CUPS, MySQL, PHP, and more updates for Oracle Linux

Oracle Linux 6415 Published 2025-09-13 07:40 by Philipp Esselbach

News

ELSA-2025-15701 Important: Oracle Linux 10 cups security update

Oracle Linux Security Advisory ELSA-2025-15701

http://linux.oracle.com/errata/ELSA-2025-15701.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
cups-2.4.10-11.el10_0.1.x86_64.rpm
cups-client-2.4.10-11.el10_0.1.x86_64.rpm
cups-devel-2.4.10-11.el10_0.1.x86_64.rpm
cups-filesystem-2.4.10-11.el10_0.1.noarch.rpm
cups-ipptool-2.4.10-11.el10_0.1.x86_64.rpm
cups-libs-2.4.10-11.el10_0.1.x86_64.rpm
cups-lpd-2.4.10-11.el10_0.1.x86_64.rpm
cups-printerapp-2.4.10-11.el10_0.1.x86_64.rpm

aarch64:
cups-2.4.10-11.el10_0.1.aarch64.rpm
cups-client-2.4.10-11.el10_0.1.aarch64.rpm
cups-devel-2.4.10-11.el10_0.1.aarch64.rpm
cups-filesystem-2.4.10-11.el10_0.1.noarch.rpm
cups-ipptool-2.4.10-11.el10_0.1.aarch64.rpm
cups-libs-2.4.10-11.el10_0.1.aarch64.rpm
cups-lpd-2.4.10-11.el10_0.1.aarch64.rpm
cups-printerapp-2.4.10-11.el10_0.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/cups-2.4.10-11.el10_0.1.src.rpm

Related CVEs:

CVE-2025-58060
CVE-2025-58364

Description of changes:

[-1:2.4.10-11.1]
- CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
- CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS

ELSA-2025-15699 Moderate: Oracle Linux 10 mysql-selinux and mysql8.4 security update

Oracle Linux Security Advisory ELSA-2025-15699

http://linux.oracle.com/errata/ELSA-2025-15699.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
mysql-selinux-1.0.14-1.el10_0.noarch.rpm
mysql8.4-8.4.6-2.el10_0.x86_64.rpm
mysql8.4-common-8.4.6-2.el10_0.noarch.rpm
mysql8.4-devel-8.4.6-2.el10_0.x86_64.rpm
mysql8.4-errmsg-8.4.6-2.el10_0.noarch.rpm
mysql8.4-libs-8.4.6-2.el10_0.x86_64.rpm
mysql8.4-server-8.4.6-2.el10_0.x86_64.rpm
mysql8.4-test-8.4.6-2.el10_0.x86_64.rpm
mysql8.4-test-data-8.4.6-2.el10_0.noarch.rpm

aarch64:
mysql-selinux-1.0.14-1.el10_0.noarch.rpm
mysql8.4-8.4.6-2.el10_0.aarch64.rpm
mysql8.4-common-8.4.6-2.el10_0.noarch.rpm
mysql8.4-devel-8.4.6-2.el10_0.aarch64.rpm
mysql8.4-errmsg-8.4.6-2.el10_0.noarch.rpm
mysql8.4-libs-8.4.6-2.el10_0.aarch64.rpm
mysql8.4-server-8.4.6-2.el10_0.aarch64.rpm
mysql8.4-test-8.4.6-2.el10_0.aarch64.rpm
mysql8.4-test-data-8.4.6-2.el10_0.noarch.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/mysql-selinux-1.0.14-1.el10_0.src.rpm
http://oss.oracle.com/ol10/SRPMS-updates/mysql8.4-8.4.6-2.el10_0.src.rpm

Related CVEs:

CVE-2024-13176
CVE-2025-5399
CVE-2025-21574
CVE-2025-21575
CVE-2025-21577
CVE-2025-21579
CVE-2025-21580
CVE-2025-21581
CVE-2025-21584
CVE-2025-21585
CVE-2025-21588
CVE-2025-30681
CVE-2025-30682
CVE-2025-30683
CVE-2025-30684
CVE-2025-30685
CVE-2025-30687
CVE-2025-30688
CVE-2025-30689
CVE-2025-30693
CVE-2025-30695
CVE-2025-30696
CVE-2025-30699
CVE-2025-30703
CVE-2025-30704
CVE-2025-30705
CVE-2025-30715
CVE-2025-30721
CVE-2025-30722
CVE-2025-50077
CVE-2025-50078
CVE-2025-50079
CVE-2025-50080
CVE-2025-50081
CVE-2025-50082
CVE-2025-50083
CVE-2025-50084
CVE-2025-50085
CVE-2025-50086
CVE-2025-50087
CVE-2025-50088
CVE-2025-50091
CVE-2025-50092
CVE-2025-50093
CVE-2025-50094
CVE-2025-50096
CVE-2025-50097
CVE-2025-50098
CVE-2025-50099
CVE-2025-50100
CVE-2025-50101
CVE-2025-50102
CVE-2025-50104

Description of changes:

mysql-selinux
[1.0.14-1]
- Update to version 1.0.14
- Resolves: rhbz#2380217

mysql8.4
[8.4.6-1]
- Rebase to 8.4.6

[8.4.5-1]
- Rebase to 8.4.5

ELBA-2025-9413 Oracle Linux 10 linux-firmware bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-9413

http://linux.oracle.com/errata/ELBA-2025-9413.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.44.el10.noarch.rpm
iwl100-firmware-39.31.5.1-999.44.el10.noarch.rpm
iwl105-firmware-18.168.6.1-999.44.el10.noarch.rpm
iwl135-firmware-18.168.6.1-999.44.el10.noarch.rpm
iwl2000-firmware-18.168.6.1-999.44.el10.noarch.rpm
iwl2030-firmware-18.168.6.1-999.44.el10.noarch.rpm
iwl3160-firmware-25.30.13.0-999.44.el10.noarch.rpm
iwl3945-firmware-15.32.2.9-999.44.el10.noarch.rpm
iwl4965-firmware-228.61.2.24-999.44.el10.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.44.el10.noarch.rpm
iwl5150-firmware-8.24.2.2-999.44.el10.noarch.rpm
iwl6000-firmware-9.221.4.1-999.44.el10.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.44.el10.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.44.el10.noarch.rpm
iwl6050-firmware-41.28.5.1-999.44.el10.noarch.rpm
iwl7260-firmware-25.30.13.0-999.44.el10.noarch.rpm
iwlax2xx-firmware-20250909-999.44.el10.noarch.rpm
libertas-sd8686-firmware-20250909-999.44.git260ff424.el10.noarch.rpm
libertas-sd8787-firmware-20250909-999.44.git260ff424.el10.noarch.rpm
libertas-usb8388-firmware-20250909-999.44.git260ff424.el10.noarch.rpm
libertas-usb8388-olpc-firmware-20250909-999.44.git260ff424.el10.noarch.rpm
linux-firmware-20250909-999.44.git260ff424.el10.noarch.rpm
linux-firmware-core-20250909-999.44.git260ff424.el10.noarch.rpm
linux-firmware-whence-20250909-999.44.git260ff424.el10.noarch.rpm
liquidio-firmware-20250909-999.44.git260ff424.el10.noarch.rpm
netronome-firmware-20250909-999.44.git260ff424.el10.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.44.el10.noarch.rpm
iwl100-firmware-39.31.5.1-999.44.el10.noarch.rpm
iwl105-firmware-18.168.6.1-999.44.el10.noarch.rpm
iwl135-firmware-18.168.6.1-999.44.el10.noarch.rpm
iwl2000-firmware-18.168.6.1-999.44.el10.noarch.rpm
iwl2030-firmware-18.168.6.1-999.44.el10.noarch.rpm
iwl3160-firmware-25.30.13.0-999.44.el10.noarch.rpm
iwl3945-firmware-15.32.2.9-999.44.el10.noarch.rpm
iwl4965-firmware-228.61.2.24-999.44.el10.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.44.el10.noarch.rpm
iwl5150-firmware-8.24.2.2-999.44.el10.noarch.rpm
iwl6000-firmware-9.221.4.1-999.44.el10.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.44.el10.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.44.el10.noarch.rpm
iwl6050-firmware-41.28.5.1-999.44.el10.noarch.rpm
iwl7260-firmware-25.30.13.0-999.44.el10.noarch.rpm
iwlax2xx-firmware-20250909-999.44.el10.noarch.rpm
libertas-sd8686-firmware-20250909-999.44.git260ff424.el10.noarch.rpm
libertas-sd8787-firmware-20250909-999.44.git260ff424.el10.noarch.rpm
libertas-usb8388-firmware-20250909-999.44.git260ff424.el10.noarch.rpm
libertas-usb8388-olpc-firmware-20250909-999.44.git260ff424.el10.noarch.rpm
linux-firmware-20250909-999.44.git260ff424.el10.noarch.rpm
linux-firmware-core-20250909-999.44.git260ff424.el10.noarch.rpm
linux-firmware-whence-20250909-999.44.git260ff424.el10.noarch.rpm
liquidio-firmware-20250909-999.44.git260ff424.el10.noarch.rpm
netronome-firmware-20250909-999.44.git260ff424.el10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/linux-firmware-20250909-999.44.git260ff424.el10.src.rpm

Description of changes:

[20250909-999.44.git260ff424.el10]
- Rewrite the script to accomodate yum-based installs [Orabug: 38409589]

ELBA-2025-20550 Oracle Linux 7 linux-firmware bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20550

http://linux.oracle.com/errata/ELBA-2025-20550.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.44.el7.noarch.rpm
iwl100-firmware-39.31.5.1-999.44.el7.noarch.rpm
iwl105-firmware-18.168.6.1-999.44.el7.noarch.rpm
iwl135-firmware-18.168.6.1-999.44.el7.noarch.rpm
iwl2000-firmware-18.168.6.1-999.44.el7.noarch.rpm
iwl2030-firmware-18.168.6.1-999.44.el7.noarch.rpm
iwl3160-firmware-22.0.7.0-999.44.el7.noarch.rpm
iwl3945-firmware-15.32.2.9-999.44.el7.noarch.rpm
iwl4965-firmware-228.61.2.24-999.44.el7.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.44.el7.noarch.rpm
iwl5150-firmware-8.24.2.2-999.44.el7.noarch.rpm
iwl6000-firmware-9.221.4.1-999.44.el7.noarch.rpm
iwl6000g2a-firmware-17.168.5.3-999.44.el7.noarch.rpm
iwl6000g2b-firmware-17.168.5.2-999.44.el7.noarch.rpm
iwl6050-firmware-41.28.5.1-999.44.el7.noarch.rpm
iwl7260-firmware-22.0.7.0-999.44.el7.noarch.rpm
iwlax2xx-firmware-20250909-999.44.el7.noarch.rpm
linux-firmware-20250909-999.44.git260ff424.el7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/linux-firmware-20250909-999.44.git260ff424.el7.src.rpm

Description of changes:

[20250909-999.44.git260ff424.el7]
- Rewrite the script to accomodate yum-based installs [Orabug: 38409589]

ELSA-2025-15700 Important: Oracle Linux 9 cups security update

Oracle Linux Security Advisory ELSA-2025-15700

http://linux.oracle.com/errata/ELSA-2025-15700.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
cups-2.3.3op2-33.el9_6.1.x86_64.rpm
cups-client-2.3.3op2-33.el9_6.1.x86_64.rpm
cups-devel-2.3.3op2-33.el9_6.1.i686.rpm
cups-devel-2.3.3op2-33.el9_6.1.x86_64.rpm
cups-filesystem-2.3.3op2-33.el9_6.1.noarch.rpm
cups-ipptool-2.3.3op2-33.el9_6.1.x86_64.rpm
cups-libs-2.3.3op2-33.el9_6.1.i686.rpm
cups-libs-2.3.3op2-33.el9_6.1.x86_64.rpm
cups-lpd-2.3.3op2-33.el9_6.1.x86_64.rpm
cups-printerapp-2.3.3op2-33.el9_6.1.x86_64.rpm

aarch64:
cups-2.3.3op2-33.el9_6.1.aarch64.rpm
cups-client-2.3.3op2-33.el9_6.1.aarch64.rpm
cups-devel-2.3.3op2-33.el9_6.1.aarch64.rpm
cups-filesystem-2.3.3op2-33.el9_6.1.noarch.rpm
cups-ipptool-2.3.3op2-33.el9_6.1.aarch64.rpm
cups-libs-2.3.3op2-33.el9_6.1.aarch64.rpm
cups-lpd-2.3.3op2-33.el9_6.1.aarch64.rpm
cups-printerapp-2.3.3op2-33.el9_6.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/cups-2.3.3op2-33.el9_6.1.src.rpm

Related CVEs:

CVE-2025-58060
CVE-2025-58364

Description of changes:

[1.2.3.3op2-33.1]
- RHEL-113077 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS

[1.2.3.3op2-33.1]
- RHEL-112438 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling

ELBA-2025-20578 Oracle Linux 9 linux-firmware bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20578

http://linux.oracle.com/errata/ELBA-2025-20578.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.42.1.el9.noarch.rpm
iwl100-firmware-39.31.5.1-999.42.1.el9.noarch.rpm
iwl105-firmware-18.168.6.1-999.42.1.el9.noarch.rpm
iwl135-firmware-18.168.6.1-999.42.1.el9.noarch.rpm
iwl2000-firmware-18.168.6.1-999.42.1.el9.noarch.rpm
iwl2030-firmware-18.168.6.1-999.42.1.el9.noarch.rpm
iwl3160-firmware-25.30.13.0-999.42.1.el9.noarch.rpm
iwl3945-firmware-15.32.2.9-999.42.1.el9.noarch.rpm
iwl4965-firmware-228.61.2.24-999.42.1.el9.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.42.1.el9.noarch.rpm
iwl5150-firmware-8.24.2.2-999.42.1.el9.noarch.rpm
iwl6000-firmware-9.221.4.1-999.42.1.el9.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.42.1.el9.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.42.1.el9.noarch.rpm
iwl6050-firmware-41.28.5.1-999.42.1.el9.noarch.rpm
iwl7260-firmware-25.30.13.0-999.42.1.el9.noarch.rpm
iwlax2xx-firmware-20250909-999.42.1.el9.noarch.rpm
libertas-sd8686-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm
libertas-sd8787-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm
libertas-usb8388-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm
libertas-usb8388-olpc-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm
linux-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm
linux-firmware-core-20250909-999.42.1.git356f06bf.el9.noarch.rpm
linux-firmware-whence-20250909-999.42.1.git356f06bf.el9.noarch.rpm
liquidio-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm
netronome-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.42.1.el9.noarch.rpm
iwl100-firmware-39.31.5.1-999.42.1.el9.noarch.rpm
iwl105-firmware-18.168.6.1-999.42.1.el9.noarch.rpm
iwl135-firmware-18.168.6.1-999.42.1.el9.noarch.rpm
iwl2000-firmware-18.168.6.1-999.42.1.el9.noarch.rpm
iwl2030-firmware-18.168.6.1-999.42.1.el9.noarch.rpm
iwl3160-firmware-25.30.13.0-999.42.1.el9.noarch.rpm
iwl3945-firmware-15.32.2.9-999.42.1.el9.noarch.rpm
iwl4965-firmware-228.61.2.24-999.42.1.el9.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.42.1.el9.noarch.rpm
iwl5150-firmware-8.24.2.2-999.42.1.el9.noarch.rpm
iwl6000-firmware-9.221.4.1-999.42.1.el9.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.42.1.el9.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.42.1.el9.noarch.rpm
iwl6050-firmware-41.28.5.1-999.42.1.el9.noarch.rpm
iwl7260-firmware-25.30.13.0-999.42.1.el9.noarch.rpm
iwlax2xx-firmware-20250909-999.42.1.el9.noarch.rpm
libertas-sd8686-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm
libertas-sd8787-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm
libertas-usb8388-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm
libertas-usb8388-olpc-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm
linux-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm
linux-firmware-core-20250909-999.42.1.git356f06bf.el9.noarch.rpm
linux-firmware-whence-20250909-999.42.1.git356f06bf.el9.noarch.rpm
liquidio-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm
netronome-firmware-20250909-999.42.1.git356f06bf.el9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/linux-firmware-20250909-999.42.1.git356f06bf.el9.src.rpm

Description of changes:

[20250909-999.42.1.git356f06bf.el9]
- Rewrite the script to accomodate yum-based installs [Orabug: 38410501]

ELBA-2025-15707 Oracle Linux 9 samba bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-15707

http://linux.oracle.com/errata/ELBA-2025-15707.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ldb-tools-4.21.3-14.el9_6.x86_64.rpm
libldb-4.21.3-14.el9_6.i686.rpm
libldb-4.21.3-14.el9_6.x86_64.rpm
libldb-devel-4.21.3-14.el9_6.i686.rpm
libldb-devel-4.21.3-14.el9_6.x86_64.rpm
libnetapi-4.21.3-14.el9_6.i686.rpm
libnetapi-4.21.3-14.el9_6.x86_64.rpm
libnetapi-devel-4.21.3-14.el9_6.i686.rpm
libnetapi-devel-4.21.3-14.el9_6.x86_64.rpm
libsmbclient-4.21.3-14.el9_6.i686.rpm
libsmbclient-4.21.3-14.el9_6.x86_64.rpm
libsmbclient-devel-4.21.3-14.el9_6.i686.rpm
libsmbclient-devel-4.21.3-14.el9_6.x86_64.rpm
libwbclient-4.21.3-14.el9_6.i686.rpm
libwbclient-4.21.3-14.el9_6.x86_64.rpm
libwbclient-devel-4.21.3-14.el9_6.i686.rpm
libwbclient-devel-4.21.3-14.el9_6.x86_64.rpm
python3-ldb-4.21.3-14.el9_6.i686.rpm
python3-ldb-4.21.3-14.el9_6.x86_64.rpm
python3-samba-4.21.3-14.el9_6.i686.rpm
python3-samba-4.21.3-14.el9_6.x86_64.rpm
python3-samba-dc-4.21.3-14.el9_6.x86_64.rpm
python3-samba-test-4.21.3-14.el9_6.x86_64.rpm
samba-4.21.3-14.el9_6.x86_64.rpm
samba-client-4.21.3-14.el9_6.x86_64.rpm
samba-client-libs-4.21.3-14.el9_6.i686.rpm
samba-client-libs-4.21.3-14.el9_6.x86_64.rpm
samba-common-4.21.3-14.el9_6.noarch.rpm
samba-common-libs-4.21.3-14.el9_6.i686.rpm
samba-common-libs-4.21.3-14.el9_6.x86_64.rpm
samba-common-tools-4.21.3-14.el9_6.x86_64.rpm
samba-dc-libs-4.21.3-14.el9_6.i686.rpm
samba-dc-libs-4.21.3-14.el9_6.x86_64.rpm
samba-dcerpc-4.21.3-14.el9_6.x86_64.rpm
samba-devel-4.21.3-14.el9_6.i686.rpm
samba-devel-4.21.3-14.el9_6.x86_64.rpm
samba-gpupdate-4.21.3-14.el9_6.x86_64.rpm
samba-krb5-printing-4.21.3-14.el9_6.x86_64.rpm
samba-ldb-ldap-modules-4.21.3-14.el9_6.x86_64.rpm
samba-libs-4.21.3-14.el9_6.i686.rpm
samba-libs-4.21.3-14.el9_6.x86_64.rpm
samba-pidl-4.21.3-14.el9_6.noarch.rpm
samba-test-4.21.3-14.el9_6.x86_64.rpm
samba-test-libs-4.21.3-14.el9_6.x86_64.rpm
samba-tools-4.21.3-14.el9_6.x86_64.rpm
samba-usershares-4.21.3-14.el9_6.x86_64.rpm
samba-vfs-iouring-4.21.3-14.el9_6.x86_64.rpm
samba-winbind-4.21.3-14.el9_6.x86_64.rpm
samba-winbind-clients-4.21.3-14.el9_6.x86_64.rpm
samba-winbind-krb5-locator-4.21.3-14.el9_6.x86_64.rpm
samba-winbind-modules-4.21.3-14.el9_6.i686.rpm
samba-winbind-modules-4.21.3-14.el9_6.x86_64.rpm
samba-winexe-4.21.3-14.el9_6.x86_64.rpm

aarch64:
ldb-tools-4.21.3-14.el9_6.aarch64.rpm
libldb-4.21.3-14.el9_6.aarch64.rpm
libldb-devel-4.21.3-14.el9_6.aarch64.rpm
libnetapi-4.21.3-14.el9_6.aarch64.rpm
libnetapi-devel-4.21.3-14.el9_6.aarch64.rpm
libsmbclient-4.21.3-14.el9_6.aarch64.rpm
libsmbclient-devel-4.21.3-14.el9_6.aarch64.rpm
libwbclient-4.21.3-14.el9_6.aarch64.rpm
libwbclient-devel-4.21.3-14.el9_6.aarch64.rpm
python3-ldb-4.21.3-14.el9_6.aarch64.rpm
python3-samba-4.21.3-14.el9_6.aarch64.rpm
python3-samba-dc-4.21.3-14.el9_6.aarch64.rpm
python3-samba-test-4.21.3-14.el9_6.aarch64.rpm
samba-4.21.3-14.el9_6.aarch64.rpm
samba-client-4.21.3-14.el9_6.aarch64.rpm
samba-client-libs-4.21.3-14.el9_6.aarch64.rpm
samba-common-4.21.3-14.el9_6.noarch.rpm
samba-common-libs-4.21.3-14.el9_6.aarch64.rpm
samba-common-tools-4.21.3-14.el9_6.aarch64.rpm
samba-dc-libs-4.21.3-14.el9_6.aarch64.rpm
samba-dcerpc-4.21.3-14.el9_6.aarch64.rpm
samba-devel-4.21.3-14.el9_6.aarch64.rpm
samba-gpupdate-4.21.3-14.el9_6.aarch64.rpm
samba-krb5-printing-4.21.3-14.el9_6.aarch64.rpm
samba-ldb-ldap-modules-4.21.3-14.el9_6.aarch64.rpm
samba-libs-4.21.3-14.el9_6.aarch64.rpm
samba-pidl-4.21.3-14.el9_6.noarch.rpm
samba-test-4.21.3-14.el9_6.aarch64.rpm
samba-test-libs-4.21.3-14.el9_6.aarch64.rpm
samba-tools-4.21.3-14.el9_6.aarch64.rpm
samba-usershares-4.21.3-14.el9_6.aarch64.rpm
samba-vfs-iouring-4.21.3-14.el9_6.aarch64.rpm
samba-winbind-4.21.3-14.el9_6.aarch64.rpm
samba-winbind-clients-4.21.3-14.el9_6.aarch64.rpm
samba-winbind-krb5-locator-4.21.3-14.el9_6.aarch64.rpm
samba-winbind-modules-4.21.3-14.el9_6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/samba-4.21.3-14.el9_6.src.rpm

