addresses (Ido Schimmel) [Orabug: 38180555] {CVE-2025-38310} - wireguard: device: enable threaded NAPI (Mirco Barone) - netfilter: nf_set_pipapo_avx2: fix initial map fill (Florian Westphal) [Orabug: 38152957] {CVE-2025-38120} - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (Alok Tiwari) [Orabug: 38152965] {CVE-2025-38122} - vmxnet3: correctly report gso type for UDP tunnels (Ronak Doshi) - net: dsa: tag_brcm: legacy: fix pskb_may_pull length (?lvaro Fern?ndez Rojas) - ice: create new Tx scheduler nodes for new queues only (Michal Kubiak) - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (Luiz Augusto von Dentz) - spi: bcm63xx-hsspi: fix shared reset (?lvaro Fern?ndez Rojas) - spi: bcm63xx-spi: fix shared reset (?lvaro Fern?ndez Rojas) - net/mlx4_en: Prevent potential integer overflow calculating Hz (Dan Carpenter) - driver: net: ethernet: mtk_star_emac: fix suspend/resume issue (Yanqing Wang) - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (Alok Tiwari) - net: stmmac: platform: guarantee uniqueness of bus_id (Quentin Schulz) - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (Nicolas Pitre) - MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a (Yuli Wang) - iio: adc: ad7124: Fix 3dB filter frequency reading (Uwe Kleine-K?nig) - serial: Fix potential null-ptr-deref in mlb_usio_probe() (Henry Martin) [Orabug: 38153011] {CVE-2025-38135} - usb: renesas_usbhs: Reorder clock handling and power management in probe (Lad Prabhakar) [Orabug: 38153016] {CVE-2025-38136} - PCI/DPC: Initialize aer_err_info before using it (Bjorn Helgaas) - dmaengine: ti: Add NULL check in udma_probe() (Henry Martin) [Orabug: 38153029] {CVE-2025-38138} - PCI: cadence: Fix runtime atomic count underflow (Hans Zhang) - rtc: sh: assign correct interrupts with DT (Wolfram Sang) - perf record: Fix incorrect --user-regs comments (Dapeng Mi) - perf tests switch-tracking: Fix timestamp comparison (Leo Yan) - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (Alexey Gladkov) - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (Christophe Jaillet) - rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() (Dan Carpenter) - remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe (Dan Carpenter) - perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 (Adrian Hunter) - backlight: pm8941: Add NULL check in wled_configure() (Henry Martin) [Orabug: 38153050] {CVE-2025-38143} - perf ui browser hists: Set actions->thread before calling do_zoom_thread() (Arnaldo Carvalho de Melo) - perf build: Warn when libdebuginfod devel files are not available (Arnaldo Carvalho de Melo) - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180565] {CVE-2025-38312} - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153059] {CVE-2025-38145} - soc: aspeed: lpc: Fix impossible judgment condition (Su Hui) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (Quentin Schulz) - ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device (Dmitry Baryshkov) - bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180572] {CVE-2025-38313} - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (Ryusuke Konishi) - nilfs2: add pointer check for nilfs_direct_propagate() (Xu Wang) - ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery (Murad Masimov) - Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253984] {CVE-2025-38415} - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (Adam Ford) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (Adam Ford) - ARM: dts: at91: at91sam9263: fix NAND chip selects (Wolfram Sang) - ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select (Wolfram Sang) - f2fs: fix to correct check conditions in f2fs_cross_rename (Zhiguo Niu) - f2fs: use d_inode(dentry) cleanup dentry->d_inode (Zhiguo Niu) - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames (Horatiu Vultur) - net: openvswitch: Fix the dead loop of MPLS parse (Faicker Mo) [Orabug: 38153064] {CVE-2025-38146} - calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153069] {CVE-2025-38147} - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy (Thangaraj Samynathan) - bpf: Avoid __bpf_prog_ret0_warn when jit fails (Kafai Wan) [Orabug: 38180470] {CVE-2025-38280} - net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153088] {CVE-2025-38153} - netfilter: nft_tunnel: fix geneve_opt dump (Fernando Fernandez Mancera) - bpf, sockmap: Avoid using sk_socket after free when sending (Jiayuan Chen) [Orabug: 38153094] {CVE-2025-38154} - vfio/type1: Fix error unwind in migration dirty bitmap allocation (Li Rongqing) - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (Florian Westphal) - wifi: ath9k_htc: Abort software beacon handling if disabled (Toke H?iland-J?rgensen) [Orabug: 38153109] {CVE-2025-38157} - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (Alexey Kodanev) [Orabug: 38153121] {CVE-2025-38159} - s390/bpf: Store backchain even for leaf progs (Ilya Leoshkevich) - clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz (Vincent Knecht) - bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180488] {CVE-2025-38285} - pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180494] {CVE-2025-38286} - libbpf: Use proper errno value in nlattr (Anton Protopopov) - ktls, sockmap: Fix missing uncharge operation (Jiayuan Chen) - clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (Henry Martin) [Orabug: 38153131] {CVE-2025-38160} - clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs (Luca Weiss) - bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (Anton Protopopov) - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (Patrisious Haddad) [Orabug: 38153138] {CVE-2025-38161} - netfilter: nft_quota: match correctly when the quota just depleted (Zhongqiu Duan) - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (Huajian Yang) - libbpf: Use proper errno value in linker (Anton Protopopov) - f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() (Chao Yu) - f2fs: clean up w/ fscrypt_is_bounce_page() (Chao Yu) - iommu: Protect against overflow in iommu_pgsize() (Jason Gunthorpe) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (Junxian Huang) - wifi: rtw88: do not ignore hardware read error during DPK (Dmitry Antipov) - libbpf: Fix buffer overflow in bpf_object__init_prog (Viktor Malik) - net: ncsi: Fix GCPS 64-bit member variables (Hari Kalavakunta) - f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153149] {CVE-2025-38163} - bpf, sockmap: fix duplicated data transmission (Jiayuan Chen) - IB/cm: use rwlock for MAD agent lock (Jacob Moroni) - wifi: ath11k: fix node corruption in ar->arvifs list (Stone Zhang) [Orabug: 38180515] {CVE-2025-38293} - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (Huang Yiwei) - drm/tegra: rgb: Fix the unbound reference count (Biju Das) - drm/vkms: Adjust vkms_state->active_planes allocation type (Kees Cook) - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (Biju Das) - selftests/seccomp: fix syscall_restart test for arm compat (Neill Kapron) - firmware: psci: Fix refcount leak in psci_dt_init (Miaoqian Lin) - m68k: mac: Fix macintosh_config for Mac II (Finn Thain) - fs/ntfs3: handle hdr_first_de() return value (Andrey Vatoropin) [Orabug: 38153172] {CVE-2025-38167} - media: rkvdec: Fix frame size enumeration (Jonas Karlman) - drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (Charles Han) [Orabug: 38180589] {CVE-2025-38319} - spi: sh-msiof: Fix maximum DMA transfer size (Geert Uytterhoeven) - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" (Armin Wolf) - x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (Jiaqing Zhao) - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (Zijun Hu) - power: reset: at91-reset: Optimize at91_reset() (Alexander Shiyan) - EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180524] {CVE-2025-38298} - crypto: sun8i-ce - move fallback ahash_request to the end of the struct (Ovidiu Panait) - crypto: xts - Only add ecb if it is not already there (Herbert Xu) - crypto: lrw - Only add ecb if it is not already there (Herbert Xu) - crypto: marvell/cesa - Avoid empty transfer descriptor (Herbert Xu) - crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153188] {CVE-2025-38173} - x86/cpu: Sanitize CPUID(0x80000000) output (Ahmed S. Darwish) - crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions (Corentin Labbe) - perf/core: Fix broken throttling when max_samples_per_tick=1 (Qing Wang) - gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher) - thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158383] {CVE-2025-38174} - usb: usbtmc: Fix timeout value in get_stb (Dave Penkler) - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (Charles Yeh) - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (Hongyu Xie) - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (Jiayi Li) - rtc: Fix offset calculation for .start_secs < 0 (Alexandre Mergnat) - rtc: Make rtc_time64_to_tm() support dates before 1970 (Alexandre Mergnat) - pinctrl: armada-37xx: set GPIO output value before setting direction (Gabor Juhos) - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (Gabor Juhos) [5.15.0-312.185.1.el9uek] - uek-rpm: mips: Disable CONFIG_TRANSPARENT_HUGEPAGE (Dave Kleikamp) [Orabug: 38280961] - KVM: x86/MMU: Allow faulting at hugepages during dirty tracking (Joao Martins) [Orabug: 36409415] - KVM: x86/MMU: Dirty tracking without write-protection for shadow paging (Joao Martins) [Orabug: 36409415] - KVM: x86/MMU: Track rmap present pages (Joao Martins) [Orabug: 36409415] - nvme: check for valid nvme_identify_ns() before using it (Ewan D. Milne) [Orabug: 38207640] - nvme: bring back auto-removal of deleted namespaces during sequential scan (Christoph Hellwig) [Orabug: 38207640] - rds: tcp: block BH in TCP callbacks (Eric Dumazet) [Orabug: 38236843] From el-errata at oss.oracle.com Tue Sep 9 11:58:46 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:46 -0700 Subject: [El-errata] ELSA-2025-20551 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20551 http://linux.oracle.com/errata/ELSA-2025-20551.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-core-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-debug-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-debug-core-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-debug-devel-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-debug-modules-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-debug-modules-core-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-debug-modules-deprecated-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-debug-modules-desktop-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-debug-modules-usb-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-debug-modules-wireless-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-devel-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-doc-6.12.0-103.40.4.1.el9uek.noarch.rpm kernel-uek-modules-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-modules-core-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-modules-deprecated-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-modules-desktop-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-modules-extra-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-modules-extra-netfilter-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-modules-usb-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-modules-wireless-6.12.0-103.40.4.1.el9uek.x86_64.rpm kernel-uek-tools-6.12.0-103.40.4.1.el9uek.x86_64.rpm aarch64: kernel-uek-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-core-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-debug-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-debug-core-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-debug-devel-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-debug-modules-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-debug-modules-core-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-debug-modules-deprecated-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-debug-modules-desktop-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-debug-modules-usb-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-debug-modules-wireless-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-devel-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-modules-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-modules-extra-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-modules-core-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-modules-deprecated-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-modules-desktop-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-modules-extra-netfilter-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-modules-usb-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-modules-wireless-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek-tools-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek64k-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek64k-core-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek64k-devel-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek64k-modules-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek64k-modules-core-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek64k-modules-deprecated-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek64k-modules-desktop-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek64k-modules-extra-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek64k-modules-extra-netfilter-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek64k-modules-usb-6.12.0-103.40.4.1.el9uek.aarch64.rpm kernel-uek64k-modules-wireless-6.12.0-103.40.4.1.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-6.12.0-103.40.4.1.el9uek.src.rpm Related CVEs: CVE-2024-36350 CVE-2024-36357 CVE-2024-49929 CVE-2024-57976 CVE-2024-58091 CVE-2025-21879 CVE-2025-21942 CVE-2025-22101 CVE-2025-22112 CVE-2025-22115 CVE-2025-22119 CVE-2025-22128 CVE-2025-23137 CVE-2025-23155 CVE-2025-37842 CVE-2025-37984 CVE-2025-38067 CVE-2025-38083 CVE-2025-38084 CVE-2025-38085 CVE-2025-38086 CVE-2025-38087 CVE-2025-38088 CVE-2025-38090 CVE-2025-38091 CVE-2025-38092 CVE-2025-38093 CVE-2025-38094 CVE-2025-38095 CVE-2025-38096 CVE-2025-38097 CVE-2025-38098 CVE-2025-38099 CVE-2025-38100 CVE-2025-38101 CVE-2025-38102 CVE-2025-38103 CVE-2025-38104 CVE-2025-38106 CVE-2025-38107 CVE-2025-38108 CVE-2025-38109 CVE-2025-38110 CVE-2025-38111 CVE-2025-38112 CVE-2025-38113 CVE-2025-38115 CVE-2025-38117 CVE-2025-38118 CVE-2025-38119 CVE-2025-38120 CVE-2025-38122 CVE-2025-38123 CVE-2025-38124 CVE-2025-38125 CVE-2025-38126 CVE-2025-38127 CVE-2025-38129 CVE-2025-38131 CVE-2025-38134 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38139 CVE-2025-38141 CVE-2025-38142 CVE-2025-38143 CVE-2025-38145 CVE-2025-38146 CVE-2025-38147 CVE-2025-38148 CVE-2025-38149 CVE-2025-38151 CVE-2025-38153 CVE-2025-38154 CVE-2025-38155 CVE-2025-38156 CVE-2025-38157 CVE-2025-38158 CVE-2025-38159 CVE-2025-38160 CVE-2025-38161 CVE-2025-38162 CVE-2025-38163 CVE-2025-38164 CVE-2025-38165 CVE-2025-38166 CVE-2025-38167 CVE-2025-38168 CVE-2025-38169 CVE-2025-38170 CVE-2025-38172 CVE-2025-38173 CVE-2025-38174 CVE-2025-38177 CVE-2025-38179 CVE-2025-38180 CVE-2025-38181 CVE-2025-38182 CVE-2025-38183 CVE-2025-38184 CVE-2025-38185 CVE-2025-38186 CVE-2025-38188 CVE-2025-38189 CVE-2025-38190 CVE-2025-38191 CVE-2025-38192 CVE-2025-38193 CVE-2025-38194 CVE-2025-38195 CVE-2025-38197 CVE-2025-38198 CVE-2025-38200 CVE-2025-38201 CVE-2025-38202 CVE-2025-38208 CVE-2025-38210 CVE-2025-38211 CVE-2025-38212 CVE-2025-38214 CVE-2025-38215 CVE-2025-38216 CVE-2025-38217 CVE-2025-38218 CVE-2025-38219 CVE-2025-38220 CVE-2025-38222 CVE-2025-38223 CVE-2025-38224 CVE-2025-38225 CVE-2025-38226 CVE-2025-38227 CVE-2025-38228 CVE-2025-38229 CVE-2025-38230 CVE-2025-38231 CVE-2025-38232 CVE-2025-38236 CVE-2025-38238 CVE-2025-38239 CVE-2025-38242 CVE-2025-38243 CVE-2025-38244 CVE-2025-38245 CVE-2025-38246 CVE-2025-38249 CVE-2025-38250 CVE-2025-38251 CVE-2025-38253 CVE-2025-38255 CVE-2025-38256 CVE-2025-38257 CVE-2025-38258 CVE-2025-38259 CVE-2025-38260 CVE-2025-38262 CVE-2025-38263 CVE-2025-38264 CVE-2025-38265 CVE-2025-38267 CVE-2025-38268 CVE-2025-38269 CVE-2025-38270 CVE-2025-38273 CVE-2025-38274 CVE-2025-38275 CVE-2025-38277 CVE-2025-38278 CVE-2025-38279 CVE-2025-38280 CVE-2025-38282 CVE-2025-38283 CVE-2025-38285 CVE-2025-38286 CVE-2025-38288 CVE-2025-38289 CVE-2025-38290 CVE-2025-38292 CVE-2025-38293 CVE-2025-38295 CVE-2025-38297 CVE-2025-38298 CVE-2025-38299 CVE-2025-38300 CVE-2025-38301 CVE-2025-38302 CVE-2025-38303 CVE-2025-38304 CVE-2025-38305 CVE-2025-38307 CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38315 CVE-2025-38317 CVE-2025-38318 CVE-2025-38319 CVE-2025-38320 CVE-2025-38321 CVE-2025-38323 CVE-2025-38324 CVE-2025-38325 CVE-2025-38326 CVE-2025-38328 CVE-2025-38331 CVE-2025-38332 CVE-2025-38333 CVE-2025-38334 CVE-2025-38336 CVE-2025-38337 CVE-2025-38338 CVE-2025-38341 CVE-2025-38342 CVE-2025-38343 CVE-2025-38344 CVE-2025-38345 CVE-2025-38346 CVE-2025-38347 CVE-2025-38348 CVE-2025-38349 CVE-2025-38350 CVE-2025-38352 CVE-2025-38353 CVE-2025-38354 CVE-2025-38355 CVE-2025-38356 CVE-2025-38360 CVE-2025-38361 CVE-2025-38362 CVE-2025-38363 CVE-2025-38364 CVE-2025-38365 CVE-2025-38368 CVE-2025-38369 CVE-2025-38371 CVE-2025-38372 CVE-2025-38373 CVE-2025-38374 CVE-2025-38375 CVE-2025-38376 CVE-2025-38377 CVE-2025-38379 CVE-2025-38380 CVE-2025-38381 CVE-2025-38382 CVE-2025-38383 CVE-2025-38384 CVE-2025-38385 CVE-2025-38386 CVE-2025-38387 CVE-2025-38388 CVE-2025-38389 CVE-2025-38390 CVE-2025-38391 CVE-2025-38392 CVE-2025-38393 CVE-2025-38395 CVE-2025-38396 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38402 CVE-2025-38403 CVE-2025-38404 CVE-2025-38405 CVE-2025-38406 CVE-2025-38407 CVE-2025-38408 CVE-2025-38409 CVE-2025-38410 CVE-2025-38412 CVE-2025-38413 CVE-2025-38414 CVE-2025-38415 CVE-2025-38416 CVE-2025-38417 CVE-2025-38418 CVE-2025-38419 CVE-2025-38420 CVE-2025-38422 CVE-2025-38423 CVE-2025-38424 CVE-2025-38425 CVE-2025-38427 CVE-2025-38428 CVE-2025-38429 CVE-2025-38430 CVE-2025-38436 CVE-2025-38437 CVE-2025-38438 CVE-2025-38439 CVE-2025-38440 CVE-2025-38441 CVE-2025-38443 CVE-2025-38444 CVE-2025-38445 CVE-2025-38446 CVE-2025-38448 CVE-2025-38449 CVE-2025-38450 CVE-2025-38451 CVE-2025-38452 CVE-2025-38454 CVE-2025-38455 CVE-2025-38456 CVE-2025-38457 CVE-2025-38458 CVE-2025-38459 CVE-2025-38460 CVE-2025-38461 CVE-2025-38462 CVE-2025-38463 CVE-2025-38464 CVE-2025-38465 CVE-2025-38466 CVE-2025-38467 CVE-2025-38468 CVE-2025-38469 CVE-2025-38470 CVE-2025-38471 CVE-2025-38472 CVE-2025-38473 CVE-2025-38474 CVE-2025-38475 CVE-2025-38476 CVE-2025-38477 CVE-2025-38478 CVE-2025-38480 CVE-2025-38481 CVE-2025-38482 CVE-2025-38483 CVE-2025-38484 CVE-2025-38485 CVE-2025-38488 CVE-2025-38489 CVE-2025-38490 CVE-2025-38491 CVE-2025-38493 CVE-2025-38494 CVE-2025-38495 CVE-2025-38496 CVE-2025-38497 CVE-2025-38498 CVE-2025-38499 CVE-2025-38503 CVE-2025-38505 CVE-2025-38506 CVE-2025-38507 CVE-2025-38510 CVE-2025-38511 CVE-2025-38512 CVE-2025-38513 CVE-2025-38514 CVE-2025-38515 CVE-2025-38516 CVE-2025-38517 CVE-2025-38520 CVE-2025-38521 CVE-2025-38523 CVE-2025-38524 CVE-2025-38526 CVE-2025-38527 CVE-2025-38528 CVE-2025-38529 CVE-2025-38530 CVE-2025-38531 CVE-2025-38532 CVE-2025-38533 CVE-2025-38535 CVE-2025-38537 CVE-2025-38538 CVE-2025-38539 CVE-2025-38540 CVE-2025-38541 CVE-2025-38542 CVE-2025-38543 CVE-2025-38544 CVE-2025-38545 CVE-2025-38546 CVE-2025-38547 CVE-2025-38548 CVE-2025-38549 CVE-2025-38550 CVE-2025-38551 CVE-2025-38552 Description of changes: [6.12.0-103.40.4.1.el9uek] - netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38361037] [6.12.0-103.40.4.el9uek] - rds: Fix NULL ptr deref in xas_start (H?kon Bugge) [Orabug: 38169301] - KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38325898] [6.12.0-103.40.3.el9uek] - enic: get max rq & wq entries supported by hw, 16K queues (Satish Kharat) [Orabug: 38058289] - enic: cleanup of enic wq request completion path (Satish Kharat) [Orabug: 38058289] - enic: added enic_wq.c and enic_wq.h (Satish Kharat) [Orabug: 38058289] - enic: remove unused function cq_enet_wq_desc_dec (Satish Kharat) [Orabug: 38058289] - enic: enable rq extended cq support (Satish Kharat) [Orabug: 38058289] - enic: enic rq extended cq defines (Satish Kharat) [Orabug: 38058289] - enic: enic rq code reorg (Satish Kharat) [Orabug: 38058289] - enic: Move function from header file to c file (Satish Kharat) [Orabug: 38058289] - enic: add dependency on Page Pool (John Daley) [Orabug: 38058289] - enic: remove copybreak tunable (John Daley) [Orabug: 38058289] - enic: Use the Page Pool API for RX (John Daley) [Orabug: 38058289] - enic: Simplify RX handler function (John Daley) [Orabug: 38058289] - enic: Move RX functions to their own file (John Daley) [Orabug: 38058289] - enic: Fix typo in comment in table indexed by link speed (John Daley) [Orabug: 38058289] - enic: Obtain the Link speed only after the link comes up (John Daley) [Orabug: 38058289] - enic: Move RX coalescing set function (John Daley) [Orabug: 38058289] - enic: Move kdump check into enic_adjust_resources() (Nelson Escobar) [Orabug: 38058289] - enic: Move enic resource adjustments to separate function (Nelson Escobar) [Orabug: 38058289] - enic: Adjust used MSI-X wq/rq/cq/interrupt resources in a more robust way (Nelson Escobar) [Orabug: 38058289] - enic: Allocate arrays in enic struct based on VIC config (Nelson Escobar) [Orabug: 38058289] - enic: Save resource counts we read from HW (Nelson Escobar) [Orabug: 38058289] - enic: Make MSI-X I/O interrupts come after the other required ones (Nelson Escobar) [Orabug: 38058289] - enic: Create enic_wq/rq structures to bundle per wq/rq data (Nelson Escobar) [Orabug: 38058289] - RDMA/mlx5: Fix HW counters query for non-representor devices (Patrisious Haddad) [Orabug: 38161799] - RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad) [Orabug: 38161799] - Revert "RDMA/mlx5: Fix CC counters query for MPV" (Qing Huang) [Orabug: 38161799] - block: use chunk_sectors when evaluating stacked atomic write limits (John Garry) [Orabug: 38279050] - dm-stripe: limit chunk_sectors to the stripe size (John Garry) [Orabug: 38279050] - md/raid10: set chunk_sectors limit (John Garry) [Orabug: 38279050] - md/raid0: set chunk_sectors limit (John Garry) [Orabug: 38279050] - block: sanitize chunk_sectors for atomic write limits (John Garry) [Orabug: 38279050] - ilog2: add max_pow_of_two_factor() (John Garry) [Orabug: 38279050] - net/mlx5: E-Switch, Fix switching to switchdev mode in MPV (Patrisious Haddad) [Orabug: 38281424] - net/mlx5: E-Switch, Fix switching to switchdev mode with IB device disabled (Patrisious Haddad) [Orabug: 38281424] - net/mlx5: E-switch, refactor eswitch mode change (Patrisious Haddad) [Orabug: 38281424] [6.12.0-103.40.2.el9uek] - arm64: sysreg: Drag linux/kconfig.h to work around vdso build issue (Marc Zyngier) [Orabug: 38194015] - arm64: errata: Work around AmpereOne's erratum AC04_CPU_23 (D Scott Phillips) [Orabug: 38194015] - scsi: fnic: Set appropriate logging level for log message (Karan Tilak Kumar) [Orabug: 38226429] - scsi: fnic: Add and improve logs in FDMI and FDMI ABTS paths (Karan Tilak Kumar) [Orabug: 38226429] - scsi: fnic: Turn off FDMI ACTIVE flags on link down (Karan Tilak Kumar) [Orabug: 38226429] - scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (Karan Tilak Kumar) [Orabug: 38175020,38226429] {CVE-2025-38238} - fnic: treewide: Switch/rename to timer_delete[_sync]() (Thomas Gleixner) [Orabug: 38226429] - LTS version: v6.12.40 (Jack Vogel) - KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls (Manuel Andreas) [Orabug: 38254220] {CVE-2025-38469} - iommu/vt-d: Fix misplaced domain_attached assignment (Bbaa) - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data (Stefan Metzmacher) - drm/xe: Move page fault init after topology init (Matthew Brost) - drm/xe/mocs: Initialize MOCS index early (Balasubramani Vivekanandan) - sched,freezer: Remove unnecessary warning in __thaw_task (Chen Ridong) - i2c: omap: fix deprecated of_property_read_bool() use (Johan Hovold) - i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (Christophe Jaillet) - i2c: omap: Fix an error handling path in omap_i2c_probe() (Christophe Jaillet) - i2c: omap: Add support for setting mux (Jayesh Choudhary) - selftests/bpf: Set test path for token/obj_priv_implicit_token_envvar (Ihor Solodrai) - rust: use #[used(compiler)] to fix build and modpost with Rust >= 1.89.0 (Miguel Ojeda) - net: libwx: fix multicast packets received count (Jiawen Wu) - usb: dwc3: qcom: Don't leave BCR asserted (Krishna Kurapati) - usb: hub: Don't try to recover devices lost during warm reset. (Mathias Nyman) - usb: hub: Fix flushing of delayed work used for post resume purposes (Mathias Nyman) - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (Mathias Nyman) - usb: hub: fix detection of high tier USB3 devices behind suspended hubs (Mathias Nyman) - btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (Boris Burkov) [Orabug: 37844509] {CVE-2025-22115} - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38310005] {CVE-2025-38499} - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (Breno Leitao) [Orabug: 38324320] {CVE-2025-38549} - libbpf: Fix handling of BPF arena relocations (Andrii Nakryiko) - drm/mediatek: only announce AFBC if really supported (Icenowy Zheng) - drm/mediatek: Add wait_event_timeout when disabling plane (Jason-JH Lin) - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" (Chen Ridong) - rxrpc: Fix transmission of an abort in response to an abort (David Howells) - rxrpc: Fix recv-recv race of completed call (David Howells) [Orabug: 38324205] {CVE-2025-38524} - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (William Liu) [Orabug: 38254212] {CVE-2025-38468} - net: bridge: Do not offload IGMP/MLD messages (Joseph Huang) - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (Dong Chenchen) [Orabug: 38254223] {CVE-2025-38470} - tls: always refresh the queue when reading sock (Jakub Kicinski) [Orabug: 38254232] {CVE-2025-38471} - virtio-net: fix recursived rtnl_lock() during probe() (Zigit Zo) [Orabug: 38324329] {CVE-2025-38551} - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (Li Tian) - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (Luiz Augusto von Dentz) - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (Michal Wajdeczko) - drm/xe/pf: Move VFs reprovisioning to worker (Michal Wajdeczko) - drm/xe/pf: Sanitize VF scratch registers on FLR (Michal Wajdeczko) - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (Florian Westphal) [Orabug: 38254235] {CVE-2025-38472} - net: fix segmentation after TCP/UDP fraglist GRO (Felix Fietkau) - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (Yue Haibing) [Orabug: 38324325] {CVE-2025-38550} - net/mlx5: Correctly set gso_size when LRO is used (Christoph Paasch) - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (Zijun Hu) - Bluetooth: hci_core: add missing braces when using macro parameters (Christian Eggers) - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (Luiz Augusto von Dentz) - Bluetooth: SMP: If an unallowed command is received consider it a failure (Luiz Augusto von Dentz) - Bluetooth: hci_sync: fix connectable extended advertising when using static random address (Alessandro Gasbarroni) - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (Kuniyuki Iwashima) [Orabug: 38254239] {CVE-2025-38473} - riscv: traps_misaligned: properly sign extend value in misaligned load handler (Andreas Schwab) - riscv: Enable interrupt during exception handling (Nam Cao) - loop: use kiocb helpers to fix lockdep warning (Ming Lei) - usb: net: sierra: check for no status endpoint (Oliver Neukum) [Orabug: 38254247] {CVE-2025-38474} - ice: check correct pointer in fwlog debugfs (Michal Swiatkowski) - ice: add NULL check in eswitch lag check (Dave Ertman) [Orabug: 38324213] {CVE-2025-38526} - hwmon: (corsair-cpro) Validate the size of the received input buffer (Marius Zachmann) [Orabug: 38324317] {CVE-2025-38548} - selftests: net: increase inter-packet timeout in udpgro.sh (Paolo Abeni) - can: tcan4x5x: fix reset gpio usage during probe (Brett Werling) - can: tcan4x5x: add option for selecting nWKRQ voltage (Sean Nyekjaer) - wifi: cfg80211: remove scan request n_channels counted_by (Johannes Berg) - nvmet-tcp: fix callback lock for TLS handshake (Maurizio Lombardi) - nvme: fix misaccounting of nvme-mpath inflight I/O (Yu Kuai) - net: phy: Don't register LEDs for genphy (Sean Anderson) [Orabug: 38324260] {CVE-2025-38537} - smc: Fix various oops due to inet_sock type confusion. (Kuniyuki Iwashima) [Orabug: 38254256] {CVE-2025-38475} - nvme: fix endianness of command word prints in nvme_log_err_passthru() (John Garry) - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (Zheng Qixing) - fix a leak in fcntl_dirnotify() (Al Viro) - smb: client: fix use-after-free in cifs_oplock_break (Wang Zhaolong) [Orabug: 38324216] {CVE-2025-38527} - rpl: Fix use-after-free in rpl_do_srh_inline(). (Kuniyuki Iwashima) [Orabug: 38254259] {CVE-2025-38476} - net/sched: sch_qfq: Fix race condition on qfq_aggregate (Xiang Mei) [Orabug: 38254264] {CVE-2025-38477} - block: fix kobject leak in blk_unregister_queue (Ming Lei) - net: emaclite: Fix missing pointer increment in aligned_read() (Alok Tiwari) - cachefiles: Fix the incorrect return value in __cachefiles_write() (Zizhi Wo) - selftests/sched_ext: Fix exit selftest hang on UP (Andrea Righi) - bpf: Reject %p% format string in bprintf-like helpers (Paul Chaignon) [Orabug: 38324225] {CVE-2025-38528} - arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (Richard Zhu) - soundwire: amd: fix for clearing command status register (Vijendar Mukunda) - soundwire: amd: fix for handling slave alerts after link is down (Vijendar Mukunda) - arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (Andy Yan) - arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (Andy Yan) - comedi: Fix initialization of data for instructions that write to subdevice (Ian Abbott) [Orabug: 38254270] {CVE-2025-38478} - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (Ian Abbott) [Orabug: 38254276] {CVE-2025-38480} - comedi: Fix some signed shift left operations (Ian Abbott) - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (Ian Abbott) [Orabug: 38254283] {CVE-2025-38481} - comedi: das6402: Fix bit shift out of bounds (Ian Abbott) [Orabug: 38254291] {CVE-2025-38482} - comedi: das16m1: Fix bit shift out of bounds (Ian Abbott) [Orabug: 38254299] {CVE-2025-38483} - comedi: aio_iiro_16: Fix bit shift out of bounds (Ian Abbott) [Orabug: 38324229] {CVE-2025-38529} - comedi: pcl812: Fix bit shift out of bounds (Ian Abbott) [Orabug: 38324236] {CVE-2025-38530} - iio: common: st_sensors: Fix use of uninitialize device structs (Maud Spierings) [Orabug: 38324242] {CVE-2025-38531} - iio: backend: fix out-of-bound write (Markus Burri) [Orabug: 38254383] {CVE-2025-38484} - iio: adc: stm32-adc: Fix race in installing chained IRQ handler (Chen Ni) - iio: adc: max1363: Reorder mode_list[] entries (Fabio Estevam) - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (Fabio Estevam) - iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps (Chen-Yu Tsai) [Orabug: 38324314] {CVE-2025-38547} - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (Sean Nyekjaer) [Orabug: 38254306] {CVE-2025-38485} - soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled (Andrew Jeffery) - soc: aspeed: lpc-snoop: Cleanup resources in stack-order (Andrew Jeffery) - smb: client: fix use-after-free in crypt_message when using async crypto (Wang Zhaolong) [Orabug: 38254322] {CVE-2025-38488} - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (Ilya Leoshkevich) [Orabug: 38254325] {CVE-2025-38489} - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov (Maulik Shah) - net: libwx: properly reset Rx ring descriptor (Jiawen Wu) [Orabug: 38324251] {CVE-2025-38532} - net: libwx: fix the using of Rx buffer DMA (Jiawen Wu) [Orabug: 38324253] {CVE-2025-38533} - net: libwx: remove duplicate page_pool_put_full_page() (Jiawen Wu) [Orabug: 38254327] {CVE-2025-38490} - net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback (Markus Bl?chl) - mmc: sdhci_am654: Workaround for Errata i2312 (Judith Mendez) - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (Edson Juliano Drosdeck) - mmc: bcm2835: Fix dma_unmap_sg() nents value (Thomas Fourier) - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (Nathan Chancellor) - isofs: Verify inode mode when loading from disk (Jan Kara) - dmaengine: nbpfaxi: Fix memory corruption in probe() (Dan Carpenter) [Orabug: 38324262] {CVE-2025-38538} - cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y (Daniel Lezcano) - Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type (Luiz Augusto von Dentz) - af_packet: fix soft lockup issue caused by tpacket_snd() (Yun Lu) - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (Yun Lu) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (Jakob Unterwurzacher) - arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (Tim Harvey) - arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (Tim Harvey) - arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (Tim Harvey) - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (Francesco Dolcini) - arm64: dts: add big-endian property back into watchdog node (Meng Li) - arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (Tim Harvey) - net/mlx5: Update the list of the PCI supported devices (Maor Gottlieb) - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() (Nathan Chancellor) - mptcp: reset fallback status gracefully at disconnect() time (Paolo Abeni) - mptcp: plug races between subflow fail and subflow creation (Paolo Abeni) [Orabug: 38324332] {CVE-2025-38552} - mptcp: make fallback action and fallback decision atomic (Paolo Abeni) [Orabug: 38254329] {CVE-2025-38491} - io_uring/poll: fix POLLERR handling (Pavel Begunkov) - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (Takashi Iwai) - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (Edip Hazuri) - drm/amd/display: Free memory allocation (Clayton King) - drm/amd/display: Disable CRTC degamma LUT for DCN401 (Melissa Wen) - drm/amdgpu: Increase reset counter only on success (Lijo Lazar) - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (Eeli Haapalainen) - objtool/rust: add one more noreturn Rust function for Rust 1.89.0 (Miguel Ojeda) - tracing/osnoise: Fix crash in timerlat_dump_stack() (Tomas Glozar) [Orabug: 38254335] {CVE-2025-38493} - tracing: Add down_write(trace_event_sem) when adding trace event (Steven Rostedt) [Orabug: 38324268] {CVE-2025-38539} - tracing/probes: Avoid using params uninitialized in parse_btf_arg() (Nathan Chancellor) - HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254338] {CVE-2025-38494} - HID: core: ensure __hid_request reserves the report ID as the first byte (Benjamin Tissoires) - HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254346] {CVE-2025-38495} - dm-bufio: fix sched in atomic context (Sheng Yong) [Orabug: 38254353] {CVE-2025-38496} - spi: Add check for 8-bit transfer with 8 IO mode support (Cheng Ming Lin) - pch_uart: Fix dma_sync_sg_for_device() nents value (Thomas Fourier) - Input: xpad - set correct controller type for Acer NGR200 (Nilton Perim Neto) - nvmem: layouts: u-boot-env: remove crc32 endianness conversion (Michael C. Pratt) - nvmem: imx-ocotp: fix MAC address byte length (Steffen B?tz) - Revert "staging: vchiq_arm: Create keep-alive thread during probe" (Stefan Wahren) - thunderbolt: Fix bit masking in tb_dp_port_set_hops() (Alok Tiwari) - thunderbolt: Fix wake on connect at runtime (Mario Limonciello) - i2c: stm32f7: unmap DMA mapped buffer (Cl?ment Le Goffic) - i2c: stm32: fix the device used for the DMA map (Cl?ment Le Goffic) - usb: gadget: configfs: Fix OOB read on empty string write (Xinyu Liu) [Orabug: 38254356] {CVE-2025-38497} - usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY (Minas Harutyunyan) - usb: musb: fix gadget state on disconnect (Drew Hamilton) - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (Ryan Mann) - USB: serial: option: add Foxconn T99W640 (Slark Xiao) - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (Fabio Porcedda) - phy: tegra: xusb: Disable periodic tracking on Tegra234 (Haotien Hsu) - phy: tegra: xusb: Decouple CYA_TRK_CODE_UPDATE_ON_IDLE from trk_hw_mode (Wayne Chang) - phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (Wayne Chang) [Orabug: 38324256] {CVE-2025-38535} - LTS version: v6.12.39 (Jack Vogel) - KVM: SVM: Set synthesized TSA CPUID flags (Borislav Petkov) - rseq: Fix segfault on registration when rseq_cs is non-zero (Michael Jeanson) [Orabug: 38095070] {CVE-2025-38067} - crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (Lukas Wunner) [Orabug: 37977089] {CVE-2025-37984} - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (Mark Brown) - ksmbd: fix potential use-after-free in oplock/lease break ack (Namjae Jeon) [Orabug: 38254080] {CVE-2025-38437} - kasan: remove kasan_find_vm_area() to prevent possible deadlock (Levi Yun) [Orabug: 38324146] {CVE-2025-38510} - net: wangxun: revert the adjustment of the IRQ vector sequence (Jiawen Wu) - erofs: fix rare pcluster memory leak after unmounting (Gao Xiang) - selftests/bpf: adapt one more case in test_lru_map to the new target_free (Willem de Bruijn) - HID: nintendo: avoid bluetooth suspend/resume stalls (Daniel J. Ogorchock) [Orabug: 38324137] {CVE-2025-38507} - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324277] {CVE-2025-38540} - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (Zhang Heng) - riscv: vdso: Exclude .rodata from the PT_DYNAMIC segment (Fangrui Song) - bpf: Adjust free target to avoid global starvation of LRU map (Willem de Bruijn) - vt: add missing notification when switching back to text mode (Nicolas Pitre) - btrfs: fix assertion when building free space tree (Filipe Manana) [Orabug: 38324119] {CVE-2025-38503} - net: mana: Record doorbell physical address in PF mode (Long Li) - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (Akira Inoue) - driver: bluetooth: hci_qca:fix unable to load the BT driver (Shuai Zhang) - net: usb: qmi_wwan: add SIMCom 8230C composition (Xiaowei Li) - ALSA: hda/realtek: Add quirks for some Clevo laptops (Tim Crawford) - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (Yasmin Fitzgerald) - ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (Yuzuru) - io_uring: make fallocate be hashed work (Fengnan Chang) - ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 (Takashi Iwai) - ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. (Tamura Dai) [Orabug: 38254084] {CVE-2025-38438} - um: vector: Reduce stack usage in vector_eth_configure() (Tiwei Bie) - atm: idt77252: Add missing dma_map_error() (Thomas Fourier) - ublk: sanity check add_dev input for underflow (Ronnie Sahlberg) - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254088] {CVE-2025-38439} - bnxt_en: Fix DCB ETS validation (Shravya Kn) - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() (Alok Tiwari) - net/mlx5e: Add new prio for promiscuous mode (Jianbo Liu) - net/mlx5e: Fix race between DIM disable and net_dim() (Carolina Jubran) [Orabug: 38254092] {CVE-2025-38440} - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (Sean Nyekjaer) - drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() (Shuicheng Lin) - selftests: net: lib: fix shift count out of range (Hangbin Liu) - selftests: net: lib: Move logging from forwarding/lib.sh here (Petr Machata) - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (Oleksij Rempel) - net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits (Oleksij Rempel) - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (Mingming Cao) - net: appletalk: Fix device refcount leak in atrtr_create() (Kito Xu) [Orabug: 38324288] {CVE-2025-38542} - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (Eric Dumazet) [Orabug: 38254094] {CVE-2025-38441} - erofs: fix to add missing tracepoint in erofs_readahead() (Chao Yu) - erofs: refine readahead tracepoint (Gao Xiang) - erofs: tidy up zdata.c (Gao Xiang) - erofs: get rid of z_erofs_next_pcluster_t (Gao Xiang) - erofs: free pclusters if no cached folio is attached (Chunhai Guo) - drm/xe/pf: Clear all LMTT pages on alloc (Michal Wajdeczko) [Orabug: 38324148] {CVE-2025-38511} - nbd: fix uaf in nbd_genl_connect() error path (Zheng Qixing) [Orabug: 38254100] {CVE-2025-38443} - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (Henry Martin) [Orabug: 38324286] {CVE-2025-38541} - drm/nouveau/gsp: fix potential leak of memory used during acpi init (Ben Skeggs) - wifi: rt2x00: fix remove callback type mismatch (Felix Fietkau) - wifi: mac80211: fix non-transmitted BSSID profile search (Johannes Berg) - wifi: mac80211: correctly identify S1G short beacon (Lachlan Hodges) - raid10: cleanup memleak at raid10_make_request (Nigel Croxon) [Orabug: 38254103] {CVE-2025-38444} - md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254107] {CVE-2025-38445} - drm/tegra: nvdec: Fix dma_alloc_coherent error check (Mikko Perttunen) [Orabug: 38324294] {CVE-2025-38543} - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug: 38324159] {CVE-2025-38513} - wifi: cfg80211: fix S1G beacon head validation in nl80211 (Lachlan Hodges) - netfs: Fix ref leak on inserted extra subreq in write retry (David Howells) - netlink: make sure we allow at least one dump skb (Jakub Kicinski) - netlink: Fix rmem check in netlink_broadcast_deliver(). (Kuniyuki Iwashima) - ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count (Peter Ujfalusi) - erofs: address D-cache aliasing (Gao Xiang) - erofs: fix to add missing tracepoint in erofs_read_folio() (Chao Yu) - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() (Al Viro) - smb: server: make use of rdma_destroy_qp() (Stefan Metzmacher) - clk: scmi: Handle case where child clocks are initialized before their parents (Sascha Hauer) - x86/mm: Disable hugetlb page table sharing on 32-bit (Jann Horn) - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (Mikhail Paulyshka) - clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data (Xiaolei Wang) [Orabug: 38254112] {CVE-2025-38446} - rust: init: allow dead_code warnings for Rust >= 1.89.0 (Miguel Ojeda) - lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() (Harry Yoo) [Orabug: 38324192] {CVE-2025-38517} - mm/vmalloc: leave lazy MMU mode on PTE mapping error (Alexander Gordeev) - scripts/gdb: fix interrupts.py after maple tree conversion (Florian Fainelli) - scripts/gdb: de-reference per-CPU MCE interrupts (Florian Fainelli) - scripts/gdb: fix interrupts display after MCP on x86 (Florian Fainelli) - mm: fix the inaccurate memory statistics issue for users (Baolin Wang) - maple_tree: fix mt_destroy_walk() on root leaf node (Wei Yang) - kallsyms: fix build without execinfo (Achill Gilgenast) - Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" (Zhe Qiao) - Revert "ACPI: battery: negate current when discharging" (Rafael J. Wysocki) - drm/xe: Allocate PF queue size on pow2 boundary (Matthew Brost) - drm/framebuffer: Acquire internal references on GEM handles (Thomas Zimmermann) - Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" (Kuen-Han Tsai) - usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254116] {CVE-2025-38448} - Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" (Matthew Brost) - drm/xe/bmg: fix compressed VRAM handling (Matthew Auld) - drm/gem: Fix race in drm_gem_handle_create_tail() (Simona Vetter) - drm/ttm: fix error handling in ttm_buffer_object_transfer (Christian K?nig) - drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324178] {CVE-2025-38515} - drm/gem: Acquire references on GEM handles for framebuffers (Thomas Zimmermann) [Orabug: 38254122] {CVE-2025-38449} - drm/amdkfd: Don't call mmput from MMU notifier callback (Philip Yang) [Orabug: 38324196] {CVE-2025-38520} - drm/imagination: Fix kernel crash when hard resetting the GPU (Alessio Belle) [Orabug: 38324199] {CVE-2025-38521} - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (Michael Lo) - wifi: mt76: mt7925: fix the wrong config for tx interrupt (Ming Yen Hsieh) - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() (Deren Wu) [Orabug: 38254130] {CVE-2025-38450} - wifi: mt76: mt7921: prevent decap offload config before STA initialization (Deren Wu) - wifi: mwifiex: discard erroneous disassoc frames on STA interface (Vitor Soares) [Orabug: 38324132] {CVE-2025-38505} - wifi: prevent A-MSDU attacks in mesh networks (Mathy Vanhoef) [Orabug: 38324151] {CVE-2025-38512} - pwm: mediatek: Ensure to disable clocks in error path (Uwe Kleine-K?nig) - pwm: Fix invalid state detection (Uwe Kleine-K?nig) - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324184] {CVE-2025-38516} - net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() (Haoxiang Li) [Orabug: 38254133] {CVE-2025-38452} - gre: Fix IPv6 multicast route creation. (Guillaume Nault) - ASoC: fsl_sai: Force a software reset when starting in consumer mode (Arun Raghavan) - ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() (Thorsten Blum) [Orabug: 38254137] {CVE-2025-38454} - KVM: Allow CPU to reschedule while setting per-page memory attributes (Liam Merwick) [Orabug: 38324134] {CVE-2025-38506} - KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (Sean Christopherson) [Orabug: 38254139] {CVE-2025-38455} - KVM: SVM: Add missing member in SNP_LAUNCH_START command structure (Nikunj A Dadhania) - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. (David Woodhouse) - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (Jp Kobryn) - x86/mce: Ensure user polling settings are honored when restarting timer (Yazen Ghannam) - x86/mce: Don't remove sysfs if thresholding sysfs init fails (Yazen Ghannam) - x86/mce/amd: Fix threshold limit reset (Yazen Ghannam) - x86/mce/amd: Add default names for MCA banks and blocks (Yazen Ghannam) - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (Dan Carpenter) [Orabug: 38254142] {CVE-2025-38456} - rxrpc: Fix oops due to non-existence of prealloc backlog struct (David Howells) [Orabug: 38324168] {CVE-2025-38514} - rxrpc: Fix bug due to prealloc collision (David Howells) [Orabug: 38324296] {CVE-2025-38544} - net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254145] {CVE-2025-38457} - net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (Chintan Vankar) [Orabug: 38324304] {CVE-2025-38545} - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254151] {CVE-2025-38458} - atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254159] {CVE-2025-38459} - atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324307] {CVE-2025-38546} - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254165] {CVE-2025-38460} - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (Oleksij Rempel) - net: phy: smsc: Force predictable MDI-X state on LAN87xx (Oleksij Rempel) - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (Oleksij Rempel) - net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 (Ericchan) - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also transport_local (Michal Luczaj) - vsock: Fix transport_* TOCTOU (Michal Luczaj) [Orabug: 38254171] {CVE-2025-38461} - vsock: Fix transport_{g2h,h2g} TOCTOU (Michal Luczaj) [Orabug: 38254174] {CVE-2025-38462} - tcp: Correct signedness in skb remaining space calculation (Jiayuan Chen) [Orabug: 38254177] {CVE-2025-38463} - tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254179] {CVE-2025-38464} - vsock: fix vsock_proto declaration (Stefano Garzarella) - netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254186] {CVE-2025-38465} - net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() (Luo Jie) - net: phy: qcom: move the WoL function to shared library (Luo Jie) - arm64: poe: Handle spurious Overlay faults (Kevin Brodsky) - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (Jason Xing) - sched/deadline: Fix dl_server runtime calculation formula (Kuyo Chang) - fix proc_sys_compare() handling of in-lookup dentries (Al Viro) - pinctrl: amd: Clear GPIO debounce for suspend (Mario Limonciello) - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (Luiz Augusto von Dentz) - Bluetooth: hci_sync: Fix not disabling advertising instance (Luiz Augusto von Dentz) - ASoC: cs35l56: probe() should fail if the device ID is not recognized (Richard Fitzgerald) - perf: Revert to requiring CAP_SYS_ADMIN for uprobes (Peter Zijlstra) [Orabug: 38254195] {CVE-2025-38466} - sched/core: Fix migrate_swap() vs. hotplug (Peter Zijlstra) - irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ (Nam Cao) - perf/core: Fix the WARN_ON_ONCE is out of lock protected region (Luo Gengkun) - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (Charles Keepax) - ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops (Bard Liao) - ASoC: Intel: add sof_sdw_get_tplg_files ops (Bard Liao) - ASoC: soc-acpi: add get_function_tplg_files ops (Bard Liao) - ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops (Simon Trimmer) - ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct (Simon Trimmer) - ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH (Bard Liao) - ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (Shengjiu Wang) - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (Srinivasan Shanmugam) [Orabug: 37855415] {CVE-2025-38104} - crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 (Eric Biggers) - drm/amdgpu/ip_discovery: add missing ip_discovery fw (Flora Cui) - drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics (Flora Cui) - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug: 38254201] {CVE-2025-38467} - eventpoll: don't decrement ep refcount while still holding the ep mutex (Linus Torvalds) [Orabug: 38209551] {CVE-2025-38349} - LTS version: v6.12.38 (Jack Vogel) - x86/CPU/AMD: Properly check the TSA microcode (Borislav Petkov) - LTS version: v6.12.37 (Jack Vogel) - x86/process: Move the buffer clearing before MONITOR (Borislav Petkov) - x86/microcode/AMD: Add TSA microcode SHAs (Borislav Petkov) - KVM: SVM: Advertise TSA CPUID bits to guests (Borislav Petkov) - x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov) [Orabug: 38023239,38129827] {CVE-2024-36350,CVE-2024-36357} - x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov) [Orabug: 38023239,38129827] {CVE-2024-36350,CVE-2024-36357} - x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (Andrew Cooper) [Orabug: 38264060] - Revert "x86/bugs: Rename MDS machinery to something more generic" (Boris Ostrovsky) [Orabug: 38264060] - Revert "x86/bugs: Add a Transient Scheduler Attacks mitigation" (Boris Ostrovsky) [Orabug: 38264060] - Revert "KVM: SVM: Advertize TSA CPUID bits to guests" (Boris Ostrovsky) [Orabug: 38264060] - Revert "x86/process: Move the buffer clearing before MONITOR" (Boris Ostrovsky) [Orabug: 38264060] - Revert "Add Zen34 clients" (Boris Ostrovsky) [Orabug: 38264060] - Revert "x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt()" (Boris Ostrovsky) [Orabug: 38264060] - mm: userfaultfd: fix race of userfaultfd_move and swap cache (Kairui Song) [Orabug: 38175034] {CVE-2025-38242} - mm/vmalloc: fix data race in show_numa_info() (Jeongjun Park) [Orabug: 38253860] {CVE-2025-38383} - powerpc/kernel: Fix ppc_save_regs inclusion in build (Madhavan Srinivasan) - usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38254393] {CVE-2025-38404} - platform/x86: think-lmi: Fix sysfs group cleanup (Kurt Borja) - platform/x86: think-lmi: Fix kobject cleanup (Kurt Borja) - platform/x86: think-lmi: Create ksets consecutively (Kurt Borja) - riscv: cpu_ops_sbi: Use static array for boot_data (Vivian Wang) [Orabug: 38253953] {CVE-2025-38407} - powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (Zhang Rui) - iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU (Simon Xue) - optee: ffa: fix sleep in atomic context (Jens Wiklander) [Orabug: 38253830] {CVE-2025-38374} - Logitech C-270 even more broken (Oliver Neukum) - i2c/designware: Fix an initialization issue (Michael J. Ruhl) [Orabug: 38253849] {CVE-2025-38380} - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (Christian K?nig) - cifs: all initializations for tcon should happen in tcon_info_alloc (Shyam Prasad N) - smb: client: fix readdir returning wrong type with POSIX extensions (Philipp Kerling) - usb: acpi: fix device link removal (Krogerus Heikki) - usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (Xu Yang) [Orabug: 38253838] {CVE-2025-38376} - usb: dwc3: Abort suspend on soft disconnect failure (Kuen-Han Tsai) - usb: cdnsp: Fix issue with CV Bad Descriptor test (Pawel Laszczak) - usb: cdnsp: do not disable slot for disabled slot (Peter Chen) - Input: iqs7222 - explicitly define number of external channels (Jeff Labundy) - Input: xpad - support Acer NGR 200 Controller (Nilton Perim Neto) - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (Hongyu Xie) - xhci: dbc: Flush queued requests before stopping dbc (Mathias Nyman) - xhci: dbctty: disable ECHO flag by default (?ukasz Bartosik) - usb: xhci: quirk for data loss in ISOC transfers (Raju Rangoju) - Revert "usb: xhci: Implement xhci_handshake_check_state() helper" (Roy Luo) - usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (Roy Luo) - NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust) - drm/xe: Allow dropping kunit dependency as built-in (Harry Austen) - drm/xe/bmg: Update Wa_22019338487 (Vinay Belgaumkar) - IB/mlx5: Fix potential deadlock in MR deregistration (Or Har-Toov) [Orabug: 38253826] {CVE-2025-38373} - RDMA/mlx5: Fix cache entry update on dereg error (Michael Guralnik) - fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (Shivank Garg) [Orabug: 38253909] {CVE-2025-38396} - module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper (Peter Zijlstra) - add a string-to-qstr constructor (Al Viro) - rcu: Return early if callback is not specified (Uladzislau Rezki) - mtd: spinand: fix memory leak of ECC engine conf (Pablo Martin-Gomez) [Orabug: 38253862] {CVE-2025-38384} - ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253873] {CVE-2025-38386} - wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253944] {CVE-2025-38406} - wifi: mac80211: drop invalid source address OCB frames (Johannes Berg) - aoe: defer rexmit timer downdev work to workqueue (Justin Sanders) - scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (Maurizio Lombardi) [Orabug: 38253913] {CVE-2025-38399} - regulator: fan53555: add enable_time support and soft-start times (Heiko Stuebner) - ASoC: amd: yc: update quirk data for HP Victus (Raven Black) - powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan) - genirq/irq_sim: Initialize work context pointers properly (Gyeyoung Baek) [Orabug: 38253955] {CVE-2025-38408} - platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (Mario Limonciello) - ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (Gabriel Santese) - ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg) - ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled (Tasos Sahanidis) - ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai) - ALSA: sb: Don't allow changing the DMA mode during operations (Takashi Iwai) - drm/msm: Fix another leak in the submit error path (Rob Clark) [Orabug: 38253959] {CVE-2025-38409} - drm/msm: Fix a fence leak in submit error path (Rob Clark) [Orabug: 38253966] {CVE-2025-38410} - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (Ewan D. Milne) - sched_ext: Make scx_group_set_weight() always update tg->scx.weight (Tejun Heo) - drm/amdgpu/mes: add missing locking in helper functions (Alex Deucher) - arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on (Johan Hovold) - drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (Nicholas Kazlauskas) [Orabug: 38253787] {CVE-2025-38360} - drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (Frank Min) - drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (Imre Deak) - drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (Sonny Jiang) - drm/simpledrm: Do not upcast in release helpers (Thomas Zimmermann) - selinux: change security_compute_sid to return the ssid or tsid on match (Stephen Smalley) - drm/xe/guc: Explicitly exit CT safe mode on unwind (Michal Wajdeczko) [Orabug: 38253775] {CVE-2025-38356} - drm/xe/guc: Dead CT helper (John Harrison) - drm/xe: Replace double space with single space after comma (Gote, Nitin R) - drm/xe: move DPT l2 flush to a more sensible place (Matthew Auld) - drm/xe: Allow bo mapping on multiple ggtts (Niranjana Vishwanathapura) - drm/xe: add interface to request physical alignment for buffer objects (Juha-Pekka Heikkila) - drm/xe: Move DSB l2 flush to a more sensible place (Maarten Lankhorst) - drm/xe: Fix DSB buffer coherency (Maarten Lankhorst) - mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (Christophe Jaillet) - netfs: Fix oops in write-retry from mis-resetting the subreq iterator (David Howells) [Orabug: 38153033] {CVE-2025-38139} - remoteproc: k3-r5: Refactor sequential core power up/down operations (Beleswar Padhi) - remoteproc: k3-r5: Use devm_rproc_add() helper (Beleswar Padhi) - remoteproc: k3-r5: Use devm_ioremap_wc() helper (Beleswar Padhi) - remoteproc: k3-r5: Use devm_kcalloc() helper (Beleswar Padhi) - remoteproc: k3-r5: Add devm action to release reserved memory (Beleswar Padhi) - remoteproc: k3: Call of_node_put(rmem_np) only once in three functions (Markus Elfring) - ubsan: integer-overflow: depend on BROKEN to keep this out of CI (Kees Cook) - arm64: dts: qcom: sm8650: add the missing l2 cache node (Pengyu Luo) - arm64: dts: renesas: white-hawk-single: Improve