BIND, RunC, Frr, and more updates for Oracle Linux

Oracle Linux 6420 Published 2025-11-12 07:50 by Philipp Esselbach

News

ELSA-2025-25754 Important: Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-25754

http://linux.oracle.com/errata/ELSA-2025-25754.html

The following updated rpms for have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-core-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-devel-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-doc-6.12.0-105.51.5.el10uek.noarch.rpm
kernel-uek-modules-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-tools-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-debug-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-105.51.5.el10uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-105.51.5.el10uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-core-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-devel-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-modules-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-tools-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-debug-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek64k-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek64k-core-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-105.51.5.el10uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-105.51.5.el10uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-uek-6.12.0-105.51.5.el10uek.src.rpm

Related CVEs:

CVE-2025-22103
CVE-2025-22106
CVE-2025-22113
CVE-2025-22124
CVE-2025-23133
CVE-2025-38272
CVE-2025-38306
CVE-2025-38322
CVE-2025-38453
CVE-2025-38502
CVE-2025-38556
CVE-2025-38676
CVE-2025-38730
CVE-2025-38732
CVE-2025-38735
CVE-2025-38737
CVE-2025-39673
CVE-2025-39675
CVE-2025-39676
CVE-2025-39679
CVE-2025-39681
CVE-2025-39683
CVE-2025-39689
CVE-2025-39691
CVE-2025-39693
CVE-2025-39695
CVE-2025-39697
CVE-2025-39698
CVE-2025-39700
CVE-2025-39705
CVE-2025-39706
CVE-2025-39707
CVE-2025-39713
CVE-2025-39714
CVE-2025-39718
CVE-2025-39721
CVE-2025-39723
CVE-2025-39724
CVE-2025-39759
CVE-2025-39765
CVE-2025-39766
CVE-2025-39770
CVE-2025-39772
CVE-2025-39773
CVE-2025-39779
CVE-2025-39780
CVE-2025-39782
CVE-2025-39790
CVE-2025-39791
CVE-2025-39800
CVE-2025-39805
CVE-2025-39806
CVE-2025-39808
CVE-2025-39810
CVE-2025-39812
CVE-2025-39813
CVE-2025-39817
CVE-2025-39819
CVE-2025-39824
CVE-2025-39825
CVE-2025-39828
CVE-2025-39829
CVE-2025-39832
CVE-2025-39835
CVE-2025-39838
CVE-2025-39841
CVE-2025-39842
CVE-2025-39843
CVE-2025-39844
CVE-2025-39845
CVE-2025-39847
CVE-2025-39849
CVE-2025-39850
CVE-2025-39851
CVE-2025-39852
CVE-2025-39853
CVE-2025-39854
CVE-2025-39860
CVE-2025-39861
CVE-2025-39863
CVE-2025-39864
CVE-2025-39865
CVE-2025-39866
CVE-2025-39867
CVE-2025-39870
CVE-2025-39871
CVE-2025-39877
CVE-2025-39880
CVE-2025-39881
CVE-2025-39883
CVE-2025-39884
CVE-2025-39885
CVE-2025-39886
CVE-2025-39891
CVE-2025-39894
CVE-2025-39895
CVE-2025-39898
CVE-2025-39899
CVE-2025-39900
CVE-2025-39901
CVE-2025-39902
CVE-2025-39903
CVE-2025-39911
CVE-2025-39913
CVE-2025-39914
CVE-2025-39917
CVE-2025-39918
CVE-2025-39922
CVE-2025-39923
CVE-2025-39926
CVE-2025-39927
CVE-2025-39929
CVE-2025-39931
CVE-2025-39932
CVE-2025-39940
CVE-2025-39945
CVE-2025-39946
CVE-2025-39947
CVE-2025-39948
CVE-2025-39949
CVE-2025-39953

Description of changes:

[6.12.0-105.51.5]
- RDMA/mlx5: Fix vport loopback forcing for MPV device (Patrisious Haddad) [Orabug: 38226124]
- arm64: Utilize for_each_cpu_wrap for reference lookup (Beata Michalska) [Orabug: 38454705]
- arm64: Update AMU-based freq scale factor on entering idle (Beata Michalska) [Orabug: 38454705]
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (Beata Michalska) [Orabug: 38454705]
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (Beata Michalska) [Orabug: 38454705]
- cpufreq: Allow arch_freq_get_on_cpu to return an error (Beata Michalska) [Orabug: 38454705]
- arch_topology: init capacity_freq_ref to 0 (Ionela Voinescu) [Orabug: 38454705]
- ACPI/HMAT: Move HMAT messages to pr_debug() (Dan Williams) [Orabug: 38454705]
- perf: arm_cspmu: nvidia: monitor all ports by default (Besar Wicaksono) [Orabug: 38454705]
- perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (Besar Wicaksono) [Orabug: 38454705]
- perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (Besar Wicaksono) [Orabug: 38454705]
- perf: arm_cspmu: nvidia: remove unsupported SCF events (Besar Wicaksono) [Orabug: 38454705]
- cppc_cpufreq: Remove HiSilicon CPPC workaround (Jie Zhan) [Orabug: 38454705]
- Revert "sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails" (Joseph Salisbury) [Orabug: 38498945]
- uek-rpm/config-aarch64: Enable configs for Grace platform support (Vijay Kumar) [Orabug: 38526374]
- LTS version: v6.12.51 (Jack Vogel)
- ASoC: qcom: audioreach: fix potential null pointer dereference (Srinivas Kandagatla)
- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (Matvey Kovalev)
- mm: swap: check for stable address space before operating on the VMA (Charan Teja Kalla)
- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (Thadeu Lima de Souza Cascardo)
- media: rc: fix races with imon_disconnect() (Larshin Sergey)
- media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou)
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou)
- scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran)
- gcc-plugins: Remove TODO_verify_il for GCC >= 16 (Kees Cook)
- crypto: sha256 - fix crash at kexec (Breno Leitao)
- LTS version v6.12.50 (Jack Vogel)
- drm/i915/backlight: Return immediately when scale() finds invalid parameters (Guenter Roeck)
- Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" (Niklas Neronin)
- iommufd: Fix race during abort for file descriptors (Jason Gunthorpe)
- fbcon: Fix OOB access in font allocation (Thomas Zimmermann)
- fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda)
- mm/hugetlb: fix folio is still mapped when deleted (Jinjiang Tu)
- kmsan: fix out-of-bounds access to shadow memory (Eric Biggers)
- gpiolib: Extend software-node support to support secondary software-nodes (Hans de Goede)
- fs/proc/task_mmu: check p->vec_buf for NULL (Jakub Acs)
- afs: Fix potential null pointer dereference in afs_put_server (Zhen Ni)
- drm/ast: Use msleep instead of mdelay for edid read (Nirmoy Das)
- arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 ports (Josua Mayer)
- arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (Josua Mayer)
- ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address (Nobuhiro Iwamatsu)
- tracing: dynevent: Add a missing lockdown check on dynevent (Masami Hiramatsu (Google))
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers)
- i40e: improve VF MAC filters accounting (Lukasz Czapnik)
- i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik)
- i40e: add max boundary check for VF filters (Lukasz Czapnik)
- i40e: fix validation of VF state in get resources (Lukasz Czapnik)
- i40e: fix input validation logic for action_meta (Lukasz Czapnik)
- i40e: fix idx validation in config queues msg (Lukasz Czapnik)
- i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik)
- i40e: add validation for ring_len param (Lukasz Czapnik)
- HID: asus: add support for missing PX series fn keys (Amit Chaudhari)
- smb: client: fix wrong index reference in smb2_compound_op() (Sang-Heon Jeon)
- platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (Daniel Lee)
- drm/panthor: Defer scheduler entitiy destruction to queue release (Adrián Larumbe)
- futex: Prevent use-after-free during requeue-PI (Sebastian Andrzej Siewior)
- drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita)
- mm: folio_may_be_lru_cached() unless folio_test_large() (Hugh Dickins)
- mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" (Hugh Dickins)
- mm/gup: local lru_add_drain() to avoid lru_add_drain_all() (Hugh Dickins)
- octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (Dan Carpenter)
- net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port (Vladimir Oltean)
- net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup() (Vladimir Oltean)
- selftests: fib_nexthops: Fix creation of non-FDB nexthops (Ido Schimmel)
- nexthop: Forbid FDB status change while nexthop is in a group (Ido Schimmel)
- net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS (Jason Baron)
- bnxt_en: correct offset handling for IPv6 destination address (Alok Tiwari)
- vhost: Take a reference on the task in struct vhost_task. (Sebastian Andrzej Siewior)
- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (Luiz Augusto von Dentz)
- Bluetooth: hci_sync: Fix hci_resume_advertising_sync (Luiz Augusto von Dentz)
- ethernet: rvu-af: Remove slash from the driver name (Petr Malat)
- net/smc: fix warning in smc_rx_splice() when calling get_page() (Sidraya Jayagond)
- net: tun: Update napi->skb after XDP process (Wang Liang)
- can: peak_usb: fix shift-out-of-bounds issue (Stéphane Grosjean)
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (Sabrina Dubroca)
- bpf: Reject bpf_timer for PREEMPT_RT (Leon Hwang)
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven)
- wifi: virt_wifi: Fix page fault on connect (James Guan)
- btrfs: don't allow adding block device of less than 1 MB (Mark Harmstone)
- bpf: Check the helper function is valid in get_helper_proto (Jiri Olsa)
- smb: server: use disable_work_sync in transport_rdma.c (Stefan Metzmacher)
- smb: server: don't use delayed_work for post_recv_credits_work (Stefan Metzmacher)
- cpufreq: Initialize cpufreq-based invariance before subsys (Christian Loehle)
- ARM: dts: kirkwood: Fix sound DAI cells for OpenRD clients (Jihed Chaibi)
- arm64: dts: imx8mp: Correct thermal sensor index (Peng Fan)
- firmware: imx: Add stub functions for SCMI MISC API (Peng Fan)
- HID: amd_sfh: Add sync across amd sfh work functions (Basavaraj Natikar)
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov)
- net: sfp: add quirk for FLYPRO copper SFP+ module (Aleksander Jan Bajkowski)
- ALSA: usb-audio: Add mute TLV for playback volumes on more devices (qaqland)
- ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (Cryolitia PukNgae)
- ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (noble.yang)
- i2c: designware: Add quirk for Intel Xe (Heikki Krogerus)
- mmc: sdhci-cadence: add Mobileye eyeQ support (Benoît Monin)
- net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick (Chris Morgan)
- net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info (Marc Kleine-Budde)
- usb: core: Add 0x prefix to quirks debug output (Jiayi Li)
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai)
- ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (Stefan Binding)
- ALSA: usb-audio: Convert comma to semicolon (Chen Ni)
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea)
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix code alignment in mixer_quirks (Cristian Ciocaltea)
- firewire: core: fix overlooked update of subsystem ABI version (Takashi Sakamoto)
- scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE (Alok Tiwari)