Description of changes:

[0:4.21.3-14]
- resolves: RHEL-113388 - Rebuild for zstream

[0:4.21.3-13]
- resolves: RHEL-113388 - Fix 'net ads join' in setups with multiple DCs

[0:4.21.3-12]
- resolves: RHEL-101766 - Fix DC discovery after Windows netlogon hardening
(follow-up, main fix is in samba-4.21.3-7)

[0:4.21.3-11]
- resolves: RHEL-111311 - Fix winbind fork bomb in 'IPA with AD trust'
environment

[0:4.21.3-10]
- resolves: RHEL-102934 - Fix samba-gpupdate to process empty GPO Link

[0:4.21.3-9]
- resolves: RHEL-105624 - Fix 'net ads kerberos kinit'

[0:4.21.3-8]
- resolves: RHEL-103411 - smb.conf: Remove the '@' for NIX groups, we
removed NIS support

ELSA-2025-15661 Important: Oracle Linux 9 kernel security update

Oracle Linux Security Advisory ELSA-2025-15661

http://linux.oracle.com/errata/ELSA-2025-15661.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-abi-stablelists-5.14.0-570.42.2.0.1.el9_6.noarch.rpm
kernel-core-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-cross-headers-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-debug-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-debug-core-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-debug-devel-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-debug-devel-matched-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-debug-modules-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-debug-modules-core-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-debug-modules-extra-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-debug-uki-virt-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-devel-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-devel-matched-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-doc-5.14.0-570.42.2.0.1.el9_6.noarch.rpm
kernel-headers-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-modules-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-modules-core-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-modules-extra-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-tools-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-tools-libs-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-tools-libs-devel-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-uki-virt-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
kernel-uki-virt-addons-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
libperf-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
perf-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
python3-perf-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
rtla-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm
rv-5.14.0-570.42.2.0.1.el9_6.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm
kernel-headers-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm
kernel-tools-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm
kernel-tools-libs-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm
kernel-tools-libs-devel-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm
libperf-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm
perf-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm
python3-perf-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm
rtla-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm
rv-5.14.0-570.42.2.0.1.el9_6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-570.42.2.0.1.el9_6.src.rpm

Related CVEs:

CVE-2025-22097
CVE-2025-38332
CVE-2025-38352
CVE-2025-38449

Description of changes:

[5.14.0-570.42.2.0.1.el9_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 thread before calling do_zoom_thread() (Arnaldo Carvalho de Melo)
- fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180566] {CVE-2025-38312}
- soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153060] {CVE-2025-38145}
- soc: aspeed: lpc: Fix impossible judgment condition (Su Hui)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (Quentin Schulz)
- ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device (Dmitry Baryshkov)
- bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180573] {CVE-2025-38313}
- nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (Ryusuke Konishi)
- nilfs2: add pointer check for nilfs_direct_propagate() (Xu Wang)
- Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253985] {CVE-2025-38415}
- ARM: dts: at91: at91sam9263: fix NAND chip selects (Wolfram Sang)
- ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select (Wolfram Sang)
- f2fs: fix to correct check conditions in f2fs_cross_rename (Zhiguo Niu)
- f2fs: use d_inode(dentry) cleanup dentry->d_inode (Zhiguo Niu)
- calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153070] {CVE-2025-38147}
- net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy (Thangaraj Samynathan)
- net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153090] {CVE-2025-38153}
- netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (Florian Westphal)
- wifi: ath9k_htc: Abort software beacon handling if disabled (Toke Høiland-Jørgensen) [Orabug: 38153110] {CVE-2025-38157}
- bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180489] {CVE-2025-38285}
- pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180495] {CVE-2025-38286}
- ktls, sockmap: Fix missing uncharge operation (Jiayuan Chen)
- netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (Huajian Yang)
- f2fs: clean up w/ fscrypt_is_bounce_page() (Chao Yu)
- RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (Junxian Huang)
- wifi: rtw88: do not ignore hardware read error during DPK (Dmitry Antipov)
- net: ncsi: Fix GCPS 64-bit member variables (Hari Kalavakunta)
- f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153150] {CVE-2025-38163}
- drm/tegra: rgb: Fix the unbound reference count (Biju Das)
- drm/vkms: Adjust vkms_state->active_planes allocation type (Kees Cook)
- drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (Biju Das)
- selftests/seccomp: fix syscall_restart test for arm compat (Neill Kapron)
- firmware: psci: Fix refcount leak in psci_dt_init (Miaoqian Lin)
- m68k: mac: Fix macintosh_config for Mac II (Finn Thain)
- drm/vmwgfx: Add seqno waiter for sync_files (Ian Forbes)
- spi: sh-msiof: Fix maximum DMA transfer size (Geert Uytterhoeven)
- ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" (Armin Wolf)
- x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (Jiaqing Zhao)
- PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (Zijun Hu)
- EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180525] {CVE-2025-38298}
- crypto: marvell/cesa - Avoid empty transfer descriptor (Herbert Xu)
- crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153190] {CVE-2025-38173}
- x86/cpu: Sanitize CPUID(0x80000000) output (Ahmed S. Darwish)
- perf/core: Fix broken throttling when max_samples_per_tick=1 (Qing Wang)
- gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher)
- netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [Orabug: 37116555] {CVE-2024-46855}
- thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158384] {CVE-2025-38174}
- usb: usbtmc: Fix timeout value in get_stb (Dave Penkler)
- usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (Hongyu Xie)
- usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (Jiayi Li)
- pinctrl: armada-37xx: set GPIO output value before setting direction (Gabor Juhos)
- pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (Gabor Juhos)

[5.4.17-2136.346.6.el7uek]
- net/mlx5: Add poll-eq API to be used by ULP's (Praveen Kumar Kannoju) [Orabug: 38109070]
- net/rds: poll eq during user-reset (Praveen Kumar Kannoju) [Orabug: 38189315]

[5.4.17-2136.346.5.el7uek]
- perf: Fix perf_event_validate_size() lockdep splat (Mark Rutland) [Orabug: 36261486] {CVE-2023-6931}
- perf: Fix perf_event_validate_size() (Peter Zijlstra) [Orabug: 36261486] {CVE-2023-6931}
- net/mlx5: set graceful_period to 0 to allow multiple transmission queue recovery (Praveen Kumar Kannoju) [Orabug: 38182891]

[5.4.17-2136.346.4.el7uek]
- pwm: mediatek: Ensure to disable clocks in error path (Uwe Kleine-König)
- Revert "mmc: sdhci: Disable SD card clock before changing parameters" (Ulf Hansson)
- net/sched: Always pass notifications when child class becomes empty (Lion Ackermann) [Orabug: 38217340] {CVE-2025-38350}

[5.4.17-2136.346.3.el7uek]
- x86/bpf: Classic BPF program can fail when BHB barrier is used (Alexandre Chartre) [Orabug: 38151403]
- Add Zen34 clients (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- x86/process: Move the buffer clearing before MONITOR (Kim Phillips) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- KVM: SVM: Advertize TSA CPUID bits to guests (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- x86/CPU/AMD: Add ZenX generations flags (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
- x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits (Boris Ostrovsky) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}

[5.4.17-2136.346.2.el7uek]
- Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older (Breno Leitao)
- tracing: Fix compilation warning on arm32 (Pan Taixi)
- PM: sleep: Fix power.is_suspended cleanup for direct-complete devices (Rafael J. Wysocki)
- LTS tag: v5.4.294 (Alok Tiwari)
- platform/x86: thinkpad_acpi: Ignore battery threshold change event notification (Mark Pearson)
- platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (Valtteri Koskivuori)
- spi: spi-sun4i: fix early activation (Alessandro Grassi)
- um: let 'make clean' properly clean underlying SUBARCH as well (Masahiro Yamada)
- platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (John Chau)
- nfs: don't share pNFS DS connections between net namespaces (Jeff Layton)
- HID: quirks: Add ADATA XPG alpha wireless mouse support (Milton Barrera)
- coredump: hand a pidfd to the usermode coredump helper (Christian Brauner)
- fork: use pidfd_prepare() (Christian Brauner)
- pid: add pidfd_prepare() (Christian Brauner)
- pidfd: check pid has attached task in fdinfo (Christian Brauner)
- coredump: fix error handling for replace_fd() (Christian Brauner)
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Pedro Tammela) [Orabug: 38049365] {CVE-2025-38001}
- smb: client: Reset all search buffer pointers when releasing buffer (Zhaolong Wang)
- smb: client: Fix use-after-free in cifs_fill_dirent (Zhaolong Wang) [Orabug: 38094972] {CVE-2025-38051}
- drm/i915/gvt: fix unterminated-string-initialization warning (Jani Nikula)
- netfilter: nf_tables: do not defer rule destruction via call_rcu (Florian Westphal) [Orabug: 38186911] {CVE-2024-56655}
- netfilter: nf_tables: wait for rcu grace period on net_device removal (Pablo Neira Ayuso)
- netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx (Florian Westphal)
- kbuild: Disable -Wdefault-const-init-unsafe (Nathan Chancellor)
- spi: spi-fsl-dspi: restrict register range for regmap access (Larisa Grigore)
- mm/page_alloc.c: avoid infinite retries caused by cpuset race (Tianyang Zhang)
- drm/edid: fixed the bug that hdr metadata was not reset (Feijuan Li)
- llc: fix data loss when reading from a socket in llc_ui_recvmsg() (Gavrilov Ilia)
- ALSA: pcm: Fix race of buffer access at PCM OSS layer (Takashi Iwai) [Orabug: 38095147] {CVE-2025-38078}
- can: bcm: add missing rcu read protection for procfs content (Oliver Hartkopp) [Orabug: 38049371] {CVE-2025-38003}
- can: bcm: add locking for bcm_op runtime updates (Oliver Hartkopp) [Orabug: 38049376] {CVE-2025-38004}
- crypto: algif_hash - fix double free in hash_accept (Ivan Pravdin) [Orabug: 38095156] {CVE-2025-38079}
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Cong Wang) [Orabug: 38049359] {CVE-2025-38000}
- net: dwmac-sun8i: Use parsed internal PHY address instead of 1 (Paul Kocialkowski)
- bridge: netfilter: Fix forwarding of fragmented packets (Ido Schimmel)
- xfrm: Sanitize marks before insert (Paul Chaignon)
- __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (Al Viro) [Orabug: 38095002] {CVE-2025-38058}
- xenbus: Allow PVH dom0 a non-local xenstore (Jason Andryuk)
- btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (Goldwyn Rodrigues) [Orabug: 38094858] {CVE-2025-38034}
- nvmet-tcp: don't restore null sk_state_change (Alistair Francis) [Orabug: 38094865] {CVE-2025-38035}
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 (Takashi Iwai)
- pinctrl: meson: define the pull up/down resistor value as 60 kOhm (Martin Blumenstingl)
- drm: Add valid clones check (Jessica Zhang)
- drm/atomic: clarify the rules around drm_atomic_state->allow_modeset (Simona Vetter)
- regulator: ad5398: Add device tree support (Isaac Scott)
- wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate (Bitterblue Smith)
- bpftool: Fix readlink usage in get_fd_type (Viktor Malik)
- HID: usbkbd: Fix the bit shift number for LED_KANA (Junan)
- scsi: st: Restore some drive settings after reset (Kai Mäkisara)
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (Justin Tee)
- rcu: fix header guard for rcu_all_qs() (Ankur Arora)
- rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y (Ankur Arora)
- vxlan: Annotate FDB data races (Ido Schimmel) [Orabug: 38094881] {CVE-2025-38037}
- hwmon: (xgene-hwmon) use appropriate type for the latency value (Andrey Vatoropin)
- ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). (Kuniyuki Iwashima)
- net/mlx5e: reduce rep rxq depth to 256 for ECPF (William Tu)
- net/mlx5e: set the tx_queue_len for pfifo_fast (William Tu)
- net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB (Alexei Lazar)
- phy: core: don't require set_mode() callback for phy_get_mode() to work (Dmitry Baryshkov)
- net/mlx4_core: Avoid impossible mlx4_db_alloc() order value (Kees Cook)
- smack: recognize ipv4 CIPSO w/o categories (Konstantin Andreev)
- pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map (Valentin Caron)
- ASoC: ops: Enforce platform maximum on initial value (Martin Povišer)
- net/mlx5: Apply rate-limiting to high temperature warning (Shahar Shitrit)
- net/mlx5: Modify LSB bitmask in temperature event to include only the first bit (Shahar Shitrit)
- ACPI: HED: Always initialize before evged (Xiaofei Tan)
- PCI: Fix old_size lower bound in calculate_iosize() too (Ilpo Järvinen)
- EDAC/ie31200: work around false positive build warning (Arnd Bergmann)
- net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (Peter Seiderer) [Orabug: 38095027] {CVE-2025-38061}
- wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU (Bitterblue Smith)
- scsi: mpt3sas: Send a diag reset if target reset fails (Shivasharan S)
- MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core (Paul Burton)
- MIPS: Use arch specific syscall name match function (Bibo Mao)
- cpuidle: menu: Avoid discarding useful information (Rafael J. Wysocki)
- x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() (Waiman Long)
- bonding: report duplicate MAC address in all situations (Hangbin Liu)
- net: xgene-v2: remove incorrect ACPI_PTR annotation (Arnd Bergmann)
- drm/amdkfd: KFD release_work possible circular locking (Philip Yang)
- net/mlx5: Avoid report two health errors on same syndrome (Moshe Shemesh)
- fpga: altera-cvp: Increase credit timeout (Kuhanh Murugasen Krishnan)
- drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence (AngeloGioacchino Del Regno)
- hwmon: (gpio-fan) Add missing mutex locks (Alexander Stein)
- x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 (Breno Leitao)
- net: pktgen: fix mpls maximum labels list parsing (Peter Seiderer)
- pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" (Artur Weber)
- media: cx231xx: set device_caps for 417 (Hans Verkuil) [Orabug: 38094937] {CVE-2025-38044}
- orangefs: Do not truncate file size (Matthew Wilcox) [Orabug: 38095058] {CVE-2025-38065}
- dm cache: prevent BUG_ON by blocking retries on failed device resumes (Ming-Hung Tsai) [Orabug: 38095065] {CVE-2025-38066}
- media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() (Markus Elfring)
- ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 (Svyatoslav Ryhel)
- ieee802154: ca8210: Use proper setters and getters for bitwise types (Andy Shevchenko)
- rtc: ds1307: stop disabling alarms on probe (Alexandre Belloni)
- powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 (Andreas Schwab)
- mmc: sdhci: Disable SD card clock before changing parameters (Erick Shepherd)
- netfilter: conntrack: Bound nf_conntrack sysctl writes (Nicolas Bouchinet)
- posix-timers: Add cond_resched() to posix_timer_add() search loop (Eric Dumazet)
- xen: Add support for XenServer 6.1 platform device (Frediano Ziglio)
- dm: restrict dm device size to 2^63-512 bytes (Mikulas Patocka)
- kbuild: fix argument parsing in scripts/config (Seyediman Seyedarab)
- scsi: st: ERASE does not change tape location (Kai Mäkisara)
- scsi: st: Tighten the page format heuristics with MODE SELECT (Kai Mäkisara)
- ext4: reorder capability check last (Christian Göttsche)
- um: Update min_low_pfn to match changes in uml_reserved (Tiwei Bie)
- um: Store full CSGSFS and SS register from mcontext (Benjamin Berg)
- btrfs: send: return -ENAMETOOLONG when attempting a path that is too long (Filipe Manana)
- btrfs: avoid linker error in btrfs_find_create_tree_block() (Mark Harmstone)
- i2c: pxa: fix call balance of i2c->clk handling routines (Vitalii Mordan)
- mmc: host: Wait for Vdd to settle on card power off (Erick Shepherd)
- libnvdimm/labels: Fix divide error in nd_label_data_init() (Robert Richter) [Orabug: 38095111] {CVE-2025-38072}
- pNFS/flexfiles: Report ENETDOWN as a connection error (Trond Myklebust)
- tools/build: Don't pass test log files to linker (Ian Rogers)
- dql: Fix dql->limit value when reset. (Jing Su)
- SUNRPC: rpc_clnt_set_transport() must not change the autobind setting (Trond Myklebust)
- NFSv4: Treat ENETUNREACH errors as fatal for state recovery (Trond Myklebust)
- fbdev: core: tileblit: Implement missing margin clearing for tileblit (Zsolt Kajtar)
- fbdev: fsl-diu-fb: add missing device_remove_file() (Shixiong Ou)
- mailbox: use error ret code of of_parse_phandle_with_args() (Tudor Ambarus)
- kconfig: merge_config: use an empty file as initfile (Daniel Gomez)
- cgroup: Fix compilation issue due to cgroup_mutex not being exported (Gao Xu)
- dma-mapping: avoid potential unused data compilation warning (Marek Szyprowski)
- scsi: target: iscsi: Fix timeout on deleted connection (Dmitry Bogdanov) [Orabug: 38095136] {CVE-2025-38075}
- openvswitch: Fix unsafe attribute parsing in output_userspace() (Eelco Chaudron) [Orabug: 38015150] {CVE-2025-37998}
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (Aditya Garg)
- Input: synaptics - enable SMBus for HP Elitebook 850 G1 (Dmitry Torokhov)
- clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() (Sebastian Andrzej Siewior)
- phy: renesas: rcar-gen3-usb2: Set timing registers only once (Claudiu Beznea)
- phy: Fix error handling in tegra_xusb_port_init (Ma Ke)
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (Xu Wang)
- NFSv4/pnfs: Reset the layout state after a layoutreturn (Trond Myklebust)
- NFSv4/pnfs: pnfs_set_layout_stateid() should update the layout cred (Trond Myklebust)
- qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() (Abdun Nihaal)
- ALSA: sh: SND_AICA should depend on SH_DMA_API (Geert Uytterhoeven)
- net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING (Vladimir Oltean)
- spi: loopback-test: Do not split 1024-byte hexdumps (Geert Uytterhoeven)
- nfs: handle failure of nfs_get_lock_context in unlock path (Li Lingfeng) [Orabug: 38094820] {CVE-2025-38023}
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (Zhu Yanjun) [Orabug: 38094829] {CVE-2025-38024}
- iio: chemical: sps30: use aligned_s64 for timestamp (David Lechner)
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp. (Jonathan Cameron)
- staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (Gabriel)
- staging: axis-fifo: avoid parsing ignored device tree properties (Quentin Deslandes)
- staging: axis-fifo: Remove hardware resets for user errors (Gabriel)
- staging: axis-fifo: replace spinlock with mutex (Quentin Deslandes)
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (Hans de Goede)
- do_umount(): add missing barrier before refcount checks in sync case (Al Viro)
- MIPS: Fix MAX_REG_OFFSET (Thorsten Blum)
- iio: adc: dln2: Use aligned_s64 for timestamp (Jonathan Cameron)
- types: Complement the aligned types with signed 64-bit one (Andy Shevchenko)
- usb: usbtmc: Fix erroneous generic_read ioctl return (Dave Penkler)
- usb: usbtmc: Fix erroneous wait_srq ioctl return (Dave Penkler)
- usb: usbtmc: Fix erroneous get_stb ioctl error returns (Dave Penkler)
- USB: usbtmc: use interruptible sleep in usbtmc_read (Oliver Neukum)
- usb: typec: ucsi: displayport: Fix NULL pointer access (Andrei Kuchynski) [Orabug: 38015128] {CVE-2025-37994}
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (Rd Babiera)
- ocfs2: stop quota recovery before disabling quotas (Jan Kara)
- ocfs2: implement handshaking with ocfs2 recovery thread (Jan Kara)
- ocfs2: switch osb->disable_recovery to enum (Jan Kara)
- module: ensure that kobject_put() is safe for module type kobjects (Dmitry Antipov) [Orabug: 38015133] {CVE-2025-37995}
- xenbus: Use kref to track req lifetime (Jason Andryuk) [Orabug: 37976936] {CVE-2025-37949}
- usb: uhci-platform: Make the clock really optional (Alexey Charkov)
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (Silvano Seva) [Orabug: 37977033] {CVE-2025-37969}
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (Silvano Seva) [Orabug: 37977039] {CVE-2025-37970}
- iio: adis16201: Correct inclinometer channel resolution (Gabriel)
- iio: adc: ad7606: fix serial register access (Angelo Dureghello)
- staging: iio: adc: ad7816: Correct conditional logic for store mode (Gabriel)
- Input: synaptics - enable InterTouch on Dell Precision M3800 (Aditya Garg)
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (Aditya Garg)
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D (Manuel Fombuena)
- net: dsa: b53: fix learning on VLAN unaware bridges (Jonas Gorski)
- netfilter: ipset: fix region locking in hash types (Jozsef Kadlecsik) [Orabug: 38015143] {CVE-2025-37997}
- sch_htb: make htb_deactivate() idempotent (Cong Wang) [Orabug: 38186817] {CVE-2025-37953}
- dm: fix copying after src array boundaries (Tudor Ambarus)
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (Pavel Paklov) [Orabug: 37976839] {CVE-2025-37927}
- arm64: dts: rockchip: fix iface clock-name on px30 iommus (Heiko Stuebner)
- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (Fedor Pchelkin)
- usb: chipidea: ci_hdrc_imx: use dev_err_probe() (Alexander Stein)
- usb: chipidea: imx: refine the error handling for hsic (Peter Chen)
- usb: chipidea: imx: change hsic power regulator as optional (Peter Chen)
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (Suzuki K Poulose) [Orabug: 37930014] {CVE-2025-37819}
- irqchip/gic-v2m: Mark a few functions __init (Thomas Gleixner)
- irqchip/gic-v2m: Add const to of_device_id (Xiang Wangx)
- sch_htb: make htb_qlen_notify() idempotent (Cong Wang) [Orabug: 37976860] {CVE-2025-37932}
- of: module: add buffer overflow check in of_modalias() (Sergey Shtylyov) [Orabug: 36753382] {CVE-2024-38541}
- PCI: imx6: Skip controller_id generation logic for i.MX7D (Richard Zhu)
- net: fec: ERR007885 Workaround for conventional TX (Mattias Barthel)
- net: lan743x: Fix memleak issue when GSO enabled (Thangaraj Samynathan) [Orabug: 37976767] {CVE-2025-37909}
- lan743x: fix endianness when accessing descriptors (Alexey Denisov)
- lan743x: remove redundant initialization of variable current_head_index (Colin Ian King)
- nvme-tcp: fix premature queue removal and I/O failover (Michael Liang)
- net: dlink: Correct endianness handling of led_mode (Simon Horman)
- net_sched: qfq: Fix double list add in class with netem as child qdisc (Victor Nogueira) [Orabug: 37976785] {CVE-2025-37913}
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (Victor Nogueira) [Orabug: 37967412] {CVE-2025-37890}
- net_sched: drr: Fix double list add in class with netem as child qdisc (Victor Nogueira) [Orabug: 37976794] {CVE-2025-37915}
- net/mlx5: E-Switch, Initialize MAC Address for Default GID (Maor Gottlieb)
- tracing: Fix oob write in trace_seq_to_buffer() (Jeongjun Park) [Orabug: 37976823] {CVE-2025-37923}
- dm: always update the array size in realloc_argv on success (Benjamin Marzinski)
- dm-integrity: fix a warning on invalid table line (Mikulas Patocka)
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (Xu Wang) [Orabug: 37977121] {CVE-2025-37990}
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload (Vishal Badole)
- parisc: Fix double SIGFPE crash (Helge Deller) [Orabug: 37977129] {CVE-2025-37991}
- i2c: imx-lpi2c: Fix clock count when probe defers (Clark Wang)
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration (Niravkumar L Rabara)
- EDAC/altera: Test the correct error reg offset (Niravkumar L Rabara)