Ethernet TSN description (Geert Uytterhoeven) - arm64: dts: renesas: Factor out White Hawk Single board support (Geert Uytterhoeven) - arm64: dts: renesas: Use interrupts-extended for Ethernet PHYs (Geert Uytterhoeven) - arm64: dts: qcom: sm8650: Fix domain-idle-state for CPU2 (Luca Weiss) - arm64: dts: qcom: sm8650: change labels to lower-case (Krzysztof Kozlowski) - bpf: Do not include stack ptr register in precision backtracking bookkeeping (Yonghong Song) [Orabug: 38180467] {CVE-2025-38279} - bpf: use common instruction history across all states (Andrii Nakryiko) - hisi_acc_vfio_pci: bugfix the problem of uninstalling driver (Longfang Liu) - hisi_acc_vfio_pci: bugfix cache write-back issue (Longfang Liu) - scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (Justin Tee) [Orabug: 38180503] {CVE-2025-38289} - f2fs: zone: fix to calculate first_zoned_segno correctly (Chao Yu) - f2fs: zone: introduce first_zoned_segno in f2fs_sb_info (Chao Yu) - f2fs: decrease spare area for pinned files for zoned devices (Daeho Jeong) - iommu: ipmmu-vmsa: avoid Wformat-security warning (Arnd Bergmann) - RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug (Zhu Yanjun) - wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (Rameshkumar Sundaram) - wifi: ath12k: Handle error cases during extended skb allocation (P Praneesh) - wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path (Nicolas Escande) - bonding: Mark active offloaded xfrm_states (Cosmin Ratiu) - ACPI: thermal: Execute _SCP before reading trip points (Armin Wolf) - ACPI: thermal: Fix stale comment regarding trip points (Xueqin Luo) - ASoC: tas2764: Reinit cache on part reset (Martin Povi?er) - ASoC: tas2764: Extend driver to SN012776 (Martin Povi?er) - gfs2: Don't start unnecessary transactions during log flush (Andreas Gruenbacher) - gfs2: Move gfs2_trans_add_databufs (Andreas Gruenbacher) - sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE (Xuewen Yan) - sched/fair: Add new cfs_rq.h_nr_runnable (Vincent Guittot) - sched/fair: Rename h_nr_running into h_nr_queued (Vincent Guittot) - btrfs: fix wrong start offset for delalloc space release during mmap write (Filipe Manana) - btrfs: prepare btrfs_page_mkwrite() for large folios (Qu Wenruo) - gfs2: deallocate inodes in gfs2_create_inode (Andreas Gruenbacher) - gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc (Andreas Gruenbacher) - gfs2: Move gfs2_dinode_dealloc (Andreas Gruenbacher) - gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (Andreas Gruenbacher) - gfs2: Add GLF_PENDING_REPLY flag (Andreas Gruenbacher) - gfs2: Decode missing glock flags in tracepoints (Andreas Gruenbacher) - gfs2: Prevent inode creation race (Andreas Gruenbacher) - gfs2: Rename dinode_demise to evict_behavior (Andreas Gruenbacher) - gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (Andreas Gruenbacher) - gfs2: Initialize gl_no_formal_ino earlier (Andreas Gruenbacher) - kunit: qemu_configs: Disable faulting tests on 32-bit SPARC (David Gow) - kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y (Thomas Wei?schuh) - kunit: qemu_configs: sparc: use Zilog console (Thomas Wei?schuh) - crypto: zynqmp-sha - Add locking (Herbert Xu) - spinlock: extend guard with spinlock_bh variants (Christian Marangi) - crypto: iaa - Do not clobber req->base.data (Herbert Xu) - crypto: iaa - Remove dst_null support (Herbert Xu) - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (Lukasz Czechowski) - smb: client: fix race condition in negotiate timeout by using more precise timing (Wang Zhaolong) - amd-xgbe: do not double read link status (Raju Rangoju) - net/sched: Always pass notifications when child class becomes empty (Lion Ackermann) [Orabug: 38217337] {CVE-2025-38350} - nui: Fix dma_mapping_error() check (Thomas Fourier) - rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju) [Orabug: 38253840] {CVE-2025-38377} - enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari) - amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju) - lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter) - netfs: Fix i_size updating (David Howells) - smb: client: set missing retry flag in cifs_writev_callback() (Paulo Alcantara) - smb: client: set missing retry flag in cifs_readv_callback() (Paulo Alcantara) - smb: client: set missing retry flag in smb2_writev_callback() (Paulo Alcantara) - igc: disable L1.2 PCI-E link substate to avoid performance issue (Vitaly Lifshits) - idpf: convert control queue mutex to a spinlock (Ahmed Zaki) [Orabug: 38253897] {CVE-2025-38392} - idpf: return 0 size for RSS key if not supported (Michal Swiatkowski) [Orabug: 38253932] {CVE-2025-38402} - drm/i915/gsc: mei interrupt top half should be in irq disabled context (Junxiao Chang) - drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253885] {CVE-2025-38389} - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (Oleksij Rempel) [Orabug: 38253870] {CVE-2025-38385} - smb: client: fix warning when reconnecting channel (Paulo Alcantara) [Orabug: 38254386] {CVE-2025-38379} - drm/bridge: aux-hpd-bridge: fix assignment of the of_node (Dmitry Baryshkov) - platform/mellanox: mlxreg-lc: Fix logic error in power state check (Alok Tiwari) - platform/x86: dell-wmi-sysman: Fix class device unregistration (Kurt Borja) - platform/x86: dell-sysman: Directly use firmware_attributes_class (Thomas Wei?schuh) - platform/x86: think-lmi: Fix class device unregistration (Kurt Borja) - platform/x86: think-lmi: Directly use firmware_attributes_class (Thomas Wei?schuh) - platform/x86: firmware_attributes_class: Simplify API (Thomas Wei?schuh) - platform/x86: firmware_attributes_class: Move include linux/device/class.h (Thomas Wei?schuh) - platform/x86: hp-bioscfg: Fix class device unregistration (Kurt Borja) - platform/x86: hp-bioscfg: Directly use firmware_attributes_class (Thomas Wei?schuh) - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (Kurt Borja) [Orabug: 38253975] {CVE-2025-38412} - nvmet: fix memory leak of bio integrity (Dmitry Bogdanov) [Orabug: 38253942] {CVE-2025-38405} - nvme: Fix incorrect cdw15 value in passthru error logging (Alok Tiwari) - drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter) - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark) - drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski) - dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai) - ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier) - btrfs: use btrfs_record_snapshot_destroy() during rmdir (Filipe Manana) - btrfs: propagate last_unlink_trans earlier when doing a rmdir (Filipe Manana) - btrfs: record new subvolume in parent dir earlier to avoid dir logging races (Filipe Manana) - btrfs: fix inode lookup error handling during log replay (Filipe Manana) - btrfs: fix invalid inode pointer dereferences during log replay (Filipe Manana) [Orabug: 38288149] {CVE-2025-38243} - btrfs: return a btrfs_inode from read_one_inode() (Filipe Manana) - btrfs: return a btrfs_inode from btrfs_iget_logging() (Filipe Manana) - btrfs: fix iteration of extrefs during log replay (Filipe Manana) [Orabug: 38253858] {CVE-2025-38382} - btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana) - Bluetooth: Prevent unintended pause by checking if advertising is active (Yang Li) - platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (Alok Tiwari) - platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (Alok Tiwari) - RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad) [Orabug: 38118599] - scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche) - scsi: sd: Fix VPD page 0xb7 length check (Jackysliu) - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier) - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (Thomas Fourier) - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (Benjamin Coddington) [Orabug: 38253899] {CVE-2025-38393} - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253921] {CVE-2025-38400} - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253879] {CVE-2025-38387} - RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling (Or Har-Toov) [Orabug: 38253824] {CVE-2025-38372} - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson) - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (Janne Grunau) - firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context (Sudeep Holla) [Orabug: 38253883] {CVE-2025-38388} - firmware: arm_ffa: Move memory allocation outside the mutex locking (Sudeep Holla) - firmware: arm_ffa: Fix memory leak by freeing notifier callback node (Sudeep Holla) [Orabug: 38253890] {CVE-2025-38390} - drm/v3d: Disable interrupts before resetting the GPU (Ma?ra Canal) [Orabug: 38253819] {CVE-2025-38371} - mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky) - mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu) [Orabug: 38253926] {CVE-2025-38401} - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu) - usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253892] {CVE-2025-38391} - Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() (Yunshui) [Orabug: 38253852] {CVE-2025-38381} - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253905] {CVE-2025-38395} - iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes (Nicolin Chen) - Bluetooth: MGMT: mesh_send: check instances prior disabling advertising (Christian Eggers) - Bluetooth: MGMT: set_mesh: update LE scan interval and window (Christian Eggers) - Bluetooth: hci_sync: revert some mesh modifications (Christian Eggers) - Bluetooth: HCI: Set extended advertising data synchronously (Christian Eggers) - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (Avri Altman) - Revert "mmc: sdhci: Disable SD card clock before changing parameters" (Ulf Hansson) - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih) - net: libwx: fix the incorrect display of the queue number (Jiawen Wu) - vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253935] {CVE-2025-38403} - net: txgbe: request MISC IRQ in ndo_open (Jiawen Wu) - s390/pci: Do not try re-enabling load/store if device is disabled (Niklas Schnelle) - s390/pci: Fix stale function handles in error handling (Niklas Schnelle) - virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug: 38253832] {CVE-2025-38375} - virtio-net: xsk: rx: fix the frame's length check (Bui Quang Minh) [Orabug: 38253978] {CVE-2025-38413} - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (Mateusz Jo?czyk) - rtc: pcf2127: fix SPI command byte for PCF2131 (Elena Popa) - rtc: pcf2127: add missing semicolon after statement (Hugo Villeneuve) [6.12.0-103.36.1.el9uek] - rds: tcp: block BH in TCP callbacks (Eric Dumazet) [Orabug: 38233600] - mm: memcontrol: fix MM statistics during lruvec reparenting on MGLRU (Harry Yoo) [Orabug: 38002245] - memcg: add folio_memcg_charged() stub for !memcg (Kamalesh Babulal) [Orabug: 38002245] - mm: memcontrol: fix a build error on CONFIG_MEMCG=n (Harry Yoo) [Orabug: 38002245] - net/mlx5: Add poll-eq API to be used by ULP's (Praveen Kumar Kannoju) [Orabug: 38182399] - net/rds: poll eq during user-reset (Praveen Kumar Kannoju) [Orabug: 38189326] From el-errata at oss.oracle.com Tue Sep 9 11:58:51 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:51 -0700 Subject: [El-errata] ELBA-2025-20546 Oracle Linux 10 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20546 http://linux.oracle.com/errata/ELBA-2025-20546.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.42.el10.noarch.rpm iwl100-firmware-39.31.5.1-999.42.el10.noarch.rpm iwl105-firmware-18.168.6.1-999.42.el10.noarch.rpm iwl135-firmware-18.168.6.1-999.42.el10.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.el10.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.el10.noarch.rpm iwl3160-firmware-25.30.13.0-999.42.el10.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.el10.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.el10.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.el10.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.el10.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.el10.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.42.el10.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.42.el10.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.el10.noarch.rpm iwl7260-firmware-25.30.13.0-999.42.el10.noarch.rpm iwlax2xx-firmware-20250826-999.42.el10.noarch.rpm libertas-sd8686-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm libertas-sd8787-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm libertas-usb8388-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm libertas-usb8388-olpc-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm linux-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm linux-firmware-core-20250826-999.42.git356f06bf.el10.noarch.rpm linux-firmware-whence-20250826-999.42.git356f06bf.el10.noarch.rpm liquidio-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm netronome-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm aarch64: iwl1000-firmware-39.31.5.1-999.42.el10.noarch.rpm iwl100-firmware-39.31.5.1-999.42.el10.noarch.rpm iwl105-firmware-18.168.6.1-999.42.el10.noarch.rpm iwl135-firmware-18.168.6.1-999.42.el10.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.el10.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.el10.noarch.rpm iwl3160-firmware-25.30.13.0-999.42.el10.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.el10.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.el10.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.el10.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.el10.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.el10.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.42.el10.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.42.el10.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.el10.noarch.rpm iwl7260-firmware-25.30.13.0-999.42.el10.noarch.rpm iwlax2xx-firmware-20250826-999.42.el10.noarch.rpm libertas-sd8686-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm libertas-sd8787-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm libertas-usb8388-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm libertas-usb8388-olpc-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm linux-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm linux-firmware-core-20250826-999.42.git356f06bf.el10.noarch.rpm linux-firmware-whence-20250826-999.42.git356f06bf.el10.noarch.rpm liquidio-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm netronome-firmware-20250826-999.42.git356f06bf.el10.noarch.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/linux-firmware-20250826-999.42.git356f06bf.el10.src.rpm Description of changes: [20250826-999.42.git356f06bf.el10] - Handling downgrade issue for Nvidia firmware changes [Orabug: 38303112] [20250611-999.41.git356f06bf.el10] - Rebase to latest upstream and update the core list for UEK8 [Orabug: 38028345] [20250423-999.40.git32f3227b.el10] - Rebase to latest upstream [Orabug: 37868435] [20250319-999.39.git430633ec.el10] - Rebase to latest upstream [Orabug: 37729115] [20250203-999.38.git0fd450ee.el10] - Rebase to latest upstream [Orabug: 37535629] - Avoid showing microcode reload error if it's up to date [Orabug: 37387663] [20241213-999.36.git2cdfe09e.el10] - Rebase to latest upstream [Orabug: 37405529] [20241003-999.35.git95bfe086.el10] - Create rpms for OL10. [Orabug: 37331081] From el-errata at oss.oracle.com Tue Sep 9 11:58:52 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:52 -0700 Subject: [El-errata] ELBA-2025-9413 Oracle Linux 10 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-9413 http://linux.oracle.com/errata/ELBA-2025-9413.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.43.el10.noarch.rpm iwl100-firmware-39.31.5.1-999.43.el10.noarch.rpm iwl105-firmware-18.168.6.1-999.43.el10.noarch.rpm iwl135-firmware-18.168.6.1-999.43.el10.noarch.rpm iwl2000-firmware-18.168.6.1-999.43.el10.noarch.rpm iwl2030-firmware-18.168.6.1-999.43.el10.noarch.rpm iwl3160-firmware-25.30.13.0-999.43.el10.noarch.rpm iwl3945-firmware-15.32.2.9-999.43.el10.noarch.rpm iwl4965-firmware-228.61.2.24-999.43.el10.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.43.el10.noarch.rpm iwl5150-firmware-8.24.2.2-999.43.el10.noarch.rpm iwl6000-firmware-9.221.4.1-999.43.el10.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.43.el10.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.43.el10.noarch.rpm iwl6050-firmware-41.28.5.1-999.43.el10.noarch.rpm iwl7260-firmware-25.30.13.0-999.43.el10.noarch.rpm iwlax2xx-firmware-20250828-999.43.el10.noarch.rpm libertas-sd8686-firmware-20250828-999.43.git260ff424.el10.noarch.rpm libertas-sd8787-firmware-20250828-999.43.git260ff424.el10.noarch.rpm libertas-usb8388-firmware-20250828-999.43.git260ff424.el10.noarch.rpm libertas-usb8388-olpc-firmware-20250828-999.43.git260ff424.el10.noarch.rpm linux-firmware-20250828-999.43.git260ff424.el10.noarch.rpm linux-firmware-core-20250828-999.43.git260ff424.el10.noarch.rpm linux-firmware-whence-20250828-999.43.git260ff424.el10.noarch.rpm liquidio-firmware-20250828-999.43.git260ff424.el10.noarch.rpm netronome-firmware-20250828-999.43.git260ff424.el10.noarch.rpm aarch64: iwl1000-firmware-39.31.5.1-999.43.el10.noarch.rpm iwl100-firmware-39.31.5.1-999.43.el10.noarch.rpm iwl105-firmware-18.168.6.1-999.43.el10.noarch.rpm iwl135-firmware-18.168.6.1-999.43.el10.noarch.rpm iwl2000-firmware-18.168.6.1-999.43.el10.noarch.rpm iwl2030-firmware-18.168.6.1-999.43.el10.noarch.rpm iwl3160-firmware-25.30.13.0-999.43.el10.noarch.rpm iwl3945-firmware-15.32.2.9-999.43.el10.noarch.rpm iwl4965-firmware-228.61.2.24-999.43.el10.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.43.el10.noarch.rpm iwl5150-firmware-8.24.2.2-999.43.el10.noarch.rpm iwl6000-firmware-9.221.4.1-999.43.el10.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.43.el10.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.43.el10.noarch.rpm iwl6050-firmware-41.28.5.1-999.43.el10.noarch.rpm iwl7260-firmware-25.30.13.0-999.43.el10.noarch.rpm iwlax2xx-firmware-20250828-999.43.el10.noarch.rpm libertas-sd8686-firmware-20250828-999.43.git260ff424.el10.noarch.rpm libertas-sd8787-firmware-20250828-999.43.git260ff424.el10.noarch.rpm libertas-usb8388-firmware-20250828-999.43.git260ff424.el10.noarch.rpm libertas-usb8388-olpc-firmware-20250828-999.43.git260ff424.el10.noarch.rpm linux-firmware-20250828-999.43.git260ff424.el10.noarch.rpm linux-firmware-core-20250828-999.43.git260ff424.el10.noarch.rpm linux-firmware-whence-20250828-999.43.git260ff424.el10.noarch.rpm liquidio-firmware-20250828-999.43.git260ff424.el10.noarch.rpm netronome-firmware-20250828-999.43.git260ff424.el10.noarch.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/linux-firmware-20250828-999.43.git260ff424.el10.src.rpm Description of changes: [20250828-999.43.git260ff424.el10] - Rebase to latest upstream [Orabug: 38200684] - Solve conflicts caused by symbolic link changes [Orabug: 38206139] [20250826-999.42.git356f06bf.el10] - Handling downgrade issue for Nvidia firmware changes [Orabug: 38303112] [20250611-999.41.git356f06bf.el10] - Rebase to latest upstream and update the core list for UEK8 [Orabug: 38028345] [20250423-999.40.git32f3227b.el10] - Rebase to latest upstream [Orabug: 37868435] [20250319-999.39.git430633ec.el10] - Rebase to latest upstream [Orabug: 37729115] [20250203-999.38.git0fd450ee.el10] - Rebase to latest upstream [Orabug: 37535629] - Avoid showing microcode reload error if it's up to date [Orabug: 37387663] [20241213-999.36.git2cdfe09e.el10] - Rebase to latest upstream [Orabug: 37405529] [20241003-999.35.git95bfe086.el10] - Create rpms for OL10. [Orabug: 37331081] From el-errata at oss.oracle.com Tue Sep 9 11:58:59 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 09 Sep 2025 04:58:59 -0700 Subject: [El-errata] ELSA-2025-20551 Important: Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20551 http://linux.oracle.com/errata/ELSA-2025-20551.html The following updated rpms for have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-core-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-devel-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-doc-6.12.0-103.40.4.1.el10uek.noarch.rpm kernel-uek-modules-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-modules-core-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-modules-deprecated-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-modules-desktop-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-modules-extra-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-modules-extra-netfilter-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-modules-usb-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-modules-wireless-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-tools-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-debug-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-debug-core-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-debug-devel-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-debug-modules-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-debug-modules-core-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-debug-modules-deprecated-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-debug-modules-desktop-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-debug-modules-extra-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-debug-modules-usb-6.12.0-103.40.4.1.el10uek.x86_64.rpm kernel-uek-debug-modules-wireless-6.12.0-103.40.4.1.el10uek.x86_64.rpm aarch64: kernel-uek-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-core-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-devel-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-modules-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-modules-core-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-modules-deprecated-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-modules-desktop-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-modules-extra-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-modules-extra-netfilter-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-modules-usb-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-modules-wireless-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-tools-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-debug-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-debug-core-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-debug-devel-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-debug-modules-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-debug-modules-core-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-debug-modules-deprecated-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-debug-modules-desktop-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-debug-modules-extra-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-debug-modules-usb-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek-debug-modules-wireless-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek64k-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek64k-core-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek64k-devel-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek64k-modules-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek64k-modules-core-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek64k-modules-deprecated-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek64k-modules-desktop-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek64k-modules-extra-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek64k-modules-extra-netfilter-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek64k-modules-usb-6.12.0-103.40.4.1.el10uek.aarch64.rpm kernel-uek64k-modules-wireless-6.12.0-103.40.4.1.el10uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/kernel-uek-6.12.0-103.40.4.1.el10uek.src.rpm Related CVEs: CVE-2024-36350 CVE-2024-36357 CVE-2024-49929 CVE-2024-57976 CVE-2024-58091 CVE-2025-21879 CVE-2025-21942 CVE-2025-22101 CVE-2025-22112 CVE-2025-22115 CVE-2025-22119 CVE-2025-22128 CVE-2025-23137 CVE-2025-23155 CVE-2025-37842 CVE-2025-37984 CVE-2025-38067 CVE-2025-38083 CVE-2025-38084 CVE-2025-38085 CVE-2025-38086 CVE-2025-38087 CVE-2025-38088 CVE-2025-38090 CVE-2025-38091 CVE-2025-38092 CVE-2025-38093 CVE-2025-38094 CVE-2025-38095 CVE-2025-38096 CVE-2025-38097 CVE-2025-38098 CVE-2025-38099 CVE-2025-38100 CVE-2025-38101 CVE-2025-38102 CVE-2025-38103 CVE-2025-38104 CVE-2025-38106 CVE-2025-38107 CVE-2025-38108 CVE-2025-38109 CVE-2025-38110 CVE-2025-38111 CVE-2025-38112 CVE-2025-38113 CVE-2025-38115 CVE-2025-38117 CVE-2025-38118 CVE-2025-38119 CVE-2025-38120 CVE-2025-38122 CVE-2025-38123 CVE-2025-38124 CVE-2025-38125 CVE-2025-38126 CVE-2025-38127 CVE-2025-38129 CVE-2025-38131 CVE-2025-38134 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38139 CVE-2025-38141 CVE-2025-38142 CVE-2025-38143 CVE-2025-38145 CVE-2025-38146 CVE-2025-38147 CVE-2025-38148 CVE-2025-38149 CVE-2025-38151 CVE-2025-38153 CVE-2025-38154 CVE-2025-38155 CVE-2025-38156 CVE-2025-38157 CVE-2025-38158 CVE-2025-38159 CVE-2025-38160 CVE-2025-38161 CVE-2025-38162 CVE-2025-38163 CVE-2025-38164 CVE-2025-38165 CVE-2025-38166 CVE-2025-38167 CVE-2025-38168 CVE-2025-38169 CVE-2025-38170 CVE-2025-38172 CVE-2025-38173 CVE-2025-38174 CVE-2025-38177 CVE-2025-38179 CVE-2025-38180 CVE-2025-38181 CVE-2025-38182 CVE-2025-38183 CVE-2025-38184 CVE-2025-38185 CVE-2025-38186 CVE-2025-38188 CVE-2025-38189 CVE-2025-38190 CVE-2025-38191 CVE-2025-38192 CVE-2025-38193 CVE-2025-38194 CVE-2025-38195 CVE-2025-38197 CVE-2025-38198 CVE-2025-38200 CVE-2025-38201 CVE-2025-38202 CVE-2025-38208 CVE-2025-38210 CVE-2025-38211 CVE-2025-38212 CVE-2025-38214 CVE-2025-38215 CVE-2025-38216 CVE-2025-38217 CVE-2025-38218 CVE-2025-38219 CVE-2025-38220 CVE-2025-38222 CVE-2025-38223 CVE-2025-38224 CVE-2025-38225 CVE-2025-38226 CVE-2025-38227 CVE-2025-38228 CVE-2025-38229 CVE-2025-38230 CVE-2025-38231 CVE-2025-38232 CVE-2025-38236 CVE-2025-38238 CVE-2025-38239 CVE-2025-38242 CVE-2025-38243 CVE-2025-38244 CVE-2025-38245 CVE-2025-38246 CVE-2025-38249 CVE-2025-38250 CVE-2025-38251 CVE-2025-38253 CVE-2025-38255 CVE-2025-38256 CVE-2025-38257 CVE-2025-38258 CVE-2025-38259 CVE-2025-38260 CVE-2025-38262 CVE-2025-38263 CVE-2025-38264 CVE-2025-38265 CVE-2025-38267 CVE-2025-38268 CVE-2025-38269 CVE-2025-38270 CVE-2025-38273 CVE-2025-38274 CVE-2025-38275 CVE-2025-38277 CVE-2025-38278 CVE-2025-38279 CVE-2025-38280 CVE-2025-38282 CVE-2025-38283 CVE-2025-38285 CVE-2025-38286 CVE-2025-38288 CVE-2025-38289 CVE-2025-38290 CVE-2025-38292 CVE-2025-38293 CVE-2025-38295 CVE-2025-38297 CVE-2025-38298 CVE-2025-38299 CVE-2025-38300 CVE-2025-38301 CVE-2025-38302 CVE-2025-38303 CVE-2025-38304 CVE-2025-38305 CVE-2025-38307 CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38315 CVE-2025-38317 CVE-2025-38318 CVE-2025-38319 CVE-2025-38320 CVE-2025-38321 CVE-2025-38323 CVE-2025-38324 CVE-2025-38325 CVE-2025-38326 CVE-2025-38328 CVE-2025-38331 CVE-2025-38332 CVE-2025-38333 CVE-2025-38334 CVE-2025-38336 CVE-2025-38337 CVE-2025-38338 CVE-2025-38341 CVE-2025-38342 CVE-2025-38343 CVE-2025-38344 CVE-2025-38345 CVE-2025-38346 CVE-2025-38347 CVE-2025-38348 CVE-2025-38349 CVE-2025-38350 CVE-2025-38352 CVE-2025-38353 CVE-2025-38354 CVE-2025-38355 CVE-2025-38356 CVE-2025-38360 CVE-2025-38361 CVE-2025-38362 CVE-2025-38363 CVE-2025-38364 CVE-2025-38365 CVE-2025-38368 CVE-2025-38369 CVE-2025-38371 CVE-2025-38372 CVE-2025-38373 CVE-2025-38374 CVE-2025-38375 CVE-2025-38376 CVE-2025-38377 CVE-2025-38379 CVE-2025-38380 CVE-2025-38381 CVE-2025-38382 CVE-2025-38383 CVE-2025-38384 CVE-2025-38385 CVE-2025-38386 CVE-2025-38387 CVE-2025-38388 CVE-2025-38389 CVE-2025-38390 CVE-2025-38391 CVE-2025-38392 CVE-2025-38393 CVE-2025-38395 CVE-2025-38396 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38402 CVE-2025-38403 CVE-2025-38404 CVE-2025-38405 CVE-2025-38406 CVE-2025-38407 CVE-2025-38408 CVE-2025-38409 CVE-2025-38410 CVE-2025-38412 CVE-2025-38413 CVE-2025-38414 CVE-2025-38415 CVE-2025-38416 CVE-2025-38417 CVE-2025-38418 CVE-2025-38419 CVE-2025-38420 CVE-2025-38422 CVE-2025-38423 CVE-2025-38424 CVE-2025-38425 CVE-2025-38427 CVE-2025-38428 CVE-2025-38429 CVE-2025-38430 CVE-2025-38436 CVE-2025-38437 CVE-2025-38438 CVE-2025-38439 CVE-2025-38440 CVE-2025-38441 CVE-2025-38443 CVE-2025-38444 CVE-2025-38445 CVE-2025-38446 CVE-2025-38448 CVE-2025-38449 CVE-2025-38450 CVE-2025-38451 CVE-2025-38452 CVE-2025-38454 CVE-2025-38455 CVE-2025-38456 CVE-2025-38457 CVE-2025-38458 CVE-2025-38459 CVE-2025-38460 CVE-2025-38461 CVE-2025-38462 CVE-2025-38463 CVE-2025-38464 CVE-2025-38465 CVE-2025-38466 CVE-2025-38467 CVE-2025-38468 CVE-2025-38469 CVE-2025-38470 CVE-2025-38471 CVE-2025-38472 CVE-2025-38473 CVE-2025-38474 CVE-2025-38475 CVE-2025-38476 CVE-2025-38477 CVE-2025-38478 CVE-2025-38480 CVE-2025-38481 CVE-2025-38482 CVE-2025-38483 CVE-2025-38484 CVE-2025-38485 CVE-2025-38488 CVE-2025-38489 CVE-2025-38490 CVE-2025-38491 CVE-2025-38493 CVE-2025-38494 CVE-2025-38495 CVE-2025-38496 CVE-2025-38497 CVE-2025-38498 CVE-2025-38499 CVE-2025-38503 CVE-2025-38505 CVE-2025-38506 CVE-2025-38507 CVE-2025-38510 CVE-2025-38511 CVE-2025-38512 CVE-2025-38513 CVE-2025-38514 CVE-2025-38515 CVE-2025-38516 CVE-2025-38517 CVE-2025-38520 CVE-2025-38521 CVE-2025-38523 CVE-2025-38524 CVE-2025-38526 CVE-2025-38527 CVE-2025-38528 CVE-2025-38529 CVE-2025-38530 CVE-2025-38531 CVE-2025-38532 CVE-2025-38533 CVE-2025-38535 CVE-2025-38537 CVE-2025-38538 CVE-2025-38539 CVE-2025-38540 CVE-2025-38541 CVE-2025-38542 CVE-2025-38543 CVE-2025-38544 CVE-2025-38545 CVE-2025-38546 CVE-2025-38547 CVE-2025-38548 CVE-2025-38549 CVE-2025-38550 CVE-2025-38551 CVE-2025-38552 Description of changes: [6.12.0-103.40.4.1.el10uek] - netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38361037] [6.12.0-103.40.4.el10uek] - rds: Fix NULL ptr deref in xas_start (H?kon Bugge) [Orabug: 38169301] - KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38325898] [6.12.0-103.40.3.el10uek] - enic: get max rq & wq entries supported by hw, 16K queues (Satish Kharat) [Orabug: 38058289] - enic: cleanup of enic wq request completion path (Satish Kharat) [Orabug: 38058289] - enic: added enic_wq.c and enic_wq.h (Satish Kharat) [Orabug: 38058289] - enic: remove unused function cq_enet_wq_desc_dec (Satish Kharat) [Orabug: 38058289] - enic: enable rq extended cq support (Satish Kharat) [Orabug: 38058289] - enic: enic rq extended cq defines (Satish Kharat) [Orabug: 38058289] - enic: enic rq code reorg (Satish Kharat) [Orabug: 38058289] - enic: Move function from header file to c file (Satish Kharat) [Orabug: 38058289] - enic: add dependency on Page Pool (John Daley) [Orabug: 38058289] - enic: remove copybreak tunable (John Daley) [Orabug: 38058289] - enic: Use the Page Pool API for RX (John Daley) [Orabug: 38058289] - enic: Simplify RX handler function (John Daley) [Orabug: 38058289] - enic: Move RX functions to their own file (John Daley) [Orabug: 38058289] - enic: Fix typo in comment in table indexed by link speed (John Daley) [Orabug: 38058289] - enic: Obtain the Link speed only after the link comes up (John Daley) [Orabug: 38058289] - enic: Move RX coalescing set function (John Daley) [Orabug: 38058289] - enic: Move kdump check into enic_adjust_resources() (Nelson Escobar) [Orabug: 38058289] - enic: Move enic resource adjustments to separate function (Nelson Escobar) [Orabug: 38058289] - enic: Adjust used MSI-X wq/rq/cq/interrupt resources in a more robust way (Nelson Escobar) [Orabug: 38058289] - enic: Allocate arrays in enic struct based on VIC config (Nelson Escobar) [Orabug: 38058289] - enic: Save resource counts we read from HW (Nelson Escobar) [Orabug: 38058289] - enic: Make MSI-X I/O interrupts come after the other required ones (Nelson Escobar) [Orabug: 38058289] - enic: Create enic_wq/rq structures to bundle per wq/rq data (Nelson Escobar) [Orabug: 38058289] - RDMA/mlx5: Fix HW counters query for non-representor devices (Patrisious Haddad) [Orabug: 38161799] - RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad) [Orabug: 38161799] - Revert "RDMA/mlx5: Fix CC counters query for MPV" (Qing Huang) [Orabug: 38161799] - block: use chunk_sectors when evaluating stacked atomic write limits (John Garry) [Orabug: 38279050] - dm-stripe: limit chunk_sectors to the stripe size (John Garry) [Orabug: 38279050] - md/raid10: set chunk_sectors limit (John Garry) [Orabug: 38279050] - md/raid0: set chunk_sectors limit (John Garry) [Orabug: 38279050] - block: sanitize chunk_sectors for atomic write limits (John Garry) [Orabug: 38279050] - ilog2: add max_pow_of_two_factor() (John Garry) [Orabug: 38279050] - net/mlx5: E-Switch, Fix switching to switchdev mode in MPV (Patrisious Haddad) [Orabug: 38281424] - net/mlx5: E-Switch, Fix switching to switchdev mode with IB device disabled (Patrisious Haddad) [Orabug: 38281424] - net/mlx5: E-switch, refactor eswitch mode change (Patrisious Haddad) [Orabug: 38281424] [6.12.0-103.40.2.el10uek] - arm64: sysreg: Drag linux/kconfig.h to work around vdso build issue (Marc Zyngier) [Orabug: 38194015] - arm64: errata: Work around AmpereOne's erratum AC04_CPU_23 (D Scott Phillips) [Orabug: 38194015] - scsi: fnic: Set appropriate logging level for log message (Karan Tilak Kumar) [Orabug: 38226429] - scsi: fnic: Add and improve logs in FDMI and FDMI ABTS paths (Karan Tilak Kumar) [Orabug: 38226429] - scsi: fnic: Turn off FDMI ACTIVE flags on link down (Karan Tilak Kumar) [Orabug: 38226429] - scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (Karan Tilak Kumar) [Orabug: 38175020,38226429] {CVE-2025-38238} - fnic: treewide: Switch/rename to timer_delete[_sync]() (Thomas Gleixner) [Orabug: 38226429] - LTS version: v6.12.40 (Jack Vogel) - KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls (Manuel Andreas) [Orabug: 38254220] {CVE-2025-38469} - iommu/vt-d: Fix misplaced domain_attached assignment (Bbaa) - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data (Stefan Metzmacher) - drm/xe: Move page fault init after topology init (Matthew Brost) - drm/xe/mocs: Initialize MOCS index early (Balasubramani Vivekanandan) - sched,freezer: Remove unnecessary warning in __thaw_task (Chen Ridong) - i2c: omap: fix deprecated of_property_read_bool() use (Johan Hovold) - i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (Christophe Jaillet) - i2c: omap: Fix an error handling path in omap_i2c_probe() (Christophe Jaillet) - i2c: omap: Add support for setting mux (Jayesh Choudhary) - selftests/bpf: Set test path for token/obj_priv_implicit_token_envvar (Ihor Solodrai) - rust: use #[used(compiler)] to fix build and modpost with Rust >= 1.89.0 (Miguel Ojeda) - net: libwx: fix multicast packets received count (Jiawen Wu) - usb: dwc3: qcom: Don't leave BCR asserted (Krishna Kurapati) - usb: hub: Don't try to recover devices lost during warm reset. (Mathias Nyman) - usb: hub: Fix flushing of delayed work used for post resume purposes (Mathias Nyman) - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (Mathias Nyman) - usb: hub: fix detection of high tier USB3 devices behind suspended hubs (Mathias Nyman) - btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (Boris Burkov) [Orabug: 37844509] {CVE-2025-22115} - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38310005] {CVE-2025-38499} - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (Breno Leitao) [Orabug: 38324320] {CVE-2025-38549} - libbpf: Fix handling of BPF arena relocations (Andrii Nakryiko) - drm/mediatek: only announce AFBC if really supported (Icenowy Zheng) - drm/mediatek: Add wait_event_timeout when disabling plane (Jason-JH Lin) - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" (Chen Ridong) - rxrpc: Fix transmission of an abort in response to an abort (David Howells) - rxrpc: Fix recv-recv race of completed call (David Howells) [Orabug: 38324205] {CVE-2025-38524} - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (William Liu) [Orabug: 38254212] {CVE-2025-38468} - net: bridge: Do not offload IGMP/MLD messages (Joseph Huang) - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (Dong Chenchen) [Orabug: 38254223] {CVE-2025-38470} - tls: always refresh the queue when reading sock (Jakub Kicinski) [Orabug: 38254232] {CVE-2025-38471} - virtio-net: fix recursived rtnl_lock() during probe() (Zigit Zo) [Orabug: 38324329] {CVE-2025-38551} - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (Li Tian) - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (Luiz Augusto von Dentz) - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (Michal Wajdeczko) - drm/xe/pf: Move VFs reprovisioning to worker (Michal Wajdeczko) - drm/xe/pf: Sanitize VF scratch registers on FLR (Michal Wajdeczko) - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (Florian Westphal) [Orabug: 38254235] {CVE-2025-38472} - net: fix segmentation after TCP/UDP fraglist GRO (Felix Fietkau) - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (Yue Haibing) [Orabug: 38324325] {CVE-2025-38550} - net/mlx5: Correctly set gso_size when LRO is used (Christoph Paasch) - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (Zijun Hu) - Bluetooth: hci_core: add missing braces when using macro parameters (Christian Eggers) - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (Luiz Augusto von Dentz) - Bluetooth: SMP: If an unallowed command is received consider it a failure (Luiz Augusto von Dentz) - Bluetooth: hci_sync: fix connectable extended advertising when using static random address (Alessandro Gasbarroni) - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (Kuniyuki Iwashima) [Orabug: 38254239] {CVE-2025-38473} - riscv: traps_misaligned: properly sign extend value in misaligned load handler (Andreas Schwab) - riscv: Enable interrupt during exception handling (Nam Cao) - loop: use kiocb helpers to fix lockdep warning (Ming Lei) - usb: net: sierra: check for no status endpoint (Oliver Neukum) [Orabug: 38254247] {CVE-2025-38474} - ice: check correct pointer in fwlog debugfs (Michal Swiatkowski) - ice: add NULL check in eswitch lag check (Dave Ertman) [Orabug: 38324213] {CVE-2025-38526} - hwmon: (corsair-cpro) Validate the size of the received input buffer (Marius Zachmann) [Orabug: 38324317] {CVE-2025-38548} - selftests: net: increase inter-packet timeout in udpgro.sh (Paolo Abeni) - can: tcan4x5x: fix reset gpio usage during probe (Brett Werling) - can: tcan4x5x: add option for selecting nWKRQ voltage (Sean Nyekjaer) - wifi: cfg80211: remove scan request n_channels counted_by (Johannes Berg) - nvmet-tcp: fix callback lock for TLS handshake (Maurizio Lombardi) - nvme: fix misaccounting of nvme-mpath inflight I/O (Yu Kuai) - net: phy: Don't register LEDs for genphy (Sean Anderson) [Orabug: 38324260] {CVE-2025-38537} - smc: Fix various oops due to inet_sock type confusion. (Kuniyuki Iwashima) [Orabug: 38254256] {CVE-2025-38475} - nvme: fix endianness of command word prints in nvme_log_err_passthru() (John Garry) - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (Zheng Qixing) - fix a leak in fcntl_dirnotify() (Al Viro) - smb: client: fix use-after-free in cifs_oplock_break (Wang Zhaolong) [Orabug: 38324216] {CVE-2025-38527} - rpl: Fix use-after-free in rpl_do_srh_inline(). (Kuniyuki Iwashima) [Orabug: 38254259] {CVE-2025-38476} - net/sched: sch_qfq: Fix race condition on qfq_aggregate (Xiang Mei) [Orabug: 38254264] {CVE-2025-38477} - block: fix kobject leak in blk_unregister_queue (Ming Lei) - net: emaclite: Fix missing pointer increment in aligned_read() (Alok Tiwari) - cachefiles: Fix the incorrect return value in __cachefiles_write() (Zizhi Wo) - selftests/sched_ext: Fix exit selftest hang on UP (Andrea Righi) - bpf: Reject %p% format string in bprintf-like helpers (Paul Chaignon) [Orabug: 38324225] {CVE-2025-38528} - arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (Richard Zhu) - soundwire: amd: fix for clearing command status register (Vijendar Mukunda) - soundwire: amd: fix for handling slave alerts after link is down (Vijendar Mukunda) - arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (Andy Yan) - arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (Andy Yan) - comedi: Fix initialization of data for instructions that write to subdevice (Ian Abbott) [Orabug: 38254270] {CVE-2025-38478} - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (Ian Abbott) [Orabug: 38254276] {CVE-2025-38480} - comedi: Fix some signed shift left operations (Ian Abbott) - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (Ian Abbott) [Orabug: 38254283] {CVE-2025-38481} - comedi: das6402: Fix bit shift out of bounds (Ian Abbott) [Orabug: 38254291] {CVE-2025-38482} - comedi: das16m1: Fix bit shift out of bounds (Ian Abbott) [Orabug: 38254299] {CVE-2025-38483} - comedi: aio_iiro_16: Fix bit shift out of bounds (Ian Abbott) [Orabug: 38324229] {CVE-2025-38529} - comedi: pcl812: Fix bit shift out of bounds (Ian Abbott) [Orabug: 38324236] {CVE-2025-38530} - iio: common: st_sensors: Fix use of uninitialize device structs (Maud Spierings) [Orabug: 38324242] {CVE-2025-38531} - iio: backend: fix out-of-bound write (Markus Burri) [Orabug: 38254383] {CVE-2025-38484} - iio: adc: stm32-adc: Fix race in installing chained IRQ handler (Chen Ni) - iio: adc: max1363: Reorder mode_list[] entries (Fabio Estevam) - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (Fabio Estevam) - iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps (Chen-Yu Tsai) [Orabug: 38324314] {CVE-2025-38547} - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (Sean Nyekjaer) [Orabug: 38254306] {CVE-2025-38485} - soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled (Andrew Jeffery) - soc: aspeed: lpc-snoop: Cleanup resources in stack-order (Andrew Jeffery) - smb: client: fix use-after-free in crypt_message when using async crypto (Wang Zhaolong) [Orabug: 38254322] {CVE-2025-38488} - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (Ilya Leoshkevich) [Orabug: 38254325] {CVE-2025-38489} - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov (Maulik Shah) - net: libwx: properly reset Rx ring descriptor (Jiawen Wu) [Orabug: 38324251] {CVE-2025-38532} - net: libwx: fix the using of Rx buffer DMA (Jiawen Wu) [Orabug: 38324253] {CVE-2025-38533} - net: libwx: remove duplicate page_pool_put_full_page() (Jiawen Wu) [Orabug: 38254327] {CVE-2025-38490} - net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback (Markus Bl?chl) - mmc: sdhci_am654: Workaround for Errata i2312 (Judith Mendez) - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (Edson Juliano Drosdeck) - mmc: bcm2835: Fix dma_unmap_sg() nents value (Thomas Fourier) - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (Nathan Chancellor) - isofs: Verify inode mode when loading from disk (Jan Kara) - dmaengine: nbpfaxi: Fix memory corruption in probe() (Dan Carpenter) [Orabug: 38324262] {CVE-2025-38538} - cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y (Daniel Lezcano) - Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type (Luiz Augusto von Dentz) - af_packet: fix soft lockup issue caused by tpacket_snd() (Yun Lu) - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (Yun Lu) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (Jakob Unterwurzacher) - arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (Tim Harvey) - arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (Tim Harvey) - arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (Tim Harvey) - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (Francesco Dolcini) - arm64: dts: add big-endian property back into watchdog node (Meng Li) - arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (Tim Harvey) - net/mlx5: Update the list of the PCI supported devices (Maor Gottlieb) - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() (Nathan Chancellor) - mptcp: reset fallback status gracefully at disconnect() time (Paolo Abeni) - mptcp: plug races between subflow fail and subflow creation (Paolo Abeni) [Orabug: 38324332] {CVE-2025-38552} - mptcp: make fallback action and fallback decision atomic (Paolo Abeni) [Orabug: 38254329] {CVE-2025-38491} - io_uring/poll: fix POLLERR handling (Pavel Begunkov) - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (Takashi Iwai) - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (Edip Hazuri) - drm/amd/display: Free memory allocation (Clayton King) - drm/amd/display: Disable CRTC degamma LUT for DCN401 (Melissa Wen) - drm/amdgpu: Increase reset counter only on success (Lijo Lazar) - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (Eeli Haapalainen) - objtool/rust: add one more noreturn Rust function for Rust 1.89.0 (Miguel Ojeda) - tracing/osnoise: Fix crash in timerlat_dump_stack() (Tomas Glozar) [Orabug: 38254335] {CVE-2025-38493} - tracing: Add down_write(trace_event_sem) when adding trace event (Steven Rostedt) [Orabug: 38324268] {CVE-2025-38539} - tracing/probes: Avoid using params uninitialized in parse_btf_arg() (Nathan Chancellor) - HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254338] {CVE-2025-38494} - HID: core: ensure __hid_request reserves the report ID as the first byte (Benjamin Tissoires) - HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254346] {CVE-2025-38495} - dm-bufio: fix sched in atomic context (Sheng Yong) [Orabug: 38254353] {CVE-2025-38496} - spi: Add check for 8-bit transfer with 8 IO mode support (Cheng Ming Lin) - pch_uart: Fix dma_sync_sg_for_device() nents value (Thomas Fourier) - Input: xpad - set correct controller type for Acer NGR200 (Nilton Perim Neto) - nvmem: layouts: u-boot-env: remove crc32 endianness conversion (Michael C. Pratt) - nvmem: imx-ocotp: fix MAC address byte length (Steffen B?tz) - Revert "staging: vchiq_arm: Create keep-alive thread during probe" (Stefan Wahren) - thunderbolt: Fix bit masking in tb_dp_port_set_hops() (Alok Tiwari) - thunderbolt: Fix wake on connect at runtime (Mario Limonciello) - i2c: stm32f7: unmap DMA mapped buffer (Cl?ment Le Goffic) - i2c: stm32: fix the device used for the DMA map (Cl?ment Le Goffic) - usb: gadget: configfs: Fix OOB read on empty string write (Xinyu Liu) [Orabug: 38254356] {CVE-2025-38497} - usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY (Minas Harutyunyan) - usb: musb: fix gadget state on disconnect (Drew Hamilton) - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (Ryan Mann) - USB: serial: option: add Foxconn T99W640 (Slark Xiao) - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (Fabio Porcedda) - phy: tegra: xusb: Disable periodic tracking on Tegra234 (Haotien Hsu) - phy: tegra: xusb: Decouple CYA_TRK_CODE_UPDATE_ON_IDLE from trk_hw_mode (Wayne Chang) - phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (Wayne Chang) [Orabug: 38324256] {CVE-2025-38535} - LTS version: v6.12.39 (Jack Vogel) - KVM: SVM: Set synthesized TSA CPUID flags (Borislav Petkov) - rseq: Fix segfault on registration when rseq_cs is non-zero (Michael Jeanson) [Orabug: 38095070] {CVE-2025-38067} - crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (Lukas Wunner) [Orabug: 37977089] {CVE-2025-37984} - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (Mark Brown) - ksmbd: fix potential use-after-free in oplock/lease break ack (Namjae Jeon) [Orabug: 38254080] {CVE-2025-38437} - kasan: remove kasan_find_vm_area() to prevent possible deadlock (Levi Yun) [Orabug: 38324146] {CVE-2025-38510} - net: wangxun: revert the adjustment of the IRQ vector sequence (Jiawen Wu) - erofs: fix rare pcluster memory leak after unmounting (Gao Xiang) - selftests/bpf: adapt one more case in test_lru_map to the new target_free (Willem de Bruijn) - HID: nintendo: avoid bluetooth suspend/resume stalls (Daniel J. Ogorchock) [Orabug: 38324137] {CVE-2025-38507} - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324277] {CVE-2025-38540} - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (Zhang Heng) - riscv: vdso: Exclude .rodata from the PT_DYNAMIC segment (Fangrui Song) - bpf: Adjust free target to avoid global starvation of LRU map (Willem de Bruijn) - vt: add missing notification when switching back to text mode (Nicolas Pitre) - btrfs: fix assertion when building free space tree (Filipe Manana) [Orabug: 38324119] {CVE-2025-38503} - net: mana: Record doorbell physical address in PF mode (Long Li) - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (Akira Inoue) - driver: bluetooth: hci_qca:fix unable to load the BT driver (Shuai Zhang) - net: usb: qmi_wwan: add SIMCom 8230C composition (Xiaowei Li) - ALSA: hda/realtek: Add quirks for some Clevo laptops (Tim Crawford) - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (Yasmin Fitzgerald) - ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (Yuzuru) - io_uring: make fallocate be hashed work (Fengnan Chang) - ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 (Takashi Iwai) - ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. (Tamura Dai) [Orabug: 38254084] {CVE-2025-38438} - um: vector: Reduce stack usage in vector_eth_configure() (Tiwei Bie) - atm: idt77252: Add missing dma_map_error() (Thomas Fourier) - ublk: sanity check add_dev input for underflow (Ronnie Sahlberg) - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254088] {CVE-2025-38439} - bnxt_en: Fix DCB ETS validation (Shravya Kn) - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() (Alok Tiwari) - net/mlx5e: Add new prio for promiscuous mode (Jianbo Liu) - net/mlx5e: Fix race between DIM disable and net_dim() (Carolina Jubran) [Orabug: 38254092] {CVE-2025-38440} - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (Sean Nyekjaer) - drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() (Shuicheng Lin) - selftests: net: lib: fix shift count out of range (Hangbin Liu) - selftests: net: lib: Move logging from forwarding/lib.sh here (Petr Machata) - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (Oleksij Rempel) - net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits (Oleksij Rempel) - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (Mingming Cao) - net: appletalk: Fix device refcount leak in atrtr_create() (Kito Xu) [Orabug: 38324288] {CVE-2025-38542} - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (Eric Dumazet) [Orabug: 38254094] {CVE-2025-38441} - erofs: fix to add missing tracepoint in erofs_readahead() (Chao Yu) - erofs: refine readahead tracepoint (Gao Xiang) - erofs: tidy up zdata.c (Gao Xiang) - erofs: get rid of z_erofs_next_pcluster_t (Gao Xiang) - erofs: free pclusters if no cached folio is attached (Chunhai Guo) - drm/xe/pf: Clear all LMTT pages on alloc (Michal Wajdeczko) [Orabug: 38324148] {CVE-2025-38511} - nbd: fix uaf in nbd_genl_connect() error path (Zheng Qixing) [Orabug: 38254100] {CVE-2025-38443} - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (Henry Martin) [Orabug: 38324286] {CVE-2025-38541} - drm/nouveau/gsp: fix potential leak of memory used during acpi init (Ben Skeggs) - wifi: rt2x00: fix remove callback type mismatch (Felix Fietkau) - wifi: mac80211: fix non-transmitted BSSID profile search (Johannes Berg) - wifi: mac80211: correctly identify S1G short beacon (Lachlan Hodges) - raid10: cleanup memleak at raid10_make_request (Nigel Croxon) [Orabug: 38254103] {CVE-2025-38444} - md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254107] {CVE-2025-38445} - drm/tegra: nvdec: Fix dma_alloc_coherent error check (Mikko Perttunen) [Orabug: 38324294] {CVE-2025-38543} - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug: 38324159] {CVE-2025-38513} - wifi: cfg80211: fix S1G beacon head validation in nl80211 (Lachlan Hodges) - netfs: Fix ref leak on inserted extra subreq in write retry (David Howells) - netlink: make sure we allow at least one dump skb (Jakub Kicinski) - netlink: Fix rmem check in netlink_broadcast_deliver(). (Kuniyuki Iwashima) - ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count (Peter Ujfalusi) - erofs: address D-cache aliasing (Gao Xiang) - erofs: fix to add missing tracepoint in erofs_read_folio() (Chao Yu) - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() (Al Viro) - smb: server: make use of rdma_destroy_qp() (Stefan Metzmacher) - clk: scmi: Handle case where child clocks are initialized before their parents (Sascha Hauer) - x86/mm: Disable hugetlb page table sharing on 32-bit (Jann Horn) - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (Mikhail Paulyshka) - clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data (Xiaolei Wang) [Orabug: 38254112] {CVE-2025-38446} - rust: init: allow dead_code warnings for Rust >= 1.89.0 (Miguel Ojeda) - lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() (Harry Yoo) [Orabug: 38324192] {CVE-2025-38517} - mm/vmalloc: leave lazy MMU mode on PTE mapping error (Alexander Gordeev) - scripts/gdb: fix interrupts.py after maple tree conversion (Florian Fainelli) - scripts/gdb: de-reference per-CPU MCE interrupts (Florian Fainelli) - scripts/gdb: fix interrupts display after MCP on x86 (Florian Fainelli) - mm: fix the inaccurate memory statistics issue for users (Baolin Wang) - maple_tree: fix mt_destroy_walk() on root leaf node (Wei Yang) - kallsyms: fix build without execinfo (Achill Gilgenast) - Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" (Zhe Qiao) - Revert "ACPI: battery: negate current when discharging" (Rafael J. Wysocki) - drm/xe: Allocate PF queue size on pow2 boundary (Matthew Brost) - drm/framebuffer: Acquire internal references on GEM handles (Thomas Zimmermann) - Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" (Kuen-Han Tsai) - usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254116] {CVE-2025-38448} - Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" (Matthew Brost) - drm/xe/bmg: fix compressed VRAM handling (Matthew Auld) - drm/gem: Fix race in drm_gem_handle_create_tail() (Simona Vetter) - drm/ttm: fix error handling in ttm_buffer_object_transfer (Christian K?nig) - drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324178] {CVE-2025-38515} - drm/gem: Acquire references on GEM handles for framebuffers (Thomas Zimmermann) [Orabug: 38254122] {CVE-2025-38449} - drm/amdkfd: Don't call mmput from MMU notifier callback (Philip Yang) [Orabug: 38324196] {CVE-2025-38520} - drm/imagination: Fix kernel crash when hard resetting the GPU (Alessio Belle) [Orabug: 38324199] {CVE-2025-38521} - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (Michael Lo) - wifi: mt76: mt7925: fix the wrong config for tx interrupt (Ming Yen Hsieh) - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() (Deren Wu) [Orabug: 38254130] {CVE-2025-38450} - wifi: mt76: mt7921: prevent decap offload config before STA initialization (Deren Wu) - wifi: mwifiex: discard erroneous disassoc frames on STA interface (Vitor Soares) [Orabug: 38324132] {CVE-2025-38505} - wifi: prevent A-MSDU attacks in mesh networks (Mathy Vanhoef) [Orabug: 38324151] {CVE-2025-38512} - pwm: mediatek: Ensure to disable clocks in error path (Uwe Kleine-K?nig) - pwm: Fix invalid state detection (Uwe Kleine-K?nig) - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324184] {CVE-2025-38516} - net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() (Haoxiang Li) [Orabug: 38254133] {CVE-2025-38452} - gre: Fix IPv6 multicast route creation. (Guillaume Nault) - ASoC: fsl_sai: Force a software reset when starting in consumer mode (Arun Raghavan) - ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() (Thorsten Blum) [Orabug: 38254137] {CVE-2025-38454} - KVM: Allow CPU to reschedule while setting per-page memory attributes (Liam Merwick) [Orabug: 38324134] {CVE-2025-38506} - KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (Sean Christopherson) [Orabug: 38254139] {CVE-2025-38455} - KVM: SVM: Add missing member in SNP_LAUNCH_START command structure (Nikunj A Dadhania) - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. (David Woodhouse) - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (Jp Kobryn) - x86/mce: Ensure user polling settings are honored when restarting timer (Yazen Ghannam) - x86/mce: Don't remove sysfs if thresholding sysfs init fails (Yazen Ghannam) - x86/mce/amd: Fix threshold limit reset (Yazen Ghannam) - x86/mce/amd: Add default names for MCA banks and blocks (Yazen Ghannam) - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (Dan Carpenter) [Orabug: 38254142] {CVE-2025-38456} - rxrpc: Fix oops due to non-existence of prealloc backlog struct (David Howells) [Orabug: 38324168] {CVE-2025-38514} - rxrpc: Fix bug due to prealloc collision (David Howells) [Orabug: 38324296] {CVE-2025-38544} - net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254145] {CVE-2025-38457} - net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (Chintan Vankar) [Orabug: 38324304] {CVE-2025-38545} - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254151] {CVE-2025-38458} - atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254159] {CVE-2025-38459} - atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324307] {CVE-2025-38546} - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254165] {CVE-2025-38460} - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (Oleksij Rempel) - net: phy: smsc: Force predictable MDI-X state on LAN87xx (Oleksij Rempel) - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (Oleksij Rempel) - net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 (Ericchan) - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also transport_local (Michal Luczaj) - vsock: Fix transport_* TOCTOU (Michal Luczaj) [Orabug: 38254171] {CVE-2025-38461} - vsock: Fix transport_{g2h,h2g} TOCTOU (Michal Luczaj) [Orabug: 38254174] {CVE-2025-38462} - tcp: Correct signedness in skb remaining space calculation (Jiayuan Chen) [Orabug: 38254177] {CVE-2025-38463} - tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254179] {CVE-2025-38464} - vsock: fix vsock_proto declaration (Stefano