[6.12.0-105.49.4]
- fs/dax: don't disassociate zero page entries (Alistair Popple) [Orabug: 36859857]
- device/dax: properly refcount device dax pages when mapping (Alistair Popple) [Orabug: 36859857]
- fs/dax: properly refcount fs dax pages (Alistair Popple) [Orabug: 36859857]
- fs/dax: Fix "don't skip locked entries when scanning entries" (Alistair Popple) [Orabug: 36859857]
- mm: decline to manipulate the refcount on a slab page (Matthew Wilcox (Oracle)) [Orabug: 36859857]
- dcssblk: mark DAX broken, remove FS_DAX_LIMITED support (Dan Williams) [Orabug: 36859857]
- mm/gup: don't allow FOLL_LONGTERM pinning of FS DAX pages (Alistair Popple) [Orabug: 36859857]
- mm/huge_memory: add vmf_insert_folio_pmd() (Alistair Popple) [Orabug: 36859857]
- mm/huge_memory: add vmf_insert_folio_pud() (Alistair Popple) [Orabug: 36859857]
- mm/rmap: add support for PUD sized mappings to rmap (Alistair Popple) [Orabug: 36859857]
- mm/memory: add vmf_insert_page_mkwrite() (Alistair Popple) [Orabug: 36859857]
- mm/memory: enhance insert_page_into_pte_locked() to create writable mappings (Alistair Popple) [Orabug: 36859857]
- mm: allow compound zone device pages (Alistair Popple) [Orabug: 36859857]
- mm/mm_init: move p2pdma page refcount initialisation to p2pdma (Alistair Popple) [Orabug: 36859857]
- mm/gup: remove redundant check for PCI P2PDMA page (Alistair Popple) [Orabug: 36859857]
- fs/dax: remove PAGE_MAPPING_DAX_SHARED mapping flag (Alistair Popple) [Orabug: 36859857]
- dax: use folios more widely within DAX (Matthew Wilcox (Oracle)) [Orabug: 36859857]
- dax: remove access to page->index (Matthew Wilcox (Oracle)) [Orabug: 36859857]
- fs/dax: ensure all pages are idle prior to filesystem unmount (Alistair Popple) [Orabug: 36859857]
- fs/dax: always remove DAX page-cache entries when breaking layouts (Alistair Popple) [Orabug: 36859857]
- mm: optimize invalidation of shadow entries (Shakeel Butt) [Orabug: 36859857]
- mm: optimize truncation of shadow entries (Shakeel Butt) [Orabug: 36859857]
- fs/dax: create a common implementation to break DAX layouts (Alistair Popple) [Orabug: 36859857]
- fs/dax: refactor wait for dax idle page (Alistair Popple) [Orabug: 36859857]
- fs/dax: don't skip locked entries when scanning entries (Alistair Popple) [Orabug: 36859857]
- fs/dax: return unmapped busy pages from dax_layout_busy_page_range() (Alistair Popple) [Orabug: 36859857]
- uek: kabi: Update check-kabi to support namespace checks (Saeed Mirzamohammadi) [Orabug: 38459242]

ELBA-2025-19952 Oracle Linux 10 ca-certificates bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-19952

http://linux.oracle.com/errata/ELBA-2025-19952.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
ca-certificates-2025.2.80_v9.0.305-102.el10_0.noarch.rpm

aarch64:
ca-certificates-2025.2.80_v9.0.305-102.el10_0.noarch.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/ca-certificates-2025.2.80_v9.0.305-102.el10_0.src.rpm

Description of changes:

[2025.2.80_v9.0.305-102]
- Remove /etc/pki/tls/certs/ca-certificates.crt symlink which was included by mistake

[2025.2.80_v9.0.305-101]
- Update to CKBI 2.80_v9.0.305 from NSS 3.114
- Adding:
- # Certificate "TWCA CYBER Root CA"
- # Certificate "TWCA Global Root CA G2"
- # Certificate "SecureSign Root CA12"
- # Certificate "SecureSign Root CA14"
- # Certificate "SecureSign Root CA15"
- # Certificate "D-TRUST BR Root CA 2 2023"
- # Certificate "TrustAsia SMIME ECC Root CA"
- # Certificate "TrustAsia SMIME RSA Root CA"
- # Certificate "TrustAsia TLS ECC Root CA"
- # Certificate "TrustAsia TLS RSA Root CA"
- # Certificate "D-TRUST EV Root CA 2 2023"
- # Certificate "SwissSign RSA SMIME Root CA 2022 - 1"
- # Certificate "SwissSign RSA TLS Root CA 2022 - 1"
- # Certificate "Sectigo Public Code Signing Root R46"
- # Certificate "Sectigo Public Code Signing Root E46"

[2024.2.69_v8.0.303-102.5]
- Bring back openssl trusted format bundle as well (Resolves: RHEL-109484)
- Restored the following symlinks:
* /etc/pki/tls/cert.pem
* /etc/pki/tls/certs/ca-certificates.crt
* /etc/pki/tls/certs/ca-bundle.trust.crt
* /etc/pki/tls/certs/ca-bundle.crt
* /etc/ssl/cert.pem
* /etc/ssl/certs/ca-certificates.crt
* /etc/ssl/certs/ca-bundle.trust.crt
* /etc/ssl/certs/ca-bundle.crt
- add libffi

[2024.2.69_v8.0.303-102.4]
- Remove unused folder /etc/pki/ca-trust/extracted/openssl

ELBA-2025-25751 Oracle Linux 10 oracle-common-release bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-25751

http://linux.oracle.com/errata/ELBA-2025-25751.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
ksplice-release-el10-1.0-3.el10.x86_64.rpm
oci-included-release-el10-1.0-3.el10.x86_64.rpm
oracle-epel-release-el10-1.0-3.el10.x86_64.rpm
oraclelinux-developer-release-el10-1.0-3.el10.x86_64.rpm

aarch64:
ksplice-release-el10-1.0-3.el10.aarch64.rpm
oci-included-release-el10-1.0-3.el10.aarch64.rpm
oracle-epel-release-el10-1.0-3.el10.aarch64.rpm
oraclelinux-developer-release-el10-1.0-3.el10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/oracle-common-release-1.0-3.el10.src.rpm

Description of changes:

[1.0-3]
- Add UEKR8 developer repository

ELSA-2025-25754 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-25754

http://linux.oracle.com/errata/ELSA-2025-25754.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-core-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-debug-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-devel-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-doc-6.12.0-105.51.5.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-105.51.5.el9uek.x86_64.rpm
kernel-uek-tools-6.12.0-105.51.5.el9uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-core-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-debug-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-devel-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-modules-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek-tools-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek64k-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek64k-core-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-105.51.5.el9uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-105.51.5.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-6.12.0-105.51.5.el9uek.src.rpm

Related CVEs:

CVE-2025-22103
CVE-2025-22106
CVE-2025-22113
CVE-2025-22124
CVE-2025-23133
CVE-2025-38272
CVE-2025-38306
CVE-2025-38322
CVE-2025-38453
CVE-2025-38502
CVE-2025-38556
CVE-2025-38676
CVE-2025-38730
CVE-2025-38732
CVE-2025-38735
CVE-2025-38737
CVE-2025-39673
CVE-2025-39675
CVE-2025-39676
CVE-2025-39679
CVE-2025-39681
CVE-2025-39683
CVE-2025-39689
CVE-2025-39691
CVE-2025-39693
CVE-2025-39695
CVE-2025-39697
CVE-2025-39698
CVE-2025-39700
CVE-2025-39705
CVE-2025-39706
CVE-2025-39707
CVE-2025-39713
CVE-2025-39714
CVE-2025-39718
CVE-2025-39721
CVE-2025-39723
CVE-2025-39724
CVE-2025-39759
CVE-2025-39765
CVE-2025-39766
CVE-2025-39770
CVE-2025-39772
CVE-2025-39773
CVE-2025-39779
CVE-2025-39780
CVE-2025-39782
CVE-2025-39790
CVE-2025-39791
CVE-2025-39800
CVE-2025-39805
CVE-2025-39806
CVE-2025-39808
CVE-2025-39810
CVE-2025-39812
CVE-2025-39813
CVE-2025-39817
CVE-2025-39819
CVE-2025-39824
CVE-2025-39825
CVE-2025-39828
CVE-2025-39829
CVE-2025-39832
CVE-2025-39835
CVE-2025-39838
CVE-2025-39841
CVE-2025-39842
CVE-2025-39843
CVE-2025-39844
CVE-2025-39845
CVE-2025-39847
CVE-2025-39849
CVE-2025-39850
CVE-2025-39851
CVE-2025-39852
CVE-2025-39853
CVE-2025-39854
CVE-2025-39860
CVE-2025-39861
CVE-2025-39863
CVE-2025-39864
CVE-2025-39865
CVE-2025-39866
CVE-2025-39867
CVE-2025-39870
CVE-2025-39871
CVE-2025-39877
CVE-2025-39880
CVE-2025-39881
CVE-2025-39883
CVE-2025-39884
CVE-2025-39885
CVE-2025-39886
CVE-2025-39891
CVE-2025-39894
CVE-2025-39895
CVE-2025-39898
CVE-2025-39899
CVE-2025-39900
CVE-2025-39901
CVE-2025-39902
CVE-2025-39903
CVE-2025-39911
CVE-2025-39913
CVE-2025-39914
CVE-2025-39917
CVE-2025-39918
CVE-2025-39922
CVE-2025-39923
CVE-2025-39926
CVE-2025-39927
CVE-2025-39929
CVE-2025-39931
CVE-2025-39932
CVE-2025-39940
CVE-2025-39945
CVE-2025-39946
CVE-2025-39947
CVE-2025-39948
CVE-2025-39949
CVE-2025-39953

Description of changes:

[6.12.0-105.51.5]
- RDMA/mlx5: Fix vport loopback forcing for MPV device (Patrisious Haddad) [Orabug: 38226124]
- arm64: Utilize for_each_cpu_wrap for reference lookup (Beata Michalska) [Orabug: 38454705]
- arm64: Update AMU-based freq scale factor on entering idle (Beata Michalska) [Orabug: 38454705]
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (Beata Michalska) [Orabug: 38454705]
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (Beata Michalska) [Orabug: 38454705]
- cpufreq: Allow arch_freq_get_on_cpu to return an error (Beata Michalska) [Orabug: 38454705]
- arch_topology: init capacity_freq_ref to 0 (Ionela Voinescu) [Orabug: 38454705]
- ACPI/HMAT: Move HMAT messages to pr_debug() (Dan Williams) [Orabug: 38454705]
- perf: arm_cspmu: nvidia: monitor all ports by default (Besar Wicaksono) [Orabug: 38454705]
- perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (Besar Wicaksono) [Orabug: 38454705]
- perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (Besar Wicaksono) [Orabug: 38454705]
- perf: arm_cspmu: nvidia: remove unsupported SCF events (Besar Wicaksono) [Orabug: 38454705]
- cppc_cpufreq: Remove HiSilicon CPPC workaround (Jie Zhan) [Orabug: 38454705]
- Revert "sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails" (Joseph Salisbury) [Orabug: 38498945]
- uek-rpm/config-aarch64: Enable configs for Grace platform support (Vijay Kumar) [Orabug: 38526374]
- LTS version: v6.12.51 (Jack Vogel)
- ASoC: qcom: audioreach: fix potential null pointer dereference (Srinivas Kandagatla)
- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (Matvey Kovalev)
- mm: swap: check for stable address space before operating on the VMA (Charan Teja Kalla)
- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (Thadeu Lima de Souza Cascardo)
- media: rc: fix races with imon_disconnect() (Larshin Sergey)
- media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou)
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou)
- scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran)
- gcc-plugins: Remove TODO_verify_il for GCC >= 16 (Kees Cook)
- crypto: sha256 - fix crash at kexec (Breno Leitao)
- LTS version v6.12.50 (Jack Vogel)
- drm/i915/backlight: Return immediately when scale() finds invalid parameters (Guenter Roeck)
- Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" (Niklas Neronin)
- iommufd: Fix race during abort for file descriptors (Jason Gunthorpe)
- fbcon: Fix OOB access in font allocation (Thomas Zimmermann)
- fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda)
- mm/hugetlb: fix folio is still mapped when deleted (Jinjiang Tu)
- kmsan: fix out-of-bounds access to shadow memory (Eric Biggers)
- gpiolib: Extend software-node support to support secondary software-nodes (Hans de Goede)
- fs/proc/task_mmu: check p->vec_buf for NULL (Jakub Acs)
- afs: Fix potential null pointer dereference in afs_put_server (Zhen Ni)
- drm/ast: Use msleep instead of mdelay for edid read (Nirmoy Das)
- arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 ports (Josua Mayer)
- arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (Josua Mayer)
- ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address (Nobuhiro Iwamatsu)
- tracing: dynevent: Add a missing lockdown check on dynevent (Masami Hiramatsu (Google))
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers)
- i40e: improve VF MAC filters accounting (Lukasz Czapnik)
- i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik)
- i40e: add max boundary check for VF filters (Lukasz Czapnik)
- i40e: fix validation of VF state in get resources (Lukasz Czapnik)
- i40e: fix input validation logic for action_meta (Lukasz Czapnik)
- i40e: fix idx validation in config queues msg (Lukasz Czapnik)
- i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik)
- i40e: add validation for ring_len param (Lukasz Czapnik)
- HID: asus: add support for missing PX series fn keys (Amit Chaudhari)
- smb: client: fix wrong index reference in smb2_compound_op() (Sang-Heon Jeon)
- platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (Daniel Lee)
- drm/panthor: Defer scheduler entitiy destruction to queue release (Adrián Larumbe)
- futex: Prevent use-after-free during requeue-PI (Sebastian Andrzej Siewior)
- drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita)
- mm: folio_may_be_lru_cached() unless folio_test_large() (Hugh Dickins)
- mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" (Hugh Dickins)
- mm/gup: local lru_add_drain() to avoid lru_add_drain_all() (Hugh Dickins)
- octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (Dan Carpenter)
- net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port (Vladimir Oltean)
- net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup() (Vladimir Oltean)
- selftests: fib_nexthops: Fix creation of non-FDB nexthops (Ido Schimmel)
- nexthop: Forbid FDB status change while nexthop is in a group (Ido Schimmel)
- net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS (Jason Baron)
- bnxt_en: correct offset handling for IPv6 destination address (Alok Tiwari)
- vhost: Take a reference on the task in struct vhost_task. (Sebastian Andrzej Siewior)
- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (Luiz Augusto von Dentz)
- Bluetooth: hci_sync: Fix hci_resume_advertising_sync (Luiz Augusto von Dentz)
- ethernet: rvu-af: Remove slash from the driver name (Petr Malat)
- net/smc: fix warning in smc_rx_splice() when calling get_page() (Sidraya Jayagond)
- net: tun: Update napi->skb after XDP process (Wang Liang)
- can: peak_usb: fix shift-out-of-bounds issue (Stéphane Grosjean)
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (Sabrina Dubroca)
- bpf: Reject bpf_timer for PREEMPT_RT (Leon Hwang)
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven)
- wifi: virt_wifi: Fix page fault on connect (James Guan)
- btrfs: don't allow adding block device of less than 1 MB (Mark Harmstone)
- bpf: Check the helper function is valid in get_helper_proto (Jiri Olsa)
- smb: server: use disable_work_sync in transport_rdma.c (Stefan Metzmacher)
- smb: server: don't use delayed_work for post_recv_credits_work (Stefan Metzmacher)
- cpufreq: Initialize cpufreq-based invariance before subsys (Christian Loehle)
- ARM: dts: kirkwood: Fix sound DAI cells for OpenRD clients (Jihed Chaibi)
- arm64: dts: imx8mp: Correct thermal sensor index (Peng Fan)
- firmware: imx: Add stub functions for SCMI MISC API (Peng Fan)
- HID: amd_sfh: Add sync across amd sfh work functions (Basavaraj Natikar)
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov)
- net: sfp: add quirk for FLYPRO copper SFP+ module (Aleksander Jan Bajkowski)
- ALSA: usb-audio: Add mute TLV for playback volumes on more devices (qaqland)
- ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (Cryolitia PukNgae)
- ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (noble.yang)
- i2c: designware: Add quirk for Intel Xe (Heikki Krogerus)
- mmc: sdhci-cadence: add Mobileye eyeQ support (Benoît Monin)
- net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick (Chris Morgan)
- net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info (Marc Kleine-Budde)
- usb: core: Add 0x prefix to quirks debug output (Jiayi Li)
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai)
- ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (Stefan Binding)
- ALSA: usb-audio: Convert comma to semicolon (Chen Ni)
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea)
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix code alignment in mixer_quirks (Cristian Ciocaltea)
- firewire: core: fix overlooked update of subsystem ABI version (Takashi Sakamoto)
- scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE (Alok Tiwari)

[6.12.0-105.49.4]
- fs/dax: don't disassociate zero page entries (Alistair Popple) [Orabug: 36859857]
- device/dax: properly refcount device dax pages when mapping (Alistair Popple) [Orabug: 36859857]
- fs/dax: properly refcount fs dax pages (Alistair Popple) [Orabug: 36859857]
- fs/dax: Fix "don't skip locked entries when scanning entries" (Alistair Popple) [Orabug: 36859857]
- mm: decline to manipulate the refcount on a slab page (Matthew Wilcox (Oracle)) [Orabug: 36859857]
- dcssblk: mark DAX broken, remove FS_DAX_LIMITED support (Dan Williams) [Orabug: 36859857]
- mm/gup: don't allow FOLL_LONGTERM pinning of FS DAX pages (Alistair Popple) [Orabug: 36859857]
- mm/huge_memory: add vmf_insert_folio_pmd() (Alistair Popple) [Orabug: 36859857]
- mm/huge_memory: add vmf_insert_folio_pud() (Alistair Popple) [Orabug: 36859857]
- mm/rmap: add support for PUD sized mappings to rmap (Alistair Popple) [Orabug: 36859857]
- mm/memory: add vmf_insert_page_mkwrite() (Alistair Popple) [Orabug: 36859857]
- mm/memory: enhance insert_page_into_pte_locked() to create writable mappings (Alistair Popple) [Orabug: 36859857]
- mm: allow compound zone device pages (Alistair Popple) [Orabug: 36859857]
- mm/mm_init: move p2pdma page refcount initialisation to p2pdma (Alistair Popple) [Orabug: 36859857]
- mm/gup: remove redundant check for PCI P2PDMA page (Alistair Popple) [Orabug: 36859857]
- fs/dax: remove PAGE_MAPPING_DAX_SHARED mapping flag (Alistair Popple) [Orabug: 36859857]
- dax: use folios more widely within DAX (Matthew Wilcox (Oracle)) [Orabug: 36859857]
- dax: remove access to page->index (Matthew Wilcox (Oracle)) [Orabug: 36859857]
- fs/dax: ensure all pages are idle prior to filesystem unmount (Alistair Popple) [Orabug: 36859857]
- fs/dax: always remove DAX page-cache entries when breaking layouts (Alistair Popple) [Orabug: 36859857]
- mm: optimize invalidation of shadow entries (Shakeel Butt) [Orabug: 36859857]
- mm: optimize truncation of shadow entries (Shakeel Butt) [Orabug: 36859857]
- fs/dax: create a common implementation to break DAX layouts (Alistair Popple) [Orabug: 36859857]
- fs/dax: refactor wait for dax idle page (Alistair Popple) [Orabug: 36859857]
- fs/dax: don't skip locked entries when scanning entries (Alistair Popple) [Orabug: 36859857]
- fs/dax: return unmapped busy pages from dax_layout_busy_page_range() (Alistair Popple) [Orabug: 36859857]
- uek: kabi: Update check-kabi to support namespace checks (Saeed Mirzamohammadi) [Orabug: 38459242]

ELSA-2025-19951 Important: Oracle Linux 9 bind security update

Oracle Linux Security Advisory ELSA-2025-19951

http://linux.oracle.com/errata/ELSA-2025-19951.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bind-9.16.23-31.0.1.el9_6.2.x86_64.rpm
bind-chroot-9.16.23-31.0.1.el9_6.2.x86_64.rpm
bind-devel-9.16.23-31.0.1.el9_6.2.i686.rpm
bind-devel-9.16.23-31.0.1.el9_6.2.x86_64.rpm
bind-dnssec-doc-9.16.23-31.0.1.el9_6.2.noarch.rpm
bind-dnssec-utils-9.16.23-31.0.1.el9_6.2.x86_64.rpm
bind-doc-9.16.23-31.0.1.el9_6.2.noarch.rpm
bind-libs-9.16.23-31.0.1.el9_6.2.i686.rpm
bind-libs-9.16.23-31.0.1.el9_6.2.x86_64.rpm
bind-license-9.16.23-31.0.1.el9_6.2.noarch.rpm
bind-utils-9.16.23-31.0.1.el9_6.2.x86_64.rpm
python3-bind-9.16.23-31.0.1.el9_6.2.noarch.rpm

aarch64:
bind-9.16.23-31.0.1.el9_6.2.aarch64.rpm
bind-chroot-9.16.23-31.0.1.el9_6.2.aarch64.rpm
bind-devel-9.16.23-31.0.1.el9_6.2.aarch64.rpm
bind-dnssec-doc-9.16.23-31.0.1.el9_6.2.noarch.rpm
bind-dnssec-utils-9.16.23-31.0.1.el9_6.2.aarch64.rpm
bind-doc-9.16.23-31.0.1.el9_6.2.noarch.rpm
bind-libs-9.16.23-31.0.1.el9_6.2.aarch64.rpm
bind-license-9.16.23-31.0.1.el9_6.2.noarch.rpm
bind-utils-9.16.23-31.0.1.el9_6.2.aarch64.rpm
python3-bind-9.16.23-31.0.1.el9_6.2.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/bind-9.16.23-31.0.1.el9_6.2.src.rpm

Related CVEs:

CVE-2025-40778
CVE-2025-40780

Description of changes:

[9.16.23-31.0.1]
- Fix warning when changing device file permissions [Orabug: 36518580]

[32:9.16.23-31.2]
- Replace downstream fixes with upstream changes

[32:9.16.23-31.1]
- Prevent cache poisoning due to weak PRNG (CVE-2025-40780)
- Address various spoofing attacks (CVE-2025-40778)

ELSA-2025-19950 Important: Oracle Linux 9 bind9.18 security update

Oracle Linux Security Advisory ELSA-2025-19950

http://linux.oracle.com/errata/ELSA-2025-19950.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bind9.18-9.18.29-4.el9_6.2.x86_64.rpm
bind9.18-chroot-9.18.29-4.el9_6.2.x86_64.rpm
bind9.18-devel-9.18.29-4.el9_6.2.i686.rpm
bind9.18-devel-9.18.29-4.el9_6.2.x86_64.rpm
bind9.18-dnssec-utils-9.18.29-4.el9_6.2.x86_64.rpm
bind9.18-doc-9.18.29-4.el9_6.2.noarch.rpm
bind9.18-libs-9.18.29-4.el9_6.2.i686.rpm
bind9.18-libs-9.18.29-4.el9_6.2.x86_64.rpm
bind9.18-utils-9.18.29-4.el9_6.2.x86_64.rpm

aarch64:
bind9.18-9.18.29-4.el9_6.2.aarch64.rpm
bind9.18-chroot-9.18.29-4.el9_6.2.aarch64.rpm
bind9.18-devel-9.18.29-4.el9_6.2.aarch64.rpm
bind9.18-dnssec-utils-9.18.29-4.el9_6.2.aarch64.rpm
bind9.18-doc-9.18.29-4.el9_6.2.noarch.rpm
bind9.18-libs-9.18.29-4.el9_6.2.aarch64.rpm
bind9.18-utils-9.18.29-4.el9_6.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/bind9.18-9.18.29-4.el9_6.2.src.rpm

Related CVEs:

CVE-2025-8677
CVE-2025-40778
CVE-2025-40780

Description of changes:

[32:9.18.29-4.2]
- Fix upstream reported regression in recent CVE fix (CVE-2025-8677)
- Add upstream created test to this regression