[5.4.17-2136.346.1.el7uek]
- scsi: qedf: Wait for stag work during unload (Saurav Kashyap) [Orabug: 37296386]
- scsi: qedf: Don't process stag work during unload and recovery (Saurav Kashyap) [Orabug: 37296386]

[5.4.17-2136.345.5.el7uek]
- rds: ib: Add cm_id generation scheme in order to detect new ones (Håkon Bugge) [Orabug: 37799171]

[5.4.17-2136.345.4.el7uek]
- x86/its: BPF can crash in bpf_jit_comp.c when ITS is enabled (Alexandre Chartre) [Orabug: 38043586]
- shmem: add support to ignore swap (Luis Chamberlain) [Orabug: 38034040]
- shmem: update documentation (Luis Chamberlain) [Orabug: 38034040]
- mm: hold the source mmap write lock when copying PTEs (Anthony Yznaga) [Orabug: 38029050]
- mm: do not write protect COW mappings when preserving across exec (Anthony Yznaga) [Orabug: 38029050]
- mm: differentiate copying PTEs for preservation from copying for fork (Anthony Yznaga) [Orabug: 38029050]
- mm/fork: Pass new vma pointer into copy_page_range() (Peter Xu) [Orabug: 38029050]
- xen/swiotlb: relax alignment requirements (Juergen Gross) [Orabug: 37523168]
- Reapply "xen/swiotlb: add alignment check for dma buffers" (Harshvardhan Jha) [Orabug: 37523168]

[5.4.17-2136.345.3.el7uek]
- dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" (Nathan Lynch)
- nvme: unblock ctrl state transition for firmware update (Daniel Wagner)
- memcg: always call cond_resched() after fn() (Breno Leitao)
- ACPI: PPTT: Fix processor subtable walk (Jeremy Linton)
- LTS tag: v5.4.293 (Sherry Yang)
- MIPS: cm: Fix warning if MIPS_CM is disabled (Thomas Bogendoerfer)
- crypto: atmel-sha204a - Set hwrng quality to lowest possible (Marek Behún)
- comedi: jr3_pci: Fix synchronous deletion of timer (Ian Abbott)
- md/raid1: Add check for missing source disk in process_checks() (Meir Elisha)
- scsi: pm80xx: Set phy_attached to zero when device is gone (Igor Pylypiv)
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (Jean-Marc Eurin)
- selftests: ublk: fix test_stripe_04 (Ming Lei)
- udmabuf: fix a buf size overflow issue during udmabuf creation (Xiaogang Chen) [Orabug: 37929939] {CVE-2025-37803}
- KVM: s390: Don't use %pK through tracepoints (Thomas Weißschuh)
- sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP (Oleg Nesterov)
- ntb: reduce stack usage in idt_scan_mws (Arnd Bergmann)
- qibfs: fix _another_ leak (Al Viro) [Orabug: 37977084] {CVE-2025-37983}
- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (Chenyuan Yang) [Orabug: 37937504] {CVE-2025-37881}
- dmaengine: dmatest: Fix dmatest waiting less when interrupted (Vinicius Costa Gomes)
- usb: host: max3421-hcd: Add missing spi_device_id table (Alexander Stein)
- parisc: PDT: Fix missing prototype warning (Yu-Chun Lin)
- clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() (Heiko Stuebner)
- crypto: null - Use spin lock instead of mutex (Herbert Xu) [Orabug: 37929974] {CVE-2025-37808}
- MIPS: cm: Detect CM quirks from device tree (Gregory Clement)
- USB: VLI disk crashes if LPM is used (Oliver Neukum)
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (Miao Li)
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (Miao Li)
- usb: dwc3: gadget: check that event count does not exceed event buffer length (Frode Isaksen) [Orabug: 37929982] {CVE-2025-37810}
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (Huacai Chen)
- usb: cdns3: Fix deadlock when using NCM gadget (Ralph Siemsen) [Orabug: 37929989] {CVE-2025-37812}
- USB: serial: simple: add OWON HDS200 series oscilloscope support (Craig Hesling)
- USB: serial: option: add Sierra Wireless EM9291 (Adam Xue)
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (Michael Ehrenreich)
- serial: sifive: lock port in startup()/shutdown() callbacks (Ryo Takakura)
- USB: storage: quirk for ADATA Portable HDD CH94 (Oliver Neukum)
- mcb: fix a double free bug in chameleon_parse_gdd() (Haoxiang Li) [Orabug: 37930001] {CVE-2025-37817}
- virtio_console: fix missing byte order handling for cols and rows (Halil Pasic)
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (Cong Wang) [Orabug: 37930029] {CVE-2025-37823}
- net_sched: hfsc: Fix a UAF vulnerability in class handling (Cong Wang) [Orabug: 37908485] {CVE-2025-37797}
- tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (Tung Nguyen) [Orabug: 37930040] {CVE-2025-37824}
- net: phy: leds: fix memory leak (Qingfang Deng) [Orabug: 37977113] {CVE-2025-37989}
- cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (Henry Martin) [Orabug: 37930052] {CVE-2025-37829}
- drm/amd/pm: Prevent division by zero (Denis Arefev) [Orabug: 37901824,37901841,37901831] {CVE-2025-37766,CVE-2025-37768,CVE-2025-37770}
- misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error (Kunihiko Hayashi)
- misc: pci_endpoint_test: Use INTX instead of LEGACY (Damien Le Moal)
- PCI: Rename PCI_IRQ_LEGACY to PCI_IRQ_INTX (Bjorn Helgaas)
- iio: adc: ad7768-1: Fix conversion result sign (Sergiu Cuciurean)
- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (Jonathan Cameron)
- net: dsa: mv88e6xxx: fix VTU methods for 6320 family (Marek Behún)
- media: vim2m: print device name after registering device (Matthew Majewski)
- ext4: fix OOB read when checking dotdot dir (Jakub Acs) [Orabug: 37855335] {CVE-2025-37785}
- ext4: optimize __ext4_check_dir_entry() (Theodore Ts'O)
- ext4: don't over-report free space or inodes in statvfs (Theodore Ts'O)
- ext4: code cleanup for ext4_statfs_project() (Chengguang Xu)
- ext4: simplify checking quota limits in ext4_statfs() (Jan Kara)
- platform/x86: ISST: Correct command storage data length (Srinivas Pandruvada)
- MIPS: ds1287: Match ds1287_set_base_clock() function types (Yuli Wang)
- MIPS: cevt-ds1287: Add missing ds1287.h include (Yuli Wang)
- MIPS: dec: Declare which_prom() as static (Yuli Wang)
- virtio-net: Add validation for used length (Xie Yongji) [Orabug: 37079171] {CVE-2021-47352}
- RDMA/srpt: Support specifying the srpt_service_guid parameter (Bart Van Assche) [Orabug: 36530711] {CVE-2024-26744}
- openvswitch: fix lockup on tx to unregistering netdev with carrier (Ilya Maximets) [Orabug: 38160327] {CVE-2025-21681}
- net: openvswitch: fix race on port output (Felix Huettner)
- mmc: cqhci: Fix checking of CQHCI_HALT state (Seunghwan Baek)
- nvmet-fc: Remove unused functions (Yuli Wang)
- usb: dwc3: support continuous runtime PM with dual role (Martin Kepplinger)
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (Kunihiko Hayashi)
- misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (Kunihiko Hayashi) [Orabug: 37901587] {CVE-2025-23140}
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Kuniyuki Iwashima) [Orabug: 37264115] {CVE-2024-50154}
- powerpc/prom_init: Use -ffreestanding to avoid a reference to bcmp (Nathan Chancellor)
- kbuild: Add '-fno-builtin-wcslen' (Nathan Chancellor)
- cpufreq: Reference count policy in cpufreq_update_limits() (Rafael J. Wysocki)
- drm/sti: remove duplicate object names (Rolf Eike Beer)
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (Chris Bainbridge) [Orabug: 37901818] {CVE-2025-37765}
- drm/repaper: fix integer overflows in repeat functions (Nikita Zhandarovich)
- module: sign with sha512 instead of sha1 by default (Thorsten Leemhuis)
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (Kan Liang)
- perf/x86/intel: Allow to update user space GPRs from PEBS records (Dapeng Mi)
- virtiofs: add filesystem context source name check (Xiangsheng Hou) [Orabug: 37901855] {CVE-2025-37773}
- riscv: Avoid fortify warning in syscall_get_arguments() (Nathan Chancellor)
- isofs: Prevent the use of too small fid (Edward Adam Davis) [Orabug: 37901890] {CVE-2025-37780}
- i2c: cros-ec-tunnel: defer probe if parent EC is not present (Thadeu Lima de Souza Cascardo) [Orabug: 37901898] {CVE-2025-37781}
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (Vasiliy Kovalev)
- btrfs: correctly escape subvol in btrfs_show_options() (Johannes Kimmel)
- nfs: add missing selections of CONFIG_CRC32 (Eric Biggers)
- nfs: move nfs_fhandle_hash to common include file (Jeff Layton)
- NFSD: Constify @fh argument of knfsd_fh_hash() (Chuck Lever)
- asus-laptop: Fix an uninitialized variable (Denis Arefev)
- writeback: fix false warning in inode_to_wb() (Andreas Gruenbacher)
- net: b53: enable BPDU reception for management port (Jonas Gorski)
- net: openvswitch: fix nested key length validation in the set() action (Ilya Maximets) [Orabug: 37901923] {CVE-2025-37789}
- Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (Johannes Berg)
- Bluetooth: btrtl: Prevent potential NULL dereference (Dan Carpenter) [Orabug: 37901934] {CVE-2025-37792}
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (Luiz Augusto von Dentz)
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (Yue Haibing)
- scsi: iscsi: Fix missing scsi_host_put() in error path (Miaoqian Lin)
- wifi: wl1251: fix memory leak in wl1251_tx_work (Abdun Nihaal) [Orabug: 37977076] {CVE-2025-37982}
- wifi: mac80211: Purge vif txq in ieee80211_do_stop() (Remi Pommarel) [Orabug: 37901940] {CVE-2025-37794}
- wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (Remi Pommarel)
- wifi: at76c50x: fix use after free access in at76_disconnect (Abdun Nihaal) [Orabug: 37901953] {CVE-2025-37796}
- HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition (Kaixin Wang) [Orabug: 37855341] {CVE-2025-37838}
- pwm: mediatek: always use bus clock for PWM on MT7622 (Daniel Golle)
- Bluetooth: hci_uart: Fix another race during initialization (Arseniy Krasnov)
- x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() (Myrrh Periwinkle)
- PCI: Fix reference leak in pci_alloc_child_bus() (Ma Ke)
- of/irq: Fix device node refcount leakages in of_irq_init() (Zijun Hu)
- of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() (Zijun Hu)
- of/irq: Fix device node refcount leakages in of_irq_count() (Zijun Hu)
- ntb: use 64-bit arithmetic for the MSI doorbell mask (Fedor Pchelkin)
- gpio: zynq: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- ftrace: Add cond_resched() to ftrace_graph_set_hash() (Zhoumin) [Orabug: 37976893] {CVE-2025-37940}
- dm-integrity: set ti->error on memory allocation failure (Mikulas Patocka)
- crypto: ccp - Fix check for the primary ASP device (Tom Lendacky)
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (Trevor Woerner)
- sctp: detect and prevent references to a freed transport in sendmsg (Ricardo Cañuelo Navarro) [Orabug: 37901597] {CVE-2025-23142}
- mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock (Mathieu Desnoyers)
- sparc/mm: disable preemption in lazy mmu mode (Ryan Roberts)
- arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string (Chen-Yu Tsai)
- mtd: rawnand: Add status chack in r852_ready() (Xu Wang)
- mtd: inftlcore: Add error check for inftl_read_oob() (Xu Wang) [Orabug: 37976720] {CVE-2025-37892}
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (T Pratham)
- locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() (Boqun Feng)
- jbd2: remove wrong sb->s_sequence check (Jan Kara) [Orabug: 37937283] {CVE-2025-37839}
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (Manjunatha Venkatesh) [Orabug: 37901622] {CVE-2025-23147}
- ext4: fix off-by-one error in do_split (Artem Sadovnikov) [Orabug: 37901631] {CVE-2025-23150}
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (Gavrilov Ilia)
- net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family (Marek Behún)
- media: venus: hfi_parser: add check to avoid out of bound access (Vikash Garodia) [Orabug: 37901653] {CVE-2025-23157}
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (Sakari Ailus)
- media: i2c: ov7251: Set enable GPIO low in probe (Sakari Ailus)
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (Karina Yankevich)
- media: streamzap: prevent processing IR data on URB failure (Murad Masimov)
- mtd: rawnand: brcmnand: fix PM resume warning (Kamal Dasu) [Orabug: 37937292] {CVE-2025-37840}
- arm64: cputype: Add MIDR_CORTEX_A76AE (Douglas Anderson)
- xenfs/xensyms: respect hypervisor's "next" indication (Jan Beulich)
- media: siano: Fix error handling in smsdvb_module_init() (Yuan Can)
- media: venus: hfi: add check to handle incorrect queue size (Vikash Garodia) [Orabug: 37901657] {CVE-2025-23158}
- media: venus: hfi: add a check to handle OOB in sfr region (Vikash Garodia) [Orabug: 37901662] {CVE-2025-23159}
- media: i2c: adv748x: Fix test pattern selection mask (Niklas Söderlund)
- ext4: don't treat fhandle lookup of ea_inode as FS corruption (Jann Horn)
- ext4: reject casefold inode flag without casefold feature (Eric Biggers)
- bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags (Willem de Bruijn)
- bpf: Add endian modifiers to fix endian warnings (Ben Dooks)
- pwm: fsl-ftm: Handle clk_get_rate() returning 0 (Uwe Kleine-König)
- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (Josh Poimboeuf) [Orabug: 37937329] {CVE-2025-37850}
- pwm: mediatek: Always use bus clock (Fabien Parent)
- fbdev: omapfb: Add 'plane' value check (Leonid Arapov)
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (AngeloGioacchino Del Regno)
- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (Philip Yang)
- drm/amdkfd: clamp queue size to minimum (David Yat Sin)
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (Andrew Wyatt)
- drm: panel-orientation-quirks: Add support for AYANEO 2S (Andrew Wyatt)
- drm: allow encoder mode_set even when connectors change for crtc (Abhinav Kumar)
- Bluetooth: hci_uart: fix race during initialization (Arseniy Krasnov)
- tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER (Gabriele Paoloni)
- net: vlan: don't propagate flags on open (Stanislav Fomichev) [Orabug: 37901684] {CVE-2025-23163}
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (Icenowy Zheng)
- scsi: st: Fix array overflow in st_setup() (Kai Mäkisara) [Orabug: 37937379] {CVE-2025-37857}
- ext4: ignore xattrs past end (Bhupesh) [Orabug: 37901692] {CVE-2025-37738}
- ext4: protect ext4_release_dquot against freezing (Ojaswin Mujoo)
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller (Daniel Kral)
- ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode (Niklas Cassel)
- jfs: add sanity check for agwidth in dbMount (Edward Adam Davis) [Orabug: 37901707] {CVE-2025-37740}
- jfs: Prevent copying of nlink with value 0 from disk inode (Edward Adam Davis) [Orabug: 37901716] {CVE-2025-37741}
- fs/jfs: Prevent integer overflow in AG size calculation (Rand Deeb) [Orabug: 37937387] {CVE-2025-37858}
- fs/jfs: cast inactags to s64 to prevent potential overflow (Rand Deeb)
- page_pool: avoid infinite loop to schedule delayed worker (Jason Xing) [Orabug: 37937395] {CVE-2025-37859}
- ALSA: usb-audio: Fix CME quirk for UF series keyboards (Ricard Wanderlof)
- ALSA: hda: intel: Fix Optimus when GPU has no sound (Maxim Mikityanskiy)
- HID: pidff: Fix null pointer dereference in pidff_find_fields (Tomasz Pakuła) [Orabug: 37937410] {CVE-2025-37862}
- HID: pidff: Do not send effect envelope if it's empty (Tomasz Pakuła)
- HID: pidff: Convert infinite length from Linux API to PID standard (Tomasz Pakuła)
- xen/mcelog: Add __nonstring annotations for unterminated strings (Kees Cook)
- perf: arm_pmu: Don't disable counter in armpmu_add() (Mark Rutland)
- x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine (Max Grobecker)
- pm: cpupower: bench: Prevent NULL dereference on malloc failure (Zhongqiu Han) [Orabug: 37937297] {CVE-2025-37841}
- net: ppp: Add bound checking for skb data on ppp_sync_txmung (Arnaud Lecomte) [Orabug: 37901766] {CVE-2025-37749}
- ata: sata_sx4: Add error handling in pdc20621_i2c_read() (Xu Wang)
- ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones (Hannes Reinecke)
- tipc: fix memory leak in tipc_link_xmit (Tung Nguyen) [Orabug: 37901790] {CVE-2025-37757}
- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (Henry Martin) [Orabug: 37901796] {CVE-2025-37758}

[5.4.17-2136.345.2.el7uek]
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (Pawan Gupta) [Orabug: 37959995]
- x86/bpf: Add IBHF call at end of classic BPF (Daniel Sneddon) [Orabug: 37959995]
- x86/bpf: Call branch history clearing sequence on exit (Daniel Sneddon) [Orabug: 37959995]
- certs: Reference revocation list for all keyrings (Eric Snowberg) [Orabug: 38026794]

[5.4.17-2136.345.1.el7uek]
- RDS: use get_user_pages_fast() in rdma_pin_pages() (Stephen Brennan) [Orabug: 37973441]
- x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre) [Orabug: 37959151]
- selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- x86/its: Add "vmexit" option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}

[5.4.17-2136.344.4.el7uek]
- certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967555]

[5.4.17-2136.344.3.el7uek]
- net/mlx5e: Don't call cleanup on profile rollback failure (Cosmin Ratiu) [Orabug: 37670859]
- net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (Elena Salomatkina) [Orabug: 37206299,37670859] {CVE-2024-50000}
- net/mlx5: Fix error path in multi-packet WQE transmit (Gerd Bayer) [Orabug: 37206302,37670859] {CVE-2024-50001}
- net/mlx5: Discard command completions in internal error (Akiva Goldberger) [Orabug: 36753438,37670859] {CVE-2024-38555}
- net/mlx5e: fix a potential double-free in fs_any_create_groups (Dinghao Liu) [Orabug: 36802351,37670859] {CVE-2023-52667}
- net/mlx5: Reclaim max 50K pages at once (Anand Khoje) [Orabug: 36275016]

[5.4.17-2136.344.2.el7uek]
- LTS tag: v5.4.292 (Alok Tiwari)
- jfs: add index corruption check to DT_GETPAGE() (Roman Smirnov)
- tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu) [Orabug: 37844202] {CVE-2025-22035}
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (Karel Balej)
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (Paul Menzel)
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn) [Orabug: 37844275] {CVE-2025-22045}
- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume (Guilherme G. Piccoli)
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (Markus Elfring)
- can: flexcan: only change CAN state when link up in system PM (Haibo Chen)
- arcnet: Add NULL check in com20020pci_probe() (Henry Martin) [Orabug: 37844303] {CVE-2025-22054}
- net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy (David Oberhollenzer)
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (Fernando Fernandez Mancera)
- vsock: avoid timeout during connect() if the socket is closing (Stefano Garzarella)
- net_sched: skbprio: Remove overly strict queue assertions (Cong Wang) [Orabug: 37855375] {CVE-2025-38637}
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu) [Orabug: 37844344] {CVE-2025-22063}
- ntb: intel: Fix using link status DB's (Nikita Shubin)
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Yajun Deng)
- spufs: fix a leak in spufs_create_context() (Al Viro) [Orabug: 37844365] {CVE-2025-22071}
- spufs: fix a leak on spufs_new_file() failure (Al Viro) [Orabug: 37844378] {CVE-2025-22073}
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (Tasos Sahanidis)
- can: statistics: use atomic access in hot path (Oliver Hartkopp)
- locking/semaphore: Use wake_q to wake up processes outside lock critical section (Waiman Long)
- sched/deadline: Use online cpus for validating runtime (Shrikanth Hegde)
- affs: don't write overlarge OFS data block size fields (Simon Tatham)
- affs: generate OFS sequence numbers starting at 1 (Simon Tatham)
- wifi: iwlwifi: fw: allocate chained SG tables for dump (Johannes Berg)
- sched/smt: Always inline sched_smt_active() (Josh Poimboeuf)
- octeontx2-af: Fix mbox INTR handler when num VFs > 64 (Geetha Sowjanya)
- ring-buffer: Fix bytes_dropped calculation issue (Feng Yang)
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) [Orabug: 37976879] {CVE-2025-37937}
- fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche)
- perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo)
- perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo)
- perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo)
- ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) [Orabug: 37844394] {CVE-2025-22079}
- kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain)
- perf units: Fix insufficient array space (Arnaldo Carvalho de Melo)
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron)
- coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen)
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz)
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn)
- mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) [Orabug: 37844422] {CVE-2025-22086}
- power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber)
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn)
- clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet)
- clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet)
- clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet)
- IB/mad: Check available slots before posting receive WRs (Maher Sanalla)
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis)
- pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro)
- lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal)
- clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet)
- fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov)
- mdacon: rework dependency list (Arnd Bergmann)
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring)
- PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo Järvinen)
- PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter)
- PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang)
- PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) [Orabug: 37844108] {CVE-2024-58093}
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno)
- ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai)
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen)
- lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior)
- PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki)
- thermal: int340x: Add NULL check for adev (Chenyuan Yang) [Orabug: 37844584] {CVE-2025-23136}
- EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo)
- EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo)
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo)
- selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher)
- x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann)
- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg)
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan)
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport)
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) [Orabug: 37844141] {CVE-2025-22020}
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda)
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda)
- tty: serial: 8250: Add some more device IDs (Cameron Williams)
- counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier)
- netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) [Orabug: 37844145] {CVE-2025-22021}
- ARM: Remove address checking for MMUless devices (Yanjun Yang)
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook)
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook)
- atm: Fix NULL pointer dereference (Minjoong Kim) [Orabug: 37838897] {CVE-2025-22018}
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge)
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge)
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) [Orabug: 37828196] {CVE-2025-21996}
- batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann)
- ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven)
- mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen)
- drm/v3d: Don't run jobs that have errors flagged in its fence (Maíra Canal)
- i2c: omap: fix IRQ storms (Andreas Kemnade)
- net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma)
- net: atm: fix use after free in lec_send() (Dan Carpenter) [Orabug: 37828221] {CVE-2025-22004}
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima)
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) [Orabug: 37828229] {CVE-2025-22005}
- Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) [Orabug: 37828235] {CVE-2025-22007}
- RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel)
- xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu)
- firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori)
- i2c: sis630: Fix an error handling path in sis630_probe() (Christophe Jaillet)
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe Jaillet)
- i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe Jaillet)
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe Jaillet)
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov)
- qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li)
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) [Orabug: 37828049] {CVE-2025-21956}
- drm/atomic: Filter out redundant DPMS calls (Ville Syrjälä)
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) [Orabug: 37828167] {CVE-2025-21991}
- USB: serial: option: match on interface class for Telit FN990B (Johan Hovold)
- USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda)
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng)
- block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei)
- drm/nouveau: Do not override forced connector status (Thomas Zimmermann)
- x86/irq: Define trace events conditionally (Arnd Bergmann)
- fuse: don't truncate cached, mutated symlink (Miklos Szeredi)
- nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner)
- sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin)
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li)
- ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto)
- s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter)
- HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao) [Orabug: 37828174] {CVE-2025-21992}
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu)
- ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding)
- scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) [Orabug: 37828056] {CVE-2025-21957}
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) [Orabug: 37828181] {CVE-2025-21993}
- powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori)
- hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko)
- nvme-fc: go straight to connecting state when initializing (Daniel Wagner)
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran)
- netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin)
- net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) [Orabug: 37828110] {CVE-2025-21971}
- ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter)
- netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) [Orabug: 37828064] {CVE-2025-21959}
- Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley)
- drivers/hv: Replace binary semaphore with mutex (Davidlohr Bueso)
- netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao)
- netpoll: netpoll_send_skb() returns transmit status (Eric Dumazet)
- netpoll: move netpoll_send_skb() out of line (Eric Dumazet)
- netpoll: remove dev argument from netpoll_send_skb_on_dev() (Eric Dumazet)
- netpoll: Fix use correct return type for ndo_start_xmit() (Yunjian Wang)
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber)
- sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov)
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse)

[5.4.17-2136.344.1.el7uek]
- RDS: avoid using offlined CPU during reconnect (Arumugam Kolappan) [Orabug: 37800559]
- x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800729]
- x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800729]
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size (Boris Ostrovsky) [Orabug: 37800729]
- nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37861518]

[5.4.17-2136.343.5.el7uek]
- sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283,37846673] {CVE-2025-21638}
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497303,37846668] {CVE-2025-21640}
- uek-rpm: remove .el7 from shim version (Samasth Norway Ananda) [Orabug: 37834734]

[5.4.17-2136.343.4.el7uek]
- bpf: Use preempt_count() directly in bpf_send_signal_common() (Hou Tao)
- Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" (Magali Lemes)
- jfs: fix slab-out-of-bounds read in ea_get() (Qasim Ijaz) [Orabug: 37855411] {CVE-2025-39735}
- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (John Keeping)
- Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" (Magali Lemes)
- net: usb: usbnet: restore usb%d name exception for local mac addresses (Dominique Martinet)
- vlan: fix memory leak in vlan_newlink() (Eric Dumazet)
- rds: ib: Fix NULL ptr deref in rds_ib_cq_follow_affinity (Håkon Bugge) [Orabug: 37747826]

[5.4.17-2136.343.3.el7uek]
- LTS tag: v5.4.291 (Sherry Yang)
- eeprom: digsy_mtc: Make GPIO lookup table match the device (Andy Shevchenko)
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (Visweswara Tanuku) [Orabug: 37827905] {CVE-2025-21914}
- intel_th: pci: Add Panther Lake-P/U support (Alexander Shishkin)
- intel_th: pci: Add Panther Lake-H support (Alexander Shishkin)
- intel_th: pci: Add Arrow Lake support (Pawel Chmielewski)
- Squashfs: check the inode number is not the invalid value of zero (Phillip Lougher) [Orabug: 36597911] {CVE-2024-26982}
- xhci: pci: Fix indentation in the PCI device ID definitions (Andy Shevchenko)
- usb: gadget: Check bmAttributes only if configuration is valid (Prashanth K)
- usb: gadget: Fix setting self-powered state on suspend (Marek Szyprowski)
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (Prashanth K)
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (AngeloGioacchino Del Regno)
- usb: typec: ucsi: increase timeout for PPM reset operations (Fedor Pchelkin)
- usb: atm: cxacru: fix a flaw in existing endpoint checks (Nikita Zhandarovich) [Orabug: 37828336] {CVE-2025-21916}
- usb: renesas_usbhs: Flush the notify_hotplug_work (Claudiu Beznea) [Orabug: 37827913] {CVE-2025-21917}
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (Miao Li)
- usb: renesas_usbhs: Use devm_usb_get_phy() (Claudiu Beznea)
- usb: renesas_usbhs: Call clk_put() (Claudiu Beznea)
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (Christian Heusel)
- gpio: rcar: Fix missing of_node_put() call (Fabrizio Castro)
- net: ipv6: fix missing dst ref drop in ila lwtunnel (Justin Iurman)
- net: ipv6: fix dst ref loop in ila lwtunnel (Justin Iurman)
- net-timestamp: support TCP GSO case for a few missing flags (Jason Xing)
- vlan: enforce underlying device type (Oscar Maes) [Orabug: 37827929] {CVE-2025-21920}
- ppp: Fix KMSAN uninit-value warning with bpf (Jiayuan Chen) [Orabug: 37827937] {CVE-2025-21922}
- be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink (Nikolay Aleksandrov)
- drm/sched: Fix preprocessor guard (Philipp Stanner)
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (Xinghuo Chen)
- llc: do not use skb_get() before dev_queue_xmit() (Eric Dumazet) [Orabug: 37827950] {CVE-2025-21925}
- hwmon: (ad7314) Validate leading zero bits and return error (Erik Schumacher)
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (Maud Spierings)
- hwmon: (pmbus) Initialise page count in pmbus_identify() (Titus Rwantare)
- caif_virtio: fix wrong pointer check in cfv_probe() (Vitaliy Shevtsov) [Orabug: 37827863] {CVE-2025-21904}
- net: gso: fix ownership in __udp_gso_segment (Antoine Tenart) [Orabug: 37827956] {CVE-2025-21926}
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (Zhang Lixu) [Orabug: 37827964] {CVE-2025-21928}
- HID: google: fix unused variable warning under !CONFIG_ACPI (Yu-Chun Lin)
- wifi: iwlwifi: limit printed string from FW file (Johannes Berg) [Orabug: 37827870] {CVE-2025-21905}
- mm/page_alloc: fix uninitialized variable (Hao Zhang)
- rapidio: fix an API misues when rio_add_net() fails (Haoxiang Li) [Orabug: 37827984] {CVE-2025-21934}
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (Haoxiang Li) [Orabug: 37827989] {CVE-2025-21935}
- wifi: nl80211: reject cooked mode if it is set along with other flags (Vitaliy Shevtsov) [Orabug: 37827880] {CVE-2025-21909}
- wifi: cfg80211: regulatory: improve invalid hints checking (Nikita Zhandarovich) [Orabug: 37827887] {CVE-2025-21910}
- x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 (Ahmed S. Darwish)
- x86/cpu: Validate CPUID leaf 0x2 EDX output (Ahmed S. Darwish)
- x86/cacheinfo: Validate CPUID leaf 0x2 EDX output (Ahmed S. Darwish)
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (Mingcong Bai)
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (Richard Thier)
- ALSA: hda/realtek: update ALC222 depop optimize (Kailang Yang)
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (Hoku Ishibe)
- HID: appleir: Fix potential NULL dereference at raw event handle (Daniil Dulov) [Orabug: 37828025] {CVE-2025-21948}
- Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" (Rob Herring)
- drm/amdgpu: disable BAR resize on Dell G5 SE (Alex Deucher)
- drm/amdgpu: Check extended configuration space register when system uses large bar (Ma Jun)
- drm/amdgpu: skip BAR resizing if the bios already did it (Alex Deucher)
- acct: perform last write from workqueue (Christian Brauner) [Orabug: 37702044] {CVE-2025-21846}
- kernel/acct.c: use dedicated helper to access rlimit values (Yang Yang)
- kernel/acct.c: use #elif instead of #end and #elif (Sh_Def)
- drop_monitor: fix incorrect initialization order (Gavrilov Ilia) [Orabug: 37702107] {CVE-2025-21862}
- pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (Quang Le) [Orabug: 37611837] {CVE-2025-21702}
- sched/core: Prevent rescheduling when interrupts are disabled (Thomas Gleixner) [Orabug: 37766213] {CVE-2024-58090}
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (Kaustabh Chakraborty)
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (Bh Hsieh)
- usbnet: gl620a: fix endpoint checking in genelink_bind() (Nikita Zhandarovich) [Orabug: 37766256] {CVE-2025-21877}
- perf/core: Fix low freq setting via IOC_PERIOD (Kan Liang)
- ftrace: Avoid potential division by zero in function_stat_show() (Nikolay Kuratov) [Orabug: 37827849] {CVE-2025-21898}
- x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems (Russell Senior)
- net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. (Harshal Chaudhari)
- ipvs: Always clear ipvs_property flag in skb_scrub_packet() (Philo Lu)
- ASoC: es8328: fix route from DAC to output (Nicolas Frattaroli)
- net: cadence: macb: Synchronize stats calculations (Sean Anderson)
- sunrpc: suppress warnings for unused procfs functions (Arnd Bergmann)
- batman-adv: Drop unmanaged ELP metric worker (Sven Eckelmann) [Orabug: 37650307] {CVE-2025-21823}
- batman-adv: Ignore neighbor throughput metrics in error case (Sven Eckelmann)
- acct: block access to kernel internal filesystems (Christian Brauner)
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (John Veness)
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (Haoxiang Li) [Orabug: 37702054] {CVE-2025-21848}
- tee: optee: Fix supplicant wait loop (Sumit Garg) [Orabug: 37766233] {CVE-2025-21871}
- power: supply: da9150-fg: fix potential overflow (Andrey Vatoropin)
- flow_dissector: Fix port range key handling in BPF conversion (Cong Wang)
- flow_dissector: Fix handling of mixed port and port-range keys (Cong Wang)
- net: extract port range fields from fl_flow_key (Maksym Glubokiy)
- geneve: Suppress list corruption splat in geneve_destroy_tunnels(). (Kuniyuki Iwashima)
- geneve: Fix use-after-free in geneve_find_dev(). (Kuniyuki Iwashima) [Orabug: 37702088] {CVE-2025-21858}
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (Christophe Leroy) [Orabug: 37702123] {CVE-2025-21866}
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (Christophe Leroy)
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (Michael Ellerman)
- USB: gadget: f_midi: f_midi_complete to call queue_work (Jill Donahue) [Orabug: 37702094] {CVE-2025-21859}
- usb/gadget: f_midi: Replace tasklet with work (Davidlohr Bueso)
- usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API (Allen Pais)
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (Selvarasu Ganesan)
- usb: dwc3: Increase DWC3 controller halt timeout (Wesley Cheng)
- memcg: fix soft lockup in the OOM process (Chen Ridong) [Orabug: 37649599] {CVE-2024-57977}
- mm: update mark_victim tracepoints fields (Carlos Galo)
- crypto: testmgr - some more fixes to RSA test vectors (Ignat Korchagin)
- crypto: testmgr - populate RSA CRT parameters in RSA test vectors (Ignat Korchagin)
- crypto: testmgr - fix version number of RSA tests (Lei He)
- crypto: testmgr - Fix wrong test case of RSA (Lei He)
- crypto: testmgr - fix wrong key length for pkcs1pad (Lei He)
- driver core: bus: Fix double free in driver API bus_register() (Zijun Hu) [Orabug: 37206511] {CVE-2024-50055}
- scsi: storvsc: Set correct data length for sending SCSI command without payload (Long Li)
- vlan: move dev_put into vlan_dev_uninit (Xin Long)
- vlan: introduce vlan_dev_free_egress_priority (Xin Long)
- pps: Fix a use-after-free (Calvin Owens) [Orabug: 37649607] {CVE-2024-57979}
- btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana)
- x86/i8253: Disable PIT timer 0 when not in use (David Woodhouse)
- parport_pc: add support for ASIX AX99100 (Jiaqing Zhao)
- serial: 8250_pci: add support for ASIX AX99100 (Jiaqing Zhao)
- can: ems_pci: move ASIX AX99100 ids to pci_ids.h (Jiaqing Zhao)
- nilfs2: protect access to buffers with no active references (Ryusuke Konishi) [Orabug: 37650248] {CVE-2025-21811}
- nilfs2: do not force clear folio if buffer is referenced (Ryusuke Konishi) [Orabug: 37649878] {CVE-2025-21722}
- nilfs2: do not output warnings when clearing dirty buffers (Ryusuke Konishi)
- alpha: replace hardcoded stack offsets with autogenerated ones (Ivan Kokshaysky)
- ndisc: extend RCU protection in ndisc_send_skb() (Eric Dumazet) [Orabug: 37650045] {CVE-2025-21760}
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (Eric Dumazet) [Orabug: 37650052] {CVE-2025-21761}
- arp: use RCU protection in arp_xmit() (Eric Dumazet) [Orabug: 37650059] {CVE-2025-21762}
- neighbour: use RCU protection in __neigh_notify() (Eric Dumazet) [Orabug: 37650066] {CVE-2025-21763}
- neighbour: delete redundant judgment statements (Li Zetao)
- ndisc: use RCU protection in ndisc_alloc_skb() (Eric Dumazet) [Orabug: 37650072] {CVE-2025-21764}
- ipv6: use RCU protection in ip6_default_advmss() (Eric Dumazet) [Orabug: 37650078] {CVE-2025-21765}
- ipv4: use RCU protection in inet_select_addr() (Eric Dumazet)
- ipv4: use RCU protection in rt_is_expired() (Eric Dumazet)
- net: add dev_net_rcu() helper (Eric Dumazet)
- net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() (Jiri Pirko)
- regmap-irq: Add missing kfree() (Jiasheng Jiang)
- partitions: mac: fix handling of bogus partition table (Jann Horn) [Orabug: 37650105] {CVE-2025-21772}
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (Xu Wang)
- alpha: align stack for page fault and user unaligned trap handlers (Ivan Kokshaysky)
- serial: 8250: Fix fifo underflow on flush (John Keeping)
- alpha: make stack 16-byte aligned (most cases) (Ivan Kokshaysky)
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (Alexander Hölzl)
- can: c_can: fix unbalanced runtime PM disable in error path (Krzysztof Kozlowski)
- USB: serial: option: drop MeiG Smart defines (Johan Hovold)
- USB: serial: option: fix Telit Cinterion FN990A name (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FN990B compositions (Fabio Porcedda)
- USB: serial: option: add MeiG Smart SLM828 (Chester A. Unal)
- usb: cdc-acm: Fix handling of oversized fragments (Jann Horn)
- usb: cdc-acm: Check control transfer buffer size before access (Jann Horn) [Orabug: 37634049] {CVE-2025-21704}
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (Marek Vasut)
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (Alan Stern) [Orabug: 37650120] {CVE-2025-21776}
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (John Keeping) [Orabug: 37685650] {CVE-2025-21835}
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (Mathias Nyman)
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (Huanglei)
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (Huacai Chen)
- usb: dwc2: gadget: remove of_node reference upon udc_stop (Fabrice Gasnier)
- usb: gadget: udc: renesas_usb3: Fix compiler warning (Guo Ren)
- usb: roles: set switch registered flag early on (Elson Roy Serrao)
- batman-adv: fix panic during interface removal (Andy Strohman) [Orabug: 37650144] {CVE-2025-21781}
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (Hans de Goede)
- orangefs: fix a oob in orangefs_debug_write (Mike Marshall) [Orabug: 37650149] {CVE-2025-21782}
- Grab mm lock before grabbing pt lock (Maksym Planeta)
- vfio/pci: Enable iowrite64 and ioread64 for vfio pci (Ramesh Thomas)
- media: cxd2841er: fix 64-bit division on gcc-9 (Arnd Bergmann)
- gpio: bcm-kona: Add missing newline to dev_err format string (Artur Weber)
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (Artur Weber)
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (Artur Weber)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (Radu Rendec) [Orabug: 37650160] {CVE-2025-21785}
- team: better TEAM_OPTION_TYPE_STRING validation (Eric Dumazet) [Orabug: 37650167] {CVE-2025-21787}
- vrf: use RCU protection in l3mdev_l3_out() (Eric Dumazet) [Orabug: 37650181] {CVE-2025-21791}
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (Eric Dumazet)
- HID: multitouch: Add NULL check in mt_input_configured (Charles Han) [Orabug: 37649788] {CVE-2024-58020}
- ocfs2: check dir i_size in ocfs2_find_entry (Su Yue)
- MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static (Yuli Wang)
- ptp: Ensure info->enable callback is always set (Thomas Weißschuh) [Orabug: 37650263] {CVE-2025-21814}
- net/ncsi: wait for the last response to Deselect Package before configuring channel (Paul Fertser)
- misc: fastrpc: Fix registered buffer page address (Ekansh Gupta)
- mtd: onenand: Fix uninitialized retlen in do_otp_read() (Ivan Stepchenko)
- NFC: nci: Add bounds checking in nci_hci_create_pipe() (Dan Carpenter) [Orabug: 37649936] {CVE-2025-21735}
- nilfs2: fix possible int overflows in nilfs_fiemap() (Nikita Zhandarovich) [Orabug: 37649942] {CVE-2025-21736}
- ocfs2: handle a symlink read error correctly (Matthew Wilcox) [Orabug: 37649687] {CVE-2024-58001}
- vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687}
- nvmem: core: improve range check for nvmem_cell_write() (Jennifer Berringer)
- crypto: qce - unregister previously registered algos in error path (Bartosz Golaszewski)
- crypto: qce - fix goto jump in error path (Bartosz Golaszewski)
- media: uvcvideo: Remove redundant NULL assignment (Ricardo Ribalda)
- media: uvcvideo: Fix event flags in uvc_ctrl_send_events (Ricardo Ribalda)
- media: ov5640: fix get_light_freq on auto (Samuel Bobrowicz)
- soc: qcom: smem_state: fix missing of_node_put in error path (Krzysztof Kozlowski)
- kbuild: Move -Wenum-enum-conversion to W=2 (Nathan Chancellor)
- powerpc/pseries/eeh: Fix get PE state translation (Narayana Murty N)
- serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (Claudiu Beznea)
- serial: sh-sci: Drop __initdata macro for port_cfg (Claudiu Beznea)
- soc: qcom: socinfo: Avoid out of bounds read of serial number (Stephan Gerhold) [Orabug: 37649715] {CVE-2024-58007}
- usb: gadget: f_tcm: Don't prepare BOT write request twice (Thinh Nguyen)
- usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (Thinh Nguyen)
- usb: gadget: f_tcm: Decrement command ref count on cleanup (Thinh Nguyen)
- usb: gadget: f_tcm: Translate error to sense (Thinh Nguyen)
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (Marcel Hamer) [Orabug: 37649971] {CVE-2025-21744}
- HID: hid-sensor-hub: don't use stale platform-data on remove (Heiko Stuebner)
- of: reserved-memory: Fix using wrong number of cells to get property 'alignment' (Zijun Hu)
- of: Fix of_find_node_opts_by_path() handling of alias+path+options (Zijun Hu)
- of: Correct child specifier used as input of the 2nd nexus node (Zijun Hu)
- perf bench: Fix undefined behavior in cmpworker() (Kuan-Wei Chiu)
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (Anastasia Belova)
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (Gabor Juhos)
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (Haoxiang Li)
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (David Hildenbrand)
- KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (Sean Christopherson) [Orabug: 37678567] {CVE-2024-58083}
- arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (Jakob Unterwurzacher)
- binfmt_flat: Fix integer overflow bug on 32 bit systems (Dan Carpenter) [Orabug: 37649721] {CVE-2024-58010}
- m68k: vga: Fix I/O defines (Thomas Zimmermann)
- s390/futex: Fix FUTEX_OP_ANDN implementation (Heiko Carstens)
- leds: lp8860: Write full EEPROM, not only half of it (Alexander Sverdlin)
- cpufreq: s3c64xx: Fix compilation warning (Viresh Kumar)
- tun: revert fix group permission check (Willem de Bruijn)
- net: rose: lock the socket in rose_bind() (Eric Dumazet) [Orabug: 37649987] {CVE-2025-21749}
- udp: gso: do not drop small packets when PMTU reduces (Yan Zhai)
- tg3: Disable tg3 PCIe AER on system reboot (Lenny Szubowicz)
- gpu: drm_dp_cec: fix broken CEC adapter properties check (Hans Verkuil)
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (Prasad Pandit)
- nvme: handle connectivity loss in nvme_set_queue_count (Daniel Wagner)
- usb: xhci: Fix NULL pointer dereference on certain command aborts (Michał Pecio) [Orabug: 37649622] {CVE-2024-57981}
- usb: xhci: Add timeout argument in address_device USB HCD callback (Hardik Gajjar)
- net: usb: rtl8150: enable basic endpoint checking (Nikita Zhandarovich) [Orabug: 37649812] {CVE-2025-21708}
- net: usb: rtl8150: use new tasklet API (Emil Renner Berthing)
- tasklet: Introduce new initialization API (Romain Perier)
- kbuild: userprogs: use correct lld when linking through clang (Thomas Weißschuh)
- media: uvcvideo: Remove dangling pointers (Ricardo Ribalda) [Orabug: 37649696] {CVE-2024-58002}
- media: uvcvideo: Only save async fh if success (Ricardo Ribalda)
- nilfs2: handle errors that nilfs_prepare_chunk() may return (Ryusuke Konishi) [Orabug: 37649870] {CVE-2025-21721}
- nilfs2: eliminate staggered calls to kunmap in nilfs_rename (Ryusuke Konishi)
- nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link (Ryusuke Konishi)
- spi-mxs: Fix chipselect glitch (Ralf Schlatterbeck)
- x86/mm: Don't disable PCID when INVLPG has been fixed by microcode (Xi Ruoyao)
- APEI: GHES: Have GHES honor the panic= setting (Borislav Petkov)
- HID: Wacom: Add PCI Wacom device support (Even Xu)
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (Hans de Goede)
- tomoyo: don't emit warning in tomoyo_write_control() (Tetsuo Handa)
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (Dmitry Antipov) [Orabug: 37649750] {CVE-2024-58014}
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (Shawn Lin)
- tun: fix group permission check (Stas Sergeev)
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (Kuan-Wei Chiu) [Orabug: 37649768] {CVE-2024-58017}
- x86/amd_nb: Restrict init function to AMD-based systems (Yazen Ghannam)
- sched: Don't try to catch up excess steal time. (Suleiman Souhlal)
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (Josef Bacik)
- btrfs: fix use-after-free when attempting to join an aborted transaction (Filipe Manana) [Orabug: 37650014] {CVE-2025-21753}
- btrfs: output the reason for open_ctree() failure (Qu Wenruo)
- usb: gadget: f_tcm: Don't free command immediately (Thinh Nguyen) [Orabug: 37678479] {CVE-2024-58055}
- media: uvcvideo: Fix double free in error path (Laurent Pinchart) [Orabug: 37649615] {CVE-2024-57980}
- HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (Alan Stern) [Orabug: 37649644] {CVE-2024-57986}
- usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (Jos Wang)
- drivers/card_reader/rtsx_usb: Restore interrupt based detection (Sean Rhodes)
- ktest.pl: Check kernelrelease return in get_version (Ricardo B. Marliere)
- NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Chuck Lever)
- hexagon: Fix unbalanced spinlock in die() (Lin Yujun)
- hexagon: fix using plain integer as NULL pointer warning in cmpxchg (Willem de Bruijn)
- genksyms: fix memory leak when the same symbol is read from *.symref file (Masahiro Yamada)
- genksyms: fix memory leak when the same symbol is added from source (Masahiro Yamada)
- net: sh_eth: Fix missing rtnl lock in suspend/resume path (Kory Maincent)
- vsock: Allow retrying on connect() failure (Michal Luczaj)
- perf trace: Fix runtime error of index out of bounds (Howard Chu)
- net: davicom: fix UAF in dm9000_drv_remove (Chenyuan Yang) [Orabug: 37649846] {CVE-2025-21715}
- net: rose: fix timer races against user threads (Eric Dumazet) [Orabug: 37649856] {CVE-2025-21718}
- PM: hibernate: Add error handling for syscore_suspend() (Xu Wang)
- ipmr: do not call mr_mfc_uses_dev() for unres entries (Eric Dumazet) [Orabug: 37649862] {CVE-2025-21719}
- net: fec: implement TSO descriptor cleanup (Dheeraj Reddy Jonnalagadda)
- ubifs: skip dumping tnc tree when zroot is null (Pangliyuan) [Orabug: 37678491] {CVE-2024-58058}
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (Oleksij Rempel) [Orabug: 37678517] {CVE-2024-58069}
- dmaengine: ti: edma: fix OF node reference leaks in edma_driver (Joe Hattori)
- module: Extend the preempt disabled section in dereference_symbol_descriptor(). (Sebastian Andrzej Siewior)
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (Su Yue)
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (Guixin Liu)
- scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 (Paul Menzel)
- staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (Joe Hattori)
- media: uvcvideo: Propagate buf->error to userspace (Ricardo Ribalda)
- media: camif-core: Add check for clk_enable() (Jiasheng Jiang)
- media: mipi-csis: Add check for clk_enable() (Jiasheng Jiang)
- PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (Zijun Hu)
- media: lmedm04: Handle errors for lme2510_int_read (Chen Ni)
- media: lmedm04: Use GFP_KERNEL for URB allocation/submission. (Malcolm Priestley)
- media: rc: iguanair: handle timeouts (Oliver Neukum)
- fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (Joe Hattori)
- ARM: dts: mediatek: mt7623: fix IR nodename (Rafał Miłecki)
- arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names (Chen-Yu Tsai)
- arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property (Chen-Yu Tsai)
- rdma/cxgb4: Prevent potential integer overflow on 32bit (Dan Carpenter) [Orabug: 37649564] {CVE-2024-57973}
- RDMA/mlx4: Avoid false error about access to uninitialized gids array (Leon Romanovsky)
- bpf: Send signals asynchronously if !preemptible (Puranjay Mohan) [Orabug: 37649909] {CVE-2025-21728}
- perf report: Fix misleading help message about --demangle (Jiachen Zhang)
- perf top: Don't complain about lack of vmlinux when not resolving some kernel samples (Arnaldo Carvalho de Melo)
- padata: fix sysfs store callback check (Thomas Weißschuh)
- ktest.pl: Remove unused declarations in run_bisect_test function (Ba Jing)
- perf header: Fix one memory leakage in process_bpf_prog_info() (Zhongqiu Han)
- perf header: Fix one memory leakage in process_bpf_btf() (Zhongqiu Han)
- ASoC: sun4i-spdif: Add clock multiplier settings (George Lander)
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (Marco Leogrande)
- net: sched: Disallow replacing of child qdisc from one parent to another (Jamal Hadi Salim) [Orabug: 37592533] {CVE-2025-21700}
- net/mlxfw: Drop hard coded max FW flash image size (Maher Sanalla)
- net: let net.core.dev_weight always be non-zero (Liu Jian) [Orabug: 37650232] {CVE-2025-21806}
- clk: analogbits: Fix incorrect calculation of vco rate delta (Bo Gan)
- selftests: harness: fix printing of mismatch values in __EXPECT() (Dmitry V. Levin)
- selftests/harness: Display signed values correctly (Kees Cook)
- wifi: wlcore: fix unbalanced pm_runtime calls (Andreas Kemnade)
- regulator: of: Implement the unwind path of of_regulator_match() (Joe Hattori)
- team: prevent adding a device which is already a team device lower (Octavian Purdila) [Orabug: 37678523] {CVE-2024-58071}
- cpupower: fix TSC MHz calculation (He Rongguang)
- wifi: rtlwifi: pci: wait for firmware loading before releasing memory (Thadeu Lima de Souza Cascardo)
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path (Thadeu Lima de Souza Cascardo) [Orabug: 37678504] {CVE-2024-58063}
- wifi: rtlwifi: remove unused check_buddy_priv (Thadeu Lima de Souza Cascardo) [Orabug: 37678530] {CVE-2024-58072}
- wifi: rtlwifi: remove unused dualmac control leftovers (Dmitry Antipov)
- wifi: rtlwifi: remove unused timer and related code (Dmitry Antipov)
- rtlwifi: replace usage of found with dedicated list iterator variable (Jakob Koschel)
- dt-bindings: mmc: controller: clarify the address-cells description (Neil Armstrong)
- wifi: rtlwifi: usb: fix workqueue leak when probe fails (Thadeu Lima de Souza Cascardo)
- wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (Thadeu Lima de Souza Cascardo)
- rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg (Larry Finger)
- wifi: rtlwifi: do not complete firmware loading needlessly (Thadeu Lima de Souza Cascardo)
- ipmi: ipmb: Add check devm_kasprintf() returned value (Charles Han) [Orabug: 37678457] {CVE-2024-58051}
- drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (Ivan Stepchenko) [Orabug: 37678463] {CVE-2024-58052}
- drm/etnaviv: Fix page property being used for non writecombine buffers (Sui Jingfeng)
- partitions: ldm: remove the initial kernel-doc notation (Randy Dunlap)
- nbd: don't allow reconnect after disconnect (Yu Kuai) [Orabug: 37649918] {CVE-2025-21731}
- afs: Fix directory format encoding struct (David Howells)
- overflow: Allow mixed type arguments (Kees Cook)
- overflow: Correct check_shl_overflow() comment (Keith Busch)
- overflow: Add __must_check attribute to check_*() helpers (Kees Cook)

[5.4.17-2136.343.2.el7uek]
- rds: ib: Do not attempt to insert RDMA exthdr twice (Håkon Bugge) [Orabug: 37721764]
- net: mana: Fix TX CQE error handling (Haiyang Zhang) [Orabug: 36983924] {CVE-2023-52532}
- net/mlx5: Stop waiting for PCI if pci channel is offline (Moshe Shemesh) [Orabug: 36929747]
- rds: ib: Fix racy send affinity work cancellation (Håkon Bugge) [Orabug: 36605776]
- uek-rpm: install the perf exec dir (Stephen Brennan) [Orabug: 35023180]
- uek-rpm: switch to new secureboot certificates and upgrade shim (Samasth Norway Ananda) [Orabug: 37764002]

[5.4.17-2136.343.1.el7uek]
- rds: ib: Make traffic_class visible to user-space (Håkon Bugge) [Orabug: 37617866]
- rds: ib: Remove incorrect update of the path record sl and qos_class fields (Håkon Bugge) [Orabug: 37617866]
- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Felix Fietkau) [Orabug: 36683418] {CVE-2024-36929}
- udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [Orabug: 36643088] {CVE-2024-35884}
- udp: never accept GSO_FRAGLIST packets (Paolo Abeni) [Orabug: 36643088] {CVE-2024-35884}
- udp: initialize is_flist with 0 in udp_gro_receive (Xin Long) [Orabug: 36643088] {CVE-2024-35884}

[5.4.17-2136.342.5.el7uek]
- ima: Fix use-after-free on a dentry's dname.name (Stefan Berger) [Orabug: 36835558] {CVE-2024-39494}

[5.4.17-2136.342.4.el7uek]
- sched: sch_cake: add bounds checks to host bulk flow fairness counts (Toke Høiland-Jørgensen) [Orabug: 37497384] {CVE-2025-21647}
- udf: Fix use of check_add_overflow() with mixed type arguments (Ben Hutchings)
- x86/xen: allow larger contiguous memory regions in PV guests (Juergen Gross)
- xen: remove a confusing comment on auto-translated guest I/O (Petr Tesarik)
- ALSA: hda/realtek: Fixup ALC225 depop procedure (Kailang Yang)
- ALSA: hda/realtek - Add type for ALC287 (Kailang Yang)
- net: loopback: Avoid sending IP packets without an Ethernet header (Ido Schimmel)
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37611855] {CVE-2025-21703}
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (Heming Zhao)
- Revert "btrfs: avoid monopolizing a core when activating a swap file" (Koichiro Den)
- gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). (Kuniyuki Iwashima) [Orabug: 37707676] {CVE-2025-21865}
- Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (Fedor Pchelkin) [Orabug: 37650394] {CVE-2024-58009}
- rds: Make sure transmit path and connection tear-down does not run concurrently (Håkon Bugge) [Orabug: 36308571]
- NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (Yanjun Zhang) [Orabug: 37206487] {CVE-2024-50046}

[5.4.17-2136.342.3.el7uek]
- LTS tag: v5.4.290 (Alok Tiwari)
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos)
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann)
- drm/v3d: Assign job pointer to NULL before signaling the fence (Maíra Canal) [Orabug: 37707590] {CVE-2025-21688}
- Input: xpad - add support for wooting two he (arm) (Jack Greiner)
- Input: xpad - add unofficial Xbox 360 wireless receiver clone (Nilton Perim Neto)
- Input: atkbd - map F23 key to support default copilot shortcut (Mark Pearson)
- Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (Greg Kroah-Hartman)
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (Qasim Ijaz) [Orabug: 37592080] {CVE-2025-21689}
- ext4: fix slab-use-after-free in ext4_split_extent_at() (Baokun Li) [Orabug: 37200960] {CVE-2024-49884}
- ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path (Theodore Ts'O)
- vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687}
- net/xen-netback: prevent UAF in xenvif_flush_hash() (Jeongjun Park) [Orabug: 37206012] {CVE-2024-49936}
- net: xen-netback: hash.c: Use built-in RCU list checking (Madhuparna Bhowmik)
- signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die (Eric W. Biederman)
- m68k: Add missing mmap_read_lock() to sys_cacheflush() (Liam R Howlett)
- m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal (Al Viro)
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher) [Orabug: 37592129] {CVE-2025-21699}
- irqchip/sunxi-nmi: Add missing SKIP_WAKE flag (Philippe Simons)
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (Xiang Zhang)
- ASoC: wm8994: Add depends on MFD core (Charles Keepax)
- net: fix data-races around sk->sk_forward_alloc (Wang Liang) [Orabug: 37388796] {CVE-2024-53124}
- scsi: sg: Fix slab-use-after-free read in sg_release() (Surajsonawane2415) [Orabug: 37434118] {CVE-2024-56631}
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200707] {CVE-2024-47707}
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal)
- fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel) [Orabug: 37592153] {CVE-2025-21694}
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit)
- nvmet: propagate npwg topology (Luis Chamberlain)
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov)
- kheaders: Ignore silly-rename files (David Howells)
- hfs: Sanity check the root record (Leo Stone)
- mac802154: check local interfaces before deleting sdata list (Lizhi Xu) [Orabug: 37555776] {CVE-2024-57948}
- i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang)
- drm/v3d: Ensure job pointer is set to NULL after job completion (Maíra Canal) [Orabug: 37592115] {CVE-2025-21697}
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter)
- gtp: Destroy device along with udp socket's netns dismantle. (Kuniyuki Iwashima) [Orabug: 37555832] {CVE-2025-21678}
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). (Kuniyuki Iwashima)
- gtp: use exit_batch_rtnl() method (Eric Dumazet)
- net: add exit_batch_rtnl() method (Eric Dumazet)
- net: net_namespace: Optimize the code (Yajun Deng)
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla)
- sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497290] {CVE-2025-21639}
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam) [Orabug: 37485004,37707634] {CVE-2024-57892}
- ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi)
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (Zijun Hu)
- phy: core: fix code style in devm_of_phy_provider_unregister (Vinod Koul)
- arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis)
- arm64: dts: rockchip: add #power-domain-cells to power domain nodes (Johan Jonker)
- arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399 (Johan Jonker)
- arm64: dts: rockchip: fix defines in pd_vio node for rk3399 (Johan Jonker)
- iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori)
- iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori) [Orabug: 37497149] {CVE-2024-57904}
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam)
- iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song)
- iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497160] {CVE-2024-57906}
- iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497169] {CVE-2024-57908}
- iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497179] {CVE-2024-57910}
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497183] {CVE-2024-57911}
- iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497189] {CVE-2024-57912}
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M) [Orabug: 37497196] {CVE-2024-57913}
- usb: fix reference leak in usb_new_device() (Ma Ke)
- USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng)
- USB: usblp: return error when setting unsupported protocol (Yan Jun)
- usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu)
- USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold)
- usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel)
- staging: iio: ad9832: Correct phase range check (Zicheng Qu)
- staging: iio: ad9834: Correct phase range check (Zicheng Qu)
- USB: serial: option: add Neoway N723-EA support (Michal Hrusecky)
- USB: serial: option: add MeiG Smart SRM815 (Chukun Pan)
- drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen)
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede)
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede)
- drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li) [Orabug: 37497225] {CVE-2024-57922}
- sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283] {CVE-2025-21638}
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497303] {CVE-2025-21640}
- dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen) [Orabug: 37506783] {CVE-2025-21664}
- tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington)
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet) [Orabug: 37497346] {CVE-2025-21653}
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan)
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (Jason Xing)
- net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor)
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura)
- dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai)
- dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai)
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai) [Orabug: 37497249] {CVE-2024-57929}
- jbd2: flush filesystem device before updating tail sequence (Zhang Yi)

[5.4.17-2136.342.2.el7uek]
- Revert "NFSD: Limit the number of concurrent async COPY operations" (Sherry Yang) [Orabug: 37660195]
- rds: ib: Avoid sleeping function inside RCU region by using sampled values instead (Håkon Bugge) [Orabug: 37586090]
- dm rq: don't queue request to blk-mq during DM suspend (Ming Lei) [Orabug: 37010188]
- dm: rearrange core declarations for extended use from dm-zone.c (Damien Le Moal) [Orabug: 37010188]

[5.4.17-2136.342.1.el7uek]
- cgroup: Make operations on the cgroup root_list RCU safe (Yafang Shao) [Orabug: 37621585]
- uek: kabi: Fix build error for HIDE_INCLUDE macro (Saeed Mirzamohammadi) [Orabug: 37619102]
- oracleasm: Fix PI when use_logical_block_size is set (Martin K. Petersen) [Orabug: 37503280]
- oracleasm: Add support for per-I/O block size selection (Martin K. Petersen) [Orabug: 37503280]
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882938] {CVE-2023-52450}

[5.4.17-2136.341.3.el7uek]
- io_uring: fix possible deadlock in io_register_iowq_max_workers() (Hagar Hemdan) [Orabug: 36897354,37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (Jens Axboe) [Orabug: 37304721,37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring: use kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- fs: create kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring: rename kiocb_end_write() local helper (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- vfs: check dentry is still valid in get_link() (Ian Kent) [Orabug: 37536393]
- RDS: avoid queueing delayed work on an offlined cpu (Praveen Kumar Kannoju) [Orabug: 37260584]
- NFSD: Limit the number of concurrent async COPY operations (Chuck Lever) [Orabug: 37206187,37664124] {CVE-2024-49974}

[5.4.17-2136.341.2.el7uek]
- LTS tag: v5.4.289 (Sherry Yang)
- mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (Seiji Nishikawa) [Orabug: 37484971] {CVE-2024-57884}
- drm: adv7511: Drop dsi single lane support (Biju Das)
- net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Nikolay Kuratov) [Orabug: 37506732] {CVE-2024-57938}
- sky2: Add device ID 11ab:4373 for Marvell 88E8075 (Pascal Hambourg)
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (Evgenii Shatokhin) [Orabug: 37484990] {CVE-2024-57889}
- RDMA/uverbs: Prevent integer overflow issue (Dan Carpenter) [Orabug: 37484996] {CVE-2024-57890}
- modpost: fix the missed iteration for the max bit in do_input() (Masahiro Yamada)
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (Masahiro Yamada)
- ARC: build: Try to guess GCC variant of cross compiler (Leon Romanovsky)
- irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (Uros Bizjak)
- net: usb: qmi_wwan: add Telit FE910C04 compositions (Daniele Palmas)
- bpf: fix potential error return (Anton Protopopov)
- sound: usb: format: don't warn that raw DSD is unsupported (Adrian Ratiu)
- wifi: mac80211: wake the queues in case of failure in resume (Emmanuel Grumbach)
- ila: serialize calls to nf_register_net_hooks() (Eric Dumazet) [Orabug: 37485065] {CVE-2024-57900}
- ALSA: usb-audio: US16x08: Initialize array before use (Tanya Agarwal)
- net: llc: reset skb->transport_header (Antonio Pastor)
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (Pablo Neira Ayuso) [Orabug: 37506299] {CVE-2024-54031}
- netfilter: Replace zero-length array with flexible-array member (Gustavo A R Silva)
- netrom: check buffer length before accessing it (Ilya Shchipletsov) [Orabug: 37484941] {CVE-2024-57802}
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly (Stefan Ekenberg)
- drm: bridge: adv7511: Enable SPDIF DAI (Bogdan Togorean)
- RDMA/bnxt_re: Fix max_qp_wrs reported (Selvin Xavier)
- RDMA/bnxt_re: Fix reporting hw_ver in query_device (Kalesh Ap)
- RDMA/bnxt_re: Add check for path mtu in modify_qp (Saravanan Vajravel)
- RDMA/mlx5: Enforce same type port association for multiport RoCE (Patrisious Haddad)
- net/mlx5: Make API mlx5_core_is_ecpf accept const pointer (Parav Pandit)
- IB/mlx5: Introduce and use mlx5_core_is_vf() (Parav Pandit)
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (Michael Kelley) [Orabug: 37472319] {CVE-2024-55916}
- selinux: ignore unknown extended permissions (Thiébaud Weksteen) [Orabug: 37506713] {CVE-2024-57931}
- ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet) [Orabug: 37592395] {CVE-2024-44985}
- skb_expand_head() adjust skb->truesize incorrectly (Vasily Averin)
- btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana)
- tracing: Constify string literal data member in struct trace_event_call (Christian Göttsche)
- bpf: fix recursive lock when verdict program return SK_PASS (Jiayuan Chen)
- ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029070] {CVE-2024-44986}
- ipv6: use skb_expand_head in ip6_xmit (Vasily Averin)
- ipv6: use skb_expand_head in ip6_finish_output2 (Vasily Averin)
- skbuff: introduce skb_expand_head() (Vasily Averin)
- MIPS: Probe toolchain support of -msym32 (Jiaxun Yang)
- epoll: Add synchronous wakeup support for ep_poll_callback (Xuewen Yan)
- virtio-blk: don't keep queue frozen during system suspend (Ming Lei) [Orabug: 37506753] {CVE-2024-57946}
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (Ranjan Kumar)
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (Armin Wolf)
- regmap: Use correct format specifier for logging range errors (Mark Brown)
- scsi: megaraid_sas: Fix for a potential deadlock (Tomas Henzl) [Orabug: 37472364] {CVE-2024-57807}
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (Magnus Lindholm)
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (Masami Hiramatsu)
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (Chen Ridong) [Orabug: 37452681] {CVE-2024-56767}
- dmaengine: mv_xor: fix child node refcount handling in early exit (Javier Carrasco)
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (Zijun Hu)
- phy: core: Fix that API devm_phy_put() fails to release the phy (Zijun Hu)
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (Zijun Hu)
- phy: core: Fix an OF node refcount leakage in _of_phy_get() (Zijun Hu)
- mtd: diskonchip: Cast an operand to prevent potential overflow (Zichen Xie)
- bpf: Check negative offsets in __bpf_skb_min_len() (Cong Wang)
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (Nikita Zhandarovich) [Orabug: 37452687] {CVE-2024-56769}
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (Zijun Hu)
- of: Fix error path in of_parse_phandle_with_args_map() (Herve Codina)
- udmabuf: also check for F_SEAL_FUTURE_WRITE (Jann Horn)
- nilfs2: prevent use of deleted inode (Edward Adam Davis) [Orabug: 37472286] {CVE-2024-53690}
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (Trond Myklebust)
- btrfs: tree-checker: reject inline extent items with 0 ref count (Qu Wenruo)
- zram: refuse to use zero sized block device as backing device (Kairui Song)
- sh: clk: Fix clk_enable() to return 0 on NULL clk (Geert Uytterhoeven)
- USB: serial: option: add Telit FE910C04 rmnet compositions (Daniele Palmas)
- USB: serial: option: add MediaTek T7XX compositions (Jack Wu)
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (Mank Wang)
- USB: serial: option: add MeiG Smart SLM770A (Michal Hrusecky)
- USB: serial: option: add TCL IK512 MBIM & ECM (Daniel Swanemar)
- efivarfs: Fix error on non-existent file (James E J Bottomley)
- i2c: riic: Always round-up when calculating bus period (Geert Uytterhoeven)
- chelsio/chtls: prevent potential integer overflow on 32bit (Dan Carpenter)
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (Prathamesh Shete)
- netfilter: ipset: Fix for recursive locking warning (Phil Sutter)
- net: ethernet: bgmac-platform: fix an OF node reference leak (Joe Hattori)
- net: hinic: Fix cleanup in create_rxqs/txqs() (Dan Carpenter)
- ionic: use ee->offset when returning sprom data (Shannon Nelson)
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (Guangguan Wang)
- erofs: fix incorrect symlink detection in fast symlink (Gao Xiang)
- erofs: fix order >= MAX_ORDER warning due to crafted negative i_size (Gao Xiang)
- drm/i915: Fix memory leak by correcting cache object name in error handler (Jiasheng Jiang)
- PCI: Add ACS quirk for Broadcom BCM5760X NIC (Ajit Khaparde)
- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (Takashi Iwai)
- PCI/AER: Disable AER service on suspend (Kai-Heng Feng)
- usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled (Peng Hongchi)
- net: sched: fix ordering of qlen adjustment (Lion Ackermann) [Orabug: 37433383] {CVE-2024-53164}

[5.4.17-2136.341.1.el7uek]
- kpcimgr: fix flush_icache_range arguments (Joseph Dobosenski) [Orabug: 37525298]
- uek-rpm: Update network stress testing options for embedded2 (Joseph Dobosenski) [Orabug: 37530220]

[5.4.17-2136.340.4.el7uek]
- ftrace: use preempt_enable/disable notrace macros to avoid double fault (Koichiro Den)
- nfsd: restore callback functionality for NFSv4.0 (Neil Brown)
- i2c: pnx: Fix timeout in wait functions (Vladimir Riabchun)
- of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (Zijun Hu)
- af_packet: fix vlan_get_tci() vs MSG_PEEK (Eric Dumazet) [Orabug: 37485117] {CVE-2024-57902}
- af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (Eric Dumazet) [Orabug: 37485100] {CVE-2024-57901}
- mtd: rawnand: fix double free in atmel_pmecc_create_user() (Dan Carpenter) [Orabug: 37506347] {CVE-2024-56766}

[5.4.17-2136.340.3.el7uek]
- Revert "xen/swiotlb: add alignment check for dma buffers" (Harshvardhan Jha) [Orabug: 37475435]
- vfio/iommu_type1: Fix some sanity checks in detach group (Keqian Zhu) [Orabug: 37136890]
- Revert "vfio/iommu_type1: Fix some sanity checks in detach group" (Dongli Zhang) [Orabug: 37136890]
- rds: ib: Avoid UAF on RDS Socket's rs_trans_lock (Håkon Bugge) [Orabug: 36693622]
- rds: ib: Fix blocked processes related to race in rds_rdma_free_dev_rs_worker() (Håkon Bugge) [Orabug: 36693622]
- rds: ib: Fix deterministic UAF in rds_rdma_free_dev_rs_worker() (Håkon Bugge) [Orabug: 36693622]
- Revert "KVM: SVM: Add a module parameter to override iommu AVIC usage" (Alejandro Jimenez) [Orabug: 35001679]

[5.4.17-2136.340.2.el7uek]
- LTS tag: v5.4.288 (Alok Tiwari)
- ALSA: usb-audio: Fix a DMA to stack memory bug (Dan Carpenter)
- xen/netfront: fix crash when removing device (Juergen Gross) [Orabug: 37427542] {CVE-2024-53240}
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (Raghavendra Rao Ananta)
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (Nathan Chancellor)
- blk-iocost: fix weight updates of inner active iocgs (Tejun Heo)
- blk-iocost: clamp inuse and skip noops in __propagate_weights() (Tejun Heo)
- ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired (Daniil Tatianin)
- net/sched: netem: account for backlog updates from child qdisc (Martin Ottens) [Orabug: 37462138] {CVE-2024-56770}
- qca_spi: Make driver probing reliable (Stefan Wahren)
- qca_spi: Fix clock speed for multiple QCA7000 (Stefan Wahren)
- ACPI: resource: Fix memory resource type union access (Ilpo Järvinen)
- net: lapb: increase LAPB_HEADER_LEN (Eric Dumazet) [Orabug: 37434237] {CVE-2024-56659}
- tipc: fix NULL deref in cleanup_bearer() (Eric Dumazet) [Orabug: 37506456] {CVE-2024-56661}
- batman-adv: Do not let TT changes list grows indefinitely (Remi Pommarel)
- batman-adv: Remove uninitialized data in full table TT response (Remi Pommarel)
- batman-adv: Do not send uninitialized TT changes (Remi Pommarel)
- bpf, sockmap: Fix update element with same (Michal Luczaj)
- xfs: don't drop errno values when we fail to ficlone the entire range (Darrick J. Wong)
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (Lianqin Hu) [Orabug: 37434264] {CVE-2024-56670}
- usb: ehci-hcd: fix call balance of clocks handling routines (Vitalii Mordan)
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (Stefan Wahren)
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (Joe Hattori)
- usb: host: max3421-hcd: Correctly abort a USB request. (Mark Tomlinson)
- LTS tag: v5.4.287 (Alok Tiwari)
- bpf, xdp: Update devmap comments to reflect napi/rcu usage (John Fastabend)
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Takashi Iwai) [Orabug: 37427489] {CVE-2024-53150}
- PCI: rockchip-ep: Fix address translation unit programming (Damien Le Moal)
- Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" (Zhang Zekun)
- modpost: Add .irqentry.text to OTHER_SECTIONS (Thomas Gleixner)
- jffs2: Fix rtime decompressor (Richard Weinberger)
- jffs2: Prevent rtime decompress memory corruption (Kinsey Moore) [Orabug: 37472398] {CVE-2024-57850}
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (Kunkun Jiang)
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (Kunkun Jiang)
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (Jing Zhang)
- perf/x86/intel/pt: Fix buffer full but size is 0 case (Adrian Hunter)
- bpf: fix OOB devmap writes when deleting elements (Maciej Fijalkowski) [Orabug: 37434047] {CVE-2024-56615}
- xdp: Simplify devmap cleanup (Björn Töpel)
- misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle (Parker Newman)
- powerpc/prom_init: Fixup missing powermac #size-cells (Michael Ellerman) [Orabug: 37462196] {CVE-2024-56781}
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set (Xu Yang)
- i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock (Defa Li) [Orabug: 37472157] {CVE-2024-43098}
- PCI: Add ACS quirk for Wangxun FF5xxx NICs (Mengyuan Lou)
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge (Keith Busch)
- f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. (Qi Han) [Orabug: 37433861] {CVE-2024-56586}
- nvdimm: rectify the illogical code within nd_dax_probe() (Yi Yang)
- pinctrl: qcom-pmic-gpio: add support for PM8937 (Barnabás Czémán)
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (Kai Mäkisara)
- scsi: st: Don't modify unknown block number in MTIOCGET (Kai Mäkisara)
- leds: class: Protect brightness_show() with led_cdev->led_access mutex (Mukesh Ojha) [Orabug: 37433869] {CVE-2024-56587}
- tracing: Use atomic64_inc_return() in trace_clock_counter() (Uros Bizjak)
- netpoll: Use rcu_access_pointer() in __netpoll_setup (Breno Leitao)
- net/neighbor: clear error in case strict check is not set (Jakub Kicinski)
- rocker: fix link status detection in rocker_carrier_init() (Dmitry Antipov)
- ASoC: hdmi-codec: reorder channel allocation list (Jonas Karlman)
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (Hilda Wu)
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (Norbert van Bolhuis) [Orabug: 37433908] {CVE-2024-56593}
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment (Jiapeng Chong)
- drm/amdgpu: set the right AMDGPU sg segment limitation (Prike Liang) [Orabug: 37433914] {CVE-2024-56594}
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (Nihar Chaithanya) [Orabug: 37433920] {CVE-2024-56595}
- jfs: fix array-index-out-of-bounds in jfs_readdir (Ghanshyam Agrawal) [Orabug: 37433928] {CVE-2024-56596}
- jfs: fix shift-out-of-bounds in dbSplit (Ghanshyam Agrawal) [Orabug: 37433934] {CVE-2024-56597}
- jfs: array-index-out-of-bounds fix in dtReadFirst (Ghanshyam Agrawal) [Orabug: 37433941] {CVE-2024-56598}
- wifi: ath5k: add PCI ID for Arcadyan devices (Rosen Penev)
- wifi: ath5k: add PCI ID for SX76X (Rosen Penev)
- net: inet6: do not leave a dangling sk pointer in inet6_create() (Ignat Korchagin) [Orabug: 37433955] {CVE-2024-56600}
- net: inet: do not leave a dangling sk pointer in inet_create() (Ignat Korchagin) [Orabug: 37433962] {CVE-2024-56601}
- net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (Ignat Korchagin) [Orabug: 37433970] {CVE-2024-56602}
- net: af_can: do not leave a dangling sk pointer in can_create() (Ignat Korchagin) [Orabug: 37433977] {CVE-2024-56603}
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (Ignat Korchagin) [Orabug: 37433990] {CVE-2024-56605}
- af_packet: avoid erroring out after sock_init_data() in packet_create() (Ignat Korchagin) [Orabug: 37433996] {CVE-2024-56606}
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (Elena Salomatkina)
- net: ethernet: fs_enet: Use %pa to format resource_size_t (Simon Horman)
- net: fec_mpc52xx_phy: Use %pa to format resource_size_t (Simon Horman)
- samples/bpf: Fix a resource leak (Zhujun2)
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (Igor Artemiev)
- drm/mcde: Enable module autoloading (Liao Chen)
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (Joaquín Ignacio Aramendía)
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (Rohan Barar)
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (David Given)
- s390/cpum_sf: Handle CPU hotplug remove during sampling (Thomas Richter) [Orabug: 37472391] {CVE-2024-57849}
- mmc: core: Further prevent card detect during shutdown (Ulf Hansson)
- regmap: detach regmap from dev on regmap_exit (Cosmin Tanislav)
- dma-buf: fix dma_fence_array_signaled v4 (Christian König)
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (Liequan Che) [Orabug: 37472225] {CVE-2024-48881}
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37434065] {CVE-2024-56619}
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (Saurav Kashyap)
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (Anil Gurumurthy)
- scsi: qla2xxx: Fix NVMe and NPIV connect issue (Quinn Tran)
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (Wengang Wang)
- tracing: Fix cmp_entries_dup() to respect sort() comparison rules (Kuan-Wei Chiu)
- HID: wacom: fix when get product name maybe null pointer (Yuli Wang) [Orabug: 37434108] {CVE-2024-56629}
- bpf: Fix exact match conditions in trie_get_next_key() (Hou Tao)
- bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie (Hou Tao)
- ocfs2: free inode when ocfs2_get_init_inode() fails (Tetsuo Handa) [Orabug: 37434113] {CVE-2024-56630}
- spi: mpc52xx: Add cancel_work_sync before module remove (Pei Xiao) [Orabug: 37472244] {CVE-2024-50051}
- tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (Zijian Zhang) [Orabug: 37434127] {CVE-2024-56633}
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (Pei Xiao)
- gpio: grgpio: Add NULL check in grgpio_probe (Charles Han) [Orabug: 37434131] {CVE-2024-56634}
- gpio: grgpio: use a helper variable to store the address of ofdev->dev (Bartosz Golaszewski)
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (Eric Biggers)
- x86/asm: Reorder early variables (Jiri Slaby)
- xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (Qiu-Ji Chen) [Orabug: 37433540] {CVE-2024-53198}
- xen/xenbus: fix locking (Juergen Gross)
- xenbus/backend: Protect xenbus callback with lock (SeongJae Park)
- xenbus/backend: Add memory pressure handler callback (SeongJae Park)
- xen/xenbus: reference count registered modules (Paul Durrant)
- netfilter: nft_set_hash: skip duplicated elements pending gc run (Pablo Neira Ayuso)
- netfilter: ipset: Hold module reference while requesting a module (Phil Sutter) [Orabug: 37434143] {CVE-2024-56637}
- igb: Fix potential invalid memory access in igb_init_module() (Yuan Can) [Orabug: 37472257] {CVE-2024-52332}
- net/qed: allow old cards not supporting "num_images" to work (Louis Leseur)
- tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (Kuniyuki Iwashima) [Orabug: 37434161] {CVE-2024-56642}
- tipc: add new AEAD key structure for user API (Tuong Lien)
- tipc: enable creating a "preliminary" node (Tuong Lien)
- tipc: add reference counter to bearer (Tuong Lien)
- dccp: Fix memory leak in dccp_feat_change_recv (Ivan Solodovnikov) [Orabug: 37434167] {CVE-2024-56643}
- can: j1939: j1939_session_new(): fix skb reference counting (Dmitry Antipov) [Orabug: 37434181] {CVE-2024-56645}
- net/sched: tbf: correct backlog statistic for GSO packets (Martin Ottens)
- netfilter: x_tables: fix LED ID check in led_tg_check() (Dmitry Antipov) [Orabug: 37434200] {CVE-2024-56650}
- ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (Jinghao Jia) [Orabug: 37472266] {CVE-2024-53680}
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (Dario Binacchi)
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (Dario Binacchi)
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (Yassine Oudjana)
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (Oleksandr Ocheretnyi)
- drm/etnaviv: flush shader L1 cache after user commandstream (Lucas Stach)
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (Yangerkun) [Orabug: 37462183] {CVE-2024-56779}
- nfsd: make sure exp active before svc_export_show (Yangerkun) [Orabug: 37433745] {CVE-2024-56558}
- dm thin: Add missing destroy_work_on_stack() (Yuan Can)
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (Frank Li) [Orabug: 37433756] {CVE-2024-56562}
- util_macros.h: fix/rework find_closest() macros (Alexandru Ardelean)
- ad7780: fix division by zero in ad7780_write_raw() (Zicheng Qu) [Orabug: 37433772] {CVE-2024-56567}
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (Gabor Juhos)
- ftrace: Fix regression with module command in stack_trace_filter (Guoweikang) [Orabug: 37433784] {CVE-2024-56569}
- ovl: Filter invalid inodes with missing lookup function (Vasiliy Kovalev) [Orabug: 37433789] {CVE-2024-56570}
- media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (Gaosheng Cui) [Orabug: 37433798] {CVE-2024-56572}
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (Jinjie Ruan)
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (Jinjie Ruan)
- media: ts2020: fix null-ptr-deref in ts2020_probe() (Li Zetao) [Orabug: 37433805] {CVE-2024-56574}
- media: i2c: tc358743: Fix crash in the probe error path when using polling (Alexander Shiyan) [Orabug: 37433817] {CVE-2024-56576}
- btrfs: ref-verify: fix use-after-free after invalid ref action (Filipe Manana) [Orabug: 37433832] {CVE-2024-56581}
- quota: flush quota_release_work upon quota writeback (Ojaswin Mujoo) [Orabug: 37462191] {CVE-2024-56780}
- ASoC: fsl_micfil: fix the naming style for mask definition (Shengjiu Wang)
- sh: intc: Fix use-after-free bug in register_intc_controller() (Dan Carpenter) [Orabug: 37433393] {CVE-2024-53165}
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (Liu Jian) [Orabug: 37434314] {CVE-2024-56688}
- SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE (Trond Myklebust)
- SUNRPC: correct error code comment in xs_tcp_setup_socket() (Calum Mackay)
- modpost: remove incorrect code in do_eisa_entry() (Masahiro Yamada)
- rtc: ab-eoz9: don't fail temperature reads on undervoltage notification (Maxime Chevallier)
- 9p/xen: fix release of IRQ (Alex Zenla) [Orabug: 37434374] {CVE-2024-56704}
- 9p/xen: fix init sequence (Alex Zenla)
- block: return unsigned int from bdev_io_min (Christoph Hellwig)
- jffs2: fix use of uninitialized variable (Qingfang Deng)
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (Waqar Hameed) [Orabug: 37433414] {CVE-2024-53171}
- ubi: fastmap: Fix duplicate slab cache names while attaching (Zhihao Cheng) [Orabug: 37433419] {CVE-2024-53172}
- ubifs: Correct the total block count by deducting journal reservation (Zhihao Cheng)
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (Yongliang Gao) [Orabug: 37434456] {CVE-2024-56739}
- rtc: abx80x: Fix WDT bit position of the status register (Nobuhiro Iwamatsu)
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (Trond Myklebust) [Orabug: 37433426] {CVE-2024-53173}
- um: Always dump trace for specified task in show_stack (Tiwei Bie)
- um: Clean up stacktrace dump (Johannes Berg)
- um: add show_stack_loglvl() (Dmitry Safonov)
- um/sysrq: remove needless variable sp (Dmitry Safonov)
- um: Fix the return value of elf_core_copy_task_fpregs (Tiwei Bie)
- um: Fix potential integer overflow during physmem setup (Tiwei Bie) [Orabug: 37427464] {CVE-2024-53145}
- rpmsg: glink: Propagate TX failures in intentless mode as well (Bjorn Andersson)
- SUNRPC: make sure cache entry active before cache_show (Yangerkun) [Orabug: 37433433] {CVE-2024-53174}
- NFSD: Prevent a potential integer overflow (Chuck Lever) [Orabug: 37427470] {CVE-2024-53146}
- lib: string_helpers: silence snprintf() output truncation warning (Bartosz Golaszewski)
- usb: dwc3: gadget: Fix checking for number of TRBs left (Thinh Nguyen)
- ALSA: hda/realtek: Apply quirk for Medion E15433 (Takashi Iwai)
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (Dinesh Kumar)
- ALSA: hda/realtek: Set PCBeep to default value for ALC274 (Kailang Yang)
- ALSA: hda/realtek: Update ALC225 depop procedure (Kailang Yang)
- media: wl128x: Fix atomicity violation in fmc_send_cmd() (Qiu-Ji Chen) [Orabug: 37434358] {CVE-2024-56700}
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (Jason Gerecke)
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (Muchun Song)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (Will Deacon)
- sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (Huacai Chen)
- um: vector: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433467] {CVE-2024-53181}
- serial: 8250: omap: Move pm_runtime_get_sync (Bin Liu)
- um: net: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433475] {CVE-2024-53183}
- um: ubd: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433484] {CVE-2024-53184}
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (Zhihao Cheng)
- spi: Fix acpi deferred irq probe (Stanislaw Gruszka)
- netfilter: ipset: add missing range check in bitmap_ip_uadt (Jeongjun Park) [Orabug: 37388867] {CVE-2024-53141}
- Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" (Greg Kroah-Hartman)
- serial: sh-sci: Clean sci_ports[0] after at earlycon exit (Claudiu Beznea)
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (Andrej Shadura)
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (Nicolas Bouchinet)
- comedi: Flush partial mappings in error case (Jann Horn) [Orabug: 37427482] {CVE-2024-53148}
- PCI: Fix use-after-free of slot->bus on hot remove (Lukas Wunner) [Orabug: 37433516] {CVE-2024-53194}
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (Qiu-Ji Chen)
- jfs: xattr: check invalid xattr size more strictly (Artem Sadovnikov)
- ext4: fix FS_IOC_GETFSMAP handling (Theodore Ts'O)
- ext4: supress data-race warnings in ext4_free_inodes_{count,set}() (Jeongjun Park)
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Benoît Sevens) [Orabug: 37433532] {CVE-2024-53197}
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (Manikanta Mylavarapu)
- usb: ehci-spear: fix call balance of sehci clk handling routines (Vitalii Mordan)
- apparmor: fix 'Do simple duplicate message elimination' (Chao Liu)
- staging: greybus: uart: clean up TIOCGSERIAL (Johan Hovold)
- misc: apds990x: Fix missing pm_runtime_disable() (Jinjie Ruan)
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock (Edward Adam Davis)
- USB: chaoskey: fail open after removal (Oliver Neukum)
- usb: yurex: make waiting on yurex_write interruptible (Oliver Neukum)
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (Jeongjun Park)
- ipmr: fix tables suspicious RCU usage (Paolo Abeni)
- ipmr: convert /proc handlers to rcu_read_lock() (Eric Dumazet)
- net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken (Maxime Chevallier)
- marvell: pxa168_eth: fix call balance of pep->clk handling routines (Vitalii Mordan)
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (Oleksij Rempel)
- tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets (Pavan Chebbi)
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (Oleksij Rempel)
- power: supply: core: Remove might_sleep() from power_supply_put() (Bart Van Assche)
- vfio/pci: Properly hide first-in-list PCIe extended capability (Avihai Horon) [Orabug: 37433578] {CVE-2024-53214}
- NFSD: Fix nfsd4_shutdown_copy() (Chuck Lever)
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (Chuck Lever)
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (Chuck Lever) [Orabug: 37433594] {CVE-2024-53217}
- rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length (Jonathan Marek)
- rpmsg: glink: Fix GLINK command prefix (Bjorn Andersson)
- rpmsg: glink: Send READ_NOTIFY command in FIFO full case (Arun Kumar Neelakantam)
- rpmsg: glink: Add TX_DATA_CONT command while sending (Arun Kumar Neelakantam)
- perf trace: Avoid garbage when not printing a syscall's arguments (Benjamin Peterson)
- perf trace: Do not lose last events in a race (Benjamin Peterson)
- m68k: coldfire/device.c: only build FEC when HW macros are defined (Antonio Quartulli)
- m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x (Jean-Michel Hautbois)
- PCI: cpqphp: Fix PCIBIOS_* return value confusion (Ilpo Järvinen)
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (Weiyufeng)
- perf probe: Correct demangled symbols in C++ program (Leo Yan)
- perf cs-etm: Don't flush when packet_queue fills up (James Clark)
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock (Nuno Sa)
- clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand (Alexandru Ardelean)
- dt-bindings: clock: axi-clkgen: include AXI clk (Nuno Sa)
- dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format (Alexandru Ardelean)
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (Zhen Lei) [Orabug: 37434478] {CVE-2024-56746}
- fbdev/sh7760fb: Alloc DMA memory from hardware device (Thomas Zimmermann)
- powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static (Michal Suchanek)
- ocfs2: fix uninitialized value in ocfs2_file_read_iter() (Dmitry Antipov) [Orabug: 37427503] {CVE-2024-53155}
- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (Zhen Lei) [Orabug: 37434484] {CVE-2024-56747}
- scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (Zhen Lei) [Orabug: 37434489] {CVE-2024-56748}
- scsi: fusion: Remove unused variable 'rc' (Zeng Heng)
- scsi: bfa: Fix use-after-free in bfad_im_module_exit() (Ye Bin) [Orabug: 37433630] {CVE-2024-53227}
- mfd: rt5033: Fix missing regmap_del_irq_chip() (Zhang Changzhong)
- mtd: rawnand: atmel: Fix possible memory leak (Miquel Raynal)
- cpufreq: loongson2: Unregister platform_driver on failure (Yuan Can)
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (Andy Shevchenko) [Orabug: 37434429] {CVE-2024-56723}
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (Andy Shevchenko) [Orabug: 37434434] {CVE-2024-56724}
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (Andy Shevchenko) [Orabug: 37434330] {CVE-2024-56691}
- mfd: intel_soc_pmic_bxtwc: Use dev_err_probe() (Andy Shevchenko)
- mfd: da9052-spi: Change read-mask to write-mask (Marcus Folkesson)
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (Jinjie Ruan)
- trace/trace_event_perf: remove duplicate samples on the first tracepoint event (Levi Yun)
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock (Breno Leitao)
- ALSA: 6fire: Release resources at card release (Takashi Iwai) [Orabug: 37433660] {CVE-2024-53239}
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (Takashi Iwai) [Orabug: 37433666] {CVE-2024-56531}
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (Takashi Iwai) [Orabug: 37433672] {CVE-2024-56532}
- net: rfkill: gpio: Add check for clk_enable() (Mingwei Zheng)
- selftests: net: really check for bg process completion (Paolo Abeni)
- bpf, sockmap: Fix sk_msg_reset_curr (Zijian Zhang)
- bpf, sockmap: Several fixes to bpf_msg_pop_data (Zijian Zhang) [Orabug: 37434419] {CVE-2024-56720}
- bpf, sockmap: Several fixes to bpf_msg_push_data (Zijian Zhang)
- drm/etnaviv: hold GPU lock across perfmon sampling (Lucas Stach)
- drm/etnaviv: fix power register offset on GC300 (Doug Brown)
- drm/etnaviv: dump: fix sparse warnings (Marc Kleine-Budde)
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- drm/panfrost: Remove unused id_mask from struct panfrost_model (Steven Price)
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (Alper Nebi Yasak) [Orabug: 37433695] {CVE-2024-56539}
- bpf: Fix the xdp_adjust_tail sample prog issue (Yuan Chen)
- ASoC: fsl_micfil: fix regmap_write_bits usage (Shengjiu Wang)
- ASoC: fsl_micfil: use GENMASK to define register bit fields (Sascha Hauer)
- ASoC: fsl_micfil: do not define SHIFT/MASK for single bits (Sascha Hauer)
- ASoC: fsl_micfil: Drop unnecessary register read (Sascha Hauer)
- dt-bindings: vendor-prefixes: Add NeoFidelity, Inc (Igor Prusov)
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- drm/omap: Fix locking in omap_gem_new_dmabuf() (Tomi Valkeinen)
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (Jeongjun Park) [Orabug: 37427509] {CVE-2024-53156}
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (Andy Shevchenko)
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (Luo Qiu) [Orabug: 37427515] {CVE-2024-53157}
- regmap: irq: Set lockdep class for hierarchical IRQ domains (Andy Shevchenko)
- ARM: dts: cubieboard4: Fix DCDC5 regulator constraints (Andre Przywara)
- tpm: fix signed/unsigned bug when checking event logs (Gregory Price)
- efi/tpm: Pass correct address to memblock_reserve (Jerry Snitselaar)
- mmc: mmc_spi: drop buggy snprintf() (Bartosz Golaszewski)
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (Dan Carpenter) [Orabug: 37427524] {CVE-2024-53158}
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- time: Fix references to _msecs_to_jiffies() handling of values (Miguel Ojeda)
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (Christophe Jaillet)
- crypto: bcm - add error check in the ahash_hmac_init function (Chen Ridong) [Orabug: 37434298] {CVE-2024-56681}
- crypto: cavium - Fix the if condition to exit loop after timeout (Everest K C )
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (Yi Yang) [Orabug: 37434323] {CVE-2024-56690}
- EDAC/fsl_ddr: Fix bad bit shift operations (Priyanka Singh)
- EDAC/bluefield: Fix potential integer overflow (David Thompson) [Orabug: 37427533] {CVE-2024-53161}
- firmware: google: Unregister driver_info on failure (Yuan Can)
- firmware: google: Unregister driver_info on failure and exit in gsmi (Arthur Heymans)
- hfsplus: don't query the device logical block size multiple times (Thadeu Lima de Souza Cascardo)
- s390/syscalls: Avoid creation of arch/arch/ directory (Masahiro Yamada)
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (Aleksandr Mishin)
- m68k: mvme147: Reinstate early console (Daniel Palmer)
- m68k: mvme16x: Add and use "mvme16x.h" (Geert Uytterhoeven)
- m68k: mvme147: Fix SCSI controller IRQ numbers (Daniel Palmer)
- nvme-pci: fix freeing of the HMB descriptor table (Christoph Hellwig) [Orabug: 37434510] {CVE-2024-56756}
- initramfs: avoid filename buffer overrun (David Disseldorp) [Orabug: 37388874] {CVE-2024-53142}
- mips: asm: fix warning when disabling MIPS_FP_SUPPORT (Jonas Gorski)
- x86/xen/pvh: Annotate indirect branch as safe (Josh Poimboeuf)
- nvme: fix metadata handling in nvme-passthrough (Puranjay Mohan)
- cifs: Fix buffer overflow when parsing NFS reparse points (Pali Rohár) [Orabug: 37206284] {CVE-2024-49996}
- ipmr: Fix access to mfc_cache_list without lock held (Breno Leitao)
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (David Wang)
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (Luo Yifan)
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (Luo Yifan)
- regulator: rk808: Add apply_bit for BUCK3 on RK809 (Mikhail Rudenko)
- soc: qcom: Add check devm_kasprintf() returned value (Charles Han)
- net: usb: qmi_wwan: add Quectel RG650V (Benoît Monin)
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (Arnd Bergmann)
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (Piyush Raj Chouhan)
- selftests/watchdog-test: Fix system accidentally reset after watchdog-test (Li Zhijian)
- mac80211: fix user-power when emulating chanctx (Ben Greear)
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (Hans de Goede)
- kbuild: Use uname for LINUX_COMPILE_HOST detection (Chris Down)
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (Mauro Carvalho Chehab)
- nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (Ryusuke Konishi) [Orabug: 37388819] {CVE-2024-53130}
- ocfs2: fix UBSAN warning in ocfs2_verify_volume() (Dmitry Antipov)
- nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (Ryusuke Konishi) [Orabug: 37388825] {CVE-2024-53131}
- KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (Sean Christopherson) [Orabug: 37388846] {CVE-2024-53135}
- ocfs2: uncache inode which has failed entering the group (Dmitry Antipov) [Orabug: 37388753] {CVE-2024-53112}
- net/mlx5e: kTLS, Fix incorrect page refcounting (Dragos Tatulea) [Orabug: 37388854] {CVE-2024-53138}
- net/mlx5: fs, lock FTE when checking if active (Mark Bloch) [Orabug: 37388785] {CVE-2024-53121}
- netlink: terminate outstanding dump on socket close (Jakub Kicinski) [Orabug: 37388861] {CVE-2024-53140}
- LTS tag: v5.4.286 (Alok Tiwari)
- 9p: fix slab cache name creation for real (Linus Torvalds)
- md/raid10: improve code of mrdev in raid10_sync_request (Li Nan)
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (Reinhard Speyerer)
- fs: Fix uninitialized value issue in from_kuid and from_kgid (Alessandro Zanni) [Orabug: 37331928] {CVE-2024-53101}
- powerpc/powernv: Free name on error in opal_event_init() (Michael Ellerman)
- sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML (Julian Vetter)
- bpf: use kvzmalloc to allocate BPF verifier environment (Rik van Riel)
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (Yuli Wang)
- 9p: Avoid creating multiple slab caches with the same name (Pedro Falcato)
- ALSA: usb-audio: Add endianness annotations (Jan Schär)
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Hyunwoo Kim) [Orabug: 37298681] {CVE-2024-50264}
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (Hyunwoo Kim) [Orabug: 37344480] {CVE-2024-53103}
- ftrace: Fix possible use-after-free issue in ftrace_location() (Zheng Yejian) [Orabug: 36753574] {CVE-2024-38588}
- NFSD: Fix NFSv4's PUTPUBFH operation (Chuck Lever)
- ALSA: usb-audio: Add quirks for Dell WD19 dock (Jan Schär)
- ALSA: usb-audio: Support jack detection on Dell dock (Jan Schär)
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (Andrew Kanner) [Orabug: 37298685] {CVE-2024-50265}
- irqchip/gic-v3: Force propagation of the active state with a read-back (Marc Zyngier)
- USB: serial: option: add Quectel RG650V (Benoît Monin)
- USB: serial: option: add Fibocom FG132 0x0112 composition (Reinhard Speyerer)
- USB: serial: qcserial: add support for Sierra Wireless EM86xx (Jack Wu)
- USB: serial: io_edgeport: fix use after free in debug printk (Dan Carpenter) [Orabug: 37298695] {CVE-2024-50267}
- usb: musb: sunxi: Fix accessing an released usb phy (Zijun Hu) [Orabug: 37298703] {CVE-2024-50269}
- fs/proc: fix compile warning about variable 'vmcore_mmap_ops' (Qi Xi)
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (Benoît Sevens) [Orabug: 37344485] {CVE-2024-53104}
- net: bridge: xmit: make sure we have at least eth header len bytes (Nikolay Aleksandrov) [Orabug: 36753372] {CVE-2024-38538}
- spi: fix use-after-free of the add_lock mutex (Michael Walle)
- spi: Fix deadlock when adding SPI controllers on SPI buses (Mark Brown)
- mtd: rawnand: protect access to rawnand devices while in suspend (Sean Nyekjaer)
- btrfs: reinitialize delayed ref list after deleting it from the list (Filipe Manana) [Orabug: 37298715] {CVE-2024-50273}
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (Roberto Sassu) [Orabug: 37304779] {CVE-2024-53066}
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (Zichen Xie)
- dm cache: fix potential out-of-bounds access on the first resume (Ming-Hung Tsai) [Orabug: 37298732] {CVE-2024-50278}
- dm cache: optimize dirty bit checking with find_next_bit when resizing (Ming-Hung Tsai)
- dm cache: fix out-of-bounds access to the dirty bitset when resizing (Ming-Hung Tsai) [Orabug: 37298737] {CVE-2024-50279}
- dm cache: correct the number of origin blocks to match the target length (Ming-Hung Tsai)
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (Alex Deucher) [Orabug: 37298751] {CVE-2024-50282}
- pwm: imx-tpm: Use correct MODULO value for EPWM mode (Erik Schumacher)
- media: v4l2-tpg: prevent the risk of a division by zero (Mauro Carvalho Chehab) [Orabug: 37298782] {CVE-2024-50287}
- media: cx24116: prevent overflows on SNR calculus (Mauro Carvalho Chehab) [Orabug: 37298797] {CVE-2024-50290}
- media: s5p-jpeg: prevent buffer overflows (Mauro Carvalho Chehab) [Orabug: 37304763] {CVE-2024-53061}
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (Murad Masimov)
- media: adv7604: prevent underflow condition when reporting colorspace (Mauro Carvalho Chehab)
- media: dvb_frontend: don't play tricks with underflow values (Mauro Carvalho Chehab)
- media: dvbdev: prevent the risk of out of memory access (Mauro Carvalho Chehab) [Orabug: 37304769] {CVE-2024-53063}
- media: stb0899_algo: initialize cfr before using it (Mauro Carvalho Chehab)
- net: hns3: fix kernel crash when uninstalling driver (Peiyang Wang) [Orabug: 37298811] {CVE-2024-50296}
- can: c_can: fix {rx,tx}_errors statistics (Dario Binacchi)
- sctp: properly validate chunk size in sctp_sf_ootb() (Xin Long) [Orabug: 37298820] {CVE-2024-50299}
- net: enetc: set MAC address to the VF net_device (Wei Fang)
- enetc: simplify the return expression of enetc_vf_set_mac_addr() (Qinglang Miao)
- security/keys: fix slab-out-of-bounds in key_task_permission (Chen Ridong) [Orabug: 37298827] {CVE-2024-50301}
- HID: core: zero-initialize the report buffer (Jiri Kosina) [Orabug: 37298834] {CVE-2024-50302}
- ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin (Heiko Stuebner)
- ARM: dts: rockchip: Fix the spi controller on rk3036 (Heiko Stuebner)
- ARM: dts: rockchip: drop grf reference from rk3036 hdmi (Heiko Stuebner)
- ARM: dts: rockchip: fix rk3036 acodec node (Heiko Stuebner)
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (Heiko Stuebner)
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (Heiko Stuebner)
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (Diederik de Haas)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (Geert Uytterhoeven)

[5.4.17-2136.340.1.el7uek]
- rds/ib: avoid scq/rcq polling during rds connection shutdown (Arumugam Kolappan) [Orabug: 37092563]
- RDMA/mlx5: Send UAR page index as ioctl attribute (Akiva Goldberger) [Orabug: 37029739]
- RDMA: Pass entire uverbs attr bundle to create cq function (Akiva Goldberger) [Orabug: 37029739]
- IB/uverbs: Enable CQ ioctl commands by default (Yishai Hadas) [Orabug: 37029739]

ELSA-2025-15447 Important: Oracle Linux 10 kernel security update

Oracle Linux Security Advisory ELSA-2025-15447

http://linux.oracle.com/errata/ELSA-2025-15447.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-abi-stablelists-6.12.0-55.31.1.0.1.el10_0.noarch.rpm
kernel-core-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-cross-headers-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-debug-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-debug-core-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-debug-devel-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-debug-devel-matched-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-core-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-extra-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-debug-uki-virt-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-devel-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-devel-matched-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-doc-6.12.0-55.31.1.0.1.el10_0.noarch.rpm
kernel-headers-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-modules-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-modules-core-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-modules-extra-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-tools-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-tools-libs-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-tools-libs-devel-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-uki-virt-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
kernel-uki-virt-addons-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
libperf-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
perf-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
python3-perf-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
rtla-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm
rv-6.12.0-55.31.1.0.1.el10_0.x86_64.rpm

aarch64:
kernel-cross-headers-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm
kernel-headers-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm
kernel-tools-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm
kernel-tools-libs-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm
kernel-tools-libs-devel-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm
libperf-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm
perf-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm
python3-perf-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm
rtla-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm
rv-6.12.0-55.31.1.0.1.el10_0.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-55.31.1.0.1.el10_0.src.rpm

Related CVEs:

CVE-2025-22097
CVE-2025-37803
CVE-2025-38350
CVE-2025-38449

Description of changes:

[6.12.0-55.31.1.0.1.el10_0.OL10]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 vlag is zero
- net/sched: ets: use old 'nbands' while purging unused classes - CVE-2025-38350
- net/sched: Always pass notifications when child class becomes empty - CVE-2025-38350
- net_sched: ets: fix a race in ets_qdisc_change() - CVE-2025-38107
- sch_htb: make htb_deactivate() idempotent - CVE-2025-37953
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() - CVE-2025-37798
- sch_qfq: make qfq_qlen_notify() idempotent - CVE-2025-38350
- sch_drr: make drr_qlen_notify() idempotent - CVE-2025-38350
- sch_htb: make htb_qlen_notify() idempotent - CVE-2025-37932
- drm/vkms: Fix use after free and double free on init error - CVE-2025-22097
- Revert "cxl/acpi: Fix load failures due to single window creation failure"
- udmabuf: fix a buf size overflow issue during udmabuf creation - CVE-2025-37803
- drm/framebuffer: Acquire internal references on GEM handles - CVE-2025-38449
- drm/gem: Acquire references on GEM handles for framebuffers - CVE-2025-38449
- nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
- nvme-ioctl: fix leaked requests on mapping error

ELBA-2025-20577 Oracle Linux 10 linux-firmware bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20577

http://linux.oracle.com/errata/ELBA-2025-20577.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.42.1.el10.noarch.rpm
iwl100-firmware-39.31.5.1-999.42.1.el10.noarch.rpm
iwl105-firmware-18.168.6.1-999.42.1.el10.noarch.rpm
iwl135-firmware-18.168.6.1-999.42.1.el10.noarch.rpm
iwl2000-firmware-18.168.6.1-999.42.1.el10.noarch.rpm
iwl2030-firmware-18.168.6.1-999.42.1.el10.noarch.rpm
iwl3160-firmware-25.30.13.0-999.42.1.el10.noarch.rpm
iwl3945-firmware-15.32.2.9-999.42.1.el10.noarch.rpm
iwl4965-firmware-228.61.2.24-999.42.1.el10.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.42.1.el10.noarch.rpm
iwl5150-firmware-8.24.2.2-999.42.1.el10.noarch.rpm
iwl6000-firmware-9.221.4.1-999.42.1.el10.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.42.1.el10.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.42.1.el10.noarch.rpm
iwl6050-firmware-41.28.5.1-999.42.1.el10.noarch.rpm
iwl7260-firmware-25.30.13.0-999.42.1.el10.noarch.rpm
iwlax2xx-firmware-20250909-999.42.1.el10.noarch.rpm
libertas-sd8686-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm
libertas-sd8787-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm
libertas-usb8388-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm
libertas-usb8388-olpc-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm
linux-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm
linux-firmware-core-20250909-999.42.1.git356f06bf.el10.noarch.rpm
linux-firmware-whence-20250909-999.42.1.git356f06bf.el10.noarch.rpm
liquidio-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm
netronome-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.42.1.el10.noarch.rpm
iwl100-firmware-39.31.5.1-999.42.1.el10.noarch.rpm
iwl105-firmware-18.168.6.1-999.42.1.el10.noarch.rpm
iwl135-firmware-18.168.6.1-999.42.1.el10.noarch.rpm
iwl2000-firmware-18.168.6.1-999.42.1.el10.noarch.rpm
iwl2030-firmware-18.168.6.1-999.42.1.el10.noarch.rpm
iwl3160-firmware-25.30.13.0-999.42.1.el10.noarch.rpm
iwl3945-firmware-15.32.2.9-999.42.1.el10.noarch.rpm
iwl4965-firmware-228.61.2.24-999.42.1.el10.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.42.1.el10.noarch.rpm
iwl5150-firmware-8.24.2.2-999.42.1.el10.noarch.rpm
iwl6000-firmware-9.221.4.1-999.42.1.el10.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.42.1.el10.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.42.1.el10.noarch.rpm
iwl6050-firmware-41.28.5.1-999.42.1.el10.noarch.rpm
iwl7260-firmware-25.30.13.0-999.42.1.el10.noarch.rpm
iwlax2xx-firmware-20250909-999.42.1.el10.noarch.rpm
libertas-sd8686-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm
libertas-sd8787-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm
libertas-usb8388-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm
libertas-usb8388-olpc-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm
linux-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm
linux-firmware-core-20250909-999.42.1.git356f06bf.el10.noarch.rpm
linux-firmware-whence-20250909-999.42.1.git356f06bf.el10.noarch.rpm
liquidio-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm
netronome-firmware-20250909-999.42.1.git356f06bf.el10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/linux-firmware-20250909-999.42.1.git356f06bf.el10.src.rpm

Description of changes:

[20250909-999.42.1.git356f06bf.el10]
- Rewrite the script to accomodate yum-based installs [Orabug: 38410501]

ELSA-2025-20559 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-20559

http://linux.oracle.com/errata/ELSA-2025-20559.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
bpftool-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-312.187.5.1.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek64k-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek64k-core-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek64k-devel-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek64k-modules-5.15.0-312.187.5.1.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-5.15.0-312.187.5.1.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-312.187.5.1.el9uek.src.rpm

Description of changes:

[5.15.0-312.187.5.1.el9uek]
- x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38343660]
- x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38343660]
- x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38343660]
- x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38343660]
- x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (Josh Poimboeuf) [Orabug: 38343660]
- x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38343660]
- x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38343660]
- Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38343660]

ELSA-2025-15687 Moderate: Oracle Linux 8 php:8.2 security update

Oracle Linux Security Advisory ELSA-2025-15687

http://linux.oracle.com/errata/ELSA-2025-15687.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
apcu-panel-5.1.23-1.module+el8.10.0+90469+8883f508.noarch.rpm
libzip-1.7.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm
libzip-devel-1.7.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm
libzip-tools-1.7.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm
php-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-bcmath-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-cli-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-common-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-dba-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-dbg-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-devel-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-embedded-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-enchant-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-ffi-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-fpm-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-gd-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-gmp-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-intl-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-ldap-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-mbstring-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-mysqlnd-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-odbc-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-opcache-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-pdo-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-pear-1.10.14-1.module+el8.10.0+90469+8883f508.noarch.rpm
php-pecl-apcu-5.1.23-1.module+el8.10.0+90469+8883f508.x86_64.rpm
php-pecl-apcu-devel-5.1.23-1.module+el8.10.0+90469+8883f508.x86_64.rpm
php-pecl-rrd-2.0.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm
php-pecl-xdebug3-3.2.2-2.module+el8.10.0+90469+8883f508.x86_64.rpm
php-pecl-zip-1.22.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm
php-pgsql-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-process-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-snmp-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-soap-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm
php-xml-8.2.28-1.module+el8.10.0+90667+8f0d9096.x86_64.rpm

aarch64:
apcu-panel-5.1.23-1.module+el8.10.0+90469+8883f508.noarch.rpm
libzip-1.7.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm
libzip-devel-1.7.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm
libzip-tools-1.7.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm
php-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-bcmath-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-cli-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-common-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-dba-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-dbg-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-devel-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-embedded-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-enchant-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-ffi-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-fpm-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-gd-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-gmp-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-intl-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-ldap-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-mbstring-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-mysqlnd-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-odbc-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-opcache-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-pdo-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-pear-1.10.14-1.module+el8.10.0+90469+8883f508.noarch.rpm
php-pecl-apcu-5.1.23-1.module+el8.10.0+90469+8883f508.aarch64.rpm
php-pecl-apcu-devel-5.1.23-1.module+el8.10.0+90469+8883f508.aarch64.rpm
php-pecl-rrd-2.0.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm
php-pecl-xdebug3-3.2.2-2.module+el8.10.0+90469+8883f508.aarch64.rpm
php-pecl-zip-1.22.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm
php-pgsql-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-process-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-snmp-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-soap-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm
php-xml-8.2.28-1.module+el8.10.0+90667+8f0d9096.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libzip-1.7.3-1.module+el8.10.0+90469+8883f508.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-8.2.28-1.module+el8.10.0+90667+8f0d9096.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pear-1.10.14-1.module+el8.10.0+90469+8883f508.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-apcu-5.1.23-1.module+el8.10.0+90469+8883f508.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-rrd-2.0.3-1.module+el8.10.0+90469+8883f508.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-xdebug3-3.2.2-2.module+el8.10.0+90469+8883f508.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-zip-1.22.3-1.module+el8.10.0+90469+8883f508.src.rpm

Related CVEs:

CVE-2024-8929
CVE-2024-11233
CVE-2024-11234
CVE-2025-1217
CVE-2025-1219
CVE-2025-1734
CVE-2025-1736
CVE-2025-1861

Description of changes:

libzip
php
[8.2.28-1]
- rebase to 8.2.28

php-pear
php-pecl-apcu
php-pecl-rrd
php-pecl-xdebug3
php-pecl-zip

ELSA-2025-20560 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-20560

http://linux.oracle.com/errata/ELSA-2025-20560.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.347.6.1.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.347.6.1.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.347.6.1.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.347.6.1.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.347.6.1.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.347.6.1.el8uek.src.rpm

Description of changes:

[5.4.17-2136.347.6.1.el8uek]
- x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38343661]
- x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38343661]
- x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38343661]
- x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38343661]
- x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38343661]
- x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38343661]
- Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38343661]

ELBA-2025-20579 Oracle Linux 8 linux-firmware bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20579

http://linux.oracle.com/errata/ELBA-2025-20579.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.42.1.el8.noarch.rpm
iwl100-firmware-39.31.5.1-999.42.1.el8.noarch.rpm
iwl105-firmware-18.168.6.1-999.42.1.el8.noarch.rpm
iwl135-firmware-18.168.6.1-999.42.1.el8.noarch.rpm
iwl2000-firmware-18.168.6.1-999.42.1.el8.noarch.rpm
iwl2030-firmware-18.168.6.1-999.42.1.el8.noarch.rpm
iwl3160-firmware-25.30.13.0-999.42.1.el8.noarch.rpm
iwl3945-firmware-15.32.2.9-999.42.1.el8.noarch.rpm
iwl4965-firmware-228.61.2.24-999.42.1.el8.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.42.1.el8.noarch.rpm
iwl5150-firmware-8.24.2.2-999.42.1.el8.noarch.rpm
iwl6000-firmware-9.221.4.1-999.42.1.el8.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.42.1.el8.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.42.1.el8.noarch.rpm
iwl6050-firmware-41.28.5.1-999.42.1.el8.noarch.rpm
iwl7260-firmware-25.30.13.0-999.42.1.el8.noarch.rpm
iwlax2xx-firmware-20250909-999.42.1.el8.noarch.rpm
libertas-sd8686-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm
libertas-sd8787-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm
libertas-usb8388-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm
libertas-usb8388-olpc-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm
linux-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm
linux-firmware-core-20250909-999.42.1.git356f06bf.el8.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.42.1.el8.noarch.rpm
iwl100-firmware-39.31.5.1-999.42.1.el8.noarch.rpm
iwl105-firmware-18.168.6.1-999.42.1.el8.noarch.rpm
iwl135-firmware-18.168.6.1-999.42.1.el8.noarch.rpm
iwl2000-firmware-18.168.6.1-999.42.1.el8.noarch.rpm
iwl2030-firmware-18.168.6.1-999.42.1.el8.noarch.rpm
iwl3160-firmware-25.30.13.0-999.42.1.el8.noarch.rpm
iwl3945-firmware-15.32.2.9-999.42.1.el8.noarch.rpm
iwl4965-firmware-228.61.2.24-999.42.1.el8.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.42.1.el8.noarch.rpm
iwl5150-firmware-8.24.2.2-999.42.1.el8.noarch.rpm
iwl6000-firmware-9.221.4.1-999.42.1.el8.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.42.1.el8.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.42.1.el8.noarch.rpm
iwl6050-firmware-41.28.5.1-999.42.1.el8.noarch.rpm
iwl7260-firmware-25.30.13.0-999.42.1.el8.noarch.rpm
iwlax2xx-firmware-20250909-999.42.1.el8.noarch.rpm
libertas-sd8686-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm
libertas-sd8787-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm
libertas-usb8388-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm
libertas-usb8388-olpc-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm
linux-firmware-20250909-999.42.1.git356f06bf.el8.noarch.rpm
linux-firmware-core-20250909-999.42.1.git356f06bf.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/linux-firmware-20250909-999.42.1.git356f06bf.el8.src.rpm

Description of changes:

[20250909-999.42.1.git356f06bf.el8]
- Rewrite the script to accomodate yum-based installs [Orabug: 38410501]

ELSA-2025-14683 Moderate: Oracle Linux 7 gdk-pixbuf2 security update

Oracle Linux Security Advisory ELSA-2025-14683

http://linux.oracle.com/errata/ELSA-2025-14683.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
gdk-pixbuf2-2.36.12-3.0.1.el7.i686.rpm
gdk-pixbuf2-2.36.12-3.0.1.el7.x86_64.rpm
gdk-pixbuf2-devel-2.36.12-3.0.1.el7.i686.rpm
gdk-pixbuf2-devel-2.36.12-3.0.1.el7.x86_64.rpm
gdk-pixbuf2-tests-2.36.12-3.0.1.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/gdk-pixbuf2-2.36.12-3.0.1.el7.src.rpm

Related CVEs:

CVE-2025-7345

Description of changes:

[2.36.12-3.0.1]
- jpeg: Be more careful with chunked icc data [Orabug: 38359772][CVE-2025-7345]

ELBA-2025-20580 Oracle Linux 7 linux-firmware bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20580

http://linux.oracle.com/errata/ELBA-2025-20580.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.42.1.el7.noarch.rpm
iwl100-firmware-39.31.5.1-999.42.1.el7.noarch.rpm
iwl105-firmware-18.168.6.1-999.42.1.el7.noarch.rpm
iwl135-firmware-18.168.6.1-999.42.1.el7.noarch.rpm
iwl2000-firmware-18.168.6.1-999.42.1.el7.noarch.rpm
iwl2030-firmware-18.168.6.1-999.42.1.el7.noarch.rpm
iwl3160-firmware-22.0.7.0-999.42.1.el7.noarch.rpm
iwl3945-firmware-15.32.2.9-999.42.1.el7.noarch.rpm
iwl4965-firmware-228.61.2.24-999.42.1.el7.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.42.1.el7.noarch.rpm
iwl5150-firmware-8.24.2.2-999.42.1.el7.noarch.rpm
iwl6000-firmware-9.221.4.1-999.42.1.el7.noarch.rpm
iwl6000g2a-firmware-17.168.5.3-999.42.1.el7.noarch.rpm
iwl6000g2b-firmware-17.168.5.2-999.42.1.el7.noarch.rpm
iwl6050-firmware-41.28.5.1-999.42.1.el7.noarch.rpm
iwl7260-firmware-22.0.7.0-999.42.1.el7.noarch.rpm
iwlax2xx-firmware-20250909-999.42.1.el7.noarch.rpm
linux-firmware-20250909-999.42.1.git356f06bf.el7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/linux-firmware-20250909-999.42.1.git356f06bf.el7.src.rpm

Description of changes:

[20250909-999.42.1.git356f06bf.el7]
- Rewrite the script to accomodate yum-based installs [Orabug: 38410501]

CUPS, Niri, Jupyterlab, and more updates for Fedora

MySQL and CUPS updates for AlmaLinux

CUPS, MySQL, PHP, and more updates for Oracle Linux

ELSA-2025-15701 Important: Oracle Linux 10 cups security update

ELSA-2025-15699 Moderate: Oracle Linux 10 mysql-selinux and mysql8.4 security update

ELBA-2025-9413 Oracle Linux 10 linux-firmware bug fix update

ELBA-2025-20550 Oracle Linux 7 linux-firmware bug fix update

ELSA-2025-15700 Important: Oracle Linux 9 cups security update

ELBA-2025-20578 Oracle Linux 9 linux-firmware bug fix update

ELBA-2025-15707 Oracle Linux 9 samba bug fix and enhancement update

ELSA-2025-15661 Important: Oracle Linux 9 kernel security update

ELSA-2025-15447 Important: Oracle Linux 10 kernel security update

ELBA-2025-20577 Oracle Linux 10 linux-firmware bug fix update

ELSA-2025-20559 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

ELSA-2025-15687 Moderate: Oracle Linux 8 php:8.2 security update

ELSA-2025-20560 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELBA-2025-20579 Oracle Linux 8 linux-firmware bug fix update

ELSA-2025-14683 Moderate: Oracle Linux 7 gdk-pixbuf2 security update

ELBA-2025-20580 Oracle Linux 7 linux-firmware bug fix update

Windows

Linux

macOS

Community