Garzarella) - netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254186] {CVE-2025-38465} - net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() (Luo Jie) - net: phy: qcom: move the WoL function to shared library (Luo Jie) - arm64: poe: Handle spurious Overlay faults (Kevin Brodsky) - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (Jason Xing) - sched/deadline: Fix dl_server runtime calculation formula (Kuyo Chang) - fix proc_sys_compare() handling of in-lookup dentries (Al Viro) - pinctrl: amd: Clear GPIO debounce for suspend (Mario Limonciello) - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (Luiz Augusto von Dentz) - Bluetooth: hci_sync: Fix not disabling advertising instance (Luiz Augusto von Dentz) - ASoC: cs35l56: probe() should fail if the device ID is not recognized (Richard Fitzgerald) - perf: Revert to requiring CAP_SYS_ADMIN for uprobes (Peter Zijlstra) [Orabug: 38254195] {CVE-2025-38466} - sched/core: Fix migrate_swap() vs. hotplug (Peter Zijlstra) - irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ (Nam Cao) - perf/core: Fix the WARN_ON_ONCE is out of lock protected region (Luo Gengkun) - ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches (Charles Keepax) - ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops (Bard Liao) - ASoC: Intel: add sof_sdw_get_tplg_files ops (Bard Liao) - ASoC: soc-acpi: add get_function_tplg_files ops (Bard Liao) - ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops (Simon Trimmer) - ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct (Simon Trimmer) - ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH (Bard Liao) - ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (Shengjiu Wang) - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (Srinivasan Shanmugam) [Orabug: 37855415] {CVE-2025-38104} - crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 (Eric Biggers) - drm/amdgpu/ip_discovery: add missing ip_discovery fw (Flora Cui) - drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics (Flora Cui) - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug: 38254201] {CVE-2025-38467} - eventpoll: don't decrement ep refcount while still holding the ep mutex (Linus Torvalds) [Orabug: 38209551] {CVE-2025-38349} - LTS version: v6.12.38 (Jack Vogel) - x86/CPU/AMD: Properly check the TSA microcode (Borislav Petkov) - LTS version: v6.12.37 (Jack Vogel) - x86/process: Move the buffer clearing before MONITOR (Borislav Petkov) - x86/microcode/AMD: Add TSA microcode SHAs (Borislav Petkov) - KVM: SVM: Advertise TSA CPUID bits to guests (Borislav Petkov) - x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov) [Orabug: 38023239,38129827] {CVE-2024-36350,CVE-2024-36357} - x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov) [Orabug: 38023239,38129827] {CVE-2024-36350,CVE-2024-36357} - x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (Andrew Cooper) [Orabug: 38264060] - Revert "x86/bugs: Rename MDS machinery to something more generic" (Boris Ostrovsky) [Orabug: 38264060] - Revert "x86/bugs: Add a Transient Scheduler Attacks mitigation" (Boris Ostrovsky) [Orabug: 38264060] - Revert "KVM: SVM: Advertize TSA CPUID bits to guests" (Boris Ostrovsky) [Orabug: 38264060] - Revert "x86/process: Move the buffer clearing before MONITOR" (Boris Ostrovsky) [Orabug: 38264060] - Revert "Add Zen34 clients" (Boris Ostrovsky) [Orabug: 38264060] - Revert "x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt()" (Boris Ostrovsky) [Orabug: 38264060] - mm: userfaultfd: fix race of userfaultfd_move and swap cache (Kairui Song) [Orabug: 38175034] {CVE-2025-38242} - mm/vmalloc: fix data race in show_numa_info() (Jeongjun Park) [Orabug: 38253860] {CVE-2025-38383} - powerpc/kernel: Fix ppc_save_regs inclusion in build (Madhavan Srinivasan) - usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38254393] {CVE-2025-38404} - platform/x86: think-lmi: Fix sysfs group cleanup (Kurt Borja) - platform/x86: think-lmi: Fix kobject cleanup (Kurt Borja) - platform/x86: think-lmi: Create ksets consecutively (Kurt Borja) - riscv: cpu_ops_sbi: Use static array for boot_data (Vivian Wang) [Orabug: 38253953] {CVE-2025-38407} - powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (Zhang Rui) - iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU (Simon Xue) - optee: ffa: fix sleep in atomic context (Jens Wiklander) [Orabug: 38253830] {CVE-2025-38374} - Logitech C-270 even more broken (Oliver Neukum) - i2c/designware: Fix an initialization issue (Michael J. Ruhl) [Orabug: 38253849] {CVE-2025-38380} - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (Christian K?nig) - cifs: all initializations for tcon should happen in tcon_info_alloc (Shyam Prasad N) - smb: client: fix readdir returning wrong type with POSIX extensions (Philipp Kerling) - usb: acpi: fix device link removal (Krogerus Heikki) - usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (Xu Yang) [Orabug: 38253838] {CVE-2025-38376} - usb: dwc3: Abort suspend on soft disconnect failure (Kuen-Han Tsai) - usb: cdnsp: Fix issue with CV Bad Descriptor test (Pawel Laszczak) - usb: cdnsp: do not disable slot for disabled slot (Peter Chen) - Input: iqs7222 - explicitly define number of external channels (Jeff Labundy) - Input: xpad - support Acer NGR 200 Controller (Nilton Perim Neto) - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (Hongyu Xie) - xhci: dbc: Flush queued requests before stopping dbc (Mathias Nyman) - xhci: dbctty: disable ECHO flag by default (?ukasz Bartosik) - usb: xhci: quirk for data loss in ISOC transfers (Raju Rangoju) - Revert "usb: xhci: Implement xhci_handshake_check_state() helper" (Roy Luo) - usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (Roy Luo) - NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust) - drm/xe: Allow dropping kunit dependency as built-in (Harry Austen) - drm/xe/bmg: Update Wa_22019338487 (Vinay Belgaumkar) - IB/mlx5: Fix potential deadlock in MR deregistration (Or Har-Toov) [Orabug: 38253826] {CVE-2025-38373} - RDMA/mlx5: Fix cache entry update on dereg error (Michael Guralnik) - fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (Shivank Garg) [Orabug: 38253909] {CVE-2025-38396} - module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper (Peter Zijlstra) - add a string-to-qstr constructor (Al Viro) - rcu: Return early if callback is not specified (Uladzislau Rezki) - mtd: spinand: fix memory leak of ECC engine conf (Pablo Martin-Gomez) [Orabug: 38253862] {CVE-2025-38384} - ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253873] {CVE-2025-38386} - wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253944] {CVE-2025-38406} - wifi: mac80211: drop invalid source address OCB frames (Johannes Berg) - aoe: defer rexmit timer downdev work to workqueue (Justin Sanders) - scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (Maurizio Lombardi) [Orabug: 38253913] {CVE-2025-38399} - regulator: fan53555: add enable_time support and soft-start times (Heiko Stuebner) - ASoC: amd: yc: update quirk data for HP Victus (Raven Black) - powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan) - genirq/irq_sim: Initialize work context pointers properly (Gyeyoung Baek) [Orabug: 38253955] {CVE-2025-38408} - platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (Mario Limonciello) - ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (Gabriel Santese) - ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg) - ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled (Tasos Sahanidis) - ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai) - ALSA: sb: Don't allow changing the DMA mode during operations (Takashi Iwai) - drm/msm: Fix another leak in the submit error path (Rob Clark) [Orabug: 38253959] {CVE-2025-38409} - drm/msm: Fix a fence leak in submit error path (Rob Clark) [Orabug: 38253966] {CVE-2025-38410} - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (Ewan D. Milne) - sched_ext: Make scx_group_set_weight() always update tg->scx.weight (Tejun Heo) - drm/amdgpu/mes: add missing locking in helper functions (Alex Deucher) - arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on (Johan Hovold) - drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (Nicholas Kazlauskas) [Orabug: 38253787] {CVE-2025-38360} - drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (Frank Min) - drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (Imre Deak) - drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (Sonny Jiang) - drm/simpledrm: Do not upcast in release helpers (Thomas Zimmermann) - selinux: change security_compute_sid to return the ssid or tsid on match (Stephen Smalley) - drm/xe/guc: Explicitly exit CT safe mode on unwind (Michal Wajdeczko) [Orabug: 38253775] {CVE-2025-38356} - drm/xe/guc: Dead CT helper (John Harrison) - drm/xe: Replace double space with single space after comma (Gote, Nitin R) - drm/xe: move DPT l2 flush to a more sensible place (Matthew Auld) - drm/xe: Allow bo mapping on multiple ggtts (Niranjana Vishwanathapura) - drm/xe: add interface to request physical alignment for buffer objects (Juha-Pekka Heikkila) - drm/xe: Move DSB l2 flush to a more sensible place (Maarten Lankhorst) - drm/xe: Fix DSB buffer coherency (Maarten Lankhorst) - mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (Christophe Jaillet) - netfs: Fix oops in write-retry from mis-resetting the subreq iterator (David Howells) [Orabug: 38153033] {CVE-2025-38139} - remoteproc: k3-r5: Refactor sequential core power up/down operations (Beleswar Padhi) - remoteproc: k3-r5: Use devm_rproc_add() helper (Beleswar Padhi) - remoteproc: k3-r5: Use devm_ioremap_wc() helper (Beleswar Padhi) - remoteproc: k3-r5: Use devm_kcalloc() helper (Beleswar Padhi) - remoteproc: k3-r5: Add devm action to release reserved memory (Beleswar Padhi) - remoteproc: k3: Call of_node_put(rmem_np) only once in three functions (Markus Elfring) - ubsan: integer-overflow: depend on BROKEN to keep this out of CI (Kees Cook) - arm64: dts: qcom: sm8650: add the missing l2 cache node (Pengyu Luo) - arm64: dts: renesas: white-hawk-single: Improve Ethernet TSN description (Geert Uytterhoeven) - arm64: dts: renesas: Factor out White Hawk Single board support (Geert Uytterhoeven) - arm64: dts: renesas: Use interrupts-extended for Ethernet PHYs (Geert Uytterhoeven) - arm64: dts: qcom: sm8650: Fix domain-idle-state for CPU2 (Luca Weiss) - arm64: dts: qcom: sm8650: change labels to lower-case (Krzysztof Kozlowski) - bpf: Do not include stack ptr register in precision backtracking bookkeeping (Yonghong Song) [Orabug: 38180467] {CVE-2025-38279} - bpf: use common instruction history across all states (Andrii Nakryiko) - hisi_acc_vfio_pci: bugfix the problem of uninstalling driver (Longfang Liu) - hisi_acc_vfio_pci: bugfix cache write-back issue (Longfang Liu) - scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (Justin Tee) [Orabug: 38180503] {CVE-2025-38289} - f2fs: zone: fix to calculate first_zoned_segno correctly (Chao Yu) - f2fs: zone: introduce first_zoned_segno in f2fs_sb_info (Chao Yu) - f2fs: decrease spare area for pinned files for zoned devices (Daeho Jeong) - iommu: ipmmu-vmsa: avoid Wformat-security warning (Arnd Bergmann) - RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug (Zhu Yanjun) - wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (Rameshkumar Sundaram) - wifi: ath12k: Handle error cases during extended skb allocation (P Praneesh) - wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path (Nicolas Escande) - bonding: Mark active offloaded xfrm_states (Cosmin Ratiu) - ACPI: thermal: Execute _SCP before reading trip points (Armin Wolf) - ACPI: thermal: Fix stale comment regarding trip points (Xueqin Luo) - ASoC: tas2764: Reinit cache on part reset (Martin Povi?er) - ASoC: tas2764: Extend driver to SN012776 (Martin Povi?er) - gfs2: Don't start unnecessary transactions during log flush (Andreas Gruenbacher) - gfs2: Move gfs2_trans_add_databufs (Andreas Gruenbacher) - sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE (Xuewen Yan) - sched/fair: Add new cfs_rq.h_nr_runnable (Vincent Guittot) - sched/fair: Rename h_nr_running into h_nr_queued (Vincent Guittot) - btrfs: fix wrong start offset for delalloc space release during mmap write (Filipe Manana) - btrfs: prepare btrfs_page_mkwrite() for large folios (Qu Wenruo) - gfs2: deallocate inodes in gfs2_create_inode (Andreas Gruenbacher) - gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc (Andreas Gruenbacher) - gfs2: Move gfs2_dinode_dealloc (Andreas Gruenbacher) - gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (Andreas Gruenbacher) - gfs2: Add GLF_PENDING_REPLY flag (Andreas Gruenbacher) - gfs2: Decode missing glock flags in tracepoints (Andreas Gruenbacher) - gfs2: Prevent inode creation race (Andreas Gruenbacher) - gfs2: Rename dinode_demise to evict_behavior (Andreas Gruenbacher) - gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (Andreas Gruenbacher) - gfs2: Initialize gl_no_formal_ino earlier (Andreas Gruenbacher) - kunit: qemu_configs: Disable faulting tests on 32-bit SPARC (David Gow) - kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y (Thomas Wei?schuh) - kunit: qemu_configs: sparc: use Zilog console (Thomas Wei?schuh) - crypto: zynqmp-sha - Add locking (Herbert Xu) - spinlock: extend guard with spinlock_bh variants (Christian Marangi) - crypto: iaa - Do not clobber req->base.data (Herbert Xu) - crypto: iaa - Remove dst_null support (Herbert Xu) - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (Lukasz Czechowski) - smb: client: fix race condition in negotiate timeout by using more precise timing (Wang Zhaolong) - amd-xgbe: do not double read link status (Raju Rangoju) - net/sched: Always pass notifications when child class becomes empty (Lion Ackermann) [Orabug: 38217337] {CVE-2025-38350} - nui: Fix dma_mapping_error() check (Thomas Fourier) - rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju) [Orabug: 38253840] {CVE-2025-38377} - enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari) - amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju) - lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter) - netfs: Fix i_size updating (David Howells) - smb: client: set missing retry flag in cifs_writev_callback() (Paulo Alcantara) - smb: client: set missing retry flag in cifs_readv_callback() (Paulo Alcantara) - smb: client: set missing retry flag in smb2_writev_callback() (Paulo Alcantara) - igc: disable L1.2 PCI-E link substate to avoid performance issue (Vitaly Lifshits) - idpf: convert control queue mutex to a spinlock (Ahmed Zaki) [Orabug: 38253897] {CVE-2025-38392} - idpf: return 0 size for RSS key if not supported (Michal Swiatkowski) [Orabug: 38253932] {CVE-2025-38402} - drm/i915/gsc: mei interrupt top half should be in irq disabled context (Junxiao Chang) - drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253885] {CVE-2025-38389} - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (Oleksij Rempel) [Orabug: 38253870] {CVE-2025-38385} - smb: client: fix warning when reconnecting channel (Paulo Alcantara) [Orabug: 38254386] {CVE-2025-38379} - drm/bridge: aux-hpd-bridge: fix assignment of the of_node (Dmitry Baryshkov) - platform/mellanox: mlxreg-lc: Fix logic error in power state check (Alok Tiwari) - platform/x86: dell-wmi-sysman: Fix class device unregistration (Kurt Borja) - platform/x86: dell-sysman: Directly use firmware_attributes_class (Thomas Wei?schuh) - platform/x86: think-lmi: Fix class device unregistration (Kurt Borja) - platform/x86: think-lmi: Directly use firmware_attributes_class (Thomas Wei?schuh) - platform/x86: firmware_attributes_class: Simplify API (Thomas Wei?schuh) - platform/x86: firmware_attributes_class: Move include linux/device/class.h (Thomas Wei?schuh) - platform/x86: hp-bioscfg: Fix class device unregistration (Kurt Borja) - platform/x86: hp-bioscfg: Directly use firmware_attributes_class (Thomas Wei?schuh) - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (Kurt Borja) [Orabug: 38253975] {CVE-2025-38412} - nvmet: fix memory leak of bio integrity (Dmitry Bogdanov) [Orabug: 38253942] {CVE-2025-38405} - nvme: Fix incorrect cdw15 value in passthru error logging (Alok Tiwari) - drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter) - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark) - drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski) - dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai) - ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier) - btrfs: use btrfs_record_snapshot_destroy() during rmdir (Filipe Manana) - btrfs: propagate last_unlink_trans earlier when doing a rmdir (Filipe Manana) - btrfs: record new subvolume in parent dir earlier to avoid dir logging races (Filipe Manana) - btrfs: fix inode lookup error handling during log replay (Filipe Manana) - btrfs: fix invalid inode pointer dereferences during log replay (Filipe Manana) [Orabug: 38288149] {CVE-2025-38243} - btrfs: return a btrfs_inode from read_one_inode() (Filipe Manana) - btrfs: return a btrfs_inode from btrfs_iget_logging() (Filipe Manana) - btrfs: fix iteration of extrefs during log replay (Filipe Manana) [Orabug: 38253858] {CVE-2025-38382} - btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana) - Bluetooth: Prevent unintended pause by checking if advertising is active (Yang Li) - platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (Alok Tiwari) - platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (Alok Tiwari) - RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad) [Orabug: 38118599] - scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche) - scsi: sd: Fix VPD page 0xb7 length check (Jackysliu) - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier) - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (Thomas Fourier) - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (Benjamin Coddington) [Orabug: 38253899] {CVE-2025-38393} - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253921] {CVE-2025-38400} - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253879] {CVE-2025-38387} - RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling (Or Har-Toov) [Orabug: 38253824] {CVE-2025-38372} - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson) - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (Janne Grunau) - firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context (Sudeep Holla) [Orabug: 38253883] {CVE-2025-38388} - firmware: arm_ffa: Move memory allocation outside the mutex locking (Sudeep Holla) - firmware: arm_ffa: Fix memory leak by freeing notifier callback node (Sudeep Holla) [Orabug: 38253890] {CVE-2025-38390} - drm/v3d: Disable interrupts before resetting the GPU (Ma?ra Canal) [Orabug: 38253819] {CVE-2025-38371} - mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky) - mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu) [Orabug: 38253926] {CVE-2025-38401} - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu) - usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253892] {CVE-2025-38391} - Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() (Yunshui) [Orabug: 38253852] {CVE-2025-38381} - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253905] {CVE-2025-38395} - iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes (Nicolin Chen) - Bluetooth: MGMT: mesh_send: check instances prior disabling advertising (Christian Eggers) - Bluetooth: MGMT: set_mesh: update LE scan interval and window (Christian Eggers) - Bluetooth: hci_sync: revert some mesh modifications (Christian Eggers) - Bluetooth: HCI: Set extended advertising data synchronously (Christian Eggers) - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (Avri Altman) - Revert "mmc: sdhci: Disable SD card clock before changing parameters" (Ulf Hansson) - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih) - net: libwx: fix the incorrect display of the queue number (Jiawen Wu) - vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253935] {CVE-2025-38403} - net: txgbe: request MISC IRQ in ndo_open (Jiawen Wu) - s390/pci: Do not try re-enabling load/store if device is disabled (Niklas Schnelle) - s390/pci: Fix stale function handles in error handling (Niklas Schnelle) - virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug: 38253832] {CVE-2025-38375} - virtio-net: xsk: rx: fix the frame's length check (Bui Quang Minh) [Orabug: 38253978] {CVE-2025-38413} - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (Mateusz Jo?czyk) - rtc: pcf2127: fix SPI command byte for PCF2131 (Elena Popa) - rtc: pcf2127: add missing semicolon after statement (Hugo Villeneuve) [6.12.0-103.36.1.el10uek] - rds: tcp: block BH in TCP callbacks (Eric Dumazet) [Orabug: 38233600] - mm: memcontrol: fix MM statistics during lruvec reparenting on MGLRU (Harry Yoo) [Orabug: 38002245] - memcg: add folio_memcg_charged() stub for !memcg (Kamalesh Babulal) [Orabug: 38002245] - mm: memcontrol: fix a build error on CONFIG_MEMCG=n (Harry Yoo) [Orabug: 38002245] - net/mlx5: Add poll-eq API to be used by ULP's (Praveen Kumar Kannoju) [Orabug: 38182399] - net/rds: poll eq during user-reset (Praveen Kumar Kannoju) [Orabug: 38189326] From el-errata at oss.oracle.com Wed Sep 10 09:21:07 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 10 Sep 2025 13:21:07 +0400 Subject: [El-errata] New Ksplice updates for RHCK 10 (ELSA-2025-15005) Message-ID: Synopsis: ELSA-2025-15005 can now be patched using Ksplice CVEs: CVE-2025-37823 CVE-2025-38211 CVE-2025-38220 CVE-2025-38461 CVE-2025-38464 CVE-2025-38472 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-15005. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-15005.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 10 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2025-37823: Use-after-free in Hierarchical Fair Service Curve (HFSC) driver. * CVE-2025-38211: Use-after-free in InfiniBand driver. * CVE-2025-38220: Null pointer dereference in ext4 filesystem driver. * CVE-2025-38461: Denial-of-service in Virtual Socket protocol driver. * CVE-2025-38464: Use-after-free in TIPC Protocol driver. * CVE-2025-38472: Kernel crash in Netfilter driver. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Wed Sep 10 13:14:58 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 10 Sep 2025 06:14:58 -0700 Subject: [El-errata] ELSA-2025-20553 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20553 http://linux.oracle.com/errata/ELSA-2025-20553.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.347.6.el7uek.x86_64.rpm kernel-uek-container-5.4.17-2136.347.6.el7uek.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.347.6.el7uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.347.6.el7uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.347.6.el7uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.347.6.el7uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.347.6.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.347.6.el7uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.347.6.el7uek.src.rpm Related CVEs: CVE-2022-48773 CVE-2022-48828 CVE-2022-48829 CVE-2024-46855 CVE-2024-57996 CVE-2025-37752 CVE-2025-37958 CVE-2025-38083 CVE-2025-38086 CVE-2025-38090 CVE-2025-38103 CVE-2025-38108 CVE-2025-38115 CVE-2025-38135 CVE-2025-38136 CVE-2025-38145 CVE-2025-38147 CVE-2025-38153 CVE-2025-38157 CVE-2025-38163 CVE-2025-38173 CVE-2025-38174 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38194 CVE-2025-38200 CVE-2025-38203 CVE-2025-38204 CVE-2025-38212 CVE-2025-38214 CVE-2025-38219 CVE-2025-38222 CVE-2025-38237 CVE-2025-38285 CVE-2025-38286 CVE-2025-38298 CVE-2025-38312 CVE-2025-38313 CVE-2025-38320 CVE-2025-38323 CVE-2025-38324 CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38336 CVE-2025-38337 CVE-2025-38344 CVE-2025-38345 CVE-2025-38346 CVE-2025-38348 CVE-2025-38352 CVE-2025-38415 CVE-2025-38416 CVE-2025-38420 CVE-2025-38424 CVE-2025-38428 CVE-2025-38430 CVE-2025-38498 Description of changes: [5.4.17-2136.347.6.el7uek] - net_sched: sch_sfq: move the limit validation (Octavian Purdila) [Orabug: 38377926] {CVE-2025-37752} - net_sched: sch_sfq: use a temporary work area for validating configuration (Octavian Purdila) [Orabug: 38377926] - net_sched: sch_sfq: don't allow 1 packet limit (Octavian Purdila) [Orabug: 38377926] {CVE-2024-57996} - net_sched: sch_sfq: handle bigger packets (Eric Dumazet) [Orabug: 38377926] - net_sched: sch_sfq: annotate data-races around q->perturb_period (Eric Dumazet) [Orabug: 38377926] [5.4.17-2136.347.5.el7uek] - squashfs: fix memory leak in squashfs_fill_super (Phillip Lougher) - netfilter: nf_tables: adjust lockdep assertions handling (Fedor Pchelkin) - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (Helge Deller) - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (Arnd Bergmann) [5.4.17-2136.347.4.el7uek] - KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38319938] - KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi (Miaohe Lin) [Orabug: 38319938] - rds: Fix NULL ptr deref in xas_start (H?kon Bugge) [Orabug: 38169303] [5.4.17-2136.347.3.el7uek] - mm: make page_mapped_in_vma() hugetlb walk aware (Jane Chu) [Orabug: 38146326] - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk (Zhenwei Pi) [Orabug: 38146326] [5.4.17-2136.347.2.el7uek] - rds: tcp: block BH in TCP callbacks (Eric Dumazet) [Orabug: 38236847] - kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges (Lianbo Jiang) [Orabug: 38134902] - module: correctly exit module_kallsyms_on_each_symbol when fn() != 0 (Jon Mediero) [Orabug: 37820709] - module: potential uninitialized return in module_kallsyms_on_each_symbol() (Dan Carpenter) [Orabug: 37820709] - module: use RCU to synchronize find_module (Christoph Hellwig) [Orabug: 37820709] - kallsyms: refactor {,module_}kallsyms_on_each_symbol (Christoph Hellwig) [Orabug: 37820709] [5.4.17-2136.347.1.el7uek] - LTS tag: v5.4.295 (Alok Tiwari) - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (Kees Cook) - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() (Tengda Wu) [Orabug: 38180596] {CVE-2025-38320} - perf: Fix sample vs do_exit() (Peter Zijlstra) [Orabug: 38254030] {CVE-2025-38424} - s390/pci: Fix __pcilg_mio_inuser() inline assembly (Heiko Carstens) - rtc: test: Fix invalid format specifier. (David Gow) - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (Jeongjun Park) [Orabug: 38180707] {CVE-2025-38337} - mm/huge_memory: fix dereferencing invalid pmd migration entry (Gavin Guo) [Orabug: 37976985] {CVE-2025-37958} - rtc: Make rtc_time64_to_tm() support dates before 1970 (Alexandre Mergnat) - rtc: Improve performance of rtc_time64_to_tm(). Add tests. (Cassio Neri) - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (Dan Aloni) [Orabug: 37101886] {CVE-2022-48773} - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [Orabug: 38223087] {CVE-2025-38352} - ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms (Geert Uytterhoeven) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert time (Colin Foster) - ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board (Shengyu Qu) - net: atm: fix /proc/net/atm/lec handling (Eric Dumazet) [Orabug: 38158407] {CVE-2025-38180} - net: atm: add lec_mutex (Eric Dumazet) [Orabug: 38180612] {CVE-2025-38323} - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (Kuniyuki Iwashima) [Orabug: 38158413] {CVE-2025-38181} - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (Haixia Qu) [Orabug: 38158425] {CVE-2025-38184} - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Neal Cardwell) - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). (Kuniyuki Iwashima) [Orabug: 38158434] {CVE-2025-38185} - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). (Kuniyuki Iwashima) [Orabug: 38180618] {CVE-2025-38324} - wifi: carl9170: do not ping device which has failed to load firmware (Dmitry Antipov) [Orabug: 38254011] {CVE-2025-38420} - aoe: clean device rq_list in aoedev_downdev() (Justin Sanders) [Orabug: 38180629] {CVE-2025-38326} - hwmon: (occ) fix unaligned accesses (Arnd Bergmann) - drm/nouveau/bl: increase buffer size to avoid truncate warning (Jacob Keller) - erofs: remove unused trace event erofs_destroy_inode (Gao Xiang) - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (Jonathan Lane) - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (Takashi Iwai) - Input: sparcspkr - avoid unannotated fall-through (Yuli Wang) - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (Terry Junge) [Orabug: 38152878] {CVE-2025-38103} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. (Kuniyuki Iwashima) [Orabug: 38158458] {CVE-2025-38190} - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (Stephen Smalley) - scsi: s390: zfcp: Ensure synchronous unit_add (Peter Oberparleiter) - scsi: storvsc: Increase the timeouts to storvsc_timeout (Dexuan Cui) - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (Fedor Pchelkin) [Orabug: 38180636] {CVE-2025-38328} - jffs2: check that raw node were preallocated before writing summary (Artem Sadovnikov) [Orabug: 38158484] {CVE-2025-38194} - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (Andrew Morton) [Orabug: 38137454] {CVE-2025-38090} - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (Narayana Murty N) - platform/x86: dell_rbu: Stop overwriting data buffer (Stuart Hayes) - platform: Add Surface platform directory (Maximilian Luz) - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" (Alexander Sverdlin) - tee: Prevent size calculation wraparound on 32-bit kernels (Jann Horn) - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY (Sukrut Bellary) - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (Laurentiu Tudor) - watchdog: da9052_wdt: respect TWDMIN (Marcus Folkesson) - i40e: fix MMIO write access to an invalid page in i40e_clear_hw (Kyungwook Boo) [Orabug: 38158518] {CVE-2025-38200} - sock: Correct error checking condition for (assign|release)_proto_idx() (Zijun Hu) - scsi: lpfc: Use memcpy() for BIOS version (Daniel Wagner) [Orabug: 38180668] {CVE-2025-38332} - vxlan: Do not treat dst cache initialization errors as fatal (Ido Schimmel) - clk: rockchip: rk3036: mark ddrphy as critical (Heiko Stuebner) - wifi: mac80211: do not offer a mesh path if forwarding is disabled (Benjamin Berg) - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info (Jason Xing) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (Gabor Juhos) - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT (Sebastian Andrzej Siewior) - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows (Eric Dumazet) - tcp: always seek for minimal rtt in tcp_rcv_rtt_update() (Eric Dumazet) - net: dlink: add synchronization for stats update (Moon Yeounsu) - sctp: Do not wake readers in __sctp_write_space() (Petr Malat) - emulex/benet: correct command version selection in be_cmd_get_stats() (Alok Tiwari) - i2c: designware: Invoke runtime suspend on quick slave re-registration (Tan En De) - net: macb: Check return value of dma_set_mask_and_coherent() (Sergio Perez Gonzalez) - cpufreq: Force sync policy boost with global boost on sysfs update (Viresh Kumar) - nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults (Simon Schuster) - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() (Xu Wang) [Orabug: 38175014] {CVE-2025-38237} - media: tc358743: ignore video while HPD is low (Hans Verkuil) - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB (Amber Lin) - jfs: Fix null-ptr-deref in jfs_ioc_trim (Dylan Wolff) [Orabug: 38158546] {CVE-2025-38203} - drm/amdgpu/gfx9: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx8: fix CSIB handling (Alex Deucher) - jfs: fix array-index-out-of-bounds read in add_missing_indices (Aditya Dutt) [Orabug: 38158553] {CVE-2025-38204} - drm/amdgpu/gfx7: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx10: fix CSIB handling (Alex Deucher) - drm/msm/a6xx: Increase HFI response timeout (Akhil P Oommen) - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() (Srinivasan Shanmugam) - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition (Nas Chung) - drm/msm/hdmi: add runtime PM calls to DDC transfer function (Dmitry Baryshkov) - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() (Damon Ding) - sunrpc: update nextcheck time when adding new cache entries (Long Li) - drm/amdgpu/gfx6: fix CSIB handling (Alex Deucher) - ACPI: battery: negate current when discharging (Peter Marheine) - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (Charan Teja Kalla) - power: supply: bq27xxx: Retrieve again when busy (Jerry Lv) - ACPICA: fix acpi parse and parseext cache leaks (Seunghun Han) [Orabug: 38180748] {CVE-2025-38344} - ACPICA: Avoid sequence overread in call to strncmp() (Ahmed Salem) - ACPICA: fix acpi operand cache leak in dswstate.c (Seunghun Han) [Orabug: 38180756] {CVE-2025-38345} - iio: adc: ad7606_spi: fix reg write value mask (David Lechner) - PCI: Fix lock symmetry in pci_slot_unlock() (Ilpo J?rvinen) - PCI: Add ACS quirk for Loongson PCIe (Huacai Chen) - uio_hv_generic: Use correct size for interrupt and monitor pages (Long Li) - regulator: max14577: Add error check for max14577_read_reg() (Xu Wang) - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS (Khem Raj) - staging: iio: ad5933: Correct settling cycles encoding per datasheet (Gabriel) - net: ch9200: fix uninitialised access during mii_nway_restart (Qasim Ijaz) [Orabug: 38132189] {CVE-2025-38086} - ftrace: Fix UAF when lookup kallsym after ftrace disabled (Ye Bin) [Orabug: 38180768] {CVE-2025-38346} - dm-mirror: fix a tiny race condition (Mikulas Patocka) - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (Xu Wang) - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (Xu Wang) - mm: fix ratelimit_pages update error in dirty_ratio_handler() (Jinliang Zheng) - ipc: fix to protect IPCS lookups using RCU (Jeongjun Park) [Orabug: 38158598] {CVE-2025-38212} - parisc: fix building with gcc-15 (Arnd Bergmann) - vgacon: Add check for vc_origin address range in vgacon_scroll() (Gong, Ruiqi) - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (Murad Masimov) [Orabug: 38158615] {CVE-2025-38214} - EDAC/altera: Use correct write width with the INTTEST register (Niravkumar L Rabara) - NFC: nci: uart: Set tty->disc_data only in success path (Krzysztof Kozlowski) [Orabug: 38253992] {CVE-2025-38416} - f2fs: prevent kernel warning due to negative i_nlink from corrupted image (Jaegeuk Kim) [Orabug: 38158649] {CVE-2025-38219} - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (Dan Carpenter) [Orabug: 38254054] {CVE-2025-38428} - ext4: fix calculation of credits for extent tree modification (Jan Kara) - ext4: inline: fix len overflow in ext4_prepare_inline_data (Thadeu Lima de Souza Cascardo) [Orabug: 38158662] {CVE-2025-38222} - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (Ioana Ciornei) - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tasos Sahanidis) [Orabug: 38180697] {CVE-2025-38336} - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() (Ross Stutterheim) - media: v4l2-dev: fix error handling in __video_register_device() (Ma Ke) - media: gspca: Add error handling for stv06xx_read_sensor() (Xu Wang) - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (Mingcong Bai) - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (Neil Brown) [Orabug: 38254062] {CVE-2025-38430} - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (Christian Lamparter) [Orabug: 38180783] {CVE-2025-38348} - gfs2: move msleep to sleepable context (Alexander Aring) - configfs: Do not override creating attribute file failure in populate_attrs() (Zijun Hu) - net: usb: aqc111: debug info before sanitation (Oliver Neukum) - calipso: unlock rcu before returning -EAFNOSUPPORT (Eric Dumazet) - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (Stefano Stabellini) - usb: Flush altsetting 0 endpoints before reinitializating them after reset. (Mathias Nyman) - fs/filesystems: Fix potential unsigned integer underflow in fs_name() (Zijun Hu) - net/mdiobus: Fix potential out-of-bounds read/write access (Jakub Raczynski) - drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang (Nathan Chancellor) - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang (Nathan Chancellor) - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option (Nathan Chancellor) - x86/boot/compressed: prefer cc-option for CFLAGS additions (Nick Desaulniers) - net: mdio: C22 is now optional, EOPNOTSUPP if not provided (Andrew Lunn) - net_sched: tbf: fix a race in tbf_change() (Eric Dumazet) - net_sched: red: fix a race in __red_change() (Eric Dumazet) [Orabug: 38152899] {CVE-2025-38108} - net_sched: prio: fix a race in prio_tune() (Eric Dumazet) [Orabug: 38105335] {CVE-2025-38083} - net/mlx5: Fix return value when searching for existing flow group (Patrisious Haddad) - net/mlx5: Wait for inactive autogroups (Paul Blakey) - i40e: retry VFLR handling if there is ongoing VF reset (Robert Malz) - i40e: return false from i40e_reset_vf if reset is in progress (Robert Malz) - net_sched: sch_sfq: fix a potential crash on gso_skb handling (Eric Dumazet) [Orabug: 38152923] {CVE-2025-38115} - scsi: iscsi: Fix incorrect error path labels for flashnode operations (Alok Tiwari) - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (Chuck Lever) [Orabug: 36954169] {CVE-2022-48829} - NFSD: Fix ia_size underflow (Chuck Lever) [Orabug: 36954164] {CVE-2022-48828} - Input: synaptics-rmi - fix crash with unsupported versions of F34 (Dmitry Torokhov) - Input: synaptics-rmi4 - convert to use sysfs_emit() APIs (Zhang Songyi) - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() (Dan Carpenter) - do_change_type(): refuse to operate on unmounted/not ours mounts (Al Viro) [Orabug: 38256450] {CVE-2025-38498} - ice: create new Tx scheduler nodes for new queues only (Michal Kubiak) - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (Luiz Augusto von Dentz) - net/mlx4_en: Prevent potential integer overflow calculating Hz (Dan Carpenter) - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (Nicolas Pitre) - serial: Fix potential null-ptr-deref in mlb_usio_probe() (Henry Martin) [Orabug: 38153012] {CVE-2025-38135} - usb: renesas_usbhs: Reorder clock handling and power management in probe (Lad Prabhakar) [Orabug: 38153017] {CVE-2025-38136} - rtc: Fix offset calculation for .start_secs < 0 (Alexandre Mergnat) - rtc: sh: assign correct interrupts with DT (Wolfram Sang) - perf record: Fix incorrect --user-regs comments (Dapeng Mi) - perf tests switch-tracking: Fix timestamp comparison (Leo Yan) - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (Alexey Gladkov) - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (Christophe Jaillet) - rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() (Dan Carpenter) - perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 (Adrian Hunter) - perf ui browser hists: Set actions->thread before calling do_zoom_thread() (Arnaldo Carvalho de Melo) - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180566] {CVE-2025-38312} - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153060] {CVE-2025-38145} - soc: aspeed: lpc: Fix impossible judgment condition (Su Hui) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (Quentin Schulz) - ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device (Dmitry Baryshkov) - bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180573] {CVE-2025-38313} - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (Ryusuke Konishi) - nilfs2: add pointer check for nilfs_direct_propagate() (Xu Wang) - Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253985] {CVE-2025-38415} - ARM: dts: at91: at91sam9263: fix NAND chip selects (Wolfram Sang) - ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select (Wolfram Sang) - f2fs: fix to correct check conditions in f2fs_cross_rename (Zhiguo Niu) - f2fs: use d_inode(dentry) cleanup dentry->d_inode (Zhiguo Niu) - calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153070] {CVE-2025-38147} - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy (Thangaraj Samynathan) - net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153090] {CVE-2025-38153} - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (Florian Westphal) - wifi: ath9k_htc: Abort software beacon handling if disabled (Toke H?iland-J?rgensen) [Orabug: 38153110] {CVE-2025-38157} - bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180489] {CVE-2025-38285} - pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180495] {CVE-2025-38286} - ktls, sockmap: Fix missing uncharge operation (Jiayuan Chen) - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (Huajian Yang) - f2fs: clean up w/ fscrypt_is_bounce_page() (Chao Yu) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (Junxian Huang) - wifi: rtw88: do not ignore hardware read error during DPK (Dmitry Antipov) - net: ncsi: Fix GCPS 64-bit member variables (Hari Kalavakunta) - f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153150] {CVE-2025-38163} - drm/tegra: rgb: Fix the unbound reference count (Biju Das) - drm/vkms: Adjust vkms_state->active_planes allocation type (Kees Cook) - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (Biju Das) - selftests/seccomp: fix syscall_restart test for arm compat (Neill Kapron) - firmware: psci: Fix refcount leak in psci_dt_init (Miaoqian Lin) - m68k: mac: Fix macintosh_config for Mac II (Finn Thain) - drm/vmwgfx: Add seqno waiter for sync_files (Ian Forbes) - spi: sh-msiof: Fix maximum DMA transfer size (Geert Uytterhoeven) - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" (Armin Wolf) - x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (Jiaqing Zhao) - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (Zijun Hu) - EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180525] {CVE-2025-38298} - crypto: marvell/cesa - Avoid empty transfer descriptor (Herbert Xu) - crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153190] {CVE-2025-38173} - x86/cpu: Sanitize CPUID(0x80000000) output (Ahmed S. Darwish) - perf/core: Fix broken throttling when max_samples_per_tick=1 (Qing Wang) - gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher) - netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [Orabug: 37116555] {CVE-2024-46855} - thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158384] {CVE-2025-38174} - usb: usbtmc: Fix timeout value in get_stb (Dave Penkler) - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (Hongyu Xie) - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (Jiayi Li) - pinctrl: armada-37xx: set GPIO output value before setting direction (Gabor Juhos) - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (Gabor Juhos) From el-errata at oss.oracle.com Wed Sep 10 13:15:03 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 10 Sep 2025 06:15:03 -0700 Subject: [El-errata] ELSA-2025-20553 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20553 http://linux.oracle.com/errata/ELSA-2025-20553.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.347.6.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.347.6.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.347.6.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.347.6.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.347.6.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.347.6.el8uek.src.rpm Related CVEs: CVE-2022-48773 CVE-2022-48828 CVE-2022-48829 CVE-2024-46855 CVE-2024-57996 CVE-2025-37752 CVE-2025-37958 CVE-2025-38083 CVE-2025-38086 CVE-2025-38090 CVE-2025-38103 CVE-2025-38108 CVE-2025-38115 CVE-2025-38135 CVE-2025-38136 CVE-2025-38145 CVE-2025-38147 CVE-2025-38153 CVE-2025-38157 CVE-2025-38163 CVE-2025-38173 CVE-2025-38174 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38194 CVE-2025-38200 CVE-2025-38203 CVE-2025-38204 CVE-2025-38212 CVE-2025-38214 CVE-2025-38219 CVE-2025-38222 CVE-2025-38237 CVE-2025-38285 CVE-2025-38286 CVE-2025-38298 CVE-2025-38312 CVE-2025-38313 CVE-2025-38320 CVE-2025-38323 CVE-2025-38324 CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38336 CVE-2025-38337 CVE-2025-38344 CVE-2025-38345 CVE-2025-38346 CVE-2025-38348 CVE-2025-38352 CVE-2025-38415 CVE-2025-38416 CVE-2025-38420 CVE-2025-38424 CVE-2025-38428 CVE-2025-38430 CVE-2025-38498 Description of changes: [5.4.17-2136.347.6.el8uek] - net_sched: sch_sfq: move the limit validation (Octavian Purdila) [Orabug: 38377926] {CVE-2025-37752} - net_sched: sch_sfq: use a temporary work area for validating configuration (Octavian Purdila) [Orabug: 38377926] - net_sched: sch_sfq: don't allow 1 packet limit (Octavian Purdila) [Orabug: 38377926] {CVE-2024-57996} - net_sched: sch_sfq: handle bigger packets (Eric Dumazet) [Orabug: 38377926] - net_sched: sch_sfq: annotate data-races around q->perturb_period (Eric Dumazet) [Orabug: 38377926] [5.4.17-2136.347.5.el8uek] - squashfs: fix memory leak in squashfs_fill_super (Phillip Lougher) - netfilter: nf_tables: adjust lockdep assertions handling (Fedor Pchelkin) - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (Helge Deller) - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (Arnd Bergmann) [5.4.17-2136.347.4.el8uek] - KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38319938] - KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi (Miaohe Lin) [Orabug: 38319938] - rds: Fix NULL ptr deref in xas_start (H?kon Bugge) [Orabug: 38169303] [5.4.17-2136.347.3.el8uek] - mm: make page_mapped_in_vma() hugetlb walk aware (Jane Chu) [Orabug: 38146326] - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk (Zhenwei Pi) [Orabug: 38146326] [5.4.17-2136.347.2.el8uek] - rds: tcp: block BH in TCP callbacks (Eric Dumazet) [Orabug: 38236847] - kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges (Lianbo Jiang) [Orabug: 38134902] - module: correctly exit module_kallsyms_on_each_symbol when fn() != 0 (Jon Mediero) [Orabug: 37820709] - module: potential uninitialized return in module_kallsyms_on_each_symbol() (Dan Carpenter) [Orabug: 37820709] - module: use RCU to synchronize find_module (Christoph Hellwig) [Orabug: 37820709] - kallsyms: refactor {,module_}kallsyms_on_each_symbol (Christoph Hellwig) [Orabug: 37820709] [5.4.17-2136.347.1.el8uek] - LTS tag: v5.4.295 (Alok Tiwari) - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (Kees Cook) - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() (Tengda Wu) [Orabug: 38180596] {CVE-2025-38320} - perf: Fix sample vs do_exit() (Peter Zijlstra) [Orabug: 38254030] {CVE-2025-38424} - s390/pci: Fix __pcilg_mio_inuser() inline assembly (Heiko Carstens) - rtc: test: Fix invalid format specifier. (David Gow) - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (Jeongjun Park) [Orabug: 38180707] {CVE-2025-38337} - mm/huge_memory: fix dereferencing invalid pmd migration entry (Gavin Guo) [Orabug: 37976985] {CVE-2025-37958} - rtc: Make rtc_time64_to_tm() support dates before 1970 (Alexandre Mergnat) - rtc: Improve performance of rtc_time64_to_tm(). Add tests. (Cassio Neri) - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (Dan Aloni) [Orabug: 37101886] {CVE-2022-48773} - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [Orabug: 38223087] {CVE-2025-38352} - ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms (Geert Uytterhoeven) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert time (Colin Foster) - ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board (Shengyu Qu) - net: atm: fix /proc/net/atm/lec handling (Eric Dumazet) [Orabug: 38158407] {CVE-2025-38180} - net: atm: add lec_mutex (Eric Dumazet) [Orabug: 38180612] {CVE-2025-38323} - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (Kuniyuki Iwashima) [Orabug: 38158413] {CVE-2025-38181} - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (Haixia Qu) [Orabug: 38158425] {CVE-2025-38184} - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Neal Cardwell) - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). (Kuniyuki Iwashima) [Orabug: 38158434] {CVE-2025-38185} - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). (Kuniyuki Iwashima) [Orabug: 38180618] {CVE-2025-38324} - wifi: carl9170: do not ping device which has failed to load firmware (Dmitry Antipov) [Orabug: 38254011] {CVE-2025-38420} - aoe: clean device rq_list in aoedev_downdev() (Justin Sanders) [Orabug: 38180629] {CVE-2025-38326} - hwmon: (occ) fix unaligned accesses (Arnd Bergmann) - drm/nouveau/bl: increase buffer size to avoid truncate warning (Jacob Keller) - erofs: remove unused trace event erofs_destroy_inode (Gao Xiang) - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (Jonathan Lane) - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (Takashi Iwai) - Input: sparcspkr - avoid unannotated fall-through (Yuli Wang) - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (Terry Junge) [Orabug: 38152878] {CVE-2025-38103} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. (Kuniyuki Iwashima) [Orabug: 38158458] {CVE-2025-38190} - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (Stephen Smalley) - scsi: s390: zfcp: Ensure synchronous unit_add (Peter Oberparleiter) - scsi: storvsc: Increase the timeouts to storvsc_timeout (Dexuan Cui) - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (Fedor Pchelkin) [Orabug: 38180636] {CVE-2025-38328} - jffs2: check that raw node were preallocated before writing summary (Artem Sadovnikov) [Orabug: 38158484] {CVE-2025-38194} - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (Andrew Morton) [Orabug: 38137454] {CVE-2025-38090} - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (Narayana Murty N) - platform/x86: dell_rbu: Stop overwriting data buffer (Stuart Hayes) - platform: Add Surface platform directory (Maximilian Luz) - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" (Alexander Sverdlin) - tee: Prevent size calculation wraparound on 32-bit kernels (Jann Horn) - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY (Sukrut Bellary) - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (Laurentiu Tudor) - watchdog: da9052_wdt: respect TWDMIN (Marcus Folkesson) - i40e: fix MMIO write access to an invalid page in i40e_clear_hw (Kyungwook Boo) [Orabug: 38158518] {CVE-2025-38200} - sock: Correct error checking condition for (assign|release)_proto_idx() (Zijun Hu) - scsi: lpfc: Use memcpy() for BIOS version (Daniel Wagner) [Orabug: 38180668] {CVE-2025-38332} - vxlan: Do not treat dst cache initialization errors as fatal (Ido Schimmel) - clk: rockchip: rk3036: mark ddrphy as critical (Heiko Stuebner) - wifi: mac80211: do not offer a mesh path if forwarding is disabled (Benjamin Berg) - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info (Jason Xing) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (Gabor Juhos) - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT (Sebastian Andrzej Siewior) - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows (Eric Dumazet) - tcp: always seek for minimal rtt in tcp_rcv_rtt_update() (Eric Dumazet) - net: dlink: add synchronization for stats update (Moon Yeounsu) - sctp: Do not wake readers in __sctp_write_space() (Petr Malat) - emulex/benet: correct command version selection in be_cmd_get_stats() (Alok Tiwari) - i2c: designware: Invoke runtime suspend on quick slave re-registration (Tan En De) - net: macb: Check return value of dma_set_mask_and_coherent() (Sergio Perez Gonzalez) - cpufreq: Force sync policy boost with global boost on sysfs update (Viresh Kumar) - nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults (Simon Schuster) - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() (Xu Wang) [Orabug: 38175014] {CVE-2025-38237} - media: tc358743: ignore video while HPD is low (Hans Verkuil) - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB (Amber Lin) - jfs: Fix null-ptr-deref in jfs_ioc_trim (Dylan Wolff) [Orabug: 38158546] {CVE-2025-38203} - drm/amdgpu/gfx9: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx8: fix CSIB handling (Alex Deucher) - jfs: fix array-index-out-of-bounds read in add_missing_indices (Aditya Dutt) [Orabug: 38158553] {CVE-2025-38204} - drm/amdgpu/gfx7: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx10: fix CSIB handling (Alex Deucher) - drm/msm/a6xx: Increase HFI response timeout (Akhil P Oommen) - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() (Srinivasan Shanmugam) - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition (Nas Chung) - drm/msm/hdmi: add runtime PM calls to DDC transfer function (Dmitry Baryshkov) - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() (Damon Ding) - sunrpc: update nextcheck time when adding new cache entries (Long Li) - drm/amdgpu/gfx6: fix CSIB handling (Alex Deucher) - ACPI: battery: negate current when discharging (Peter Marheine) - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (Charan Teja Kalla) - power: supply: bq27xxx: Retrieve again when busy (Jerry Lv) - ACPICA: fix acpi parse and parseext cache leaks (Seunghun Han) [Orabug: 38180748] {CVE-2025-38344} - ACPICA: Avoid sequence overread in call to strncmp() (Ahmed Salem) - ACPICA: fix acpi operand cache leak in dswstate.c (Seunghun Han) [Orabug: 38180756] {CVE-2025-38345} - iio: adc: ad7606_spi: fix reg write value mask (David Lechner) - PCI: Fix lock symmetry in pci_slot_unlock() (Ilpo J?rvinen) - PCI: Add ACS quirk for Loongson PCIe (Huacai Chen) - uio_hv_generic: Use correct size for interrupt and monitor pages (Long Li) - regulator: max14577: Add error check for max14577_read_reg() (Xu Wang) - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS (Khem Raj) - staging: iio: ad5933: Correct settling cycles encoding per datasheet (Gabriel) - net: ch9200: fix uninitialised access during mii_nway_restart (Qasim Ijaz) [Orabug: 38132189] {CVE-2025-38086} - ftrace: Fix UAF when lookup kallsym after ftrace disabled (Ye Bin) [Orabug: 38180768] {CVE-2025-38346} - dm-mirror: fix a tiny race condition (Mikulas Patocka) - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (Xu Wang) - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (Xu Wang) - mm: fix ratelimit_pages update error in dirty_ratio_handler() (Jinliang Zheng) - ipc: fix to protect IPCS lookups using RCU (Jeongjun Park) [Orabug: 38158598] {CVE-2025-38212} - parisc: fix building with gcc-15 (Arnd Bergmann) - vgacon: Add check for vc_origin address range in vgacon_scroll() (Gong, Ruiqi) - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (Murad Masimov) [Orabug: 38158615] {CVE-2025-38214} - EDAC/altera: Use correct write width with the INTTEST register (Niravkumar L Rabara) - NFC: nci: uart: Set tty->disc_data only in success path (Krzysztof Kozlowski) [Orabug: 38253992] {CVE-2025-38416} - f2fs: prevent kernel warning due to negative i_nlink from corrupted image (Jaegeuk Kim) [Orabug: 38158649] {CVE-2025-38219} - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (Dan Carpenter) [Orabug: 38254054] {CVE-2025-38428} - ext4: fix calculation of credits for extent tree modification (Jan Kara) - ext4: inline: fix len overflow in ext4_prepare_inline_data (Thadeu Lima de Souza Cascardo) [Orabug: 38158662] {CVE-2025-38222} - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (Ioana Ciornei) - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tasos Sahanidis) [Orabug: 38180697] {CVE-2025-38336} - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() (Ross Stutterheim) - media: v4l2-dev: fix error handling in __video_register_device() (Ma Ke) - media: gspca: Add error handling for stv06xx_read_sensor() (Xu Wang) - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (Mingcong Bai) - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (Neil Brown) [Orabug: 38254062] {CVE-2025-38430} - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (Christian Lamparter) [Orabug: 38180783] {CVE-2025-38348} - gfs2: move msleep to sleepable context (Alexander Aring) - configfs: Do not override creating attribute file failure in populate_attrs() (Zijun Hu) - net: usb: aqc111: debug info before sanitation (Oliver Neukum) - calipso: unlock rcu before returning -EAFNOSUPPORT (Eric Dumazet) - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (Stefano Stabellini) - usb: Flush altsetting 0 endpoints before reinitializating them after reset. (Mathias Nyman) - fs/filesystems: Fix potential unsigned integer underflow in fs_name() (Zijun Hu) - net/mdiobus: Fix potential out-of-bounds read/write access (Jakub Raczynski) - drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang (Nathan Chancellor) - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang (Nathan Chancellor) - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option (Nathan Chancellor) - x86/boot/compressed: prefer cc-option for CFLAGS additions (Nick Desaulniers) - net: mdio: C22 is now optional, EOPNOTSUPP if not provided (Andrew Lunn) - net_sched: tbf: fix a race in tbf_change() (Eric Dumazet) - net_sched: red: fix a race in __red_change() (Eric Dumazet) [Orabug: 38152899] {CVE-2025-38108} - net_sched: prio: fix a race in prio_tune() (Eric Dumazet) [Orabug: 38105335] {CVE-2025-38083} - net/mlx5: Fix return value when searching for existing flow group (Patrisious Haddad) - net/mlx5: Wait for inactive autogroups (Paul Blakey) - i40e: retry VFLR handling if there is ongoing VF reset (Robert Malz) - i40e: return false from i40e_reset_vf if reset is in progress (Robert Malz) - net_sched: sch_sfq: fix a potential crash on gso_skb handling (Eric Dumazet) [Orabug: 38152923] {CVE-2025-38115} - scsi: iscsi: Fix incorrect error path labels for flashnode operations (Alok Tiwari) - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (Chuck Lever) [Orabug: 36954169] {CVE-2022-48829} - NFSD: Fix ia_size underflow (Chuck Lever) [Orabug: 36954164] {CVE-2022-48828} - Input: synaptics-rmi - fix crash with unsupported versions of F34 (Dmitry Torokhov) - Input: synaptics-rmi4 - convert to use sysfs_emit() APIs (Zhang Songyi) - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() (Dan Carpenter) - do_change_type(): refuse to operate on unmounted/not ours mounts (Al Viro) [Orabug: 38256450] {CVE-2025-38498} - ice: create new Tx scheduler nodes for new queues only (Michal Kubiak) - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (Luiz Augusto von Dentz) - net/mlx4_en: Prevent potential integer overflow calculating Hz (Dan Carpenter) - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (Nicolas Pitre) - serial: Fix potential null-ptr-deref in mlb_usio_probe() (Henry Martin) [Orabug: 38153012] {CVE-2025-38135} - usb: renesas_usbhs: Reorder clock handling and power management in probe (Lad Prabhakar) [Orabug: 38153017] {CVE-2025-38136} - rtc: Fix offset calculation for .start_secs < 0 (Alexandre Mergnat) - rtc: sh: assign correct interrupts with DT (Wolfram Sang) - perf record: Fix incorrect --user-regs comments (Dapeng Mi) - perf tests switch-tracking: Fix timestamp comparison (Leo Yan) - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (Alexey Gladkov) - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (Christophe Jaillet) - rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() (Dan Carpenter) - perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 (Adrian Hunter) - perf ui browser hists: Set actions->thread before calling do_zoom_thread() (Arnaldo Carvalho de Melo) - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180566] {CVE-2025-38312} - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153060] {CVE-2025-38145} - soc: aspeed: lpc: Fix impossible judgment condition (Su Hui) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (Quentin Schulz) - ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device (Dmitry Baryshkov) - bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180573] {CVE-2025-38313} - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (Ryusuke Konishi) - nilfs2: add pointer check for nilfs_direct_propagate() (Xu Wang) - Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253985] {CVE-2025-38415} - ARM: dts: at91: at91sam9263: fix NAND chip selects (Wolfram Sang) - ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select (Wolfram Sang) - f2fs: fix to correct check conditions in f2fs_cross_rename (Zhiguo Niu) - f2fs: use d_inode(dentry) cleanup dentry->d_inode (Zhiguo Niu) - calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153070] {CVE-2025-38147} - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy (Thangaraj Samynathan) - net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153090] {CVE-2025-38153} - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (Florian Westphal) - wifi: ath9k_htc: Abort software beacon handling if disabled (Toke H?iland-J?rgensen) [Orabug: 38153110] {CVE-2025-38157} - bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180489] {CVE-2025-38285} - pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180495] {CVE-2025-38286} - ktls, sockmap: Fix missing uncharge operation (Jiayuan Chen) - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (Huajian Yang) - f2fs: clean up w/ fscrypt_is_bounce_page() (Chao Yu) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (Junxian Huang) - wifi: rtw88: do not ignore hardware read error during DPK (Dmitry Antipov) - net: ncsi: Fix GCPS 64-bit member variables (Hari Kalavakunta) - f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153150] {CVE-2025-38163} - drm/tegra: rgb: Fix the unbound reference count (Biju Das) - drm/vkms: Adjust vkms_state->active_planes allocation type (Kees Cook) - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (Biju Das) - selftests/seccomp: fix syscall_restart test for arm compat (Neill Kapron) - firmware: psci: Fix refcount leak in psci_dt_init (Miaoqian Lin) - m68k: mac: Fix macintosh_config for Mac II (Finn Thain) - drm/vmwgfx: Add seqno waiter for sync_files (Ian Forbes) - spi: sh-msiof: Fix maximum DMA transfer size (Geert Uytterhoeven) - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" (Armin Wolf) - x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (Jiaqing Zhao) - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (Zijun Hu) - EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180525] {CVE-2025-38298} - crypto: marvell/cesa - Avoid empty transfer descriptor (Herbert Xu) - crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153190] {CVE-2025-38173} - x86/cpu: Sanitize CPUID(0x80000000) output (Ahmed S. Darwish) - perf/core: Fix broken throttling when max_samples_per_tick=1 (Qing Wang) - gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher) - netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [Orabug: 37116555] {CVE-2024-46855} - thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158384] {CVE-2025-38174} - usb: usbtmc: Fix timeout value in get_stb (Dave Penkler) - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (Hongyu Xie) - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (Jiayi Li) - pinctrl: armada-37xx: set GPIO output value before setting direction (Gabor Juhos) - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (Gabor Juhos) From el-errata at oss.oracle.com Wed Sep 10 13:15:05 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 10 Sep 2025 06:15:05 -0700 Subject: [El-errata] ELBA-2025-15540 Oracle Linux 8 nspr bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15540 http://linux.oracle.com/errata/ELBA-2025-15540.