[32:9.18.29-4.1]
- Refuse malformed DNSKEY records (CVE-2025-8677)
- Address various spoofing attacks (CVE-2025-40778)
- Prevent cache poisoning due to weak PRNG (CVE-2025-40780)

ELSA-2025-19927 Important: Oracle Linux 9 runc security update

Oracle Linux Security Advisory ELSA-2025-19927

http://linux.oracle.com/errata/ELSA-2025-19927.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
runc-1.2.5-3.el9_6.x86_64.rpm

aarch64:
runc-1.2.5-3.el9_6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/runc-1.2.5-3.el9_6.src.rpm

Related CVEs:

CVE-2025-31133
CVE-2025-52565
CVE-2025-52881

Description of changes:

[4:1.2.5-3]
- Add relevant patches to CVEs
- Resolves: RHEL-122402

[4:1.2.5-2]
- fix CVE-2025-31133 CVE-2025-52565 CVE-2025-52881
- Resolves: RHEL-122402
- Resolves: RHEL-122404
- Resolves: RHEL-122415

[4:1.2.5-1]
- update to https://github.com/opencontainers/runc/releases/tag/v1.2.5
- Related: RHEL-60277

ELBA-2025-19953 Oracle Linux 9 frr bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-19953

http://linux.oracle.com/errata/ELBA-2025-19953.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
frr-8.5.3-9.el9_6.1.x86_64.rpm
frr-selinux-8.5.3-9.el9_6.1.noarch.rpm

aarch64:
frr-8.5.3-9.el9_6.1.aarch64.rpm
frr-selinux-8.5.3-9.el9_6.1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/frr-8.5.3-9.el9_6.1.src.rpm

Description of changes:

[8.5.3-9.1]
- lib: clean up nexthop hashing mess
- Resolves: RHEL-114182

ELBA-2025-25752 Oracle Linux 9 oraclelinux-developer-release-el9 bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-25752

http://linux.oracle.com/errata/ELBA-2025-25752.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
oraclelinux-developer-release-el9-1.0-3.el9.x86_64.rpm

aarch64:
oraclelinux-developer-release-el9-1.0-3.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/oraclelinux-developer-release-el9-1.0-3.el9.src.rpm

Description of changes:

[1.0-3]
- Add UEKR8 Developer Preview repository

ELSA-2025-25755 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-25755

http://linux.oracle.com/errata/ELSA-2025-25755.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.349.3.1.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.349.3.1.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.349.3.1.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.349.3.1.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.349.3.1.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.349.3.1.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.349.3.1.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.349.3.1.el8uek.src.rpm

Related CVEs:

CVE-2025-37968
CVE-2025-39841
CVE-2025-39847
CVE-2025-39853
CVE-2025-39860
CVE-2025-39864
CVE-2025-39891
CVE-2025-39898
CVE-2025-39902
CVE-2025-39973

Description of changes:

[5.4.17-2136.349.3.1]
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38604171] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder) [Orabug: 38604171] {CVE-2025-39973}

[5.4.17-2136.349.3]
- Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" (Jakub Kicinski) [Orabug: 38545204]
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (Sean Christopherson) [Orabug: 38494247]
- rds: Free all frags when rds_ib_recv_cache_put() fails (Hans Westgaard Ry) [Orabug: 38492234]

[5.4.17-2136.349.2]
- bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags (Alan Maguire) [Orabug: 36699199]

[5.4.17-2136.349.1]
- NFSv4: Don't clear capabilities that won't be reset (Trond Myklebust)
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (H. Nikolaus Schaller)
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (H. Nikolaus Schaller)
- usb: hub: Fix flushing of delayed work used for post resume purposes (Mathias Nyman)
- soc: qcom: mdt_loader: Deal with zero e_shentsize (Bjorn Andersson)
- Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" (Tariq Toukan)
- LTS tag: v5.4.299 (Alok Tiwari)
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (John Evans) [Orabug: 38456754] {CVE-2025-39841}
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- cifs: fix integer overflow in match_server() (Roman Smirnov)
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (Larisa Grigore)
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (Larisa Grigore)
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (Larisa Grigore)
- pcmcia: Add error handling for add_interval() in do_validate_mem() (Xu Wang)
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (Takashi Iwai)
- randstruct: gcc-plugin: Fix attribute addition (Kees Cook)
- randstruct: gcc-plugin: Remove bogus void member (Kees Cook)
- vmxnet3: update MTU after device quiesce (Ronak Doshi)
- net: dsa: microchip: linearize skb for tail-tagging switches (Jakob Unterwurzacher)
- net: dsa: microchip: update tag_ksz masks for KSZ9477 family (Pieter Van Trappen)
- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (Chris Chiu)
- gpio: pca953x: fix IRQ storm on system wake up (Emanuele Ghidoli)
- iio: light: opt3001: fix deadlock due to concurrent flag access (Luca Ceresoli) [Orabug: 37977028] {CVE-2025-37968}
- iio: chemical: pms7003: use aligned_s64 for timestamp (David Lechner)
- cpufreq/sched: Explicitly synchronize limits_changed flag handling (Rafael J. Wysocki)
- mm/slub: avoid accessing metadata when pointer is invalid in object_err() (Li Qiong) [Orabug: 38494761] {CVE-2025-39902}
- mm/khugepaged: fix ->anon_vma race (Jann Horn)
- e1000e: fix heap overflow in e1000_set_eeprom (Vitaly Lifshits) [Orabug: 38494740] {CVE-2025-39898}
- batman-adv: fix OOB read/write in network-coding decode (Stanislav Fort)
- drm/amdgpu: drop hw access in non-DC audio fini (Alex Deucher)
- wifi: mwifiex: Initialize the chan_stats array to zero (Rong Qianfeng) [Orabug: 38494723] {CVE-2025-39891}
- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (Ma Ke)
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (Cryolitia Pukngae)
- ppp: fix memory leak in pad_compress_skb (Qingfang Deng) [Orabug: 38456781] {CVE-2025-39847}
- net: atm: fix memory leak in atm_register_sysfs when device_register fail (Wang Liang)
- ax25: properly unshare skbs in ax25_kiss_rcv() (Eric Dumazet)
- ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() (Dan Carpenter)
- net: thunder_bgx: add a missing of_node_put (Rosen Penev)
- wifi: libertas: cap SSID len in lbs_associate() (Dan Carpenter)
- wifi: cw1200: cap SSID length in cw1200_do_join() (Dan Carpenter)
- net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets (Felix Fietkau)
- i40e: Fix potential invalid access when MAC list is empty (Zhen Ni) [Orabug: 38456814] {CVE-2025-39853}
- icmp: fix icmp_ndo_send address translation for reply direction (Fabian Bläse)
- mISDN: Fix memory leak in dsp_hwec_enable() (Miaoqian Lin)
- xirc2ps_cs: fix register access when enabling FullDuplex (Alok Tiwari)
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (Kuniyuki Iwashima) [Orabug: 38456834] {CVE-2025-39860}
- netfilter: conntrack: helper: Replace -EEXIST by -EBUSY (Phil Sutter)
- wifi: cfg80211: fix use-after-free in cmp_bss() (Dmitry Antipov) [Orabug: 38456860] {CVE-2025-39864}
- powerpc: boot: Remove leading zero in label in udelay() (Nathan Chancellor)

ELSA-2025-20034-0 Important: Oracle Linux 8 libtiff security update

Oracle Linux Security Advisory ELSA-2025-20034-0

http://linux.oracle.com/errata/ELSA-2025-20034-0.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libtiff-4.0.9-36.el8_10.i686.rpm
libtiff-4.0.9-36.el8_10.x86_64.rpm
libtiff-devel-4.0.9-36.el8_10.i686.rpm
libtiff-devel-4.0.9-36.el8_10.x86_64.rpm
libtiff-tools-4.0.9-36.el8_10.x86_64.rpm

aarch64:
libtiff-4.0.9-36.el8_10.aarch64.rpm
libtiff-devel-4.0.9-36.el8_10.aarch64.rpm
libtiff-tools-4.0.9-36.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libtiff-4.0.9-36.el8_10.src.rpm

Related CVEs:

CVE-2025-8176

Description of changes:

[4.0.9-36]
- fix CVE-2025-8176: prevent skipping first line in tiffdither and
tiffmedian tools (RHEL-120230)

ELSA-2025-25755 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-25755

http://linux.oracle.com/errata/ELSA-2025-25755.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.349.3.1.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.349.3.1.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.349.3.1.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.349.3.1.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.349.3.1.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.349.3.1.el8uek.src.rpm

Related CVEs:

CVE-2025-37968
CVE-2025-39841
CVE-2025-39847
CVE-2025-39853
CVE-2025-39860
CVE-2025-39864
CVE-2025-39891
CVE-2025-39898
CVE-2025-39902
CVE-2025-39973

Description of changes:

[5.4.17-2136.349.3.1]
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38604171] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder) [Orabug: 38604171] {CVE-2025-39973}

[5.4.17-2136.349.3]
- Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" (Jakub Kicinski) [Orabug: 38545204]
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (Sean Christopherson) [Orabug: 38494247]
- rds: Free all frags when rds_ib_recv_cache_put() fails (Hans Westgaard Ry) [Orabug: 38492234]

[5.4.17-2136.349.2]
- bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags (Alan Maguire) [Orabug: 36699199]

[5.4.17-2136.349.1]
- NFSv4: Don't clear capabilities that won't be reset (Trond Myklebust)
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (H. Nikolaus Schaller)
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (H. Nikolaus Schaller)
- usb: hub: Fix flushing of delayed work used for post resume purposes (Mathias Nyman)
- soc: qcom: mdt_loader: Deal with zero e_shentsize (Bjorn Andersson)
- Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" (Tariq Toukan)
- LTS tag: v5.4.299 (Alok Tiwari)
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (John Evans) [Orabug: 38456754] {CVE-2025-39841}
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- cifs: fix integer overflow in match_server() (Roman Smirnov)
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (Larisa Grigore)
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (Larisa Grigore)
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (Larisa Grigore)
- pcmcia: Add error handling for add_interval() in do_validate_mem() (Xu Wang)
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (Takashi Iwai)
- randstruct: gcc-plugin: Fix attribute addition (Kees Cook)
- randstruct: gcc-plugin: Remove bogus void member (Kees Cook)
- vmxnet3: update MTU after device quiesce (Ronak Doshi)
- net: dsa: microchip: linearize skb for tail-tagging switches (Jakob Unterwurzacher)
- net: dsa: microchip: update tag_ksz masks for KSZ9477 family (Pieter Van Trappen)
- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (Chris Chiu)
- gpio: pca953x: fix IRQ storm on system wake up (Emanuele Ghidoli)
- iio: light: opt3001: fix deadlock due to concurrent flag access (Luca Ceresoli) [Orabug: 37977028] {CVE-2025-37968}
- iio: chemical: pms7003: use aligned_s64 for timestamp (David Lechner)
- cpufreq/sched: Explicitly synchronize limits_changed flag handling (Rafael J. Wysocki)
- mm/slub: avoid accessing metadata when pointer is invalid in object_err() (Li Qiong) [Orabug: 38494761] {CVE-2025-39902}
- mm/khugepaged: fix ->anon_vma race (Jann Horn)
- e1000e: fix heap overflow in e1000_set_eeprom (Vitaly Lifshits) [Orabug: 38494740] {CVE-2025-39898}
- batman-adv: fix OOB read/write in network-coding decode (Stanislav Fort)
- drm/amdgpu: drop hw access in non-DC audio fini (Alex Deucher)
- wifi: mwifiex: Initialize the chan_stats array to zero (Rong Qianfeng) [Orabug: 38494723] {CVE-2025-39891}
- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (Ma Ke)
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (Cryolitia Pukngae)
- ppp: fix memory leak in pad_compress_skb (Qingfang Deng) [Orabug: 38456781] {CVE-2025-39847}
- net: atm: fix memory leak in atm_register_sysfs when device_register fail (Wang Liang)
- ax25: properly unshare skbs in ax25_kiss_rcv() (Eric Dumazet)
- ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() (Dan Carpenter)
- net: thunder_bgx: add a missing of_node_put (Rosen Penev)
- wifi: libertas: cap SSID len in lbs_associate() (Dan Carpenter)
- wifi: cw1200: cap SSID length in cw1200_do_join() (Dan Carpenter)
- net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets (Felix Fietkau)
- i40e: Fix potential invalid access when MAC list is empty (Zhen Ni) [Orabug: 38456814] {CVE-2025-39853}
- icmp: fix icmp_ndo_send address translation for reply direction (Fabian Bläse)
- mISDN: Fix memory leak in dsp_hwec_enable() (Miaoqian Lin)
- xirc2ps_cs: fix register access when enabling FullDuplex (Alok Tiwari)
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (Kuniyuki Iwashima) [Orabug: 38456834] {CVE-2025-39860}
- netfilter: conntrack: helper: Replace -EEXIST by -EBUSY (Phil Sutter)
- wifi: cfg80211: fix use-after-free in cmp_bss() (Dmitry Antipov) [Orabug: 38456860] {CVE-2025-39864}
- powerpc: boot: Remove leading zero in label in udelay() (Nathan Chancellor)