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nspr-4.36.0-2.el8_10.i686.rpm nspr-4.36.0-2.el8_10.x86_64.rpm nspr-devel-4.36.0-2.el8_10.i686.rpm nspr-devel-4.36.0-2.el8_10.x86_64.rpm aarch64: nspr-4.36.0-2.el8_10.aarch64.rpm nspr-devel-4.36.0-2.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/nspr-4.36.0-2.el8_10.src.rpm Description of changes: [4.36.0-2] - Bump version number to clear infrastructure issues [4.36.0-1] - Update to NSPR 4.36 From el-errata at oss.oracle.com Wed Sep 10 13:15:06 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 10 Sep 2025 06:15:06 -0700 Subject: [El-errata] ELEA-2025-15541 Oracle Linux 8 nss bug fix and enhancement update Message-ID: Oracle Linux Enhancement Advisory ELEA-2025-15541 http://linux.oracle.com/errata/ELEA-2025-15541.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nss-3.112.0-4.el8_10.i686.rpm nss-3.112.0-4.el8_10.x86_64.rpm nss-devel-3.112.0-4.el8_10.i686.rpm nss-devel-3.112.0-4.el8_10.x86_64.rpm nss-softokn-3.112.0-4.el8_10.i686.rpm nss-softokn-3.112.0-4.el8_10.x86_64.rpm nss-softokn-devel-3.112.0-4.el8_10.i686.rpm nss-softokn-devel-3.112.0-4.el8_10.x86_64.rpm nss-softokn-freebl-3.112.0-4.el8_10.i686.rpm nss-softokn-freebl-3.112.0-4.el8_10.x86_64.rpm nss-softokn-freebl-devel-3.112.0-4.el8_10.i686.rpm nss-softokn-freebl-devel-3.112.0-4.el8_10.x86_64.rpm nss-sysinit-3.112.0-4.el8_10.x86_64.rpm nss-tools-3.112.0-4.el8_10.x86_64.rpm nss-util-3.112.0-4.el8_10.i686.rpm nss-util-3.112.0-4.el8_10.x86_64.rpm nss-util-devel-3.112.0-4.el8_10.i686.rpm nss-util-devel-3.112.0-4.el8_10.x86_64.rpm aarch64: nss-3.112.0-4.el8_10.aarch64.rpm nss-devel-3.112.0-4.el8_10.aarch64.rpm nss-softokn-3.112.0-4.el8_10.aarch64.rpm nss-softokn-devel-3.112.0-4.el8_10.aarch64.rpm nss-softokn-freebl-3.112.0-4.el8_10.aarch64.rpm nss-softokn-freebl-devel-3.112.0-4.el8_10.aarch64.rpm nss-sysinit-3.112.0-4.el8_10.aarch64.rpm nss-tools-3.112.0-4.el8_10.aarch64.rpm nss-util-3.112.0-4.el8_10.aarch64.rpm nss-util-devel-3.112.0-4.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/nss-3.112.0-4.el8_10.src.rpm Description of changes: [3.112.0-4] - fix interface issue when pulling 3.0 pkcs#11 interfaces explicitly [3.112.0-3] - restore CONCATENATE functions accidentally remvoed in the last patch - fix big endian issue in tstclnt and selfserv in certificate compression [3.112.0-2] - add fips required changes. - fix bugs found by QE [3.112.0-1] - rebase to NSS 3.112 - add ml-kem-1024 support - add ml-dsa support From el-errata at oss.oracle.com Wed Sep 10 13:15:08 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 10 Sep 2025 06:15:08 -0700 Subject: [El-errata] ELSA-2025-15471 Important: Oracle Linux 8 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15471 http://linux.oracle.com/errata/ELSA-2025-15471.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-abi-stablelists-4.18.0-553.74.1.el8_10.noarch.rpm kernel-core-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-cross-headers-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-debug-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-debug-core-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-debug-devel-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-debug-modules-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-devel-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-doc-4.18.0-553.74.1.el8_10.noarch.rpm kernel-headers-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-modules-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-modules-extra-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-tools-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-tools-libs-4.18.0-553.74.1.el8_10.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.74.1.el8_10.x86_64.rpm perf-4.18.0-553.74.1.el8_10.x86_64.rpm python3-perf-4.18.0-553.74.1.el8_10.x86_64.rpm aarch64: bpftool-4.18.0-553.74.1.el8_10.aarch64.rpm kernel-cross-headers-4.18.0-553.74.1.el8_10.aarch64.rpm kernel-headers-4.18.0-553.74.1.el8_10.aarch64.rpm kernel-tools-4.18.0-553.74.1.el8_10.aarch64.rpm kernel-tools-libs-4.18.0-553.74.1.el8_10.aarch64.rpm kernel-tools-libs-devel-4.18.0-553.74.1.el8_10.aarch64.rpm perf-4.18.0-553.74.1.el8_10.aarch64.rpm python3-perf-4.18.0-553.74.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.74.1.el8_10.src.rpm Related CVEs: CVE-2022-49985 CVE-2025-38352 Description of changes: [4.18.0-553.74.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772] [4.18.0-553.74.1.el8_10] - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [RHEL-112775] {CVE-2025-38352} [4.18.0-553.73.1.el8_10] - ACPI: resource: Honor MADT INT_SRC_OVR settings for IRQ1 on AMD Zen (Jay Shin) [RHEL-108360] - ACPI: resource: Always use MADT override IRQ settings for all legacy non i8042 IRQs (Jay Shin) [RHEL-108360] - s390/pci: Allow automatic recovery with minimal driver support (Mete Durlu) [RHEL-110234] - bpf: Don't use tnum_range on array range checking for poke descriptors (CKI Backport Bot) [RHEL-109298] {CVE-2022-49985} - s390/ism: fix concurrency management in ism_cmd() (Mete Durlu) [RHEL-110208] From el-errata at oss.oracle.com Wed Sep 10 13:15:14 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 10 Sep 2025 06:15:14 -0700 Subject: [El-errata] ELSA-2025-20553 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20553 http://linux.oracle.com/errata/ELSA-2025-20553.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.347.6.el8uek.x86_64.rpm kernel-uek-container-5.4.17-2136.347.6.el8uek.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.347.6.el8uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.347.6.el8uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.347.6.el8uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.347.6.el8uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.347.6.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.347.6.el8uek.src.rpm Related CVEs: CVE-2022-48773 CVE-2022-48828 CVE-2022-48829 CVE-2024-46855 CVE-2024-57996 CVE-2025-37752 CVE-2025-37958 CVE-2025-38083 CVE-2025-38086 CVE-2025-38090 CVE-2025-38103 CVE-2025-38108 CVE-2025-38115 CVE-2025-38135 CVE-2025-38136 CVE-2025-38145 CVE-2025-38147 CVE-2025-38153 CVE-2025-38157 CVE-2025-38163 CVE-2025-38173 CVE-2025-38174 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38194 CVE-2025-38200 CVE-2025-38203 CVE-2025-38204 CVE-2025-38212 CVE-2025-38214 CVE-2025-38219 CVE-2025-38222 CVE-2025-38237 CVE-2025-38285 CVE-2025-38286 CVE-2025-38298 CVE-2025-38312 CVE-2025-38313 CVE-2025-38320 CVE-2025-38323 CVE-2025-38324 CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38336 CVE-2025-38337 CVE-2025-38344 CVE-2025-38345 CVE-2025-38346 CVE-2025-38348 CVE-2025-38352 CVE-2025-38415 CVE-2025-38416 CVE-2025-38420 CVE-2025-38424 CVE-2025-38428 CVE-2025-38430 CVE-2025-38498 Description of changes: [5.4.17-2136.347.6.el8uek] - net_sched: sch_sfq: move the limit validation (Octavian Purdila) [Orabug: 38377926] {CVE-2025-37752} - net_sched: sch_sfq: use a temporary work area for validating configuration (Octavian Purdila) [Orabug: 38377926] - net_sched: sch_sfq: don't allow 1 packet limit (Octavian Purdila) [Orabug: 38377926] {CVE-2024-57996} - net_sched: sch_sfq: handle bigger packets (Eric Dumazet) [Orabug: 38377926] - net_sched: sch_sfq: annotate data-races around q->perturb_period (Eric Dumazet) [Orabug: 38377926] [5.4.17-2136.347.5.el8uek] - squashfs: fix memory leak in squashfs_fill_super (Phillip Lougher) - netfilter: nf_tables: adjust lockdep assertions handling (Fedor Pchelkin) - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (Helge Deller) - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (Arnd Bergmann) [5.4.17-2136.347.4.el8uek] - KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38319938] - KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi (Miaohe Lin) [Orabug: 38319938] - rds: Fix NULL ptr deref in xas_start (H?kon Bugge) [Orabug: 38169303] [5.4.17-2136.347.3.el8uek] - mm: make page_mapped_in_vma() hugetlb walk aware (Jane Chu) [Orabug: 38146326] - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk (Zhenwei Pi) [Orabug: 38146326] [5.4.17-2136.347.2.el8uek] - rds: tcp: block BH in TCP callbacks (Eric Dumazet) [Orabug: 38236847] - kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges (Lianbo Jiang) [Orabug: 38134902] - module: correctly exit module_kallsyms_on_each_symbol when fn() != 0 (Jon Mediero) [Orabug: 37820709] - module: potential uninitialized return in module_kallsyms_on_each_symbol() (Dan Carpenter) [Orabug: 37820709] - module: use RCU to synchronize find_module (Christoph Hellwig) [Orabug: 37820709] - kallsyms: refactor {,module_}kallsyms_on_each_symbol (Christoph Hellwig) [Orabug: 37820709] [5.4.17-2136.347.1.el8uek] - LTS tag: v5.4.295 (Alok Tiwari) - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (Kees Cook) - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() (Tengda Wu) [Orabug: 38180596] {CVE-2025-38320} - perf: Fix sample vs do_exit() (Peter Zijlstra) [Orabug: 38254030] {CVE-2025-38424} - s390/pci: Fix __pcilg_mio_inuser() inline assembly (Heiko Carstens) - rtc: test: Fix invalid format specifier. (David Gow) - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (Jeongjun Park) [Orabug: 38180707] {CVE-2025-38337} - mm/huge_memory: fix dereferencing invalid pmd migration entry (Gavin Guo) [Orabug: 37976985] {CVE-2025-37958} - rtc: Make rtc_time64_to_tm() support dates before 1970 (Alexandre Mergnat) - rtc: Improve performance of rtc_time64_to_tm(). Add tests. (Cassio Neri) - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (Dan Aloni) [Orabug: 37101886] {CVE-2022-48773} - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [Orabug: 38223087] {CVE-2025-38352} - ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms (Geert Uytterhoeven) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert time (Colin Foster) - ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board (Shengyu Qu) - net: atm: fix /proc/net/atm/lec handling (Eric Dumazet) [Orabug: 38158407] {CVE-2025-38180} - net: atm: add lec_mutex (Eric Dumazet) [Orabug: 38180612] {CVE-2025-38323} - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (Kuniyuki Iwashima) [Orabug: 38158413] {CVE-2025-38181} - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (Haixia Qu) [Orabug: 38158425] {CVE-2025-38184} - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Neal Cardwell) - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). (Kuniyuki Iwashima) [Orabug: 38158434] {CVE-2025-38185} - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). (Kuniyuki Iwashima) [Orabug: 38180618] {CVE-2025-38324} - wifi: carl9170: do not ping device which has failed to load firmware (Dmitry Antipov) [Orabug: 38254011] {CVE-2025-38420} - aoe: clean device rq_list in aoedev_downdev() (Justin Sanders) [Orabug: 38180629] {CVE-2025-38326} - hwmon: (occ) fix unaligned accesses (Arnd Bergmann) - drm/nouveau/bl: increase buffer size to avoid truncate warning (Jacob Keller) - erofs: remove unused trace event erofs_destroy_inode (Gao Xiang) - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (Jonathan Lane) - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (Takashi Iwai) - Input: sparcspkr - avoid unannotated fall-through (Yuli Wang) - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (Terry Junge) [Orabug: 38152878] {CVE-2025-38103} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. (Kuniyuki Iwashima) [Orabug: 38158458] {CVE-2025-38190} - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (Stephen Smalley) - scsi: s390: zfcp: Ensure synchronous unit_add (Peter Oberparleiter) - scsi: storvsc: Increase the timeouts to storvsc_timeout (Dexuan Cui) - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (Fedor Pchelkin) [Orabug: 38180636] {CVE-2025-38328} - jffs2: check that raw node were preallocated before writing summary (Artem Sadovnikov) [Orabug: 38158484] {CVE-2025-38194} - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (Andrew Morton) [Orabug: 38137454] {CVE-2025-38090} - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (Narayana Murty N) - platform/x86: dell_rbu: Stop overwriting data buffer (Stuart Hayes) - platform: Add Surface platform directory (Maximilian Luz) - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" (Alexander Sverdlin) - tee: Prevent size calculation wraparound on 32-bit kernels (Jann Horn) - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY (Sukrut Bellary) - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (Laurentiu Tudor) - watchdog: da9052_wdt: respect TWDMIN (Marcus Folkesson) - i40e: fix MMIO write access to an invalid page in i40e_clear_hw (Kyungwook Boo) [Orabug: 38158518] {CVE-2025-38200} - sock: Correct error checking condition for (assign|release)_proto_idx() (Zijun Hu) - scsi: lpfc: Use memcpy() for BIOS version (Daniel Wagner) [Orabug: 38180668] {CVE-2025-38332} - vxlan: Do not treat dst cache initialization errors as fatal (Ido Schimmel) - clk: rockchip: rk3036: mark ddrphy as critical (Heiko Stuebner) - wifi: mac80211: do not offer a mesh path if forwarding is disabled (Benjamin Berg) - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info (Jason Xing) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (Gabor Juhos) - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT (Sebastian Andrzej Siewior) - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows (Eric Dumazet) - tcp: always seek for minimal rtt in tcp_rcv_rtt_update() (Eric Dumazet) - net: dlink: add synchronization for stats update (Moon Yeounsu) - sctp: Do not wake readers in __sctp_write_space() (Petr Malat) - emulex/benet: correct command version selection in be_cmd_get_stats() (Alok Tiwari) - i2c: designware: Invoke runtime suspend on quick slave re-registration (Tan En De) - net: macb: Check return value of dma_set_mask_and_coherent() (Sergio Perez Gonzalez) - cpufreq: Force sync policy boost with global boost on sysfs update (Viresh Kumar) - nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults (Simon Schuster) - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() (Xu Wang) [Orabug: 38175014] {CVE-2025-38237} - media: tc358743: ignore video while HPD is low (Hans Verkuil) - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB (Amber Lin) - jfs: Fix null-ptr-deref in jfs_ioc_trim (Dylan Wolff) [Orabug: 38158546] {CVE-2025-38203} - drm/amdgpu/gfx9: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx8: fix CSIB handling (Alex Deucher) - jfs: fix array-index-out-of-bounds read in add_missing_indices (Aditya Dutt) [Orabug: 38158553] {CVE-2025-38204} - drm/amdgpu/gfx7: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx10: fix CSIB handling (Alex Deucher) - drm/msm/a6xx: Increase HFI response timeout (Akhil P Oommen) - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() (Srinivasan Shanmugam) - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition (Nas Chung) - drm/msm/hdmi: add runtime PM calls to DDC transfer function (Dmitry Baryshkov) - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() (Damon Ding) - sunrpc: update nextcheck time when adding new cache entries (Long Li) - drm/amdgpu/gfx6: fix CSIB handling (Alex Deucher) - ACPI: battery: negate current when discharging (Peter Marheine) - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (Charan Teja Kalla) - power: supply: bq27xxx: Retrieve again when busy (Jerry Lv) - ACPICA: fix acpi parse and parseext cache leaks (Seunghun Han) [Orabug: 38180748] {CVE-2025-38344} - ACPICA: Avoid sequence overread in call to strncmp() (Ahmed Salem) - ACPICA: fix acpi operand cache leak in dswstate.c (Seunghun Han) [Orabug: 38180756] {CVE-2025-38345} - iio: adc: ad7606_spi: fix reg write value mask (David Lechner) - PCI: Fix lock symmetry in pci_slot_unlock() (Ilpo J?rvinen) - PCI: Add ACS quirk for Loongson PCIe (Huacai Chen) - uio_hv_generic: Use correct size for interrupt and monitor pages (Long Li) - regulator: max14577: Add error check for max14577_read_reg() (Xu Wang) - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS (Khem Raj) - staging: iio: ad5933: Correct settling cycles encoding per datasheet (Gabriel) - net: ch9200: fix uninitialised access during mii_nway_restart (Qasim Ijaz) [Orabug: 38132189] {CVE-2025-38086} - ftrace: Fix UAF when lookup kallsym after ftrace disabled (Ye Bin) [Orabug: 38180768] {CVE-2025-38346} - dm-mirror: fix a tiny race condition (Mikulas Patocka) - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (Xu Wang) - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (Xu Wang) - mm: fix ratelimit_pages update error in dirty_ratio_handler() (Jinliang Zheng) - ipc: fix to protect IPCS lookups using RCU (Jeongjun Park) [Orabug: 38158598] {CVE-2025-38212} - parisc: fix building with gcc-15 (Arnd Bergmann) - vgacon: Add check for vc_origin address range in vgacon_scroll() (Gong, Ruiqi) - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (Murad Masimov) [Orabug: 38158615] {CVE-2025-38214} - EDAC/altera: Use correct write width with the INTTEST register (Niravkumar L Rabara) - NFC: nci: uart: Set tty->disc_data only in success path (Krzysztof Kozlowski) [Orabug: 38253992] {CVE-2025-38416} - f2fs: prevent kernel warning due to negative i_nlink from corrupted image (Jaegeuk Kim) [Orabug: 38158649] {CVE-2025-38219} - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (Dan Carpenter) [Orabug: 38254054] {CVE-2025-38428} - ext4: fix calculation of credits for extent tree modification (Jan Kara) - ext4: inline: fix len overflow in ext4_prepare_inline_data (Thadeu Lima de Souza Cascardo) [Orabug: 38158662] {CVE-2025-38222} - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (Ioana Ciornei) - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tasos Sahanidis) [Orabug: 38180697] {CVE-2025-38336} - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() (Ross Stutterheim) - media: v4l2-dev: fix error handling in __video_register_device() (Ma Ke) - media: gspca: Add error handling for stv06xx_read_sensor() (Xu Wang) - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (Mingcong Bai) - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (Neil Brown) [Orabug: 38254062] {CVE-2025-38430} - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (Christian Lamparter) [Orabug: 38180783] {CVE-2025-38348} - gfs2: move msleep to sleepable context (Alexander Aring) - configfs: Do not override creating attribute file failure in populate_attrs() (Zijun Hu) - net: usb: aqc111: debug info before sanitation (Oliver Neukum) - calipso: unlock rcu before returning -EAFNOSUPPORT (Eric Dumazet) - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (Stefano Stabellini) - usb: Flush altsetting 0 endpoints before reinitializating them after reset. (Mathias Nyman) - fs/filesystems: Fix potential unsigned integer underflow in fs_name() (Zijun Hu) - net/mdiobus: Fix potential out-of-bounds read/write access (Jakub Raczynski) - drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang (Nathan Chancellor) - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang (Nathan Chancellor) - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option (Nathan Chancellor) - x86/boot/compressed: prefer cc-option for CFLAGS additions (Nick Desaulniers) - net: mdio: C22 is now optional, EOPNOTSUPP if not provided (Andrew Lunn) - net_sched: tbf: fix a race in tbf_change() (Eric Dumazet) - net_sched: red: fix a race in __red_change() (Eric Dumazet) [Orabug: 38152899] {CVE-2025-38108} - net_sched: prio: fix a race in prio_tune() (Eric Dumazet) [Orabug: 38105335] {CVE-2025-38083} - net/mlx5: Fix return value when searching for existing flow group (Patrisious Haddad) - net/mlx5: Wait for inactive autogroups (Paul Blakey) - i40e: retry VFLR handling if there is ongoing VF reset (Robert Malz) - i40e: return false from i40e_reset_vf if reset is in progress (Robert Malz) - net_sched: sch_sfq: fix a potential crash on gso_skb handling (Eric Dumazet) [Orabug: 38152923] {CVE-2025-38115} - scsi: iscsi: Fix incorrect error path labels for flashnode operations (Alok Tiwari) - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (Chuck Lever) [Orabug: 36954169] {CVE-2022-48829} - NFSD: Fix ia_size underflow (Chuck Lever) [Orabug: 36954164] {CVE-2022-48828} - Input: synaptics-rmi - fix crash with unsupported versions of F34 (Dmitry Torokhov) - Input: synaptics-rmi4 - convert to use sysfs_emit() APIs (Zhang Songyi) - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() (Dan Carpenter) - do_change_type(): refuse to operate on unmounted/not ours mounts (Al Viro) [Orabug: 38256450] {CVE-2025-38498} - ice: create new Tx scheduler nodes for new queues only (Michal Kubiak) - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (Luiz Augusto von Dentz) - net/mlx4_en: Prevent potential integer overflow calculating Hz (Dan Carpenter) - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (Nicolas Pitre) - serial: Fix potential null-ptr-deref in mlb_usio_probe() (Henry Martin) [Orabug: 38153012] {CVE-2025-38135} - usb: renesas_usbhs: Reorder clock handling and power management in probe (Lad Prabhakar) [Orabug: 38153017] {CVE-2025-38136} - rtc: Fix offset calculation for .start_secs < 0 (Alexandre Mergnat) - rtc: sh: assign correct interrupts with DT (Wolfram Sang) - perf record: Fix incorrect --user-regs comments (Dapeng Mi) - perf tests switch-tracking: Fix timestamp comparison (Leo Yan) - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (Alexey Gladkov) - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (Christophe Jaillet) - rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() (Dan Carpenter) - perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 (Adrian Hunter) - perf ui browser hists: Set actions->thread before calling do_zoom_thread() (Arnaldo Carvalho de Melo) - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180566] {CVE-2025-38312} - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153060] {CVE-2025-38145} - soc: aspeed: lpc: Fix impossible judgment condition (Su Hui) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (Quentin Schulz) - ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device (Dmitry Baryshkov) - bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180573] {CVE-2025-38313} - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (Ryusuke Konishi) - nilfs2: add pointer check for nilfs_direct_propagate() (Xu Wang) - Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253985] {CVE-2025-38415} - ARM: dts: at91: at91sam9263: fix NAND chip selects (Wolfram Sang) - ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select (Wolfram Sang) - f2fs: fix to correct check conditions in f2fs_cross_rename (Zhiguo Niu) - f2fs: use d_inode(dentry) cleanup dentry->d_inode (Zhiguo Niu) - calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153070] {CVE-2025-38147} - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy (Thangaraj Samynathan) - net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153090] {CVE-2025-38153} - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (Florian Westphal) - wifi: ath9k_htc: Abort software beacon handling if disabled (Toke H?iland-J?rgensen) [Orabug: 38153110] {CVE-2025-38157} - bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180489] {CVE-2025-38285} - pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180495] {CVE-2025-38286} - ktls, sockmap: Fix missing uncharge operation (Jiayuan Chen) - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (Huajian Yang) - f2fs: clean up w/ fscrypt_is_bounce_page() (Chao Yu) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (Junxian Huang) - wifi: rtw88: do not ignore hardware read error during DPK (Dmitry Antipov) - net: ncsi: Fix GCPS 64-bit member variables (Hari Kalavakunta) - f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153150] {CVE-2025-38163} - drm/tegra: rgb: Fix the unbound reference count (Biju Das) - drm/vkms: Adjust vkms_state->active_planes allocation type (Kees Cook) - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (Biju Das) - selftests/seccomp: fix syscall_restart test for arm compat (Neill Kapron) - firmware: psci: Fix refcount leak in psci_dt_init (Miaoqian Lin) - m68k: mac: Fix macintosh_config for Mac II (Finn Thain) - drm/vmwgfx: Add seqno waiter for sync_files (Ian Forbes) - spi: sh-msiof: Fix maximum DMA transfer size (Geert Uytterhoeven) - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" (Armin Wolf) - x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (Jiaqing Zhao) - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (Zijun Hu) - EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180525] {CVE-2025-38298} - crypto: marvell/cesa - Avoid empty transfer descriptor (Herbert Xu) - crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153190] {CVE-2025-38173} - x86/cpu: Sanitize CPUID(0x80000000) output (Ahmed S. Darwish) - perf/core: Fix broken throttling when max_samples_per_tick=1 (Qing Wang) - gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher) - netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [Orabug: 37116555] {CVE-2024-46855} - thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158384] {CVE-2025-38174} - usb: usbtmc: Fix timeout value in get_stb (Dave Penkler) - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (Hongyu Xie) - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (Jiayi Li) - pinctrl: armada-37xx: set GPIO output value before setting direction (Gabor Juhos) - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (Gabor Juhos) From el-errata at oss.oracle.com Wed Sep 10 13:15:18 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 10 Sep 2025 06:15:18 -0700 Subject: [El-errata] ELBA-2025-15515 Oracle Linux 9 nss bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15515 http://linux.oracle.com/errata/ELBA-2025-15515.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nspr-4.36.0-4.el9_4.i686.rpm nspr-4.36.0-4.el9_4.x86_64.rpm nspr-devel-4.36.0-4.el9_4.i686.rpm nspr-devel-4.36.0-4.el9_4.x86_64.rpm nss-3.112.0-4.el9_4.i686.rpm nss-3.112.0-4.el9_4.x86_64.rpm nss-devel-3.112.0-4.el9_4.i686.rpm nss-devel-3.112.0-4.el9_4.x86_64.rpm nss-softokn-3.112.0-4.el9_4.i686.rpm nss-softokn-3.112.0-4.el9_4.x86_64.rpm nss-softokn-devel-3.112.0-4.el9_4.i686.rpm nss-softokn-devel-3.112.0-4.el9_4.x86_64.rpm nss-softokn-freebl-3.112.0-4.el9_4.i686.rpm nss-softokn-freebl-3.112.0-4.el9_4.x86_64.rpm nss-softokn-freebl-devel-3.112.0-4.el9_4.i686.rpm nss-softokn-freebl-devel-3.112.0-4.el9_4.x86_64.rpm nss-sysinit-3.112.0-4.el9_4.x86_64.rpm nss-tools-3.112.0-4.el9_4.x86_64.rpm nss-util-3.112.0-4.el9_4.i686.rpm nss-util-3.112.0-4.el9_4.x86_64.rpm nss-util-devel-3.112.0-4.el9_4.i686.rpm nss-util-devel-3.112.0-4.el9_4.x86_64.rpm aarch64: nspr-4.36.0-4.el9_4.aarch64.rpm nspr-devel-4.36.0-4.el9_4.aarch64.rpm nss-3.112.0-4.el9_4.aarch64.rpm nss-devel-3.112.0-4.el9_4.aarch64.rpm nss-softokn-3.112.0-4.el9_4.aarch64.rpm nss-softokn-devel-3.112.0-4.el9_4.aarch64.rpm nss-softokn-freebl-3.112.0-4.el9_4.aarch64.rpm nss-softokn-freebl-devel-3.112.0-4.el9_4.aarch64.rpm nss-sysinit-3.112.0-4.el9_4.aarch64.rpm nss-tools-3.112.0-4.el9_4.aarch64.rpm nss-util-3.112.0-4.el9_4.aarch64.rpm nss-util-devel-3.112.0-4.el9_4.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/nss-3.112.0-4.el9_4.src.rpm Description of changes: [3.112.0-4] - fix interface issue when pulling 3.0 pkcs#11 interfaces explicitly [3.112.0-3] - restore CONCATENATE functions accidentally remvoed in the last patch - fix big endian issue in tstclnt and selfserv in certificate compression [3.112.0-2] - add fips required changes. - fix bugs found by QE [3.112.0-1] - rebase to NSS 3.112 - add ml-kem-1024 support - add ml-dsa support From el-errata at oss.oracle.com Thu Sep 11 07:08:29 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 07:08:29 +0000 Subject: [El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2025-20552) Message-ID: Synopsis: ELSA-2025-20552 can now be patched using Ksplice CVEs: CVE-2018-3646 CVE-2024-26726 CVE-2025-38083 CVE-2025-38086 CVE-2025-38102 CVE-2025-38107 CVE-2025-38108 CVE-2025-38111 CVE-2025-38112 CVE-2025-38115 CVE- 2025-38120 CVE-2025-38146 CVE-2025-38147 CVE-2025-38154 CVE-2025-38159 CVE- 2025-38181 CVE-2025-38184 CVE-2025-38190 CVE-2025-38193 CVE-2025-38194 CVE- 2025-38197 CVE-2025-38206 CVE-2025-38211 CVE-2025-38212 CVE-2025-38222 CVE- 2025-38231 CVE-2025-38245 CVE-2025-38251 CVE-2025-38263 CVE-2025-38305 CVE- 2025-38310 CVE-2025-38328 CVE-2025-38332 CVE-2025-38342 CVE-2025-38352 CVE- 2025-38380 CVE-2025-38387 CVE-2025-38399 CVE-2025-38403 CVE-2025-38412 CVE- 2025-38430 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-20552. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-20552.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on OL8 and OL9 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-26726: Kernel panic in Btrfs filesystem driver. * CVE-2025-38083, CVE-2025-38108: Integer underflow in multiple network schedulers. * CVE-2025-38086: Use of uninitialized memory in QingHeng CH9200 USB ethernet driver. * CVE-2025-38102: Race condition in VMware VMCI driver. * CVE-2025-38107: Integer overflow in Enhanced transmission selection scheduler (ETS). * CVE-2025-38111: Out-of-bounds memory usage in MDIO bus driver. * CVE-2025-38112: Null pointer dereference in TCP/IP networking driver. * CVE-2025-38115: Null-pointer dereference in Stochastic Fairness Queueing (SFQ) network scheduler. * CVE-2025-38120: Memory disclosure in Netfilter driver. * CVE-2025-38146: Soft lockup in Open vSwitch driver. * CVE-2025-38147: Null-pointer dereference in NetLabel subsystem. * CVE-2025-38154: Kernel panic in Networking driver. * CVE-2025-38159: Out-of-bounds memory access in Realtek 802.11ac wireless chips driver. * CVE-2025-38181: Null-pointer dereference in NetLabel subsystem. * CVE-2025-38184: Null-pointer dereference in TIPC IP/UDP driver. * CVE-2025-38190: Memory leak in ATM networking stack. * CVE-2025-38193: Integer overflow in Stochastic Fairness Queueing (SFQ) driver. * CVE-2025-38194, CVE-2025-38328: Logic error in Journalling Flash File System v2 (JFFS2) driver. * CVE-2025-38197: Null pointer dereference in BIOS update driver for DELL systems. * CVE-2025-38206: Double free in exFAT filesystem driver. * CVE-2025-38211: Use-after-free in InfiniBand driver. * CVE-2025-38212: Use-after-free in System V IPC driver. * CVE-2025-38222: Integer overflow in ext4 filesystem. * CVE-2025-38231: Null pointer dereference in NFS server driver. * CVE-2025-38245: Race condition in ATM networking stack. * CVE-2025-38251: Kernel crash in Classical IP over ATM driver. * CVE-2025-38263: Null pointer dereference in Block device as cache driver. * CVE-2025-38305: Deadlock in Precision Time Protocol (PTP) driver. * CVE-2025-38310: Out-of-bounds memory access in IPv6 Segment Routing Header encapsulation driver. * CVE-2025-38332: Kernel panic in Emulex LightPulse Fibre Channel driver. * CVE-2025-38342: Out-of-bounds memory access in software node component. * CVE-2025-38352: Missing check in POSIX clock/timer driver. * CVE-2025-38380: Out-of-bounds memory access in I2C subsystem. * CVE-2025-38387: Null pointer dereference in Mellanox MLX5 InfiniBand driver. * CVE-2025-38399: Null pointer dereference in Generic Target Core Mod (TCM) and ConfigFS Infrastructure driver. * CVE-2025-38403: Use of uninitialized memory in Virtual Socket protocol driver. * CVE-2025-38412: Kernel crash in Dell WMI-based Systems management driver. * CVE-2025-38430: Remote kernel crash in NFSv4 server driver. * Improved fix for CVE-2018-3646: L1 Terminal Fault Reloaded. * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2025-38088, CVE-2025-38090, CVE-2025-38135, CVE-2025-38136, CVE-2025-38138, CVE-2025-38143, CVE-2025-38145, CVE-2025-38153, CVE-2025-38163, CVE-2025-38167, CVE-2025-38173, CVE-2025-38203, CVE-2025-38204, CVE-2025-38218, CVE-2025-38219, CVE-2025-38226, CVE-2025-38227, CVE-2025-38237, CVE-2025-38257, CVE-2025-38262, CVE-2025-38286, CVE-2025-38313, CVE-2025-38362, CVE-2025-38371, CVE-2025-38377, CVE-2025-38384, CVE-2025-38401, CVE-2025-38416, CVE-2025-38428 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Thu Sep 11 10:26:37 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:26:37 -0700 Subject: [El-errata] ELBA-2025-15532 Oracle Linux 8 389-ds:1.4 bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15532 http://linux.oracle.com/errata/ELBA-2025-15532.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: 389-ds-base-1.4.3.39-15.module+el8.10.0+90661+20343f81.x86_64.rpm 389-ds-base-devel-1.4.3.39-15.module+el8.10.0+90661+20343f81.x86_64.rpm 389-ds-base-legacy-tools-1.4.3.39-15.module+el8.10.0+90661+20343f81.x86_64.rpm 389-ds-base-libs-1.4.3.39-15.module+el8.10.0+90661+20343f81.x86_64.rpm 389-ds-base-snmp-1.4.3.39-15.module+el8.10.0+90661+20343f81.x86_64.rpm python3-lib389-1.4.3.39-15.module+el8.10.0+90661+20343f81.noarch.rpm aarch64: 389-ds-base-1.4.3.39-15.module+el8.10.0+90661+20343f81.aarch64.rpm 389-ds-base-devel-1.4.3.39-15.module+el8.10.0+90661+20343f81.aarch64.rpm 389-ds-base-legacy-tools-1.4.3.39-15.module+el8.10.0+90661+20343f81.aarch64.rpm 389-ds-base-libs-1.4.3.39-15.module+el8.10.0+90661+20343f81.aarch64.rpm 389-ds-base-snmp-1.4.3.39-15.module+el8.10.0+90661+20343f81.aarch64.rpm python3-lib389-1.4.3.39-15.module+el8.10.0+90661+20343f81.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/389-ds-base-1.4.3.39-15.module+el8.10.0+90661+20343f81.src.rpm Description of changes: [1.4.3.39-15] - Resolves: RHEL-109028 - Allow Uniqueness plugin to search uniqueness attributes using custom matching rules [rhel-8.10.z] From el-errata at oss.oracle.com Thu Sep 11 10:26:39 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:26:39 -0700 Subject: [El-errata] ELBA-2025-15587 Oracle Linux 8 .NET 8.0 bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15587 http://linux.oracle.com/errata/ELBA-2025-15587.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-8.0-8.0.20-1.0.1.el8_10.x86_64.rpm aspnetcore-runtime-dbg-8.0-8.0.20-1.0.1.el8_10.x86_64.rpm aspnetcore-targeting-pack-8.0-8.0.20-1.0.1.el8_10.x86_64.rpm dotnet-apphost-pack-8.0-8.0.20-1.0.1.el8_10.x86_64.rpm dotnet-hostfxr-8.0-8.0.20-1.0.1.el8_10.x86_64.rpm dotnet-runtime-8.0-8.0.20-1.0.1.el8_10.x86_64.rpm dotnet-runtime-dbg-8.0-8.0.20-1.0.1.el8_10.x86_64.rpm dotnet-sdk-8.0-8.0.120-1.0.1.el8_10.x86_64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.120-1.0.1.el8_10.x86_64.rpm dotnet-sdk-dbg-8.0-8.0.120-1.0.1.el8_10.x86_64.rpm dotnet-targeting-pack-8.0-8.0.20-1.0.1.el8_10.x86_64.rpm dotnet-templates-8.0-8.0.120-1.0.1.el8_10.x86_64.rpm aarch64: aspnetcore-runtime-8.0-8.0.20-1.0.1.el8_10.aarch64.rpm aspnetcore-runtime-dbg-8.0-8.0.20-1.0.1.el8_10.aarch64.rpm aspnetcore-targeting-pack-8.0-8.0.20-1.0.1.el8_10.aarch64.rpm dotnet-apphost-pack-8.0-8.0.20-1.0.1.el8_10.aarch64.rpm dotnet-hostfxr-8.0-8.0.20-1.0.1.el8_10.aarch64.rpm dotnet-runtime-8.0-8.0.20-1.0.1.el8_10.aarch64.rpm dotnet-runtime-dbg-8.0-8.0.20-1.0.1.el8_10.aarch64.rpm dotnet-sdk-8.0-8.0.120-1.0.1.el8_10.aarch64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.120-1.0.1.el8_10.aarch64.rpm dotnet-sdk-dbg-8.0-8.0.120-1.0.1.el8_10.aarch64.rpm dotnet-targeting-pack-8.0-8.0.20-1.0.1.el8_10.aarch64.rpm dotnet-templates-8.0-8.0.120-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/dotnet8.0-8.0.120-1.0.1.el8_10.src.rpm Description of changes: [8.0.120-1.0.1] - Add support for Oracle Linux [8.0.120-1] - Update to .NET SDK 8.0.120 and Runtime 8.0.20 - Resolves: RHEL-112254 From el-errata at oss.oracle.com Thu Sep 11 10:26:40 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:26:40 -0700 Subject: [El-errata] ELBA-2025-15591 Oracle Linux 8 .NET 9.0 bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15591 http://linux.oracle.com/errata/ELBA-2025-15591.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-9.0-9.0.9-1.0.1.el8_10.x86_64.rpm aspnetcore-runtime-dbg-9.0-9.0.9-1.0.1.el8_10.x86_64.rpm aspnetcore-targeting-pack-9.0-9.0.9-1.0.1.el8_10.x86_64.rpm dotnet-9.0.110-1.0.1.el8_10.x86_64.rpm dotnet-apphost-pack-9.0-9.0.9-1.0.1.el8_10.x86_64.rpm dotnet-host-9.0.9-1.0.1.el8_10.x86_64.rpm dotnet-hostfxr-9.0-9.0.9-1.0.1.el8_10.x86_64.rpm dotnet-runtime-9.0-9.0.9-1.0.1.el8_10.x86_64.rpm dotnet-runtime-dbg-9.0-9.0.9-1.0.1.el8_10.x86_64.rpm dotnet-sdk-9.0-9.0.110-1.0.1.el8_10.x86_64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.110-1.0.1.el8_10.x86_64.rpm dotnet-sdk-aot-9.0-9.0.110-1.0.1.el8_10.x86_64.rpm dotnet-sdk-dbg-9.0-9.0.110-1.0.1.el8_10.x86_64.rpm dotnet-targeting-pack-9.0-9.0.9-1.0.1.el8_10.x86_64.rpm dotnet-templates-9.0-9.0.110-1.0.1.el8_10.x86_64.rpm netstandard-targeting-pack-2.1-9.0.110-1.0.1.el8_10.x86_64.rpm aarch64: aspnetcore-runtime-9.0-9.0.9-1.0.1.el8_10.aarch64.rpm aspnetcore-runtime-dbg-9.0-9.0.9-1.0.1.el8_10.aarch64.rpm aspnetcore-targeting-pack-9.0-9.0.9-1.0.1.el8_10.aarch64.rpm dotnet-9.0.110-1.0.1.el8_10.aarch64.rpm dotnet-apphost-pack-9.0-9.0.9-1.0.1.el8_10.aarch64.rpm dotnet-host-9.0.9-1.0.1.el8_10.aarch64.rpm dotnet-hostfxr-9.0-9.0.9-1.0.1.el8_10.aarch64.rpm dotnet-runtime-9.0-9.0.9-1.0.1.el8_10.aarch64.rpm dotnet-runtime-dbg-9.0-9.0.9-1.0.1.el8_10.aarch64.rpm dotnet-sdk-9.0-9.0.110-1.0.1.el8_10.aarch64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.110-1.0.1.el8_10.aarch64.rpm dotnet-sdk-aot-9.0-9.0.110-1.0.1.el8_10.aarch64.rpm dotnet-sdk-dbg-9.0-9.0.110-1.0.1.el8_10.aarch64.rpm dotnet-targeting-pack-9.0-9.0.9-1.0.1.el8_10.aarch64.rpm dotnet-templates-9.0-9.0.110-1.0.1.el8_10.aarch64.rpm netstandard-targeting-pack-2.1-9.0.110-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/dotnet9.0-9.0.110-1.0.1.el8_10.src.rpm Description of changes: [9.0.110-1.0.1] - Add support for Oracle Linux [9.0.110-1] - Update to .NET SDK 9.0.110 and Runtime 9.0.9 - Resolves: RHEL-112264 From el-errata at oss.oracle.com Thu Sep 11 10:26:42 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:26:42 -0700 Subject: [El-errata] ELSA-2025-10991 Moderate: Oracle Linux 8 microcode_ctl security update Message-ID: Oracle Linux Security Advisory ELSA-2025-10991 http://linux.oracle.com/errata/ELSA-2025-10991.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: microcode_ctl-20250512-1.0.1.el8_10.x86_64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/microcode_ctl-20250512-1.0.1.el8_10.src.rpm Related CVEs: CVE-2024-28956 Description of changes: [4:20250512-1.0.1] - enable use with ueknext and UEK8 kernels - don't bother calling dracut if virtualized [Orabug: 35710077] - ensure UEK also rebuilds initramfs [Orabug: 34280058] - add support for UEK7 kernels - enable early update for 06-4f-01 - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 - enable early and late load on RHCK [4:20250512-1] - Add a caveat to provide ability to persistently disable SPR-EE updates beyond 0x2b0005c0 on systems where absence of latency spikes is more important than lack of the latest CVE mitigations. - Update Intel CPU microcode to microcode-20250512 release, addresses CVE-2024-28956, CVE-2025-20103, CVE-2025-20054, CVE-2024-43420, CVE-2025-20623, CVE-2024-45332, CVE-2025-24495, CVE-2025-20012 (RHEL-94294, RHEL-91231, RHEL-91224, RHEL-91224, RHEL-91239) - Addition of 06-8f-04/0x10 microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7; - Addition of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639; - Addition of 06-8f-05/0x10 (SPR-HBM B1) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7; - Addition of 06-8f-05/0x87 (SPR-SP E2) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639; - Addition of 06-8f-06/0x10 microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7; - Addition of 06-8f-06/0x87 (SPR-SP E3) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639; - Addition of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639; - Addition of 06-8f-08/0x10 (SPR-HBM B3) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7; - Addition of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639; - Addition of 06-ad-01/0x20 (GNR-AP/SP H0) microcode at revision 0xa0000d1; - Addition of 06-ad-01/0x95 (GNR-AP/SP B0) microcode at revision 0x10003a2; - Addition of 06-b5-00/0x80 (ARL-U A1) microcode at revision 0xa; - Addition of 06-bd-01/0x80 (LNL B0) microcode at revision 0x11f; - Addition of 06-c5-02/0x82 (ARL-H A1) microcode at revision 0x118; - Addition of 06-c6-02/0x82 (ARL-HX 8P/S B0) microcode (in intel-ucode/06-c5-02) at revision 0x118; - Addition of 06-c6-04/0x82 microcode (in intel-ucode/06-c5-02) at revision 0x118; - Addition of 06-ca-02/0x82 microcode (in intel-ucode/06-c5-02) at revision 0x118; - Addition of 06-c5-02/0x82 (ARL-H A1) microcode (in intel-ucode/06-c6-02) at revision 0x118; - Addition of 06-c6-02/0x82 (ARL-HX 8P/S B0) microcode at revision 0x118; - Addition of 06-c6-04/0x82 microcode (in intel-ucode/06-c6-02) at revision 0x118; - Addition of 06-ca-02/0x82 microcode (in intel-ucode/06-c6-02) at revision 0x118; - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in intel-06-8c-01/intel-ucode/06-8c-01) from revision 0xb8 up to 0xbc; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xfc up to 0x100; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0x102 up to 0x104; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5003707 up to 0x5003901; - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002904 up to 0x7002b01; - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003f5 up to 0xd000404; - Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x10002c0 up to 0x10002d0; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x24 up to 0x26; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc6 up to 0xca; - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x38 up to 0x3c; - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x52 up to 0x56; - Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-05) from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-05/0x10 (SPR-HBM B1) microcode from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-05/0x87 (SPR-SP E2) microcode from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-05) from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in intel-ucode/06-8f-05) from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-06) from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in intel-ucode/06-8f-06) from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-06/0x10 microcode from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-06/0x87 (SPR-SP E3) microcode from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in intel-ucode/06-8f-06) from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639; - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision 0x38 up to 0x3a; - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-97-02) from revision 0x38 up to 0x3a; - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02) from revision 0x38 up to 0x3a; - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02) from revision 0x38 up to 0x3a; - Update of 06-bf-06/0x07 microcode (in intel-ucode/06-97-02) from revision 0x38 up to 0x3a; - Update of 06-bf-07/0x07 microcode (in intel-ucode/06-97-02) from revision 0x38 up to 0x3a; - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-97-05) from revision 0x38 up to 0x3a; - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x38 up to 0x3a; - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05) from revision 0x38 up to 0x3a; - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05) from revision 0x38 up to 0x3a; - Update of 06-bf-06/0x07 microcode (in intel-ucode/06-97-05) from revision 0x38 up to 0x3a; - Update of 06-bf-07/0x07 microcode (in intel-ucode/06-97-05) from revision 0x38 up to 0x3a; - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision 0x436 up to 0x437; - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in intel-ucode/06-9a-03) from revision 0x436 up to 0x437; - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in intel-ucode/06-9a-04) from revision 0x436 up to 0x437; - Update of 06-9a-04/0x40 (AZB A0) microcode from revision 0x9 up to 0xa; - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x436 up to 0x437; - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xfc up to 0x100; - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xfc up to 0x100; - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xfc up to 0x100; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xfe up to 0x102; - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision 0xfc up to 0x100; - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x63 up to 0x64; - Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x20 up to 0x24; - Update of 06-af-03/0x01 (SRF-SP C0) microcode from revision 0x3000330 up to 0x3000341; - Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x12c up to 0x12f; - Update of 06-b7-04/0x32 microcode (in intel-ucode/06-b7-01) from revision 0x12c up to 0x12f; - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision 0x4124 up to 0x4128; - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in intel-ucode/06-ba-02) from revision 0x4124 up to 0x4128; - Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from revision 0x4124 up to 0x4128; - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in intel-ucode/06-ba-03) from revision 0x4124 up to 0x4128; - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4124 up to 0x4128; - Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from revision 0x4124 up to 0x4128; - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in intel-ucode/06-ba-08) from revision 0x4124 up to 0x4128; - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in intel-ucode/06-ba-08) from revision 0x4124 up to 0x4128; - Update of 06-ba-08/0xe0 microcode from revision 0x4124 up to 0x4128; - Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x1c up to 0x1d; - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-bf-02) from revision 0x38 up to 0x3a; - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-02) from revision 0x38 up to 0x3a; - Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x38 up to 0x3a; - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02) from revision 0x38 up to 0x3a; - Update of 06-bf-06/0x07 microcode (in intel-ucode/06-bf-02) from revision 0x38 up to 0x3a; - Update of 06-bf-07/0x07 microcode (in intel-ucode/06-bf-02) from revision 0x38 up to 0x3a; - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-bf-05) from revision 0x38 up to 0x3a; - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-05) from revision 0x38 up to 0x3a; - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05) from revision 0x38 up to 0x3a; - Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x38 up to 0x3a; - Update of 06-bf-06/0x07 microcode (in intel-ucode/06-bf-05) from revision 0x38 up to 0x3a; - Update of 06-bf-07/0x07 microcode (in intel-ucode/06-bf-05) from revision 0x38 up to 0x3a; - Update of 06-cf-01/0x87 (EMR-SP A0) microcode from revision 0x21000291 up to 0x210002a9; - Update of 06-cf-02/0x87 (EMR-SP A1) microcode (in intel-ucode/06-cf-01) from revision 0x21000291 up to 0x210002a9; - Update of 06-cf-01/0x87 (EMR-SP A0) microcode (in intel-ucode/06-cf-02) from revision 0x21000291 up to 0x210002a9; - Update of 06-cf-02/0x87 (EMR-SP A1) microcode from revision 0x21000291 up to 0x210002a9. From el-errata at oss.oracle.com Thu Sep 11 10:26:47 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:26:47 -0700 Subject: [El-errata] ELBA-2025-15471-1 Oracle Linux 8 kernel bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15471-1 http://linux.oracle.com/errata/ELBA-2025-15471-1.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-abi-stablelists-4.18.0-553.74.1.0.1.el8_10.noarch.rpm kernel-core-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-cross-headers-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-debug-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-debug-core-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-debug-devel-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-debug-modules-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-devel-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-doc-4.18.0-553.74.1.0.1.el8_10.noarch.rpm kernel-headers-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-modules-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-modules-extra-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-tools-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-tools-libs-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm perf-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm python3-perf-4.18.0-553.74.1.0.1.el8_10.x86_64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.74.1.0.1.el8_10.src.rpm Description of changes: [4.18.0-553.74.1.0.1.el8_10.OL8] - scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230] [4.18.0-553.74.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772] [4.18.0-553.74.1.el8_10] - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [RHEL-112775] {CVE-2025-38352} [4.18.0-553.73.1.el8_10] - ACPI: resource: Honor MADT INT_SRC_OVR settings for IRQ1 on AMD Zen (Jay Shin) [RHEL-108360] - ACPI: resource: Always use MADT override IRQ settings for all legacy non i8042 IRQs (Jay Shin) [RHEL-108360] - s390/pci: Allow automatic recovery with minimal driver support (Mete Durlu) [RHEL-110234] - bpf: Don't use tnum_range on array range checking for poke descriptors (CKI Backport Bot) [RHEL-109298] {CVE-2022-49985} - s390/ism: fix concurrency management in ism_cmd() (Mete Durlu) [RHEL-110208] From el-errata at oss.oracle.com Thu Sep 11 10:26:52 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:26:52 -0700 Subject: [El-errata] ELBA-2025-15534 Oracle Linux 9 389-ds-base bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15534 http://linux.oracle.com/errata/ELBA-2025-15534.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: 389-ds-base-2.6.1-11.el9_6.x86_64.rpm 389-ds-base-devel-2.6.1-11.el9_6.x86_64.rpm 389-ds-base-libs-2.6.1-11.el9_6.x86_64.rpm 389-ds-base-snmp-2.6.1-11.el9_6.x86_64.rpm python3-lib389-2.6.1-11.el9_6.noarch.rpm aarch64: 389-ds-base-2.6.1-11.el9_6.aarch64.rpm 389-ds-base-devel-2.6.1-11.el9_6.aarch64.rpm 389-ds-base-libs-2.6.1-11.el9_6.aarch64.rpm 389-ds-base-snmp-2.6.1-11.el9_6.aarch64.rpm python3-lib389-2.6.1-11.el9_6.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/389-ds-base-2.6.1-11.el9_6.src.rpm Description of changes: [2.6.1-11] - Resolves: RHEL-18333 - Can't rename users member of automember rule [rhel-9.6.z] - Resolves: RHEL-81140 - Healthcheck tool should warn admin about creating a substring index on membership attribute [rhel-9.6.z] - Resolves: RHEL-92052 - Memory leak in roles_cache_create_object_from_entry [rhel-9.6.z] - Resolves: RHEL-95384 - Getting error messages while migration to LMDB. - Resolves: RHEL-106582 - Failure to gather database statistics with LMDB. - Resolves: RHEL-106793 - LDAP healthcheck complains about needed parameters when using LMDB. - Resolves: RHEL-107004 - Failure to get Server monitoring data when NDN cache is disabled. [rhel-9.6.z] - Resolves: RHEL-109033 - Allow Uniqueness plugin to search uniqueness attributes using custom matching rules [rhel-9.6.z] - Resolves: RHEL-109884 - Wrong backend database name syntax causes "Red Hat Directory Server" => "Databases" menu blank in Cockpit [rhel-9.6.z] - Resolves: RHEL-109888 - RootDN Access Control Plugin with wildcards for IP addresses fails with an error "Invalid IP address" [rhel-9.6.z] - Resolves: RHEL-109891 - On RHDS 12.6 The user password policy for a user was created, but the pwdpolicysubentry attribute for this user incorrectly points to the People OU password policy instead of the specific user policy. [rhel-9.6.z] - Resolves: RHEL-109896 - AddressSanitizer: leak in do_search [rhel-9.6.z] - Resolves: RHEL-109904 - ns-slapd crashed when we add nsslapd-referral [rhel-9.6.z] - Resolves: RHEL-109945 - CWE-284 dirsrv log rotation creates files with world readable permission [rhel-9.6.z] - Resolves: RHEL-109954 - CWE-532 Created user password hash available to see in audit log [rhel-9.6.z] - Resolves: RHEL-109957 - CWE-778 Log doesn't show what user gets password changed by administrator [rhel-9.6.z] From el-errata at oss.oracle.com Thu Sep 11 10:26:54 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:26:54 -0700 Subject: [El-errata] ELBA-2025-15588 Oracle Linux 9 .NET 8.0 bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15588 http://linux.oracle.com/errata/ELBA-2025-15588.