ELSA-2025-25755 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-25755

http://linux.oracle.com/errata/ELSA-2025-25755.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.349.3.1.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.349.3.1.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.349.3.1.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.349.3.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.349.3.1.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.349.3.1.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.349.3.1.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.349.3.1.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.349.3.1.el7uek.src.rpm

Related CVEs:

CVE-2025-37968
CVE-2025-39841
CVE-2025-39847
CVE-2025-39853
CVE-2025-39860
CVE-2025-39864
CVE-2025-39891
CVE-2025-39898
CVE-2025-39902
CVE-2025-39973

Description of changes:

[5.4.17-2136.349.3.1]
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38604171] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder) [Orabug: 38604171] {CVE-2025-39973}

[5.4.17-2136.349.3]
- Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" (Jakub Kicinski) [Orabug: 38545204]
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (Sean Christopherson) [Orabug: 38494247]
- rds: Free all frags when rds_ib_recv_cache_put() fails (Hans Westgaard Ry) [Orabug: 38492234]

[5.4.17-2136.349.2]
- bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags (Alan Maguire) [Orabug: 36699199]

[5.4.17-2136.349.1]
- NFSv4: Don't clear capabilities that won't be reset (Trond Myklebust)
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (H. Nikolaus Schaller)
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (H. Nikolaus Schaller)
- usb: hub: Fix flushing of delayed work used for post resume purposes (Mathias Nyman)
- soc: qcom: mdt_loader: Deal with zero e_shentsize (Bjorn Andersson)
- Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" (Tariq Toukan)
- LTS tag: v5.4.299 (Alok Tiwari)
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (John Evans) [Orabug: 38456754] {CVE-2025-39841}
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- cifs: fix integer overflow in match_server() (Roman Smirnov)
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (Larisa Grigore)
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (Larisa Grigore)
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (Larisa Grigore)
- pcmcia: Add error handling for add_interval() in do_validate_mem() (Xu Wang)
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (Takashi Iwai)
- randstruct: gcc-plugin: Fix attribute addition (Kees Cook)
- randstruct: gcc-plugin: Remove bogus void member (Kees Cook)
- vmxnet3: update MTU after device quiesce (Ronak Doshi)
- net: dsa: microchip: linearize skb for tail-tagging switches (Jakob Unterwurzacher)
- net: dsa: microchip: update tag_ksz masks for KSZ9477 family (Pieter Van Trappen)
- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (Chris Chiu)
- gpio: pca953x: fix IRQ storm on system wake up (Emanuele Ghidoli)
- iio: light: opt3001: fix deadlock due to concurrent flag access (Luca Ceresoli) [Orabug: 37977028] {CVE-2025-37968}
- iio: chemical: pms7003: use aligned_s64 for timestamp (David Lechner)
- cpufreq/sched: Explicitly synchronize limits_changed flag handling (Rafael J. Wysocki)
- mm/slub: avoid accessing metadata when pointer is invalid in object_err() (Li Qiong) [Orabug: 38494761] {CVE-2025-39902}
- mm/khugepaged: fix ->anon_vma race (Jann Horn)
- e1000e: fix heap overflow in e1000_set_eeprom (Vitaly Lifshits) [Orabug: 38494740] {CVE-2025-39898}
- batman-adv: fix OOB read/write in network-coding decode (Stanislav Fort)
- drm/amdgpu: drop hw access in non-DC audio fini (Alex Deucher)
- wifi: mwifiex: Initialize the chan_stats array to zero (Rong Qianfeng) [Orabug: 38494723] {CVE-2025-39891}
- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (Ma Ke)
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (Cryolitia Pukngae)
- ppp: fix memory leak in pad_compress_skb (Qingfang Deng) [Orabug: 38456781] {CVE-2025-39847}
- net: atm: fix memory leak in atm_register_sysfs when device_register fail (Wang Liang)
- ax25: properly unshare skbs in ax25_kiss_rcv() (Eric Dumazet)
- ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() (Dan Carpenter)
- net: thunder_bgx: add a missing of_node_put (Rosen Penev)
- wifi: libertas: cap SSID len in lbs_associate() (Dan Carpenter)
- wifi: cw1200: cap SSID length in cw1200_do_join() (Dan Carpenter)
- net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets (Felix Fietkau)
- i40e: Fix potential invalid access when MAC list is empty (Zhen Ni) [Orabug: 38456814] {CVE-2025-39853}
- icmp: fix icmp_ndo_send address translation for reply direction (Fabian Bläse)
- mISDN: Fix memory leak in dsp_hwec_enable() (Miaoqian Lin)
- xirc2ps_cs: fix register access when enabling FullDuplex (Alok Tiwari)
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (Kuniyuki Iwashima) [Orabug: 38456834] {CVE-2025-39860}
- netfilter: conntrack: helper: Replace -EEXIST by -EBUSY (Phil Sutter)
- wifi: cfg80211: fix use-after-free in cmp_bss() (Dmitry Antipov) [Orabug: 38456860] {CVE-2025-39864}
- powerpc: boot: Remove leading zero in label in udelay() (Nathan Chancellor)

[5.4.17-2136.348.3]
- hugetlbfs: take read_lock on i_mmap for PMD sharing (Waiman Long) [Orabug: 38459576]
- kallsyms: add module_kallsyms_on_each_symbol_locked (Julian Pidancet) [Orabug: 38418686]
- kallsyms: export module_kallsyms_on_each_symbol (Julian Pidancet) [Orabug: 38418686]

[5.4.17-2136.348.2]
- uek-rpm: Move ifb module to nano modules (Harshit Mogalapalli) [Orabug: 38443798]
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38310007,38453918] {CVE-2025-38499}
- x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38424094]
- x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38424094]
- Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38424094]