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-8.0-8.0.20-1.0.1.el9_6.x86_64.rpm aspnetcore-runtime-dbg-8.0-8.0.20-1.0.1.el9_6.x86_64.rpm aspnetcore-targeting-pack-8.0-8.0.20-1.0.1.el9_6.x86_64.rpm dotnet-apphost-pack-8.0-8.0.20-1.0.1.el9_6.x86_64.rpm dotnet-hostfxr-8.0-8.0.20-1.0.1.el9_6.x86_64.rpm dotnet-runtime-8.0-8.0.20-1.0.1.el9_6.x86_64.rpm dotnet-runtime-dbg-8.0-8.0.20-1.0.1.el9_6.x86_64.rpm dotnet-sdk-8.0-8.0.120-1.0.1.el9_6.x86_64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.120-1.0.1.el9_6.x86_64.rpm dotnet-sdk-dbg-8.0-8.0.120-1.0.1.el9_6.x86_64.rpm dotnet-targeting-pack-8.0-8.0.20-1.0.1.el9_6.x86_64.rpm dotnet-templates-8.0-8.0.120-1.0.1.el9_6.x86_64.rpm aarch64: aspnetcore-runtime-8.0-8.0.20-1.0.1.el9_6.aarch64.rpm aspnetcore-runtime-dbg-8.0-8.0.20-1.0.1.el9_6.aarch64.rpm aspnetcore-targeting-pack-8.0-8.0.20-1.0.1.el9_6.aarch64.rpm dotnet-apphost-pack-8.0-8.0.20-1.0.1.el9_6.aarch64.rpm dotnet-hostfxr-8.0-8.0.20-1.0.1.el9_6.aarch64.rpm dotnet-runtime-8.0-8.0.20-1.0.1.el9_6.aarch64.rpm dotnet-runtime-dbg-8.0-8.0.20-1.0.1.el9_6.aarch64.rpm dotnet-sdk-8.0-8.0.120-1.0.1.el9_6.aarch64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.120-1.0.1.el9_6.aarch64.rpm dotnet-sdk-dbg-8.0-8.0.120-1.0.1.el9_6.aarch64.rpm dotnet-targeting-pack-8.0-8.0.20-1.0.1.el9_6.aarch64.rpm dotnet-templates-8.0-8.0.120-1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/dotnet8.0-8.0.120-1.0.1.el9_6.src.rpm Description of changes: [8.0.120-1.0.1] - Add support for Oracle Linux [8.0.120-1] - Update to .NET SDK 8.0.120 and Runtime 8.0.20 - Resolves: RHEL-112259 From el-errata at oss.oracle.com Thu Sep 11 10:26:55 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:26:55 -0700 Subject: [El-errata] ELBA-2025-15590 Oracle Linux 9 .NET 9.0 bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15590 http://linux.oracle.com/errata/ELBA-2025-15590.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-9.0-9.0.9-1.0.1.el9_6.x86_64.rpm aspnetcore-runtime-dbg-9.0-9.0.9-1.0.1.el9_6.x86_64.rpm aspnetcore-targeting-pack-9.0-9.0.9-1.0.1.el9_6.x86_64.rpm dotnet-apphost-pack-9.0-9.0.9-1.0.1.el9_6.x86_64.rpm dotnet-host-9.0.9-1.0.1.el9_6.x86_64.rpm dotnet-hostfxr-9.0-9.0.9-1.0.1.el9_6.x86_64.rpm dotnet-runtime-9.0-9.0.9-1.0.1.el9_6.x86_64.rpm dotnet-runtime-dbg-9.0-9.0.9-1.0.1.el9_6.x86_64.rpm dotnet-sdk-9.0-9.0.110-1.0.1.el9_6.x86_64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.110-1.0.1.el9_6.x86_64.rpm dotnet-sdk-aot-9.0-9.0.110-1.0.1.el9_6.x86_64.rpm dotnet-sdk-dbg-9.0-9.0.110-1.0.1.el9_6.x86_64.rpm dotnet-targeting-pack-9.0-9.0.9-1.0.1.el9_6.x86_64.rpm dotnet-templates-9.0-9.0.110-1.0.1.el9_6.x86_64.rpm netstandard-targeting-pack-2.1-9.0.110-1.0.1.el9_6.x86_64.rpm aarch64: aspnetcore-runtime-9.0-9.0.9-1.0.1.el9_6.aarch64.rpm aspnetcore-runtime-dbg-9.0-9.0.9-1.0.1.el9_6.aarch64.rpm aspnetcore-targeting-pack-9.0-9.0.9-1.0.1.el9_6.aarch64.rpm dotnet-apphost-pack-9.0-9.0.9-1.0.1.el9_6.aarch64.rpm dotnet-host-9.0.9-1.0.1.el9_6.aarch64.rpm dotnet-hostfxr-9.0-9.0.9-1.0.1.el9_6.aarch64.rpm dotnet-runtime-9.0-9.0.9-1.0.1.el9_6.aarch64.rpm dotnet-runtime-dbg-9.0-9.0.9-1.0.1.el9_6.aarch64.rpm dotnet-sdk-9.0-9.0.110-1.0.1.el9_6.aarch64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.110-1.0.1.el9_6.aarch64.rpm dotnet-sdk-aot-9.0-9.0.110-1.0.1.el9_6.aarch64.rpm dotnet-sdk-dbg-9.0-9.0.110-1.0.1.el9_6.aarch64.rpm dotnet-targeting-pack-9.0-9.0.9-1.0.1.el9_6.aarch64.rpm dotnet-templates-9.0-9.0.110-1.0.1.el9_6.aarch64.rpm netstandard-targeting-pack-2.1-9.0.110-1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/dotnet9.0-9.0.110-1.0.1.el9_6.src.rpm Description of changes: [9.0.110-1.0.1] - Add support for Oracle Linux [9.0.110-1] - Update to .NET SDK 9.0.110 and Runtime 9.0.9 - Resolves: RHEL-112267 From el-errata at oss.oracle.com Thu Sep 11 10:26:57 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:26:57 -0700 Subject: [El-errata] ELBA-2025-9433 Oracle Linux 9 microcode_ctl bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-9433 http://linux.oracle.com/errata/ELBA-2025-9433.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: microcode_ctl-20250211-1.20250512.1.0.1.el9_6.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/microcode_ctl-20250211-1.20250512.1.0.1.el9_6.src.rpm Description of changes: [4:20250512-1.0.1] - enable use with ueknext and UEK8 kernels - don't bother calling dracut if virtualized [Orabug: 35710094] - ensure UEK also rebuilds initramfs [Orabug: 34280058] - add support for UEK7 kernels - enable early update for 06-4f-01 - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 - enable early and late load on RHCK [4:20250512-1] - Add a caveat to provide ability to persistently disable SPR-EE updates beyond 0x2b0005c0 on systems where absence of latency spikes is more important than lack of the latest CVE mitigations. - Update Intel CPU microcode to microcode-20250512 release, addresses CVE-2024-28956, CVE-2025-20103, CVE-2025-20054, CVE-2024-43420, CVE-2025-20623, CVE-2024-45332, CVE-2025-24495, CVE-2025-20012 (RHEL-94294, RHEL-91231, RHEL-91224, RHEL-91224, RHEL-91239) - Addition of 06-8f-04/0x10 microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7; - Addition of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639; - Addition of 06-8f-05/0x10 (SPR-HBM B1) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7; - Addition of 06-8f-05/0x87 (SPR-SP E2) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639; - Addition of 06-8f-06/0x10 microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7; - Addition of 06-8f-06/0x87 (SPR-SP E3) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639; - Addition of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639; - Addition of 06-8f-08/0x10 (SPR-HBM B3) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7; - Addition of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639; - Addition of 06-ad-01/0x20 (GNR-AP/SP H0) microcode at revision 0xa0000d1; - Addition of 06-ad-01/0x95 (GNR-AP/SP B0) microcode at revision 0x10003a2; - Addition of 06-b5-00/0x80 (ARL-U A1) microcode at revision 0xa; - Addition of 06-bd-01/0x80 (LNL B0) microcode at revision 0x11f; - Addition of 06-c5-02/0x82 (ARL-H A1) microcode at revision 0x118; - Addition of 06-c6-02/0x82 (ARL-HX 8P/S B0) microcode (in intel-ucode/06-c5-02) at revision 0x118; - Addition of 06-c6-04/0x82 microcode (in intel-ucode/06-c5-02) at revision 0x118; - Addition of 06-ca-02/0x82 microcode (in intel-ucode/06-c5-02) at revision 0x118; - Addition of 06-c5-02/0x82 (ARL-H A1) microcode (in intel-ucode/06-c6-02) at revision 0x118; - Addition of 06-c6-02/0x82 (ARL-HX 8P/S B0) microcode at revision 0x118; - Addition of 06-c6-04/0x82 microcode (in intel-ucode/06-c6-02) at revision 0x118; - Addition of 06-ca-02/0x82 microcode (in intel-ucode/06-c6-02) at revision 0x118; - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in intel-06-8c-01/intel-ucode/06-8c-01) from revision 0xb8 up to 0xbc; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xfc up to 0x100; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0x102 up to 0x104; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5003707 up to 0x5003901; - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002904 up to 0x7002b01; - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003f5 up to 0xd000404; - Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x10002c0 up to 0x10002d0; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x24 up to 0x26; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc6 up to 0xca; - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x38 up to 0x3c; - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x52 up to 0x56; - Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-05) from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-05/0x10 (SPR-HBM B1) microcode from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-05/0x87 (SPR-SP E2) microcode from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-05) from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in intel-ucode/06-8f-05) from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-06) from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in intel-ucode/06-8f-06) from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-06/0x10 microcode from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-06/0x87 (SPR-SP E3) microcode from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in intel-ucode/06-8f-06) from revision 0x2c0003e0 up to 0x2c0003f7; - Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode from revision 0x2b000620 up to 0x2b000639; - Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639; - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision 0x38 up to 0x3a; - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-97-02) from revision 0x38 up to 0x3a; - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02) from revision 0x38 up to 0x3a; - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02) from revision 0x38 up to 0x3a; - Update of 06-bf-06/0x07 microcode (in intel-ucode/06-97-02) from revision 0x38 up to 0x3a; - Update of 06-bf-07/0x07 microcode (in intel-ucode/06-97-02) from revision 0x38 up to 0x3a; - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-97-05) from revision 0x38 up to 0x3a; - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x38 up to 0x3a; - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05) from revision 0x38 up to 0x3a; - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05) from revision 0x38 up to 0x3a; - Update of 06-bf-06/0x07 microcode (in intel-ucode/06-97-05) from revision 0x38 up to 0x3a; - Update of 06-bf-07/0x07 microcode (in intel-ucode/06-97-05) from revision 0x38 up to 0x3a; - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision 0x436 up to 0x437; - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in intel-ucode/06-9a-03) from revision 0x436 up to 0x437; - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in intel-ucode/06-9a-04) from revision 0x436 up to 0x437; - Update of 06-9a-04/0x40 (AZB A0) microcode from revision 0x9 up to 0xa; - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x436 up to 0x437; - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xfc up to 0x100; - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xfc up to 0x100; - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xfc up to 0x100; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xfe up to 0x102; - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision 0xfc up to 0x100; - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x63 up to 0x64; - Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x20 up to 0x24; - Update of 06-af-03/0x01 (SRF-SP C0) microcode from revision 0x3000330 up to 0x3000341; - Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x12c up to 0x12f; - Update of 06-b7-04/0x32 microcode (in intel-ucode/06-b7-01) from revision 0x12c up to 0x12f; - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision 0x4124 up to 0x4128; - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in intel-ucode/06-ba-02) from revision 0x4124 up to 0x4128; - Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from revision 0x4124 up to 0x4128; - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in intel-ucode/06-ba-03) from revision 0x4124 up to 0x4128; - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4124 up to 0x4128; - Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from revision 0x4124 up to 0x4128; - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in intel-ucode/06-ba-08) from revision 0x4124 up to 0x4128; - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in intel-ucode/06-ba-08) from revision 0x4124 up to 0x4128; - Update of 06-ba-08/0xe0 microcode from revision 0x4124 up to 0x4128; - Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x1c up to 0x1d; - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-bf-02) from revision 0x38 up to 0x3a; - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-02) from revision 0x38 up to 0x3a; - Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x38 up to 0x3a; - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02) from revision 0x38 up to 0x3a; - Update of 06-bf-06/0x07 microcode (in intel-ucode/06-bf-02) from revision 0x38 up to 0x3a; - Update of 06-bf-07/0x07 microcode (in intel-ucode/06-bf-02) from revision 0x38 up to 0x3a; - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-bf-05) from revision 0x38 up to 0x3a; - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-05) from revision 0x38 up to 0x3a; - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05) from revision 0x38 up to 0x3a; - Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x38 up to 0x3a; - Update of 06-bf-06/0x07 microcode (in intel-ucode/06-bf-05) from revision 0x38 up to 0x3a; - Update of 06-bf-07/0x07 microcode (in intel-ucode/06-bf-05) from revision 0x38 up to 0x3a; - Update of 06-cf-01/0x87 (EMR-SP A0) microcode from revision 0x21000291 up to 0x210002a9; - Update of 06-cf-02/0x87 (EMR-SP A1) microcode (in intel-ucode/06-cf-01) from revision 0x21000291 up to 0x210002a9; - Update of 06-cf-01/0x87 (EMR-SP A0) microcode (in intel-ucode/06-cf-02) from revision 0x21000291 up to 0x210002a9; - Update of 06-cf-02/0x87 (EMR-SP A1) microcode from revision 0x21000291 up to 0x210002a9. From el-errata at oss.oracle.com Thu Sep 11 10:26:58 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:26:58 -0700 Subject: [El-errata] ELSA-2025-15429 Important: Oracle Linux 9 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15429 http://linux.oracle.com/errata/ELSA-2025-15429.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-abi-stablelists-5.14.0-570.41.1.0.1.el9_6.noarch.rpm kernel-core-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-cross-headers-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-debug-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-debug-core-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-matched-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-core-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-extra-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-debug-uki-virt-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-devel-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-devel-matched-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-doc-5.14.0-570.41.1.0.1.el9_6.noarch.rpm kernel-headers-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-modules-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-modules-core-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-modules-extra-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-tools-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-devel-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-addons-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm libperf-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm perf-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm python3-perf-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm rtla-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm rv-5.14.0-570.41.1.0.1.el9_6.x86_64.rpm aarch64: kernel-cross-headers-5.14.0-570.41.1.0.1.el9_6.aarch64.rpm kernel-headers-5.14.0-570.41.1.0.1.el9_6.aarch64.rpm kernel-tools-5.14.0-570.41.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-5.14.0-570.41.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-devel-5.14.0-570.41.1.0.1.el9_6.aarch64.rpm libperf-5.14.0-570.41.1.0.1.el9_6.aarch64.rpm perf-5.14.0-570.41.1.0.1.el9_6.aarch64.rpm python3-perf-5.14.0-570.41.1.0.1.el9_6.aarch64.rpm rtla-5.14.0-570.41.1.0.1.el9_6.aarch64.rpm rv-5.14.0-570.41.1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-570.41.1.0.1.el9_6.src.rpm Related CVEs: CVE-2025-37803 CVE-2025-38392 Description of changes: [5.14.0-570.41.1.0.1.el9_6.OL9] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764] [5.14.0-570.41.1.el9_6] - powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view (Mamatha Inamdar) [RHEL-107002] - net: ibmveth: make veth_pool_store stop hanging (Mamatha Inamdar) [RHEL-109494] - ibmveth: Always stop tx queues during close (Mamatha Inamdar) [RHEL-109494] - smb: client: fix race with concurrent opens in rename(2) (Paulo Alcantara) [RHEL-109723] - smb: client: fix race with concurrent opens in unlink(2) (Paulo Alcantara) [RHEL-109723] - smb: convert to ctime accessor functions (Paulo Alcantara) [RHEL-109723] - crypto: tegra - Fix IV usage for AES ECB (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - Fix format specifier in tegra_sha_prep_cmd() (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - Use HMAC fallback when keyslots are full (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - Reserve keyslots to allocate dynamically (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - Set IV to NULL explicitly for AES ECB (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - Fix CMAC intermediate result handling (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - Fix HASH intermediate result handling (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - Transfer HASH init function to crypto engine (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - check return value for hash do_one_req (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - finalize crypto req on error (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - Do not use fixed size buffers (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - Use separate buffer for setkey (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - remove unneeded crypto_engine_stop() call (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - remove redundant error check on ret (Nirmala Dalvi) [RHEL-107286] - crypto: tegra - do not transfer req when tegra init fails (Nirmala Dalvi) [RHEL-107286] - crypto: engine - Remove prepare/unprepare request (Nirmala Dalvi) [RHEL-107286] - udmabuf: fix a buf size overflow issue during udmabuf creation (CKI Backport Bot) [RHEL-99746] {CVE-2025-37803} [5.14.0-570.40.1.el9_6] - idpf: convert control queue mutex to a spinlock (CKI Backport Bot) [RHEL-106054] {CVE-2025-38392} From el-errata at oss.oracle.com Thu Sep 11 10:26:59 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:26:59 -0700 Subject: [El-errata] ELSA-2025-15608 Important: Oracle Linux 9 python3.12-cryptography security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15608 http://linux.oracle.com/errata/ELSA-2025-15608.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: python3.12-cryptography-41.0.7-2.el9_6.1.x86_64.rpm aarch64: python3.12-cryptography-41.0.7-2.el9_6.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/python3.12-cryptography-41.0.7-2.el9_6.1.src.rpm Related CVEs: CVE-2024-26130 Description of changes: [41.0.7-2.1] - Security fix for CVE-2024-26130 Resolves: RHEL-112483 From el-errata at oss.oracle.com Thu Sep 11 10:27:04 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:27:04 -0700 Subject: [El-errata] ELBA-2025-15589 Oracle Linux 10 .NET 8.0 bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15589 http://linux.oracle.com/errata/ELBA-2025-15589.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-8.0-8.0.20-1.0.1.el10_0.x86_64.rpm aspnetcore-runtime-dbg-8.0-8.0.20-1.0.1.el10_0.x86_64.rpm aspnetcore-targeting-pack-8.0-8.0.20-1.0.1.el10_0.x86_64.rpm dotnet-apphost-pack-8.0-8.0.20-1.0.1.el10_0.x86_64.rpm dotnet-hostfxr-8.0-8.0.20-1.0.1.el10_0.x86_64.rpm dotnet-runtime-8.0-8.0.20-1.0.1.el10_0.x86_64.rpm dotnet-runtime-dbg-8.0-8.0.20-1.0.1.el10_0.x86_64.rpm dotnet-sdk-8.0-8.0.120-1.0.1.el10_0.x86_64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.120-1.0.1.el10_0.x86_64.rpm dotnet-sdk-dbg-8.0-8.0.120-1.0.1.el10_0.x86_64.rpm dotnet-targeting-pack-8.0-8.0.20-1.0.1.el10_0.x86_64.rpm dotnet-templates-8.0-8.0.120-1.0.1.el10_0.x86_64.rpm aarch64: aspnetcore-runtime-8.0-8.0.20-1.0.1.el10_0.aarch64.rpm aspnetcore-runtime-dbg-8.0-8.0.20-1.0.1.el10_0.aarch64.rpm aspnetcore-targeting-pack-8.0-8.0.20-1.0.1.el10_0.aarch64.rpm dotnet-apphost-pack-8.0-8.0.20-1.0.1.el10_0.aarch64.rpm dotnet-hostfxr-8.0-8.0.20-1.0.1.el10_0.aarch64.rpm dotnet-runtime-8.0-8.0.20-1.0.1.el10_0.aarch64.rpm dotnet-runtime-dbg-8.0-8.0.20-1.0.1.el10_0.aarch64.rpm dotnet-sdk-8.0-8.0.120-1.0.1.el10_0.aarch64.rpm dotnet-sdk-8.0-source-built-artifacts-8.0.120-1.0.1.el10_0.aarch64.rpm dotnet-sdk-dbg-8.0-8.0.120-1.0.1.el10_0.aarch64.rpm dotnet-targeting-pack-8.0-8.0.20-1.0.1.el10_0.aarch64.rpm dotnet-templates-8.0-8.0.120-1.0.1.el10_0.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/dotnet8.0-8.0.120-1.0.1.el10_0.src.rpm Description of changes: [8.0.120-1.0.1] - Add support for Oracle Linux [8.0.120-1] - Update to .NET SDK 8.0.120 and Runtime 8.0.20 - Resolves: RHEL-112259 From el-errata at oss.oracle.com Thu Sep 11 10:27:06 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:27:06 -0700 Subject: [El-errata] ELBA-2025-15592 Oracle Linux 10 .NET 9.0 bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15592 http://linux.oracle.com/errata/ELBA-2025-15592.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-9.0-9.0.9-1.0.1.el10_0.x86_64.rpm aspnetcore-runtime-dbg-9.0-9.0.9-1.0.1.el10_0.x86_64.rpm aspnetcore-targeting-pack-9.0-9.0.9-1.0.1.el10_0.x86_64.rpm dotnet-apphost-pack-9.0-9.0.9-1.0.1.el10_0.x86_64.rpm dotnet-host-9.0.9-1.0.1.el10_0.x86_64.rpm dotnet-hostfxr-9.0-9.0.9-1.0.1.el10_0.x86_64.rpm dotnet-runtime-9.0-9.0.9-1.0.1.el10_0.x86_64.rpm dotnet-runtime-dbg-9.0-9.0.9-1.0.1.el10_0.x86_64.rpm dotnet-sdk-9.0-9.0.110-1.0.1.el10_0.x86_64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.110-1.0.1.el10_0.x86_64.rpm dotnet-sdk-aot-9.0-9.0.110-1.0.1.el10_0.x86_64.rpm dotnet-sdk-dbg-9.0-9.0.110-1.0.1.el10_0.x86_64.rpm dotnet-targeting-pack-9.0-9.0.9-1.0.1.el10_0.x86_64.rpm dotnet-templates-9.0-9.0.110-1.0.1.el10_0.x86_64.rpm netstandard-targeting-pack-2.1-9.0.110-1.0.1.el10_0.x86_64.rpm aarch64: aspnetcore-runtime-9.0-9.0.9-1.0.1.el10_0.aarch64.rpm aspnetcore-runtime-dbg-9.0-9.0.9-1.0.1.el10_0.aarch64.rpm aspnetcore-targeting-pack-9.0-9.0.9-1.0.1.el10_0.aarch64.rpm dotnet-apphost-pack-9.0-9.0.9-1.0.1.el10_0.aarch64.rpm dotnet-host-9.0.9-1.0.1.el10_0.aarch64.rpm dotnet-hostfxr-9.0-9.0.9-1.0.1.el10_0.aarch64.rpm dotnet-runtime-9.0-9.0.9-1.0.1.el10_0.aarch64.rpm dotnet-runtime-dbg-9.0-9.0.9-1.0.1.el10_0.aarch64.rpm dotnet-sdk-9.0-9.0.110-1.0.1.el10_0.aarch64.rpm dotnet-sdk-9.0-source-built-artifacts-9.0.110-1.0.1.el10_0.aarch64.rpm dotnet-sdk-aot-9.0-9.0.110-1.0.1.el10_0.aarch64.rpm dotnet-sdk-dbg-9.0-9.0.110-1.0.1.el10_0.aarch64.rpm dotnet-targeting-pack-9.0-9.0.9-1.0.1.el10_0.aarch64.rpm dotnet-templates-9.0-9.0.110-1.0.1.el10_0.aarch64.rpm netstandard-targeting-pack-2.1-9.0.110-1.0.1.el10_0.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/dotnet9.0-9.0.110-1.0.1.el10_0.src.rpm Description of changes: [9.0.110-1.0.1] - Add support for Oracle Linux [9.0.110-1] - Update to .NET SDK 9.0.110 and Runtime 9.0.9 - Resolves: RHEL-112267 From el-errata at oss.oracle.com Thu Sep 11 10:27:07 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 11 Sep 2025 03:27:07 -0700 Subject: [El-errata] ELEA-2025-15494 Oracle Linux 10 nss bug fix and enhancement update Message-ID: Oracle Linux Enhancement Advisory ELEA-2025-15494 http://linux.oracle.com/errata/ELEA-2025-15494.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: nspr-4.36.0-4.el10_0.x86_64.rpm nspr-devel-4.36.0-4.el10_0.x86_64.rpm nss-3.112.0-4.el10_0.x86_64.rpm nss-devel-3.112.0-4.el10_0.x86_64.rpm nss-softokn-3.112.0-4.el10_0.x86_64.rpm nss-softokn-devel-3.112.0-4.el10_0.x86_64.rpm nss-softokn-freebl-3.112.0-4.el10_0.x86_64.rpm nss-softokn-freebl-devel-3.112.0-4.el10_0.x86_64.rpm nss-sysinit-3.112.0-4.el10_0.x86_64.rpm nss-tools-3.112.0-4.el10_0.x86_64.rpm nss-util-3.112.0-4.el10_0.x86_64.rpm nss-util-devel-3.112.0-4.el10_0.x86_64.rpm aarch64: nspr-4.36.0-4.el10_0.aarch64.rpm nspr-devel-4.36.0-4.el10_0.aarch64.rpm nss-3.112.0-4.el10_0.aarch64.rpm nss-devel-3.112.0-4.el10_0.aarch64.rpm nss-softokn-3.112.0-4.el10_0.aarch64.rpm nss-softokn-devel-3.112.0-4.el10_0.aarch64.rpm nss-softokn-freebl-3.112.0-4.el10_0.aarch64.rpm nss-softokn-freebl-devel-3.112.0-4.el10_0.aarch64.rpm nss-sysinit-3.112.0-4.el10_0.aarch64.rpm nss-tools-3.112.0-4.el10_0.aarch64.rpm nss-util-3.112.0-4.el10_0.aarch64.rpm nss-util-devel-3.112.0-4.el10_0.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/nss-3.112.0-4.el10_0.src.rpm Description of changes: [3.112.0-4] - fix interface issue when pulling 3.0 pkcs#11 interfaces explicitly [3.112.0-3] - restore CONCATENATE functions accidentally remvoed in the last patch - fix big endian issue in tstclnt and selfserv in certificate compression [3.112.0-2] - add fips required changes. - fix bugs found by QE [3.112.0-1] - rebase to NSS 3.112 - add ml-kem-1024 support - add ml-dsa support [3.101.0-14] - add nss-policy-check From el-errata at oss.oracle.com Fri Sep 12 07:45:03 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:45:03 +0000 Subject: [El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2025-20553) References: Message-ID: Synopsis: ELSA-2025-20553 can now be patched using Ksplice CVEs: CVE-2018-3646 CVE-2022-48773 CVE-2022-48828 CVE-2022-48829 CVE-2024-57996 CVE-2025-37752 CVE-2025-38083 CVE-2025-38086 CVE-2025-38108 CVE-2025-38111 CVE-2025-38115 CVE-2025-38147 CVE-2025-38181 CVE-2025-38184 CVE-2025-38190 CVE-2025-38194 CVE-2025-38212 CVE-2025-38222 CVE-2025-38328 CVE-2025-38332 CVE-2025-38337 CVE-2025-38352 CVE-2025-38430 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-20553. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-20553.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on OL7 and OL8 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2022-48773: Denial-of-service in RPC-over-RDMA transport driver. * CVE-2022-48828, CVE-2022-48829: Integer underflow in NFS server driver. * CVE-2024-57996, CVE-2025-37752: Out-of-bounds memory access in Stochastic Fairness Queueing (SFQ) driver. Orabug: 38377926 * CVE-2025-38083, CVE-2025-38108: Integer underflow in multiple network schedulers. * CVE-2025-38086: Use of uninitialized memory in QingHeng CH9200 USB ethernet driver. * CVE-2025-38111: Out-of-bounds memory usage in MDIO bus driver. * CVE-2025-38115: NULL pointer dereference in Stochastic Fairness Queueing (SFQ) network scheduler. * CVE-2025-38147: NULL pointer dereference in NetLabel subsystem. * CVE-2025-38181: NULL pointer dereference in NetLabel subsystem. * CVE-2025-38184: NULL pointer dereference in IP/UDP media type driver. * CVE-2025-38190: Memory leak in ATM networking stack. * CVE-2025-38194, CVE-2025-38328: Logic error in Journalling Flash File System v2 (JFFS2) driver. * CVE-2025-38212: Use-after-free in System V IPC driver. * CVE-2025-38222: Integer overflow in ext4 filesystem. * CVE-2025-38332: Kernel panic in Emulex LightPulse Fibre Channel driver. False positive with CONFIG_FORTIFY_SOURCE causes kernel crash. * CVE-2025-38337: NULL pointer dereference in JBD2 filesystem. * CVE-2025-38352: Missing check in POSIX clock/timer driver. * CVE-2025-38430: Remote kernel crash in NFSv4 server driver. A maliciously crafted RPC request can trigger undefined behaviour or kernel crash. * Improved fix for CVE-2018-3646: L1 Terminal Fault Reloaded. * Information leak on x86 CPUs (VMScape). Orabug: 38343661 * Note: Oracle has determined some CVEs are not applicable. The kernel is not affected by the following CVEs since the code under consideration is not compiled. CVE-2025-38090, CVE-2025-38135, CVE-2025-38136, CVE-2025-38145, CVE-2025-38153, CVE-2025-38163, CVE-2025-38173, CVE-2025-38203, CVE-2025-38204, CVE-2025-38219, CVE-2025-38237, CVE-2025-38286, CVE-2025-38313, CVE-2025-38416, CVE-2025-38428 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: From el-errata at oss.oracle.com Fri Sep 12 09:57:17 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 09:57:17 +0000 Subject: [El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2025-20560) References: <26fe14bcd524f21aa2a8d69b2c6f7577.apache@ksplice.com> Message-ID: Synopsis: ELSA-2025-20560 can now be patched using Ksplice Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2025-20560. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2025-20560.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on OL7 and OL8 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * Information leak on x86 CPUs (VMScape). Orabug: 38343661 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: From el-errata at oss.oracle.com Fri Sep 12 14:49:24 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:49:24 -0700 Subject: [El-errata] ELBA-2025-20580 Oracle Linux 7 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20580 http://linux.oracle.com/errata/ELBA-2025-20580.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.42.1.el7.noarch.rpm iwl100-firmware-39.31.5.1-999.42.1.el7.noarch.rpm iwl105-firmware-18.168.6.1-999.42.1.el7.noarch.rpm iwl135-firmware-18.168.6.1-999.42.1.el7.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.1.el7.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.1.el7.noarch.rpm iwl3160-firmware-22.0.7.0-999.42.1.el7.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.1.el7.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.1.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.1.el7.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.1.el7.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.1.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-999.42.1.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-999.42.1.el7.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.1.el7.noarch.rpm iwl7260-firmware-22.0.7.0-999.42.1.el7.noarch.rpm iwlax2xx-firmware-20250909-999.42.1.el7.noarch.rpm linux-firmware-20250909-999.42.1.git356f06bf.el7.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/linux-firmware-20250909-999.42.1.git356f06bf.el7.src.rpm Description of changes: [20250909-999.42.1.git356f06bf.el7] - Rewrite the script to accomodate yum-based installs [Orabug: 38410501] From el-errata at oss.oracle.com Fri Sep 12 14:49:26 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:49:26 -0700 Subject: [El-errata] ELSA-2025-14683 Moderate: Oracle Linux 7 gdk-pixbuf2 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-14683 http://linux.oracle.com/errata/ELSA-2025-14683.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: gdk-pixbuf2-2.36.12-3.0.1.el7.i686.rpm gdk-pixbuf2-2.36.12-3.0.1.el7.x86_64.rpm gdk-pixbuf2-devel-2.36.12-3.0.1.el7.i686.rpm gdk-pixbuf2-devel-2.36.12-3.0.1.el7.x86_64.rpm gdk-pixbuf2-tests-2.36.12-3.0.1.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/gdk-pixbuf2-2.36.12-3.0.1.el7.src.rpm Related CVEs: CVE-2025-7345 Description of changes: [2.36.12-3.0.1] - jpeg: Be more careful with chunked icc data [Orabug: 38359772][CVE-2025-7345] From el-errata at oss.oracle.com Fri Sep 12 14:49:31 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:49:31 -0700 Subject: [El-errata] ELBA-2025-20579 Oracle Linux 8 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20579 http://linux.oracle.com/errata/ELBA-2025-20579.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.42.1.el8.noarch.rpm iwl100-firmware-39.31.5.1-999.42.1.el8.noarch.rpm iwl105-firmware-18.168.6.1-999.42.1.el8.noarch.rpm iwl135-firmware-18.168.6.1-999.42.1.el8.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.1.el8.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.1.el8.noarch.rpm iwl3160-firmware-25.30.13.0-999.42.1.el8.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.1.el8.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.1.el8.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.1.el8.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.1.el8.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.1.el8.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.42.1.el8.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.42.1.el8.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.1.el8.noarch.rpm iwl7260-firmware-25.30.13.0-999.42.1.el8.noarch.rpm iwlax2xx-firmware-20250909-999.42.1.el8.noarch.rpm libertas-sd8686-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm libertas-sd8787-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm libertas-usb8388-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm libertas-usb8388-olpc-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm linux-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm linux-firmware-core-20250909-999.42.1.git356f06bf.el8.noarch.rpm aarch64: iwl1000-firmware-39.31.5.1-999.42.1.el8.noarch.rpm iwl100-firmware-39.31.5.1-999.42.1.el8.noarch.rpm iwl105-firmware-18.168.6.1-999.42.1.el8.noarch.rpm iwl135-firmware-18.168.6.1-999.42.1.el8.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.1.el8.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.1.el8.noarch.rpm iwl3160-firmware-25.30.13.0-999.42.1.el8.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.1.el8.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.1.el8.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.1.el8.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.1.el8.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.1.el8.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.42.1.el8.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.42.1.el8.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.1.el8.noarch.rpm iwl7260-firmware-25.30.13.0-999.42.1.el8.noarch.rpm iwlax2xx-firmware-20250909-999.42.1.el8.noarch.rpm libertas-sd8686-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm libertas-sd8787-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm libertas-usb8388-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm libertas-usb8388-olpc-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm linux-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm linux-firmware-core-20250909-999.42.1.git356f06bf.el8.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/linux-firmware-20250909-999.42.1.git356f06bf.el8.src.rpm Description of changes: [20250909-999.42.1.git356f06bf.el8] - Rewrite the script to accomodate yum-based installs [Orabug: 38410501] From el-errata at oss.oracle.com Fri Sep 12 14:49:33 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:49:33 -0700 Subject: [El-errata] ELSA-2025-20560 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20560 http://linux.oracle.com/errata/ELSA-2025-20560.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.347.6.1.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.347.6.1.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.347.6.1.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.347.6.1.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.347.6.1.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.347.6.1.el8uek.src.rpm Description of changes: [5.4.17-2136.347.6.1.el8uek] - x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38343661] - x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38343661] - x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38343661] - x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38343661] - x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38343661] - x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38343661] - Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38343661] From el-errata at oss.oracle.com Fri Sep 12 14:49:36 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:49:36 -0700 Subject: [El-errata] ELSA-2025-15687 Moderate: Oracle Linux 8 php:8.2 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15687 http://linux.oracle.com/errata/ELSA-2025-15687.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: apcu-panel-5.1.23-1.module+el8.10.0+90469+8883f508.noarch.rpm libzip-1.7.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm libzip-devel-1.7.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm libzip-tools-1.7.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-bcmath-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-cli-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-common-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-dba-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-dbg-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-devel-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-embedded-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-enchant-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-ffi-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-fpm-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-gd-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-gmp-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-intl-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-ldap-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-mbstring-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-mysqlnd-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-odbc-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-opcache-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-pdo-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-pear-1.10.14-1.module+el8.10.0+90469+8883f508.noarch.rpm php-pecl-apcu-5.1.23-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-pecl-apcu-devel-5.1.23-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-pecl-rrd-2.0.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-pecl-xdebug3-3.2.2-2.module+el8.10.0+90469+8883f508.x86_64.rpm php-pecl-zip-1.22.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-pgsql-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-process-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-snmp-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-soap-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm php-xml-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm aarch64: apcu-panel-5.1.23-1.module+el8.10.0+90469+8883f508.noarch.rpm libzip-1.7.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm libzip-devel-1.7.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm libzip-tools-1.7.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-bcmath-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-cli-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-common-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-dba-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-dbg-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-devel-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-embedded-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-enchant-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-ffi-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-fpm-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-gd-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-gmp-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-intl-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-ldap-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-mbstring-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-mysqlnd-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-odbc-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-opcache-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-pdo-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-pear-1.10.14-1.module+el8.10.0+90469+8883f508.noarch.rpm php-pecl-apcu-5.1.23-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-pecl-apcu-devel-5.1.23-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-pecl-rrd-2.0.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-pecl-xdebug3-3.2.2-2.module+el8.10.0+90469+8883f508.aarch64.rpm php-pecl-zip-1.22.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-pgsql-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-process-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-snmp-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-soap-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm php-xml-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/libzip-1.7.3-1.module+el8.10.0+90469+8883f508.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/php-8.2.28-1.module+el8.10.0+90667+8f0d9096.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/php-pear-1.10.14-1.module+el8.10.0+90469+8883f508.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-apcu-5.1.23-1.module+el8.10.0+90469+8883f508.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-rrd-2.0.3-1.module+el8.10.0+90469+8883f508.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-xdebug3-3.2.2-2.module+el8.10.0+90469+8883f508.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-zip-1.22.3-1.module+el8.10.0+90469+8883f508.src.rpm Related CVEs: CVE-2024-8929 CVE-2024-11233 CVE-2024-11234 CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 CVE-2025-1861 Description of changes: libzip php [8.2.28-1] - rebase to 8.2.28 php-pear php-pecl-apcu php-pecl-rrd php-pecl-xdebug3 php-pecl-zip From el-errata at oss.oracle.com Fri Sep 12 14:49:42 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:49:42 -0700 Subject: [El-errata] ELSA-2025-20559 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20559 http://linux.oracle.com/errata/ELSA-2025-20559.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: aarch64: bpftool-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek-container-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek-core-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-312.187.5.1.el9uek.noarch.rpm kernel-uek-modules-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek64k-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek64k-core-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek64k-devel-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek64k-modules-5.15.0-312.187.5.1.el9uek.aarch64.rpm kernel-uek64k-modules-extra-5.15.0-312.187.5.1.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-312.187.5.1.el9uek.src.rpm Description of changes: [5.15.0-312.187.5.1.el9uek] - x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38343660] - x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38343660] - x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38343660] - x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38343660] - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (Josh Poimboeuf) [Orabug: 38343660] - x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38343660] - x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38343660] - Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38343660] From el-errata at oss.oracle.com Fri Sep 12 14:49:47 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:49:47 -0700 Subject: [El-errata] ELBA-2025-20577 Oracle Linux 10 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20577 http://linux.oracle.com/errata/ELBA-2025-20577.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.42.1.el10.noarch.rpm iwl100-firmware-39.31.5.1-999.42.1.el10.noarch.rpm iwl105-firmware-18.168.6.1-999.42.1.el10.noarch.rpm iwl135-firmware-18.168.6.1-999.42.1.el10.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.1.el10.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.1.el10.noarch.rpm iwl3160-firmware-25.30.13.0-999.42.1.el10.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.1.el10.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.1.el10.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.1.el10.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.1.el10.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.1.el10.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.42.1.el10.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.42.1.el10.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.1.el10.noarch.rpm iwl7260-firmware-25.30.13.0-999.42.1.el10.noarch.rpm iwlax2xx-firmware-20250909-999.42.1.el10.noarch.rpm libertas-sd8686-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm libertas-sd8787-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm libertas-usb8388-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm libertas-usb8388-olpc-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm linux-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm linux-firmware-core-20250909-999.42.1.git356f06bf.el10.noarch.rpm linux-firmware-whence-20250909-999.42.1.git356f06bf.el10.noarch.rpm liquidio-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm netronome-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm aarch64: iwl1000-firmware-39.31.5.1-999.42.1.el10.noarch.rpm iwl100-firmware-39.31.5.1-999.42.1.el10.noarch.rpm iwl105-firmware-18.168.6.1-999.42.1.el10.noarch.rpm iwl135-firmware-18.168.6.1-999.42.1.el10.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.1.el10.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.1.el10.noarch.rpm iwl3160-firmware-25.30.13.0-999.42.1.el10.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.1.el10.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.1.el10.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.1.el10.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.1.el10.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.1.el10.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.42.1.el10.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.42.1.el10.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.1.el10.noarch.rpm iwl7260-firmware-25.30.13.0-999.42.1.el10.noarch.rpm iwlax2xx-firmware-20250909-999.42.1.el10.noarch.rpm libertas-sd8686-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm libertas-sd8787-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm libertas-usb8388-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm libertas-usb8388-olpc-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm linux-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm linux-firmware-core-20250909-999.42.1.git356f06bf.el10.noarch.rpm linux-firmware-whence-20250909-999.42.1.git356f06bf.el10.noarch.rpm liquidio-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm netronome-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/linux-firmware-20250909-999.42.1.git356f06bf.el10.src.rpm Description of changes: [20250909-999.42.1.git356f06bf.el10] - Rewrite the script to accomodate yum-based installs [Orabug: 38410501] From el-errata at oss.oracle.com Fri Sep 12 14:49:48 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:49:48 -0700 Subject: [El-errata] ELSA-2025-15447 Important: Oracle Linux 10 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15447 http://linux.oracle.com/errata/ELSA-2025-15447.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-abi-stablelists-6.12.0-55.31.1.0.1.el10_0.noarch.rpm kernel-core-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-cross-headers-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-debug-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-debug-core-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-debug-devel-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-debug-devel-matched-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-debug-modules-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-debug-modules-core-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-debug-modules-extra-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-debug-uki-virt-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-devel-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-devel-matched-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-doc-6.12.0-55.31.1.0.1.el10_0.noarch.rpm kernel-headers-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-modules-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-modules-core-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-modules-extra-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-tools-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-tools-libs-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-tools-libs-devel-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-uki-virt-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm kernel-uki-virt-addons-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm libperf-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm perf-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm python3-perf-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm rtla-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm rv-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm aarch64: kernel-cross-headers-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm kernel-headers-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm kernel-tools-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm kernel-tools-libs-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm kernel-tools-libs-devel-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm libperf-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm perf-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm python3-perf-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm rtla-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm rv-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-55.31.1.0.1.el10_0.src.rpm Related CVEs: CVE-2025-22097 CVE-2025-37803 CVE-2025-38350 CVE-2025-38449 Description of changes: [6.12.0-55.31.1.0.1.el10_0.OL10] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Update module name for cryptographic module [Orabug: 37400433] * [6.12.0-55.31.1.el10_0] - Adjust sched/fair: Adhere to place_entity() constraints - Bump internal version to 55.31.1 - sched/fair: Adhere to place_entity() constraints - sched/fair: Fix update_cfs_group() vs DELAY_DEQUEUE - sched/fair: Fix EEVDF entity placement bug causing scheduling lag - sched/fair: optimize the PLACE_LAG when se->vlag is zero - net/sched: ets: use old 'nbands' while purging unused classes - CVE-2025-38350 - net/sched: Always pass notifications when child class becomes empty - CVE-2025-38350 - net_sched: ets: fix a race in ets_qdisc_change() - CVE-2025-38107 - sch_htb: make htb_deactivate() idempotent - CVE-2025-37953 - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() - CVE-2025-37798 - sch_qfq: make qfq_qlen_notify() idempotent - CVE-2025-38350 - sch_drr: make drr_qlen_notify() idempotent - CVE-2025-38350 - sch_htb: make htb_qlen_notify() idempotent - CVE-2025-37932 - drm/vkms: Fix use after free and double free on init error - CVE-2025-22097 - Revert "cxl/acpi: Fix load failures due to single window creation failure" - udmabuf: fix a buf size overflow issue during udmabuf creation - CVE-2025-37803 - drm/framebuffer: Acquire internal references on GEM handles - CVE-2025-38449 - drm/gem: Acquire references on GEM handles for framebuffers - CVE-2025-38449 - nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer - nvme-ioctl: fix leaked requests on mapping error From el-errata at oss.oracle.com Fri Sep 12 14:49:55 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:49:55 -0700 Subject: [El-errata] ELSA-2025-20560 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Securiity Advisory ELSA-2025-20560 http://linux.oracle.com/errata/ELSA-2025-20560.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.347.6.1.el7uek.x86_64.rpm kernel-uek-container-5.4.17-2136.347.6.1.el7uek.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.347.6.1.el7uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.347.6.1.el7uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.347.6.1.el7uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.347.6.1.el7uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.347.6.1.