[5.4.17-2136.348.1]
- LTS tag: v5.4.298 (Sherry Yang)
- Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" (Imre Deak)
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- Revert "drm/amdgpu: fix incorrect vm flags to map bo" (Alex Deucher) [Orabug: 38343661]
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (Minjong Kim) [Orabug: 38440228] {CVE-2025-39808}
- HID: wacom: Add a new Art Pen 2 (Ping Cheng)
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (Qasim Ijaz) [Orabug: 38440310] {CVE-2025-39824}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (Li Nan) [Orabug: 38440277] {CVE-2025-39817}
- sctp: initialize more fields in sctp_v6_from_sk() (Eric Dumazet) [Orabug: 38440251] {CVE-2025-39812}
- net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts (Rohan G Thomas)
- net/mlx5e: Set local Xoff after FW update (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon port speed set (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon MTU set (Alexei Lazar)
- net: dlink: fix multicast stats being counted incorrectly (Moon Yeounsu)
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). (Kuniyuki Iwashima) [Orabug: 38440347] {CVE-2025-39828}
- net/atm: remove the atmdev_ops {get, set}sockopt methods (Christoph Hellwig)
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (Luiz Augusto von Dentz)
- powerpc/kvm: Fix ifdef to remove build warning (Madhavan Srinivasan)
- net: ipv4: fix regression in local-broadcast routes (Oscar Maes) [Orabug: 38343661]
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (Nikolay Kuratov)
- scsi: core: sysfs: Correct sysfs attributes access rights (Damien Le Moal)
- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (Tengda Wu) [Orabug: 38440259] {CVE-2025-39813}
- pinctrl: STMFX: add missing HAS_IOMEM dependency (Randy Dunlap)
- LTS tag: v5.4.297 (Sherry Yang)
- alloc_fdtable(): change calling conventions. (Al Viro)
- s390/hypfs: Enable limited access during lockdown (Peter Oberparleiter)
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (Peter Oberparleiter)
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (Takashi Iwai)
- net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate (William Liu)
- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (William Liu)
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (Jason Xing)
- ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add (Heminhong)
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (Dan Carpenter) [Orabug: 38343661]
- scsi: qla4xxx: Prevent a potential error pointer dereference (Dan Carpenter) [Orabug: 38401514] {CVE-2025-39676}
- usb: xhci: Fix slot_id resource race conflict (Weitao Wang)
- nfs: fix UAF in direct writes (Josef Bacik) [Orabug: 36596831] {CVE-2024-26958}
- NFS: Fix up commit deadlocks (Trond Myklebust)
- cifs: Fix UAF in cifs_demultiplex_thread() (Zhang Xiaoxu)
- Bluetooth: fix use-after-free in device_for_each_child() (Dmitry Antipov) [Orabug: 37433654] {CVE-2024-53237}
- act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti)
- net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti)
- net/sched: act_mirred: refactor the handle of xmit (Wenxu)
- selftests: forwarding: tc_actions.sh: add matchall mirror test (Jiri Pirko)
- net: sched: don't expose action qstats to skb_tc_reinsert() (Vlad Buslov)
- net: sched: extract qstats update code into functions (Vlad Buslov)
- net: sched: extract bstats update code into function (Vlad Buslov)
- net: sched: extract common action counters update code into function (Vlad Buslov)
- mm: perform the mapping_map_writable() check after call_mmap() (Lorenzo Stoakes)
- mm: update memfd seal write check to include F_SEAL_WRITE (Lorenzo Stoakes)
- mm: drop the assumption that VM_SHARED always implies writable (Lorenzo Stoakes)
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37908492] {CVE-2025-37798}
- sch_qfq: make qfq_qlen_notify() idempotent (Cong Wang)
- sch_hfsc: make hfsc_qlen_notify() idempotent (Cong Wang) [Orabug: 38158396] {CVE-2025-38177}
- sch_drr: make drr_qlen_notify() idempotent (Cong Wang)
- btrfs: populate otime when logging an inode item (Qu Wenruo)
- media: venus: hfi: explicitly release IRQ during teardown (Jorge Ramirez-Ortiz)
- f2fs: fix to avoid out-of-boundary access in dnode page (Chao Yu)
- media: venus: protect against spurious interrupts during probe (Jorge Ramirez-Ortiz)
- media: qcom: camss: cleanup media device allocated resource on error path (Vladimir Zapolskiy)
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. (Ricardo Ribalda)
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (Imre Deak)
- pwm: mediatek: Fix duty and period setting (Uwe Kleine-König)
- pwm: mediatek: Handle hardware enable and clock enable separately (Uwe Kleine-König)
- pwm: mediatek: Implement .apply() callback (Uwe Kleine-König)
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (Gui-Dong Han) [Orabug: 38401677] {CVE-2025-39713}
- media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() (Sakari Ailus)
- media: v4l2-ctrls: always copy the controls on completion (Hans Verkuil)
- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig (Damien Le Moal)
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header (Bjorn Andersson) [Orabug: 38423524] {CVE-2025-39787}
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (Meagan Lloyd)
- usb: musb: omap2430: fix device leak at unbind (Johan Hovold)
- NFS: Fix the setting of capabilities when automounting a new filesystem (Trond Myklebust) [Orabug: 38429211] {CVE-2025-39798}
- NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() (Trond Myklebust)
- NFSv4: Fix nfs4_bitmap_copy_adjust() (Trond Myklebust)
- usb: typec: fusb302: cache PD RX state (Sebastian Reichel)
- cdc-acm: fix race between initial clearing halt and open (Oliver Neukum)
- USB: cdc-acm: do not log successful probe on later errors (Johan Hovold)
- mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock (Breno Leitao)
- mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t (He Zhe)
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (Geoffrey D. Bennett)
- x86/fpu: Delay instruction pointer fixup until after warning (Dave Hansen)
- mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery (Andy Shevchenko)
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38395081,38501612] {CVE-2025-38724}
- pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov (Maulik Shah)
- tracing: Add down_write(trace_event_sem) when adding trace event (Steven Rostedt) [Orabug: 38324271] {CVE-2025-38539}
- usb: hub: Don't try to recover devices lost during warm reset. (Mathias Nyman)
- usb: hub: avoid warm port reset during USB3 disconnect (Mathias Nyman)
- x86/mce/amd: Add default names for MCA banks and blocks (Yazen Ghannam)
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (Zhang Lixu)
- f2fs: fix to do sanity check on ino and xnid (Chao Yu)
- mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n (Harry Yoo)
- mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() (Miaohe Lin)
- drm/sched: Remove optimization that causes hang when killing dependent jobs (Lin Cao)
- ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (Haoxiang Li) [Orabug: 38351930] {CVE-2025-38664}
- net: usbnet: Fix the wrong netif_carrier_on() call (Ammar Faizi)
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (John Ernberg)
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (Lukas Wunner)
- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (Li Zhong)
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (Ian Abbott)
- comedi: Fix initialization of data for instructions that write to subdevice (Ian Abbott)
- kbuild: Add KBUILD_CPPFLAGS to as-option invocation (Nathan Chancellor)
- kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS (Masahiro Yamada)
- kbuild: Add CLANG_FLAGS to as-instr (Nathan Chancellor)
- mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation (Nathan Chancellor)
- kbuild: Update assembler calls to use proper flags and language target (Nick Desaulniers)
- ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS (Nathan Chancellor)
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (Kuen-Han Tsai)
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (Zenm Chen)
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (Thorsten Blum)
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (Mael Guerin)
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (Miao Li)
- iio: proximity: isl29501: fix buffered read on big-endian systems (David Lechner)
- ftrace: Also allocate and copy hash for reading of filter files (Steven Rostedt) [Orabug: 38401581] {CVE-2025-39689}
- fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() (Xu Yilun)
- use uniform permission checks for all mount propagation changes (Al Viro)
- move_mount: allow to add a mount into an existing group (Pavel Tikhomirov)
- fs/buffer: fix use-after-free when call bh_read() helper (Ye Bin) [Orabug: 38401587] {CVE-2025-39691}
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (Timur Kristóf)
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (Timur Kristóf)
- memstick: Fix deadlock by moving removing flag earlier (Jiayi Li)
- media: venus: Add a check for packet size after reading from shared memory (Vedang Nagar)
- media: ov2659: Fix memory leaks in ov2659_probe() (Zhang Shurong)
- media: usbtv: Lock resolution while streaming (Ludwig Disterhof) [Orabug: 38401684] {CVE-2025-39714}
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (Haoxiang Li)
- media: gspca: Add bounds checking to firmware parser (Dan Carpenter)
- soc/tegra: pmc: Ensure power-domains are in a known state (Jonathan Hunter)
- jbd2: prevent softlockup in jbd2_log_do_checkpoint() (Baokun Li) [Orabug: 38423509] {CVE-2025-39782}
- PCI: endpoint: Fix configfs group removal on driver teardown (Damien Le Moal)
- PCI: endpoint: Fix configfs group list head handling (Damien Le Moal)
- mtd: rawnand: fsmc: Add missing check after DMA map (Thomas Fourier)
- pwm: imx-tpm: Reset counter if CMOD is 0 (Laurentiu Mihalcea)
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (Nathan Chancellor)
- zynq_fpga: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- ata: libata-scsi: Fix ata_to_sense_error() status handling (Damien Le Moal)
- ext4: fix reserved gdt blocks handling in fsmap (Ojaswin Mujoo)
- ext4: fix fsmap end of range reporting with bigalloc (Ojaswin Mujoo)
- ext4: check fast symlink for ea_inode correctly (Andreas Dilger)
- vt: defkeymap: Map keycodes above 127 to K_HOLE (Myrrh Periwinkle)
- vt: keyboard: Don't process Unicode characters in K_OFF mode (Myrrh Periwinkle)
- usb: dwc3: meson-g12a: fix device leaks at unbind (Johan Hovold)
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (Johan Hovold)
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (Nathan Chancellor)
- m68k: Fix lost column on framebuffer debug console (Finn Thain)
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (Dan Carpenter)
- serial: 8250: fix panic due to PSLVERR (Yunhui Cui) [Orabug: 38401729] {CVE-2025-39724}
- media: uvcvideo: Do not mark valid metadata as invalid (Ricardo Ribalda)
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Youngjun Lee) [Orabug: 38394816] {CVE-2025-38680}
- mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() (Waiman Long)
- parisc: Makefile: fix a typo in palo.conf (Randy Dunlap)
- btrfs: fix log tree replay failure due to file with 0 links and extents (Filipe Manana)
- thunderbolt: Fix copy+paste error in match_service_id() (Eric Biggers)
- comedi: fix race between polling and detaching (Ian Abbott)
- misc: rtsx: usb: Ensure mmc child device is active when card is present (Ricky Wu)
- drm/amdgpu: fix incorrect vm flags to map bo (Jack Xiao)
- scsi: lpfc: Remove redundant assignment to avoid memory leak (Jiasheng Jiang)
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (Meagan Lloyd)
- pNFS: Fix uninited ptr deref in block/scsi layout (Sergey Bashirov) [Orabug: 38394867] {CVE-2025-38691}
- pNFS: Handle RPC size limit for layoutcommits (Sergey Bashirov)
- pNFS: Fix disk addr range check in block/scsi layout (Sergey Bashirov)
- pNFS: Fix stripe mapping in block/scsi layout (Sergey Bashirov)
- net: phy: smsc: add proper reset flags for LAN8710A (Csaba Buday)
- ipmi: Fix strcpy source and destination the same (Corey Minyard)
- kconfig: lxdialog: fix 'space' to (de)select options (Yann E. MORIN)
- kconfig: gconf: fix potential memory leak in renderer_edited() (Masahiro Yamada)
- kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() (Masahiro Yamada)
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (Breno Leitao)
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (John Garry)
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (Ranjan Kumar)
- kconfig: nconf: Ensure null termination where strncpy is used (Shankari Anand)
- kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c (Suchit Karunakaran)
- i3c: don't fail if GETHDRCAP is unsupported (Wolfram Sang)
- PCI: pnv_php: Work around switches with broken presence detection (Timothy Pearson)
- i3c: add missing include to internal header (Wolfram Sang)
- media: uvcvideo: Fix bandwidth issue for Alcor camera (Chenchangcheng)
- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (Alex Guo) [Orabug: 38394880] {CVE-2025-38693}
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (Alex Guo) [Orabug: 38394887] {CVE-2025-38694}
- media: usb: hdpvr: disable zero-length read messages (Wolfram Sang)
- media: tc358743: Increase FIFO trigger level to 374 (Dave Stevenson)
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (Dave Stevenson)
- media: tc358743: Check I2C succeeded during probe (Dave Stevenson)
- pinctrl: stm32: Manage irq affinity settings (Cheick Traore)
- scsi: mpt3sas: Correctly handle ATA device errors (Damien Le Moal)
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (Justin Tee) [Orabug: 38394894] {CVE-2025-38695}
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (Yury Norov) [Orabug: 38423286] {CVE-2025-39742}
- MIPS: Don't crash in stack_top() for tasks without ABI or vDSO (Thomas Weißschuh)
- jfs: upper bound check of tree index in dbAllocAG (Arnaud Lecomte)
- jfs: Regular file corruption check (Edward Adam Davis)
- jfs: truncate good inode pages when hard link is 0 (Lizhi Xu)
- scsi: bfa: Double-free fix (Jackysliu) [Orabug: 38394925] {CVE-2025-38699}
- MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} (Shiji Yang)
- watchdog: dw_wdt: Fix default timeout (Sebastian Reichel)
- fs/orangefs: use snprintf() instead of sprintf() (Amir Mohammad Jahangirzad)
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Showrya M N) [Orabug: 38394931] {CVE-2025-38700}
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (Theodore Ts'O) [Orabug: 38394937] {CVE-2025-38701}
- cifs: Fix calling CIFSFindFirst() for root path without msearch (Pali Rohár)
- vhost: fail early when __vhost_add_used() fails (Jason Wang)
- net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 (Álvaro Fernández Rojas)
- uapi: in6: restore visibility of most IPv6 socket options (Jakub Kicinski)
- net: ncsi: Fix buffer overflow in fetching version id (Hari Kalavakunta)
- net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 (Álvaro Fernández Rojas)
- net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 (Álvaro Fernández Rojas)
- net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs (Gal Pressman)
- wifi: iwlegacy: Check rate_idx range after addition (Stanislaw Gruszka)
- netmem: fix skb_frag_address_safe with unreadable skbs (Mina Almasry)
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_rx_interrupt(). (Thomas Fourier)
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (Anjaneyulu)
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (Rand Deeb)
- net: fec: allow disable coalescing (Jonas Rebmann)
- (powerpc/512) Fix possible dma_unmap_single() on uninitialized pointer (Thomas Fourier)
- s390/stp: Remove udelay from stp_sync_clock() (Sven Schnelle)
- wifi: iwlwifi: mvm: fix scan request validation (Avraham Stern)
- net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() (Alok Tiwari)
- net: ipv4: fix incorrect MTU in broadcast routes (Oscar Maes)
- wifi: cfg80211: Fix interface type validation (Ilan Peer)
- rcu: Protect ->defer_qs_iw_pending from data race (Paul E. McKenney) [Orabug: 38423341] {CVE-2025-39749}
- net: ag71xx: Add missing check after DMA map (Thomas Fourier)
- et131x: Add missing check after DMA map (Thomas Fourier)
- be2net: Use correct byte order and format string for TCP seq and ack_seq (Alok Tiwari)
- s390/time: Use monotonic clock in get_cycles() (Sven Schnelle)
- wifi: cfg80211: reject HTC bit for management frames (Johannes Berg)
- ktest.pl: Prevent recursion of default variable options (Steven Rostedt)
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (Xinxin Wan)
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (Cristian Ciocaltea)
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (Lucy Thrun)
- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (Kees Cook)
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (Gautham R. Shenoy)
- usb: core: usb_submit_urb: downgrade type check (Oliver Neukum)
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (Alok Tiwari)
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (Mark Brown)
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (Ulf Hansson)
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (Breno Leitao)
- ACPI: processor: fix acpi_object initialization (Sebastian Ott)
- PM: sleep: console: Fix the black screen issue (Tuhaowen)
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (Hsin-Te Yuan)
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (Rafael J. Wysocki)
- selftests: tracing: Use mutex_unlock for testing glob filter (Masami Hiramatsu)
- ARM: tegra: Use I/O memcpy to write to IRAM (Aaron Kling)
- gpio: tps65912: check the return value of regmap_update_bits() (Bartosz Golaszewski)
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (Kuninori Morimoto)
- ARM: rockchip: fix kernel hang during smp initialization (Alexander Kochetkov)
- cpufreq: Exit governor when failed to start old governor (Lifeng Zheng)
- usb: xhci: Avoid showing errors during surprise removal (Mario Limonciello)
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (Jay Chen)
- usb: xhci: Avoid showing warnings for dying controller (Mario Limonciello)
- selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t (Cynthia Huang)
- usb: xhci: print xhci->xhc_state when queue_command failed (Su Hui)
- securityfs: don't pin dentries twice, once is enough... (Al Viro)
- hfs: fix not erasing deleted b-tree node issue (Viacheslav Dubeyko)
- drbd: add missing kref_get in handle_write_conflicts (Sarah Newman) [Orabug: 38394995] {CVE-2025-38708}
- udf: Verify partition map count (Jan Kara)
- arm64: Handle KCOV __init vs inline mismatches (Kees Cook)
- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() (Tetsuo Handa)
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (Viacheslav Dubeyko)
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (Viacheslav Dubeyko)
- hfs: fix slab-out-of-bounds in hfs_bnode_read() (Viacheslav Dubeyko)
- sctp: linearize cloned gso packets in sctp_rcv (Xin Long) [Orabug: 38395059] {CVE-2025-38718}
- netfilter: ctnetlink: fix refcount leak on table dump (Florian Westphal) [Orabug: 38395068] {CVE-2025-38721}
- udp: also consider secpath when evaluating ipsec use for checksumming (Sabrina Dubroca)
- ACPI: processor: perflib: Move problematic pr->performance check (Rafael J. Wysocki)
- ACPI: processor: perflib: Fix initial _PPC limit application (Jiayi Li)
- Documentation: ACPI: Fix parent device references (Andy Shevchenko)
- fs: Prevent file descriptor table allocations exceeding INT_MAX (Sasha Levin) [Orabug: 38423397] {CVE-2025-39756}
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (Ma Ke)
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (Dai Ngo)
- net: dpaa: fix device leak when querying time stamp info (Johan Hovold)
- net: gianfar: fix device leak when querying time stamp info (Johan Hovold)
- netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38401319] {CVE-2025-38727}
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Takashi Iwai) [Orabug: 38423407] {CVE-2025-39757}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Takashi Iwai) [Orabug: 38395101] {CVE-2025-38729}
- io_uring: don't use int for ABI (Pavel Begunkov)
- usb: gadget : fix use-after-free in composite_dev_cleanup() (Taoxue) [Orabug: 38334898] {CVE-2025-38555}
- MIPS: mm: tlb-r4k: Uniquify TLB entries on init (Jiaxun Yang)
- USB: serial: option: add Foxconn T99W709 (Slark Xiao)
- vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38351771,38453914] {CVE-2025-38618}
- net/packet: fix a race in packet_set_ring() and packet_notifier() (Quang Le) [Orabug: 38351764] {CVE-2025-38617}
- perf/core: Prevent VMA split of buffer mappings (Thomas Gleixner) [Orabug: 38334948] {CVE-2025-38563}
- perf/core: Exit early on perf_mmap() fail (Thomas Gleixner) [Orabug: 38334959] {CVE-2025-38565}
- perf/core: Don't leak AUX buffer refcount on allocation failure (Thomas Gleixner)
- pptp: fix pptp_xmit() error path (Eric Dumazet)
- smb: client: let recv_done() cleanup before notifying the callers. (Stefan Metzmacher)
- benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334976] {CVE-2025-38569}
- net: drop UFO packets in udp_rcv_segment() (Wang Liang) [Orabug: 38351786] {CVE-2025-38622}
- ipv6: reject malicious packets in ipv6_gso_segment() (Eric Dumazet) [Orabug: 38334988] {CVE-2025-38572}
- pptp: ensure minimal skb length in pptp_xmit() (Eric Dumazet) [Orabug: 38335004] {CVE-2025-38574}
- netpoll: prevent hanging NAPI when netcons gets enabled (Jakub Kicinski)
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (Trond Myklebust) [Orabug: 38401745] {CVE-2025-39730}
- pci/hotplug/pnv-php: Wrap warnings in macro (Frederic Barrat)
- pci/hotplug/pnv-php: Improve error msg on power state change failure (Frederic Barrat)
- usb: chipidea: udc: fix sleeping function called from invalid context (Peter Chen)
- f2fs: fix to avoid out-of-boundary access in devs.path (Chao Yu)
- f2fs: fix to avoid panic in f2fs_evict_inode (Chao Yu)
- f2fs: fix to avoid UAF in f2fs_sync_inode_meta() (Chao Yu)
- rtc: pcf8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: hym8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: ds1307: fix incorrect maximum clock rate handling (Brian Masney)
- module: Restore the moduleparam prefix length check (Petr Pavlu)
- bpf: Check flow_dissector ctx accesses are aligned (Paul Chaignon)
- mtd: rawnand: atmel: set pmecc data setup time (Balamanikandan Gunasundar)
- mtd: rawnand: atmel: Fix dma_mapping_error() address (Thomas Fourier)
- jfs: fix metapage reference count leak in dbAllocCtl (Zheng Yu)
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (Chenyuan Yang)
- crypto: qat - fix seq_file position update in adf_ring_next() (Giovanni Cabiddu)
- dmaengine: nbpfaxi: Add missing check after DMA map (Thomas Fourier)
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (Thomas Fourier)
- fs/orangefs: Allow 2 more characters in do_c_string() (Dan Carpenter)
- soundwire: stream: restore params when prepare ports fail (Bard Liao)
- crypto: img-hash - Fix dma_unmap_sg() nents value (Thomas Fourier)
- hwrng: mtk - handle devm_pm_runtime_enable errors (Ovidiu Panait)
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (Dan Carpenter)
- scsi: isci: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: mvsas: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (Thomas Fourier)
- clk: sunxi-ng: v3s: Fix de clock definition (Paul Kocialkowski)
- perf tests bp_account: Fix leaked file descriptor (Leo Yan)
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (Mengbiao Xiong)
- pinctrl: sunxi: Fix memory leak on krealloc failure (Yuan Chen)
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (Charles Han)
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (Henry Martin)
- mtd: fix possible integer overflow in erase_xfer() (Ivan Stepchenko)
- crypto: marvell/cesa - Fix engine load inaccuracy (Herbert Xu)
- PCI: rockchip-host: Fix "Unexpected Completion" log message (Hans Zhang)
- vrf: Drop existing dst reference in vrf_ip6_input_dst (Stanislav Fomichev)
- selftests: rtnetlink.sh: remove esp4_offload after test (Xiumei Mu)
- netfilter: xt_nfacct: don't assume acct name is null-terminated (Florian Westphal) [Orabug: 38351854] {CVE-2025-38639}
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (Jimmy Assarsson)
- can: kvaser_pciefd: Store device channel index (Jimmy Assarsson)
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (Gokul Sivakumar)
- Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (Remi Pommarel)
- mwl8k: Add missing check after DMA map (Thomas Fourier)
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (Martin Kaistra)
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (William Liu) [Orabug: 38331466] {CVE-2025-38553}
- arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX (Johan Korsnes)
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (Fedor Pchelkin)
- m68k: Don't unregister boot console needlessly (Finn Thain)
- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range (Xin Guo)
- iwlwifi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang) [Orabug: 38335110] {CVE-2025-38602}
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (Xiu Jianfeng)
- wifi: rtl818x: Kill URBs before clearing tx status queue (Daniil Dulov) [Orabug: 38335120] {CVE-2025-38604}
- caif: reduce stack size, again (Arnd Bergmann)
- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (Yuan Chen)
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (Jiayuan Chen) [Orabug: 38335131] {CVE-2025-38608}
- staging: nvec: Fix incorrect null termination of battery manufacturer (Alok Tiwari)
- samples: mei: Fix building on musl libc (Brahmajit Das)
- cpufreq: Init policy->rwsem before it may be possibly used (Lifeng Zheng)
- ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface (Annette Kobou)
- usb: early: xhci-dbc: Fix early_ioremap leak (Lucas De Marchi)
- Revert "vmci: Prevent the dispatching of uninitialized payloads" (Greg Kroah-Hartman)
- pps: fix poll support (Denis Osterland-Heim)
- vmci: Prevent the dispatching of uninitialized payloads (Lizhi Xu)
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (Abdun Nihaal) [Orabug: 38335153] {CVE-2025-38612}
- ARM: dts: vfxxx: Correctly use two tuples for timer address (Krzysztof Kozlowski)
- hfsplus: remove mutex_lock check in hfsplus_free_extents (Yangtao Li)
- ASoC: Intel: fix SND_SOC_SOF dependencies (Arnd Bergmann)
- ethernet: intel: fix building with large NR_CPUS (Arnd Bergmann)
- usb: phy: mxs: disconnect line when USB charger is attached (Xu Yang)
- usb: chipidea: add USB PHY event (Xu Yang)
- usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use (Peter Chen)
- usb: chipidea: udc: protect usb interrupt enable (Li Jun)
- usb: chipidea: udc: add new API ci_hdrc_gadget_connect (Peter Chen)
- ALSA: hda: Add missing NVIDIA HDA codec IDs (Daniel Dadap)
- comedi: comedi_test: Fix possible deletion of uninitialized timers (Ian Abbott)
- nilfs2: reject invalid file types when reading inodes (Ryusuke Konishi)
- i2c: qup: jump out of the loop in case of timeout (Yang Xiwen) [Orabug: 38351994] {CVE-2025-38671}
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (Xiang Mei)
- net: appletalk: Fix use-after-free in AARP proxy probe (Kito Xu)
- net: appletalk: fix kerneldoc warnings (Andrew Lunn)
- RDMA/core: Rate limit GID cache warning messages (Maor Gottlieb)
- regulator: core: fix NULL dereference on unbind due to stale coupling data (Alessandro Carminati) [Orabug: 38351978] {CVE-2025-38668}
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (Mathias Nyman)
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (Mathias Nyman)
- net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158477] {CVE-2025-38193}
- power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition (Zheng Wang)
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (Minghao Chi)
- power: supply: bq24190_charger: Fix runtime PM imbalance on error (Dinghao Liu)
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (Hongyu Xie)
- virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug: 38253834] {CVE-2025-38375}
- ASoC: fsl_sai: Force a software reset when starting in consumer mode (Arun Raghavan)
- usb: dwc3: qcom: Don't leave BCR asserted (Krishna Kurapati)
- usb: musb: fix gadget state on disconnect (Drew Hamilton)
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (William Liu) [Orabug: 38254214] {CVE-2025-38468}
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (Dong Chenchen) [Orabug: 38254225] {CVE-2025-38470}
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (Luiz Augusto von Dentz)
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (Luiz Augusto von Dentz)
- Bluetooth: SMP: If an unallowed command is received consider it a failure (Luiz Augusto von Dentz)
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (Kuniyuki Iwashima) [Orabug: 38254241] {CVE-2025-38473}
- usb: net: sierra: check for no status endpoint (Oliver Neukum) [Orabug: 38254249] {CVE-2025-38474}
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (Xiang Mei) [Orabug: 38254266] {CVE-2025-38477}
- net: emaclite: Fix missing pointer increment in aligned_read() (Alok Tiwari)
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (Ian Abbott)
- comedi: Fix some signed shift left operations (Ian Abbott)
- comedi: das6402: Fix bit shift out of bounds (Ian Abbott)
- comedi: das16m1: Fix bit shift out of bounds (Ian Abbott)
- comedi: aio_iiro_16: Fix bit shift out of bounds (Ian Abbott)
- comedi: pcl812: Fix bit shift out of bounds (Ian Abbott)
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (Chen Ni)
- iio: adc: max1363: Reorder mode_list[] entries (Fabio Estevam)
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (Fabio Estevam)
- soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled (Andrew Jeffery)
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (Andrew Jeffery)
- mmc: sdhci_am654: Workaround for Errata i2312 (Judith Mendez)
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (Edson Juliano Drosdeck)
- mmc: bcm2835: Fix dma_unmap_sg() nents value (Thomas Fourier)
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (Nathan Chancellor)
- isofs: Verify inode mode when loading from disk (Jan Kara)
- dmaengine: nbpfaxi: Fix memory corruption in probe() (Dan Carpenter)
- af_packet: fix soft lockup issue caused by tpacket_snd() (Yun Lu)
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (Yun Lu)
- phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() (Nathan Chancellor)
- HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254340,38453904] {CVE-2025-38494}
- HID: core: ensure __hid_request reserves the report ID as the first byte (Benjamin Tissoires)
- HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254348,38453908] {CVE-2025-38495}
- pch_uart: Fix dma_sync_sg_for_device() nents value (Thomas Fourier)
- Input: xpad - set correct controller type for Acer NGR200 (Nilton Perim Neto)
- i2c: stm32: fix the device used for the DMA map (Clément Le Goffic)
- usb: gadget: configfs: Fix OOB read on empty string write (Xinyu Liu) [Orabug: 38254358] {CVE-2025-38497}
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (Ryan Mann)
- USB: serial: option: add Foxconn T99W640 (Slark Xiao)
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (Fabio Porcedda)
- LTS tag: v5.4.296 (Sherry Yang)
- x86/mm: Disable hugetlb page table sharing on 32-bit (Jann Horn)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (Hans de Goede)
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324280] {CVE-2025-38540}
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (Zhang Heng)
- vt: add missing notification when switching back to text mode (Nicolas Pitre)
- net: usb: qmi_wwan: add SIMCom 8230C composition (Xiaowei Li)
- atm: idt77252: Add missing dma_map_error() (Thomas Fourier)
- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254090] {CVE-2025-38439}
- bnxt_en: Fix DCB ETS validation (Shravya Kn)
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (Sean Nyekjaer)
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (Oleksij Rempel)
- net: appletalk: Fix device refcount leak in atrtr_create() (Kito Xu)
- md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254109] {CVE-2025-38445}
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug: 38324161] {CVE-2025-38513}
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (Christian König)
- Input: xpad - support Acer NGR 200 Controller (Nilton Perim Neto)
- Input: xpad - add VID for Turtle Beach controllers (Vicki Pfau)
- Input: xpad - add support for Amazon Game Controller (Matt Reynolds)
- NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust)
- flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes (Tigran Mkrtchyan)
- RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad)
- netlink: Fix rmem check in netlink_broadcast_deliver(). (Kuniyuki Iwashima)
- netlink: make sure we allow at least one dump skb (Jakub Kicinski)
- Revert "ACPI: battery: negate current when discharging" (Rafael J. Wysocki)
- usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254118] {CVE-2025-38448}
- drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324180] {CVE-2025-38515}
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324186] {CVE-2025-38516}
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (Jp Kobryn)
- x86/mce: Don't remove sysfs if thresholding sysfs init fails (Yazen Ghannam)
- x86/mce/amd: Fix threshold limit reset (Yazen Ghannam)
- rxrpc: Fix oops due to non-existence of prealloc backlog struct (David Howells)
- net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254147] {CVE-2025-38457}
- atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254153] {CVE-2025-38458}
- atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254161] {CVE-2025-38459}
- atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324309] {CVE-2025-38546}
- atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254167] {CVE-2025-38460}
- tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254181] {CVE-2025-38464}
- netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254188] {CVE-2025-38465}
- fix proc_sys_compare() handling of in-lookup dentries (Al Viro)
- proc: Clear the pieces of proc_inode that proc_evict_inode cares about (Eric W. Biederman)
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug: 38254203] {CVE-2025-38467}
- staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (Nathan Chancellor)
- media: uvcvideo: Rollback non processed entities on error (Ricardo Ribalda)
- media: uvcvideo: Send control events for partial succeeds (Ricardo Ribalda)
- media: uvcvideo: Return the number of processed controls (Ricardo Ribalda)
- ACPI: PAD: fix crash in exit_round_robin() (Seiji Nishikawa) [Orabug: 37206006] {CVE-2024-49935}
- usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38401436] {CVE-2025-38404}
- Logitech C-270 even more broken (Oliver Neukum)
- rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju)
- net: rose: Fix fall-through warnings for Clang (Gustavo A R Silva)
- drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253887] {CVE-2025-38389}
- drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter)
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark)
- spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (Vladimir Oltean)
- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (Vladimir Oltean)
- dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai)
- ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier)
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (Filipe Manana)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (Filipe Manana)
- RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad)
- RDMA/core: Create and destroy counters in the ib_core (Leon Romanovsky)
- scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche)
- drm/v3d: Disable interrupts before resetting the GPU (Maíra Canal)
- mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky)
- mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu)
- mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() (Yue Hu)
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253907] {CVE-2025-38395}
- regulator: gpio: Add input_supply support in gpio_regulator_config (Jerome Neanne)
- ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253875] {CVE-2025-38386}
- wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253946] {CVE-2025-38406}
- wifi: mac80211: drop invalid source address OCB frames (Johannes Berg)
- powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan)
- ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg)
- ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai)
- nui: Fix dma_mapping_error() check (Thomas Fourier)
- enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari)
- amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju)
- lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter)
- drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski)
- btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana)
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier)
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253923] {CVE-2025-38400}
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253881] {CVE-2025-38387}
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson)
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu)
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253894] {CVE-2025-38391}
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih)
- vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253937] {CVE-2025-38403}
- btrfs: don't abort filesystem when attempting to snapshot deleted subvolume (Omar Sandoval) [Orabug: 36530119] {CVE-2024-26644}
- arm64: Restrict pagetable teardown to avoid false warning (Dev Jain)
- s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS (Nathan Chancellor)
- drm/bridge: cdns-dsi: Check return value when getting default PHY config (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix connecting to next bridge (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (Aradhya Bhatia)
- drm/tegra: Assign plane type before registration (Thierry Reding)
- HID: wacom: fix kobject reference count leak (Qasim Ijaz)
- HID: wacom: fix memory leak on sysfs attribute creation failure (Qasim Ijaz)
- HID: wacom: fix memory leak on kobject creation failure (Qasim Ijaz)
- dm-raid: fix variable in journal device check (Heinz Mauelshagen)
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (Frédéric Danis)
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug: 38175045] {CVE-2025-38245}
- net: enetc: Correct endianness handling in _enetc_rd_reg64 (Simon Horman)
- um: ubd: Add missing error check in start_io_thread() (Tiwei Bie)
- vsock/uapi: fix linux/vm_sockets.h userspace compilation errors (Stefano Garzarella)
- wifi: mac80211: fix beacon interval calculation overflow (Lachlan Hodges)
- attach_recursive_mnt(): do not lock the covering tree when sliding something under it (Al Viro)
- ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug: 38175065] {CVE-2025-38249}
- i2c: robotfuzz-osif: disable zero-length read messages (Wolfram Sang)
- i2c: tiny-usb: disable zero-length read messages (Wolfram Sang)
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug: 38158592] {CVE-2025-38211}
- RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private (Weihang Li)
- media: vivid: Change the siize of the composing (Denis Arefev)
- media: omap3isp: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158692] {CVE-2025-38229}
- media: cxusb: use dev_dbg() rather than hand-rolled debug (Sean Young)
- jfs: validate AG parameters in dbMount() to prevent crashes (Vasiliy Kovalev)
- fs/jfs: consolidate sanity checking in dbMount (Dave Kleikamp)
- ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (Martin Blumenstingl)
- of: Add of_property_present() helper (Rob Herring)
- of: property: define of_property_read_u{8,16,32,64}_array() unconditionally (Michael Walle)
- kbuild: hdrcheck: fix cross build with clang (Arnd Bergmann)
- kbuild: add --target to correctly cross-compile UAPI headers with Clang (Masahiro Yamada)
- bpfilter: match bit size of bpfilter_umh to that of the kernel (Masahiro Yamada)
- kbuild: use -MMD instead of -MD to exclude system headers from dependency (Masahiro Yamada)
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152869] {CVE-2025-38102}
- VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF (George Kennedy)
- ovl: Check for NULL d_inode() in ovl_dentry_upper() (Kees Cook)
- ceph: fix possible integer overflow in ceph_zero_objects() (Dmitry Kandybka)
- ALSA: hda: Ignore unsol events for cards being shut down (Cezary Rojewski)
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (Jos Wang)
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (Robert Hodaszi)
- usb: Add checks for snprintf() calls in usb_alloc_dev() (Andy Shevchenko)
- tty: serial: uartlite: register uart driver in init (Jakub Lewalski)
- usb: potential integer overflow in usbg_make_tpg() (Chen Yufeng)
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (Jonathan Cameron)
- md/md-bitmap: fix dm-raid max_write_behind setting (Yu Kuai)
- dmaengine: xilinx_dma: Set dma_device directions (Thomas Gessler)
- mfd: max14577: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- mailbox: Not protect module_put with spin_lock_irqsave (Peng Fan)
- cifs: Fix cifs_query_path_info() for Windows NT servers (Pali Rohár)

[5.4.17-2136.347.6]
- net_sched: sch_sfq: move the limit validation (Octavian Purdila) [Orabug: 38377926,38394593] {CVE-2025-37752}
- net_sched: sch_sfq: use a temporary work area for validating configuration (Octavian Purdila) [Orabug: 38377926]
- net_sched: sch_sfq: don't allow 1 packet limit (Octavian Purdila) [Orabug: 38377926] {CVE-2024-57996}
- net_sched: sch_sfq: handle bigger packets (Eric Dumazet) [Orabug: 38377926]
- net_sched: sch_sfq: annotate data-races around q->perturb_period (Eric Dumazet) [Orabug: 38377926]

[5.4.17-2136.347.5]
- squashfs: fix memory leak in squashfs_fill_super (Phillip Lougher) [Orabug: 38343661]
- netfilter: nf_tables: adjust lockdep assertions handling (Fedor Pchelkin)
- Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (Helge Deller) [Orabug: 38343661]
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (Arnd Bergmann)

[5.4.17-2136.347.4]
- KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38319938,38440302] {CVE-2025-39823}
- KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi (Miaohe Lin) [Orabug: 38319938]
- rds: Fix NULL ptr deref in xas_start (Håkon Bugge) [Orabug: 38169303]

LibTIFF security update for Rocky Linux 8

Kernel-RT and LibTIFF updates for AlmaLinux

BIND, RunC, Frr, and more updates for Oracle Linux

ELSA-2025-25754 Important: Unbreakable Enterprise kernel security update

ELBA-2025-19952 Oracle Linux 10 ca-certificates bug fix and enhancement update

ELBA-2025-25751 Oracle Linux 10 oracle-common-release bug fix update

ELSA-2025-25754 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

ELSA-2025-19951 Important: Oracle Linux 9 bind security update

ELSA-2025-19950 Important: Oracle Linux 9 bind9.18 security update

ELSA-2025-19927 Important: Oracle Linux 9 runc security update

ELBA-2025-19953 Oracle Linux 9 frr bug fix and enhancement update

ELBA-2025-25752 Oracle Linux 9 oraclelinux-developer-release-el9 bug fix update

ELSA-2025-25755 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELSA-2025-20034-0 Important: Oracle Linux 8 libtiff security update

ELSA-2025-25755 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELSA-2025-25755 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Windows

Linux

macOS

Community