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.347.6.1.el7uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.347.6.1.el7uek.src.rpm Description of changes: [5.4.17-2136.347.6.1.el7uek] - x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38343661] - x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38343661] - x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38343661] - x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38343661] - x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38343661] - x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38343661] - Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38343661] [5.4.17-2136.347.6.el7uek] - net_sched: sch_sfq: move the limit validation (Octavian Purdila) [Orabug: 38377926] {CVE-2025-37752} - net_sched: sch_sfq: use a temporary work area for validating configuration (Octavian Purdila) [Orabug: 38377926] - net_sched: sch_sfq: don't allow 1 packet limit (Octavian Purdila) [Orabug: 38377926] {CVE-2024-57996} - net_sched: sch_sfq: handle bigger packets (Eric Dumazet) [Orabug: 38377926] - net_sched: sch_sfq: annotate data-races around q->perturb_period (Eric Dumazet) [Orabug: 38377926] [5.4.17-2136.347.5.el7uek] - squashfs: fix memory leak in squashfs_fill_super (Phillip Lougher) - netfilter: nf_tables: adjust lockdep assertions handling (Fedor Pchelkin) - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (Helge Deller) - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (Arnd Bergmann) [5.4.17-2136.347.4.el7uek] - KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38319938] - KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi (Miaohe Lin) [Orabug: 38319938] - rds: Fix NULL ptr deref in xas_start (H?kon Bugge) [Orabug: 38169303] [5.4.17-2136.347.3.el7uek] - mm: make page_mapped_in_vma() hugetlb walk aware (Jane Chu) [Orabug: 38146326] - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk (Zhenwei Pi) [Orabug: 38146326] [5.4.17-2136.347.2.el7uek] - rds: tcp: block BH in TCP callbacks (Eric Dumazet) [Orabug: 38236847] - kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges (Lianbo Jiang) [Orabug: 38134902] - module: correctly exit module_kallsyms_on_each_symbol when fn() != 0 (Jon Mediero) [Orabug: 37820709] - module: potential uninitialized return in module_kallsyms_on_each_symbol() (Dan Carpenter) [Orabug: 37820709] - module: use RCU to synchronize find_module (Christoph Hellwig) [Orabug: 37820709] - kallsyms: refactor {,module_}kallsyms_on_each_symbol (Christoph Hellwig) [Orabug: 37820709] [5.4.17-2136.347.1.el7uek] - LTS tag: v5.4.295 (Alok Tiwari) - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (Kees Cook) - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() (Tengda Wu) [Orabug: 38180596] {CVE-2025-38320} - perf: Fix sample vs do_exit() (Peter Zijlstra) [Orabug: 38254030] {CVE-2025-38424} - s390/pci: Fix __pcilg_mio_inuser() inline assembly (Heiko Carstens) - rtc: test: Fix invalid format specifier. (David Gow) - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (Jeongjun Park) [Orabug: 38180707] {CVE-2025-38337} - mm/huge_memory: fix dereferencing invalid pmd migration entry (Gavin Guo) [Orabug: 37976985] {CVE-2025-37958} - rtc: Make rtc_time64_to_tm() support dates before 1970 (Alexandre Mergnat) - rtc: Improve performance of rtc_time64_to_tm(). Add tests. (Cassio Neri) - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (Dan Aloni) [Orabug: 37101886] {CVE-2022-48773} - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [Orabug: 38223087] {CVE-2025-38352} - ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms (Geert Uytterhoeven) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert time (Colin Foster) - ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board (Shengyu Qu) - net: atm: fix /proc/net/atm/lec handling (Eric Dumazet) [Orabug: 38158407] {CVE-2025-38180} - net: atm: add lec_mutex (Eric Dumazet) [Orabug: 38180612] {CVE-2025-38323} - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (Kuniyuki Iwashima) [Orabug: 38158413] {CVE-2025-38181} - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (Haixia Qu) [Orabug: 38158425] {CVE-2025-38184} - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Neal Cardwell) - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). (Kuniyuki Iwashima) [Orabug: 38158434] {CVE-2025-38185} - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). (Kuniyuki Iwashima) [Orabug: 38180618] {CVE-2025-38324} - wifi: carl9170: do not ping device which has failed to load firmware (Dmitry Antipov) [Orabug: 38254011] {CVE-2025-38420} - aoe: clean device rq_list in aoedev_downdev() (Justin Sanders) [Orabug: 38180629] {CVE-2025-38326} - hwmon: (occ) fix unaligned accesses (Arnd Bergmann) - drm/nouveau/bl: increase buffer size to avoid truncate warning (Jacob Keller) - erofs: remove unused trace event erofs_destroy_inode (Gao Xiang) - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (Jonathan Lane) - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (Takashi Iwai) - Input: sparcspkr - avoid unannotated fall-through (Yuli Wang) - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (Terry Junge) [Orabug: 38152878] {CVE-2025-38103} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. (Kuniyuki Iwashima) [Orabug: 38158458] {CVE-2025-38190} - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (Stephen Smalley) - scsi: s390: zfcp: Ensure synchronous unit_add (Peter Oberparleiter) - scsi: storvsc: Increase the timeouts to storvsc_timeout (Dexuan Cui) - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (Fedor Pchelkin) [Orabug: 38180636] {CVE-2025-38328} - jffs2: check that raw node were preallocated before writing summary (Artem Sadovnikov) [Orabug: 38158484] {CVE-2025-38194} - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (Andrew Morton) [Orabug: 38137454] {CVE-2025-38090} - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (Narayana Murty N) - platform/x86: dell_rbu: Stop overwriting data buffer (Stuart Hayes) - platform: Add Surface platform directory (Maximilian Luz) - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" (Alexander Sverdlin) - tee: Prevent size calculation wraparound on 32-bit kernels (Jann Horn) - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY (Sukrut Bellary) - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (Laurentiu Tudor) - watchdog: da9052_wdt: respect TWDMIN (Marcus Folkesson) - i40e: fix MMIO write access to an invalid page in i40e_clear_hw (Kyungwook Boo) [Orabug: 38158518] {CVE-2025-38200} - sock: Correct error checking condition for (assign|release)_proto_idx() (Zijun Hu) - scsi: lpfc: Use memcpy() for BIOS version (Daniel Wagner) [Orabug: 38180668] {CVE-2025-38332} - vxlan: Do not treat dst cache initialization errors as fatal (Ido Schimmel) - clk: rockchip: rk3036: mark ddrphy as critical (Heiko Stuebner) - wifi: mac80211: do not offer a mesh path if forwarding is disabled (Benjamin Berg) - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info (Jason Xing) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (Gabor Juhos) - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT (Sebastian Andrzej Siewior) - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows (Eric Dumazet) - tcp: always seek for minimal rtt in tcp_rcv_rtt_update() (Eric Dumazet) - net: dlink: add synchronization for stats update (Moon Yeounsu) - sctp: Do not wake readers in __sctp_write_space() (Petr Malat) - emulex/benet: correct command version selection in be_cmd_get_stats() (Alok Tiwari) - i2c: designware: Invoke runtime suspend on quick slave re-registration (Tan En De) - net: macb: Check return value of dma_set_mask_and_coherent() (Sergio Perez Gonzalez) - cpufreq: Force sync policy boost with global boost on sysfs update (Viresh Kumar) - nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults (Simon Schuster) - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() (Xu Wang) [Orabug: 38175014] {CVE-2025-38237} - media: tc358743: ignore video while HPD is low (Hans Verkuil) - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB (Amber Lin) - jfs: Fix null-ptr-deref in jfs_ioc_trim (Dylan Wolff) [Orabug: 38158546] {CVE-2025-38203} - drm/amdgpu/gfx9: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx8: fix CSIB handling (Alex Deucher) - jfs: fix array-index-out-of-bounds read in add_missing_indices (Aditya Dutt) [Orabug: 38158553] {CVE-2025-38204} - drm/amdgpu/gfx7: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx10: fix CSIB handling (Alex Deucher) - drm/msm/a6xx: Increase HFI response timeout (Akhil P Oommen) - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() (Srinivasan Shanmugam) - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition (Nas Chung) - drm/msm/hdmi: add runtime PM calls to DDC transfer function (Dmitry Baryshkov) - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() (Damon Ding) - sunrpc: update nextcheck time when adding new cache entries (Long Li) - drm/amdgpu/gfx6: fix CSIB handling (Alex Deucher) - ACPI: battery: negate current when discharging (Peter Marheine) - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (Charan Teja Kalla) - power: supply: bq27xxx: Retrieve again when busy (Jerry Lv) - ACPICA: fix acpi parse and parseext cache leaks (Seunghun Han) [Orabug: 38180748] {CVE-2025-38344} - ACPICA: Avoid sequence overread in call to strncmp() (Ahmed Salem) - ACPICA: fix acpi operand cache leak in dswstate.c (Seunghun Han) [Orabug: 38180756] {CVE-2025-38345} - iio: adc: ad7606_spi: fix reg write value mask (David Lechner) - PCI: Fix lock symmetry in pci_slot_unlock() (Ilpo J?rvinen) - PCI: Add ACS quirk for Loongson PCIe (Huacai Chen) - uio_hv_generic: Use correct size for interrupt and monitor pages (Long Li) - regulator: max14577: Add error check for max14577_read_reg() (Xu Wang) - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS (Khem Raj) - staging: iio: ad5933: Correct settling cycles encoding per datasheet (Gabriel) - net: ch9200: fix uninitialised access during mii_nway_restart (Qasim Ijaz) [Orabug: 38132189] {CVE-2025-38086} - ftrace: Fix UAF when lookup kallsym after ftrace disabled (Ye Bin) [Orabug: 38180768] {CVE-2025-38346} - dm-mirror: fix a tiny race condition (Mikulas Patocka) - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (Xu Wang) - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (Xu Wang) - mm: fix ratelimit_pages update error in dirty_ratio_handler() (Jinliang Zheng) - ipc: fix to protect IPCS lookups using RCU (Jeongjun Park) [Orabug: 38158598] {CVE-2025-38212} - parisc: fix building with gcc-15 (Arnd Bergmann) - vgacon: Add check for vc_origin address range in vgacon_scroll() (Gong, Ruiqi) - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (Murad Masimov) [Orabug: 38158615] {CVE-2025-38214} - EDAC/altera: Use correct write width with the INTTEST register (Niravkumar L Rabara) - NFC: nci: uart: Set tty->disc_data only in success path (Krzysztof Kozlowski) [Orabug: 38253992] {CVE-2025-38416} - f2fs: prevent kernel warning due to negative i_nlink from corrupted image (Jaegeuk Kim) [Orabug: 38158649] {CVE-2025-38219} - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (Dan Carpenter) [Orabug: 38254054] {CVE-2025-38428} - ext4: fix calculation of credits for extent tree modification (Jan Kara) - ext4: inline: fix len overflow in ext4_prepare_inline_data (Thadeu Lima de Souza Cascardo) [Orabug: 38158662] {CVE-2025-38222} - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (Ioana Ciornei) - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tasos Sahanidis) [Orabug: 38180697] {CVE-2025-38336} - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() (Ross Stutterheim) - media: v4l2-dev: fix error handling in __video_register_device() (Ma Ke) - media: gspca: Add error handling for stv06xx_read_sensor() (Xu Wang) - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (Mingcong Bai) - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (Neil Brown) [Orabug: 38254062] {CVE-2025-38430} - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (Christian Lamparter) [Orabug: 38180783] {CVE-2025-38348} - gfs2: move msleep to sleepable context (Alexander Aring) - configfs: Do not override creating attribute file failure in populate_attrs() (Zijun Hu) - net: usb: aqc111: debug info before sanitation (Oliver Neukum) - calipso: unlock rcu before returning -EAFNOSUPPORT (Eric Dumazet) - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (Stefano Stabellini) - usb: Flush altsetting 0 endpoints before reinitializating them after reset. (Mathias Nyman) - fs/filesystems: Fix potential unsigned integer underflow in fs_name() (Zijun Hu) - net/mdiobus: Fix potential out-of-bounds read/write access (Jakub Raczynski) - drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang (Nathan Chancellor) - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang (Nathan Chancellor) - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option (Nathan Chancellor) - x86/boot/compressed: prefer cc-option for CFLAGS additions (Nick Desaulniers) - net: mdio: C22 is now optional, EOPNOTSUPP if not provided (Andrew Lunn) - net_sched: tbf: fix a race in tbf_change() (Eric Dumazet) - net_sched: red: fix a race in __red_change() (Eric Dumazet) [Orabug: 38152899] {CVE-2025-38108} - net_sched: prio: fix a race in prio_tune() (Eric Dumazet) [Orabug: 38105335] {CVE-2025-38083} - net/mlx5: Fix return value when searching for existing flow group (Patrisious Haddad) - net/mlx5: Wait for inactive autogroups (Paul Blakey) - i40e: retry VFLR handling if there is ongoing VF reset (Robert Malz) - i40e: return false from i40e_reset_vf if reset is in progress (Robert Malz) - net_sched: sch_sfq: fix a potential crash on gso_skb handling (Eric Dumazet) [Orabug: 38152923] {CVE-2025-38115} - scsi: iscsi: Fix incorrect error path labels for flashnode operations (Alok Tiwari) - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (Chuck Lever) [Orabug: 36954169] {CVE-2022-48829} - NFSD: Fix ia_size underflow (Chuck Lever) [Orabug: 36954164] {CVE-2022-48828} - Input: synaptics-rmi - fix crash with unsupported versions of F34 (Dmitry Torokhov) - Input: synaptics-rmi4 - convert to use sysfs_emit() APIs (Zhang Songyi) - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() (Dan Carpenter) - do_change_type(): refuse to operate on unmounted/not ours mounts (Al Viro) [Orabug: 38256450] {CVE-2025-38498} - ice: create new Tx scheduler nodes for new queues only (Michal Kubiak) - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (Luiz Augusto von Dentz) - net/mlx4_en: Prevent potential integer overflow calculating Hz (Dan Carpenter) - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (Nicolas Pitre) - serial: Fix potential null-ptr-deref in mlb_usio_probe() (Henry Martin) [Orabug: 38153012] {CVE-2025-38135} - usb: renesas_usbhs: Reorder clock handling and power management in probe (Lad Prabhakar) [Orabug: 38153017] {CVE-2025-38136} - rtc: Fix offset calculation for .start_secs < 0 (Alexandre Mergnat) - rtc: sh: assign correct interrupts with DT (Wolfram Sang) - perf record: Fix incorrect --user-regs comments (Dapeng Mi) - perf tests switch-tracking: Fix timestamp comparison (Leo Yan) - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (Alexey Gladkov) - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (Christophe Jaillet) - rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() (Dan Carpenter) - perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 (Adrian Hunter) - perf ui browser hists: Set actions->thread before calling do_zoom_thread() (Arnaldo Carvalho de Melo) - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180566] {CVE-2025-38312} - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153060] {CVE-2025-38145} - soc: aspeed: lpc: Fix impossible judgment condition (Su Hui) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (Quentin Schulz) - ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device (Dmitry Baryshkov) - bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180573] {CVE-2025-38313} - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (Ryusuke Konishi) - nilfs2: add pointer check for nilfs_direct_propagate() (Xu Wang) - Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253985] {CVE-2025-38415} - ARM: dts: at91: at91sam9263: fix NAND chip selects (Wolfram Sang) - ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select (Wolfram Sang) - f2fs: fix to correct check conditions in f2fs_cross_rename (Zhiguo Niu) - f2fs: use d_inode(dentry) cleanup dentry->d_inode (Zhiguo Niu) - calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153070] {CVE-2025-38147} - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy (Thangaraj Samynathan) - net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153090] {CVE-2025-38153} - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (Florian Westphal) - wifi: ath9k_htc: Abort software beacon handling if disabled (Toke H?iland-J?rgensen) [Orabug: 38153110] {CVE-2025-38157} - bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180489] {CVE-2025-38285} - pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180495] {CVE-2025-38286} - ktls, sockmap: Fix missing uncharge operation (Jiayuan Chen) - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (Huajian Yang) - f2fs: clean up w/ fscrypt_is_bounce_page() (Chao Yu) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (Junxian Huang) - wifi: rtw88: do not ignore hardware read error during DPK (Dmitry Antipov) - net: ncsi: Fix GCPS 64-bit member variables (Hari Kalavakunta) - f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153150] {CVE-2025-38163} - drm/tegra: rgb: Fix the unbound reference count (Biju Das) - drm/vkms: Adjust vkms_state->active_planes allocation type (Kees Cook) - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (Biju Das) - selftests/seccomp: fix syscall_restart test for arm compat (Neill Kapron) - firmware: psci: Fix refcount leak in psci_dt_init (Miaoqian Lin) - m68k: mac: Fix macintosh_config for Mac II (Finn Thain) - drm/vmwgfx: Add seqno waiter for sync_files (Ian Forbes) - spi: sh-msiof: Fix maximum DMA transfer size (Geert Uytterhoeven) - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" (Armin Wolf) - x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (Jiaqing Zhao) - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (Zijun Hu) - EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180525] {CVE-2025-38298} - crypto: marvell/cesa - Avoid empty transfer descriptor (Herbert Xu) - crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153190] {CVE-2025-38173} - x86/cpu: Sanitize CPUID(0x80000000) output (Ahmed S. Darwish) - perf/core: Fix broken throttling when max_samples_per_tick=1 (Qing Wang) - gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher) - netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [Orabug: 37116555] {CVE-2024-46855} - thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158384] {CVE-2025-38174} - usb: usbtmc: Fix timeout value in get_stb (Dave Penkler) - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (Hongyu Xie) - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (Jiayi Li) - pinctrl: armada-37xx: set GPIO output value before setting direction (Gabor Juhos) - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (Gabor Juhos) [5.4.17-2136.346.6.el7uek] - net/mlx5: Add poll-eq API to be used by ULP's (Praveen Kumar Kannoju) [Orabug: 38109070] - net/rds: poll eq during user-reset (Praveen Kumar Kannoju) [Orabug: 38189315] [5.4.17-2136.346.5.el7uek] - perf: Fix perf_event_validate_size() lockdep splat (Mark Rutland) [Orabug: 36261486] {CVE-2023-6931} - perf: Fix perf_event_validate_size() (Peter Zijlstra) [Orabug: 36261486] {CVE-2023-6931} - net/mlx5: set graceful_period to 0 to allow multiple transmission queue recovery (Praveen Kumar Kannoju) [Orabug: 38182891] [5.4.17-2136.346.4.el7uek] - pwm: mediatek: Ensure to disable clocks in error path (Uwe Kleine-K?nig) - Revert "mmc: sdhci: Disable SD card clock before changing parameters" (Ulf Hansson) - net/sched: Always pass notifications when child class becomes empty (Lion Ackermann) [Orabug: 38217340] {CVE-2025-38350} [5.4.17-2136.346.3.el7uek] - x86/bpf: Classic BPF program can fail when BHB barrier is used (Alexandre Chartre) [Orabug: 38151403] - Add Zen34 clients (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357} - x86/process: Move the buffer clearing before MONITOR (Kim Phillips) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357} - KVM: SVM: Advertize TSA CPUID bits to guests (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357} - x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357} - KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357} - x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357} - x86/CPU/AMD: Add ZenX generations flags (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357} - x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits (Boris Ostrovsky) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357} [5.4.17-2136.346.2.el7uek] - Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older (Breno Leitao) - tracing: Fix compilation warning on arm32 (Pan Taixi) - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices (Rafael J. Wysocki) - LTS tag: v5.4.294 (Alok Tiwari) - platform/x86: thinkpad_acpi: Ignore battery threshold change event notification (Mark Pearson) - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (Valtteri Koskivuori) - spi: spi-sun4i: fix early activation (Alessandro Grassi) - um: let 'make clean' properly clean underlying SUBARCH as well (Masahiro Yamada) - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (John Chau) - nfs: don't share pNFS DS connections between net namespaces (Jeff Layton) - HID: quirks: Add ADATA XPG alpha wireless mouse support (Milton Barrera) - coredump: hand a pidfd to the usermode coredump helper (Christian Brauner) - fork: use pidfd_prepare() (Christian Brauner) - pid: add pidfd_prepare() (Christian Brauner) - pidfd: check pid has attached task in fdinfo (Christian Brauner) - coredump: fix error handling for replace_fd() (Christian Brauner) - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Pedro Tammela) [Orabug: 38049365] {CVE-2025-38001} - smb: client: Reset all search buffer pointers when releasing buffer (Zhaolong Wang) - smb: client: Fix use-after-free in cifs_fill_dirent (Zhaolong Wang) [Orabug: 38094972] {CVE-2025-38051} - drm/i915/gvt: fix unterminated-string-initialization warning (Jani Nikula) - netfilter: nf_tables: do not defer rule destruction via call_rcu (Florian Westphal) [Orabug: 38186911] {CVE-2024-56655} - netfilter: nf_tables: wait for rcu grace period on net_device removal (Pablo Neira Ayuso) - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx (Florian Westphal) - kbuild: Disable -Wdefault-const-init-unsafe (Nathan Chancellor) - spi: spi-fsl-dspi: restrict register range for regmap access (Larisa Grigore) - mm/page_alloc.c: avoid infinite retries caused by cpuset race (Tianyang Zhang) - drm/edid: fixed the bug that hdr metadata was not reset (Feijuan Li) - llc: fix data loss when reading from a socket in llc_ui_recvmsg() (Gavrilov Ilia) - ALSA: pcm: Fix race of buffer access at PCM OSS layer (Takashi Iwai) [Orabug: 38095147] {CVE-2025-38078} - can: bcm: add missing rcu read protection for procfs content (Oliver Hartkopp) [Orabug: 38049371] {CVE-2025-38003} - can: bcm: add locking for bcm_op runtime updates (Oliver Hartkopp) [Orabug: 38049376] {CVE-2025-38004} - crypto: algif_hash - fix double free in hash_accept (Ivan Pravdin) [Orabug: 38095156] {CVE-2025-38079} - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Cong Wang) [Orabug: 38049359] {CVE-2025-38000} - net: dwmac-sun8i: Use parsed internal PHY address instead of 1 (Paul Kocialkowski) - bridge: netfilter: Fix forwarding of fragmented packets (Ido Schimmel) - xfrm: Sanitize marks before insert (Paul Chaignon) - __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (Al Viro) [Orabug: 38095002] {CVE-2025-38058} - xenbus: Allow PVH dom0 a non-local xenstore (Jason Andryuk) - btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (Goldwyn Rodrigues) [Orabug: 38094858] {CVE-2025-38034} - nvmet-tcp: don't restore null sk_state_change (Alistair Francis) [Orabug: 38094865] {CVE-2025-38035} - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 (Takashi Iwai) - pinctrl: meson: define the pull up/down resistor value as 60 kOhm (Martin Blumenstingl) - drm: Add valid clones check (Jessica Zhang) - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset (Simona Vetter) - regulator: ad5398: Add device tree support (Isaac Scott) - wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate (Bitterblue Smith) - bpftool: Fix readlink usage in get_fd_type (Viktor Malik) - HID: usbkbd: Fix the bit shift number for LED_KANA (Junan) - scsi: st: Restore some drive settings after reset (Kai M?kisara) - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (Justin Tee) - rcu: fix header guard for rcu_all_qs() (Ankur Arora) - rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y (Ankur Arora) - vxlan: Annotate FDB data races (Ido Schimmel) [Orabug: 38094881] {CVE-2025-38037} - hwmon: (xgene-hwmon) use appropriate type for the latency value (Andrey Vatoropin) - ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). (Kuniyuki Iwashima) - net/mlx5e: reduce rep rxq depth to 256 for ECPF (William Tu) - net/mlx5e: set the tx_queue_len for pfifo_fast (William Tu) - net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB (Alexei Lazar) - phy: core: don't require set_mode() callback for phy_get_mode() to work (Dmitry Baryshkov) - net/mlx4_core: Avoid impossible mlx4_db_alloc() order value (Kees Cook) - smack: recognize ipv4 CIPSO w/o categories (Konstantin Andreev) - pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map (Valentin Caron) - ASoC: ops: Enforce platform maximum on initial value (Martin Povi?er) - net/mlx5: Apply rate-limiting to high temperature warning (Shahar Shitrit) - net/mlx5: Modify LSB bitmask in temperature event to include only the first bit (Shahar Shitrit) - ACPI: HED: Always initialize before evged (Xiaofei Tan) - PCI: Fix old_size lower bound in calculate_iosize() too (Ilpo J?rvinen) - EDAC/ie31200: work around false positive build warning (Arnd Bergmann) - net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (Peter Seiderer) [Orabug: 38095027] {CVE-2025-38061} - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU (Bitterblue Smith) - scsi: mpt3sas: Send a diag reset if target reset fails (Shivasharan S) - MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core (Paul Burton) - MIPS: Use arch specific syscall name match function (Bibo Mao) - cpuidle: menu: Avoid discarding useful information (Rafael J. Wysocki) - x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() (Waiman Long) - bonding: report duplicate MAC address in all situations (Hangbin Liu) - net: xgene-v2: remove incorrect ACPI_PTR annotation (Arnd Bergmann) - drm/amdkfd: KFD release_work possible circular locking (Philip Yang) - net/mlx5: Avoid report two health errors on same syndrome (Moshe Shemesh) - fpga: altera-cvp: Increase credit timeout (Kuhanh Murugasen Krishnan) - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence (AngeloGioacchino Del Regno) - hwmon: (gpio-fan) Add missing mutex locks (Alexander Stein) - x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 (Breno Leitao) - net: pktgen: fix mpls maximum labels list parsing (Peter Seiderer) - pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" (Artur Weber) - media: cx231xx: set device_caps for 417 (Hans Verkuil) [Orabug: 38094937] {CVE-2025-38044} - orangefs: Do not truncate file size (Matthew Wilcox) [Orabug: 38095058] {CVE-2025-38065} - dm cache: prevent BUG_ON by blocking retries on failed device resumes (Ming-Hung Tsai) [Orabug: 38095065] {CVE-2025-38066} - media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() (Markus Elfring) - ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 (Svyatoslav Ryhel) - ieee802154: ca8210: Use proper setters and getters for bitwise types (Andy Shevchenko) - rtc: ds1307: stop disabling alarms on probe (Alexandre Belloni) - powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 (Andreas Schwab) - mmc: sdhci: Disable SD card clock before changing parameters (Erick Shepherd) - netfilter: conntrack: Bound nf_conntrack sysctl writes (Nicolas Bouchinet) - posix-timers: Add cond_resched() to posix_timer_add() search loop (Eric Dumazet) - xen: Add support for XenServer 6.1 platform device (Frediano Ziglio) - dm: restrict dm device size to 2^63-512 bytes (Mikulas Patocka) - kbuild: fix argument parsing in scripts/config (Seyediman Seyedarab) - scsi: st: ERASE does not change tape location (Kai M?kisara) - scsi: st: Tighten the page format heuristics with MODE SELECT (Kai M?kisara) - ext4: reorder capability check last (Christian G?ttsche) - um: Update min_low_pfn to match changes in uml_reserved (Tiwei Bie) - um: Store full CSGSFS and SS register from mcontext (Benjamin Berg) - btrfs: send: return -ENAMETOOLONG when attempting a path that is too long (Filipe Manana) - btrfs: avoid linker error in btrfs_find_create_tree_block() (Mark Harmstone) - i2c: pxa: fix call balance of i2c->clk handling routines (Vitalii Mordan) - mmc: host: Wait for Vdd to settle on card power off (Erick Shepherd) - libnvdimm/labels: Fix divide error in nd_label_data_init() (Robert Richter) [Orabug: 38095111] {CVE-2025-38072} - pNFS/flexfiles: Report ENETDOWN as a connection error (Trond Myklebust) - tools/build: Don't pass test log files to linker (Ian Rogers) - dql: Fix dql->limit value when reset. (Jing Su) - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting (Trond Myklebust) - NFSv4: Treat ENETUNREACH errors as fatal for state recovery (Trond Myklebust) - fbdev: core: tileblit: Implement missing margin clearing for tileblit (Zsolt Kajtar) - fbdev: fsl-diu-fb: add missing device_remove_file() (Shixiong Ou) - mailbox: use error ret code of of_parse_phandle_with_args() (Tudor Ambarus) - kconfig: merge_config: use an empty file as initfile (Daniel Gomez) - cgroup: Fix compilation issue due to cgroup_mutex not being exported (Gao Xu) - dma-mapping: avoid potential unused data compilation warning (Marek Szyprowski) - scsi: target: iscsi: Fix timeout on deleted connection (Dmitry Bogdanov) [Orabug: 38095136] {CVE-2025-38075} - openvswitch: Fix unsafe attribute parsing in output_userspace() (Eelco Chaudron) [Orabug: 38015150] {CVE-2025-37998} - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (Aditya Garg) - Input: synaptics - enable SMBus for HP Elitebook 850 G1 (Dmitry Torokhov) - clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() (Sebastian Andrzej Siewior) - phy: renesas: rcar-gen3-usb2: Set timing registers only once (Claudiu Beznea) - phy: Fix error handling in tegra_xusb_port_init (Ma Ke) - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (Xu Wang) - NFSv4/pnfs: Reset the layout state after a layoutreturn (Trond Myklebust) - NFSv4/pnfs: pnfs_set_layout_stateid() should update the layout cred (Trond Myklebust) - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() (Abdun Nihaal) - ALSA: sh: SND_AICA should depend on SH_DMA_API (Geert Uytterhoeven) - net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING (Vladimir Oltean) - spi: loopback-test: Do not split 1024-byte hexdumps (Geert Uytterhoeven) - nfs: handle failure of nfs_get_lock_context in unlock path (Li Lingfeng) [Orabug: 38094820] {CVE-2025-38023} - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (Zhu Yanjun) [Orabug: 38094829] {CVE-2025-38024} - iio: chemical: sps30: use aligned_s64 for timestamp (David Lechner) - iio: adc: ad7768-1: Fix insufficient alignment of timestamp. (Jonathan Cameron) - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (Gabriel) - staging: axis-fifo: avoid parsing ignored device tree properties (Quentin Deslandes) - staging: axis-fifo: Remove hardware resets for user errors (Gabriel) - staging: axis-fifo: replace spinlock with mutex (Quentin Deslandes) - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (Hans de Goede) - do_umount(): add missing barrier before refcount checks in sync case (Al Viro) - MIPS: Fix MAX_REG_OFFSET (Thorsten Blum) - iio: adc: dln2: Use aligned_s64 for timestamp (Jonathan Cameron) - types: Complement the aligned types with signed 64-bit one (Andy Shevchenko) - usb: usbtmc: Fix erroneous generic_read ioctl return (Dave Penkler) - usb: usbtmc: Fix erroneous wait_srq ioctl return (Dave Penkler) - usb: usbtmc: Fix erroneous get_stb ioctl error returns (Dave Penkler) - USB: usbtmc: use interruptible sleep in usbtmc_read (Oliver Neukum) - usb: typec: ucsi: displayport: Fix NULL pointer access (Andrei Kuchynski) [Orabug: 38015128] {CVE-2025-37994} - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (Rd Babiera) - ocfs2: stop quota recovery before disabling quotas (Jan Kara) - ocfs2: implement handshaking with ocfs2 recovery thread (Jan Kara) - ocfs2: switch osb->disable_recovery to enum (Jan Kara) - module: ensure that kobject_put() is safe for module type kobjects (Dmitry Antipov) [Orabug: 38015133] {CVE-2025-37995} - xenbus: Use kref to track req lifetime (Jason Andryuk) [Orabug: 37976936] {CVE-2025-37949} - usb: uhci-platform: Make the clock really optional (Alexey Charkov) - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (Silvano Seva) [Orabug: 37977033] {CVE-2025-37969} - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (Silvano Seva) [Orabug: 37977039] {CVE-2025-37970} - iio: adis16201: Correct inclinometer channel resolution (Gabriel) - iio: adc: ad7606: fix serial register access (Angelo Dureghello) - staging: iio: adc: ad7816: Correct conditional logic for store mode (Gabriel) - Input: synaptics - enable InterTouch on Dell Precision M3800 (Aditya Garg) - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (Aditya Garg) - Input: synaptics - enable InterTouch on Dynabook Portege X30-D (Manuel Fombuena) - net: dsa: b53: fix learning on VLAN unaware bridges (Jonas Gorski) - netfilter: ipset: fix region locking in hash types (Jozsef Kadlecsik) [Orabug: 38015143] {CVE-2025-37997} - sch_htb: make htb_deactivate() idempotent (Cong Wang) [Orabug: 38186817] {CVE-2025-37953} - dm: fix copying after src array boundaries (Tudor Ambarus) - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (Pavel Paklov) [Orabug: 37976839] {CVE-2025-37927} - arm64: dts: rockchip: fix iface clock-name on px30 iommus (Heiko Stuebner) - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (Fedor Pchelkin) - usb: chipidea: ci_hdrc_imx: use dev_err_probe() (Alexander Stein) - usb: chipidea: imx: refine the error handling for hsic (Peter Chen) - usb: chipidea: imx: change hsic power regulator as optional (Peter Chen) - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (Suzuki K Poulose) [Orabug: 37930014] {CVE-2025-37819} - irqchip/gic-v2m: Mark a few functions __init (Thomas Gleixner) - irqchip/gic-v2m: Add const to of_device_id (Xiang Wangx) - sch_htb: make htb_qlen_notify() idempotent (Cong Wang) [Orabug: 37976860] {CVE-2025-37932} - of: module: add buffer overflow check in of_modalias() (Sergey Shtylyov) [Orabug: 36753382] {CVE-2024-38541} - PCI: imx6: Skip controller_id generation logic for i.MX7D (Richard Zhu) - net: fec: ERR007885 Workaround for conventional TX (Mattias Barthel) - net: lan743x: Fix memleak issue when GSO enabled (Thangaraj Samynathan) [Orabug: 37976767] {CVE-2025-37909} - lan743x: fix endianness when accessing descriptors (Alexey Denisov) - lan743x: remove redundant initialization of variable current_head_index (Colin Ian King) - nvme-tcp: fix premature queue removal and I/O failover (Michael Liang) - net: dlink: Correct endianness handling of led_mode (Simon Horman) - net_sched: qfq: Fix double list add in class with netem as child qdisc (Victor Nogueira) [Orabug: 37976785] {CVE-2025-37913} - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (Victor Nogueira) [Orabug: 37967412] {CVE-2025-37890} - net_sched: drr: Fix double list add in class with netem as child qdisc (Victor Nogueira) [Orabug: 37976794] {CVE-2025-37915} - net/mlx5: E-Switch, Initialize MAC Address for Default GID (Maor Gottlieb) - tracing: Fix oob write in trace_seq_to_buffer() (Jeongjun Park) [Orabug: 37976823] {CVE-2025-37923} - dm: always update the array size in realloc_argv on success (Benjamin Marzinski) - dm-integrity: fix a warning on invalid table line (Mikulas Patocka) - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (Xu Wang) [Orabug: 37977121] {CVE-2025-37990} - amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload (Vishal Badole) - parisc: Fix double SIGFPE crash (Helge Deller) [Orabug: 37977129] {CVE-2025-37991} - i2c: imx-lpi2c: Fix clock count when probe defers (Clark Wang) - EDAC/altera: Set DDR and SDMMC interrupt mask before registration (Niravkumar L Rabara) - EDAC/altera: Test the correct error reg offset (Niravkumar L Rabara) [5.4.17-2136.346.1.el7uek] - scsi: qedf: Wait for stag work during unload (Saurav Kashyap) [Orabug: 37296386] - scsi: qedf: Don't process stag work during unload and recovery (Saurav Kashyap) [Orabug: 37296386] [5.4.17-2136.345.5.el7uek] - rds: ib: Add cm_id generation scheme in order to detect new ones (H?kon Bugge) [Orabug: 37799171] [5.4.17-2136.345.4.el7uek] - x86/its: BPF can crash in bpf_jit_comp.c when ITS is enabled (Alexandre Chartre) [Orabug: 38043586] - shmem: add support to ignore swap (Luis Chamberlain) [Orabug: 38034040] - shmem: update documentation (Luis Chamberlain) [Orabug: 38034040] - mm: hold the source mmap write lock when copying PTEs (Anthony Yznaga) [Orabug: 38029050] - mm: do not write protect COW mappings when preserving across exec (Anthony Yznaga) [Orabug: 38029050] - mm: differentiate copying PTEs for preservation from copying for fork (Anthony Yznaga) [Orabug: 38029050] - mm/fork: Pass new vma pointer into copy_page_range() (Peter Xu) [Orabug: 38029050] - xen/swiotlb: relax alignment requirements (Juergen Gross) [Orabug: 37523168] - Reapply "xen/swiotlb: add alignment check for dma buffers" (Harshvardhan Jha) [Orabug: 37523168] [5.4.17-2136.345.3.el7uek] - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" (Nathan Lynch) - nvme: unblock ctrl state transition for firmware update (Daniel Wagner) - memcg: always call cond_resched() after fn() (Breno Leitao) - ACPI: PPTT: Fix processor subtable walk (Jeremy Linton) - LTS tag: v5.4.293 (Sherry Yang) - MIPS: cm: Fix warning if MIPS_CM is disabled (Thomas Bogendoerfer) - crypto: atmel-sha204a - Set hwrng quality to lowest possible (Marek Beh?n) - comedi: jr3_pci: Fix synchronous deletion of timer (Ian Abbott) - md/raid1: Add check for missing source disk in process_checks() (Meir Elisha) - scsi: pm80xx: Set phy_attached to zero when device is gone (Igor Pylypiv) - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (Jean-Marc Eurin) - selftests: ublk: fix test_stripe_04 (Ming Lei) - udmabuf: fix a buf size overflow issue during udmabuf creation (Xiaogang Chen) [Orabug: 37929939] {CVE-2025-37803} - KVM: s390: Don't use %pK through tracepoints (Thomas Wei?schuh) - sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP (Oleg Nesterov) - ntb: reduce stack usage in idt_scan_mws (Arnd Bergmann) - qibfs: fix _another_ leak (Al Viro) [Orabug: 37977084] {CVE-2025-37983} - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (Chenyuan Yang) [Orabug: 37937504] {CVE-2025-37881} - dmaengine: dmatest: Fix dmatest waiting less when interrupted (Vinicius Costa Gomes) - usb: host: max3421-hcd: Add missing spi_device_id table (Alexander Stein) - parisc: PDT: Fix missing prototype warning (Yu-Chun Lin) - clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() (Heiko Stuebner) - crypto: null - Use spin lock instead of mutex (Herbert Xu) [Orabug: 37929974] {CVE-2025-37808} - MIPS: cm: Detect CM quirks from device tree (Gregory Clement) - USB: VLI disk crashes if LPM is used (Oliver Neukum) - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (Miao Li) - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (Miao Li) - usb: dwc3: gadget: check that event count does not exceed event buffer length (Frode Isaksen) [Orabug: 37929982] {CVE-2025-37810} - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (Huacai Chen) - usb: cdns3: Fix deadlock when using NCM gadget (Ralph Siemsen) [Orabug: 37929989] {CVE-2025-37812} - USB: serial: simple: add OWON HDS200 series oscilloscope support (Craig Hesling) - USB: serial: option: add Sierra Wireless EM9291 (Adam Xue) - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (Michael Ehrenreich) - serial: sifive: lock port in startup()/shutdown() callbacks (Ryo Takakura) - USB: storage: quirk for ADATA Portable HDD CH94 (Oliver Neukum) - mcb: fix a double free bug in chameleon_parse_gdd() (Haoxiang Li) [Orabug: 37930001] {CVE-2025-37817} - virtio_console: fix missing byte order handling for cols and rows (Halil Pasic) - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (Cong Wang) [Orabug: 37930029] {CVE-2025-37823} - net_sched: hfsc: Fix a UAF vulnerability in class handling (Cong Wang) [Orabug: 37908485] {CVE-2025-37797} - tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (Tung Nguyen) [Orabug: 37930040] {CVE-2025-37824} - net: phy: leds: fix memory leak (Qingfang Deng) [Orabug: 37977113] {CVE-2025-37989} - cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (Henry Martin) [Orabug: 37930052] {CVE-2025-37829} - drm/amd/pm: Prevent division by zero (Denis Arefev) [Orabug: 37901824,37901841,37901831] {CVE-2025-37766,CVE-2025-37768,CVE-2025-37770} - misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error (Kunihiko Hayashi) - misc: pci_endpoint_test: Use INTX instead of LEGACY (Damien Le Moal) - PCI: Rename PCI_IRQ_LEGACY to PCI_IRQ_INTX (Bjorn Helgaas) - iio: adc: ad7768-1: Fix conversion result sign (Sergiu Cuciurean) - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (Jonathan Cameron) - net: dsa: mv88e6xxx: fix VTU methods for 6320 family (Marek Beh?n) - media: vim2m: print device name after registering device (Matthew Majewski) - ext4: fix OOB read when checking dotdot dir (Jakub Acs) [Orabug: 37855335] {CVE-2025-37785} - ext4: optimize __ext4_check_dir_entry() (Theodore Ts'O) - ext4: don't over-report free space or inodes in statvfs (Theodore Ts'O) - ext4: code cleanup for ext4_statfs_project() (Chengguang Xu) - ext4: simplify checking quota limits in ext4_statfs() (Jan Kara) - platform/x86: ISST: Correct command storage data length (Srinivas Pandruvada) - MIPS: ds1287: Match ds1287_set_base_clock() function types (Yuli Wang) - MIPS: cevt-ds1287: Add missing ds1287.h include (Yuli Wang) - MIPS: dec: Declare which_prom() as static (Yuli Wang) - virtio-net: Add validation for used length (Xie Yongji) [Orabug: 37079171] {CVE-2021-47352} - RDMA/srpt: Support specifying the srpt_service_guid parameter (Bart Van Assche) [Orabug: 36530711] {CVE-2024-26744} - openvswitch: fix lockup on tx to unregistering netdev with carrier (Ilya Maximets) [Orabug: 38160327] {CVE-2025-21681} - net: openvswitch: fix race on port output (Felix Huettner) - mmc: cqhci: Fix checking of CQHCI_HALT state (Seunghwan Baek) - nvmet-fc: Remove unused functions (Yuli Wang) - usb: dwc3: support continuous runtime PM with dual role (Martin Kepplinger) - misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (Kunihiko Hayashi) - misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (Kunihiko Hayashi) [Orabug: 37901587] {CVE-2025-23140} - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Kuniyuki Iwashima) [Orabug: 37264115] {CVE-2024-50154} - powerpc/prom_init: Use -ffreestanding to avoid a reference to bcmp (Nathan Chancellor) - kbuild: Add '-fno-builtin-wcslen' (Nathan Chancellor) - cpufreq: Reference count policy in cpufreq_update_limits() (Rafael J. Wysocki) - drm/sti: remove duplicate object names (Rolf Eike Beer) - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (Chris Bainbridge) [Orabug: 37901818] {CVE-2025-37765} - drm/repaper: fix integer overflows in repeat functions (Nikita Zhandarovich) - module: sign with sha512 instead of sha1 by default (Thorsten Leemhuis) - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (Kan Liang) - perf/x86/intel: Allow to update user space GPRs from PEBS records (Dapeng Mi) - virtiofs: add filesystem context source name check (Xiangsheng Hou) [Orabug: 37901855] {CVE-2025-37773} - riscv: Avoid fortify warning in syscall_get_arguments() (Nathan Chancellor) - isofs: Prevent the use of too small fid (Edward Adam Davis) [Orabug: 37901890] {CVE-2025-37780} - i2c: cros-ec-tunnel: defer probe if parent EC is not present (Thadeu Lima de Souza Cascardo) [Orabug: 37901898] {CVE-2025-37781} - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (Vasiliy Kovalev) - btrfs: correctly escape subvol in btrfs_show_options() (Johannes Kimmel) - nfs: add missing selections of CONFIG_CRC32 (Eric Biggers) - nfs: move nfs_fhandle_hash to common include file (Jeff Layton) - NFSD: Constify @fh argument of knfsd_fh_hash() (Chuck Lever) - asus-laptop: Fix an uninitialized variable (Denis Arefev) - writeback: fix false warning in inode_to_wb() (Andreas Gruenbacher) - net: b53: enable BPDU reception for management port (Jonas Gorski) - net: openvswitch: fix nested key length validation in the set() action (Ilya Maximets) [Orabug: 37901923] {CVE-2025-37789} - Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (Johannes Berg) - Bluetooth: btrtl: Prevent potential NULL dereference (Dan Carpenter) [Orabug: 37901934] {CVE-2025-37792} - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (Luiz Augusto von Dentz) - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (Yue Haibing) - scsi: iscsi: Fix missing scsi_host_put() in error path (Miaoqian Lin) - wifi: wl1251: fix memory leak in wl1251_tx_work (Abdun Nihaal) [Orabug: 37977076] {CVE-2025-37982} - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (Remi Pommarel) [Orabug: 37901940] {CVE-2025-37794} - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (Remi Pommarel) - wifi: at76c50x: fix use after free access in at76_disconnect (Abdun Nihaal) [Orabug: 37901953] {CVE-2025-37796} - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition (Kaixin Wang) [Orabug: 37855341] {CVE-2025-37838} - pwm: mediatek: always use bus clock for PWM on MT7622 (Daniel Golle) - Bluetooth: hci_uart: Fix another race during initialization (Arseniy Krasnov) - x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() (Myrrh Periwinkle) - PCI: Fix reference leak in pci_alloc_child_bus() (Ma Ke) - of/irq: Fix device node refcount leakages in of_irq_init() (Zijun Hu) - of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() (Zijun Hu) - of/irq: Fix device node refcount leakages in of_irq_count() (Zijun Hu) - ntb: use 64-bit arithmetic for the MSI doorbell mask (Fedor Pchelkin) - gpio: zynq: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski) - ftrace: Add cond_resched() to ftrace_graph_set_hash() (Zhoumin) [Orabug: 37976893] {CVE-2025-37940} - dm-integrity: set ti->error on memory allocation failure (Mikulas Patocka) - crypto: ccp - Fix check for the primary ASP device (Tom Lendacky) - thermal/drivers/rockchip: Add missing rk3328 mapping entry (Trevor Woerner) - sctp: detect and prevent references to a freed transport in sendmsg (Ricardo Ca?uelo Navarro) [Orabug: 37901597] {CVE-2025-23142} - mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock (Mathieu Desnoyers) - sparc/mm: disable preemption in lazy mmu mode (Ryan Roberts) - arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string (Chen-Yu Tsai) - mtd: rawnand: Add status chack in r852_ready() (Xu Wang) - mtd: inftlcore: Add error check for inftl_read_oob() (Xu Wang) [Orabug: 37976720] {CVE-2025-37892} - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (T Pratham) - locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() (Boqun Feng) - jbd2: remove wrong sb->s_sequence check (Jan Kara) [Orabug: 37937283] {CVE-2025-37839} - i3c: Add NULL pointer check in i3c_master_queue_ibi() (Manjunatha Venkatesh) [Orabug: 37901622] {CVE-2025-23147} - ext4: fix off-by-one error in do_split (Artem Sadovnikov) [Orabug: 37901631] {CVE-2025-23150} - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (Gavrilov Ilia) - net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family (Marek Beh?n) - media: venus: hfi_parser: add check to avoid out of bound access (Vikash Garodia) [Orabug: 37901653] {CVE-2025-23157} - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (Sakari Ailus) - media: i2c: ov7251: Set enable GPIO low in probe (Sakari Ailus) - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (Karina Yankevich) - media: streamzap: prevent processing IR data on URB failure (Murad Masimov) - mtd: rawnand: brcmnand: fix PM resume warning (Kamal Dasu) [Orabug: 37937292] {CVE-2025-37840} - arm64: cputype: Add MIDR_CORTEX_A76AE (Douglas Anderson) - xenfs/xensyms: respect hypervisor's "next" indication (Jan Beulich) - media: siano: Fix error handling in smsdvb_module_init() (Yuan Can) - media: venus: hfi: add check to handle incorrect queue size (Vikash Garodia) [Orabug: 37901657] {CVE-2025-23158} - media: venus: hfi: add a check to handle OOB in sfr region (Vikash Garodia) [Orabug: 37901662] {CVE-2025-23159} - media: i2c: adv748x: Fix test pattern selection mask (Niklas S?derlund) - ext4: don't treat fhandle lookup of ea_inode as FS corruption (Jann Horn) - ext4: reject casefold inode flag without casefold feature (Eric Biggers) - bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags (Willem de Bruijn) - bpf: Add endian modifiers to fix endian warnings (Ben Dooks) - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (Uwe Kleine-K?nig) - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (Josh Poimboeuf) [Orabug: 37937329] {CVE-2025-37850} - pwm: mediatek: Always use bus clock (Fabien Parent) - fbdev: omapfb: Add 'plane' value check (Leonid Arapov) - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (AngeloGioacchino Del Regno) - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (Philip Yang) - drm/amdkfd: clamp queue size to minimum (David Yat Sin) - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (Andrew Wyatt) - drm: panel-orientation-quirks: Add support for AYANEO 2S (Andrew Wyatt) - drm: allow encoder mode_set even when connectors change for crtc (Abhinav Kumar) - Bluetooth: hci_uart: fix race during initialization (Arseniy Krasnov) - tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER (Gabriele Paoloni) - net: vlan: don't propagate flags on open (Stanislav Fomichev) [Orabug: 37901684] {CVE-2025-23163} - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (Icenowy Zheng) - scsi: st: Fix array overflow in st_setup() (Kai M?kisara) [Orabug: 37937379] {CVE-2025-37857} - ext4: ignore xattrs past end (Bhupesh) [Orabug: 37901692] {CVE-2025-37738} - ext4: protect ext4_release_dquot against freezing (Ojaswin Mujoo) - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (Daniel Kral) - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode (Niklas Cassel) - jfs: add sanity check for agwidth in dbMount (Edward Adam Davis) [Orabug: 37901707] {CVE-2025-37740} - jfs: Prevent copying of nlink with value 0 from disk inode (Edward Adam Davis) [Orabug: 37901716] {CVE-2025-37741} - fs/jfs: Prevent integer overflow in AG size calculation (Rand Deeb) [Orabug: 37937387] {CVE-2025-37858} - fs/jfs: cast inactags to s64 to prevent potential overflow (Rand Deeb) - page_pool: avoid infinite loop to schedule delayed worker (Jason Xing) [Orabug: 37937395] {CVE-2025-37859} - ALSA: usb-audio: Fix CME quirk for UF series keyboards (Ricard Wanderlof) - ALSA: hda: intel: Fix Optimus when GPU has no sound (Maxim Mikityanskiy) - HID: pidff: Fix null pointer dereference in pidff_find_fields (Tomasz Paku?a) [Orabug: 37937410] {CVE-2025-37862} - HID: pidff: Do not send effect envelope if it's empty (Tomasz Paku?a) - HID: pidff: Convert infinite length from Linux API to PID standard (Tomasz Paku?a) - xen/mcelog: Add __nonstring annotations for unterminated strings (Kees Cook) - perf: arm_pmu: Don't disable counter in armpmu_add() (Mark Rutland) - x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine (Max Grobecker) - pm: cpupower: bench: Prevent NULL dereference on malloc failure (Zhongqiu Han) [Orabug: 37937297] {CVE-2025-37841} - net: ppp: Add bound checking for skb data on ppp_sync_txmung (Arnaud Lecomte) [Orabug: 37901766] {CVE-2025-37749} - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (Xu Wang) - ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones (Hannes Reinecke) - tipc: fix memory leak in tipc_link_xmit (Tung Nguyen) [Orabug: 37901790] {CVE-2025-37757} - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (Henry Martin) [Orabug: 37901796] {CVE-2025-37758} [5.4.17-2136.345.2.el7uek] - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (Pawan Gupta) [Orabug: 37959995] - x86/bpf: Add IBHF call at end of classic BPF (Daniel Sneddon) [Orabug: 37959995] - x86/bpf: Call branch history clearing sequence on exit (Daniel Sneddon) [Orabug: 37959995] - certs: Reference revocation list for all keyrings (Eric Snowberg) [Orabug: 38026794] [5.4.17-2136.345.1.el7uek] - RDS: use get_user_pages_fast() in rdma_pin_pages() (Stephen Brennan) [Orabug: 37973441] - x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre) [Orabug: 37959151] - selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956} - x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956} - x86/its: Add "vmexit" option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956} - x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956} - x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956} - x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956} - x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956} - Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956} [5.4.17-2136.344.4.el7uek] - certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967555] [5.4.17-2136.344.3.el7uek] - net/mlx5e: Don't call cleanup on profile rollback failure (Cosmin Ratiu) [Orabug: 37670859] - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (Elena Salomatkina) [Orabug: 37206299,37670859] {CVE-2024-50000} - net/mlx5: Fix error path in multi-packet WQE transmit (Gerd Bayer) [Orabug: 37206302,37670859] {CVE-2024-50001} - net/mlx5: Discard command completions in internal error (Akiva Goldberger) [Orabug: 36753438,37670859] {CVE-2024-38555} - net/mlx5e: fix a potential double-free in fs_any_create_groups (Dinghao Liu) [Orabug: 36802351,37670859] {CVE-2023-52667} - net/mlx5: Reclaim max 50K pages at once (Anand Khoje) [Orabug: 36275016] [5.4.17-2136.344.2.el7uek] - LTS tag: v5.4.292 (Alok Tiwari) - jfs: add index corruption check to DT_GETPAGE() (Roman Smirnov) - tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu) [Orabug: 37844202] {CVE-2025-22035} - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (Karel Balej) - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (Paul Menzel) - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn) [Orabug: 37844275] {CVE-2025-22045} - x86/tsc: Always save/restore TSC sched_clock() on suspend/resume (Guilherme G. Piccoli) - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (Markus Elfring) - can: flexcan: only change CAN state when link up in system PM (Haibo Chen) - arcnet: Add NULL check in com20020pci_probe() (Henry Martin) [Orabug: 37844303] {CVE-2025-22054} - net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy (David Oberhollenzer) - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (Fernando Fernandez Mancera) - vsock: avoid timeout during connect() if the socket is closing (Stefano Garzarella) - net_sched: skbprio: Remove overly strict queue assertions (Cong Wang) [Orabug: 37855375] {CVE-2025-38637} - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu) [Orabug: 37844344] {CVE-2025-22063} - ntb: intel: Fix using link status DB's (Nikita Shubin) - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Yajun Deng) - spufs: fix a leak in spufs_create_context() (Al Viro) [Orabug: 37844365] {CVE-2025-22071} - spufs: fix a leak on spufs_new_file() failure (Al Viro) [Orabug: 37844378] {CVE-2025-22073} - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (Tasos Sahanidis) - can: statistics: use atomic access in hot path (Oliver Hartkopp) - locking/semaphore: Use wake_q to wake up processes outside lock critical section (Waiman Long) - sched/deadline: Use online cpus for validating runtime (Shrikanth Hegde) - affs: don't write overlarge OFS data block size fields (Simon Tatham) - affs: generate OFS sequence numbers starting at 1 (Simon Tatham) - wifi: iwlwifi: fw: allocate chained SG tables for dump (Johannes Berg) - sched/smt: Always inline sched_smt_active() (Josh Poimboeuf) - octeontx2-af: Fix mbox INTR handler when num VFs > 64 (Geetha Sowjanya) - ring-buffer: Fix bytes_dropped calculation issue (Feng Yang) - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) [Orabug: 37976879] {CVE-2025-37937} - fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche) - perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo) - perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo) - perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo) - ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) [Orabug: 37844394] {CVE-2025-22079} - kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain) - perf units: Fix insufficient array space (Arnaldo Carvalho de Melo) - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron) - coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen) - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz) - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn) - mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) [Orabug: 37844422] {CVE-2025-22086} - power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber) - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn) - clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet) - clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet) - clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet) - IB/mad: Check available slots before posting receive WRs (Maher Sanalla) - clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis) - pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro) - lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal) - clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet) - fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov) - mdacon: rework dependency list (Arnd Bergmann) - fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring) - PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo J?rvinen) - PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter) - PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang) - PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) [Orabug: 37844108] {CVE-2024-58093} - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno) - ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai) - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen) - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior) - PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki) - thermal: int340x: Add NULL check for adev (Chenyuan Yang) [Orabug: 37844584] {CVE-2025-23136} - EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo) - EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo) - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo) - selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher) - x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann) - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg) - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan) - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport) - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) [Orabug: 37844141] {CVE-2025-22020} - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda) - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda) - tty: serial: 8250: Add some more device IDs (Cameron Williams) - counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier) - netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) [Orabug: 37844145] {CVE-2025-22021} - ARM: Remove address checking for MMUless devices (Yanjun Yang) - ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook) - ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook) - atm: Fix NULL pointer dereference (Minjoong Kim) [Orabug: 37838897] {CVE-2025-22018} - HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge) - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge) - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) [Orabug: 37828196] {CVE-2025-21996} - batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann) - ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven) - mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen) - drm/v3d: Don't run jobs that have errors flagged in its fence (Ma?ra Canal) - i2c: omap: fix IRQ storms (Andreas Kemnade) - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma) - net: atm: fix use after free in lec_send() (Dan Carpenter) [Orabug: 37828221] {CVE-2025-22004} - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima) - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) [Orabug: 37828229] {CVE-2025-22005} - Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) [Orabug: 37828235] {CVE-2025-22007} - RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel) - xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu) - firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori) - i2c: sis630: Fix an error handling path in sis630_probe() (Christophe Jaillet) - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe Jaillet) - i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe Jaillet) - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe Jaillet) - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov) - qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li) - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) [Orabug: 37828049] {CVE-2025-21956} - drm/atomic: Filter out redundant DPMS calls (Ville Syrj?l?) - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) [Orabug: 37828167] {CVE-2025-21991} - USB: serial: option: match on interface class for Telit FN990B (Johan Hovold) - USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda) - USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda) - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng) - block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei) - drm/nouveau: Do not override forced connector status (Thomas Zimmermann) - x86/irq: Define trace events conditionally (Arnd Bergmann) - fuse: don't truncate cached, mutated symlink (Miklos Szeredi) - nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner) - sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin) - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li) - ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto) - s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter) - HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao) [Orabug: 37828174] {CVE-2025-21992} - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu) - ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding) - scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) [Orabug: 37828056] {CVE-2025-21957} - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) [Orabug: 37828181] {CVE-2025-21993} - powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori) - hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko) - nvme-fc: go straight to connecting state when initializing (Daniel Wagner) - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran) - netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin) - net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) [Orabug: 37828110] {CVE-2025-21971} - ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter) - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) [Orabug: 37828064] {CVE-2025-21959} - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley) - drivers/hv: Replace binary semaphore with mutex (Davidlohr Bueso) - netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao) - netpoll: netpoll_send_skb() returns transmit status (Eric Dumazet) - netpoll: move netpoll_send_skb() out of line (Eric Dumazet) - netpoll: remove dev argument from netpoll_send_skb_on_dev() (Eric Dumazet) - netpoll: Fix use correct return type for ndo_start_xmit() (Yunjian Wang) - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber) - sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov) - clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse) [5.4.17-2136.344.1.el7uek] - RDS: avoid using offlined CPU during reconnect (Arumugam Kolappan) [Orabug: 37800559] - x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800729] - x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800729] - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov) [Orabug: 37800729] - x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size (Boris Ostrovsky) [Orabug: 37800729] - nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37861518] [5.4.17-2136.343.5.el7uek] - sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283,37846673] {CVE-2025-21638} - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497303,37846668] {CVE-2025-21640} - uek-rpm: remove .el7 from shim version (Samasth Norway Ananda) [Orabug: 37834734] [5.4.17-2136.343.4.el7uek] - bpf: Use preempt_count() directly in bpf_send_signal_common() (Hou Tao) - Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" (Magali Lemes) - jfs: fix slab-out-of-bounds read in ea_get() (Qasim Ijaz) [Orabug: 37855411] {CVE-2025-39735} - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (John Keeping) - Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" (Magali Lemes) - net: usb: usbnet: restore usb%d name exception for local mac addresses (Dominique Martinet) - vlan: fix memory leak in vlan_newlink() (Eric Dumazet) - rds: ib: Fix NULL ptr deref in rds_ib_cq_follow_affinity (H?kon Bugge) [Orabug: 37747826] [5.4.17-2136.343.3.el7uek] - LTS tag: v5.4.291 (Sherry Yang) - eeprom: digsy_mtc: Make GPIO lookup table match the device (Andy Shevchenko) - slimbus: messaging: Free transaction ID in delayed interrupt scenario (Visweswara Tanuku) [Orabug: 37827905] {CVE-2025-21914} - intel_th: pci: Add Panther Lake-P/U support (Alexander Shishkin) - intel_th: pci: Add Panther Lake-H support (Alexander Shishkin) - intel_th: pci: Add Arrow Lake support (Pawel Chmielewski) - Squashfs: check the inode number is not the invalid value of zero (Phillip Lougher) [Orabug: 36597911] {CVE-2024-26982} - xhci: pci: Fix indentation in the PCI device ID definitions (Andy Shevchenko) - usb: gadget: Check bmAttributes only if configuration is valid (Prashanth K) - usb: gadget: Fix setting self-powered state on suspend (Marek Szyprowski) - usb: gadget: Set self-powered based on MaxPower and bmAttributes (Prashanth K) - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (AngeloGioacchino Del Regno) - usb: typec: ucsi: increase timeout for PPM reset operations (Fedor Pchelkin) - usb: atm: cxacru: fix a flaw in existing endpoint checks (Nikita Zhandarovich) [Orabug: 37828336] {CVE-2025-21916} - usb: renesas_usbhs: Flush the notify_hotplug_work (Claudiu Beznea) [Orabug: 37827913] {CVE-2025-21917} - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (Miao Li) - usb: renesas_usbhs: Use devm_usb_get_phy() (Claudiu Beznea) - usb: renesas_usbhs: Call clk_put() (Claudiu Beznea) - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (Christian Heusel) - gpio: rcar: Fix missing of_node_put() call (Fabrizio Castro) - net: ipv6: fix missing dst ref drop in ila lwtunnel (Justin Iurman) - net: ipv6: fix dst ref loop in ila lwtunnel (Justin Iurman) - net-timestamp: support TCP GSO case for a few missing flags (Jason Xing) - vlan: enforce underlying device type (Oscar Maes) [Orabug: 37827929] {CVE-2025-21920} - ppp: Fix KMSAN uninit-value warning with bpf (Jiayuan Chen) [Orabug: 37827937] {CVE-2025-21922} - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink (Nikolay Aleksandrov) - drm/sched: Fix preprocessor guard (Philipp Stanner) - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (Xinghuo Chen) - llc: do not use skb_get() before dev_queue_xmit() (Eric Dumazet) [Orabug: 37827950] {CVE-2025-21925} - hwmon: (ad7314) Validate leading zero bits and return error (Erik Schumacher) - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (Maud Spierings) - hwmon: (pmbus) Initialise page count in pmbus_identify() (Titus Rwantare) - caif_virtio: fix wrong pointer check in cfv_probe() (Vitaliy Shevtsov) [Orabug: 37827863] {CVE-2025-21904} - net: gso: fix ownership in __udp_gso_segment (Antoine Tenart) [Orabug: 37827956] {CVE-2025-21926} - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (Zhang Lixu) [Orabug: 37827964] {CVE-2025-21928} - HID: google: fix unused variable warning under !CONFIG_ACPI (Yu-Chun Lin) - wifi: iwlwifi: limit printed string from FW file (Johannes Berg) [Orabug: 37827870] {CVE-2025-21905} - mm/page_alloc: fix uninitialized variable (Hao Zhang) - rapidio: fix an API misues when rio_add_net() fails (Haoxiang Li) [Orabug: 37827984] {CVE-2025-21934} - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (Haoxiang Li) [Orabug: 37827989] {CVE-2025-21935} - wifi: nl80211: reject cooked mode if it is set along with other flags (Vitaliy Shevtsov) [Orabug: 37827880] {CVE-2025-21909} - wifi: cfg80211: regulatory: improve invalid hints checking (Nikita Zhandarovich) [Orabug: 37827887] {CVE-2025-21910} - x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 (Ahmed S. Darwish) - x86/cpu: Validate CPUID leaf 0x2 EDX output (Ahmed S. Darwish) - x86/cacheinfo: Validate CPUID leaf 0x2 EDX output (Ahmed S. Darwish) - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (Mingcong Bai) - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (Richard Thier) - ALSA: hda/realtek: update ALC222 depop optimize (Kailang Yang) - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (Hoku Ishibe) - HID: appleir: Fix potential NULL dereference at raw event handle (Daniil Dulov) [Orabug: 37828025] {CVE-2025-21948} - Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" (Rob Herring) - drm/amdgpu: disable BAR resize on Dell G5 SE (Alex Deucher) - drm/amdgpu: Check extended configuration space register when system uses large bar (Ma Jun) - drm/amdgpu: skip BAR resizing if the bios already did it (Alex Deucher) - acct: perform last write from workqueue (Christian Brauner) [Orabug: 37702044] {CVE-2025-21846} - kernel/acct.c: use dedicated helper to access rlimit values (Yang Yang) - kernel/acct.c: use #elif instead of #end and #elif (Sh_Def) - drop_monitor: fix incorrect initialization order (Gavrilov Ilia) [Orabug: 37702107] {CVE-2025-21862} - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (Quang Le) [Orabug: 37611837] {CVE-2025-21702} - sched/core: Prevent rescheduling when interrupts are disabled (Thomas Gleixner) [Orabug: 37766213] {CVE-2024-58090} - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (Kaustabh Chakraborty) - phy: tegra: xusb: reset VBUS & ID OVERRIDE (Bh Hsieh) - usbnet: gl620a: fix endpoint checking in genelink_bind() (Nikita Zhandarovich) [Orabug: 37766256] {CVE-2025-21877} - perf/core: Fix low freq setting via IOC_PERIOD (Kan Liang) - ftrace: Avoid potential division by zero in function_stat_show() (Nikolay Kuratov) [Orabug: 37827849] {CVE-2025-21898} - x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems (Russell Senior) - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. (Harshal Chaudhari) - ipvs: Always clear ipvs_property flag in skb_scrub_packet() (Philo Lu) - ASoC: es8328: fix route from DAC to output (Nicolas Frattaroli) - net: cadence: macb: Synchronize stats calculations (Sean Anderson) - sunrpc: suppress warnings for unused procfs functions (Arnd Bergmann) - batman-adv: Drop unmanaged ELP metric worker (Sven Eckelmann) [Orabug: 37650307] {CVE-2025-21823} - batman-adv: Ignore neighbor throughput metrics in error case (Sven Eckelmann) - acct: block access to kernel internal filesystems (Christian Brauner) - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (John Veness) - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (Haoxiang Li) [Orabug: 37702054] {CVE-2025-21848} - tee: optee: Fix supplicant wait loop (Sumit Garg) [Orabug: 37766233] {CVE-2025-21871} - power: supply: da9150-fg: fix potential overflow (Andrey Vatoropin) - flow_dissector: Fix port range key handling in BPF conversion (Cong Wang) - flow_dissector: Fix handling of mixed port and port-range keys (Cong Wang) - net: extract port range fields from fl_flow_key (Maksym Glubokiy) - geneve: Suppress list corruption splat in geneve_destroy_tunnels(). (Kuniyuki Iwashima) - geneve: Fix use-after-free in geneve_find_dev(). (Kuniyuki Iwashima) [Orabug: 37702088] {CVE-2025-21858} - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (Christophe Leroy) [Orabug: 37702123] {CVE-2025-21866} - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (Christophe Leroy) - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (Michael Ellerman) - USB: gadget: f_midi: f_midi_complete to call queue_work (Jill Donahue) [Orabug: 37702094] {CVE-2025-21859} - usb/gadget: f_midi: Replace tasklet with work (Davidlohr Bueso) - usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API (Allen Pais) - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (Selvarasu Ganesan) - usb: dwc3: Increase DWC3 controller halt timeout (Wesley Cheng) - memcg: fix soft lockup in the OOM process (Chen Ridong) [Orabug: 37649599] {CVE-2024-57977} - mm: update mark_victim tracepoints fields (Carlos Galo) - crypto: testmgr - some more fixes to RSA test vectors (Ignat Korchagin) - crypto: testmgr - populate RSA CRT parameters in RSA test vectors (Ignat Korchagin) - crypto: testmgr - fix version number of RSA tests (Lei He) - crypto: testmgr - Fix wrong test case of RSA (Lei He) - crypto: testmgr - fix wrong key length for pkcs1pad (Lei He) - driver core: bus: Fix double free in driver API bus_register() (Zijun Hu) [Orabug: 37206511] {CVE-2024-50055} - scsi: storvsc: Set correct data length for sending SCSI command without payload (Long Li) - vlan: move dev_put into vlan_dev_uninit (Xin Long) - vlan: introduce vlan_dev_free_egress_priority (Xin Long) - pps: Fix a use-after-free (Calvin Owens) [Orabug: 37649607] {CVE-2024-57979} - btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana) - x86/i8253: Disable PIT timer 0 when not in use (David Woodhouse) - parport_pc: add support for ASIX AX99100 (Jiaqing Zhao) - serial: 8250_pci: add support for ASIX AX99100 (Jiaqing Zhao) - can: ems_pci: move ASIX AX99100 ids to pci_ids.h (Jiaqing Zhao) - nilfs2: protect access to buffers with no active references (Ryusuke Konishi) [Orabug: 37650248] {CVE-2025-21811} - nilfs2: do not force clear folio if buffer is referenced (Ryusuke Konishi) [Orabug: 37649878] {CVE-2025-21722} - nilfs2: do not output warnings when clearing dirty buffers (Ryusuke Konishi) - alpha: replace hardcoded stack offsets with autogenerated ones (Ivan Kokshaysky) - ndisc: extend RCU protection in ndisc_send_skb() (Eric Dumazet) [Orabug: 37650045] {CVE-2025-21760} - openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (Eric Dumazet) [Orabug: 37650052] {CVE-2025-21761} - arp: use RCU protection in arp_xmit() (Eric Dumazet) [Orabug: 37650059] {CVE-2025-21762} - neighbour: use RCU protection in __neigh_notify() (Eric Dumazet) [Orabug: 37650066] {CVE-2025-21763} - neighbour: delete redundant judgment statements (Li Zetao) - ndisc: use RCU protection in ndisc_alloc_skb() (Eric Dumazet) [Orabug: 37650072] {CVE-2025-21764} - ipv6: use RCU protection in ip6_default_advmss() (Eric Dumazet) [Orabug: 37650078] {CVE-2025-21765} - ipv4: use RCU protection in inet_select_addr() (Eric Dumazet) - ipv4: use RCU protection in rt_is_expired() (Eric Dumazet) - net: add dev_net_rcu() helper (Eric Dumazet) - net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() (Jiri Pirko) - regmap-irq: Add missing kfree() (Jiasheng Jiang) - partitions: mac: fix handling of bogus partition table (Jann Horn) [Orabug: 37650105] {CVE-2025-21772} - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (Xu Wang) - alpha: align stack for page fault and user unaligned trap handlers (Ivan Kokshaysky) - serial: 8250: Fix fifo underflow on flush (John Keeping) - alpha: make stack 16-byte aligned (most cases) (Ivan Kokshaysky) - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (Alexander H?lzl) - can: c_can: fix unbalanced runtime PM disable in error path (Krzysztof Kozlowski) - USB: serial: option: drop MeiG Smart defines (Johan Hovold) - USB: serial: option: fix Telit Cinterion FN990A name (Fabio Porcedda) - USB: serial: option: add Telit Cinterion FN990B compositions (Fabio Porcedda) - USB: serial: option: add MeiG Smart SLM828 (Chester A. Unal) - usb: cdc-acm: Fix handling of oversized fragments (Jann Horn) - usb: cdc-acm: Check control transfer buffer size before access (Jann Horn) [Orabug: 37634049] {CVE-2025-21704} - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (Marek Vasut) - USB: hub: Ignore non-compliant devices with too many configs or interfaces (Alan Stern) [Orabug: 37650120] {CVE-2025-21776} - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (John Keeping) [Orabug: 37685650] {CVE-2025-21835} - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (Mathias Nyman) - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (Huanglei) - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (Huacai Chen) - usb: dwc2: gadget: remove of_node reference upon udc_stop (Fabrice Gasnier) - usb: gadget: udc: renesas_usb3: Fix compiler warning (Guo Ren) - usb: roles: set switch registered flag early on (Elson Roy Serrao) - batman-adv: fix panic during interface removal (Andy Strohman) [Orabug: 37650144] {CVE-2025-21781} - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (Hans de Goede) - orangefs: fix a oob in orangefs_debug_write (Mike Marshall) [Orabug: 37650149] {CVE-2025-21782} - Grab mm lock before grabbing pt lock (Maksym Planeta) - vfio/pci: Enable iowrite64 and ioread64 for vfio pci (Ramesh Thomas) - media: cxd2841er: fix 64-bit division on gcc-9 (Arnd Bergmann) - gpio: bcm-kona: Add missing newline to dev_err format string (Artur Weber) - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (Artur Weber) - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (Artur Weber) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (Radu Rendec) [Orabug: 37650160] {CVE-2025-21785} - team: better TEAM_OPTION_TYPE_STRING validation (Eric Dumazet) [Orabug: 37650167] {CVE-2025-21787} - vrf: use RCU protection in l3mdev_l3_out() (Eric Dumazet) [Orabug: 37650181] {CVE-2025-21791} - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (Eric Dumazet) - HID: multitouch: Add NULL check in mt_input_configured (Charles Han) [Orabug: 37649788] {CVE-2024-58020} - ocfs2: check dir i_size in ocfs2_find_entry (Su Yue) - MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static (Yuli Wang) - ptp: Ensure info->enable callback is always set (Thomas Wei?schuh) [Orabug: 37650263] {CVE-2025-21814} - net/ncsi: wait for the last response to Deselect Package before configuring channel (Paul Fertser) - misc: fastrpc: Fix registered buffer page address (Ekansh Gupta) - mtd: onenand: Fix uninitialized retlen in do_otp_read() (Ivan Stepchenko) - NFC: nci: Add bounds checking in nci_hci_create_pipe() (Dan Carpenter) [Orabug: 37649936] {CVE-2025-21735} - nilfs2: fix possible int overflows in nilfs_fiemap() (Nikita Zhandarovich) [Orabug: 37649942] {CVE-2025-21736} - ocfs2: handle a symlink read error correctly (Matthew Wilcox) [Orabug: 37649687] {CVE-2024-58001} - vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687} - nvmem: core: improve range check for nvmem_cell_write() (Jennifer Berringer) - crypto: qce - unregister previously registered algos in error path (Bartosz Golaszewski) - crypto: qce - fix goto jump in error path (Bartosz Golaszewski) - media: uvcvideo: Remove redundant NULL assignment (Ricardo Ribalda) - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (Ricardo Ribalda) - media: ov5640: fix get_light_freq on auto (Samuel Bobrowicz) - soc: qcom: smem_state: fix missing of_node_put in error path (Krzysztof Kozlowski) - kbuild: Move -Wenum-enum-conversion to W=2 (Nathan Chancellor) - powerpc/pseries/eeh: Fix get PE state translation (Narayana Murty N) - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (Claudiu Beznea) - serial: sh-sci: Drop __initdata macro for port_cfg (Claudiu Beznea) - soc: qcom: socinfo: Avoid out of bounds read of serial number (Stephan Gerhold) [Orabug: 37649715] {CVE-2024-58007} - usb: gadget: f_tcm: Don't prepare BOT write request twice (Thinh Nguyen) - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (Thinh Nguyen) - usb: gadget: f_tcm: Decrement command ref count on cleanup (Thinh Nguyen) - usb: gadget: f_tcm: Translate error to sense (Thinh Nguyen) - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (Marcel Hamer) [Orabug: 37649971] {CVE-2025-21744} - HID: hid-sensor-hub: don't use stale platform-data on remove (Heiko Stuebner) - of: reserved-memory: Fix using wrong number of cells to get property 'alignment' (Zijun Hu) - of: Fix of_find_node_opts_by_path() handling of alias+path+options (Zijun Hu) - of: Correct child specifier used as input of the 2nd nexus node (Zijun Hu) - perf bench: Fix undefined behavior in cmpworker() (Kuan-Wei Chiu) - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (Anastasia Belova) - clk: qcom: clk-alpha-pll: fix alpha mode configuration (Gabor Juhos) - drm/komeda: Add check for komeda_get_layer_fourcc_list() (Haoxiang Li) - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (David Hildenbrand) - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (Sean Christopherson) [Orabug: 37678567] {CVE-2024-58083} - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (Jakob Unterwurzacher) - binfmt_flat: Fix integer overflow bug on 32 bit systems (Dan Carpenter) [Orabug: 37649721] {CVE-2024-58010} - m68k: vga: Fix I/O defines (Thomas Zimmermann) - s390/futex: Fix FUTEX_OP_ANDN implementation (Heiko Carstens) - leds: lp8860: Write full EEPROM, not only half of it (Alexander Sverdlin) - cpufreq: s3c64xx: Fix compilation warning (Viresh Kumar) - tun: revert fix group permission check (Willem de Bruijn) - net: rose: lock the socket in rose_bind() (Eric Dumazet) [Orabug: 37649987] {CVE-2025-21749} - udp: gso: do not drop small packets when PMTU reduces (Yan Zhai) - tg3: Disable tg3 PCIe AER on system reboot (Lenny Szubowicz) - gpu: drm_dp_cec: fix broken CEC adapter properties check (Hans Verkuil) - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (Prasad Pandit) - nvme: handle connectivity loss in nvme_set_queue_count (Daniel Wagner) - usb: xhci: Fix NULL pointer dereference on certain command aborts (Micha? Pecio) [Orabug: 37649622] {CVE-2024-57981} - usb: xhci: Add timeout argument in address_device USB HCD callback (Hardik Gajjar) - net: usb: rtl8150: enable basic endpoint checking (Nikita Zhandarovich) [Orabug: 37649812] {CVE-2025-21708} - net: usb: rtl8150: use new tasklet API (Emil Renner Berthing) - tasklet: Introduce new initialization API (Romain Perier) - kbuild: userprogs: use correct lld when linking through clang (Thomas Wei?schuh) - media: uvcvideo: Remove dangling pointers (Ricardo Ribalda) [Orabug: 37649696] {CVE-2024-58002} - media: uvcvideo: Only save async fh if success (Ricardo Ribalda) - nilfs2: handle errors that nilfs_prepare_chunk() may return (Ryusuke Konishi) [Orabug: 37649870] {CVE-2025-21721} - nilfs2: eliminate staggered calls to kunmap in nilfs_rename (Ryusuke Konishi) - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link (Ryusuke Konishi) - spi-mxs: Fix chipselect glitch (Ralf Schlatterbeck) - x86/mm: Don't disable PCID when INVLPG has been fixed by microcode (Xi Ruoyao) - APEI: GHES: Have GHES honor the panic= setting (Borislav Petkov) - HID: Wacom: Add PCI Wacom device support (Even Xu) - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (Hans de Goede) - tomoyo: don't emit warning in tomoyo_write_control() (Tetsuo Handa) - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (Dmitry Antipov) [Orabug: 37649750] {CVE-2024-58014} - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (Shawn Lin) - tun: fix group permission check (Stas Sergeev) - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (Kuan-Wei Chiu) [Orabug: 37649768] {CVE-2024-58017} - x86/amd_nb: Restrict init function to AMD-based systems (Yazen Ghannam) - sched: Don't try to catch up excess steal time. (Suleiman Souhlal) - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (Josef Bacik) - btrfs: fix use-after-free when attempting to join an aborted transaction (Filipe Manana) [Orabug: 37650014] {CVE-2025-21753} - btrfs: output the reason for open_ctree() failure (Qu Wenruo) - usb: gadget: f_tcm: Don't free command immediately (Thinh Nguyen) [Orabug: 37678479] {CVE-2024-58055} - media: uvcvideo: Fix double free in error path (Laurent Pinchart) [Orabug: 37649615] {CVE-2024-57980} - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (Alan Stern) [Orabug: 37649644] {CVE-2024-57986} - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (Jos Wang) - drivers/card_reader/rtsx_usb: Restore interrupt based detection (Sean Rhodes) - ktest.pl: Check kernelrelease return in get_version (Ricardo B. Marliere) - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Chuck Lever) - hexagon: Fix unbalanced spinlock in die() (Lin Yujun) - hexagon: fix using plain integer as NULL pointer warning in cmpxchg (Willem de Bruijn) - genksyms: fix memory leak when the same symbol is read from *.symref file (Masahiro Yamada) - genksyms: fix memory leak when the same symbol is added from source (Masahiro Yamada) - net: sh_eth: Fix missing rtnl lock in suspend/resume path (Kory Maincent) - vsock: Allow retrying on connect() failure (Michal Luczaj) - perf trace: Fix runtime error of index out of bounds (Howard Chu) - net: davicom: fix UAF in dm9000_drv_remove (Chenyuan Yang) [Orabug: 37649846] {CVE-2025-21715} - net: rose: fix timer races against user threads (Eric Dumazet) [Orabug: 37649856] {CVE-2025-21718} - PM: hibernate: Add error handling for syscore_suspend() (Xu Wang) - ipmr: do not call mr_mfc_uses_dev() for unres entries (Eric Dumazet) [Orabug: 37649862] {CVE-2025-21719} - net: fec: implement TSO descriptor cleanup (Dheeraj Reddy Jonnalagadda) - ubifs: skip dumping tnc tree when zroot is null (Pangliyuan) [Orabug: 37678491] {CVE-2024-58058} - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (Oleksij Rempel) [Orabug: 37678517] {CVE-2024-58069} - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (Joe Hattori) - module: Extend the preempt disabled section in dereference_symbol_descriptor(). (Sebastian Andrzej Siewior) - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (Su Yue) - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (Guixin Liu) - scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 (Paul Menzel) - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (Joe Hattori) - media: uvcvideo: Propagate buf->error to userspace (Ricardo Ribalda) - media: camif-core: Add check for clk_enable() (Jiasheng Jiang) - media: mipi-csis: Add check for clk_enable() (Jiasheng Jiang) - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (Zijun Hu) - media: lmedm04: Handle errors for lme2510_int_read (Chen Ni) - media: lmedm04: Use GFP_KERNEL for URB allocation/submission. (Malcolm Priestley) - media: rc: iguanair: handle timeouts (Oliver Neukum) - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (Joe Hattori) - ARM: dts: mediatek: mt7623: fix IR nodename (Rafa? Mi?ecki) - arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names (Chen-Yu Tsai) - arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property (Chen-Yu Tsai) - rdma/cxgb4: Prevent potential integer overflow on 32bit (Dan Carpenter) [Orabug: 37649564] {CVE-2024-57973} - RDMA/mlx4: Avoid false error about access to uninitialized gids array (Leon Romanovsky) - bpf: Send signals asynchronously if !preemptible (Puranjay Mohan) [Orabug: 37649909] {CVE-2025-21728} - perf report: Fix misleading help message about --demangle (Jiachen Zhang) - perf top: Don't complain about lack of vmlinux when not resolving some kernel samples (Arnaldo Carvalho de Melo) - padata: fix sysfs store callback check (Thomas Wei?schuh) - ktest.pl: Remove unused declarations in run_bisect_test function (Ba Jing) - perf header: Fix one memory leakage in process_bpf_prog_info() (Zhongqiu Han) - perf header: Fix one memory leakage in process_bpf_btf() (Zhongqiu Han) - ASoC: sun4i-spdif: Add clock multiplier settings (George Lander) - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (Marco Leogrande) - net: sched: Disallow replacing of child qdisc from one parent to another (Jamal Hadi Salim) [Orabug: 37592533] {CVE-2025-21700} - net/mlxfw: Drop hard coded max FW flash image size (Maher Sanalla) - net: let net.core.dev_weight always be non-zero (Liu Jian) [Orabug: 37650232] {CVE-2025-21806} - clk: analogbits: Fix incorrect calculation of vco rate delta (Bo Gan) - selftests: harness: fix printing of mismatch values in __EXPECT() (Dmitry V. Levin) - selftests/harness: Display signed values correctly (Kees Cook) - wifi: wlcore: fix unbalanced pm_runtime calls (Andreas Kemnade) - regulator: of: Implement the unwind path of of_regulator_match() (Joe Hattori) - team: prevent adding a device which is already a team device lower (Octavian Purdila) [Orabug: 37678523] {CVE-2024-58071} - cpupower: fix TSC MHz calculation (He Rongguang) - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (Thadeu Lima de Souza Cascardo) - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (Thadeu Lima de Souza Cascardo) [Orabug: 37678504] {CVE-2024-58063} - wifi: rtlwifi: remove unused check_buddy_priv (Thadeu Lima de Souza Cascardo) [Orabug: 37678530] {CVE-2024-58072} - wifi: rtlwifi: remove unused dualmac control leftovers (Dmitry Antipov) - wifi: rtlwifi: remove unused timer and related code (Dmitry Antipov) - rtlwifi: replace usage of found with dedicated list iterator variable (Jakob Koschel) - dt-bindings: mmc: controller: clarify the address-cells description (Neil Armstrong) - wifi: rtlwifi: usb: fix workqueue leak when probe fails (Thadeu Lima de Souza Cascardo) - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (Thadeu Lima de Souza Cascardo) - rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg (Larry Finger) - wifi: rtlwifi: do not complete firmware loading needlessly (Thadeu Lima de Souza Cascardo) - ipmi: ipmb: Add check devm_kasprintf() returned value (Charles Han) [Orabug: 37678457] {CVE-2024-58051} - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (Ivan Stepchenko) [Orabug: 37678463] {CVE-2024-58052} - drm/etnaviv: Fix page property being used for non writecombine buffers (Sui Jingfeng) - partitions: ldm: remove the initial kernel-doc notation (Randy Dunlap) - nbd: don't allow reconnect after disconnect (Yu Kuai) [Orabug: 37649918] {CVE-2025-21731} - afs: Fix directory format encoding struct (David Howells) - overflow: Allow mixed type arguments (Kees Cook) - overflow: Correct check_shl_overflow() comment (Keith Busch) - overflow: Add __must_check attribute to check_*() helpers (Kees Cook) [5.4.17-2136.343.2.el7uek] - rds: ib: Do not attempt to insert RDMA exthdr twice (H?kon Bugge) [Orabug: 37721764] - net: mana: Fix TX CQE error handling (Haiyang Zhang) [Orabug: 36983924] {CVE-2023-52532} - net/mlx5: Stop waiting for PCI if pci channel is offline (Moshe Shemesh) [Orabug: 36929747] - rds: ib: Fix racy send affinity work cancellation (H?kon Bugge) [Orabug: 36605776] - uek-rpm: install the perf exec dir (Stephen Brennan) [Orabug: 35023180] - uek-rpm: switch to new secureboot certificates and upgrade shim (Samasth Norway Ananda) [Orabug: 37764002] [5.4.17-2136.343.1.el7uek] - rds: ib: Make traffic_class visible to user-space (H?kon Bugge) [Orabug: 37617866] - rds: ib: Remove incorrect update of the path record sl and qos_class fields (H?kon Bugge) [Orabug: 37617866] - net: core: reject skb_copy(_expand) for fraglist GSO skbs (Felix Fietkau) [Orabug: 36683418] {CVE-2024-36929} - udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [Orabug: 36643088] {CVE-2024-35884} - udp: never accept GSO_FRAGLIST packets (Paolo Abeni) [Orabug: 36643088] {CVE-2024-35884} - udp: initialize is_flist with 0 in udp_gro_receive (Xin Long) [Orabug: 36643088] {CVE-2024-35884} [5.4.17-2136.342.5.el7uek] - ima: Fix use-after-free on a dentry's dname.name (Stefan Berger) [Orabug: 36835558] {CVE-2024-39494} [5.4.17-2136.342.4.el7uek] - sched: sch_cake: add bounds checks to host bulk flow fairness counts (Toke H?iland-J?rgensen) [Orabug: 37497384] {CVE-2025-21647} - udf: Fix use of check_add_overflow() with mixed type arguments (Ben Hutchings) - x86/xen: allow larger contiguous memory regions in PV guests (Juergen Gross) - xen: remove a confusing comment on auto-translated guest I/O (Petr Tesarik) - ALSA: hda/realtek: Fixup ALC225 depop procedure (Kailang Yang) - ALSA: hda/realtek - Add type for ALC287 (Kailang Yang) - net: loopback: Avoid sending IP packets without an Ethernet header (Ido Schimmel) - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37611855] {CVE-2025-21703} - ocfs2: fix incorrect CPU endianness conversion causing mount failure (Heming Zhao) - Revert "btrfs: avoid monopolizing a core when activating a swap file" (Koichiro Den) - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). (Kuniyuki Iwashima) [Orabug: 37707676] {CVE-2025-21865} - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (Fedor Pchelkin) [Orabug: 37650394] {CVE-2024-58009} - rds: Make sure transmit path and connection tear-down does not run concurrently (H?kon Bugge) [Orabug: 36308571] - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (Yanjun Zhang) [Orabug: 37206487] {CVE-2024-50046} [5.4.17-2136.342.3.el7uek] - LTS tag: v5.4.290 (Alok Tiwari) - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos) - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann) - drm/v3d: Assign job pointer to NULL before signaling the fence (Ma?ra Canal) [Orabug: 37707590] {CVE-2025-21688} - Input: xpad - add support for wooting two he (arm) (Jack Greiner) - Input: xpad - add unofficial Xbox 360 wireless receiver clone (Nilton Perim Neto) - Input: atkbd - map F23 key to support default copilot shortcut (Mark Pearson) - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (Greg Kroah-Hartman) - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (Qasim Ijaz) [Orabug: 37592080] {CVE-2025-21689} - ext4: fix slab-use-after-free in ext4_split_extent_at() (Baokun Li) [Orabug: 37200960] {CVE-2024-49884} - ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path (Theodore Ts'O) - vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687} - net/xen-netback: prevent UAF in xenvif_flush_hash() (Jeongjun Park) [Orabug: 37206012] {CVE-2024-49936} - net: xen-netback: hash.c: Use built-in RCU list checking (Madhuparna Bhowmik) - signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die (Eric W. Biederman) - m68k: Add missing mmap_read_lock() to sys_cacheflush() (Liam R Howlett) - m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal (Al Viro) - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher) [Orabug: 37592129] {CVE-2025-21699} - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag (Philippe Simons) - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (Xiang Zhang) - ASoC: wm8994: Add depends on MFD core (Charles Keepax) - net: fix data-races around sk->sk_forward_alloc (Wang Liang) [Orabug: 37388796] {CVE-2024-53124} - scsi: sg: Fix slab-use-after-free read in sg_release() (Surajsonawane2415) [Orabug: 37434118] {CVE-2024-56631} - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200707] {CVE-2024-47707} - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal) - fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel) [Orabug: 37592153] {CVE-2025-21694} - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit) - nvmet: propagate npwg topology (Luis Chamberlain) - poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov) - kheaders: Ignore silly-rename files (David Howells) - hfs: Sanity check the root record (Leo Stone) - mac802154: check local interfaces before deleting sdata list (Lizhi Xu) [Orabug: 37555776] {CVE-2024-57948} - i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang) - drm/v3d: Ensure job pointer is set to NULL after job completion (Ma?ra Canal) [Orabug: 37592115] {CVE-2025-21697} - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter) - gtp: Destroy device along with udp socket's netns dismantle. (Kuniyuki Iwashima) [Orabug: 37555832] {CVE-2025-21678} - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). (Kuniyuki Iwashima) - gtp: use exit_batch_rtnl() method (Eric Dumazet) - net: add exit_batch_rtnl() method (Eric Dumazet) - net: net_namespace: Optimize the code (Yajun Deng) - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla) - sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497290] {CVE-2025-21639} - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam) [Orabug: 37485004,37707634] {CVE-2024-57892} - ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi) - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (Zijun Hu) - phy: core: fix code style in devm_of_phy_provider_unregister (Vinod Koul) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis) - arm64: dts: rockchip: add #power-domain-cells to power domain nodes (Johan Jonker) - arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399 (Johan Jonker) - arm64: dts: rockchip: fix defines in pd_vio node for rk3399 (Johan Jonker) - iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori) - iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori) [Orabug: 37497149] {CVE-2024-57904} - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam) - iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song) - iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497160] {CVE-2024-57906} - iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497169] {CVE-2024-57908} - iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497179] {CVE-2024-57910} - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497183] {CVE-2024-57911} - iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497189] {CVE-2024-57912} - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M) [Orabug: 37497196] {CVE-2024-57913} - usb: fix reference leak in usb_new_device() (Ma Ke) - USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng) - USB: usblp: return error when setting unsupported protocol (Yan Jun) - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu) - USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold) - usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel) - staging: iio: ad9832: Correct phase range check (Zicheng Qu) - staging: iio: ad9834: Correct phase range check (Zicheng Qu) - USB: serial: option: add Neoway N723-EA support (Michal Hrusecky) - USB: serial: option: add MeiG Smart SRM815 (Chukun Pan) - drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen) - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede) - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede) - drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li) [Orabug: 37497225] {CVE-2024-57922} - sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283] {CVE-2025-21638} - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497303] {CVE-2025-21640} - dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen) [Orabug: 37506783] {CVE-2025-21664} - tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington) - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet) [Orabug: 37497346] {CVE-2025-21653} - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan) - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (Jason Xing) - net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor) - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura) - dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai) - dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai) - dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai) [Orabug: 37497249] {CVE-2024-57929} - jbd2: flush filesystem device before updating tail sequence (Zhang Yi) [5.4.17-2136.342.2.el7uek] - Revert "NFSD: Limit the number of concurrent async COPY operations" (Sherry Yang) [Orabug: 37660195] - rds: ib: Avoid sleeping function inside RCU region by using sampled values instead (H?kon Bugge) [Orabug: 37586090] - dm rq: don't queue request to blk-mq during DM suspend (Ming Lei) [Orabug: 37010188] - dm: rearrange core declarations for extended use from dm-zone.c (Damien Le Moal) [Orabug: 37010188] [5.4.17-2136.342.1.el7uek] - cgroup: Make operations on the cgroup root_list RCU safe (Yafang Shao) [Orabug: 37621585] - uek: kabi: Fix build error for HIDE_INCLUDE macro (Saeed Mirzamohammadi) [Orabug: 37619102] - oracleasm: Fix PI when use_logical_block_size is set (Martin K. Petersen) [Orabug: 37503280] - oracleasm: Add support for per-I/O block size selection (Martin K. Petersen) [Orabug: 37503280] - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882938] {CVE-2023-52450} [5.4.17-2136.341.3.el7uek] - io_uring: fix possible deadlock in io_register_iowq_max_workers() (Hagar Hemdan) [Orabug: 36897354,37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (Jens Axboe) [Orabug: 37304721,37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring: use kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - fs: create kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring: rename kiocb_end_write() local helper (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052} - vfs: check dentry is still valid in get_link() (Ian Kent) [Orabug: 37536393] - RDS: avoid queueing delayed work on an offlined cpu (Praveen Kumar Kannoju) [Orabug: 37260584] - NFSD: Limit the number of concurrent async COPY operations (Chuck Lever) [Orabug: 37206187,37664124] {CVE-2024-49974} [5.4.17-2136.341.2.el7uek] - LTS tag: v5.4.289 (Sherry Yang) - mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (Seiji Nishikawa) [Orabug: 37484971] {CVE-2024-57884} - drm: adv7511: Drop dsi single lane support (Biju Das) - net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Nikolay Kuratov) [Orabug: 37506732] {CVE-2024-57938} - sky2: Add device ID 11ab:4373 for Marvell 88E8075 (Pascal Hambourg) - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (Evgenii Shatokhin) [Orabug: 37484990] {CVE-2024-57889} - RDMA/uverbs: Prevent integer overflow issue (Dan Carpenter) [Orabug: 37484996] {CVE-2024-57890} - modpost: fix the missed iteration for the max bit in do_input() (Masahiro Yamada) - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (Masahiro Yamada) - ARC: build: Try to guess GCC variant of cross compiler (Leon Romanovsky) - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (Uros Bizjak) - net: usb: qmi_wwan: add Telit FE910C04 compositions (Daniele Palmas) - bpf: fix potential error return (Anton Protopopov) - sound: usb: format: don't warn that raw DSD is unsupported (Adrian Ratiu) - wifi: mac80211: wake the queues in case of failure in resume (Emmanuel Grumbach) - ila: serialize calls to nf_register_net_hooks() (Eric Dumazet) [Orabug: 37485065] {CVE-2024-57900} - ALSA: usb-audio: US16x08: Initialize array before use (Tanya Agarwal) - net: llc: reset skb->transport_header (Antonio Pastor) - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (Pablo Neira Ayuso) [Orabug: 37506299] {CVE-2024-54031} - netfilter: Replace zero-length array with flexible-array member (Gustavo A R Silva) - netrom: check buffer length before accessing it (Ilya Shchipletsov) [Orabug: 37484941] {CVE-2024-57802} - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (Stefan Ekenberg) - drm: bridge: adv7511: Enable SPDIF DAI (Bogdan Togorean) - RDMA/bnxt_re: Fix max_qp_wrs reported (Selvin Xavier) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (Kalesh Ap) - RDMA/bnxt_re: Add check for path mtu in modify_qp (Saravanan Vajravel) - RDMA/mlx5: Enforce same type port association for multiport RoCE (Patrisious Haddad) - net/mlx5: Make API mlx5_core_is_ecpf accept const pointer (Parav Pandit) - IB/mlx5: Introduce and use mlx5_core_is_vf() (Parav Pandit) - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (Michael Kelley) [Orabug: 37472319] {CVE-2024-55916} - selinux: ignore unknown extended permissions (Thi?baud Weksteen) [Orabug: 37506713] {CVE-2024-57931} - ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet) [Orabug: 37592395] {CVE-2024-44985} - skb_expand_head() adjust skb->truesize incorrectly (Vasily Averin) - btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana) - tracing: Constify string literal data member in struct trace_event_call (Christian G?ttsche) - bpf: fix recursive lock when verdict program return SK_PASS (Jiayuan Chen) - ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029070] {CVE-2024-44986} - ipv6: use skb_expand_head in ip6_xmit (Vasily Averin) - ipv6: use skb_expand_head in ip6_finish_output2 (Vasily Averin) - skbuff: introduce skb_expand_head() (Vasily Averin) - MIPS: Probe toolchain support of -msym32 (Jiaxun Yang) - epoll: Add synchronous wakeup support for ep_poll_callback (Xuewen Yan) - virtio-blk: don't keep queue frozen during system suspend (Ming Lei) [Orabug: 37506753] {CVE-2024-57946} - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (Ranjan Kumar) - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (Armin Wolf) - regmap: Use correct format specifier for logging range errors (Mark Brown) - scsi: megaraid_sas: Fix for a potential deadlock (Tomas Henzl) [Orabug: 37472364] {CVE-2024-57807} - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (Magnus Lindholm) - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (Masami Hiramatsu) - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (Chen Ridong) [Orabug: 37452681] {CVE-2024-56767} - dmaengine: mv_xor: fix child node refcount handling in early exit (Javier Carrasco) - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (Zijun Hu) - phy: core: Fix that API devm_phy_put() fails to release the phy (Zijun Hu) - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (Zijun Hu) - phy: core: Fix an OF node refcount leakage in _of_phy_get() (Zijun Hu) - mtd: diskonchip: Cast an operand to prevent potential overflow (Zichen Xie) - bpf: Check negative offsets in __bpf_skb_min_len() (Cong Wang) - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (Nikita Zhandarovich) [Orabug: 37452687] {CVE-2024-56769} - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (Zijun Hu) - of: Fix error path in of_parse_phandle_with_args_map() (Herve Codina) - udmabuf: also check for F_SEAL_FUTURE_WRITE (Jann Horn) - nilfs2: prevent use of deleted inode (Edward Adam Davis) [Orabug: 37472286] {CVE-2024-53690} - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (Trond Myklebust) - btrfs: tree-checker: reject inline extent items with 0 ref count (Qu Wenruo) - zram: refuse to use zero sized block device as backing device (Kairui Song) - sh: clk: Fix clk_enable() to return 0 on NULL clk (Geert Uytterhoeven) - USB: serial: option: add Telit FE910C04 rmnet compositions (Daniele Palmas) - USB: serial: option: add MediaTek T7XX compositions (Jack Wu) - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (Mank Wang) - USB: serial: option: add MeiG Smart SLM770A (Michal Hrusecky) - USB: serial: option: add TCL IK512 MBIM & ECM (Daniel Swanemar) - efivarfs: Fix error on non-existent file (James E J Bottomley) - i2c: riic: Always round-up when calculating bus period (Geert Uytterhoeven) - chelsio/chtls: prevent potential integer overflow on 32bit (Dan Carpenter) - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (Prathamesh Shete) - netfilter: ipset: Fix for recursive locking warning (Phil Sutter) - net: ethernet: bgmac-platform: fix an OF node reference leak (Joe Hattori) - net: hinic: Fix cleanup in create_rxqs/txqs() (Dan Carpenter) - ionic: use ee->offset when returning sprom data (Shannon Nelson) - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (Guangguan Wang) - erofs: fix incorrect symlink detection in fast symlink (Gao Xiang) - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size (Gao Xiang) - drm/i915: Fix memory leak by correcting cache object name in error handler (Jiasheng Jiang) - PCI: Add ACS quirk for Broadcom BCM5760X NIC (Ajit Khaparde) - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (Takashi Iwai) - PCI/AER: Disable AER service on suspend (Kai-Heng Feng) - usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled (Peng Hongchi) - net: sched: fix ordering of qlen adjustment (Lion Ackermann) [Orabug: 37433383] {CVE-2024-53164} [5.4.17-2136.341.1.el7uek] - kpcimgr: fix flush_icache_range arguments (Joseph Dobosenski) [Orabug: 37525298] - uek-rpm: Update network stress testing options for embedded2 (Joseph Dobosenski) [Orabug: 37530220] [5.4.17-2136.340.4.el7uek] - ftrace: use preempt_enable/disable notrace macros to avoid double fault (Koichiro Den) - nfsd: restore callback functionality for NFSv4.0 (Neil Brown) - i2c: pnx: Fix timeout in wait functions (Vladimir Riabchun) - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (Zijun Hu) - af_packet: fix vlan_get_tci() vs MSG_PEEK (Eric Dumazet) [Orabug: 37485117] {CVE-2024-57902} - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (Eric Dumazet) [Orabug: 37485100] {CVE-2024-57901} - mtd: rawnand: fix double free in atmel_pmecc_create_user() (Dan Carpenter) [Orabug: 37506347] {CVE-2024-56766} [5.4.17-2136.340.3.el7uek] - Revert "xen/swiotlb: add alignment check for dma buffers" (Harshvardhan Jha) [Orabug: 37475435] - vfio/iommu_type1: Fix some sanity checks in detach group (Keqian Zhu) [Orabug: 37136890] - Revert "vfio/iommu_type1: Fix some sanity checks in detach group" (Dongli Zhang) [Orabug: 37136890] - rds: ib: Avoid UAF on RDS Socket's rs_trans_lock (H?kon Bugge) [Orabug: 36693622] - rds: ib: Fix blocked processes related to race in rds_rdma_free_dev_rs_worker() (H?kon Bugge) [Orabug: 36693622] - rds: ib: Fix deterministic UAF in rds_rdma_free_dev_rs_worker() (H?kon Bugge) [Orabug: 36693622] - Revert "KVM: SVM: Add a module parameter to override iommu AVIC usage" (Alejandro Jimenez) [Orabug: 35001679] [5.4.17-2136.340.2.el7uek] - LTS tag: v5.4.288 (Alok Tiwari) - ALSA: usb-audio: Fix a DMA to stack memory bug (Dan Carpenter) - xen/netfront: fix crash when removing device (Juergen Gross) [Orabug: 37427542] {CVE-2024-53240} - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (Raghavendra Rao Ananta) - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (Nathan Chancellor) - blk-iocost: fix weight updates of inner active iocgs (Tejun Heo) - blk-iocost: clamp inuse and skip noops in __propagate_weights() (Tejun Heo) - ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired (Daniil Tatianin) - net/sched: netem: account for backlog updates from child qdisc (Martin Ottens) [Orabug: 37462138] {CVE-2024-56770} - qca_spi: Make driver probing reliable (Stefan Wahren) - qca_spi: Fix clock speed for multiple QCA7000 (Stefan Wahren) - ACPI: resource: Fix memory resource type union access (Ilpo J?rvinen) - net: lapb: increase LAPB_HEADER_LEN (Eric Dumazet) [Orabug: 37434237] {CVE-2024-56659} - tipc: fix NULL deref in cleanup_bearer() (Eric Dumazet) [Orabug: 37506456] {CVE-2024-56661} - batman-adv: Do not let TT changes list grows indefinitely (Remi Pommarel) - batman-adv: Remove uninitialized data in full table TT response (Remi Pommarel) - batman-adv: Do not send uninitialized TT changes (Remi Pommarel) - bpf, sockmap: Fix update element with same (Michal Luczaj) - xfs: don't drop errno values when we fail to ficlone the entire range (Darrick J. Wong) - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (Lianqin Hu) [Orabug: 37434264] {CVE-2024-56670} - usb: ehci-hcd: fix call balance of clocks handling routines (Vitalii Mordan) - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (Stefan Wahren) - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (Joe Hattori) - usb: host: max3421-hcd: Correctly abort a USB request. (Mark Tomlinson) - LTS tag: v5.4.287 (Alok Tiwari) - bpf, xdp: Update devmap comments to reflect napi/rcu usage (John Fastabend) - ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Takashi Iwai) [Orabug: 37427489] {CVE-2024-53150} - PCI: rockchip-ep: Fix address translation unit programming (Damien Le Moal) - Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" (Zhang Zekun) - modpost: Add .irqentry.text to OTHER_SECTIONS (Thomas Gleixner) - jffs2: Fix rtime decompressor (Richard Weinberger) - jffs2: Prevent rtime decompress memory corruption (Kinsey Moore) [Orabug: 37472398] {CVE-2024-57850} - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (Kunkun Jiang) - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (Kunkun Jiang) - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (Jing Zhang) - perf/x86/intel/pt: Fix buffer full but size is 0 case (Adrian Hunter) - bpf: fix OOB devmap writes when deleting elements (Maciej Fijalkowski) [Orabug: 37434047] {CVE-2024-56615} - xdp: Simplify devmap cleanup (Bj?rn T?pel) - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle (Parker Newman) - powerpc/prom_init: Fixup missing powermac #size-cells (Michael Ellerman) [Orabug: 37462196] {CVE-2024-56781} - usb: chipidea: udc: handle USB Error Interrupt if IOC not set (Xu Yang) - i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock (Defa Li) [Orabug: 37472157] {CVE-2024-43098} - PCI: Add ACS quirk for Wangxun FF5xxx NICs (Mengyuan Lou) - PCI: Add 'reset_subordinate' to reset hierarchy below bridge (Keith Busch) - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. (Qi Han) [Orabug: 37433861] {CVE-2024-56586} - nvdimm: rectify the illogical code within nd_dax_probe() (Yi Yang) - pinctrl: qcom-pmic-gpio: add support for PM8937 (Barnab?s Cz?m?n) - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (Kai M?kisara) - scsi: st: Don't modify unknown block number in MTIOCGET (Kai M?kisara) - leds: class: Protect brightness_show() with led_cdev->led_access mutex (Mukesh Ojha) [Orabug: 37433869] {CVE-2024-56587} - tracing: Use atomic64_inc_return() in trace_clock_counter() (Uros Bizjak) - netpoll: Use rcu_access_pointer() in __netpoll_setup (Breno Leitao) - net/neighbor: clear error in case strict check is not set (Jakub Kicinski) - rocker: fix link status detection in rocker_carrier_init() (Dmitry Antipov) - ASoC: hdmi-codec: reorder channel allocation list (Jonas Karlman) - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (Hilda Wu) - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (Norbert van Bolhuis) [Orabug: 37433908] {CVE-2024-56593} - wifi: ipw2x00: libipw_rx_any(): fix bad alignment (Jiapeng Chong) - drm/amdgpu: set the right AMDGPU sg segment limitation (Prike Liang) [Orabug: 37433914] {CVE-2024-56594} - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (Nihar Chaithanya) [Orabug: 37433920] {CVE-2024-56595} - jfs: fix array-index-out-of-bounds in jfs_readdir (Ghanshyam Agrawal) [Orabug: 37433928] {CVE-2024-56596} - jfs: fix shift-out-of-bounds in dbSplit (Ghanshyam Agrawal) [Orabug: 37433934] {CVE-2024-56597} - jfs: array-index-out-of-bounds fix in dtReadFirst (Ghanshyam Agrawal) [Orabug: 37433941] {CVE-2024-56598} - wifi: ath5k: add PCI ID for Arcadyan devices (Rosen Penev) - wifi: ath5k: add PCI ID for SX76X (Rosen Penev) - net: inet6: do not leave a dangling sk pointer in inet6_create() (Ignat Korchagin) [Orabug: 37433955] {CVE-2024-56600} - net: inet: do not leave a dangling sk pointer in inet_create() (Ignat Korchagin) [Orabug: 37433962] {CVE-2024-56601} - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (Ignat Korchagin) [Orabug: 37433970] {CVE-2024-56602} - net: af_can: do not leave a dangling sk pointer in can_create() (Ignat Korchagin) [Orabug: 37433977] {CVE-2024-56603} - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (Ignat Korchagin) [Orabug: 37433990] {CVE-2024-56605} - af_packet: avoid erroring out after sock_init_data() in packet_create() (Ignat Korchagin) [Orabug: 37433996] {CVE-2024-56606} - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (Elena Salomatkina) - net: ethernet: fs_enet: Use %pa to format resource_size_t (Simon Horman) - net: fec_mpc52xx_phy: Use %pa to format resource_size_t (Simon Horman) - samples/bpf: Fix a resource leak (Zhujun2) - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (Igor Artemiev) - drm/mcde: Enable module autoloading (Liao Chen) - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (Joaqu?n Ignacio Aramend?a) - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (Rohan Barar) - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (David Given) - s390/cpum_sf: Handle CPU hotplug remove during sampling (Thomas Richter) [Orabug: 37472391] {CVE-2024-57849} - mmc: core: Further prevent card detect during shutdown (Ulf Hansson) - regmap: detach regmap from dev on regmap_exit (Cosmin Tanislav) - dma-buf: fix dma_fence_array_signaled v4 (Christian K?nig) - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (Liequan Che) [Orabug: 37472225] {CVE-2024-48881} - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37434065] {CVE-2024-56619} - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (Saurav Kashyap) - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (Anil Gurumurthy) - scsi: qla2xxx: Fix NVMe and NPIV connect issue (Quinn Tran) - ocfs2: update seq_file index in ocfs2_dlm_seq_next (Wengang Wang) - tracing: Fix cmp_entries_dup() to respect sort() comparison rules (Kuan-Wei Chiu) - HID: wacom: fix when get product name maybe null pointer (Yuli Wang) [Orabug: 37434108] {CVE-2024-56629} - bpf: Fix exact match conditions in trie_get_next_key() (Hou Tao) - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie (Hou Tao) - ocfs2: free inode when ocfs2_get_init_inode() fails (Tetsuo Handa) [Orabug: 37434113] {CVE-2024-56630} - spi: mpc52xx: Add cancel_work_sync before module remove (Pei Xiao) [Orabug: 37472244] {CVE-2024-50051} - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (Zijian Zhang) [Orabug: 37434127] {CVE-2024-56633} - drm/sti: Add __iomem for mixer_dbg_mxn's parameter (Pei Xiao) - gpio: grgpio: Add NULL check in grgpio_probe (Charles Han) [Orabug: 37434131] {CVE-2024-56634} - gpio: grgpio: use a helper variable to store the address of ofdev->dev (Bartosz Golaszewski) - crypto: x86/aegis128 - access 32-bit arguments as 32-bit (Eric Biggers) - x86/asm: Reorder early variables (Jiri Slaby) - xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (Qiu-Ji Chen) [Orabug: 37433540] {CVE-2024-53198} - xen/xenbus: fix locking (Juergen Gross) - xenbus/backend: Protect xenbus callback with lock (SeongJae Park) - xenbus/backend: Add memory pressure handler callback (SeongJae Park) - xen/xenbus: reference count registered modules (Paul Durrant) - netfilter: nft_set_hash: skip duplicated elements pending gc run (Pablo Neira Ayuso) - netfilter: ipset: Hold module reference while requesting a module (Phil Sutter) [Orabug: 37434143] {CVE-2024-56637} - igb: Fix potential invalid memory access in igb_init_module() (Yuan Can) [Orabug: 37472257] {CVE-2024-52332} - net/qed: allow old cards not supporting "num_images" to work (Louis Leseur) - tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (Kuniyuki Iwashima) [Orabug: 37434161] {CVE-2024-56642} - tipc: add new AEAD key structure for user API (Tuong Lien) - tipc: enable creating a "preliminary" node (Tuong Lien) - tipc: add reference counter to bearer (Tuong Lien) - dccp: Fix memory leak in dccp_feat_change_recv (Ivan Solodovnikov) [Orabug: 37434167] {CVE-2024-56643} - can: j1939: j1939_session_new(): fix skb reference counting (Dmitry Antipov) [Orabug: 37434181] {CVE-2024-56645} - net/sched: tbf: correct backlog statistic for GSO packets (Martin Ottens) - netfilter: x_tables: fix LED ID check in led_tg_check() (Dmitry Antipov) [Orabug: 37434200] {CVE-2024-56650} - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (Jinghao Jia) [Orabug: 37472266] {CVE-2024-53680} - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (Dario Binacchi) - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (Dario Binacchi) - watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (Yassine Oudjana) - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (Oleksandr Ocheretnyi) - drm/etnaviv: flush shader L1 cache after user commandstream (Lucas Stach) - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (Yangerkun) [Orabug: 37462183] {CVE-2024-56779} - nfsd: make sure exp active before svc_export_show (Yangerkun) [Orabug: 37433745] {CVE-2024-56558} - dm thin: Add missing destroy_work_on_stack() (Yuan Can) - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (Frank Li) [Orabug: 37433756] {CVE-2024-56562} - util_macros.h: fix/rework find_closest() macros (Alexandru Ardelean) - ad7780: fix division by zero in ad7780_write_raw() (Zicheng Qu) [Orabug: 37433772] {CVE-2024-56567} - clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (Gabor Juhos) - ftrace: Fix regression with module command in stack_trace_filter (Guoweikang) [Orabug: 37433784] {CVE-2024-56569} - ovl: Filter invalid inodes with missing lookup function (Vasiliy Kovalev) [Orabug: 37433789] {CVE-2024-56570} - media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (Gaosheng Cui) [Orabug: 37433798] {CVE-2024-56572} - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (Jinjie Ruan) - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (Jinjie Ruan) - media: ts2020: fix null-ptr-deref in ts2020_probe() (Li Zetao) [Orabug: 37433805] {CVE-2024-56574} - media: i2c: tc358743: Fix crash in the probe error path when using polling (Alexander Shiyan) [Orabug: 37433817] {CVE-2024-56576} - btrfs: ref-verify: fix use-after-free after invalid ref action (Filipe Manana) [Orabug: 37433832] {CVE-2024-56581} - quota: flush quota_release_work upon quota writeback (Ojaswin Mujoo) [Orabug: 37462191] {CVE-2024-56780} - ASoC: fsl_micfil: fix the naming style for mask definition (Shengjiu Wang) - sh: intc: Fix use-after-free bug in register_intc_controller() (Dan Carpenter) [Orabug: 37433393] {CVE-2024-53165} - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (Liu Jian) [Orabug: 37434314] {CVE-2024-56688} - SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE (Trond Myklebust) - SUNRPC: correct error code comment in xs_tcp_setup_socket() (Calum Mackay) - modpost: remove incorrect code in do_eisa_entry() (Masahiro Yamada) - rtc: ab-eoz9: don't fail temperature reads on undervoltage notification (Maxime Chevallier) - 9p/xen: fix release of IRQ (Alex Zenla) [Orabug: 37434374] {CVE-2024-56704} - 9p/xen: fix init sequence (Alex Zenla) - block: return unsigned int from bdev_io_min (Christoph Hellwig) - jffs2: fix use of uninitialized variable (Qingfang Deng) - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (Waqar Hameed) [Orabug: 37433414] {CVE-2024-53171} - ubi: fastmap: Fix duplicate slab cache names while attaching (Zhihao Cheng) [Orabug: 37433419] {CVE-2024-53172} - ubifs: Correct the total block count by deducting journal reservation (Zhihao Cheng) - rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (Yongliang Gao) [Orabug: 37434456] {CVE-2024-56739} - rtc: abx80x: Fix WDT bit position of the status register (Nobuhiro Iwamatsu) - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (Trond Myklebust) [Orabug: 37433426] {CVE-2024-53173} - um: Always dump trace for specified task in show_stack (Tiwei Bie) - um: Clean up stacktrace dump (Johannes Berg) - um: add show_stack_loglvl() (Dmitry Safonov) - um/sysrq: remove needless variable sp (Dmitry Safonov) - um: Fix the return value of elf_core_copy_task_fpregs (Tiwei Bie) - um: Fix potential integer overflow during physmem setup (Tiwei Bie) [Orabug: 37427464] {CVE-2024-53145} - rpmsg: glink: Propagate TX failures in intentless mode as well (Bjorn Andersson) - SUNRPC: make sure cache entry active before cache_show (Yangerkun) [Orabug: 37433433] {CVE-2024-53174} - NFSD: Prevent a potential integer overflow (Chuck Lever) [Orabug: 37427470] {CVE-2024-53146} - lib: string_helpers: silence snprintf() output truncation warning (Bartosz Golaszewski) - usb: dwc3: gadget: Fix checking for number of TRBs left (Thinh Nguyen) - ALSA: hda/realtek: Apply quirk for Medion E15433 (Takashi Iwai) - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (Dinesh Kumar) - ALSA: hda/realtek: Set PCBeep to default value for ALC274 (Kailang Yang) - ALSA: hda/realtek: Update ALC225 depop procedure (Kailang Yang) - media: wl128x: Fix atomicity violation in fmc_send_cmd() (Qiu-Ji Chen) [Orabug: 37434358] {CVE-2024-56700} - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (Jason Gerecke) - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (Muchun Song) - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (Will Deacon) - sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (Huacai Chen) - um: vector: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433467] {CVE-2024-53181} - serial: 8250: omap: Move pm_runtime_get_sync (Bin Liu) - um: net: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433475] {CVE-2024-53183} - um: ubd: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433484] {CVE-2024-53184} - ubi: wl: Put source PEB into correct list if trying locking LEB failed (Zhihao Cheng) - spi: Fix acpi deferred irq probe (Stanislaw Gruszka) - netfilter: ipset: add missing range check in bitmap_ip_uadt (Jeongjun Park) [Orabug: 37388867] {CVE-2024-53141} - Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" (Greg Kroah-Hartman) - serial: sh-sci: Clean sci_ports[0] after at earlycon exit (Claudiu Beznea) - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (Andrej Shadura) - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (Nicolas Bouchinet) - comedi: Flush partial mappings in error case (Jann Horn) [Orabug: 37427482] {CVE-2024-53148} - PCI: Fix use-after-free of slot->bus on hot remove (Lukas Wunner) [Orabug: 37433516] {CVE-2024-53194} - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (Qiu-Ji Chen) - jfs: xattr: check invalid xattr size more strictly (Artem Sadovnikov) - ext4: fix FS_IOC_GETFSMAP handling (Theodore Ts'O) - ext4: supress data-race warnings in ext4_free_inodes_{count,set}() (Jeongjun Park) - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Beno?t Sevens) [Orabug: 37433532] {CVE-2024-53197} - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (Manikanta Mylavarapu) - usb: ehci-spear: fix call balance of sehci clk handling routines (Vitalii Mordan) - apparmor: fix 'Do simple duplicate message elimination' (Chao Liu) - staging: greybus: uart: clean up TIOCGSERIAL (Johan Hovold) - misc: apds990x: Fix missing pm_runtime_disable() (Jinjie Ruan) - USB: chaoskey: Fix possible deadlock chaoskey_list_lock (Edward Adam Davis) - USB: chaoskey: fail open after removal (Oliver Neukum) - usb: yurex: make waiting on yurex_write interruptible (Oliver Neukum) - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (Jeongjun Park) - ipmr: fix tables suspicious RCU usage (Paolo Abeni) - ipmr: convert /proc handlers to rcu_read_lock() (Eric Dumazet) - net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken (Maxime Chevallier) - marvell: pxa168_eth: fix call balance of pep->clk handling routines (Vitalii Mordan) - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (Oleksij Rempel) - tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets (Pavan Chebbi) - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (Oleksij Rempel) - power: supply: core: Remove might_sleep() from power_supply_put() (Bart Van Assche) - vfio/pci: Properly hide first-in-list PCIe extended capability (Avihai Horon) [Orabug: 37433578] {CVE-2024-53214} - NFSD: Fix nfsd4_shutdown_copy() (Chuck Lever) - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (Chuck Lever) - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (Chuck Lever) [Orabug: 37433594] {CVE-2024-53217} - rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length (Jonathan Marek) - rpmsg: glink: Fix GLINK command prefix (Bjorn Andersson) - rpmsg: glink: Send READ_NOTIFY command in FIFO full case (Arun Kumar Neelakantam) - rpmsg: glink: Add TX_DATA_CONT command while sending (Arun Kumar Neelakantam) - perf trace: Avoid garbage when not printing a syscall's arguments (Benjamin Peterson) - perf trace: Do not lose last events in a race (Benjamin Peterson) - m68k: coldfire/device.c: only build FEC when HW macros are defined (Antonio Quartulli) - m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x (Jean-Michel Hautbois) - PCI: cpqphp: Fix PCIBIOS_* return value confusion (Ilpo J?rvinen) - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (Weiyufeng) - perf probe: Correct demangled symbols in C++ program (Leo Yan) - perf cs-etm: Don't flush when packet_queue fills up (James Clark) - clk: clk-axi-clkgen: make sure to enable the AXI bus clock (Nuno Sa) - clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand (Alexandru Ardelean) - dt-bindings: clock: axi-clkgen: include AXI clk (Nuno Sa) - dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format (Alexandru Ardelean) - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (Zhen Lei) [Orabug: 37434478] {CVE-2024-56746} - fbdev/sh7760fb: Alloc DMA memory from hardware device (Thomas Zimmermann) - powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static (Michal Suchanek) - ocfs2: fix uninitialized value in ocfs2_file_read_iter() (Dmitry Antipov) [Orabug: 37427503] {CVE-2024-53155} - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (Zhen Lei) [Orabug: 37434484] {CVE-2024-56747} - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (Zhen Lei) [Orabug: 37434489] {CVE-2024-56748} - scsi: fusion: Remove unused variable 'rc' (Zeng Heng) - scsi: bfa: Fix use-after-free in bfad_im_module_exit() (Ye Bin) [Orabug: 37433630] {CVE-2024-53227} - mfd: rt5033: Fix missing regmap_del_irq_chip() (Zhang Changzhong) - mtd: rawnand: atmel: Fix possible memory leak (Miquel Raynal) - cpufreq: loongson2: Unregister platform_driver on failure (Yuan Can) - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (Andy Shevchenko) [Orabug: 37434429] {CVE-2024-56723} - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (Andy Shevchenko) [Orabug: 37434434] {CVE-2024-56724} - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (Andy Shevchenko) [Orabug: 37434330] {CVE-2024-56691} - mfd: intel_soc_pmic_bxtwc: Use dev_err_probe() (Andy Shevchenko) - mfd: da9052-spi: Change read-mask to write-mask (Marcus Folkesson) - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (Jinjie Ruan) - trace/trace_event_perf: remove duplicate samples on the first tracepoint event (Levi Yun) - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (Breno Leitao) - ALSA: 6fire: Release resources at card release (Takashi Iwai) [Orabug: 37433660] {CVE-2024-53239} - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (Takashi Iwai) [Orabug: 37433666] {CVE-2024-56531} - ALSA: us122l: Use snd_card_free_when_closed() at disconnection (Takashi Iwai) [Orabug: 37433672] {CVE-2024-56532} - net: rfkill: gpio: Add check for clk_enable() (Mingwei Zheng) - selftests: net: really check for bg process completion (Paolo Abeni) - bpf, sockmap: Fix sk_msg_reset_curr (Zijian Zhang) - bpf, sockmap: Several fixes to bpf_msg_pop_data (Zijian Zhang) [Orabug: 37434419] {CVE-2024-56720} - bpf, sockmap: Several fixes to bpf_msg_push_data (Zijian Zhang) - drm/etnaviv: hold GPU lock across perfmon sampling (Lucas Stach) - drm/etnaviv: fix power register offset on GC300 (Doug Brown) - drm/etnaviv: dump: fix sparse warnings (Marc Kleine-Budde) - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - drm/panfrost: Remove unused id_mask from struct panfrost_model (Steven Price) - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (Alper Nebi Yasak) [Orabug: 37433695] {CVE-2024-56539} - bpf: Fix the xdp_adjust_tail sample prog issue (Yuan Chen) - ASoC: fsl_micfil: fix regmap_write_bits usage (Shengjiu Wang) - ASoC: fsl_micfil: use GENMASK to define register bit fields (Sascha Hauer) - ASoC: fsl_micfil: do not define SHIFT/MASK for single bits (Sascha Hauer) - ASoC: fsl_micfil: Drop unnecessary register read (Sascha Hauer) - dt-bindings: vendor-prefixes: Add NeoFidelity, Inc (Igor Prusov) - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - drm/omap: Fix locking in omap_gem_new_dmabuf() (Tomi Valkeinen) - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (Jeongjun Park) [Orabug: 37427509] {CVE-2024-53156} - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (Andy Shevchenko) - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (Luo Qiu) [Orabug: 37427515] {CVE-2024-53157} - regmap: irq: Set lockdep class for hierarchical IRQ domains (Andy Shevchenko) - ARM: dts: cubieboard4: Fix DCDC5 regulator constraints (Andre Przywara) - tpm: fix signed/unsigned bug when checking event logs (Gregory Price) - efi/tpm: Pass correct address to memblock_reserve (Jerry Snitselaar) - mmc: mmc_spi: drop buggy snprintf() (Bartosz Golaszewski) - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (Dan Carpenter) [Orabug: 37427524] {CVE-2024-53158} - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - time: Fix references to _msecs_to_jiffies() handling of values (Miguel Ojeda) - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (Christophe Jaillet) - crypto: bcm - add error check in the ahash_hmac_init function (Chen Ridong) [Orabug: 37434298] {CVE-2024-56681} - crypto: cavium - Fix the if condition to exit loop after timeout (Everest K C ) - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (Yi Yang) [Orabug: 37434323] {CVE-2024-56690} - EDAC/fsl_ddr: Fix bad bit shift operations (Priyanka Singh) - EDAC/bluefield: Fix potential integer overflow (David Thompson) [Orabug: 37427533] {CVE-2024-53161} - firmware: google: Unregister driver_info on failure (Yuan Can) - firmware: google: Unregister driver_info on failure and exit in gsmi (Arthur Heymans) - hfsplus: don't query the device logical block size multiple times (Thadeu Lima de Souza Cascardo) - s390/syscalls: Avoid creation of arch/arch/ directory (Masahiro Yamada) - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (Aleksandr Mishin) - m68k: mvme147: Reinstate early console (Daniel Palmer) - m68k: mvme16x: Add and use "mvme16x.h" (Geert Uytterhoeven) - m68k: mvme147: Fix SCSI controller IRQ numbers (Daniel Palmer) - nvme-pci: fix freeing of the HMB descriptor table (Christoph Hellwig) [Orabug: 37434510] {CVE-2024-56756} - initramfs: avoid filename buffer overrun (David Disseldorp) [Orabug: 37388874] {CVE-2024-53142} - mips: asm: fix warning when disabling MIPS_FP_SUPPORT (Jonas Gorski) - x86/xen/pvh: Annotate indirect branch as safe (Josh Poimboeuf) - nvme: fix metadata handling in nvme-passthrough (Puranjay Mohan) - cifs: Fix buffer overflow when parsing NFS reparse points (Pali Roh?r) [Orabug: 37206284] {CVE-2024-49996} - ipmr: Fix access to mfc_cache_list without lock held (Breno Leitao) - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (David Wang) - ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (Luo Yifan) - ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (Luo Yifan) - regulator: rk808: Add apply_bit for BUCK3 on RK809 (Mikhail Rudenko) - soc: qcom: Add check devm_kasprintf() returned value (Charles Han) - net: usb: qmi_wwan: add Quectel RG650V (Beno?t Monin) - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (Arnd Bergmann) - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (Piyush Raj Chouhan) - selftests/watchdog-test: Fix system accidentally reset after watchdog-test (Li Zhijian) - mac80211: fix user-power when emulating chanctx (Ben Greear) - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (Hans de Goede) - kbuild: Use uname for LINUX_COMPILE_HOST detection (Chris Down) - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (Mauro Carvalho Chehab) - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (Ryusuke Konishi) [Orabug: 37388819] {CVE-2024-53130} - ocfs2: fix UBSAN warning in ocfs2_verify_volume() (Dmitry Antipov) - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (Ryusuke Konishi) [Orabug: 37388825] {CVE-2024-53131} - KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (Sean Christopherson) [Orabug: 37388846] {CVE-2024-53135} - ocfs2: uncache inode which has failed entering the group (Dmitry Antipov) [Orabug: 37388753] {CVE-2024-53112} - net/mlx5e: kTLS, Fix incorrect page refcounting (Dragos Tatulea) [Orabug: 37388854] {CVE-2024-53138} - net/mlx5: fs, lock FTE when checking if active (Mark Bloch) [Orabug: 37388785] {CVE-2024-53121} - netlink: terminate outstanding dump on socket close (Jakub Kicinski) [Orabug: 37388861] {CVE-2024-53140} - LTS tag: v5.4.286 (Alok Tiwari) - 9p: fix slab cache name creation for real (Linus Torvalds) - md/raid10: improve code of mrdev in raid10_sync_request (Li Nan) - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (Reinhard Speyerer) - fs: Fix uninitialized value issue in from_kuid and from_kgid (Alessandro Zanni) [Orabug: 37331928] {CVE-2024-53101} - powerpc/powernv: Free name on error in opal_event_init() (Michael Ellerman) - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML (Julian Vetter) - bpf: use kvzmalloc to allocate BPF verifier environment (Rik van Riel) - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (Yuli Wang) - 9p: Avoid creating multiple slab caches with the same name (Pedro Falcato) - ALSA: usb-audio: Add endianness annotations (Jan Sch?r) - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Hyunwoo Kim) [Orabug: 37298681] {CVE-2024-50264} - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (Hyunwoo Kim) [Orabug: 37344480] {CVE-2024-53103} - ftrace: Fix possible use-after-free issue in ftrace_location() (Zheng Yejian) [Orabug: 36753574] {CVE-2024-38588} - NFSD: Fix NFSv4's PUTPUBFH operation (Chuck Lever) - ALSA: usb-audio: Add quirks for Dell WD19 dock (Jan Sch?r) - ALSA: usb-audio: Support jack detection on Dell dock (Jan Sch?r) - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (Andrew Kanner) [Orabug: 37298685] {CVE-2024-50265} - irqchip/gic-v3: Force propagation of the active state with a read-back (Marc Zyngier) - USB: serial: option: add Quectel RG650V (Beno?t Monin) - USB: serial: option: add Fibocom FG132 0x0112 composition (Reinhard Speyerer) - USB: serial: qcserial: add support for Sierra Wireless EM86xx (Jack Wu) - USB: serial: io_edgeport: fix use after free in debug printk (Dan Carpenter) [Orabug: 37298695] {CVE-2024-50267} - usb: musb: sunxi: Fix accessing an released usb phy (Zijun Hu) [Orabug: 37298703] {CVE-2024-50269} - fs/proc: fix compile warning about variable 'vmcore_mmap_ops' (Qi Xi) - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (Beno?t Sevens) [Orabug: 37344485] {CVE-2024-53104} - net: bridge: xmit: make sure we have at least eth header len bytes (Nikolay Aleksandrov) [Orabug: 36753372] {CVE-2024-38538} - spi: fix use-after-free of the add_lock mutex (Michael Walle) - spi: Fix deadlock when adding SPI controllers on SPI buses (Mark Brown) - mtd: rawnand: protect access to rawnand devices while in suspend (Sean Nyekjaer) - btrfs: reinitialize delayed ref list after deleting it from the list (Filipe Manana) [Orabug: 37298715] {CVE-2024-50273} - nfs: Fix KMSAN warning in decode_getfattr_attrs() (Roberto Sassu) [Orabug: 37304779] {CVE-2024-53066} - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (Zichen Xie) - dm cache: fix potential out-of-bounds access on the first resume (Ming-Hung Tsai) [Orabug: 37298732] {CVE-2024-50278} - dm cache: optimize dirty bit checking with find_next_bit when resizing (Ming-Hung Tsai) - dm cache: fix out-of-bounds access to the dirty bitset when resizing (Ming-Hung Tsai) [Orabug: 37298737] {CVE-2024-50279} - dm cache: correct the number of origin blocks to match the target length (Ming-Hung Tsai) - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (Alex Deucher) [Orabug: 37298751] {CVE-2024-50282} - pwm: imx-tpm: Use correct MODULO value for EPWM mode (Erik Schumacher) - media: v4l2-tpg: prevent the risk of a division by zero (Mauro Carvalho Chehab) [Orabug: 37298782] {CVE-2024-50287} - media: cx24116: prevent overflows on SNR calculus (Mauro Carvalho Chehab) [Orabug: 37298797] {CVE-2024-50290} - media: s5p-jpeg: prevent buffer overflows (Mauro Carvalho Chehab) [Orabug: 37304763] {CVE-2024-53061} - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (Murad Masimov) - media: adv7604: prevent underflow condition when reporting colorspace (Mauro Carvalho Chehab) - media: dvb_frontend: don't play tricks with underflow values (Mauro Carvalho Chehab) - media: dvbdev: prevent the risk of out of memory access (Mauro Carvalho Chehab) [Orabug: 37304769] {CVE-2024-53063} - media: stb0899_algo: initialize cfr before using it (Mauro Carvalho Chehab) - net: hns3: fix kernel crash when uninstalling driver (Peiyang Wang) [Orabug: 37298811] {CVE-2024-50296} - can: c_can: fix {rx,tx}_errors statistics (Dario Binacchi) - sctp: properly validate chunk size in sctp_sf_ootb() (Xin Long) [Orabug: 37298820] {CVE-2024-50299} - net: enetc: set MAC address to the VF net_device (Wei Fang) - enetc: simplify the return expression of enetc_vf_set_mac_addr() (Qinglang Miao) - security/keys: fix slab-out-of-bounds in key_task_permission (Chen Ridong) [Orabug: 37298827] {CVE-2024-50301} - HID: core: zero-initialize the report buffer (Jiri Kosina) [Orabug: 37298834] {CVE-2024-50302} - ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin (Heiko Stuebner) - ARM: dts: rockchip: Fix the spi controller on rk3036 (Heiko Stuebner) - ARM: dts: rockchip: drop grf reference from rk3036 hdmi (Heiko Stuebner) - ARM: dts: rockchip: fix rk3036 acodec node (Heiko Stuebner) - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (Heiko Stuebner) - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (Heiko Stuebner) - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (Diederik de Haas) - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (Geert Uytterhoeven) [5.4.17-2136.340.1.el7uek] - rds/ib: avoid scq/rcq polling during rds connection shutdown (Arumugam Kolappan) [Orabug: 37092563] - RDMA/mlx5: Send UAR page index as ioctl attribute (Akiva Goldberger) [Orabug: 37029739] - RDMA: Pass entire uverbs attr bundle to create cq function (Akiva Goldberger) [Orabug: 37029739] - IB/uverbs: Enable CQ ioctl commands by default (Yishai Hadas) [Orabug: 37029739] From el-errata at oss.oracle.com Fri Sep 12 14:50:01 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:50:01 -0700 Subject: [El-errata] ELSA-2025-20560 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20560 http://linux.oracle.com/errata/ELSA-2025-20560.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.347.6.1.el8uek.x86_64.rpm kernel-uek-container-5.4.17-2136.347.6.1.el8uek.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.347.6.1.el8uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.347.6.1.el8uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.347.6.1.el8uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.347.6.1.el8uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.347.6.1.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.347.6.1.el8uek.src.rpm Description of changes: [5.4.17-2136.347.6.1.el8uek] - x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38343661] - x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38343661] - x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38343661] - x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38343661] - x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38343661] - x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38343661] - Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38343661] From el-errata at oss.oracle.com Fri Sep 12 14:50:08 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:50:08 -0700 Subject: [El-errata] ELSA-2025-20559 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20559 http://linux.oracle.com/errata/ELSA-2025-20559.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-5.15.0-312.187.5.1.el8uek.x86_64.rpm kernel-uek-5.15.0-312.187.5.1.el8uek.x86_64.rpm kernel-uek-core-5.15.0-312.187.5.1.el8uek.x86_64.rpm kernel-uek-debug-5.15.0-312.187.5.1.el8uek.x86_64.rpm kernel-uek-debug-core-5.15.0-312.187.5.1.el8uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-312.187.5.1.el8uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-312.187.5.1.el8uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-312.187.5.1.el8uek.x86_64.rpm kernel-uek-devel-5.15.0-312.187.5.1.el8uek.x86_64.rpm kernel-uek-doc-5.15.0-312.187.5.1.el8uek.noarch.rpm kernel-uek-modules-5.15.0-312.187.5.1.el8uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-312.187.5.1.el8uek.x86_64.rpm kernel-uek-container-5.15.0-312.187.5.1.el8uek.x86_64.rpm kernel-uek-container-debug-5.15.0-312.187.5.1.el8uek.x86_64.rpm aarch64: bpftool-5.15.0-312.187.5.1.el8uek.aarch64.rpm kernel-uek-5.15.0-312.187.5.1.el8uek.aarch64.rpm kernel-uek-core-5.15.0-312.187.5.1.el8uek.aarch64.rpm kernel-uek-debug-5.15.0-312.187.5.1.el8uek.aarch64.rpm kernel-uek-debug-core-5.15.0-312.187.5.1.el8uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-312.187.5.1.el8uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-312.187.5.1.el8uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-312.187.5.1.el8uek.aarch64.rpm kernel-uek-devel-5.15.0-312.187.5.1.el8uek.aarch64.rpm kernel-uek-doc-5.15.0-312.187.5.1.el8uek.noarch.rpm kernel-uek-modules-5.15.0-312.187.5.1.el8uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-312.187.5.1.el8uek.aarch64.rpm kernel-uek-container-5.15.0-312.187.5.1.el8uek.aarch64.rpm kernel-uek-container-debug-5.15.0-312.187.5.1.el8uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-312.187.5.1.el8uek.src.rpm Description of changes: [5.15.0-312.187.5.1.el8uek] - x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38343660] - x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38343660] - x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38343660] - x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38343660] - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (Josh Poimboeuf) [Orabug: 38343660] - x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38343660] - x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38343660] - Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38343660] From el-errata at oss.oracle.com Fri Sep 12 14:50:15 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:50:15 -0700 Subject: [El-errata] ELSA-2025-20559 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20559 http://linux.oracle.com/errata/ELSA-2025-20559.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-5.15.0-312.187.5.1.el9uek.x86_64.rpm kernel-uek-5.15.0-312.187.5.1.el9uek.x86_64.rpm kernel-uek-core-5.15.0-312.187.5.1.el9uek.x86_64.rpm kernel-uek-debug-5.15.0-312.187.5.1.el9uek.x86_64.rpm kernel-uek-debug-core-5.15.0-312.187.5.1.el9uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-312.187.5.1.el9uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-312.187.5.1.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-312.187.5.1.el9uek.x86_64.rpm kernel-uek-devel-5.15.0-312.187.5.1.el9uek.x86_64.rpm kernel-uek-doc-5.15.0-312.187.5.1.el9uek.noarch.rpm kernel-uek-modules-5.15.0-312.187.5.1.el9uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-312.187.5.1.el9uek.x86_64.rpm kernel-uek-container-5.15.0-312.187.5.1.el9uek.x86_64.rpm kernel-uek-container-debug-5.15.0-312.187.5.1.el9uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-312.187.5.1.el9uek.src.rpm Description of changes: [5.15.0-312.187.5.1.el9uek] - x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38343660] - x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38343660] - x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38343660] - x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38343660] - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (Josh Poimboeuf) [Orabug: 38343660] - x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38343660] - x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38343660] - Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38343660] From el-errata at oss.oracle.com Fri Sep 12 14:50:20 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:50:20 -0700 Subject: [El-errata] ELSA-2025-20558 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20558 http://linux.oracle.com/errata/ELSA-2025-20558.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-core-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-debug-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-debug-core-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-debug-devel-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-core-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-deprecated-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-desktop-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-usb-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-wireless-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-devel-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-doc-6.12.0-103.40.4.2.el9uek.noarch.rpm kernel-uek-modules-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-modules-core-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-modules-deprecated-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-modules-desktop-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-modules-extra-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-modules-extra-netfilter-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-modules-usb-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-modules-wireless-6.12.0-103.40.4.2.el9uek.x86_64.rpm kernel-uek-tools-6.12.0-103.40.4.2.el9uek.x86_64.rpm aarch64: kernel-uek-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-core-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-debug-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-debug-core-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-debug-devel-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-core-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-deprecated-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-desktop-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-usb-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-wireless-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-devel-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-modules-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-modules-extra-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-modules-core-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-modules-deprecated-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-modules-desktop-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-modules-extra-netfilter-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-modules-usb-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-modules-wireless-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek-tools-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek64k-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek64k-core-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek64k-devel-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-core-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-deprecated-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-desktop-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-extra-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-extra-netfilter-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-usb-6.12.0-103.40.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-wireless-6.12.0-103.40.4.2.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-6.12.0-103.40.4.2.el9uek.src.rpm Description of changes: [6.12.0-103.40.4.2.el9uek] - x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38343659] - x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38343659] - x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38343659] - x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38343659] - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (Josh Poimboeuf) [Orabug: 38343659] - x86/bugs: Rename entry_ibpb() to write_ibpb() (Josh Poimboeuf) [Orabug: 38343659] - x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38343659] - x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38343659] - Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38343659] From el-errata at oss.oracle.com Fri Sep 12 14:50:26 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 07:50:26 -0700 Subject: [El-errata] ELSA-2025-20558 Important: Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-20558 http://linux.oracle.com/errata/ELSA-2025-20558.html The following updated rpms for have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-core-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-devel-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-doc-6.12.0-103.40.4.2.el10uek.noarch.rpm kernel-uek-modules-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-modules-core-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-modules-deprecated-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-modules-desktop-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-modules-extra-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-modules-extra-netfilter-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-modules-usb-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-modules-wireless-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-tools-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-debug-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-debug-core-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-debug-devel-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-debug-modules-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-debug-modules-core-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-debug-modules-deprecated-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-debug-modules-desktop-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-debug-modules-extra-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-debug-modules-usb-6.12.0-103.40.4.2.el10uek.x86_64.rpm kernel-uek-debug-modules-wireless-6.12.0-103.40.4.2.el10uek.x86_64.rpm aarch64: kernel-uek-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-core-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-devel-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-modules-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-modules-core-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-modules-deprecated-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-modules-desktop-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-modules-extra-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-modules-extra-netfilter-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-modules-usb-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-modules-wireless-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-tools-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-debug-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-debug-core-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-debug-devel-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-core-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-deprecated-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-desktop-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-extra-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-usb-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek-debug-modules-wireless-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek64k-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek64k-core-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek64k-devel-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-core-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-deprecated-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-desktop-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-extra-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-extra-netfilter-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-usb-6.12.0-103.40.4.2.el10uek.aarch64.rpm kernel-uek64k-modules-wireless-6.12.0-103.40.4.2.el10uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/kernel-uek-6.12.0-103.40.4.2.el10uek.src.rpm Description of changes: [6.12.0-103.40.4.2.el10uek] - x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38343659] - x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38343659] - x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38343659] - x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38343659] - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (Josh Poimboeuf) [Orabug: 38343659] - x86/bugs: Rename entry_ibpb() to write_ibpb() (Josh Poimboeuf) [Orabug: 38343659] - x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38343659] - x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38343659] - Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38343659] From el-errata at oss.oracle.com Fri Sep 12 22:18:24 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 15:18:24 -0700 Subject: [El-errata] ELSA-2025-15661 Important: Oracle Linux 9 kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15661 http://linux.oracle.com/errata/ELSA-2025-15661.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-abi-stablelists-5.14.0-570.42.2.0.1.el9_6.noarch.rpm kernel-core-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-cross-headers-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-debug-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-debug-core-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-debug-devel-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-debug-devel-matched-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-debug-modules-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-debug-modules-core-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-debug-modules-extra-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-debug-uki-virt-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-devel-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-devel-matched-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-doc-5.14.0-570.42.2.0.1.el9_6.noarch.rpm kernel-headers-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-modules-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-modules-core-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-modules-extra-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-tools-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-tools-libs-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-tools-libs-devel-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-uki-virt-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm kernel-uki-virt-addons-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm libperf-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm perf-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm python3-perf-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm rtla-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm rv-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm aarch64: kernel-cross-headers-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm kernel-headers-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm kernel-tools-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm kernel-tools-libs-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm kernel-tools-libs-devel-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm libperf-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm perf-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm python3-perf-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm rtla-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm rv-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-570.42.2.0.1.el9_6.src.rpm Related CVEs: CVE-2025-22097 CVE-2025-38332 CVE-2025-38352 CVE-2025-38449 Description of changes: [5.14.0-570.42.2.0.1.el9_6.OL9] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764] [5.14.0-570.42.2.el9_6] - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CKI Backport Bot) [RHEL-112780] {CVE-2025-38352} - powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (CKI Backport Bot) [RHEL-113173] [5.14.0-570.42.1.el9_6] - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (Mamatha Inamdar) [RHEL-103015] - drm/framebuffer: Acquire internal references on GEM handles (Jos? Exp?sito) [RHEL-106699] {CVE-2025-38449} - drm/gem: Acquire references on GEM handles for framebuffers (Jos? Exp?sito) [RHEL-106699] {CVE-2025-38449} - drm/vkms: Fix use after free and double free on init error (CKI KWF BOT) [RHEL-99420] {CVE-2025-22097} - scsi: lpfc: Use memcpy() for BIOS version (Ewan D. Milne) [RHEL-105933] {CVE-2025-38332} From el-errata at oss.oracle.com Fri Sep 12 22:18:23 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 15:18:23 -0700 Subject: [El-errata] ELBA-2025-15707 Oracle Linux 9 samba bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-15707 http://linux.oracle.com/errata/ELBA-2025-15707.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: ldb-tools-4.21.3-14.el9_6.x86_64.rpm libldb-4.21.3-14.el9_6.i686.rpm libldb-4.21.3-14.el9_6.x86_64.rpm libldb-devel-4.21.3-14.el9_6.i686.rpm libldb-devel-4.21.3-14.el9_6.x86_64.rpm libnetapi-4.21.3-14.el9_6.i686.rpm libnetapi-4.21.3-14.el9_6.x86_64.rpm libnetapi-devel-4.21.3-14.el9_6.i686.rpm libnetapi-devel-4.21.3-14.el9_6.x86_64.rpm libsmbclient-4.21.3-14.el9_6.i686.rpm libsmbclient-4.21.3-14.el9_6.x86_64.rpm libsmbclient-devel-4.21.3-14.el9_6.i686.rpm libsmbclient-devel-4.21.3-14.el9_6.x86_64.rpm libwbclient-4.21.3-14.el9_6.i686.rpm libwbclient-4.21.3-14.el9_6.x86_64.rpm libwbclient-devel-4.21.3-14.el9_6.i686.rpm libwbclient-devel-4.21.3-14.el9_6.x86_64.rpm python3-ldb-4.21.3-14.el9_6.i686.rpm python3-ldb-4.21.3-14.el9_6.x86_64.rpm python3-samba-4.21.3-14.el9_6.i686.rpm python3-samba-4.21.3-14.el9_6.x86_64.rpm python3-samba-dc-4.21.3-14.el9_6.x86_64.rpm python3-samba-test-4.21.3-14.el9_6.x86_64.rpm samba-4.21.3-14.el9_6.x86_64.rpm samba-client-4.21.3-14.el9_6.x86_64.rpm samba-client-libs-4.21.3-14.el9_6.i686.rpm samba-client-libs-4.21.3-14.el9_6.x86_64.rpm samba-common-4.21.3-14.el9_6.noarch.rpm samba-common-libs-4.21.3-14.el9_6.i686.rpm samba-common-libs-4.21.3-14.el9_6.x86_64.rpm samba-common-tools-4.21.3-14.el9_6.x86_64.rpm samba-dc-libs-4.21.3-14.el9_6.i686.rpm samba-dc-libs-4.21.3-14.el9_6.x86_64.rpm samba-dcerpc-4.21.3-14.el9_6.x86_64.rpm samba-devel-4.21.3-14.el9_6.i686.rpm samba-devel-4.21.3-14.el9_6.x86_64.rpm samba-gpupdate-4.21.3-14.el9_6.x86_64.rpm samba-krb5-printing-4.21.3-14.el9_6.x86_64.rpm samba-ldb-ldap-modules-4.21.3-14.el9_6.x86_64.rpm samba-libs-4.21.3-14.el9_6.i686.rpm samba-libs-4.21.3-14.el9_6.x86_64.rpm samba-pidl-4.21.3-14.el9_6.noarch.rpm samba-test-4.21.3-14.el9_6.x86_64.rpm samba-test-libs-4.21.3-14.el9_6.x86_64.rpm samba-tools-4.21.3-14.el9_6.x86_64.rpm samba-usershares-4.21.3-14.el9_6.x86_64.rpm samba-vfs-iouring-4.21.3-14.el9_6.x86_64.rpm samba-winbind-4.21.3-14.el9_6.x86_64.rpm samba-winbind-clients-4.21.3-14.el9_6.x86_64.rpm samba-winbind-krb5-locator-4.21.3-14.el9_6.x86_64.rpm samba-winbind-modules-4.21.3-14.el9_6.i686.rpm samba-winbind-modules-4.21.3-14.el9_6.x86_64.rpm samba-winexe-4.21.3-14.el9_6.x86_64.rpm aarch64: ldb-tools-4.21.3-14.el9_6.aarch64.rpm libldb-4.21.3-14.el9_6.aarch64.rpm libldb-devel-4.21.3-14.el9_6.aarch64.rpm libnetapi-4.21.3-14.el9_6.aarch64.rpm libnetapi-devel-4.21.3-14.el9_6.aarch64.rpm libsmbclient-4.21.3-14.el9_6.aarch64.rpm libsmbclient-devel-4.21.3-14.el9_6.aarch64.rpm libwbclient-4.21.3-14.el9_6.aarch64.rpm libwbclient-devel-4.21.3-14.el9_6.aarch64.rpm python3-ldb-4.21.3-14.el9_6.aarch64.rpm python3-samba-4.21.3-14.el9_6.aarch64.rpm python3-samba-dc-4.21.3-14.el9_6.aarch64.rpm python3-samba-test-4.21.3-14.el9_6.aarch64.rpm samba-4.21.3-14.el9_6.aarch64.rpm samba-client-4.21.3-14.el9_6.aarch64.rpm samba-client-libs-4.21.3-14.el9_6.aarch64.rpm samba-common-4.21.3-14.el9_6.noarch.rpm samba-common-libs-4.21.3-14.el9_6.aarch64.rpm samba-common-tools-4.21.3-14.el9_6.aarch64.rpm samba-dc-libs-4.21.3-14.el9_6.aarch64.rpm samba-dcerpc-4.21.3-14.el9_6.aarch64.rpm samba-devel-4.21.3-14.el9_6.aarch64.rpm samba-gpupdate-4.21.3-14.el9_6.aarch64.rpm samba-krb5-printing-4.21.3-14.el9_6.aarch64.rpm samba-ldb-ldap-modules-4.21.3-14.el9_6.aarch64.rpm samba-libs-4.21.3-14.el9_6.aarch64.rpm samba-pidl-4.21.3-14.el9_6.noarch.rpm samba-test-4.21.3-14.el9_6.aarch64.rpm samba-test-libs-4.21.3-14.el9_6.aarch64.rpm samba-tools-4.21.3-14.el9_6.aarch64.rpm samba-usershares-4.21.3-14.el9_6.aarch64.rpm samba-vfs-iouring-4.21.3-14.el9_6.aarch64.rpm samba-winbind-4.21.3-14.el9_6.aarch64.rpm samba-winbind-clients-4.21.3-14.el9_6.aarch64.rpm samba-winbind-krb5-locator-4.21.3-14.el9_6.aarch64.rpm samba-winbind-modules-4.21.3-14.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/samba-4.21.3-14.el9_6.src.rpm Description of changes: [0:4.21.3-14] - resolves: RHEL-113388 - Rebuild for zstream [0:4.21.3-13] - resolves: RHEL-113388 - Fix 'net ads join' in setups with multiple DCs [0:4.21.3-12] - resolves: RHEL-101766 - Fix DC discovery after Windows netlogon hardening (follow-up, main fix is in samba-4.21.3-7) [0:4.21.3-11] - resolves: RHEL-111311 - Fix winbind fork bomb in 'IPA with AD trust' environment [0:4.21.3-10] - resolves: RHEL-102934 - Fix samba-gpupdate to process empty GPO Link [0:4.21.3-9] - resolves: RHEL-105624 - Fix 'net ads kerberos kinit' [0:4.21.3-8] - resolves: RHEL-103411 - smb.conf: Remove the '@' for NIX groups, we removed NIS support From el-errata at oss.oracle.com Fri Sep 12 22:18:21 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 15:18:21 -0700 Subject: [El-errata] ELBA-2025-20578 Oracle Linux 9 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20578 http://linux.oracle.com/errata/ELBA-2025-20578.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.42.1.el9.noarch.rpm iwl100-firmware-39.31.5.1-999.42.1.el9.noarch.rpm iwl105-firmware-18.168.6.1-999.42.1.el9.noarch.rpm iwl135-firmware-18.168.6.1-999.42.1.el9.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.1.el9.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.1.el9.noarch.rpm iwl3160-firmware-25.30.13.0-999.42.1.el9.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.1.el9.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.1.el9.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.1.el9.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.1.el9.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.1.el9.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.42.1.el9.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.42.1.el9.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.1.el9.noarch.rpm iwl7260-firmware-25.30.13.0-999.42.1.el9.noarch.rpm iwlax2xx-firmware-20250909-999.42.1.el9.noarch.rpm libertas-sd8686-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm libertas-sd8787-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm libertas-usb8388-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm libertas-usb8388-olpc-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm linux-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm linux-firmware-core-20250909-999.42.1.git356f06bf.el9.noarch.rpm linux-firmware-whence-20250909-999.42.1.git356f06bf.el9.noarch.rpm liquidio-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm netronome-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm aarch64: iwl1000-firmware-39.31.5.1-999.42.1.el9.noarch.rpm iwl100-firmware-39.31.5.1-999.42.1.el9.noarch.rpm iwl105-firmware-18.168.6.1-999.42.1.el9.noarch.rpm iwl135-firmware-18.168.6.1-999.42.1.el9.noarch.rpm iwl2000-firmware-18.168.6.1-999.42.1.el9.noarch.rpm iwl2030-firmware-18.168.6.1-999.42.1.el9.noarch.rpm iwl3160-firmware-25.30.13.0-999.42.1.el9.noarch.rpm iwl3945-firmware-15.32.2.9-999.42.1.el9.noarch.rpm iwl4965-firmware-228.61.2.24-999.42.1.el9.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.42.1.el9.noarch.rpm iwl5150-firmware-8.24.2.2-999.42.1.el9.noarch.rpm iwl6000-firmware-9.221.4.1-999.42.1.el9.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.42.1.el9.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.42.1.el9.noarch.rpm iwl6050-firmware-41.28.5.1-999.42.1.el9.noarch.rpm iwl7260-firmware-25.30.13.0-999.42.1.el9.noarch.rpm iwlax2xx-firmware-20250909-999.42.1.el9.noarch.rpm libertas-sd8686-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm libertas-sd8787-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm libertas-usb8388-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm libertas-usb8388-olpc-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm linux-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm linux-firmware-core-20250909-999.42.1.git356f06bf.el9.noarch.rpm linux-firmware-whence-20250909-999.42.1.git356f06bf.el9.noarch.rpm liquidio-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm netronome-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/linux-firmware-20250909-999.42.1.git356f06bf.el9.src.rpm Description of changes: [20250909-999.42.1.git356f06bf.el9] - Rewrite the script to accomodate yum-based installs [Orabug: 38410501] From el-errata at oss.oracle.com Fri Sep 12 22:18:26 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 15:18:26 -0700 Subject: [El-errata] ELSA-2025-15700 Important: Oracle Linux 9 cups security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15700 http://linux.oracle.com/errata/ELSA-2025-15700.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: cups-2.3.3op2-33.el9_6.1.x86_64.rpm cups-client-2.3.3op2-33.el9_6.1.x86_64.rpm cups-devel-2.3.3op2-33.el9_6.1.i686.rpm cups-devel-2.3.3op2-33.el9_6.1.x86_64.rpm cups-filesystem-2.3.3op2-33.el9_6.1.noarch.rpm cups-ipptool-2.3.3op2-33.el9_6.1.x86_64.rpm cups-libs-2.3.3op2-33.el9_6.1.i686.rpm cups-libs-2.3.3op2-33.el9_6.1.x86_64.rpm cups-lpd-2.3.3op2-33.el9_6.1.x86_64.rpm cups-printerapp-2.3.3op2-33.el9_6.1.x86_64.rpm aarch64: cups-2.3.3op2-33.el9_6.1.aarch64.rpm cups-client-2.3.3op2-33.el9_6.1.aarch64.rpm cups-devel-2.3.3op2-33.el9_6.1.aarch64.rpm cups-filesystem-2.3.3op2-33.el9_6.1.noarch.rpm cups-ipptool-2.3.3op2-33.el9_6.1.aarch64.rpm cups-libs-2.3.3op2-33.el9_6.1.aarch64.rpm cups-lpd-2.3.3op2-33.el9_6.1.aarch64.rpm cups-printerapp-2.3.3op2-33.el9_6.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/cups-2.3.3op2-33.el9_6.1.src.rpm Related CVEs: CVE-2025-58060 CVE-2025-58364 Description of changes: [1.2.3.3op2-33.1] - RHEL-113077 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS [1.2.3.3op2-33.1] - RHEL-112438 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling From el-errata at oss.oracle.com Fri Sep 12 22:18:16 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 15:18:16 -0700 Subject: [El-errata] ELBA-2025-20550 Oracle Linux 7 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-20550 http://linux.oracle.com/errata/ELBA-2025-20550.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.44.el7.noarch.rpm iwl100-firmware-39.31.5.1-999.44.el7.noarch.rpm iwl105-firmware-18.168.6.1-999.44.el7.noarch.rpm iwl135-firmware-18.168.6.1-999.44.el7.noarch.rpm iwl2000-firmware-18.168.6.1-999.44.el7.noarch.rpm iwl2030-firmware-18.168.6.1-999.44.el7.noarch.rpm iwl3160-firmware-22.0.7.0-999.44.el7.noarch.rpm iwl3945-firmware-15.32.2.9-999.44.el7.noarch.rpm iwl4965-firmware-228.61.2.24-999.44.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.44.el7.noarch.rpm iwl5150-firmware-8.24.2.2-999.44.el7.noarch.rpm iwl6000-firmware-9.221.4.1-999.44.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-999.44.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-999.44.el7.noarch.rpm iwl6050-firmware-41.28.5.1-999.44.el7.noarch.rpm iwl7260-firmware-22.0.7.0-999.44.el7.noarch.rpm iwlax2xx-firmware-20250909-999.44.el7.noarch.rpm linux-firmware-20250909-999.44.git260ff424.el7.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/linux-firmware-20250909-999.44.git260ff424.el7.src.rpm Description of changes: [20250909-999.44.git260ff424.el7] - Rewrite the script to accomodate yum-based installs [Orabug: 38409589] From el-errata at oss.oracle.com Fri Sep 12 22:18:31 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 15:18:31 -0700 Subject: [El-errata] ELBA-2025-9413 Oracle Linux 10 linux-firmware bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2025-9413 http://linux.oracle.com/errata/ELBA-2025-9413.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: iwl1000-firmware-39.31.5.1-999.44.el10.noarch.rpm iwl100-firmware-39.31.5.1-999.44.el10.noarch.rpm iwl105-firmware-18.168.6.1-999.44.el10.noarch.rpm iwl135-firmware-18.168.6.1-999.44.el10.noarch.rpm iwl2000-firmware-18.168.6.1-999.44.el10.noarch.rpm iwl2030-firmware-18.168.6.1-999.44.el10.noarch.rpm iwl3160-firmware-25.30.13.0-999.44.el10.noarch.rpm iwl3945-firmware-15.32.2.9-999.44.el10.noarch.rpm iwl4965-firmware-228.61.2.24-999.44.el10.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.44.el10.noarch.rpm iwl5150-firmware-8.24.2.2-999.44.el10.noarch.rpm iwl6000-firmware-9.221.4.1-999.44.el10.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.44.el10.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.44.el10.noarch.rpm iwl6050-firmware-41.28.5.1-999.44.el10.noarch.rpm iwl7260-firmware-25.30.13.0-999.44.el10.noarch.rpm iwlax2xx-firmware-20250909-999.44.el10.noarch.rpm libertas-sd8686-firmware-20250909-999.44.git260ff424.el10.noarch.rpm libertas-sd8787-firmware-20250909-999.44.git260ff424.el10.noarch.rpm libertas-usb8388-firmware-20250909-999.44.git260ff424.el10.noarch.rpm libertas-usb8388-olpc-firmware-20250909-999.44.git260ff424.el10.noarch.rpm linux-firmware-20250909-999.44.git260ff424.el10.noarch.rpm linux-firmware-core-20250909-999.44.git260ff424.el10.noarch.rpm linux-firmware-whence-20250909-999.44.git260ff424.el10.noarch.rpm liquidio-firmware-20250909-999.44.git260ff424.el10.noarch.rpm netronome-firmware-20250909-999.44.git260ff424.el10.noarch.rpm aarch64: iwl1000-firmware-39.31.5.1-999.44.el10.noarch.rpm iwl100-firmware-39.31.5.1-999.44.el10.noarch.rpm iwl105-firmware-18.168.6.1-999.44.el10.noarch.rpm iwl135-firmware-18.168.6.1-999.44.el10.noarch.rpm iwl2000-firmware-18.168.6.1-999.44.el10.noarch.rpm iwl2030-firmware-18.168.6.1-999.44.el10.noarch.rpm iwl3160-firmware-25.30.13.0-999.44.el10.noarch.rpm iwl3945-firmware-15.32.2.9-999.44.el10.noarch.rpm iwl4965-firmware-228.61.2.24-999.44.el10.noarch.rpm iwl5000-firmware-8.83.5.1_1-999.44.el10.noarch.rpm iwl5150-firmware-8.24.2.2-999.44.el10.noarch.rpm iwl6000-firmware-9.221.4.1-999.44.el10.noarch.rpm iwl6000g2a-firmware-18.168.6.1-999.44.el10.noarch.rpm iwl6000g2b-firmware-18.168.6.1-999.44.el10.noarch.rpm iwl6050-firmware-41.28.5.1-999.44.el10.noarch.rpm iwl7260-firmware-25.30.13.0-999.44.el10.noarch.rpm iwlax2xx-firmware-20250909-999.44.el10.noarch.rpm libertas-sd8686-firmware-20250909-999.44.git260ff424.el10.noarch.rpm libertas-sd8787-firmware-20250909-999.44.git260ff424.el10.noarch.rpm libertas-usb8388-firmware-20250909-999.44.git260ff424.el10.noarch.rpm libertas-usb8388-olpc-firmware-20250909-999.44.git260ff424.el10.noarch.rpm linux-firmware-20250909-999.44.git260ff424.el10.noarch.rpm linux-firmware-core-20250909-999.44.git260ff424.el10.noarch.rpm linux-firmware-whence-20250909-999.44.git260ff424.el10.noarch.rpm liquidio-firmware-20250909-999.44.git260ff424.el10.noarch.rpm netronome-firmware-20250909-999.44.git260ff424.el10.noarch.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/linux-firmware-20250909-999.44.git260ff424.el10.src.rpm Description of changes: [20250909-999.44.git260ff424.el10] - Rewrite the script to accomodate yum-based installs [Orabug: 38409589] From el-errata at oss.oracle.com Fri Sep 12 22:18:33 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 15:18:33 -0700 Subject: [El-errata] ELSA-2025-15699 Moderate: Oracle Linux 10 mysql-selinux and mysql8.4 security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15699 http://linux.oracle.com/errata/ELSA-2025-15699.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: mysql-selinux-1.0.14-1.el10_0.noarch.rpm mysql8.4-8.4.6-2.el10_0.x86_64.rpm mysql8.4-common-8.4.6-2.el10_0.noarch.rpm mysql8.4-devel-8.4.6-2.el10_0.x86_64.rpm mysql8.4-errmsg-8.4.6-2.el10_0.noarch.rpm mysql8.4-libs-8.4.6-2.el10_0.x86_64.rpm mysql8.4-server-8.4.6-2.el10_0.x86_64.rpm mysql8.4-test-8.4.6-2.el10_0.x86_64.rpm mysql8.4-test-data-8.4.6-2.el10_0.noarch.rpm aarch64: mysql-selinux-1.0.14-1.el10_0.noarch.rpm mysql8.4-8.4.6-2.el10_0.aarch64.rpm mysql8.4-common-8.4.6-2.el10_0.noarch.rpm mysql8.4-devel-8.4.6-2.el10_0.aarch64.rpm mysql8.4-errmsg-8.4.6-2.el10_0.noarch.rpm mysql8.4-libs-8.4.6-2.el10_0.aarch64.rpm mysql8.4-server-8.4.6-2.el10_0.aarch64.rpm mysql8.4-test-8.4.6-2.el10_0.aarch64.rpm mysql8.4-test-data-8.4.6-2.el10_0.noarch.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/mysql-selinux-1.0.14-1.el10_0.src.rpm http://oss.oracle.com/ol10/SRPMS-updates/mysql8.4-8.4.6-2.el10_0.src.rpm Related CVEs: CVE-2024-13176 CVE-2025-5399 CVE-2025-21574 CVE-2025-21575 CVE-2025-21577 CVE-2025-21579 CVE-2025-21580 CVE-2025-21581 CVE-2025-21584 CVE-2025-21585 CVE-2025-21588 CVE-2025-30681 CVE-2025-30682 CVE-2025-30683 CVE-2025-30684 CVE-2025-30685 CVE-2025-30687 CVE-2025-30688 CVE-2025-30689 CVE-2025-30693 CVE-2025-30695 CVE-2025-30696 CVE-2025-30699 CVE-2025-30703 CVE-2025-30704 CVE-2025-30705 CVE-2025-30715 CVE-2025-30721 CVE-2025-30722 CVE-2025-50077 CVE-2025-50078 CVE-2025-50079 CVE-2025-50080 CVE-2025-50081 CVE-2025-50082 CVE-2025-50083 CVE-2025-50084 CVE-2025-50085 CVE-2025-50086 CVE-2025-50087 CVE-2025-50088 CVE-2025-50091 CVE-2025-50092 CVE-2025-50093 CVE-2025-50094 CVE-2025-50096 CVE-2025-50097 CVE-2025-50098 CVE-2025-50099 CVE-2025-50100 CVE-2025-50101 CVE-2025-50102 CVE-2025-50104 Description of changes: mysql-selinux [1.0.14-1] - Update to version 1.0.14 - Resolves: rhbz#2380217 mysql8.4 [8.4.6-1] - Rebase to 8.4.6 [8.4.5-1] - Rebase to 8.4.5 From el-errata at oss.oracle.com Fri Sep 12 22:18:35 2025 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 12 Sep 2025 15:18:35 -0700 Subject: [El-errata] ELSA-2025-15701 Important: Oracle Linux 10 cups security update Message-ID: Oracle Linux Security Advisory ELSA-2025-15701 http://linux.oracle.com/errata/ELSA-2025-15701.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: cups-2.4.10-11.el10_0.1.x86_64.rpm cups-client-2.4.10-11.el10_0.1.x86_64.rpm cups-devel-2.4.10-11.el10_0.1.x86_64.rpm cups-filesystem-2.4.10-11.el10_0.1.noarch.rpm cups-ipptool-2.4.10-11.el10_0.1.x86_64.rpm cups-libs-2.4.10-11.el10_0.1.x86_64.rpm cups-lpd-2.4.10-11.el10_0.1.x86_64.rpm cups-printerapp-2.4.10-11.el10_0.1.x86_64.rpm aarch64: cups-2.4.10-11.el10_0.1.aarch64.rpm cups-client-2.4.10-11.el10_0.1.aarch64.rpm cups-devel-2.4.10-11.el10_0.1.aarch64.rpm cups-filesystem-2.4.10-11.el10_0.1.noarch.rpm cups-ipptool-2.4.10-11.el10_0.1.aarch64.rpm cups-libs-2.4.10-11.el10_0.1.aarch64.rpm cups-lpd-2.4.10-11.el10_0.1.aarch64.rpm cups-printerapp-2.4.10-11.el10_0.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/cups-2.4.10-11.el10_0.1.src.rpm Related CVEs: CVE-2025-58060 CVE-2025-58364 Description of changes: [-1:2.4.10-11.1] - CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling - CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS