Kernel, Firmware, X11, and more updates for Oracle Linux

Oracle Linux 6421 Published 2025-12-16 08:53 by Philipp Esselbach

News

ELSA-2025-28049 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-28049

http://linux.oracle.com/errata/ELSA-2025-28049.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.350.3.1.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.350.3.1.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.350.3.1.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.350.3.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.350.3.1.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.350.3.1.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.350.3.1.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.350.3.1.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.350.3.1.el7uek.src.rpm

Related CVEs:

CVE-2024-50022
CVE-2025-22058
CVE-2025-23143
CVE-2025-39883
CVE-2025-39885
CVE-2025-39911
CVE-2025-39913
CVE-2025-39923
CVE-2025-39945
CVE-2025-39953
CVE-2025-39955
CVE-2025-39967
CVE-2025-39968
CVE-2025-39969
CVE-2025-39970
CVE-2025-39971
CVE-2025-39972
CVE-2025-39973
CVE-2025-39993
CVE-2025-39994
CVE-2025-39995
CVE-2025-39996
CVE-2025-39998
CVE-2025-40001
CVE-2025-40006
CVE-2025-40011
CVE-2025-40018
CVE-2025-40019
CVE-2025-40020
CVE-2025-40026
CVE-2025-40027
CVE-2025-40030
CVE-2025-40035
CVE-2025-40042
CVE-2025-40044
CVE-2025-40048
CVE-2025-40049
CVE-2025-40055
CVE-2025-40070
CVE-2025-40078
CVE-2025-40081
CVE-2025-40087
CVE-2025-40105
CVE-2025-40111
CVE-2025-40115
CVE-2025-40118
CVE-2025-40125
CVE-2025-40134
CVE-2025-40140
CVE-2025-40153
CVE-2025-40167
CVE-2025-40173
CVE-2025-40178
CVE-2025-40186
CVE-2025-40187
CVE-2025-40190
CVE-2025-40194
CVE-2025-40197
CVE-2025-40198
CVE-2025-40200
CVE-2025-40204
CVE-2025-40205
CVE-2025-40219
CVE-2025-40233
CVE-2025-40240

Description of changes:

[5.4.17-2136.350.3.1]
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38744458]
- fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38744453]

[5.4.17-2136.350.3]
- net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506370]

[5.4.17-2136.350.2]
- LTS tag: v5.4.301 (Alok Tiwari)
- net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg (Zhengchao Shao)
- media: s5p-mfc: remove an unused/uninitialized variable (Arnd Bergmann)
- NFSD: Fix last write offset handling in layoutcommit (Sergey Bashirov)
- NFSD: Minor cleanup in layoutcommit processing (Sergey Bashirov)
- padata: Reset next CPU when reorder sequence wraps around (Xiao Liang)
- KEYS: trusted_tpm1: Compare HMAC values in constant time (Eric Biggers)
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601819] {CVE-2025-40087}
- vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601924] {CVE-2025-40105}
- jbd2: ensure that all ongoing I/O complete before freeing blocks (Zhang Yi)
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination (Deepanshu Kartikey) [Orabug: 38649223] {CVE-2025-40167}
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (Gui-Dong Han)
- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (Theodore Ts'O) [Orabug: 38649412] {CVE-2025-40198}
- spi: cadence-quadspi: Flush posted register writes before DAC access (Pratyush Yadav)
- spi: cadence-quadspi: Flush posted register writes before INDAC access (Pratyush Yadav)
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (Zhen Ni)
- memory: samsung: exynos-srom: Correct alignment (Krzysztof Kozlowski)
- arm64: errata: Apply workarounds for Neoverse-V3AE (Mark Rutland)
- arm64: cputype: Add Neoverse-V3AE definitions (Mark Rutland)
- comedi: fix divide-by-zero in comedi_buf_munge() (Deepanshu Kartikey)
- binder: remove "invalid inc weak" check (Alice Ryhl)
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (Mathias Nyman)
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (Tim Guttzeit)
- USB: serial: option: add Telit FN920C04 ECM compositions (Li Qingwu)
- USB: serial: option: add Quectel RG255C (Reinhard Speyerer)
- USB: serial: option: add UNISOC UIS7720 (Renjun Wang)
- net: ravb: Ensure memory write completes before ringing TX doorbell (Lad Prabhakar)
- net: usb: rtl8150: Fix frame padding (Michał Pecio)
- ocfs2: clear extent cache after moving/defragmenting extents (Deepanshu Kartikey) [Orabug: 38730547] {CVE-2025-40233}
- MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering (Maciej W. Rozycki)
- Revert "cpuidle: menu: Avoid discarding useful information" (Rafael J. Wysocki)
- net: bonding: fix possible peer notify event loss or dup issue (Tonghao Zhang)
- sctp: avoid NULL dereference when chunk data buffer is missing (Alexey Simakov) [Orabug: 38730567] {CVE-2025-40240}
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (Huang, Ying)
- net: enetc: correct the value of ENETC_RXB_TRUESIZE (Wei Fang)
- rtnetlink: Allow deleting FDB entries in user namespace (Johannes Wiesboeck)
- net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del (Nikolay Aleksandrov)
- net: add ndo_fdb_del_bulk (Nikolay Aleksandrov)
- net: rtnetlink: add bulk delete support flag (Nikolay Aleksandrov)
- net: netlink: add NLM_F_BULK delete request modifier (Nikolay Aleksandrov)
- net: rtnetlink: use BIT for flag values (Nikolay Aleksandrov)
- net: rtnetlink: add helper to extract msg type's kind (Nikolay Aleksandrov)
- net: rtnetlink: add msg kind names (Nikolay Aleksandrov)
- net: rtnetlink: remove redundant assignment to variable err (Colin Ian King)
- m68k: bitops: Fix find_*_bit() signatures (Geert Uytterhoeven)
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (Yangtao Li)
- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() (Viacheslav Dubeyko)
- dlm: check for defined force value in dlm_lockspace_release (Alexander Aring)
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (Viacheslav Dubeyko)
- hfs: validate record offset in hfsplus_bmap_alloc (Yang Chenzhi)
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (Viacheslav Dubeyko)
- hfs: make proper initalization of struct hfs_find_data (Viacheslav Dubeyko)
- hfs: clear offset and space out of valid records in b-tree node (Viacheslav Dubeyko)
- exec: Fix incorrect type for ret (Xichao Zhao)
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (Viacheslav Dubeyko)
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (Randy Dunlap)
- sched/fair: Fix pelt lost idle time detection (Vincent Guittot)
- sched/balancing: Rename newidle_balance() => sched_balance_newidle() (Ingo Molnar)
- sched/fair: Trivial correction of the newidle_balance() comment (Barry Song)
- sched: Make newidle_balance() static again (Chen Yu)
- tls: don't rely on tx_work during send() (Sabrina Dubroca)
- tls: always set record_type in tls_process_cmsg (Sabrina Dubroca)
- tg3: prevent use of uninitialized remote_adv and local_adv variables (Alexey Simakov)
- tcp: fix tcp_tso_should_defer() vs large RTT (Eric Dumazet)
- amd-xgbe: Avoid spurious link down messages during interface toggle (Raju Rangoju)
- net/ip6_tunnel: Prevent perpetual tunnel growth (Dmitry Safonov) [Orabug: 38649261] {CVE-2025-40173}
- net: dlink: handle dma_map_single() failure properly (Moon Yeounsu)
- net: dl2k: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- media: pci: ivtv: Add missing check after DMA map (Thomas Fourier)
- media: pci/ivtv: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- xen/events: Update virq_to_irq on migration (Jason Andryuk)
- media: lirc: Fix error handling in lirc_register() (Ma Ke)
- media: rc: Directly use ida_free() (Keliu)
- drm/exynos: exynos7_drm_decon: remove ctx->suspended (Kaustabh Chakraborty)
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (Anderson Nascimento) [Orabug: 38649463] {CVE-2025-40205}
- pwm: berlin: Fix wrong register in suspend/resume (Jisheng Zhang)
- media: cx18: Add missing check after DMA map (Thomas Fourier)
- xen/events: Cleanup find_virq() return codes (Jason Andryuk)
- cramfs: Verify inode mode when loading from disk (Tetsuo Handa)
- fs: Add 'initramfs_options' to set initramfs mount options (Lichen Liu)
- pid: Add a judgment for ns null in pid_nr_ns (Gaoxiang17) [Orabug: 38649276] {CVE-2025-40178}
- minixfs: Verify inode mode when loading from disk (Tetsuo Handa)
- tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592033] {CVE-2025-40042}
- dm: fix NULL pointer dereference in __dm_suspend() (Zheng Qixing) [Orabug: 38649057] {CVE-2025-40134}
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (Hans de Goede)
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (Andy Shevchenko)
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (Hans de Goede)
- Squashfs: reject negative file sizes in squashfs_read_inode() (Phillip Lougher) [Orabug: 38649425] {CVE-2025-40200}
- Squashfs: add additional inode sanity checking (Phillip Lougher)
- media: mc: Clear minor number before put device (Edward Adam Davis) [Orabug: 38649399] {CVE-2025-40197}
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (Bartosz Golaszewski)
- fs: udf: fix OOB read in lengthAllocDescs handling (Larshin Sergey) [Orabug: 38592048] {CVE-2025-40044}
- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug: 38591959] {CVE-2025-40026}
- net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591965] {CVE-2025-40027}
- ext4: guard against EA inode refcount underflow in xattr update (Ahmet Eray Karadag) [Orabug: 38649330] {CVE-2025-40190}
- ext4: correctly handle queries for metadata mappings (Ojaswin Mujoo)
- ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() (Yongjian Sun)
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia)
- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) (Sean Christopherson)
- x86/umip: Check that the instruction opcode is at least two bytes (Sean Christopherson)
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (Siddharth Vadapalli)
- PCI/AER: Fix missing uevent on recovery when a reset is requested (Niklas Schnelle)
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (Niklas Schnelle) [Orabug: 38730513] {CVE-2025-40219}
- rseq/selftests: Use weak symbol reference, not definition, to link with glibc (Sean Christopherson)
- rtc: interface: Fix long-standing race when setting alarm (Esben Haabendal)
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (Esben Haabendal)
- mmc: core: SPI mode remove cmd7 (Rex Chen)
- mtd: rawnand: fsmc: Default to autodetect buswidth (Linus Walleij)
- sparc: fix error handling in scan_one_device() (Ma Ke)
- sparc64: fix hugetlb for sun4u (Anthony Yznaga)
- sctp: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 38649451] {CVE-2025-40204}
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (Thorsten Blum)
- parisc: don't reference obsolete termio struct for TC* constants (Sam James)
- lib/genalloc: fix device leak in of_gen_pool_get() (Johan Hovold)
- iio: frequency: adf4350: Fix prescaler usage. (Michael Hennerich)
- iio: dac: ad5421: use int type to store negative error codes (Rong Qianfeng)
- iio: dac: ad5360: use int type to store negative error codes (Rong Qianfeng)
- crypto: atmel - Fix dma_unmap_sg() direction (Thomas Fourier)
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (Rafael J. Wysocki) [Orabug: 38649367] {CVE-2025-40194}
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (Shuhao Fu)
- media: i2c: mt9v111: fix incorrect type for ret (Rong Qianfeng)
- firmware: meson_sm: fix device leak at probe (Johan Hovold)
- xen/manage: Fix suspend error path (Lukas Wunner)
- arm64: dts: qcom: msm8916: Add missing MDSS reset (Stephan Gerhold)
- ACPI: debug: fix signedness issues in read/write helpers (Amir Mohammad Jahangirzad)
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (Daniel Tang)
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (Gunnar Kudrjavets)
- tpm, tpm_tis: Claim locality before writing interrupt registers (Lino Sanfilippo)
- crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38581456,38705546] {CVE-2025-40019}
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (Harini T)
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (Harini T)
- tools build: Align warning options with perf (Leo Yan)
- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe (Erick Karanja)
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Kuniyuki Iwashima) [Orabug: 38649579] {CVE-2025-40186}
- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (Alexandr Sapozhnikov) [Orabug: 38649313] {CVE-2025-40187}
- drm/vmwgfx: Fix Use-after-free in validation (Ian Forbes) [Orabug: 38643546] {CVE-2025-40111}
- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() (Dan Carpenter)
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557654] {CVE-2025-40001}
- scsi: mvsas: Use sas_task_find_rq() for tagging (John Garry)
- scsi: mvsas: Delete mvs_tag_init() (John Garry)
- scsi: libsas: Add sas_task_find_rq() (John Garry)
- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver (Alok Tiwari)
- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() (Brian Masney)
- perf session: Fix handling when buffer exceeds 2 GiB (Leo Yan)
- rtc: x1205: Fix Xicor X1205 vendor prefix (Rob Herring)
- perf util: Fix compression checks returning -1 as bool (Yunseong Kim)
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (Michael Hennerich)
- clocksource/drivers/clps711x: Fix resource leaks in error paths (Zhen Ni)
- pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug: 38591981] {CVE-2025-40030}
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38592002] {CVE-2025-40035}
- mm: hugetlb: avoid soft lockup when mprotect to large memory area (Yang Shi) [Orabug: 38649150] {CVE-2025-40153}
- uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592067] {CVE-2025-40048}
- Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592077] {CVE-2025-40049}
- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable (Kohei Enju)
- nfp: fix RSS hash key size when RSS is not supported (Kohei Enju)
- drivers/base/node: fix double free in register_one_node() (Donet Tom)
- ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592110] {CVE-2025-40055}
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (I Viswanath) [Orabug: 38649096] {CVE-2025-40140}
- RDMA/siw: Always report immediate post SQ errors (Bernard Metzler)
- usb: vhci-hcd: Prevent suspending virtually attached devices (Cristian Ciocaltea)
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (Ranjan Kumar) [Orabug: 38648982] {CVE-2025-40115}
- ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug: 38581446] {CVE-2025-40018}
- NFSv4.1: fix backchannel max_resp_sz verification check (Anthony Iliopoulos)
- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice (Stephan Gerhold)
- sparc: fix accurate exception reporting in copy_{from,to}_user for M7 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_to_user for Niagara 4 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC (Michael Karcher)
- IB/sa: Fix sa_local_svc_timeout_ms read race (Vlad Dumitrescu)
- RDMA/core: Resolve MAC of next-hop device without ARP support (Parav Pandit)
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (Abdun Nihaal)
- drivers/base/node: handle error properly in register_one_node() (Donet Tom)
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (Christophe Leroy)
- netfilter: ipset: Remove unused htable_bits in macro ahash_region (Zhen Ni)
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (Hans de Goede)
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (Takashi Iwai)
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (Takashi Iwai)
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (Takashi Iwai)
- pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592170] {CVE-2025-40070}
- misc: genwqe: Fix incorrect cmd field being reported in error (Colin Ian King)
- usb: gadget: configfs: Correctly set use_os_string at bind (William Wu)
- usb: phy: twl6030: Fix incorrect type for ret (Xichao Zhao)
- tcp: fix __tcp_close() to only send RST when required (Eric Dumazet)
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (Alok Tiwari)
- wifi: mwifiex: send world regulatory domain to driver (Stefan Kerkmann)
- ALSA: lx_core: use int type to store negative error codes (Rong Qianfeng)
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (Zhang Shurong)
- scsi: myrs: Fix dma_alloc_coherent() error check (Thomas Fourier)
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (Niklas Cassel) [Orabug: 38649567] {CVE-2025-40118}
- serial: max310x: Add error checking in probe() (Dan Carpenter)
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (Dan Carpenter)
- drm/radeon/r600_cs: clean up of dead code in r600_cs (Brahmajit Das)
- i2c: designware: Add disabling clocks when probe fails (Kunihiko Hayashi)
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (Leilk Liu)
- bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592205] {CVE-2025-40078}
- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported (Akhilesh Patil)
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (Uwe Kleine-König)
- block: use int to store blk_stack_limits() return value (Rong Qianfeng)
- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (Li Nan) [Orabug: 38649026] {CVE-2025-40125}
- pinctrl: meson-gxl: add missing i2c_d pinmux (Da Xue)
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (Sneh Mankad)
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (Huisong Li)
- regmap: Remove superfluous check for !config in __regmap_init() (Geert Uytterhoeven)
- x86/vdso: Fix output operand size of RDPID (Uros Bizjak)
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592223] {CVE-2025-40081}
- driver core/PM: Set power.no_callbacks along with power.no_pm (Rafael J. Wysocki)
- staging: axis-fifo: flush RX FIFO on read errors (Ovidiu Panait)
- staging: axis-fifo: fix maximum TX packet length check (Ovidiu Panait)
- perf subcmd: avoid crash in exclude_cmds when excludes is empty (Hupu)
- dm-integrity: limit MAX_TAG_SIZE to 255 (Mikulas Patocka)
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 (Bitterblue Smith)
- USB: serial: option: add SIMCom 8230C compositions (Xiaowei Li)
- media: rc: fix races with imon_disconnect() (Larshin Sergey) [Orabug: 38548027] {CVE-2025-39993}
- media: imon: grab lock earlier in imon_ir_change_protocol() (Tetsuo Handa)
- media: imon: reorganize serialization (Tetsuo Handa)
- media: rc: Add support for another iMON 0xffdc device (Flavius Georgescu)
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (Duoming Zhou) [Orabug: 38548044] {CVE-2025-39995}
- media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou) [Orabug: 38548037] {CVE-2025-39994}
- media: tunner: xc5000: Refactor firmware load (Ricardo Ribalda)
- udp: Fix memory accounting leak. (Kuniyuki Iwashima) [Orabug: 37844325] {CVE-2025-22058}
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou) [Orabug: 38548051] {CVE-2025-39996}
- scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran) [Orabug: 38548059] {CVE-2025-39998}
- LTS tag: v5.4.300 (Alok Tiwari)
- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (Maciej S. Szmigiero)
- mm/hugetlb: fix folio is still mapped when deleted (Tu Jinjiang) [Orabug: 38560482] {CVE-2025-40006}
- i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik)
- i40e: fix validation of VF state in get resources (Lukasz Czapnik) [Orabug: 38547929] {CVE-2025-39969}
- i40e: fix idx validation in config queues msg (Lukasz Czapnik) [Orabug: 38547938] {CVE-2025-39971}
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38547952,38604168,38604171] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder)
- mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (David Hildenbrand)
- fbcon: Fix OOB access in font allocation (Thomas Zimmermann)
- fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda) [Orabug: 38547913] {CVE-2025-39967}
- i40e: add max boundary check for VF filters (Lukasz Czapnik) [Orabug: 38547923] {CVE-2025-39968}
- i40e: fix input validation logic for action_meta (Lukasz Czapnik) [Orabug: 38547933] {CVE-2025-39970}
- i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik) [Orabug: 38547946] {CVE-2025-39972}
- drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita) [Orabug: 38560496] {CVE-2025-40011}
- can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean) [Orabug: 38581463] {CVE-2025-40020}
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven)
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov)
- usb: core: Add 0x prefix to quirks debug output (Jiayi Li)
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai)
- ALSA: usb-audio: Convert comma to semicolon (Chen Ni)
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea)
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea)
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (Hans de Goede)
- net: rfkill: gpio: add DT support (Philipp Zabel)
- serial: sc16is7xx: fix bug in flow control levels init (Hugo Villeneuve)
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (Alan Stern)
- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body (Jakob Koschel)
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (Colin Ian King)
- ASoC: wm8974: Correct PLL rate rounding (Charles Keepax)
- ASoC: wm8940: Correct typo in control name (Charles Keepax)
- mmc: mvsdio: Fix dma_unmap_sg() nents value (Thomas Fourier)
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (Nathan Chancellor)
- cnic: Fix use-after-free bugs in cnic_delete_task (Duoming Zhou) [Orabug: 38503849] {CVE-2025-39945}
- net: liquidio: fix overflow in octeon_init_instr_queue() (Alexey Nepomnyashih)
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Kuniyuki Iwashima) [Orabug: 38526388] {CVE-2025-39955}
- i40e: remove redundant memory barrier when cleaning Tx descs (Maciej Fijalkowski)
- net: natsemi: fix rx_dropped double accounting on netif_rx() failure (Moon Yeounsu)
- cgroup: split cgroup_destroy_wq into 3 workqueues (Chen Ridong) [Orabug: 38503892] {CVE-2025-39953}
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch (Geert Uytterhoeven)
- wifi: mac80211: fix incorrect type for ret (Liao Yuanhong)
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (Takashi Sakamoto)
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Miaohe Lin) [Orabug: 38461848] {CVE-2025-39883}
- phy: ti-pipe3: fix device leak at unbind (Johan Hovold)
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (Stephan Gerhold) [Orabug: 38494822] {CVE-2025-39923}
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (Anders Roxell)
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (Tetsuo Handa)
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (Tetsuo Handa)
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (Michal Schmidt) [Orabug: 38494787] {CVE-2025-39911}
- i40e: Use irq_update_affinity_hint() (Nitesh Narayan Lal)
- genirq: Provide new interfaces for affinity hints (Thomas Gleixner)
- genirq: Export affinity setter for modules (Thomas Gleixner)
- genirq/affinity: Add irq_update_affinity_desc() (John Garry)
- igb: fix link test skipping when interface is admin down (Kohei Enju)
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (Stefan Wahren)
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (Fabio Porcedda)
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (Fabian Vogt)
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (Alexander Sverdlin)
- mtd: nand: raw: atmel: Fix comment in timings preparation (Alexander Dahl)
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (Christophe Kerello)
- mm/khugepaged: fix the address passed to notifier on testing young (Wei Yang)
- fuse: prevent overflow in copy_file_range return value (Miklos Szeredi)
- fuse: check if copy_file_range() returns larger than requested size (Miklos Szeredi)
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (Christophe Kerello)
- ocfs2: fix recursive semaphore deadlock in fiemap call (Mark Tinguely) [Orabug: 38461859] {CVE-2025-39885}
- EDAC/altera: Delete an inappropriate dma_free_coherent() call (Salah Triki)
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (Kuniyuki Iwashima) [Orabug: 38494797] {CVE-2025-39913}
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (Kuniyuki Iwashima) [Orabug: 37901604] {CVE-2025-23143}

[5.4.17-2136.350.1]
- device-dax: correct pgoff align in dax_set_mapping() (Kun(Llfl)) [Orabug: 37206404] {CVE-2024-50022}

[5.4.17-2136.349.3]
- Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" (Jakub Kicinski) [Orabug: 38545204]
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (Sean Christopherson) [Orabug: 38494247]
- rds: Free all frags when rds_ib_recv_cache_put() fails (Hans Westgaard Ry) [Orabug: 38492234]

[5.4.17-2136.349.2]
- bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags (Alan Maguire) [Orabug: 36699199]

[5.4.17-2136.349.1]
- NFSv4: Don't clear capabilities that won't be reset (Trond Myklebust)
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (H. Nikolaus Schaller)
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (H. Nikolaus Schaller)
- usb: hub: Fix flushing of delayed work used for post resume purposes (Mathias Nyman)
- soc: qcom: mdt_loader: Deal with zero e_shentsize (Bjorn Andersson)
- Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" (Tariq Toukan)
- LTS tag: v5.4.299 (Alok Tiwari)
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (John Evans) [Orabug: 38456754] {CVE-2025-39841}
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- cifs: fix integer overflow in match_server() (Roman Smirnov)
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (Larisa Grigore)
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (Larisa Grigore)
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (Larisa Grigore)
- pcmcia: Add error handling for add_interval() in do_validate_mem() (Xu Wang)
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (Takashi Iwai)
- randstruct: gcc-plugin: Fix attribute addition (Kees Cook)
- randstruct: gcc-plugin: Remove bogus void member (Kees Cook)
- vmxnet3: update MTU after device quiesce (Ronak Doshi)
- net: dsa: microchip: linearize skb for tail-tagging switches (Jakob Unterwurzacher)
- net: dsa: microchip: update tag_ksz masks for KSZ9477 family (Pieter Van Trappen)
- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (Chris Chiu)
- gpio: pca953x: fix IRQ storm on system wake up (Emanuele Ghidoli)
- iio: light: opt3001: fix deadlock due to concurrent flag access (Luca Ceresoli) [Orabug: 37977028] {CVE-2025-37968}
- iio: chemical: pms7003: use aligned_s64 for timestamp (David Lechner)
- cpufreq/sched: Explicitly synchronize limits_changed flag handling (Rafael J. Wysocki)
- mm/slub: avoid accessing metadata when pointer is invalid in object_err() (Li Qiong) [Orabug: 38494761] {CVE-2025-39902}
- mm/khugepaged: fix ->anon_vma race (Jann Horn)
- e1000e: fix heap overflow in e1000_set_eeprom (Vitaly Lifshits)
- batman-adv: fix OOB read/write in network-coding decode (Stanislav Fort)
- drm/amdgpu: drop hw access in non-DC audio fini (Alex Deucher)
- wifi: mwifiex: Initialize the chan_stats array to zero (Rong Qianfeng) [Orabug: 38494723] {CVE-2025-39891}
- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (Ma Ke)
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (Cryolitia Pukngae)
- ppp: fix memory leak in pad_compress_skb (Qingfang Deng) [Orabug: 38456781] {CVE-2025-39847}
- net: atm: fix memory leak in atm_register_sysfs when device_register fail (Wang Liang)
- ax25: properly unshare skbs in ax25_kiss_rcv() (Eric Dumazet)
- ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() (Dan Carpenter)
- net: thunder_bgx: add a missing of_node_put (Rosen Penev)
- wifi: libertas: cap SSID len in lbs_associate() (Dan Carpenter)
- wifi: cw1200: cap SSID length in cw1200_do_join() (Dan Carpenter)
- net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets (Felix Fietkau)
- i40e: Fix potential invalid access when MAC list is empty (Zhen Ni) [Orabug: 38456814] {CVE-2025-39853}
- icmp: fix icmp_ndo_send address translation for reply direction (Fabian Bläse)
- mISDN: Fix memory leak in dsp_hwec_enable() (Miaoqian Lin)
- xirc2ps_cs: fix register access when enabling FullDuplex (Alok Tiwari)
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (Kuniyuki Iwashima) [Orabug: 38456834] {CVE-2025-39860}
- netfilter: conntrack: helper: Replace -EEXIST by -EBUSY (Phil Sutter)
- wifi: cfg80211: fix use-after-free in cmp_bss() (Dmitry Antipov) [Orabug: 38456860] {CVE-2025-39864}
- powerpc: boot: Remove leading zero in label in udelay() (Nathan Chancellor)

[5.4.17-2136.348.3]
- hugetlbfs: take read_lock on i_mmap for PMD sharing (Waiman Long) [Orabug: 38459576]
- kallsyms: add module_kallsyms_on_each_symbol_locked (Julian Pidancet) [Orabug: 38418686]
- kallsyms: export module_kallsyms_on_each_symbol (Julian Pidancet) [Orabug: 38418686]

[5.4.17-2136.348.2]
- uek-rpm: Move ifb module to nano modules (Harshit Mogalapalli) [Orabug: 38443798]
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38310007,38453918] {CVE-2025-38499}
- x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38424094]
- x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38424094]
- Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38424094]

[5.4.17-2136.348.1]
- LTS tag: v5.4.298 (Sherry Yang)
- Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" (Imre Deak)
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- Revert "drm/amdgpu: fix incorrect vm flags to map bo" (Alex Deucher) [Orabug: 38343661]
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (Minjong Kim) [Orabug: 38440228] {CVE-2025-39808}
- HID: wacom: Add a new Art Pen 2 (Ping Cheng)
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (Qasim Ijaz) [Orabug: 38440310] {CVE-2025-39824}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (Li Nan) [Orabug: 38440277] {CVE-2025-39817}
- sctp: initialize more fields in sctp_v6_from_sk() (Eric Dumazet) [Orabug: 38440251] {CVE-2025-39812}
- net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts (Rohan G Thomas)
- net/mlx5e: Set local Xoff after FW update (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon port speed set (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon MTU set (Alexei Lazar)
- net: dlink: fix multicast stats being counted incorrectly (Moon Yeounsu)
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). (Kuniyuki Iwashima) [Orabug: 38440347] {CVE-2025-39828}
- net/atm: remove the atmdev_ops {get, set}sockopt methods (Christoph Hellwig)
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (Luiz Augusto von Dentz)
- powerpc/kvm: Fix ifdef to remove build warning (Madhavan Srinivasan)
- net: ipv4: fix regression in local-broadcast routes (Oscar Maes) [Orabug: 38343661]
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (Nikolay Kuratov)
- scsi: core: sysfs: Correct sysfs attributes access rights (Damien Le Moal)
- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (Tengda Wu) [Orabug: 38440259] {CVE-2025-39813}
- pinctrl: STMFX: add missing HAS_IOMEM dependency (Randy Dunlap)
- LTS tag: v5.4.297 (Sherry Yang)
- alloc_fdtable(): change calling conventions. (Al Viro)
- s390/hypfs: Enable limited access during lockdown (Peter Oberparleiter)
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (Peter Oberparleiter)
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (Takashi Iwai)
- net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate (William Liu)
- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (William Liu)
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (Jason Xing)
- ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add (Heminhong)
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (Dan Carpenter) [Orabug: 38343661]
- scsi: qla4xxx: Prevent a potential error pointer dereference (Dan Carpenter) [Orabug: 38401514] {CVE-2025-39676}
- usb: xhci: Fix slot_id resource race conflict (Weitao Wang)
- nfs: fix UAF in direct writes (Josef Bacik) [Orabug: 36596831] {CVE-2024-26958}
- NFS: Fix up commit deadlocks (Trond Myklebust)
- cifs: Fix UAF in cifs_demultiplex_thread() (Zhang Xiaoxu)
- Bluetooth: fix use-after-free in device_for_each_child() (Dmitry Antipov) [Orabug: 37433654] {CVE-2024-53237}
- act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti) [Orabug: 34882838] {CVE: CVE-2022-4269}
- net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti)
- net/sched: act_mirred: refactor the handle of xmit (Wenxu)
- selftests: forwarding: tc_actions.sh: add matchall mirror test (Jiri Pirko)
- net: sched: don't expose action qstats to skb_tc_reinsert() (Vlad Buslov)
- net: sched: extract qstats update code into functions (Vlad Buslov)
- net: sched: extract bstats update code into function (Vlad Buslov)
- net: sched: extract common action counters update code into function (Vlad Buslov)
- mm: perform the mapping_map_writable() check after call_mmap() (Lorenzo Stoakes)
- mm: update memfd seal write check to include F_SEAL_WRITE (Lorenzo Stoakes)
- mm: drop the assumption that VM_SHARED always implies writable (Lorenzo Stoakes)
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37908492] {CVE-2025-37798}
- sch_qfq: make qfq_qlen_notify() idempotent (Cong Wang)
- sch_hfsc: make hfsc_qlen_notify() idempotent (Cong Wang) [Orabug: 38158396] {CVE-2025-38177}
- sch_drr: make drr_qlen_notify() idempotent (Cong Wang)
- btrfs: populate otime when logging an inode item (Qu Wenruo)
- media: venus: hfi: explicitly release IRQ during teardown (Jorge Ramirez-Ortiz)
- f2fs: fix to avoid out-of-boundary access in dnode page (Chao Yu)
- media: venus: protect against spurious interrupts during probe (Jorge Ramirez-Ortiz)
- media: qcom: camss: cleanup media device allocated resource on error path (Vladimir Zapolskiy)
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. (Ricardo Ribalda)
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (Imre Deak)
- pwm: mediatek: Fix duty and period setting (Uwe Kleine-König)
- pwm: mediatek: Handle hardware enable and clock enable separately (Uwe Kleine-König)
- pwm: mediatek: Implement .apply() callback (Uwe Kleine-König)
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (Gui-Dong Han) [Orabug: 38401677] {CVE-2025-39713}
- media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() (Sakari Ailus)
- media: v4l2-ctrls: always copy the controls on completion (Hans Verkuil)
- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig (Damien Le Moal)
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header (Bjorn Andersson) [Orabug: 38423524] {CVE-2025-39787}
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (Meagan Lloyd)
- usb: musb: omap2430: fix device leak at unbind (Johan Hovold)
- NFS: Fix the setting of capabilities when automounting a new filesystem (Trond Myklebust) [Orabug: 38429211] {CVE-2025-39798}
- NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() (Trond Myklebust)
- NFSv4: Fix nfs4_bitmap_copy_adjust() (Trond Myklebust)
- usb: typec: fusb302: cache PD RX state (Sebastian Reichel)
- cdc-acm: fix race between initial clearing halt and open (Oliver Neukum)
- USB: cdc-acm: do not log successful probe on later errors (Johan Hovold)
- mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock (Breno Leitao)
- mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t (He Zhe)
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (Geoffrey D. Bennett)
- x86/fpu: Delay instruction pointer fixup until after warning (Dave Hansen)
- mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery (Andy Shevchenko)
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38395081,38501612] {CVE-2025-38724}
- pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov (Maulik Shah)
- tracing: Add down_write(trace_event_sem) when adding trace event (Steven Rostedt) [Orabug: 38324271] {CVE-2025-38539}
- usb: hub: Don't try to recover devices lost during warm reset. (Mathias Nyman)
- usb: hub: avoid warm port reset during USB3 disconnect (Mathias Nyman)
- x86/mce/amd: Add default names for MCA banks and blocks (Yazen Ghannam)
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (Zhang Lixu)
- f2fs: fix to do sanity check on ino and xnid (Chao Yu)
- mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n (Harry Yoo)
- mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() (Miaohe Lin)
- drm/sched: Remove optimization that causes hang when killing dependent jobs (Lin Cao)
- ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (Haoxiang Li) [Orabug: 38351930] {CVE-2025-38664}
- net: usbnet: Fix the wrong netif_carrier_on() call (Ammar Faizi)
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (John Ernberg)
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (Lukas Wunner)
- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (Li Zhong)
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (Ian Abbott)
- comedi: Fix initialization of data for instructions that write to subdevice (Ian Abbott)
- kbuild: Add KBUILD_CPPFLAGS to as-option invocation (Nathan Chancellor)
- kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS (Masahiro Yamada)
- kbuild: Add CLANG_FLAGS to as-instr (Nathan Chancellor)
- mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation (Nathan Chancellor)
- kbuild: Update assembler calls to use proper flags and language target (Nick Desaulniers)
- ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS (Nathan Chancellor)
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (Kuen-Han Tsai)
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (Zenm Chen)
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (Thorsten Blum)
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (Mael Guerin)
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (Miao Li)
- iio: proximity: isl29501: fix buffered read on big-endian systems (David Lechner)
- ftrace: Also allocate and copy hash for reading of filter files (Steven Rostedt) [Orabug: 38401581] {CVE-2025-39689}
- fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() (Xu Yilun)
- use uniform permission checks for all mount propagation changes (Al Viro)
- move_mount: allow to add a mount into an existing group (Pavel Tikhomirov)
- fs/buffer: fix use-after-free when call bh_read() helper (Ye Bin) [Orabug: 38401587] {CVE-2025-39691}
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (Timur Kristóf)
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (Timur Kristóf)
- memstick: Fix deadlock by moving removing flag earlier (Jiayi Li)
- media: venus: Add a check for packet size after reading from shared memory (Vedang Nagar)
- media: ov2659: Fix memory leaks in ov2659_probe() (Zhang Shurong)
- media: usbtv: Lock resolution while streaming (Ludwig Disterhof) [Orabug: 38401684] {CVE-2025-39714}
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (Haoxiang Li)
- media: gspca: Add bounds checking to firmware parser (Dan Carpenter)
- soc/tegra: pmc: Ensure power-domains are in a known state (Jonathan Hunter)
- jbd2: prevent softlockup in jbd2_log_do_checkpoint() (Baokun Li) [Orabug: 38423509] {CVE-2025-39782}
- PCI: endpoint: Fix configfs group removal on driver teardown (Damien Le Moal)
- PCI: endpoint: Fix configfs group list head handling (Damien Le Moal)
- mtd: rawnand: fsmc: Add missing check after DMA map (Thomas Fourier)
- pwm: imx-tpm: Reset counter if CMOD is 0 (Laurentiu Mihalcea)
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (Nathan Chancellor)
- zynq_fpga: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- ata: libata-scsi: Fix ata_to_sense_error() status handling (Damien Le Moal)
- ext4: fix reserved gdt blocks handling in fsmap (Ojaswin Mujoo)
- ext4: fix fsmap end of range reporting with bigalloc (Ojaswin Mujoo)
- ext4: check fast symlink for ea_inode correctly (Andreas Dilger)
- vt: defkeymap: Map keycodes above 127 to K_HOLE (Myrrh Periwinkle)
- vt: keyboard: Don't process Unicode characters in K_OFF mode (Myrrh Periwinkle)
- usb: dwc3: meson-g12a: fix device leaks at unbind (Johan Hovold)
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (Johan Hovold)
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (Nathan Chancellor)
- m68k: Fix lost column on framebuffer debug console (Finn Thain)
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (Dan Carpenter)
- serial: 8250: fix panic due to PSLVERR (Yunhui Cui) [Orabug: 38401729] {CVE-2025-39724}
- media: uvcvideo: Do not mark valid metadata as invalid (Ricardo Ribalda)
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Youngjun Lee) [Orabug: 38394816] {CVE-2025-38680}
- mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() (Waiman Long)
- parisc: Makefile: fix a typo in palo.conf (Randy Dunlap)
- btrfs: fix log tree replay failure due to file with 0 links and extents (Filipe Manana)
- thunderbolt: Fix copy+paste error in match_service_id() (Eric Biggers)
- comedi: fix race between polling and detaching (Ian Abbott)
- misc: rtsx: usb: Ensure mmc child device is active when card is present (Ricky Wu)
- drm/amdgpu: fix incorrect vm flags to map bo (Jack Xiao)
- scsi: lpfc: Remove redundant assignment to avoid memory leak (Jiasheng Jiang)
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (Meagan Lloyd)
- pNFS: Fix uninited ptr deref in block/scsi layout (Sergey Bashirov) [Orabug: 38394867] {CVE-2025-38691}
- pNFS: Handle RPC size limit for layoutcommits (Sergey Bashirov)
- pNFS: Fix disk addr range check in block/scsi layout (Sergey Bashirov)
- pNFS: Fix stripe mapping in block/scsi layout (Sergey Bashirov)
- net: phy: smsc: add proper reset flags for LAN8710A (Csaba Buday)
- ipmi: Fix strcpy source and destination the same (Corey Minyard)
- kconfig: lxdialog: fix 'space' to (de)select options (Yann E. MORIN)
- kconfig: gconf: fix potential memory leak in renderer_edited() (Masahiro Yamada)
- kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() (Masahiro Yamada)
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (Breno Leitao)
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (John Garry)
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (Ranjan Kumar)
- kconfig: nconf: Ensure null termination where strncpy is used (Shankari Anand)
- kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c (Suchit Karunakaran)
- i3c: don't fail if GETHDRCAP is unsupported (Wolfram Sang)
- PCI: pnv_php: Work around switches with broken presence detection (Timothy Pearson)
- i3c: add missing include to internal header (Wolfram Sang)
- media: uvcvideo: Fix bandwidth issue for Alcor camera (Chenchangcheng)
- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (Alex Guo) [Orabug: 38394880] {CVE-2025-38693}
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (Alex Guo) [Orabug: 38394887] {CVE-2025-38694}
- media: usb: hdpvr: disable zero-length read messages (Wolfram Sang)
- media: tc358743: Increase FIFO trigger level to 374 (Dave Stevenson)
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (Dave Stevenson)
- media: tc358743: Check I2C succeeded during probe (Dave Stevenson)
- pinctrl: stm32: Manage irq affinity settings (Cheick Traore)
- scsi: mpt3sas: Correctly handle ATA device errors (Damien Le Moal)
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (Justin Tee) [Orabug: 38394894] {CVE-2025-38695}
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (Yury Norov) [Orabug: 38423286] {CVE-2025-39742}
- MIPS: Don't crash in stack_top() for tasks without ABI or vDSO (Thomas Weißschuh)
- jfs: upper bound check of tree index in dbAllocAG (Arnaud Lecomte)
- jfs: Regular file corruption check (Edward Adam Davis)
- jfs: truncate good inode pages when hard link is 0 (Lizhi Xu)
- scsi: bfa: Double-free fix (Jackysliu) [Orabug: 38394925] {CVE-2025-38699}
- MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} (Shiji Yang)
- watchdog: dw_wdt: Fix default timeout (Sebastian Reichel)
- fs/orangefs: use snprintf() instead of sprintf() (Amir Mohammad Jahangirzad)
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Showrya M N) [Orabug: 38394931] {CVE-2025-38700}
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (Theodore Ts'O) [Orabug: 38394937] {CVE-2025-38701}
- cifs: Fix calling CIFSFindFirst() for root path without msearch (Pali Rohár)
- vhost: fail early when __vhost_add_used() fails (Jason Wang)
- net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 (Álvaro Fernández Rojas)
- uapi: in6: restore visibility of most IPv6 socket options (Jakub Kicinski)
- net: ncsi: Fix buffer overflow in fetching version id (Hari Kalavakunta)
- net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 (Álvaro Fernández Rojas)
- net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 (Álvaro Fernández Rojas)
- net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs (Gal Pressman)
- wifi: iwlegacy: Check rate_idx range after addition (Stanislaw Gruszka)
- netmem: fix skb_frag_address_safe with unreadable skbs (Mina Almasry)
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_rx_interrupt(). (Thomas Fourier)
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (Anjaneyulu)
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (Rand Deeb)
- net: fec: allow disable coalescing (Jonas Rebmann)
- (powerpc/512) Fix possible dma_unmap_single() on uninitialized pointer (Thomas Fourier)
- s390/stp: Remove udelay from stp_sync_clock() (Sven Schnelle)
- wifi: iwlwifi: mvm: fix scan request validation (Avraham Stern)
- net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() (Alok Tiwari)
- net: ipv4: fix incorrect MTU in broadcast routes (Oscar Maes)
- wifi: cfg80211: Fix interface type validation (Ilan Peer)
- rcu: Protect ->defer_qs_iw_pending from data race (Paul E. McKenney) [Orabug: 38423341] {CVE-2025-39749}
- net: ag71xx: Add missing check after DMA map (Thomas Fourier)
- et131x: Add missing check after DMA map (Thomas Fourier)
- be2net: Use correct byte order and format string for TCP seq and ack_seq (Alok Tiwari)
- s390/time: Use monotonic clock in get_cycles() (Sven Schnelle)
- wifi: cfg80211: reject HTC bit for management frames (Johannes Berg)
- ktest.pl: Prevent recursion of default variable options (Steven Rostedt)
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (Xinxin Wan)
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (Cristian Ciocaltea)
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (Lucy Thrun)
- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (Kees Cook)
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (Gautham R. Shenoy)
- usb: core: usb_submit_urb: downgrade type check (Oliver Neukum)
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (Alok Tiwari)
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (Mark Brown)
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (Ulf Hansson)
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (Breno Leitao)
- ACPI: processor: fix acpi_object initialization (Sebastian Ott)
- PM: sleep: console: Fix the black screen issue (Tuhaowen)
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (Hsin-Te Yuan)
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (Rafael J. Wysocki)
- selftests: tracing: Use mutex_unlock for testing glob filter (Masami Hiramatsu)
- ARM: tegra: Use I/O memcpy to write to IRAM (Aaron Kling)
- gpio: tps65912: check the return value of regmap_update_bits() (Bartosz Golaszewski)
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (Kuninori Morimoto)
- ARM: rockchip: fix kernel hang during smp initialization (Alexander Kochetkov)
- cpufreq: Exit governor when failed to start old governor (Lifeng Zheng)
- usb: xhci: Avoid showing errors during surprise removal (Mario Limonciello)
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (Jay Chen)
- usb: xhci: Avoid showing warnings for dying controller (Mario Limonciello)
- selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t (Cynthia Huang)
- usb: xhci: print xhci->xhc_state when queue_command failed (Su Hui)
- securityfs: don't pin dentries twice, once is enough... (Al Viro)
- hfs: fix not erasing deleted b-tree node issue (Viacheslav Dubeyko)
- drbd: add missing kref_get in handle_write_conflicts (Sarah Newman) [Orabug: 38394995] {CVE-2025-38708}
- udf: Verify partition map count (Jan Kara)
- arm64: Handle KCOV __init vs inline mismatches (Kees Cook)
- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() (Tetsuo Handa)
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (Viacheslav Dubeyko)
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (Viacheslav Dubeyko)
- hfs: fix slab-out-of-bounds in hfs_bnode_read() (Viacheslav Dubeyko)
- sctp: linearize cloned gso packets in sctp_rcv (Xin Long) [Orabug: 38395059] {CVE-2025-38718}
- netfilter: ctnetlink: fix refcount leak on table dump (Florian Westphal) [Orabug: 38395068] {CVE-2025-38721}
- udp: also consider secpath when evaluating ipsec use for checksumming (Sabrina Dubroca)
- ACPI: processor: perflib: Move problematic pr->performance check (Rafael J. Wysocki)
- ACPI: processor: perflib: Fix initial _PPC limit application (Jiayi Li)
- Documentation: ACPI: Fix parent device references (Andy Shevchenko)
- fs: Prevent file descriptor table allocations exceeding INT_MAX (Sasha Levin) [Orabug: 38423397] {CVE-2025-39756}
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (Ma Ke)
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (Dai Ngo)
- net: dpaa: fix device leak when querying time stamp info (Johan Hovold)
- net: gianfar: fix device leak when querying time stamp info (Johan Hovold)
- netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38401319] {CVE-2025-38727}
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Takashi Iwai) [Orabug: 38423407] {CVE-2025-39757}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Takashi Iwai) [Orabug: 38395101] {CVE-2025-38729}
- io_uring: don't use int for ABI (Pavel Begunkov)
- usb: gadget : fix use-after-free in composite_dev_cleanup() (Taoxue) [Orabug: 38334898] {CVE-2025-38555}
- MIPS: mm: tlb-r4k: Uniquify TLB entries on init (Jiaxun Yang)
- USB: serial: option: add Foxconn T99W709 (Slark Xiao)
- vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38351771,38453914] {CVE-2025-38618}
- net/packet: fix a race in packet_set_ring() and packet_notifier() (Quang Le) [Orabug: 38351764] {CVE-2025-38617}
- perf/core: Prevent VMA split of buffer mappings (Thomas Gleixner) [Orabug: 38334948] {CVE-2025-38563}
- perf/core: Exit early on perf_mmap() fail (Thomas Gleixner) [Orabug: 38334959] {CVE-2025-38565}
- perf/core: Don't leak AUX buffer refcount on allocation failure (Thomas Gleixner)
- pptp: fix pptp_xmit() error path (Eric Dumazet)
- smb: client: let recv_done() cleanup before notifying the callers. (Stefan Metzmacher)
- benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334976] {CVE-2025-38569}
- net: drop UFO packets in udp_rcv_segment() (Wang Liang) [Orabug: 38351786] {CVE-2025-38622}
- ipv6: reject malicious packets in ipv6_gso_segment() (Eric Dumazet) [Orabug: 38334988] {CVE-2025-38572}
- pptp: ensure minimal skb length in pptp_xmit() (Eric Dumazet) [Orabug: 38335004] {CVE-2025-38574}
- netpoll: prevent hanging NAPI when netcons gets enabled (Jakub Kicinski)
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (Trond Myklebust) [Orabug: 38401745] {CVE-2025-39730}
- pci/hotplug/pnv-php: Wrap warnings in macro (Frederic Barrat)
- pci/hotplug/pnv-php: Improve error msg on power state change failure (Frederic Barrat)
- usb: chipidea: udc: fix sleeping function called from invalid context (Peter Chen)
- f2fs: fix to avoid out-of-boundary access in devs.path (Chao Yu)
- f2fs: fix to avoid panic in f2fs_evict_inode (Chao Yu)
- f2fs: fix to avoid UAF in f2fs_sync_inode_meta() (Chao Yu)
- rtc: pcf8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: hym8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: ds1307: fix incorrect maximum clock rate handling (Brian Masney)
- module: Restore the moduleparam prefix length check (Petr Pavlu)
- bpf: Check flow_dissector ctx accesses are aligned (Paul Chaignon)
- mtd: rawnand: atmel: set pmecc data setup time (Balamanikandan Gunasundar)
- mtd: rawnand: atmel: Fix dma_mapping_error() address (Thomas Fourier)
- jfs: fix metapage reference count leak in dbAllocCtl (Zheng Yu)
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (Chenyuan Yang)
- crypto: qat - fix seq_file position update in adf_ring_next() (Giovanni Cabiddu)
- dmaengine: nbpfaxi: Add missing check after DMA map (Thomas Fourier)
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (Thomas Fourier)
- fs/orangefs: Allow 2 more characters in do_c_string() (Dan Carpenter)
- soundwire: stream: restore params when prepare ports fail (Bard Liao)
- crypto: img-hash - Fix dma_unmap_sg() nents value (Thomas Fourier)
- hwrng: mtk - handle devm_pm_runtime_enable errors (Ovidiu Panait)
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (Dan Carpenter)
- scsi: isci: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: mvsas: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (Thomas Fourier)
- clk: sunxi-ng: v3s: Fix de clock definition (Paul Kocialkowski)
- perf tests bp_account: Fix leaked file descriptor (Leo Yan)
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (Mengbiao Xiong)
- pinctrl: sunxi: Fix memory leak on krealloc failure (Yuan Chen)
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (Charles Han)
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (Henry Martin)
- mtd: fix possible integer overflow in erase_xfer() (Ivan Stepchenko)
- crypto: marvell/cesa - Fix engine load inaccuracy (Herbert Xu)
- PCI: rockchip-host: Fix "Unexpected Completion" log message (Hans Zhang)
- vrf: Drop existing dst reference in vrf_ip6_input_dst (Stanislav Fomichev)
- selftests: rtnetlink.sh: remove esp4_offload after test (Xiumei Mu)
- netfilter: xt_nfacct: don't assume acct name is null-terminated (Florian Westphal) [Orabug: 38351854] {CVE-2025-38639}
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (Jimmy Assarsson)
- can: kvaser_pciefd: Store device channel index (Jimmy Assarsson)
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (Gokul Sivakumar)
- Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (Remi Pommarel)
- mwl8k: Add missing check after DMA map (Thomas Fourier)
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (Martin Kaistra)
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (William Liu) [Orabug: 38331466] {CVE-2025-38553}
- arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX (Johan Korsnes)
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (Fedor Pchelkin)
- m68k: Don't unregister boot console needlessly (Finn Thain)
- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range (Xin Guo)
- iwlwifi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang) [Orabug: 38335110] {CVE-2025-38602}
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (Xiu Jianfeng)
- wifi: rtl818x: Kill URBs before clearing tx status queue (Daniil Dulov) [Orabug: 38335120] {CVE-2025-38604}
- caif: reduce stack size, again (Arnd Bergmann)
- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (Yuan Chen)
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (Jiayuan Chen) [Orabug: 38335131] {CVE-2025-38608}
- staging: nvec: Fix incorrect null termination of battery manufacturer (Alok Tiwari)
- samples: mei: Fix building on musl libc (Brahmajit Das)
- cpufreq: Init policy->rwsem before it may be possibly used (Lifeng Zheng)
- ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface (Annette Kobou)
- usb: early: xhci-dbc: Fix early_ioremap leak (Lucas De Marchi)
- Revert "vmci: Prevent the dispatching of uninitialized payloads" (Greg Kroah-Hartman)
- pps: fix poll support (Denis Osterland-Heim)
- vmci: Prevent the dispatching of uninitialized payloads (Lizhi Xu)
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (Abdun Nihaal) [Orabug: 38335153] {CVE-2025-38612}
- ARM: dts: vfxxx: Correctly use two tuples for timer address (Krzysztof Kozlowski)
- hfsplus: remove mutex_lock check in hfsplus_free_extents (Yangtao Li)
- ASoC: Intel: fix SND_SOC_SOF dependencies (Arnd Bergmann)
- ethernet: intel: fix building with large NR_CPUS (Arnd Bergmann)
- usb: phy: mxs: disconnect line when USB charger is attached (Xu Yang)
- usb: chipidea: add USB PHY event (Xu Yang)
- usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use (Peter Chen)
- usb: chipidea: udc: protect usb interrupt enable (Li Jun)
- usb: chipidea: udc: add new API ci_hdrc_gadget_connect (Peter Chen)
- ALSA: hda: Add missing NVIDIA HDA codec IDs (Daniel Dadap)
- comedi: comedi_test: Fix possible deletion of uninitialized timers (Ian Abbott)
- nilfs2: reject invalid file types when reading inodes (Ryusuke Konishi)
- i2c: qup: jump out of the loop in case of timeout (Yang Xiwen) [Orabug: 38351994] {CVE-2025-38671}
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (Xiang Mei)
- net: appletalk: Fix use-after-free in AARP proxy probe (Kito Xu)
- net: appletalk: fix kerneldoc warnings (Andrew Lunn)
- RDMA/core: Rate limit GID cache warning messages (Maor Gottlieb)
- regulator: core: fix NULL dereference on unbind due to stale coupling data (Alessandro Carminati) [Orabug: 38351978] {CVE-2025-38668}
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (Mathias Nyman)
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (Mathias Nyman)
- net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158477] {CVE-2025-38193}
- power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition (Zheng Wang)
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (Minghao Chi)
- power: supply: bq24190_charger: Fix runtime PM imbalance on error (Dinghao Liu)
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (Hongyu Xie)
- virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug: 38253834] {CVE-2025-38375}
- ASoC: fsl_sai: Force a software reset when starting in consumer mode (Arun Raghavan)
- usb: dwc3: qcom: Don't leave BCR asserted (Krishna Kurapati)
- usb: musb: fix gadget state on disconnect (Drew Hamilton)
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (William Liu) [Orabug: 38254214] {CVE-2025-38468}
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (Dong Chenchen) [Orabug: 38254225] {CVE-2025-38470}
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (Luiz Augusto von Dentz)
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (Luiz Augusto von Dentz)
- Bluetooth: SMP: If an unallowed command is received consider it a failure (Luiz Augusto von Dentz)
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (Kuniyuki Iwashima) [Orabug: 38254241] {CVE-2025-38473}
- usb: net: sierra: check for no status endpoint (Oliver Neukum) [Orabug: 38254249] {CVE-2025-38474}
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (Xiang Mei) [Orabug: 38254266] {CVE-2025-38477}
- net: emaclite: Fix missing pointer increment in aligned_read() (Alok Tiwari)
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (Ian Abbott)
- comedi: Fix some signed shift left operations (Ian Abbott)
- comedi: das6402: Fix bit shift out of bounds (Ian Abbott)
- comedi: das16m1: Fix bit shift out of bounds (Ian Abbott)
- comedi: aio_iiro_16: Fix bit shift out of bounds (Ian Abbott)
- comedi: pcl812: Fix bit shift out of bounds (Ian Abbott)
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (Chen Ni)
- iio: adc: max1363: Reorder mode_list[] entries (Fabio Estevam)
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (Fabio Estevam)
- soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled (Andrew Jeffery)
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (Andrew Jeffery)
- mmc: sdhci_am654: Workaround for Errata i2312 (Judith Mendez)
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (Edson Juliano Drosdeck)
- mmc: bcm2835: Fix dma_unmap_sg() nents value (Thomas Fourier)
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (Nathan Chancellor)
- isofs: Verify inode mode when loading from disk (Jan Kara)
- dmaengine: nbpfaxi: Fix memory corruption in probe() (Dan Carpenter)
- af_packet: fix soft lockup issue caused by tpacket_snd() (Yun Lu)
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (Yun Lu)
- phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() (Nathan Chancellor)
- HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254340,38453904] {CVE-2025-38494}
- HID: core: ensure __hid_request reserves the report ID as the first byte (Benjamin Tissoires)
- HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254348,38453908] {CVE-2025-38495}
- pch_uart: Fix dma_sync_sg_for_device() nents value (Thomas Fourier)
- Input: xpad - set correct controller type for Acer NGR200 (Nilton Perim Neto)
- i2c: stm32: fix the device used for the DMA map (Clément Le Goffic)
- usb: gadget: configfs: Fix OOB read on empty string write (Xinyu Liu) [Orabug: 38254358] {CVE-2025-38497}
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (Ryan Mann)
- USB: serial: option: add Foxconn T99W640 (Slark Xiao)
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (Fabio Porcedda)
- LTS tag: v5.4.296 (Sherry Yang)
- x86/mm: Disable hugetlb page table sharing on 32-bit (Jann Horn)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (Hans de Goede)
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324280] {CVE-2025-38540}
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (Zhang Heng)
- vt: add missing notification when switching back to text mode (Nicolas Pitre)
- net: usb: qmi_wwan: add SIMCom 8230C composition (Xiaowei Li)
- atm: idt77252: Add missing dma_map_error() (Thomas Fourier)
- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254090] {CVE-2025-38439}
- bnxt_en: Fix DCB ETS validation (Shravya Kn)
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (Sean Nyekjaer)
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (Oleksij Rempel)
- net: appletalk: Fix device refcount leak in atrtr_create() (Kito Xu)
- md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254109] {CVE-2025-38445}
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug: 38324161] {CVE-2025-38513}
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (Christian König)
- Input: xpad - support Acer NGR 200 Controller (Nilton Perim Neto)
- Input: xpad - add VID for Turtle Beach controllers (Vicki Pfau)
- Input: xpad - add support for Amazon Game Controller (Matt Reynolds)
- NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust)
- flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes (Tigran Mkrtchyan)
- RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad)
- netlink: Fix rmem check in netlink_broadcast_deliver(). (Kuniyuki Iwashima)
- netlink: make sure we allow at least one dump skb (Jakub Kicinski)
- Revert "ACPI: battery: negate current when discharging" (Rafael J. Wysocki)
- usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254118] {CVE-2025-38448}
- drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324180] {CVE-2025-38515}
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324186] {CVE-2025-38516}
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (Jp Kobryn)
- x86/mce: Don't remove sysfs if thresholding sysfs init fails (Yazen Ghannam)
- x86/mce/amd: Fix threshold limit reset (Yazen Ghannam)
- rxrpc: Fix oops due to non-existence of prealloc backlog struct (David Howells)
- net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254147] {CVE-2025-38457}
- atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254153] {CVE-2025-38458}
- atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254161] {CVE-2025-38459}
- atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324309] {CVE-2025-38546}
- atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254167] {CVE-2025-38460}
- tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254181] {CVE-2025-38464}
- netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254188] {CVE-2025-38465}
- fix proc_sys_compare() handling of in-lookup dentries (Al Viro)
- proc: Clear the pieces of proc_inode that proc_evict_inode cares about (Eric W. Biederman)
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug: 38254203] {CVE-2025-38467}
- staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (Nathan Chancellor)
- media: uvcvideo: Rollback non processed entities on error (Ricardo Ribalda)
- media: uvcvideo: Send control events for partial succeeds (Ricardo Ribalda)
- media: uvcvideo: Return the number of processed controls (Ricardo Ribalda)
- ACPI: PAD: fix crash in exit_round_robin() (Seiji Nishikawa) [Orabug: 37206006] {CVE-2024-49935}
- usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38401436] {CVE-2025-38404}
- Logitech C-270 even more broken (Oliver Neukum)
- rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju)
- net: rose: Fix fall-through warnings for Clang (Gustavo A R Silva)
- drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253887] {CVE-2025-38389}
- drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter)
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark)
- spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (Vladimir Oltean)
- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (Vladimir Oltean)
- dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai)
- ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier)
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (Filipe Manana)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (Filipe Manana)
- RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad)
- RDMA/core: Create and destroy counters in the ib_core (Leon Romanovsky)
- scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche)
- drm/v3d: Disable interrupts before resetting the GPU (Maíra Canal)
- mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky)
- mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu)
- mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() (Yue Hu)
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253907] {CVE-2025-38395}
- regulator: gpio: Add input_supply support in gpio_regulator_config (Jerome Neanne)
- ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253875] {CVE-2025-38386}
- wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253946] {CVE-2025-38406}
- wifi: mac80211: drop invalid source address OCB frames (Johannes Berg)
- powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan)
- ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg)
- ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai)
- nui: Fix dma_mapping_error() check (Thomas Fourier)
- enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari)
- amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju)
- lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter)
- drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski)
- btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana)
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier)
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253923] {CVE-2025-38400}
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253881] {CVE-2025-38387}
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson)
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu)
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253894] {CVE-2025-38391}
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih)
- vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253937] {CVE-2025-38403}
- btrfs: don't abort filesystem when attempting to snapshot deleted subvolume (Omar Sandoval) [Orabug: 36530119] {CVE-2024-26644}
- arm64: Restrict pagetable teardown to avoid false warning (Dev Jain)
- s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS (Nathan Chancellor)
- drm/bridge: cdns-dsi: Check return value when getting default PHY config (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix connecting to next bridge (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (Aradhya Bhatia)
- drm/tegra: Assign plane type before registration (Thierry Reding)
- HID: wacom: fix kobject reference count leak (Qasim Ijaz)
- HID: wacom: fix memory leak on sysfs attribute creation failure (Qasim Ijaz)
- HID: wacom: fix memory leak on kobject creation failure (Qasim Ijaz)
- dm-raid: fix variable in journal device check (Heinz Mauelshagen)
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (Frédéric Danis)
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug: 38175045] {CVE-2025-38245}
- net: enetc: Correct endianness handling in _enetc_rd_reg64 (Simon Horman)
- um: ubd: Add missing error check in start_io_thread() (Tiwei Bie)
- vsock/uapi: fix linux/vm_sockets.h userspace compilation errors (Stefano Garzarella)
- wifi: mac80211: fix beacon interval calculation overflow (Lachlan Hodges)
- attach_recursive_mnt(): do not lock the covering tree when sliding something under it (Al Viro)
- ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug: 38175065] {CVE-2025-38249}
- i2c: robotfuzz-osif: disable zero-length read messages (Wolfram Sang)
- i2c: tiny-usb: disable zero-length read messages (Wolfram Sang)
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug: 38158592] {CVE-2025-38211}
- RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private (Weihang Li)
- media: vivid: Change the siize of the composing (Denis Arefev)
- media: omap3isp: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158692] {CVE-2025-38229}
- media: cxusb: use dev_dbg() rather than hand-rolled debug (Sean Young)
- jfs: validate AG parameters in dbMount() to prevent crashes (Vasiliy Kovalev)
- fs/jfs: consolidate sanity checking in dbMount (Dave Kleikamp)
- ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (Martin Blumenstingl)
- of: Add of_property_present() helper (Rob Herring)
- of: property: define of_property_read_u{8,16,32,64}_array() unconditionally (Michael Walle)
- kbuild: hdrcheck: fix cross build with clang (Arnd Bergmann)
- kbuild: add --target to correctly cross-compile UAPI headers with Clang (Masahiro Yamada)
- bpfilter: match bit size of bpfilter_umh to that of the kernel (Masahiro Yamada)
- kbuild: use -MMD instead of -MD to exclude system headers from dependency (Masahiro Yamada)
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152869] {CVE-2025-38102}
- VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF (George Kennedy)
- ovl: Check for NULL d_inode() in ovl_dentry_upper() (Kees Cook)
- ceph: fix possible integer overflow in ceph_zero_objects() (Dmitry Kandybka)
- ALSA: hda: Ignore unsol events for cards being shut down (Cezary Rojewski)
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (Jos Wang)
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (Robert Hodaszi)
- usb: Add checks for snprintf() calls in usb_alloc_dev() (Andy Shevchenko)
- tty: serial: uartlite: register uart driver in init (Jakub Lewalski)
- usb: potential integer overflow in usbg_make_tpg() (Chen Yufeng)
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (Jonathan Cameron)
- md/md-bitmap: fix dm-raid max_write_behind setting (Yu Kuai)
- dmaengine: xilinx_dma: Set dma_device directions (Thomas Gessler)
- mfd: max14577: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- mailbox: Not protect module_put with spin_lock_irqsave (Peng Fan)
- cifs: Fix cifs_query_path_info() for Windows NT servers (Pali Rohár)

ELBA-2025-28050 Oracle Linux 7 linux-firmware bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-28050

http://linux.oracle.com/errata/ELBA-2025-28050.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.45.el7.noarch.rpm
iwl100-firmware-39.31.5.1-999.45.el7.noarch.rpm
iwl105-firmware-18.168.6.1-999.45.el7.noarch.rpm
iwl135-firmware-18.168.6.1-999.45.el7.noarch.rpm
iwl2000-firmware-18.168.6.1-999.45.el7.noarch.rpm
iwl2030-firmware-18.168.6.1-999.45.el7.noarch.rpm
iwl3160-firmware-22.0.7.0-999.45.el7.noarch.rpm
iwl3945-firmware-15.32.2.9-999.45.el7.noarch.rpm
iwl4965-firmware-228.61.2.24-999.45.el7.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.45.el7.noarch.rpm
iwl5150-firmware-8.24.2.2-999.45.el7.noarch.rpm
iwl6000-firmware-9.221.4.1-999.45.el7.noarch.rpm
iwl6000g2a-firmware-17.168.5.3-999.45.el7.noarch.rpm
iwl6000g2b-firmware-17.168.5.2-999.45.el7.noarch.rpm
iwl6050-firmware-41.28.5.1-999.45.el7.noarch.rpm
iwl7260-firmware-22.0.7.0-999.45.el7.noarch.rpm
iwlax2xx-firmware-20251110-999.45.el7.noarch.rpm
linux-firmware-20251110-999.45.gitc0af6c70.el7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/linux-firmware-20251110-999.45.gitc0af6c70.el7.src.rpm

Description of changes:

[20251110-999.45.gitc0af6c70.el7]
- Rebase to latest upstream [Orabug: 38523856]
- Include AMD ucode fix [Orabug: 38523856] {CVE-2025-62626}

[20251030-999.44.1.gite9292517.el7]
- Include AMD ucode fix [Orabug: 38523856] {CVE-2025-62626}

[20250909-999.44.git260ff424.el7]
- Rewrite the script to accomodate yum-based installs [Orabug: 38409589]

[20250909-999.42.1.git356f06bf.el10]
- Rewrite the script to accomodate yum-based installs [Orabug: 38410501]

[20250828-999.43.git260ff424.el7]
- Rebase to latest upstream [Orabug: 38200684]
- Solve conflicts caused by symbolic link changes [Orabug: 38206139]

[20250826-999.42.git356f06bf.el7]
- Handling downgrade issue for Nvidia firmware changes [Orabug: 38303112]

[20250611-999.41.git356f06bf.el7]
- Rebase to latest upstream [Orabug: 38028345]

[20250423-999.40.git32f3227b.el7]
- Rebase to latest upstream [Orabug: 37868435]

[20250319-999.39.git430633ec.el7]
- Rebase to latest upstream [Orabug: 37729115]

[20250203-999.38.git0fd450ee.el7]
- Rebase to latest upstream [Orabug: 37535629]

ELSA-2025-22040 Low: Oracle Linux 7 xorg-x11-server security update

Oracle Linux Security Advisory ELSA-2025-22040

http://linux.oracle.com/errata/ELSA-2025-22040.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
xorg-x11-server-Xdmx-1.20.4-29.0.5.el7_9.x86_64.rpm
xorg-x11-server-Xephyr-1.20.4-29.0.5.el7_9.x86_64.rpm
xorg-x11-server-Xnest-1.20.4-29.0.5.el7_9.x86_64.rpm
xorg-x11-server-Xorg-1.20.4-29.0.5.el7_9.x86_64.rpm
xorg-x11-server-Xvfb-1.20.4-29.0.5.el7_9.x86_64.rpm
xorg-x11-server-Xwayland-1.20.4-29.0.5.el7_9.x86_64.rpm
xorg-x11-server-common-1.20.4-29.0.5.el7_9.x86_64.rpm
xorg-x11-server-devel-1.20.4-29.0.5.el7_9.i686.rpm
xorg-x11-server-devel-1.20.4-29.0.5.el7_9.x86_64.rpm
xorg-x11-server-source-1.20.4-29.0.5.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/xorg-x11-server-1.20.4-29.0.5.el7_9.src.rpm

Related CVEs:

CVE-2025-62229
CVE-2025-62230
CVE-2025-62231

Description of changes:

[1.20.4-29.0.5]
- Security update for CVE-2025-62229 CVE-2025-62230 CVE-2025-62231 [Orabug: 38691191]

[1.20.4-29.0.3]
- Fix CVE-2025-49175, CVE-2025-49176, CVE-2025-49178, CVE-2025-49179, CVE-2025-49180 [Orabug: 38157695]

[1.20.4-29.0.1]
- Fixed CVE-2025-26594 CVE-2025-26595 CVE-2025-26596
- CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600
- CVE-2025-26601 [Orabug: 37712847]

ELBA-2025-23156 Oracle Linux 10 ipmitool bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-23156

http://linux.oracle.com/errata/ELBA-2025-23156.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
bmc-snmp-proxy-1.8.19-10.el10_1.noarch.rpm
exchange-bmc-os-info-1.8.19-10.el10_1.noarch.rpm
ipmievd-1.8.19-10.el10_1.x86_64.rpm
ipmitool-1.8.19-10.el10_1.x86_64.rpm

aarch64:
bmc-snmp-proxy-1.8.19-10.el10_1.noarch.rpm
exchange-bmc-os-info-1.8.19-10.el10_1.noarch.rpm
ipmievd-1.8.19-10.el10_1.aarch64.rpm
ipmitool-1.8.19-10.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/ipmitool-1.8.19-10.el10_1.src.rpm

Description of changes:

[1.8.19-10]
- Apply Debian/upstream patch: 137aeb64, fixes ipmitool lan print
- Add patch that partially reverts 6e037d6bfb to fix regression in 1.8.19
Among others fixes ipmievd startup (fedora#2303185)

ELBA-2025-19549 Oracle Linux 10 linux-firmware bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-19549

http://linux.oracle.com/errata/ELBA-2025-19549.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.45.el10.noarch.rpm
iwl100-firmware-39.31.5.1-999.45.el10.noarch.rpm
iwl105-firmware-18.168.6.1-999.45.el10.noarch.rpm
iwl135-firmware-18.168.6.1-999.45.el10.noarch.rpm
iwl2000-firmware-18.168.6.1-999.45.el10.noarch.rpm
iwl2030-firmware-18.168.6.1-999.45.el10.noarch.rpm
iwl3160-firmware-25.30.13.0-999.45.el10.noarch.rpm
iwl3945-firmware-15.32.2.9-999.45.el10.noarch.rpm
iwl4965-firmware-228.61.2.24-999.45.el10.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.45.el10.noarch.rpm
iwl5150-firmware-8.24.2.2-999.45.el10.noarch.rpm
iwl6000-firmware-9.221.4.1-999.45.el10.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.45.el10.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.45.el10.noarch.rpm
iwl6050-firmware-41.28.5.1-999.45.el10.noarch.rpm
iwl7260-firmware-25.30.13.0-999.45.el10.noarch.rpm
iwlax2xx-firmware-20251110-999.45.el10.noarch.rpm
libertas-sd8686-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm
libertas-sd8787-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm
libertas-usb8388-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm
libertas-usb8388-olpc-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm
linux-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm
linux-firmware-core-20251110-999.45.gitc0af6c70.el10.noarch.rpm
linux-firmware-whence-20251110-999.45.gitc0af6c70.el10.noarch.rpm
liquidio-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm
netronome-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.45.el10.noarch.rpm
iwl100-firmware-39.31.5.1-999.45.el10.noarch.rpm
iwl105-firmware-18.168.6.1-999.45.el10.noarch.rpm
iwl135-firmware-18.168.6.1-999.45.el10.noarch.rpm
iwl2000-firmware-18.168.6.1-999.45.el10.noarch.rpm
iwl2030-firmware-18.168.6.1-999.45.el10.noarch.rpm
iwl3160-firmware-25.30.13.0-999.45.el10.noarch.rpm
iwl3945-firmware-15.32.2.9-999.45.el10.noarch.rpm
iwl4965-firmware-228.61.2.24-999.45.el10.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.45.el10.noarch.rpm
iwl5150-firmware-8.24.2.2-999.45.el10.noarch.rpm
iwl6000-firmware-9.221.4.1-999.45.el10.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.45.el10.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.45.el10.noarch.rpm
iwl6050-firmware-41.28.5.1-999.45.el10.noarch.rpm
iwl7260-firmware-25.30.13.0-999.45.el10.noarch.rpm
iwlax2xx-firmware-20251110-999.45.el10.noarch.rpm
libertas-sd8686-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm
libertas-sd8787-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm
libertas-usb8388-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm
libertas-usb8388-olpc-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm
linux-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm
linux-firmware-core-20251110-999.45.gitc0af6c70.el10.noarch.rpm
linux-firmware-whence-20251110-999.45.gitc0af6c70.el10.noarch.rpm
liquidio-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm
netronome-firmware-20251110-999.45.gitc0af6c70.el10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/linux-firmware-20251110-999.45.gitc0af6c70.el10.src.rpm

Description of changes:

[20251110-999.45.gitc0af6c70.el10]
- Rebase to latest upstream [Orabug: 38523856]
- Include AMD ucode fix [Orabug: 38523856] {CVE-2025-62626}

ELSA-2025-28048 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-28048

http://linux.oracle.com/errata/ELSA-2025-28048.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-315.196.5.1.el9uek.x86_64.rpm
kernel-uek-5.15.0-315.196.5.1.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-315.196.5.1.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-315.196.5.1.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-315.196.5.1.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-315.196.5.1.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-315.196.5.1.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-315.196.5.1.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-315.196.5.1.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-315.196.5.1.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-315.196.5.1.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-315.196.5.1.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-315.196.5.1.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-315.196.5.1.el9uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-315.196.5.1.el9uek.src.rpm

Related CVEs:

CVE-2024-43876
CVE-2024-43877
CVE-2025-22058
CVE-2025-23143
CVE-2025-38678
CVE-2025-39880
CVE-2025-39883
CVE-2025-39885
CVE-2025-39911
CVE-2025-39913
CVE-2025-39923
CVE-2025-39945
CVE-2025-39949
CVE-2025-39953
CVE-2025-39955
CVE-2025-39964
CVE-2025-39967
CVE-2025-39968
CVE-2025-39969
CVE-2025-39970
CVE-2025-39971
CVE-2025-39972
CVE-2025-39973
CVE-2025-39980
CVE-2025-39993
CVE-2025-39994
CVE-2025-39996
CVE-2025-39998
CVE-2025-40001
CVE-2025-40006
CVE-2025-40011
CVE-2025-40018
CVE-2025-40019
CVE-2025-40020
CVE-2025-40021
CVE-2025-40022
CVE-2025-40026
CVE-2025-40027
CVE-2025-40030
CVE-2025-40035
CVE-2025-40042
CVE-2025-40044
CVE-2025-40048
CVE-2025-40049
CVE-2025-40053
CVE-2025-40055
CVE-2025-40070
CVE-2025-40078
CVE-2025-40081
CVE-2025-40085
CVE-2025-40087
CVE-2025-40092
CVE-2025-40094
CVE-2025-40105
CVE-2025-40109
CVE-2025-40111
CVE-2025-40115
CVE-2025-40118
CVE-2025-40120
CVE-2025-40121
CVE-2025-40125
CVE-2025-40134
CVE-2025-40140
CVE-2025-40153
CVE-2025-40154
CVE-2025-40167
CVE-2025-40171
CVE-2025-40173
CVE-2025-40178
CVE-2025-40179
CVE-2025-40183
CVE-2025-40186
CVE-2025-40187
CVE-2025-40190
CVE-2025-40194
CVE-2025-40197
CVE-2025-40200
CVE-2025-40204
CVE-2025-40205

Description of changes:

[5.15.0-315.196.5.1]
- netfilter: nf_tables: reject duplicate device on updates (Pablo Neira Ayuso) [Orabug: 38744086] {CVE-2025-38678}
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38744084]
- rtc: expose RTC_FEATURE_UPDATE_INTERRUPT (Alexandre Belloni) [Orabug: 38744082]

[5.15.0-315.196.5]
- uek-rpm: add "bpf" to CONFIG_LSM (Alan Maguire) [Orabug: 35653191]
- Revert "cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry" (Samasth Norway Ananda) [Orabug: 38613264]

[5.15.0-315.196.4]
- net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506368]

[5.15.0-315.196.3]
- KVM: VMX: Intercept reads to invalid and write-only x2APIC registers (Sean Christopherson) [Orabug: 38535186]
- KVM: VMX: Always intercept accesses to unsupported "extended" x2APIC regs (Sean Christopherson) [Orabug: 38535186]
- KVM: x86: Split out logic to generate "readable" APIC regs mask to helper (Sean Christopherson) [Orabug: 38535186]
- KVM: x86: Mark x2APIC DFR reg as non-existent for x2APIC (Sean Christopherson) [Orabug: 38535186]
- uek-rpm/ol9/config-mips64-emb: Enable NF_TABLES for MIPS64 (Vijay Kumar) [Orabug: 38578981]
- LTS version: v5.15.196 (Vijayendra Suman)
- PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (Marek Vasut) [Orabug: 38641258] {CVE-2024-43876}
- net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg (Zhengchao Shao)
- usb: gadget: f_acm: Refactor bind path to use __free() (Kuen-Han Tsai) [Orabug: 38601854] {CVE-2025-40094}
- usb: gadget: f_ncm: Refactor bind path to use __free() (Kuen-Han Tsai) [Orabug: 38601837] {CVE-2025-40092}
- usb: gadget: Introduce free_usb_request helper (Kuen-Han Tsai)
- usb: gadget: Store endpoint pointer in usb_request (Kuen-Han Tsai)
- arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (Kaushlendra Kumar)
- xfs: always warn about deprecated mount options (Darrick J. Wong)
- devcoredump: Fix circular locking dependency with devcd->mutex. (Maarten Lankhorst)
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (Niklas Cassel)
- PCI: rcar-host: Drop PMSR spinlock (Marek Vasut)
- PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() (Marek Vasut)
- PCI: tegra194: Handle errors in BPMP response (Vidya Sagar)
- f2fs: fix wrong block mapping for multi-devices (Jaegeuk Kim)
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601818] {CVE-2025-40087}
- vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601923] {CVE-2025-40105}
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (Gui-Dong Han)
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (Marek Vasut)
- wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again (Muhammad Usama Anjum)
- PCI: j721e: Fix programming sequence of "strap" settings (Siddharth Vadapalli)
- PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists (Siddharth Vadapalli)
- fuse: fix livelock in synchronous file put from fuseblk workers (Darrick J. Wong)
- fuse: allocate ff->release_args only if release is needed (Amir Goldstein)
- padata: Reset next CPU when reorder sequence wraps around (Xiao Liang)
- iio: imu: inv_icm42600: Simplify pm_runtime setup (Sean Nyekjaer)
- PM: runtime: Add new devm functions (Csókás Bence)
- iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended (Sean Nyekjaer)
- iio: imu: inv_icm42600: use = { } instead of memset() (David Lechner)
- NFSD: Fix last write offset handling in layoutcommit (Sergey Bashirov)
- NFSD: Minor cleanup in layoutcommit processing (Sergey Bashirov)
- NFSD: Rework encoding and decoding of nfsd4_deviceid (Sergey Bashirov)
- xfs: fix log CRC mismatches between i386 and other architectures (Christoph Hellwig)
- xfs: rename the old_crc variable in xlog_recover_process (Christoph Hellwig)
- s390/cio: Update purge function to unregister the unused subchannels (Vineeth Vijayan)
- arm64: cputype: Add Neoverse-V3AE definitions (Mark Rutland)
- serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (Florian Eckert)
- most: usb: hdm_probe: Fix calling put_device() before device initialization (Victoria Votokina)
- most: usb: Fix use-after-free in hdm_disconnect (Victoria Votokina)
- mei: me: add wildcat lake P DID (Alexander Usyskin)
- comedi: fix divide-by-zero in comedi_buf_munge() (Deepanshu Kartikey)
- binder: remove "invalid inc weak" check (Alice Ryhl)
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (Mathias Nyman)
- usb: raw-gadget: do not limit transfer length (Andrey Konovalov)
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (Tim Guttzeit)
- USB: serial: option: add Telit FN920C04 ECM compositions (Li Qingwu)
- USB: serial: option: add Quectel RG255C (Reinhard Speyerer)
- USB: serial: option: add UNISOC UIS7720 (Renjun Wang)
- net: ravb: Ensure memory write completes before ringing TX doorbell (Lad Prabhakar)
- net: usb: rtl8150: Fix frame padding (Michał Pecio)
- vsock: fix lock inversion in vsock_assign_transport() (Stefano Garzarella)
- ocfs2: clear extent cache after moving/defragmenting extents (Deepanshu Kartikey)
- MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering (Maciej W. Rozycki)
- Revert "cpuidle: menu: Avoid discarding useful information" (Rafael J. Wysocki)
- net: bonding: fix possible peer notify event loss or dup issue (Tonghao Zhang)
- sctp: avoid NULL dereference when chunk data buffer is missing (Alexey Simakov)
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (Huang, Ying)
- dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path (Ioana Ciornei)
- net: enetc: correct the value of ENETC_RXB_TRUESIZE (Wei Fang)
- rtnetlink: Allow deleting FDB entries in user namespace (Johannes Wiesboeck)
- net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del (Nikolay Aleksandrov)
- net: rtnetlink: add bulk delete support flag (Nikolay Aleksandrov)
- net: netlink: add NLM_F_BULK delete request modifier (Nikolay Aleksandrov)
- net: rtnetlink: use BIT for flag values (Nikolay Aleksandrov)
- net: rtnetlink: add helper to extract msg type's kind (Nikolay Aleksandrov)
- m68k: bitops: Fix find_*_bit() signatures (Geert Uytterhoeven)
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (Yangtao Li)
- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() (Viacheslav Dubeyko)
- dlm: check for defined force value in dlm_lockspace_release (Alexander Aring)
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (Viacheslav Dubeyko)
- hfs: validate record offset in hfsplus_bmap_alloc (Yang Chenzhi)
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (Viacheslav Dubeyko)
- hfs: make proper initalization of struct hfs_find_data (Viacheslav Dubeyko)
- hfs: clear offset and space out of valid records in b-tree node (Viacheslav Dubeyko)
- nios2: ensure that memblock.current_limit is set when setting pfn limits (Simon Schuster)
- exec: Fix incorrect type for ret (Xichao Zhao)
- PCI/sysfs: Ensure devices are powered for config reads (part 2) (Brian Norris)
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (Viacheslav Dubeyko)
- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (Jiaming Zhang) [Orabug: 38597093] {CVE-2025-40085}
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (Randy Dunlap)
- sched/fair: Fix pelt lost idle time detection (Vincent Guittot)
- sched/balancing: Rename newidle_balance() => sched_balance_newidle() (Ingo Molnar)
- drm/amd/powerplay: Fix CIK shutdown temperature (Timur Kristóf)
- net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (I Viswanath)
- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (Oleksij Rempel)
- net: usb: use eth_hw_addr_set() instead of ether_addr_copy() (Jakub Kicinski)
- tls: don't rely on tx_work during send() (Sabrina Dubroca)
- tls: always set record_type in tls_process_cmsg (Sabrina Dubroca)
- tls: wait for async encrypt in case of error during latter iterations of sendmsg (Sabrina Dubroca)
- net: tls: wait for async completion on last message (Sascha Hauer)
- tg3: prevent use of uninitialized remote_adv and local_adv variables (Alexey Simakov)
- tcp: fix tcp_tso_should_defer() vs large RTT (Eric Dumazet)
- amd-xgbe: Avoid spurious link down messages during interface toggle (Raju Rangoju)
- net/ip6_tunnel: Prevent perpetual tunnel growth (Dmitry Safonov) [Orabug: 38649259] {CVE-2025-40173}
- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (Linmao Li)
- doc: fix seg6_flowlabel path (Nicolas Dichtel)
- net: dlink: handle dma_map_single() failure properly (Moon Yeounsu)
- can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() (Marc Kleine-Budde)
- dax: skip read lock assertion for read-only filesystems (Yuezhang Mo)
- HID: multitouch: fix sticky fingers (Benjamin Tissoires)
- cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (Rafael J. Wysocki)
- crypto: rockchip - Fix dma_unmap_sg() nents value (Thomas Fourier)
- drm/exynos: exynos7_drm_decon: remove ctx->suspended (Kaustabh Chakraborty)
- drm/exynos: exynos7_drm_decon: properly clear channels during bind (Kaustabh Chakraborty)
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (Kaustabh Chakraborty)
- blk-crypto: fix missing blktrace bio split events (Yu Kuai)
- media: lirc: Fix error handling in lirc_register() (Ma Ke)
- media: rc: Directly use ida_free() (Keliu)
- media: s5p-mfc: remove an unused/uninitialized variable (Arnd Bergmann)
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (Filipe Manana)
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination (Deepanshu Kartikey) [Orabug: 38649222] {CVE-2025-40167}
- jbd2: ensure that all ongoing I/O complete before freeing blocks (Zhang Yi)
- r8152: add error handling in rtl8152_driver_init (Yi Cong)
- LTS version: v5.15.195 (Vijayendra Suman)
- selftests: mptcp: join: validate C-flag + def limit (Matthieu Baerts)
- mptcp: pm: in-kernel: usable client side with C-flag (Matthieu Baerts)
- media: pci: ivtv: Add check for DMA map result (Mikhail Kobuk) [Orabug: 38641260] {CVE-2024-43877}
- xen/events: Update virq_to_irq on migration (Jason Andryuk)
- media: pci: ivtv: Add missing check after DMA map (Thomas Fourier)
- media: pci/ivtv: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (Catalin Marinas)
- media: cx18: Add missing check after DMA map (Thomas Fourier)
- media: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- writeback: Avoid excessively long inode switching times (Jan Kara)
- writeback: Avoid softlockup when switching many inodes (Jan Kara)
- cramfs: Verify inode mode when loading from disk (Tetsuo Handa)
- fs: Add 'initramfs_options' to set initramfs mount options (Lichen Liu)
- pid: Add a judgment for ns null in pid_nr_ns (Gaoxiang17) [Orabug: 38649275] {CVE-2025-40178}
- minixfs: Verify inode mode when loading from disk (Tetsuo Handa)
- minmax.h: remove some #defines that are only expanded once (David Laight)
- minmax.h: simplify the variants of clamp() (David Laight)
- minmax.h: move all the clamp() definitions after the min/max() ones (David Laight)
- minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() (David Laight)
- minmax.h: reduce the #define expansion of min(), max() and clamp() (David Laight)
- minmax.h: update some comments (David Laight)
- minmax.h: add whitespace around operators and after commas (David Laight)
- minmax: fix up min3() and max3() too (Linus Torvalds)
- minmax: improve macro expansion and type checking (Linus Torvalds)
- minmax: simplify min()/max()/clamp() implementation (Linus Torvalds)
- minmax: don't use max() in situations that want a C constant expression (Linus Torvalds)
- minmax: make generic MIN() and MAX() macros available everywhere (Linus Torvalds)
- minmax: simplify and clarify min_t()/max_t() implementation (Linus Torvalds)
- minmax: add a few more MIN_T/MAX_T users (Linus Torvalds)
- minmax: avoid overly complicated constant expressions in VM code (Linus Torvalds)
- minmax: fix indentation of __cmp_once() and __clamp_once() (David Laight)
- minmax: deduplicate __unconst_integer_typeof() (Andy Shevchenko)
- minmax: Introduce {min,max}_array() (Herve Codina)
- arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees (Stephan Gerhold)
- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (Qu Wenruo)
- fscontext: do not consume log entries when returning -EMSGSIZE (Aleksa Sarai)
- dm: fix NULL pointer dereference in __dm_suspend() (Zheng Qixing) [Orabug: 38649056] {CVE-2025-40134}
- tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592032] {CVE-2025-40042}
- ksmbd: fix error code overwriting in smb2_get_info_filesystem() (Matvey Kovalev)
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (Oleksij Rempel) [Orabug: 38649002] {CVE-2025-40120}
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (Hans de Goede)
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (Andy Shevchenko)
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (Hans de Goede)
- media: mc: Clear minor number before put device (Edward Adam Davis) [Orabug: 38649397] {CVE-2025-40197}
- Squashfs: reject negative file sizes in squashfs_read_inode() (Phillip Lougher) [Orabug: 38649424] {CVE-2025-40200}
- Squashfs: add additional inode sanity checking (Phillip Lougher)
- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (Ma Ke)
- ASoC: codecs: wcd934x: Simplify with dev_err_probe (Krzysztof Kozlowski)
- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug: 38591958] {CVE-2025-40026}
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (Nathan Chancellor)
- ext4: free orphan info with kvfree (Jan Kara)
- ext4: guard against EA inode refcount underflow in xattr update (Ahmet Eray Karadag) [Orabug: 38649329] {CVE-2025-40190}
- ext4: correctly handle queries for metadata mappings (Ojaswin Mujoo)
- ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() (Yongjian Sun)
- ext4: verify orphan file size is not too big (Jan Kara) [Orabug: 38649284] {CVE-2025-40179}
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia)
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (Thorsten Blum)
- mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations (Thadeu Lima de Souza Cascardo)
- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) (Sean Christopherson)
- x86/umip: Check that the instruction opcode is at least two bytes (Sean Christopherson)
- spi: cadence-quadspi: Flush posted register writes before DAC access (Pratyush Yadav)
- spi: cadence-quadspi: Flush posted register writes before INDAC access (Pratyush Yadav)
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (Niklas Cassel)
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (Siddharth Vadapalli)
- PCI/AER: Support errors introduced by PCIe r6.0 (Lukas Wunner)
- PCI/AER: Fix missing uevent on recovery when a reset is requested (Niklas Schnelle)
- PCI/ERR: Fix uevent on failure to recover (Lukas Wunner)
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (Niklas Schnelle)
- PCI/sysfs: Ensure devices are powered for config reads (Brian Norris)
- rseq/selftests: Use weak symbol reference, not definition, to link with glibc (Sean Christopherson)
- rtc: interface: Fix long-standing race when setting alarm (Esben Haabendal)
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (Esben Haabendal)
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (Zhen Ni)
- mmc: core: SPI mode remove cmd7 (Rex Chen)
- mtd: rawnand: fsmc: Default to autodetect buswidth (Linus Walleij)
- sparc: fix error handling in scan_one_device() (Ma Ke)
- sparc64: fix hugetlb for sun4u (Anthony Yznaga)
- sctp: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 38649450] {CVE-2025-40204}
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (Thorsten Blum)
- pwm: berlin: Fix wrong register in suspend/resume (Jisheng Zhang)
- powerpc/pseries/msi: Fix potential underflow and leak issue (Nam Cao)
- powerpc/powernv/pci: Fix underflow and leak issue (Nam Cao)
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (Georg Gottleuber)
- parisc: don't reference obsolete termio struct for TC* constants (Sam James)
- openat2: don't trigger automounts with RESOLVE_NO_XDEV (Askar Safin)
- lib/genalloc: fix device leak in of_gen_pool_get() (Johan Hovold)
- KEYS: trusted_tpm1: Compare HMAC values in constant time (Eric Biggers)
- iommu/vt-d: PRS isn't usable if PDS isn't supported (Lu Baolu)
- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (Sean Nyekjaer)
- init: handle bootloader identifier in kernel parameters (Huacai Chen)
- iio: frequency: adf4350: Fix prescaler usage. (Michael Hennerich)
- iio: dac: ad5421: use int type to store negative error codes (Rong Qianfeng)
- iio: dac: ad5360: use int type to store negative error codes (Rong Qianfeng)
- fs/ntfs3: Fix a resource leak bug in wnd_extend() (Haoxiang Li)
- crypto: atmel - Fix dma_unmap_sg() direction (Thomas Fourier)
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (Rafael J. Wysocki) [Orabug: 38649365] {CVE-2025-40194}
- copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) (Simon Schuster)
- bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (Adam Xue)
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (Anderson Nascimento) [Orabug: 38649461] {CVE-2025-40205}
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (Shuhao Fu)
- media: i2c: mt9v111: fix incorrect type for ret (Rong Qianfeng)
- firmware: meson_sm: fix device leak at probe (Johan Hovold)
- xen/manage: Fix suspend error path (Lukas Wunner)
- xen/events: Cleanup find_virq() return codes (Jason Andryuk)
- ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init (Miaoqian Lin)
- arm64: dts: qcom: msm8916: Add missing MDSS reset (Stephan Gerhold)
- ACPI: debug: fix signedness issues in read/write helpers (Amir Mohammad Jahangirzad)
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (Daniel Tang)
- bpf: Avoid RCU context warning when unpinning htab with internal structs (Kafai Wan)
- gpio: wcd934x: mark the GPIO controller as sleeping (Bartosz Golaszewski)
- gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells (Andy Shevchenko)
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (Gunnar Kudrjavets)
- crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38581454] {CVE-2025-40019}
- bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() (Eric Woudstra)
- drm/amd/display: Properly disable scaling on DCE6 (Timur Kristóf)
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (Timur Kristóf)
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (Timur Kristóf)
- drm/amdgpu: Add additional DCE6 SCL registers (Alex Deucher)
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (Daniel Borkmann) [Orabug: 38649299] {CVE-2025-40183}
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (Harini T)
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (Harini T)
- tools build: Align warning options with perf (Leo Yan)
- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe (Erick Karanja)
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Kuniyuki Iwashima) [Orabug: 38649578] {CVE-2025-40186}
- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (Alexandr Sapozhnikov) [Orabug: 38649311] {CVE-2025-40187}
- drm/vmwgfx: Fix Use-after-free in validation (Ian Forbes) [Orabug: 38643545] {CVE-2025-40111}
- drm/vmwgfx: Copy DRM hash-table code into driver (Thomas Zimmermann)
- s390/cio: unregister the subchannel while purging (Vineeth Vijayan)
- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() (Dan Carpenter)
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557653] {CVE-2025-40001}
- scsi: mvsas: Use sas_task_find_rq() for tagging (John Garry)
- scsi: mvsas: Delete mvs_tag_init() (John Garry)
- scsi: libsas: Add sas_task_find_rq() (John Garry)
- cpufreq: tegra186: Set target frequency for all cpus in policy (Aaron Kling)
- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver (Alok Tiwari)
- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() (Brian Masney)
- perf session: Fix handling when buffer exceeds 2 GiB (Leo Yan)
- rtc: x1205: Fix Xicor X1205 vendor prefix (Rob Herring)
- perf util: Fix compression checks returning -1 as bool (Yunseong Kim)
- clk: at91: peripheral: fix return value (Brian Masney)
- libperf event: Ensure tracing data is multiple of 8 sized (Ian Rogers)
- perf evsel: Avoid container_of on a NULL leader (Ian Rogers)
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (Michael Hennerich)
- clocksource/drivers/clps711x: Fix resource leaks in error paths (Zhen Ni)
- fs: always return zero on success from replace_fd() (Thomas Weißschuh)
- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (Miaoqian Lin)
- bus: fsl-mc: Check return value of platform_get_resource() (Salah Triki)
- pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug: 38591980] {CVE-2025-40030}
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38592000] {CVE-2025-40035}
- Input: atmel_mxt_ts - allow reset GPIO to sleep (Marek Vasut)
- nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() (Guangshuo Li)
- mm: hugetlb: avoid soft lockup when mprotect to large memory area (Yang Shi) [Orabug: 38649149] {CVE-2025-40153}
- ext4: fix checks for orphan inodes (Jan Kara)
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (Bartosz Golaszewski)
- net: nfc: nci: Add parameter validation for packet data (Deepak Sharma)
- fs: udf: fix OOB read in lengthAllocDescs handling (Larshin Sergey) [Orabug: 38592047] {CVE-2025-40044}
- uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592066] {CVE-2025-40048}
- Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592076] {CVE-2025-40049}
- net: dlink: handle copy_thresh allocation failure (Moon Yeounsu) [Orabug: 38592097] {CVE-2025-40053}
- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable (Kohei Enju)
- nfp: fix RSS hash key size when RSS is not supported (Kohei Enju)
- drivers/base/node: fix double free in register_one_node() (Donet Tom)
- ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592109] {CVE-2025-40055}
- hwrng: ks-sa - fix division by zero in ks_sa_rng_init (Nishanth Menon)
- Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (Luiz Augusto von Dentz)
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (I Viswanath) [Orabug: 38649095] {CVE-2025-40140}
- RDMA/siw: Always report immediate post SQ errors (Bernard Metzler)
- usb: vhci-hcd: Prevent suspending virtually attached devices (Cristian Ciocaltea)
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (Ranjan Kumar) [Orabug: 38648980] {CVE-2025-40115}
- ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug: 38581444] {CVE-2025-40018}
- NFSv4.1: fix backchannel max_resp_sz verification check (Anthony Iliopoulos)
- coresight: trbe: Return NULL pointer for allocation failures (Leo Yan)
- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice (Stephan Gerhold)
- sparc: fix accurate exception reporting in copy_{from,to}_user for M7 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_to_user for Niagara 4 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC (Michael Karcher)
- wifi: ath10k: avoid unnecessary wait for service ready message (Baochen Qiang)
- Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram (Bagas Sanjaya)
- IB/sa: Fix sa_local_svc_timeout_ms read race (Vlad Dumitrescu)
- RDMA/core: Resolve MAC of next-hop device without ARP support (Parav Pandit)
- Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" (Michał Pecio)
- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (Rong Qianfeng)
- scsi: qla2xxx: edif: Fix incorrect sign of error code (Rong Qianfeng)
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (Colin Ian King)
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (Abdun Nihaal)
- RDMA/cm: Rate limit destroy CM ID timeout error message (Håkon Bugge)
- drivers/base/node: handle error properly in register_one_node() (Donet Tom)
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (Christophe Leroy)
- netfilter: ipset: Remove unused htable_bits in macro ahash_region (Zhen Ni)
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (Hans de Goede)
- fs: ntfs3: Fix integer overflow in run_unpack() (Vitaly Grigoryev)
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (Takashi Iwai) [Orabug: 38649006] {CVE-2025-40121}
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (Takashi Iwai) [Orabug: 38649156] {CVE-2025-40154}
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (Takashi Iwai)
- pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592169] {CVE-2025-40070}
- misc: genwqe: Fix incorrect cmd field being reported in error (Colin Ian King)
- usb: gadget: configfs: Correctly set use_os_string at bind (William Wu)
- usb: phy: twl6030: Fix incorrect type for ret (Xichao Zhao)
- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (Rong Qianfeng)
- tcp: fix __tcp_close() to only send RST when required (Eric Dumazet)
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (Alok Tiwari)
- wifi: mwifiex: send world regulatory domain to driver (Stefan Kerkmann)
- drm/amdgpu: Power up UVD 3 for FW validation (v2) (Timur Kristóf)
- ALSA: lx_core: use int type to store negative error codes (Rong Qianfeng)
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (Zhang Shurong)
- scsi: myrs: Fix dma_alloc_coherent() error check (Thomas Fourier)
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (Niklas Cassel) [Orabug: 38649566] {CVE-2025-40118}
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (Dan Carpenter)
- drm/radeon/r600_cs: clean up of dead code in r600_cs (Brahmajit Das)
- i2c: designware: Add disabling clocks when probe fails (Kunihiko Hayashi)
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (Leilk Liu)
- thermal/drivers/qcom/lmh: Add missing IRQ includes (Dmitry Baryshkov)
- thermal/drivers/qcom: Make LMH select QCOM_SCM (Dmitry Baryshkov)
- tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers (Zhouyi Zhou)
- smp: Fix up and expand the smp_call_function_many() kerneldoc (Rafael J. Wysocki)
- bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592204] {CVE-2025-40078}
- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported (Akhilesh Patil)
- i3c: master: svc: Recycle unused IBI slot (Stanley Chu)
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (Daniel Wagner) [Orabug: 38649248] {CVE-2025-40171}
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (Uwe Kleine-König)
- arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible (AngeloGioacchino Del Regno)
- firmware: firmware: meson-sm: fix compile-test default (Johan Hovold)
- pinctrl: renesas: Use int type to store negative error codes (Rong Qianfeng)
- PM: sleep: core: Clear power.must_resume in noirq suspend error path (Rafael J. Wysocki)
- block: use int to store blk_stack_limits() return value (Rong Qianfeng)
- regulator: scmi: Use int type to store negative error codes (Rong Qianfeng)
- ARM: at91: pm: fix MCKx restore routine (Nicolas Ferre)
- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (Li Nan) [Orabug: 38649025] {CVE-2025-40125}
- pinctrl: meson-gxl: add missing i2c_d pinmux (Da Xue)
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (Sneh Mankad)
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (Huisong Li)
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (Florian Fainelli)
- libbpf: Fix reuse of DEVMAP (Yureka Lilian)
- regmap: Remove superfluous check for !config in __regmap_init() (Geert Uytterhoeven)
- x86/vdso: Fix output operand size of RDPID (Uros Bizjak)
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592220] {CVE-2025-40081}
- coresight: trbe: Prevent overflow in PERF_IDX2OFF() (Leo Yan)
- selftests: arm64: Check fread return value in exec_target (Bala-Vignesh-Reddy)
- filelock: add FL_RECLAIM to show_fl_flags() macro (Jeff Layton)
- net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591964] {CVE-2025-40027}
- minmax: add in_range() macro (Matthew Wilcox)
- crypto: rng - Ensure set_ent is always present (Herbert Xu) [Orabug: 38643530] {CVE-2025-40109}
- platform/x86: int3472: Check for adev == NULL (Hans de Goede)
- driver core/PM: Set power.no_callbacks along with power.no_pm (Rafael J. Wysocki)
- staging: axis-fifo: flush RX FIFO on read errors (Ovidiu Panait)
- staging: axis-fifo: fix maximum TX packet length check (Ovidiu Panait)
- serial: stm32: allow selecting console when the driver is module (Raphaël Gallais-Pou)
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (Arnaud Lecomte)
- perf subcmd: avoid crash in exclude_cmds when excludes is empty (Hupu)
- dm-integrity: limit MAX_TAG_SIZE to 255 (Mikulas Patocka)
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 (Bitterblue Smith)
- USB: serial: option: add SIMCom 8230C compositions (Xiaowei Li)
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (Duoming Zhou)
- media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou) [Orabug: 38548036] {CVE-2025-39994}
- media: tunner: xc5000: Refactor firmware load (Ricardo Ribalda)
- udp: Fix memory accounting leak. (Kuniyuki Iwashima) [Orabug: 37844324] {CVE-2025-22058}
- KVM: arm64: Fix softirq masking in FPSIMD register saving sequence (Will Deacon) [Orabug: 38513233]
- media: rc: fix races with imon_disconnect() (Larshin Sergey) [Orabug: 38548026] {CVE-2025-39993}
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou) [Orabug: 38548050] {CVE-2025-39996}
- scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran) [Orabug: 38548058] {CVE-2025-39998}
- LTS version: v5.15.194 (Vijayendra Suman)
- drm/i915/backlight: Return immediately when scale() finds invalid parameters (Guenter Roeck)
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38547951,38603025,38607608] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder)
- i40e: fix idx validation in config queues msg (Lukasz Czapnik) [Orabug: 38547937] {CVE-2025-39971}
- i40e: fix validation of VF state in get resources (Lukasz Czapnik) [Orabug: 38547928] {CVE-2025-39969}
- mm/hugetlb: fix folio is still mapped when deleted (Tu Jinjiang) [Orabug: 38560480] {CVE-2025-40006}
- mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (David Hildenbrand)
- fbcon: Fix OOB access in font allocation (Thomas Zimmermann)
- fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda) [Orabug: 38547912] {CVE-2025-39967}
- tracing: dynevent: Add a missing lockdown check on dynevent (Masami Hiramatsu) [Orabug: 38581470] {CVE-2025-40021}
- i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik)
- i40e: add max boundary check for VF filters (Lukasz Czapnik) [Orabug: 38547922] {CVE-2025-39968}
- i40e: fix input validation logic for action_meta (Lukasz Czapnik) [Orabug: 38547932] {CVE-2025-39970}
- i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik) [Orabug: 38547945] {CVE-2025-39972}
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38641289] {CVE-2025-40022}
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537468,38575792,38575804] {CVE-2025-39964}
- drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita) [Orabug: 38560495] {CVE-2025-40011}
- net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port (Vladimir Oltean)
- net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup() (Vladimir Oltean)
- net: dsa: lantiq_gswip: do also enable or disable cpu port (Martin Schiller)
- selftests: fib_nexthops: Fix creation of non-FDB nexthops (Ido Schimmel)
- nexthop: Forbid FDB status change while nexthop is in a group (Ido Schimmel) [Orabug: 38547971] {CVE-2025-39980}
- bnxt_en: correct offset handling for IPv6 destination address (Alok Tiwari)
- ethernet: rvu-af: Remove slash from the driver name (Petr Malat)
- can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean) [Orabug: 38581461] {CVE-2025-40020}
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: etas_es58x: sort the includes by alphabetic order (Vincent Mailhol)
- can: etas_es58x: advertise timestamping capabilities and add ioctl support (Vincent Mailhol)
- can: dev: add generic function can_eth_ioctl_hwts() (Vincent Mailhol)
- can: dev: add generic function can_ethtool_op_get_ts_info_hwts() (Vincent Mailhol)
- can: bittiming: replace CAN units with the generic ones from linux/units.h (Vincent Mailhol)
- can: bittiming: allow TDC{V,O} to be zero and add can_tdc_const::tdc{v,o,f}_min (Vincent Mailhol)
- bpf: Reject bpf_timer for PREEMPT_RT (Leon Hwang)
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven)
- arm64: dts: imx8mp: Correct thermal sensor index (Peng Fan)
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov)
- usb: core: Add 0x prefix to quirks debug output (Jiayi Li)
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai)
- ALSA: usb-audio: Convert comma to semicolon (Chen Ni)
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea)
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea)
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (Hans de Goede)
- net: rfkill: gpio: add DT support (Philipp Zabel)
- mptcp: propagate shutdown to subflows when possible (Matthieu Baerts)
- ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer (Namjae Jeon)
- mptcp: set remote_deny_join_id0 on SYN recv (Matthieu Baerts)
- phy: ti: omap-usb2: fix device leak at unbind (Johan Hovold)
- phy: Use device_get_match_data() (Rob Herring)
- phy: broadcom: ns-usb3: fix Wvoid-pointer-to-enum-cast warning (Krzysztof Kozlowski)
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (Alan Stern)
- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body (Jakob Koschel)
- xhci: dbc: Fix full DbC transfer ring after several reconnects (Mathias Nyman)
- xhci: dbc: decouple endpoint allocation from initialization (Mathias Nyman)
- serial: sc16is7xx: fix bug in flow control levels init (Hugo Villeneuve)
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (Qi Xi)
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (Loic Poulain)
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (Colin Ian King)
- ASoC: wm8974: Correct PLL rate rounding (Charles Keepax)
- ASoC: wm8940: Correct typo in control name (Charles Keepax)
- mmc: mvsdio: Fix dma_unmap_sg() nents value (Thomas Fourier)
- btrfs: tree-checker: fix the incorrect inode ref size check (Qu Wenruo)
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (H. Nikolaus Schaller)
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (H. Nikolaus Schaller)
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (Nathan Chancellor)
- cnic: Fix use-after-free bugs in cnic_delete_task (Duoming Zhou) [Orabug: 38503848] {CVE-2025-39945}
- net: liquidio: fix overflow in octeon_init_instr_queue() (Alexey Nepomnyashih)
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Kuniyuki Iwashima) [Orabug: 38526387] {CVE-2025-39955}
- i40e: remove redundant memory barrier when cleaning Tx descs (Maciej Fijalkowski)
- net: natsemi: fix rx_dropped double accounting on netif_rx() failure (Moon Yeounsu)
- qed: Don't collect too many protection override GRC elements (Jamie Bainbridge) [Orabug: 38503869] {CVE-2025-39949}
- dpaa2-switch: fix buffer pool seeding for control traffic (Ioana Ciornei)
- um: virtio_uml: Fix use-after-free after put_device in probe (Miaoqian Lin)
- cgroup: split cgroup_destroy_wq into 3 workqueues (Chen Ridong) [Orabug: 38503891] {CVE-2025-39953}
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch (Geert Uytterhoeven)
- wifi: mac80211: fix incorrect type for ret (Liao Yuanhong)
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (Takashi Sakamoto)
- net: hsr: hsr_slave: Fix the promiscuous mode in offload mode (Ravi Gunasekaran)
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Miaohe Lin) [Orabug: 38461847] {CVE-2025-39883}
- drm/i915/power: fix size for for_each_set_bit() in abox iteration (Jani Nikula)
- phy: ti-pipe3: fix device leak at unbind (Johan Hovold)
- phy: tegra: xusb: fix device and OF node leak at probe (Johan Hovold)
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (Stephan Gerhold) [Orabug: 38494821] {CVE-2025-39923}
- regulator: sy7636a: fix lifecycle of power good gpio (Andreas Kemnade)
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (Anders Roxell)
- hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr (Hangbin Liu)
- hsr: use rtnl lock when iterating over ports (Hangbin Liu)
- net: hsr: Add VLAN CTAG filter support (Murali Karicheri)
- net: hsr: Add support for MC filtering at the slave device (Murali Karicheri)
- net: hsr: Disable promiscuous mode in offload mode (Ravi Gunasekaran)
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (Anssi Hannula)
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (Tetsuo Handa)
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (Tetsuo Handa)
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (Michal Schmidt) [Orabug: 38494786] {CVE-2025-39911}
- i40e: Use irq_update_affinity_hint() (Nitesh Narayan Lal)
- igb: fix link test skipping when interface is admin down (Kohei Enju)
- tunnels: reset the GSO metadata before reusing the skb (Antoine Tenart)
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (Stefan Wahren)
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (Fabio Porcedda)
- dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks (Krzysztof Kozlowski)
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (Fabian Vogt)
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (Christoffer Sandberg)
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (Christophe Kerello)
- mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check (Jack Wang)
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (Alexander Sverdlin)
- mtd: nand: raw: atmel: Fix comment in timings preparation (Alexander Dahl)
- mm/khugepaged: fix the address passed to notifier on testing young (Wei Yang)
- libceph: fix invalid accesses to ceph_connection_v1_info (Ilya Dryomov) [Orabug: 38461836] {CVE-2025-39880}
- fuse: prevent overflow in copy_file_range return value (Miklos Szeredi)
- fuse: check if copy_file_range() returns larger than requested size (Miklos Szeredi)
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (Christophe Kerello)
- ocfs2: fix recursive semaphore deadlock in fiemap call (Mark Tinguely) [Orabug: 38461858] {CVE-2025-39885}
- mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN (Krister Johansen)
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined (Nathan Chancellor)
- EDAC/altera: Delete an inappropriate dma_free_coherent() call (Salah Triki)
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (Kuniyuki Iwashima) [Orabug: 38494796] {CVE-2025-39913}
- NFSv4/flexfiles: Fix layout merge mirror check. (Jonathan Curley)
- tracing: Fix tracing_marker may trigger page fault during preempt_disable (Luo Gengkun)
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (Trond Myklebust)
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (Trond Myklebust)
- mm/rmap: reject hugetlb folios in folio_make_device_exclusive() (David Hildenbrand)
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (Kuniyuki Iwashima) [Orabug: 37901603] {CVE-2025-23143}
- media: i2c: imx214: Fix link frequency validation (André Apitzsch)
- media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning (Arnd Bergmann)
- mm: introduce and use {pgd,p4d}_populate_kernel() (Harry Yoo)
- kunit: kasan_test: disable fortify string checker on kasan_strings() test (Levi Yun)
- xfs: short circuit xfs_growfs_data_private() if delta is zero (Eric Sandeen)
- Revert "fbdev: Disable sysfb device registration when removing conflicting FBs" (Brett A C Sheffield)

[5.15.0-315.193.2]
- KVM: x86: Don't unnecessarily force masterclock update on vCPU hotplug (Sean Christopherson) [Orabug: 38530514]
- KVM: x86: Expose TSC offset controls to userspace (Oliver Upton) [Orabug: 38530514]
- KVM: x86: Refactor tsc synchronization code (Oliver Upton) [Orabug: 38530514]
- kvm: x86: protect masterclock with a seqcount (Paolo Bonzini) [Orabug: 38530514]
- KVM: x86: Report host tsc and realtime values in KVM_GET_CLOCK (Oliver Upton) [Orabug: 38530514]
- KVM: x86: Fix potential race in KVM_GET_CLOCK (Oliver Upton) [Orabug: 38530514]
- KVM: x86: extract KVM_GET_CLOCK/KVM_SET_CLOCK to separate functions (Paolo Bonzini) [Orabug: 38530514]
- kvm: x86: abstract locking around pvclock_update_vm_gtod_copy (Paolo Bonzini) [Orabug: 38530514]
- Revert "KVM: x86: Don't unnecessarily force masterclock update on vCPU hotplug" (Dongli Zhang) [Orabug: 38530514]

[5.15.0-315.193.1]
- uek-rpm: Set KFENCE_SAMPLE_INTERVAL to 100. (Imran Khan) [Orabug: 38549476]
- uek-rpm: Enable CONFIG_COMPAT_32BIT_TIME for x86 container kernel (Boris Ostrovsky) [Orabug: 38540641]

ELSA-2025-23109 Moderate: Oracle Linux 9 mysql security update

Oracle Linux Security Advisory ELSA-2025-23109

http://linux.oracle.com/errata/ELSA-2025-23109.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
mysql-8.0.44-1.el9_7.x86_64.rpm
mysql-common-8.0.44-1.el9_7.x86_64.rpm
mysql-devel-8.0.44-1.el9_7.x86_64.rpm
mysql-errmsg-8.0.44-1.el9_7.x86_64.rpm
mysql-libs-8.0.44-1.el9_7.x86_64.rpm
mysql-server-8.0.44-1.el9_7.x86_64.rpm
mysql-test-8.0.44-1.el9_7.x86_64.rpm

aarch64:
mysql-8.0.44-1.el9_7.aarch64.rpm
mysql-common-8.0.44-1.el9_7.aarch64.rpm
mysql-devel-8.0.44-1.el9_7.aarch64.rpm
mysql-errmsg-8.0.44-1.el9_7.aarch64.rpm
mysql-libs-8.0.44-1.el9_7.aarch64.rpm
mysql-server-8.0.44-1.el9_7.aarch64.rpm
mysql-test-8.0.44-1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/mysql-8.0.44-1.el9_7.src.rpm

Related CVEs:

CVE-2025-53040
CVE-2025-53042
CVE-2025-53044
CVE-2025-53045
CVE-2025-53053
CVE-2025-53054
CVE-2025-53062
CVE-2025-53069

Description of changes:

[8.0.44-1]
- Rebase to MySQL 8.0.44

ELSA-2025-23142 Important: Oracle Linux 9 wireshark security update

Oracle Linux Security Advisory ELSA-2025-23142

http://linux.oracle.com/errata/ELSA-2025-23142.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
wireshark-3.4.10-8.el9_7.1.x86_64.rpm
wireshark-cli-3.4.10-8.el9_7.1.i686.rpm
wireshark-cli-3.4.10-8.el9_7.1.x86_64.rpm
wireshark-devel-3.4.10-8.el9_7.1.i686.rpm
wireshark-devel-3.4.10-8.el9_7.1.x86_64.rpm

aarch64:
wireshark-3.4.10-8.el9_7.1.aarch64.rpm
wireshark-cli-3.4.10-8.el9_7.1.aarch64.rpm
wireshark-devel-3.4.10-8.el9_7.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/wireshark-3.4.10-8.el9_7.1.src.rpm

Related CVEs:

CVE-2025-13499

Description of changes:

[1:3.4.10-8.1]
- Resolves: RHEL-130438 - Access of Uninitialized Pointer in Wireshark

ELSA-2025-23111 Moderate: Oracle Linux 9 mysql:8.4 security update

Oracle Linux Security Advisory ELSA-2025-23111

http://linux.oracle.com/errata/ELSA-2025-23111.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
mecab-0.996-3.module+el9.7.0+90722+c8e17c0f.4.x86_64.rpm
mecab-devel-0.996-3.module+el9.7.0+90722+c8e17c0f.4.x86_64.rpm
mecab-ipadic-2.7.0.20070801-24.0.1.module+el9.7.0+90722+c8e17c0f.x86_64.rpm
mecab-ipadic-EUCJP-2.7.0.20070801-24.0.1.module+el9.7.0+90722+c8e17c0f.x86_64.rpm
mysql-8.4.7-1.module+el9.7.0+90722+c8e17c0f.x86_64.rpm
mysql-common-8.4.7-1.module+el9.7.0+90722+c8e17c0f.noarch.rpm
mysql-devel-8.4.7-1.module+el9.7.0+90722+c8e17c0f.x86_64.rpm
mysql-errmsg-8.4.7-1.module+el9.7.0+90722+c8e17c0f.noarch.rpm
mysql-libs-8.4.7-1.module+el9.7.0+90722+c8e17c0f.x86_64.rpm
mysql-server-8.4.7-1.module+el9.7.0+90722+c8e17c0f.x86_64.rpm
mysql-test-8.4.7-1.module+el9.7.0+90722+c8e17c0f.x86_64.rpm
mysql-test-data-8.4.7-1.module+el9.7.0+90722+c8e17c0f.noarch.rpm
rapidjson-devel-1.1.0-19.module+el9.7.0+90722+c8e17c0f.x86_64.rpm
rapidjson-doc-1.1.0-19.module+el9.7.0+90722+c8e17c0f.noarch.rpm

aarch64:
mecab-0.996-3.module+el9.7.0+90722+c8e17c0f.4.aarch64.rpm
mecab-devel-0.996-3.module+el9.7.0+90722+c8e17c0f.4.aarch64.rpm
mecab-ipadic-2.7.0.20070801-24.0.1.module+el9.7.0+90722+c8e17c0f.aarch64.rpm
mecab-ipadic-EUCJP-2.7.0.20070801-24.0.1.module+el9.7.0+90722+c8e17c0f.aarch64.rpm
mysql-8.4.7-1.module+el9.7.0+90722+c8e17c0f.aarch64.rpm
mysql-common-8.4.7-1.module+el9.7.0+90722+c8e17c0f.noarch.rpm
mysql-devel-8.4.7-1.module+el9.7.0+90722+c8e17c0f.aarch64.rpm
mysql-errmsg-8.4.7-1.module+el9.7.0+90722+c8e17c0f.noarch.rpm
mysql-libs-8.4.7-1.module+el9.7.0+90722+c8e17c0f.aarch64.rpm
mysql-server-8.4.7-1.module+el9.7.0+90722+c8e17c0f.aarch64.rpm
mysql-test-8.4.7-1.module+el9.7.0+90722+c8e17c0f.aarch64.rpm
mysql-test-data-8.4.7-1.module+el9.7.0+90722+c8e17c0f.noarch.rpm
rapidjson-devel-1.1.0-19.module+el9.7.0+90722+c8e17c0f.aarch64.rpm
rapidjson-doc-1.1.0-19.module+el9.7.0+90722+c8e17c0f.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/mecab-0.996-3.module+el9.7.0+90722+c8e17c0f.4.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/mecab-ipadic-2.7.0.20070801-24.0.1.module+el9.7.0+90722+c8e17c0f.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/mysql-8.4.7-1.module+el9.7.0+90722+c8e17c0f.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/rapidjson-1.1.0-19.module+el9.7.0+90722+c8e17c0f.src.rpm

Related CVEs:

CVE-2025-53040
CVE-2025-53042
CVE-2025-53044
CVE-2025-53045
CVE-2025-53053
CVE-2025-53054
CVE-2025-53062
CVE-2025-53069

Description of changes:

mecab
mecab-ipadic
mysql
[8.4.7-1]
- Rebase to 8.4.7

rapidjson

ELSA-2025-28048 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-28048

http://linux.oracle.com/errata/ELSA-2025-28048.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
bpftool-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-315.196.5.1.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek64k-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek64k-core-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek64k-devel-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek64k-modules-5.15.0-315.196.5.1.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-5.15.0-315.196.5.1.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-315.196.5.1.el9uek.src.rpm

Related CVEs:

CVE-2024-43876
CVE-2024-43877
CVE-2025-22058
CVE-2025-23143
CVE-2025-38678
CVE-2025-39880
CVE-2025-39883
CVE-2025-39885
CVE-2025-39911
CVE-2025-39913
CVE-2025-39923
CVE-2025-39945
CVE-2025-39949
CVE-2025-39953
CVE-2025-39955
CVE-2025-39964
CVE-2025-39967
CVE-2025-39968
CVE-2025-39969
CVE-2025-39970
CVE-2025-39971
CVE-2025-39972
CVE-2025-39973
CVE-2025-39980
CVE-2025-39993
CVE-2025-39994
CVE-2025-39996
CVE-2025-39998
CVE-2025-40001
CVE-2025-40006
CVE-2025-40011
CVE-2025-40018
CVE-2025-40019
CVE-2025-40020
CVE-2025-40021
CVE-2025-40022
CVE-2025-40026
CVE-2025-40027
CVE-2025-40030
CVE-2025-40035
CVE-2025-40042
CVE-2025-40044
CVE-2025-40048
CVE-2025-40049
CVE-2025-40053
CVE-2025-40055
CVE-2025-40070
CVE-2025-40078
CVE-2025-40081
CVE-2025-40085
CVE-2025-40087
CVE-2025-40092
CVE-2025-40094
CVE-2025-40105
CVE-2025-40109
CVE-2025-40111
CVE-2025-40115
CVE-2025-40118
CVE-2025-40120
CVE-2025-40121
CVE-2025-40125
CVE-2025-40134
CVE-2025-40140
CVE-2025-40153
CVE-2025-40154
CVE-2025-40167
CVE-2025-40171
CVE-2025-40173
CVE-2025-40178
CVE-2025-40179
CVE-2025-40183
CVE-2025-40186
CVE-2025-40187
CVE-2025-40190
CVE-2025-40194
CVE-2025-40197
CVE-2025-40200
CVE-2025-40204
CVE-2025-40205

Description of changes:

[5.15.0-315.196.5.1]
- netfilter: nf_tables: reject duplicate device on updates (Pablo Neira Ayuso) [Orabug: 38744086] {CVE-2025-38678}
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38744084]
- rtc: expose RTC_FEATURE_UPDATE_INTERRUPT (Alexandre Belloni) [Orabug: 38744082]

[5.15.0-315.196.5]
- uek-rpm: add "bpf" to CONFIG_LSM (Alan Maguire) [Orabug: 35653191]
- Revert "cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry" (Samasth Norway Ananda) [Orabug: 38613264]

[5.15.0-315.196.4]
- net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506368]

[5.15.0-315.196.3]
- KVM: VMX: Intercept reads to invalid and write-only x2APIC registers (Sean Christopherson) [Orabug: 38535186]
- KVM: VMX: Always intercept accesses to unsupported "extended" x2APIC regs (Sean Christopherson) [Orabug: 38535186]
- KVM: x86: Split out logic to generate "readable" APIC regs mask to helper (Sean Christopherson) [Orabug: 38535186]
- KVM: x86: Mark x2APIC DFR reg as non-existent for x2APIC (Sean Christopherson) [Orabug: 38535186]
- uek-rpm/ol9/config-mips64-emb: Enable NF_TABLES for MIPS64 (Vijay Kumar) [Orabug: 38578981]
- LTS version: v5.15.196 (Vijayendra Suman)
- PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (Marek Vasut) [Orabug: 38641258] {CVE-2024-43876}
- net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg (Zhengchao Shao)
- usb: gadget: f_acm: Refactor bind path to use __free() (Kuen-Han Tsai) [Orabug: 38601854] {CVE-2025-40094}
- usb: gadget: f_ncm: Refactor bind path to use __free() (Kuen-Han Tsai) [Orabug: 38601837] {CVE-2025-40092}
- usb: gadget: Introduce free_usb_request helper (Kuen-Han Tsai)
- usb: gadget: Store endpoint pointer in usb_request (Kuen-Han Tsai)
- arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (Kaushlendra Kumar)
- xfs: always warn about deprecated mount options (Darrick J. Wong)
- devcoredump: Fix circular locking dependency with devcd->mutex. (Maarten Lankhorst)
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (Niklas Cassel)
- PCI: rcar-host: Drop PMSR spinlock (Marek Vasut)
- PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() (Marek Vasut)
- PCI: tegra194: Handle errors in BPMP response (Vidya Sagar)
- f2fs: fix wrong block mapping for multi-devices (Jaegeuk Kim)
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601818] {CVE-2025-40087}
- vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601923] {CVE-2025-40105}
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (Gui-Dong Han)
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (Marek Vasut)
- wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again (Muhammad Usama Anjum)
- PCI: j721e: Fix programming sequence of "strap" settings (Siddharth Vadapalli)
- PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists (Siddharth Vadapalli)
- fuse: fix livelock in synchronous file put from fuseblk workers (Darrick J. Wong)
- fuse: allocate ff->release_args only if release is needed (Amir Goldstein)
- padata: Reset next CPU when reorder sequence wraps around (Xiao Liang)
- iio: imu: inv_icm42600: Simplify pm_runtime setup (Sean Nyekjaer)
- PM: runtime: Add new devm functions (Csókás Bence)
- iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended (Sean Nyekjaer)
- iio: imu: inv_icm42600: use = { } instead of memset() (David Lechner)
- NFSD: Fix last write offset handling in layoutcommit (Sergey Bashirov)
- NFSD: Minor cleanup in layoutcommit processing (Sergey Bashirov)
- NFSD: Rework encoding and decoding of nfsd4_deviceid (Sergey Bashirov)
- xfs: fix log CRC mismatches between i386 and other architectures (Christoph Hellwig)
- xfs: rename the old_crc variable in xlog_recover_process (Christoph Hellwig)
- s390/cio: Update purge function to unregister the unused subchannels (Vineeth Vijayan)
- arm64: cputype: Add Neoverse-V3AE definitions (Mark Rutland)
- serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (Florian Eckert)
- most: usb: hdm_probe: Fix calling put_device() before device initialization (Victoria Votokina)
- most: usb: Fix use-after-free in hdm_disconnect (Victoria Votokina)
- mei: me: add wildcat lake P DID (Alexander Usyskin)
- comedi: fix divide-by-zero in comedi_buf_munge() (Deepanshu Kartikey)
- binder: remove "invalid inc weak" check (Alice Ryhl)
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (Mathias Nyman)
- usb: raw-gadget: do not limit transfer length (Andrey Konovalov)
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (Tim Guttzeit)
- USB: serial: option: add Telit FN920C04 ECM compositions (Li Qingwu)
- USB: serial: option: add Quectel RG255C (Reinhard Speyerer)
- USB: serial: option: add UNISOC UIS7720 (Renjun Wang)
- net: ravb: Ensure memory write completes before ringing TX doorbell (Lad Prabhakar)
- net: usb: rtl8150: Fix frame padding (Michał Pecio)
- vsock: fix lock inversion in vsock_assign_transport() (Stefano Garzarella)
- ocfs2: clear extent cache after moving/defragmenting extents (Deepanshu Kartikey)
- MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering (Maciej W. Rozycki)
- Revert "cpuidle: menu: Avoid discarding useful information" (Rafael J. Wysocki)
- net: bonding: fix possible peer notify event loss or dup issue (Tonghao Zhang)
- sctp: avoid NULL dereference when chunk data buffer is missing (Alexey Simakov)
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (Huang, Ying)
- dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path (Ioana Ciornei)
- net: enetc: correct the value of ENETC_RXB_TRUESIZE (Wei Fang)
- rtnetlink: Allow deleting FDB entries in user namespace (Johannes Wiesboeck)
- net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del (Nikolay Aleksandrov)
- net: rtnetlink: add bulk delete support flag (Nikolay Aleksandrov)
- net: netlink: add NLM_F_BULK delete request modifier (Nikolay Aleksandrov)
- net: rtnetlink: use BIT for flag values (Nikolay Aleksandrov)
- net: rtnetlink: add helper to extract msg type's kind (Nikolay Aleksandrov)
- m68k: bitops: Fix find_*_bit() signatures (Geert Uytterhoeven)
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (Yangtao Li)
- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() (Viacheslav Dubeyko)
- dlm: check for defined force value in dlm_lockspace_release (Alexander Aring)
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (Viacheslav Dubeyko)
- hfs: validate record offset in hfsplus_bmap_alloc (Yang Chenzhi)
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (Viacheslav Dubeyko)
- hfs: make proper initalization of struct hfs_find_data (Viacheslav Dubeyko)
- hfs: clear offset and space out of valid records in b-tree node (Viacheslav Dubeyko)
- nios2: ensure that memblock.current_limit is set when setting pfn limits (Simon Schuster)
- exec: Fix incorrect type for ret (Xichao Zhao)
- PCI/sysfs: Ensure devices are powered for config reads (part 2) (Brian Norris)
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (Viacheslav Dubeyko)
- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (Jiaming Zhang) [Orabug: 38597093] {CVE-2025-40085}
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (Randy Dunlap)
- sched/fair: Fix pelt lost idle time detection (Vincent Guittot)
- sched/balancing: Rename newidle_balance() => sched_balance_newidle() (Ingo Molnar)
- drm/amd/powerplay: Fix CIK shutdown temperature (Timur Kristóf)
- net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (I Viswanath)
- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (Oleksij Rempel)
- net: usb: use eth_hw_addr_set() instead of ether_addr_copy() (Jakub Kicinski)
- tls: don't rely on tx_work during send() (Sabrina Dubroca)
- tls: always set record_type in tls_process_cmsg (Sabrina Dubroca)
- tls: wait for async encrypt in case of error during latter iterations of sendmsg (Sabrina Dubroca)
- net: tls: wait for async completion on last message (Sascha Hauer)
- tg3: prevent use of uninitialized remote_adv and local_adv variables (Alexey Simakov)
- tcp: fix tcp_tso_should_defer() vs large RTT (Eric Dumazet)
- amd-xgbe: Avoid spurious link down messages during interface toggle (Raju Rangoju)
- net/ip6_tunnel: Prevent perpetual tunnel growth (Dmitry Safonov) [Orabug: 38649259] {CVE-2025-40173}
- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (Linmao Li)
- doc: fix seg6_flowlabel path (Nicolas Dichtel)
- net: dlink: handle dma_map_single() failure properly (Moon Yeounsu)
- can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() (Marc Kleine-Budde)
- dax: skip read lock assertion for read-only filesystems (Yuezhang Mo)
- HID: multitouch: fix sticky fingers (Benjamin Tissoires)
- cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (Rafael J. Wysocki)
- crypto: rockchip - Fix dma_unmap_sg() nents value (Thomas Fourier)
- drm/exynos: exynos7_drm_decon: remove ctx->suspended (Kaustabh Chakraborty)
- drm/exynos: exynos7_drm_decon: properly clear channels during bind (Kaustabh Chakraborty)
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (Kaustabh Chakraborty)
- blk-crypto: fix missing blktrace bio split events (Yu Kuai)
- media: lirc: Fix error handling in lirc_register() (Ma Ke)
- media: rc: Directly use ida_free() (Keliu)
- media: s5p-mfc: remove an unused/uninitialized variable (Arnd Bergmann)
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (Filipe Manana)
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination (Deepanshu Kartikey) [Orabug: 38649222] {CVE-2025-40167}
- jbd2: ensure that all ongoing I/O complete before freeing blocks (Zhang Yi)
- r8152: add error handling in rtl8152_driver_init (Yi Cong)
- LTS version: v5.15.195 (Vijayendra Suman)
- selftests: mptcp: join: validate C-flag + def limit (Matthieu Baerts)
- mptcp: pm: in-kernel: usable client side with C-flag (Matthieu Baerts)
- media: pci: ivtv: Add check for DMA map result (Mikhail Kobuk) [Orabug: 38641260] {CVE-2024-43877}
- xen/events: Update virq_to_irq on migration (Jason Andryuk)
- media: pci: ivtv: Add missing check after DMA map (Thomas Fourier)
- media: pci/ivtv: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (Catalin Marinas)
- media: cx18: Add missing check after DMA map (Thomas Fourier)
- media: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- writeback: Avoid excessively long inode switching times (Jan Kara)
- writeback: Avoid softlockup when switching many inodes (Jan Kara)
- cramfs: Verify inode mode when loading from disk (Tetsuo Handa)
- fs: Add 'initramfs_options' to set initramfs mount options (Lichen Liu)
- pid: Add a judgment for ns null in pid_nr_ns (Gaoxiang17) [Orabug: 38649275] {CVE-2025-40178}
- minixfs: Verify inode mode when loading from disk (Tetsuo Handa)
- minmax.h: remove some #defines that are only expanded once (David Laight)
- minmax.h: simplify the variants of clamp() (David Laight)
- minmax.h: move all the clamp() definitions after the min/max() ones (David Laight)
- minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() (David Laight)
- minmax.h: reduce the #define expansion of min(), max() and clamp() (David Laight)
- minmax.h: update some comments (David Laight)
- minmax.h: add whitespace around operators and after commas (David Laight)
- minmax: fix up min3() and max3() too (Linus Torvalds)
- minmax: improve macro expansion and type checking (Linus Torvalds)
- minmax: simplify min()/max()/clamp() implementation (Linus Torvalds)
- minmax: don't use max() in situations that want a C constant expression (Linus Torvalds)
- minmax: make generic MIN() and MAX() macros available everywhere (Linus Torvalds)
- minmax: simplify and clarify min_t()/max_t() implementation (Linus Torvalds)
- minmax: add a few more MIN_T/MAX_T users (Linus Torvalds)
- minmax: avoid overly complicated constant expressions in VM code (Linus Torvalds)
- minmax: fix indentation of __cmp_once() and __clamp_once() (David Laight)
- minmax: deduplicate __unconst_integer_typeof() (Andy Shevchenko)
- minmax: Introduce {min,max}_array() (Herve Codina)
- arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees (Stephan Gerhold)
- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (Qu Wenruo)
- fscontext: do not consume log entries when returning -EMSGSIZE (Aleksa Sarai)
- dm: fix NULL pointer dereference in __dm_suspend() (Zheng Qixing) [Orabug: 38649056] {CVE-2025-40134}
- tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592032] {CVE-2025-40042}
- ksmbd: fix error code overwriting in smb2_get_info_filesystem() (Matvey Kovalev)
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (Oleksij Rempel) [Orabug: 38649002] {CVE-2025-40120}
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (Hans de Goede)
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (Andy Shevchenko)
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (Hans de Goede)
- media: mc: Clear minor number before put device (Edward Adam Davis) [Orabug: 38649397] {CVE-2025-40197}
- Squashfs: reject negative file sizes in squashfs_read_inode() (Phillip Lougher) [Orabug: 38649424] {CVE-2025-40200}
- Squashfs: add additional inode sanity checking (Phillip Lougher)
- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (Ma Ke)
- ASoC: codecs: wcd934x: Simplify with dev_err_probe (Krzysztof Kozlowski)
- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug: 38591958] {CVE-2025-40026}
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (Nathan Chancellor)
- ext4: free orphan info with kvfree (Jan Kara)
- ext4: guard against EA inode refcount underflow in xattr update (Ahmet Eray Karadag) [Orabug: 38649329] {CVE-2025-40190}
- ext4: correctly handle queries for metadata mappings (Ojaswin Mujoo)
- ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() (Yongjian Sun)
- ext4: verify orphan file size is not too big (Jan Kara) [Orabug: 38649284] {CVE-2025-40179}
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia)
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (Thorsten Blum)
- mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations (Thadeu Lima de Souza Cascardo)
- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) (Sean Christopherson)
- x86/umip: Check that the instruction opcode is at least two bytes (Sean Christopherson)
- spi: cadence-quadspi: Flush posted register writes before DAC access (Pratyush Yadav)
- spi: cadence-quadspi: Flush posted register writes before INDAC access (Pratyush Yadav)
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (Niklas Cassel)
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (Siddharth Vadapalli)
- PCI/AER: Support errors introduced by PCIe r6.0 (Lukas Wunner)
- PCI/AER: Fix missing uevent on recovery when a reset is requested (Niklas Schnelle)
- PCI/ERR: Fix uevent on failure to recover (Lukas Wunner)
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (Niklas Schnelle)
- PCI/sysfs: Ensure devices are powered for config reads (Brian Norris)
- rseq/selftests: Use weak symbol reference, not definition, to link with glibc (Sean Christopherson)
- rtc: interface: Fix long-standing race when setting alarm (Esben Haabendal)
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (Esben Haabendal)
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (Zhen Ni)
- mmc: core: SPI mode remove cmd7 (Rex Chen)
- mtd: rawnand: fsmc: Default to autodetect buswidth (Linus Walleij)
- sparc: fix error handling in scan_one_device() (Ma Ke)
- sparc64: fix hugetlb for sun4u (Anthony Yznaga)
- sctp: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 38649450] {CVE-2025-40204}
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (Thorsten Blum)
- pwm: berlin: Fix wrong register in suspend/resume (Jisheng Zhang)
- powerpc/pseries/msi: Fix potential underflow and leak issue (Nam Cao)
- powerpc/powernv/pci: Fix underflow and leak issue (Nam Cao)
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (Georg Gottleuber)
- parisc: don't reference obsolete termio struct for TC* constants (Sam James)
- openat2: don't trigger automounts with RESOLVE_NO_XDEV (Askar Safin)
- lib/genalloc: fix device leak in of_gen_pool_get() (Johan Hovold)
- KEYS: trusted_tpm1: Compare HMAC values in constant time (Eric Biggers)
- iommu/vt-d: PRS isn't usable if PDS isn't supported (Lu Baolu)
- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (Sean Nyekjaer)
- init: handle bootloader identifier in kernel parameters (Huacai Chen)
- iio: frequency: adf4350: Fix prescaler usage. (Michael Hennerich)
- iio: dac: ad5421: use int type to store negative error codes (Rong Qianfeng)
- iio: dac: ad5360: use int type to store negative error codes (Rong Qianfeng)
- fs/ntfs3: Fix a resource leak bug in wnd_extend() (Haoxiang Li)
- crypto: atmel - Fix dma_unmap_sg() direction (Thomas Fourier)
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (Rafael J. Wysocki) [Orabug: 38649365] {CVE-2025-40194}
- copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) (Simon Schuster)
- bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (Adam Xue)
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (Anderson Nascimento) [Orabug: 38649461] {CVE-2025-40205}
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (Shuhao Fu)
- media: i2c: mt9v111: fix incorrect type for ret (Rong Qianfeng)
- firmware: meson_sm: fix device leak at probe (Johan Hovold)
- xen/manage: Fix suspend error path (Lukas Wunner)
- xen/events: Cleanup find_virq() return codes (Jason Andryuk)
- ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init (Miaoqian Lin)
- arm64: dts: qcom: msm8916: Add missing MDSS reset (Stephan Gerhold)
- ACPI: debug: fix signedness issues in read/write helpers (Amir Mohammad Jahangirzad)
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (Daniel Tang)
- bpf: Avoid RCU context warning when unpinning htab with internal structs (Kafai Wan)
- gpio: wcd934x: mark the GPIO controller as sleeping (Bartosz Golaszewski)
- gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells (Andy Shevchenko)
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (Gunnar Kudrjavets)
- crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38581454] {CVE-2025-40019}
- bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() (Eric Woudstra)
- drm/amd/display: Properly disable scaling on DCE6 (Timur Kristóf)
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (Timur Kristóf)
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (Timur Kristóf)
- drm/amdgpu: Add additional DCE6 SCL registers (Alex Deucher)
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (Daniel Borkmann) [Orabug: 38649299] {CVE-2025-40183}
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (Harini T)
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (Harini T)
- tools build: Align warning options with perf (Leo Yan)
- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe (Erick Karanja)
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Kuniyuki Iwashima) [Orabug: 38649578] {CVE-2025-40186}
- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (Alexandr Sapozhnikov) [Orabug: 38649311] {CVE-2025-40187}
- drm/vmwgfx: Fix Use-after-free in validation (Ian Forbes) [Orabug: 38643545] {CVE-2025-40111}
- drm/vmwgfx: Copy DRM hash-table code into driver (Thomas Zimmermann)
- s390/cio: unregister the subchannel while purging (Vineeth Vijayan)
- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() (Dan Carpenter)
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557653] {CVE-2025-40001}
- scsi: mvsas: Use sas_task_find_rq() for tagging (John Garry)
- scsi: mvsas: Delete mvs_tag_init() (John Garry)
- scsi: libsas: Add sas_task_find_rq() (John Garry)
- cpufreq: tegra186: Set target frequency for all cpus in policy (Aaron Kling)
- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver (Alok Tiwari)
- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() (Brian Masney)
- perf session: Fix handling when buffer exceeds 2 GiB (Leo Yan)
- rtc: x1205: Fix Xicor X1205 vendor prefix (Rob Herring)
- perf util: Fix compression checks returning -1 as bool (Yunseong Kim)
- clk: at91: peripheral: fix return value (Brian Masney)
- libperf event: Ensure tracing data is multiple of 8 sized (Ian Rogers)
- perf evsel: Avoid container_of on a NULL leader (Ian Rogers)
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (Michael Hennerich)
- clocksource/drivers/clps711x: Fix resource leaks in error paths (Zhen Ni)
- fs: always return zero on success from replace_fd() (Thomas Weißschuh)
- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (Miaoqian Lin)
- bus: fsl-mc: Check return value of platform_get_resource() (Salah Triki)
- pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug: 38591980] {CVE-2025-40030}
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38592000] {CVE-2025-40035}
- Input: atmel_mxt_ts - allow reset GPIO to sleep (Marek Vasut)
- nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() (Guangshuo Li)
- mm: hugetlb: avoid soft lockup when mprotect to large memory area (Yang Shi) [Orabug: 38649149] {CVE-2025-40153}
- ext4: fix checks for orphan inodes (Jan Kara)
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (Bartosz Golaszewski)
- net: nfc: nci: Add parameter validation for packet data (Deepak Sharma)
- fs: udf: fix OOB read in lengthAllocDescs handling (Larshin Sergey) [Orabug: 38592047] {CVE-2025-40044}
- uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592066] {CVE-2025-40048}
- Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592076] {CVE-2025-40049}
- net: dlink: handle copy_thresh allocation failure (Moon Yeounsu) [Orabug: 38592097] {CVE-2025-40053}
- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable (Kohei Enju)
- nfp: fix RSS hash key size when RSS is not supported (Kohei Enju)
- drivers/base/node: fix double free in register_one_node() (Donet Tom)
- ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592109] {CVE-2025-40055}
- hwrng: ks-sa - fix division by zero in ks_sa_rng_init (Nishanth Menon)
- Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (Luiz Augusto von Dentz)
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (I Viswanath) [Orabug: 38649095] {CVE-2025-40140}
- RDMA/siw: Always report immediate post SQ errors (Bernard Metzler)
- usb: vhci-hcd: Prevent suspending virtually attached devices (Cristian Ciocaltea)
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (Ranjan Kumar) [Orabug: 38648980] {CVE-2025-40115}
- ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug: 38581444] {CVE-2025-40018}
- NFSv4.1: fix backchannel max_resp_sz verification check (Anthony Iliopoulos)
- coresight: trbe: Return NULL pointer for allocation failures (Leo Yan)
- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice (Stephan Gerhold)
- sparc: fix accurate exception reporting in copy_{from,to}_user for M7 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_to_user for Niagara 4 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC (Michael Karcher)
- wifi: ath10k: avoid unnecessary wait for service ready message (Baochen Qiang)
- Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram (Bagas Sanjaya)
- IB/sa: Fix sa_local_svc_timeout_ms read race (Vlad Dumitrescu)
- RDMA/core: Resolve MAC of next-hop device without ARP support (Parav Pandit)
- Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" (Michał Pecio)
- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (Rong Qianfeng)
- scsi: qla2xxx: edif: Fix incorrect sign of error code (Rong Qianfeng)
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (Colin Ian King)
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (Abdun Nihaal)
- RDMA/cm: Rate limit destroy CM ID timeout error message (Håkon Bugge)
- drivers/base/node: handle error properly in register_one_node() (Donet Tom)
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (Christophe Leroy)
- netfilter: ipset: Remove unused htable_bits in macro ahash_region (Zhen Ni)
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (Hans de Goede)
- fs: ntfs3: Fix integer overflow in run_unpack() (Vitaly Grigoryev)
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (Takashi Iwai) [Orabug: 38649006] {CVE-2025-40121}
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (Takashi Iwai) [Orabug: 38649156] {CVE-2025-40154}
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (Takashi Iwai)
- pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592169] {CVE-2025-40070}
- misc: genwqe: Fix incorrect cmd field being reported in error (Colin Ian King)
- usb: gadget: configfs: Correctly set use_os_string at bind (William Wu)
- usb: phy: twl6030: Fix incorrect type for ret (Xichao Zhao)
- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (Rong Qianfeng)
- tcp: fix __tcp_close() to only send RST when required (Eric Dumazet)
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (Alok Tiwari)
- wifi: mwifiex: send world regulatory domain to driver (Stefan Kerkmann)
- drm/amdgpu: Power up UVD 3 for FW validation (v2) (Timur Kristóf)
- ALSA: lx_core: use int type to store negative error codes (Rong Qianfeng)
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (Zhang Shurong)
- scsi: myrs: Fix dma_alloc_coherent() error check (Thomas Fourier)
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (Niklas Cassel) [Orabug: 38649566] {CVE-2025-40118}
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (Dan Carpenter)
- drm/radeon/r600_cs: clean up of dead code in r600_cs (Brahmajit Das)
- i2c: designware: Add disabling clocks when probe fails (Kunihiko Hayashi)
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (Leilk Liu)
- thermal/drivers/qcom/lmh: Add missing IRQ includes (Dmitry Baryshkov)
- thermal/drivers/qcom: Make LMH select QCOM_SCM (Dmitry Baryshkov)
- tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers (Zhouyi Zhou)
- smp: Fix up and expand the smp_call_function_many() kerneldoc (Rafael J. Wysocki)
- bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592204] {CVE-2025-40078}
- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported (Akhilesh Patil)
- i3c: master: svc: Recycle unused IBI slot (Stanley Chu)
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (Daniel Wagner) [Orabug: 38649248] {CVE-2025-40171}
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (Uwe Kleine-König)
- arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible (AngeloGioacchino Del Regno)
- firmware: firmware: meson-sm: fix compile-test default (Johan Hovold)
- pinctrl: renesas: Use int type to store negative error codes (Rong Qianfeng)
- PM: sleep: core: Clear power.must_resume in noirq suspend error path (Rafael J. Wysocki)
- block: use int to store blk_stack_limits() return value (Rong Qianfeng)
- regulator: scmi: Use int type to store negative error codes (Rong Qianfeng)
- ARM: at91: pm: fix MCKx restore routine (Nicolas Ferre)
- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (Li Nan) [Orabug: 38649025] {CVE-2025-40125}
- pinctrl: meson-gxl: add missing i2c_d pinmux (Da Xue)
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (Sneh Mankad)
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (Huisong Li)
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (Florian Fainelli)
- libbpf: Fix reuse of DEVMAP (Yureka Lilian)
- regmap: Remove superfluous check for !config in __regmap_init() (Geert Uytterhoeven)
- x86/vdso: Fix output operand size of RDPID (Uros Bizjak)
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592220] {CVE-2025-40081}
- coresight: trbe: Prevent overflow in PERF_IDX2OFF() (Leo Yan)
- selftests: arm64: Check fread return value in exec_target (Bala-Vignesh-Reddy)
- filelock: add FL_RECLAIM to show_fl_flags() macro (Jeff Layton)
- net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591964] {CVE-2025-40027}
- minmax: add in_range() macro (Matthew Wilcox)
- crypto: rng - Ensure set_ent is always present (Herbert Xu) [Orabug: 38643530] {CVE-2025-40109}
- platform/x86: int3472: Check for adev == NULL (Hans de Goede)
- driver core/PM: Set power.no_callbacks along with power.no_pm (Rafael J. Wysocki)
- staging: axis-fifo: flush RX FIFO on read errors (Ovidiu Panait)
- staging: axis-fifo: fix maximum TX packet length check (Ovidiu Panait)
- serial: stm32: allow selecting console when the driver is module (Raphaël Gallais-Pou)
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (Arnaud Lecomte)
- perf subcmd: avoid crash in exclude_cmds when excludes is empty (Hupu)
- dm-integrity: limit MAX_TAG_SIZE to 255 (Mikulas Patocka)
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 (Bitterblue Smith)
- USB: serial: option: add SIMCom 8230C compositions (Xiaowei Li)
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (Duoming Zhou)
- media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou) [Orabug: 38548036] {CVE-2025-39994}
- media: tunner: xc5000: Refactor firmware load (Ricardo Ribalda)
- udp: Fix memory accounting leak. (Kuniyuki Iwashima) [Orabug: 37844324] {CVE-2025-22058}
- KVM: arm64: Fix softirq masking in FPSIMD register saving sequence (Will Deacon) [Orabug: 38513233]
- media: rc: fix races with imon_disconnect() (Larshin Sergey) [Orabug: 38548026] {CVE-2025-39993}
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou) [Orabug: 38548050] {CVE-2025-39996}
- scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran) [Orabug: 38548058] {CVE-2025-39998}
- LTS version: v5.15.194 (Vijayendra Suman)
- drm/i915/backlight: Return immediately when scale() finds invalid parameters (Guenter Roeck)
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38547951,38603025,38607608] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder)
- i40e: fix idx validation in config queues msg (Lukasz Czapnik) [Orabug: 38547937] {CVE-2025-39971}
- i40e: fix validation of VF state in get resources (Lukasz Czapnik) [Orabug: 38547928] {CVE-2025-39969}
- mm/hugetlb: fix folio is still mapped when deleted (Tu Jinjiang) [Orabug: 38560480] {CVE-2025-40006}
- mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (David Hildenbrand)
- fbcon: Fix OOB access in font allocation (Thomas Zimmermann)
- fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda) [Orabug: 38547912] {CVE-2025-39967}
- tracing: dynevent: Add a missing lockdown check on dynevent (Masami Hiramatsu) [Orabug: 38581470] {CVE-2025-40021}
- i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik)
- i40e: add max boundary check for VF filters (Lukasz Czapnik) [Orabug: 38547922] {CVE-2025-39968}
- i40e: fix input validation logic for action_meta (Lukasz Czapnik) [Orabug: 38547932] {CVE-2025-39970}
- i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik) [Orabug: 38547945] {CVE-2025-39972}
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38641289] {CVE-2025-40022}
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537468,38575792,38575804] {CVE-2025-39964}
- drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita) [Orabug: 38560495] {CVE-2025-40011}
- net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port (Vladimir Oltean)
- net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup() (Vladimir Oltean)
- net: dsa: lantiq_gswip: do also enable or disable cpu port (Martin Schiller)
- selftests: fib_nexthops: Fix creation of non-FDB nexthops (Ido Schimmel)
- nexthop: Forbid FDB status change while nexthop is in a group (Ido Schimmel) [Orabug: 38547971] {CVE-2025-39980}
- bnxt_en: correct offset handling for IPv6 destination address (Alok Tiwari)
- ethernet: rvu-af: Remove slash from the driver name (Petr Malat)
- can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean) [Orabug: 38581461] {CVE-2025-40020}
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: etas_es58x: sort the includes by alphabetic order (Vincent Mailhol)
- can: etas_es58x: advertise timestamping capabilities and add ioctl support (Vincent Mailhol)
- can: dev: add generic function can_eth_ioctl_hwts() (Vincent Mailhol)
- can: dev: add generic function can_ethtool_op_get_ts_info_hwts() (Vincent Mailhol)
- can: bittiming: replace CAN units with the generic ones from linux/units.h (Vincent Mailhol)
- can: bittiming: allow TDC{V,O} to be zero and add can_tdc_const::tdc{v,o,f}_min (Vincent Mailhol)
- bpf: Reject bpf_timer for PREEMPT_RT (Leon Hwang)
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven)
- arm64: dts: imx8mp: Correct thermal sensor index (Peng Fan)
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov)
- usb: core: Add 0x prefix to quirks debug output (Jiayi Li)
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai)
- ALSA: usb-audio: Convert comma to semicolon (Chen Ni)
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea)
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea)
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (Hans de Goede)
- net: rfkill: gpio: add DT support (Philipp Zabel)
- mptcp: propagate shutdown to subflows when possible (Matthieu Baerts)
- ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer (Namjae Jeon)
- mptcp: set remote_deny_join_id0 on SYN recv (Matthieu Baerts)
- phy: ti: omap-usb2: fix device leak at unbind (Johan Hovold)
- phy: Use device_get_match_data() (Rob Herring)
- phy: broadcom: ns-usb3: fix Wvoid-pointer-to-enum-cast warning (Krzysztof Kozlowski)
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (Alan Stern)
- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body (Jakob Koschel)
- xhci: dbc: Fix full DbC transfer ring after several reconnects (Mathias Nyman)
- xhci: dbc: decouple endpoint allocation from initialization (Mathias Nyman)
- serial: sc16is7xx: fix bug in flow control levels init (Hugo Villeneuve)
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (Qi Xi)
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (Loic Poulain)
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (Colin Ian King)
- ASoC: wm8974: Correct PLL rate rounding (Charles Keepax)
- ASoC: wm8940: Correct typo in control name (Charles Keepax)
- mmc: mvsdio: Fix dma_unmap_sg() nents value (Thomas Fourier)
- btrfs: tree-checker: fix the incorrect inode ref size check (Qu Wenruo)
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (H. Nikolaus Schaller)
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (H. Nikolaus Schaller)
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (Nathan Chancellor)
- cnic: Fix use-after-free bugs in cnic_delete_task (Duoming Zhou) [Orabug: 38503848] {CVE-2025-39945}
- net: liquidio: fix overflow in octeon_init_instr_queue() (Alexey Nepomnyashih)
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Kuniyuki Iwashima) [Orabug: 38526387] {CVE-2025-39955}
- i40e: remove redundant memory barrier when cleaning Tx descs (Maciej Fijalkowski)
- net: natsemi: fix rx_dropped double accounting on netif_rx() failure (Moon Yeounsu)
- qed: Don't collect too many protection override GRC elements (Jamie Bainbridge) [Orabug: 38503869] {CVE-2025-39949}
- dpaa2-switch: fix buffer pool seeding for control traffic (Ioana Ciornei)
- um: virtio_uml: Fix use-after-free after put_device in probe (Miaoqian Lin)
- cgroup: split cgroup_destroy_wq into 3 workqueues (Chen Ridong) [Orabug: 38503891] {CVE-2025-39953}
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch (Geert Uytterhoeven)
- wifi: mac80211: fix incorrect type for ret (Liao Yuanhong)
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (Takashi Sakamoto)
- net: hsr: hsr_slave: Fix the promiscuous mode in offload mode (Ravi Gunasekaran)
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Miaohe Lin) [Orabug: 38461847] {CVE-2025-39883}
- drm/i915/power: fix size for for_each_set_bit() in abox iteration (Jani Nikula)
- phy: ti-pipe3: fix device leak at unbind (Johan Hovold)
- phy: tegra: xusb: fix device and OF node leak at probe (Johan Hovold)
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (Stephan Gerhold) [Orabug: 38494821] {CVE-2025-39923}
- regulator: sy7636a: fix lifecycle of power good gpio (Andreas Kemnade)
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (Anders Roxell)
- hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr (Hangbin Liu)
- hsr: use rtnl lock when iterating over ports (Hangbin Liu)
- net: hsr: Add VLAN CTAG filter support (Murali Karicheri)
- net: hsr: Add support for MC filtering at the slave device (Murali Karicheri)
- net: hsr: Disable promiscuous mode in offload mode (Ravi Gunasekaran)
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (Anssi Hannula)
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (Tetsuo Handa)
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (Tetsuo Handa)
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (Michal Schmidt) [Orabug: 38494786] {CVE-2025-39911}
- i40e: Use irq_update_affinity_hint() (Nitesh Narayan Lal)
- igb: fix link test skipping when interface is admin down (Kohei Enju)
- tunnels: reset the GSO metadata before reusing the skb (Antoine Tenart)
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (Stefan Wahren)
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (Fabio Porcedda)
- dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks (Krzysztof Kozlowski)
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (Fabian Vogt)
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (Christoffer Sandberg)
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (Christophe Kerello)
- mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check (Jack Wang)
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (Alexander Sverdlin)
- mtd: nand: raw: atmel: Fix comment in timings preparation (Alexander Dahl)
- mm/khugepaged: fix the address passed to notifier on testing young (Wei Yang)
- libceph: fix invalid accesses to ceph_connection_v1_info (Ilya Dryomov) [Orabug: 38461836] {CVE-2025-39880}
- fuse: prevent overflow in copy_file_range return value (Miklos Szeredi)
- fuse: check if copy_file_range() returns larger than requested size (Miklos Szeredi)
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (Christophe Kerello)
- ocfs2: fix recursive semaphore deadlock in fiemap call (Mark Tinguely) [Orabug: 38461858] {CVE-2025-39885}
- mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN (Krister Johansen)
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined (Nathan Chancellor)
- EDAC/altera: Delete an inappropriate dma_free_coherent() call (Salah Triki)
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (Kuniyuki Iwashima) [Orabug: 38494796] {CVE-2025-39913}
- NFSv4/flexfiles: Fix layout merge mirror check. (Jonathan Curley)
- tracing: Fix tracing_marker may trigger page fault during preempt_disable (Luo Gengkun)
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (Trond Myklebust)
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (Trond Myklebust)
- mm/rmap: reject hugetlb folios in folio_make_device_exclusive() (David Hildenbrand)
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (Kuniyuki Iwashima) [Orabug: 37901603] {CVE-2025-23143}
- media: i2c: imx214: Fix link frequency validation (André Apitzsch)
- media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning (Arnd Bergmann)
- mm: introduce and use {pgd,p4d}_populate_kernel() (Harry Yoo)
- kunit: kasan_test: disable fortify string checker on kasan_strings() test (Levi Yun)
- xfs: short circuit xfs_growfs_data_private() if delta is zero (Eric Sandeen)
- Revert "fbdev: Disable sysfb device registration when removing conflicting FBs" (Brett A C Sheffield)

[5.15.0-315.193.2]
- KVM: x86: Don't unnecessarily force masterclock update on vCPU hotplug (Sean Christopherson) [Orabug: 38530514]
- KVM: x86: Expose TSC offset controls to userspace (Oliver Upton) [Orabug: 38530514]
- KVM: x86: Refactor tsc synchronization code (Oliver Upton) [Orabug: 38530514]
- kvm: x86: protect masterclock with a seqcount (Paolo Bonzini) [Orabug: 38530514]
- KVM: x86: Report host tsc and realtime values in KVM_GET_CLOCK (Oliver Upton) [Orabug: 38530514]
- KVM: x86: Fix potential race in KVM_GET_CLOCK (Oliver Upton) [Orabug: 38530514]
- KVM: x86: extract KVM_GET_CLOCK/KVM_SET_CLOCK to separate functions (Paolo Bonzini) [Orabug: 38530514]
- kvm: x86: abstract locking around pvclock_update_vm_gtod_copy (Paolo Bonzini) [Orabug: 38530514]
- Revert "KVM: x86: Don't unnecessarily force masterclock update on vCPU hotplug" (Dongli Zhang) [Orabug: 38530514]

[5.15.0-315.193.1]
- uek-rpm: Set KFENCE_SAMPLE_INTERVAL to 100. (Imran Khan) [Orabug: 38549476]
- uek-rpm: Enable CONFIG_COMPAT_32BIT_TIME for x86 container kernel (Boris Ostrovsky) [Orabug: 38540641]

ELSA-2025-23063 Moderate: Oracle Linux 9 ruby:3.3 security update

Oracle Linux Security Advisory ELSA-2025-23063

http://linux.oracle.com/errata/ELSA-2025-23063.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ruby-3.3.10-5.module+el9.7.0+90719+1f3245a0.i686.rpm
ruby-3.3.10-5.module+el9.7.0+90719+1f3245a0.x86_64.rpm
ruby-bundled-gems-3.3.10-5.module+el9.7.0+90719+1f3245a0.i686.rpm
ruby-bundled-gems-3.3.10-5.module+el9.7.0+90719+1f3245a0.x86_64.rpm
ruby-default-gems-3.3.10-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
ruby-devel-3.3.10-5.module+el9.7.0+90719+1f3245a0.i686.rpm
ruby-devel-3.3.10-5.module+el9.7.0+90719+1f3245a0.x86_64.rpm
ruby-doc-3.3.10-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-bigdecimal-3.1.5-5.module+el9.7.0+90719+1f3245a0.i686.rpm
rubygem-bigdecimal-3.1.5-5.module+el9.7.0+90719+1f3245a0.x86_64.rpm
rubygem-bundler-2.5.22-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-io-console-0.7.1-5.module+el9.7.0+90719+1f3245a0.i686.rpm
rubygem-io-console-0.7.1-5.module+el9.7.0+90719+1f3245a0.x86_64.rpm
rubygem-irb-1.13.1-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-json-2.7.2-5.module+el9.7.0+90719+1f3245a0.i686.rpm
rubygem-json-2.7.2-5.module+el9.7.0+90719+1f3245a0.x86_64.rpm
rubygem-minitest-5.20.0-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-mysql2-0.5.5-3.module+el9.7.0+90719+1f3245a0.x86_64.rpm
rubygem-mysql2-doc-0.5.5-3.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-pg-1.5.4-1.module+el9.4.0+90257+8524dee7.x86_64.rpm
rubygem-pg-doc-1.5.4-1.module+el9.4.0+90257+8524dee7.noarch.rpm
rubygem-power_assert-2.0.3-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-psych-5.1.2-5.module+el9.7.0+90719+1f3245a0.i686.rpm
rubygem-psych-5.1.2-5.module+el9.7.0+90719+1f3245a0.x86_64.rpm
rubygem-racc-1.7.3-5.module+el9.7.0+90719+1f3245a0.i686.rpm
rubygem-racc-1.7.3-5.module+el9.7.0+90719+1f3245a0.x86_64.rpm
rubygem-rake-13.1.0-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-rbs-3.4.0-5.module+el9.7.0+90719+1f3245a0.i686.rpm
rubygem-rbs-3.4.0-5.module+el9.7.0+90719+1f3245a0.x86_64.rpm
rubygem-rdoc-6.6.3.1-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-rexml-3.4.4-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-rss-0.3.1-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygems-3.5.22-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygems-devel-3.5.22-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-test-unit-3.6.1-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-typeprof-0.21.9-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
ruby-libs-3.3.10-5.module+el9.7.0+90719+1f3245a0.i686.rpm
ruby-libs-3.3.10-5.module+el9.7.0+90719+1f3245a0.x86_64.rpm

aarch64:
ruby-3.3.10-5.module+el9.7.0+90719+1f3245a0.aarch64.rpm
ruby-bundled-gems-3.3.10-5.module+el9.7.0+90719+1f3245a0.aarch64.rpm
ruby-default-gems-3.3.10-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
ruby-devel-3.3.10-5.module+el9.7.0+90719+1f3245a0.aarch64.rpm
ruby-doc-3.3.10-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-bigdecimal-3.1.5-5.module+el9.7.0+90719+1f3245a0.aarch64.rpm
rubygem-bundler-2.5.22-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-io-console-0.7.1-5.module+el9.7.0+90719+1f3245a0.aarch64.rpm
rubygem-irb-1.13.1-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-json-2.7.2-5.module+el9.7.0+90719+1f3245a0.aarch64.rpm
rubygem-minitest-5.20.0-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-mysql2-0.5.5-3.module+el9.7.0+90719+1f3245a0.aarch64.rpm
rubygem-mysql2-doc-0.5.5-3.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-pg-1.5.4-1.module+el9.4.0+90257+8524dee7.aarch64.rpm
rubygem-pg-doc-1.5.4-1.module+el9.4.0+90257+8524dee7.noarch.rpm
rubygem-power_assert-2.0.3-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-psych-5.1.2-5.module+el9.7.0+90719+1f3245a0.aarch64.rpm
rubygem-racc-1.7.3-5.module+el9.7.0+90719+1f3245a0.aarch64.rpm
rubygem-rake-13.1.0-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-rbs-3.4.0-5.module+el9.7.0+90719+1f3245a0.aarch64.rpm
rubygem-rdoc-6.6.3.1-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-rexml-3.4.4-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-rss-0.3.1-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygems-3.5.22-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygems-devel-3.5.22-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-test-unit-3.6.1-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
rubygem-typeprof-0.21.9-5.module+el9.7.0+90719+1f3245a0.noarch.rpm
ruby-libs-3.3.10-5.module+el9.7.0+90719+1f3245a0.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/ruby-3.3.10-5.module+el9.7.0+90719+1f3245a0.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/rubygem-mysql2-0.5.5-3.module+el9.7.0+90719+1f3245a0.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/rubygem-pg-1.5.4-1.module+el9.4.0+90257+8524dee7.src.rpm

Related CVEs:

CVE-2025-24294
CVE-2025-58767
CVE-2025-61594

Description of changes:

ruby
[3.3.10-5]
- Upgrade to Ruby 3.3.10.
Resolves: RHEL-127912
- Fix possible denial of service in resolv gem (CVE-2025-24294)
- Fix URI Credential Leakage Bypass previous fixes. (CVE-2025-61594)
- Fix REXML denial of service. (CVE-2025-58767)
Resolves: RHEL-122015

rubygem-mysql2
rubygem-pg

ELBA-2025-19540 Oracle Linux 9 linux-firmware bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-19540

http://linux.oracle.com/errata/ELBA-2025-19540.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.45.el9.noarch.rpm
iwl100-firmware-39.31.5.1-999.45.el9.noarch.rpm
iwl105-firmware-18.168.6.1-999.45.el9.noarch.rpm
iwl135-firmware-18.168.6.1-999.45.el9.noarch.rpm
iwl2000-firmware-18.168.6.1-999.45.el9.noarch.rpm
iwl2030-firmware-18.168.6.1-999.45.el9.noarch.rpm
iwl3160-firmware-25.30.13.0-999.45.el9.noarch.rpm
iwl3945-firmware-15.32.2.9-999.45.el9.noarch.rpm
iwl4965-firmware-228.61.2.24-999.45.el9.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.45.el9.noarch.rpm
iwl5150-firmware-8.24.2.2-999.45.el9.noarch.rpm
iwl6000-firmware-9.221.4.1-999.45.el9.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.45.el9.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.45.el9.noarch.rpm
iwl6050-firmware-41.28.5.1-999.45.el9.noarch.rpm
iwl7260-firmware-25.30.13.0-999.45.el9.noarch.rpm
iwlax2xx-firmware-20251110-999.45.el9.noarch.rpm
libertas-sd8686-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm
libertas-sd8787-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm
libertas-usb8388-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm
libertas-usb8388-olpc-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm
linux-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm
linux-firmware-core-20251110-999.45.gitc0af6c70.el9.noarch.rpm
linux-firmware-whence-20251110-999.45.gitc0af6c70.el9.noarch.rpm
liquidio-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm
netronome-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.45.el9.noarch.rpm
iwl100-firmware-39.31.5.1-999.45.el9.noarch.rpm
iwl105-firmware-18.168.6.1-999.45.el9.noarch.rpm
iwl135-firmware-18.168.6.1-999.45.el9.noarch.rpm
iwl2000-firmware-18.168.6.1-999.45.el9.noarch.rpm
iwl2030-firmware-18.168.6.1-999.45.el9.noarch.rpm
iwl3160-firmware-25.30.13.0-999.45.el9.noarch.rpm
iwl3945-firmware-15.32.2.9-999.45.el9.noarch.rpm
iwl4965-firmware-228.61.2.24-999.45.el9.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.45.el9.noarch.rpm
iwl5150-firmware-8.24.2.2-999.45.el9.noarch.rpm
iwl6000-firmware-9.221.4.1-999.45.el9.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.45.el9.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.45.el9.noarch.rpm
iwl6050-firmware-41.28.5.1-999.45.el9.noarch.rpm
iwl7260-firmware-25.30.13.0-999.45.el9.noarch.rpm
iwlax2xx-firmware-20251110-999.45.el9.noarch.rpm
libertas-sd8686-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm
libertas-sd8787-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm
libertas-usb8388-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm
libertas-usb8388-olpc-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm
linux-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm
linux-firmware-core-20251110-999.45.gitc0af6c70.el9.noarch.rpm
linux-firmware-whence-20251110-999.45.gitc0af6c70.el9.noarch.rpm
liquidio-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm
netronome-firmware-20251110-999.45.gitc0af6c70.el9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/linux-firmware-20251110-999.45.gitc0af6c70.el9.src.rpm

Description of changes:

[20251110-999.45.gitc0af6c70.el9]
- Rebase to latest upstream [Orabug: 38523856]
- Include AMD ucode fix [Orabug: 38523856] {CVE-2025-62626}

ELSA-2025-28048 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-28048

http://linux.oracle.com/errata/ELSA-2025-28048.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-315.196.5.1.el8uek.x86_64.rpm
kernel-uek-5.15.0-315.196.5.1.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-315.196.5.1.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-315.196.5.1.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-315.196.5.1.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-315.196.5.1.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-315.196.5.1.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-315.196.5.1.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-315.196.5.1.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-315.196.5.1.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-315.196.5.1.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-315.196.5.1.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-315.196.5.1.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-315.196.5.1.el8uek.x86_64.rpm

aarch64:
bpftool-5.15.0-315.196.5.1.el8uek.aarch64.rpm
kernel-uek-5.15.0-315.196.5.1.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-315.196.5.1.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-315.196.5.1.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-315.196.5.1.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-315.196.5.1.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-315.196.5.1.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-315.196.5.1.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-315.196.5.1.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-315.196.5.1.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-315.196.5.1.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-315.196.5.1.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-315.196.5.1.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-315.196.5.1.el8uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-315.196.5.1.el8uek.src.rpm

Related CVEs:

CVE-2024-43876
CVE-2024-43877
CVE-2025-22058
CVE-2025-23143
CVE-2025-38678
CVE-2025-39880
CVE-2025-39883
CVE-2025-39885
CVE-2025-39911
CVE-2025-39913
CVE-2025-39923
CVE-2025-39945
CVE-2025-39949
CVE-2025-39953
CVE-2025-39955
CVE-2025-39964
CVE-2025-39967
CVE-2025-39968
CVE-2025-39969
CVE-2025-39970
CVE-2025-39971
CVE-2025-39972
CVE-2025-39973
CVE-2025-39980
CVE-2025-39993
CVE-2025-39994
CVE-2025-39996
CVE-2025-39998
CVE-2025-40001
CVE-2025-40006
CVE-2025-40011
CVE-2025-40018
CVE-2025-40019
CVE-2025-40020
CVE-2025-40021
CVE-2025-40022
CVE-2025-40026
CVE-2025-40027
CVE-2025-40030
CVE-2025-40035
CVE-2025-40042
CVE-2025-40044
CVE-2025-40048
CVE-2025-40049
CVE-2025-40053
CVE-2025-40055
CVE-2025-40070
CVE-2025-40078
CVE-2025-40081
CVE-2025-40085
CVE-2025-40087
CVE-2025-40092
CVE-2025-40094
CVE-2025-40105
CVE-2025-40109
CVE-2025-40111
CVE-2025-40115
CVE-2025-40118
CVE-2025-40120
CVE-2025-40121
CVE-2025-40125
CVE-2025-40134
CVE-2025-40140
CVE-2025-40153
CVE-2025-40154
CVE-2025-40167
CVE-2025-40171
CVE-2025-40173
CVE-2025-40178
CVE-2025-40179
CVE-2025-40183
CVE-2025-40186
CVE-2025-40187
CVE-2025-40190
CVE-2025-40194
CVE-2025-40197
CVE-2025-40200
CVE-2025-40204
CVE-2025-40205

Description of changes:

[5.15.0-315.196.5.1]
- netfilter: nf_tables: reject duplicate device on updates (Pablo Neira Ayuso) [Orabug: 38744086] {CVE-2025-38678}
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38744084]
- rtc: expose RTC_FEATURE_UPDATE_INTERRUPT (Alexandre Belloni) [Orabug: 38744082]

[5.15.0-315.196.5]
- uek-rpm: add "bpf" to CONFIG_LSM (Alan Maguire) [Orabug: 35653191]
- Revert "cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry" (Samasth Norway Ananda) [Orabug: 38613264]

[5.15.0-315.196.4]
- net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506368]

[5.15.0-315.196.3]
- KVM: VMX: Intercept reads to invalid and write-only x2APIC registers (Sean Christopherson) [Orabug: 38535186]
- KVM: VMX: Always intercept accesses to unsupported "extended" x2APIC regs (Sean Christopherson) [Orabug: 38535186]
- KVM: x86: Split out logic to generate "readable" APIC regs mask to helper (Sean Christopherson) [Orabug: 38535186]
- KVM: x86: Mark x2APIC DFR reg as non-existent for x2APIC (Sean Christopherson) [Orabug: 38535186]
- uek-rpm/ol9/config-mips64-emb: Enable NF_TABLES for MIPS64 (Vijay Kumar) [Orabug: 38578981]
- LTS version: v5.15.196 (Vijayendra Suman)
- PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (Marek Vasut) [Orabug: 38641258] {CVE-2024-43876}
- net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg (Zhengchao Shao)
- usb: gadget: f_acm: Refactor bind path to use __free() (Kuen-Han Tsai) [Orabug: 38601854] {CVE-2025-40094}
- usb: gadget: f_ncm: Refactor bind path to use __free() (Kuen-Han Tsai) [Orabug: 38601837] {CVE-2025-40092}
- usb: gadget: Introduce free_usb_request helper (Kuen-Han Tsai)
- usb: gadget: Store endpoint pointer in usb_request (Kuen-Han Tsai)
- arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (Kaushlendra Kumar)
- xfs: always warn about deprecated mount options (Darrick J. Wong)
- devcoredump: Fix circular locking dependency with devcd->mutex. (Maarten Lankhorst)
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (Niklas Cassel)
- PCI: rcar-host: Drop PMSR spinlock (Marek Vasut)
- PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() (Marek Vasut)
- PCI: tegra194: Handle errors in BPMP response (Vidya Sagar)
- f2fs: fix wrong block mapping for multi-devices (Jaegeuk Kim)
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601818] {CVE-2025-40087}
- vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601923] {CVE-2025-40105}
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (Gui-Dong Han)
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (Marek Vasut)
- wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again (Muhammad Usama Anjum)
- PCI: j721e: Fix programming sequence of "strap" settings (Siddharth Vadapalli)
- PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists (Siddharth Vadapalli)
- fuse: fix livelock in synchronous file put from fuseblk workers (Darrick J. Wong)
- fuse: allocate ff->release_args only if release is needed (Amir Goldstein)
- padata: Reset next CPU when reorder sequence wraps around (Xiao Liang)
- iio: imu: inv_icm42600: Simplify pm_runtime setup (Sean Nyekjaer)
- PM: runtime: Add new devm functions (Csókás Bence)
- iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended (Sean Nyekjaer)
- iio: imu: inv_icm42600: use = { } instead of memset() (David Lechner)
- NFSD: Fix last write offset handling in layoutcommit (Sergey Bashirov)
- NFSD: Minor cleanup in layoutcommit processing (Sergey Bashirov)
- NFSD: Rework encoding and decoding of nfsd4_deviceid (Sergey Bashirov)
- xfs: fix log CRC mismatches between i386 and other architectures (Christoph Hellwig)
- xfs: rename the old_crc variable in xlog_recover_process (Christoph Hellwig)
- s390/cio: Update purge function to unregister the unused subchannels (Vineeth Vijayan)
- arm64: cputype: Add Neoverse-V3AE definitions (Mark Rutland)
- serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (Florian Eckert)
- most: usb: hdm_probe: Fix calling put_device() before device initialization (Victoria Votokina)
- most: usb: Fix use-after-free in hdm_disconnect (Victoria Votokina)
- mei: me: add wildcat lake P DID (Alexander Usyskin)
- comedi: fix divide-by-zero in comedi_buf_munge() (Deepanshu Kartikey)
- binder: remove "invalid inc weak" check (Alice Ryhl)
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (Mathias Nyman)
- usb: raw-gadget: do not limit transfer length (Andrey Konovalov)
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (Tim Guttzeit)
- USB: serial: option: add Telit FN920C04 ECM compositions (Li Qingwu)
- USB: serial: option: add Quectel RG255C (Reinhard Speyerer)
- USB: serial: option: add UNISOC UIS7720 (Renjun Wang)
- net: ravb: Ensure memory write completes before ringing TX doorbell (Lad Prabhakar)
- net: usb: rtl8150: Fix frame padding (Michał Pecio)
- vsock: fix lock inversion in vsock_assign_transport() (Stefano Garzarella)
- ocfs2: clear extent cache after moving/defragmenting extents (Deepanshu Kartikey)
- MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering (Maciej W. Rozycki)
- Revert "cpuidle: menu: Avoid discarding useful information" (Rafael J. Wysocki)
- net: bonding: fix possible peer notify event loss or dup issue (Tonghao Zhang)
- sctp: avoid NULL dereference when chunk data buffer is missing (Alexey Simakov)
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (Huang, Ying)
- dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path (Ioana Ciornei)
- net: enetc: correct the value of ENETC_RXB_TRUESIZE (Wei Fang)
- rtnetlink: Allow deleting FDB entries in user namespace (Johannes Wiesboeck)
- net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del (Nikolay Aleksandrov)
- net: rtnetlink: add bulk delete support flag (Nikolay Aleksandrov)
- net: netlink: add NLM_F_BULK delete request modifier (Nikolay Aleksandrov)
- net: rtnetlink: use BIT for flag values (Nikolay Aleksandrov)
- net: rtnetlink: add helper to extract msg type's kind (Nikolay Aleksandrov)
- m68k: bitops: Fix find_*_bit() signatures (Geert Uytterhoeven)
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (Yangtao Li)
- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() (Viacheslav Dubeyko)
- dlm: check for defined force value in dlm_lockspace_release (Alexander Aring)
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (Viacheslav Dubeyko)
- hfs: validate record offset in hfsplus_bmap_alloc (Yang Chenzhi)
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (Viacheslav Dubeyko)
- hfs: make proper initalization of struct hfs_find_data (Viacheslav Dubeyko)
- hfs: clear offset and space out of valid records in b-tree node (Viacheslav Dubeyko)
- nios2: ensure that memblock.current_limit is set when setting pfn limits (Simon Schuster)
- exec: Fix incorrect type for ret (Xichao Zhao)
- PCI/sysfs: Ensure devices are powered for config reads (part 2) (Brian Norris)
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (Viacheslav Dubeyko)
- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (Jiaming Zhang) [Orabug: 38597093] {CVE-2025-40085}
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (Randy Dunlap)
- sched/fair: Fix pelt lost idle time detection (Vincent Guittot)
- sched/balancing: Rename newidle_balance() => sched_balance_newidle() (Ingo Molnar)
- drm/amd/powerplay: Fix CIK shutdown temperature (Timur Kristóf)
- net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (I Viswanath)
- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (Oleksij Rempel)
- net: usb: use eth_hw_addr_set() instead of ether_addr_copy() (Jakub Kicinski)
- tls: don't rely on tx_work during send() (Sabrina Dubroca)
- tls: always set record_type in tls_process_cmsg (Sabrina Dubroca)
- tls: wait for async encrypt in case of error during latter iterations of sendmsg (Sabrina Dubroca)
- net: tls: wait for async completion on last message (Sascha Hauer)
- tg3: prevent use of uninitialized remote_adv and local_adv variables (Alexey Simakov)
- tcp: fix tcp_tso_should_defer() vs large RTT (Eric Dumazet)
- amd-xgbe: Avoid spurious link down messages during interface toggle (Raju Rangoju)
- net/ip6_tunnel: Prevent perpetual tunnel growth (Dmitry Safonov) [Orabug: 38649259] {CVE-2025-40173}
- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (Linmao Li)
- doc: fix seg6_flowlabel path (Nicolas Dichtel)
- net: dlink: handle dma_map_single() failure properly (Moon Yeounsu)
- can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() (Marc Kleine-Budde)
- dax: skip read lock assertion for read-only filesystems (Yuezhang Mo)
- HID: multitouch: fix sticky fingers (Benjamin Tissoires)
- cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (Rafael J. Wysocki)
- crypto: rockchip - Fix dma_unmap_sg() nents value (Thomas Fourier)
- drm/exynos: exynos7_drm_decon: remove ctx->suspended (Kaustabh Chakraborty)
- drm/exynos: exynos7_drm_decon: properly clear channels during bind (Kaustabh Chakraborty)
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (Kaustabh Chakraborty)
- blk-crypto: fix missing blktrace bio split events (Yu Kuai)
- media: lirc: Fix error handling in lirc_register() (Ma Ke)
- media: rc: Directly use ida_free() (Keliu)
- media: s5p-mfc: remove an unused/uninitialized variable (Arnd Bergmann)
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (Filipe Manana)
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination (Deepanshu Kartikey) [Orabug: 38649222] {CVE-2025-40167}
- jbd2: ensure that all ongoing I/O complete before freeing blocks (Zhang Yi)
- r8152: add error handling in rtl8152_driver_init (Yi Cong)
- LTS version: v5.15.195 (Vijayendra Suman)
- selftests: mptcp: join: validate C-flag + def limit (Matthieu Baerts)
- mptcp: pm: in-kernel: usable client side with C-flag (Matthieu Baerts)
- media: pci: ivtv: Add check for DMA map result (Mikhail Kobuk) [Orabug: 38641260] {CVE-2024-43877}
- xen/events: Update virq_to_irq on migration (Jason Andryuk)
- media: pci: ivtv: Add missing check after DMA map (Thomas Fourier)
- media: pci/ivtv: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (Catalin Marinas)
- media: cx18: Add missing check after DMA map (Thomas Fourier)
- media: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- writeback: Avoid excessively long inode switching times (Jan Kara)
- writeback: Avoid softlockup when switching many inodes (Jan Kara)
- cramfs: Verify inode mode when loading from disk (Tetsuo Handa)
- fs: Add 'initramfs_options' to set initramfs mount options (Lichen Liu)
- pid: Add a judgment for ns null in pid_nr_ns (Gaoxiang17) [Orabug: 38649275] {CVE-2025-40178}
- minixfs: Verify inode mode when loading from disk (Tetsuo Handa)
- minmax.h: remove some #defines that are only expanded once (David Laight)
- minmax.h: simplify the variants of clamp() (David Laight)
- minmax.h: move all the clamp() definitions after the min/max() ones (David Laight)
- minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() (David Laight)
- minmax.h: reduce the #define expansion of min(), max() and clamp() (David Laight)
- minmax.h: update some comments (David Laight)
- minmax.h: add whitespace around operators and after commas (David Laight)
- minmax: fix up min3() and max3() too (Linus Torvalds)
- minmax: improve macro expansion and type checking (Linus Torvalds)
- minmax: simplify min()/max()/clamp() implementation (Linus Torvalds)
- minmax: don't use max() in situations that want a C constant expression (Linus Torvalds)
- minmax: make generic MIN() and MAX() macros available everywhere (Linus Torvalds)
- minmax: simplify and clarify min_t()/max_t() implementation (Linus Torvalds)
- minmax: add a few more MIN_T/MAX_T users (Linus Torvalds)
- minmax: avoid overly complicated constant expressions in VM code (Linus Torvalds)
- minmax: fix indentation of __cmp_once() and __clamp_once() (David Laight)
- minmax: deduplicate __unconst_integer_typeof() (Andy Shevchenko)
- minmax: Introduce {min,max}_array() (Herve Codina)
- arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees (Stephan Gerhold)
- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (Qu Wenruo)
- fscontext: do not consume log entries when returning -EMSGSIZE (Aleksa Sarai)
- dm: fix NULL pointer dereference in __dm_suspend() (Zheng Qixing) [Orabug: 38649056] {CVE-2025-40134}
- tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592032] {CVE-2025-40042}
- ksmbd: fix error code overwriting in smb2_get_info_filesystem() (Matvey Kovalev)
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (Oleksij Rempel) [Orabug: 38649002] {CVE-2025-40120}
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (Hans de Goede)
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (Andy Shevchenko)
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (Hans de Goede)
- media: mc: Clear minor number before put device (Edward Adam Davis) [Orabug: 38649397] {CVE-2025-40197}
- Squashfs: reject negative file sizes in squashfs_read_inode() (Phillip Lougher) [Orabug: 38649424] {CVE-2025-40200}
- Squashfs: add additional inode sanity checking (Phillip Lougher)
- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (Ma Ke)
- ASoC: codecs: wcd934x: Simplify with dev_err_probe (Krzysztof Kozlowski)
- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug: 38591958] {CVE-2025-40026}
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (Nathan Chancellor)
- ext4: free orphan info with kvfree (Jan Kara)
- ext4: guard against EA inode refcount underflow in xattr update (Ahmet Eray Karadag) [Orabug: 38649329] {CVE-2025-40190}
- ext4: correctly handle queries for metadata mappings (Ojaswin Mujoo)
- ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() (Yongjian Sun)
- ext4: verify orphan file size is not too big (Jan Kara) [Orabug: 38649284] {CVE-2025-40179}
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia)
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (Thorsten Blum)
- mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations (Thadeu Lima de Souza Cascardo)
- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) (Sean Christopherson)
- x86/umip: Check that the instruction opcode is at least two bytes (Sean Christopherson)
- spi: cadence-quadspi: Flush posted register writes before DAC access (Pratyush Yadav)
- spi: cadence-quadspi: Flush posted register writes before INDAC access (Pratyush Yadav)
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (Niklas Cassel)
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (Siddharth Vadapalli)
- PCI/AER: Support errors introduced by PCIe r6.0 (Lukas Wunner)
- PCI/AER: Fix missing uevent on recovery when a reset is requested (Niklas Schnelle)
- PCI/ERR: Fix uevent on failure to recover (Lukas Wunner)
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (Niklas Schnelle)
- PCI/sysfs: Ensure devices are powered for config reads (Brian Norris)
- rseq/selftests: Use weak symbol reference, not definition, to link with glibc (Sean Christopherson)
- rtc: interface: Fix long-standing race when setting alarm (Esben Haabendal)
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (Esben Haabendal)
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (Zhen Ni)
- mmc: core: SPI mode remove cmd7 (Rex Chen)
- mtd: rawnand: fsmc: Default to autodetect buswidth (Linus Walleij)
- sparc: fix error handling in scan_one_device() (Ma Ke)
- sparc64: fix hugetlb for sun4u (Anthony Yznaga)
- sctp: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 38649450] {CVE-2025-40204}
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (Thorsten Blum)
- pwm: berlin: Fix wrong register in suspend/resume (Jisheng Zhang)
- powerpc/pseries/msi: Fix potential underflow and leak issue (Nam Cao)
- powerpc/powernv/pci: Fix underflow and leak issue (Nam Cao)
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (Georg Gottleuber)
- parisc: don't reference obsolete termio struct for TC* constants (Sam James)
- openat2: don't trigger automounts with RESOLVE_NO_XDEV (Askar Safin)
- lib/genalloc: fix device leak in of_gen_pool_get() (Johan Hovold)
- KEYS: trusted_tpm1: Compare HMAC values in constant time (Eric Biggers)
- iommu/vt-d: PRS isn't usable if PDS isn't supported (Lu Baolu)
- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (Sean Nyekjaer)
- init: handle bootloader identifier in kernel parameters (Huacai Chen)
- iio: frequency: adf4350: Fix prescaler usage. (Michael Hennerich)
- iio: dac: ad5421: use int type to store negative error codes (Rong Qianfeng)
- iio: dac: ad5360: use int type to store negative error codes (Rong Qianfeng)
- fs/ntfs3: Fix a resource leak bug in wnd_extend() (Haoxiang Li)
- crypto: atmel - Fix dma_unmap_sg() direction (Thomas Fourier)
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (Rafael J. Wysocki) [Orabug: 38649365] {CVE-2025-40194}
- copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) (Simon Schuster)
- bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (Adam Xue)
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (Anderson Nascimento) [Orabug: 38649461] {CVE-2025-40205}
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (Shuhao Fu)
- media: i2c: mt9v111: fix incorrect type for ret (Rong Qianfeng)
- firmware: meson_sm: fix device leak at probe (Johan Hovold)
- xen/manage: Fix suspend error path (Lukas Wunner)
- xen/events: Cleanup find_virq() return codes (Jason Andryuk)
- ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init (Miaoqian Lin)
- arm64: dts: qcom: msm8916: Add missing MDSS reset (Stephan Gerhold)
- ACPI: debug: fix signedness issues in read/write helpers (Amir Mohammad Jahangirzad)
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (Daniel Tang)
- bpf: Avoid RCU context warning when unpinning htab with internal structs (Kafai Wan)
- gpio: wcd934x: mark the GPIO controller as sleeping (Bartosz Golaszewski)
- gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells (Andy Shevchenko)
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (Gunnar Kudrjavets)
- crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38581454] {CVE-2025-40019}
- bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() (Eric Woudstra)
- drm/amd/display: Properly disable scaling on DCE6 (Timur Kristóf)
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (Timur Kristóf)
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (Timur Kristóf)
- drm/amdgpu: Add additional DCE6 SCL registers (Alex Deucher)
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (Daniel Borkmann) [Orabug: 38649299] {CVE-2025-40183}
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (Harini T)
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (Harini T)
- tools build: Align warning options with perf (Leo Yan)
- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe (Erick Karanja)
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Kuniyuki Iwashima) [Orabug: 38649578] {CVE-2025-40186}
- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (Alexandr Sapozhnikov) [Orabug: 38649311] {CVE-2025-40187}
- drm/vmwgfx: Fix Use-after-free in validation (Ian Forbes) [Orabug: 38643545] {CVE-2025-40111}
- drm/vmwgfx: Copy DRM hash-table code into driver (Thomas Zimmermann)
- s390/cio: unregister the subchannel while purging (Vineeth Vijayan)
- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() (Dan Carpenter)
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557653] {CVE-2025-40001}
- scsi: mvsas: Use sas_task_find_rq() for tagging (John Garry)
- scsi: mvsas: Delete mvs_tag_init() (John Garry)
- scsi: libsas: Add sas_task_find_rq() (John Garry)
- cpufreq: tegra186: Set target frequency for all cpus in policy (Aaron Kling)
- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver (Alok Tiwari)
- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() (Brian Masney)
- perf session: Fix handling when buffer exceeds 2 GiB (Leo Yan)
- rtc: x1205: Fix Xicor X1205 vendor prefix (Rob Herring)
- perf util: Fix compression checks returning -1 as bool (Yunseong Kim)
- clk: at91: peripheral: fix return value (Brian Masney)
- libperf event: Ensure tracing data is multiple of 8 sized (Ian Rogers)
- perf evsel: Avoid container_of on a NULL leader (Ian Rogers)
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (Michael Hennerich)
- clocksource/drivers/clps711x: Fix resource leaks in error paths (Zhen Ni)
- fs: always return zero on success from replace_fd() (Thomas Weißschuh)
- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (Miaoqian Lin)
- bus: fsl-mc: Check return value of platform_get_resource() (Salah Triki)
- pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug: 38591980] {CVE-2025-40030}
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38592000] {CVE-2025-40035}
- Input: atmel_mxt_ts - allow reset GPIO to sleep (Marek Vasut)
- nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() (Guangshuo Li)
- mm: hugetlb: avoid soft lockup when mprotect to large memory area (Yang Shi) [Orabug: 38649149] {CVE-2025-40153}
- ext4: fix checks for orphan inodes (Jan Kara)
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (Bartosz Golaszewski)
- net: nfc: nci: Add parameter validation for packet data (Deepak Sharma)
- fs: udf: fix OOB read in lengthAllocDescs handling (Larshin Sergey) [Orabug: 38592047] {CVE-2025-40044}
- uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592066] {CVE-2025-40048}
- Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592076] {CVE-2025-40049}
- net: dlink: handle copy_thresh allocation failure (Moon Yeounsu) [Orabug: 38592097] {CVE-2025-40053}
- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable (Kohei Enju)
- nfp: fix RSS hash key size when RSS is not supported (Kohei Enju)
- drivers/base/node: fix double free in register_one_node() (Donet Tom)
- ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592109] {CVE-2025-40055}
- hwrng: ks-sa - fix division by zero in ks_sa_rng_init (Nishanth Menon)
- Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (Luiz Augusto von Dentz)
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (I Viswanath) [Orabug: 38649095] {CVE-2025-40140}
- RDMA/siw: Always report immediate post SQ errors (Bernard Metzler)
- usb: vhci-hcd: Prevent suspending virtually attached devices (Cristian Ciocaltea)
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (Ranjan Kumar) [Orabug: 38648980] {CVE-2025-40115}
- ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug: 38581444] {CVE-2025-40018}
- NFSv4.1: fix backchannel max_resp_sz verification check (Anthony Iliopoulos)
- coresight: trbe: Return NULL pointer for allocation failures (Leo Yan)
- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice (Stephan Gerhold)
- sparc: fix accurate exception reporting in copy_{from,to}_user for M7 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_to_user for Niagara 4 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC (Michael Karcher)
- wifi: ath10k: avoid unnecessary wait for service ready message (Baochen Qiang)
- Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram (Bagas Sanjaya)
- IB/sa: Fix sa_local_svc_timeout_ms read race (Vlad Dumitrescu)
- RDMA/core: Resolve MAC of next-hop device without ARP support (Parav Pandit)
- Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" (Michał Pecio)
- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (Rong Qianfeng)
- scsi: qla2xxx: edif: Fix incorrect sign of error code (Rong Qianfeng)
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (Colin Ian King)
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (Abdun Nihaal)
- RDMA/cm: Rate limit destroy CM ID timeout error message (Håkon Bugge)
- drivers/base/node: handle error properly in register_one_node() (Donet Tom)
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (Christophe Leroy)
- netfilter: ipset: Remove unused htable_bits in macro ahash_region (Zhen Ni)
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (Hans de Goede)
- fs: ntfs3: Fix integer overflow in run_unpack() (Vitaly Grigoryev)
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (Takashi Iwai) [Orabug: 38649006] {CVE-2025-40121}
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (Takashi Iwai) [Orabug: 38649156] {CVE-2025-40154}
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (Takashi Iwai)
- pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592169] {CVE-2025-40070}
- misc: genwqe: Fix incorrect cmd field being reported in error (Colin Ian King)
- usb: gadget: configfs: Correctly set use_os_string at bind (William Wu)
- usb: phy: twl6030: Fix incorrect type for ret (Xichao Zhao)
- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (Rong Qianfeng)
- tcp: fix __tcp_close() to only send RST when required (Eric Dumazet)
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (Alok Tiwari)
- wifi: mwifiex: send world regulatory domain to driver (Stefan Kerkmann)
- drm/amdgpu: Power up UVD 3 for FW validation (v2) (Timur Kristóf)
- ALSA: lx_core: use int type to store negative error codes (Rong Qianfeng)
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (Zhang Shurong)
- scsi: myrs: Fix dma_alloc_coherent() error check (Thomas Fourier)
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (Niklas Cassel) [Orabug: 38649566] {CVE-2025-40118}
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (Dan Carpenter)
- drm/radeon/r600_cs: clean up of dead code in r600_cs (Brahmajit Das)
- i2c: designware: Add disabling clocks when probe fails (Kunihiko Hayashi)
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (Leilk Liu)
- thermal/drivers/qcom/lmh: Add missing IRQ includes (Dmitry Baryshkov)
- thermal/drivers/qcom: Make LMH select QCOM_SCM (Dmitry Baryshkov)
- tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers (Zhouyi Zhou)
- smp: Fix up and expand the smp_call_function_many() kerneldoc (Rafael J. Wysocki)
- bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592204] {CVE-2025-40078}
- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported (Akhilesh Patil)
- i3c: master: svc: Recycle unused IBI slot (Stanley Chu)
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (Daniel Wagner) [Orabug: 38649248] {CVE-2025-40171}
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (Uwe Kleine-König)
- arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible (AngeloGioacchino Del Regno)
- firmware: firmware: meson-sm: fix compile-test default (Johan Hovold)
- pinctrl: renesas: Use int type to store negative error codes (Rong Qianfeng)
- PM: sleep: core: Clear power.must_resume in noirq suspend error path (Rafael J. Wysocki)
- block: use int to store blk_stack_limits() return value (Rong Qianfeng)
- regulator: scmi: Use int type to store negative error codes (Rong Qianfeng)
- ARM: at91: pm: fix MCKx restore routine (Nicolas Ferre)
- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (Li Nan) [Orabug: 38649025] {CVE-2025-40125}
- pinctrl: meson-gxl: add missing i2c_d pinmux (Da Xue)
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (Sneh Mankad)
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (Huisong Li)
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (Florian Fainelli)
- libbpf: Fix reuse of DEVMAP (Yureka Lilian)
- regmap: Remove superfluous check for !config in __regmap_init() (Geert Uytterhoeven)
- x86/vdso: Fix output operand size of RDPID (Uros Bizjak)
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592220] {CVE-2025-40081}
- coresight: trbe: Prevent overflow in PERF_IDX2OFF() (Leo Yan)
- selftests: arm64: Check fread return value in exec_target (Bala-Vignesh-Reddy)
- filelock: add FL_RECLAIM to show_fl_flags() macro (Jeff Layton)
- net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591964] {CVE-2025-40027}
- minmax: add in_range() macro (Matthew Wilcox)
- crypto: rng - Ensure set_ent is always present (Herbert Xu) [Orabug: 38643530] {CVE-2025-40109}
- platform/x86: int3472: Check for adev == NULL (Hans de Goede)
- driver core/PM: Set power.no_callbacks along with power.no_pm (Rafael J. Wysocki)
- staging: axis-fifo: flush RX FIFO on read errors (Ovidiu Panait)
- staging: axis-fifo: fix maximum TX packet length check (Ovidiu Panait)
- serial: stm32: allow selecting console when the driver is module (Raphaël Gallais-Pou)
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (Arnaud Lecomte)
- perf subcmd: avoid crash in exclude_cmds when excludes is empty (Hupu)
- dm-integrity: limit MAX_TAG_SIZE to 255 (Mikulas Patocka)
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 (Bitterblue Smith)
- USB: serial: option: add SIMCom 8230C compositions (Xiaowei Li)
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (Duoming Zhou)
- media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou) [Orabug: 38548036] {CVE-2025-39994}
- media: tunner: xc5000: Refactor firmware load (Ricardo Ribalda)
- udp: Fix memory accounting leak. (Kuniyuki Iwashima) [Orabug: 37844324] {CVE-2025-22058}
- KVM: arm64: Fix softirq masking in FPSIMD register saving sequence (Will Deacon) [Orabug: 38513233]
- media: rc: fix races with imon_disconnect() (Larshin Sergey) [Orabug: 38548026] {CVE-2025-39993}
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou) [Orabug: 38548050] {CVE-2025-39996}
- scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran) [Orabug: 38548058] {CVE-2025-39998}
- LTS version: v5.15.194 (Vijayendra Suman)
- drm/i915/backlight: Return immediately when scale() finds invalid parameters (Guenter Roeck)
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38547951,38603025,38607608] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder)
- i40e: fix idx validation in config queues msg (Lukasz Czapnik) [Orabug: 38547937] {CVE-2025-39971}
- i40e: fix validation of VF state in get resources (Lukasz Czapnik) [Orabug: 38547928] {CVE-2025-39969}
- mm/hugetlb: fix folio is still mapped when deleted (Tu Jinjiang) [Orabug: 38560480] {CVE-2025-40006}
- mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (David Hildenbrand)
- fbcon: Fix OOB access in font allocation (Thomas Zimmermann)
- fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda) [Orabug: 38547912] {CVE-2025-39967}
- tracing: dynevent: Add a missing lockdown check on dynevent (Masami Hiramatsu) [Orabug: 38581470] {CVE-2025-40021}
- i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik)
- i40e: add max boundary check for VF filters (Lukasz Czapnik) [Orabug: 38547922] {CVE-2025-39968}
- i40e: fix input validation logic for action_meta (Lukasz Czapnik) [Orabug: 38547932] {CVE-2025-39970}
- i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik) [Orabug: 38547945] {CVE-2025-39972}
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38641289] {CVE-2025-40022}
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537468,38575792,38575804] {CVE-2025-39964}
- drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita) [Orabug: 38560495] {CVE-2025-40011}
- net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port (Vladimir Oltean)
- net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup() (Vladimir Oltean)
- net: dsa: lantiq_gswip: do also enable or disable cpu port (Martin Schiller)
- selftests: fib_nexthops: Fix creation of non-FDB nexthops (Ido Schimmel)
- nexthop: Forbid FDB status change while nexthop is in a group (Ido Schimmel) [Orabug: 38547971] {CVE-2025-39980}
- bnxt_en: correct offset handling for IPv6 destination address (Alok Tiwari)
- ethernet: rvu-af: Remove slash from the driver name (Petr Malat)
- can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean) [Orabug: 38581461] {CVE-2025-40020}
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: etas_es58x: sort the includes by alphabetic order (Vincent Mailhol)
- can: etas_es58x: advertise timestamping capabilities and add ioctl support (Vincent Mailhol)
- can: dev: add generic function can_eth_ioctl_hwts() (Vincent Mailhol)
- can: dev: add generic function can_ethtool_op_get_ts_info_hwts() (Vincent Mailhol)
- can: bittiming: replace CAN units with the generic ones from linux/units.h (Vincent Mailhol)
- can: bittiming: allow TDC{V,O} to be zero and add can_tdc_const::tdc{v,o,f}_min (Vincent Mailhol)
- bpf: Reject bpf_timer for PREEMPT_RT (Leon Hwang)
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven)
- arm64: dts: imx8mp: Correct thermal sensor index (Peng Fan)
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov)
- usb: core: Add 0x prefix to quirks debug output (Jiayi Li)
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai)
- ALSA: usb-audio: Convert comma to semicolon (Chen Ni)
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea)
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea)
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (Hans de Goede)
- net: rfkill: gpio: add DT support (Philipp Zabel)
- mptcp: propagate shutdown to subflows when possible (Matthieu Baerts)
- ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer (Namjae Jeon)
- mptcp: set remote_deny_join_id0 on SYN recv (Matthieu Baerts)
- phy: ti: omap-usb2: fix device leak at unbind (Johan Hovold)
- phy: Use device_get_match_data() (Rob Herring)
- phy: broadcom: ns-usb3: fix Wvoid-pointer-to-enum-cast warning (Krzysztof Kozlowski)
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (Alan Stern)
- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body (Jakob Koschel)
- xhci: dbc: Fix full DbC transfer ring after several reconnects (Mathias Nyman)
- xhci: dbc: decouple endpoint allocation from initialization (Mathias Nyman)
- serial: sc16is7xx: fix bug in flow control levels init (Hugo Villeneuve)
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (Qi Xi)
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (Loic Poulain)
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (Colin Ian King)
- ASoC: wm8974: Correct PLL rate rounding (Charles Keepax)
- ASoC: wm8940: Correct typo in control name (Charles Keepax)
- mmc: mvsdio: Fix dma_unmap_sg() nents value (Thomas Fourier)
- btrfs: tree-checker: fix the incorrect inode ref size check (Qu Wenruo)
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (H. Nikolaus Schaller)
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (H. Nikolaus Schaller)
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (Nathan Chancellor)
- cnic: Fix use-after-free bugs in cnic_delete_task (Duoming Zhou) [Orabug: 38503848] {CVE-2025-39945}
- net: liquidio: fix overflow in octeon_init_instr_queue() (Alexey Nepomnyashih)
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Kuniyuki Iwashima) [Orabug: 38526387] {CVE-2025-39955}
- i40e: remove redundant memory barrier when cleaning Tx descs (Maciej Fijalkowski)
- net: natsemi: fix rx_dropped double accounting on netif_rx() failure (Moon Yeounsu)
- qed: Don't collect too many protection override GRC elements (Jamie Bainbridge) [Orabug: 38503869] {CVE-2025-39949}
- dpaa2-switch: fix buffer pool seeding for control traffic (Ioana Ciornei)
- um: virtio_uml: Fix use-after-free after put_device in probe (Miaoqian Lin)
- cgroup: split cgroup_destroy_wq into 3 workqueues (Chen Ridong) [Orabug: 38503891] {CVE-2025-39953}
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch (Geert Uytterhoeven)
- wifi: mac80211: fix incorrect type for ret (Liao Yuanhong)
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (Takashi Sakamoto)
- net: hsr: hsr_slave: Fix the promiscuous mode in offload mode (Ravi Gunasekaran)
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Miaohe Lin) [Orabug: 38461847] {CVE-2025-39883}
- drm/i915/power: fix size for for_each_set_bit() in abox iteration (Jani Nikula)
- phy: ti-pipe3: fix device leak at unbind (Johan Hovold)
- phy: tegra: xusb: fix device and OF node leak at probe (Johan Hovold)
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (Stephan Gerhold) [Orabug: 38494821] {CVE-2025-39923}
- regulator: sy7636a: fix lifecycle of power good gpio (Andreas Kemnade)
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (Anders Roxell)
- hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr (Hangbin Liu)
- hsr: use rtnl lock when iterating over ports (Hangbin Liu)
- net: hsr: Add VLAN CTAG filter support (Murali Karicheri)
- net: hsr: Add support for MC filtering at the slave device (Murali Karicheri)
- net: hsr: Disable promiscuous mode in offload mode (Ravi Gunasekaran)
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (Anssi Hannula)
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (Tetsuo Handa)
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (Tetsuo Handa)
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (Michal Schmidt) [Orabug: 38494786] {CVE-2025-39911}
- i40e: Use irq_update_affinity_hint() (Nitesh Narayan Lal)
- igb: fix link test skipping when interface is admin down (Kohei Enju)
- tunnels: reset the GSO metadata before reusing the skb (Antoine Tenart)
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (Stefan Wahren)
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (Fabio Porcedda)
- dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks (Krzysztof Kozlowski)
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (Fabian Vogt)
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (Christoffer Sandberg)
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (Christophe Kerello)
- mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check (Jack Wang)
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (Alexander Sverdlin)
- mtd: nand: raw: atmel: Fix comment in timings preparation (Alexander Dahl)
- mm/khugepaged: fix the address passed to notifier on testing young (Wei Yang)
- libceph: fix invalid accesses to ceph_connection_v1_info (Ilya Dryomov) [Orabug: 38461836] {CVE-2025-39880}
- fuse: prevent overflow in copy_file_range return value (Miklos Szeredi)
- fuse: check if copy_file_range() returns larger than requested size (Miklos Szeredi)
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (Christophe Kerello)
- ocfs2: fix recursive semaphore deadlock in fiemap call (Mark Tinguely) [Orabug: 38461858] {CVE-2025-39885}
- mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN (Krister Johansen)
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined (Nathan Chancellor)
- EDAC/altera: Delete an inappropriate dma_free_coherent() call (Salah Triki)
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (Kuniyuki Iwashima) [Orabug: 38494796] {CVE-2025-39913}
- NFSv4/flexfiles: Fix layout merge mirror check. (Jonathan Curley)
- tracing: Fix tracing_marker may trigger page fault during preempt_disable (Luo Gengkun)
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (Trond Myklebust)
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (Trond Myklebust)
- mm/rmap: reject hugetlb folios in folio_make_device_exclusive() (David Hildenbrand)
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (Kuniyuki Iwashima) [Orabug: 37901603] {CVE-2025-23143}
- media: i2c: imx214: Fix link frequency validation (André Apitzsch)
- media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning (Arnd Bergmann)
- mm: introduce and use {pgd,p4d}_populate_kernel() (Harry Yoo)
- kunit: kasan_test: disable fortify string checker on kasan_strings() test (Levi Yun)
- xfs: short circuit xfs_growfs_data_private() if delta is zero (Eric Sandeen)
- Revert "fbdev: Disable sysfb device registration when removing conflicting FBs" (Brett A C Sheffield)

[5.15.0-315.193.2]
- KVM: x86: Don't unnecessarily force masterclock update on vCPU hotplug (Sean Christopherson) [Orabug: 38530514]
- KVM: x86: Expose TSC offset controls to userspace (Oliver Upton) [Orabug: 38530514]
- KVM: x86: Refactor tsc synchronization code (Oliver Upton) [Orabug: 38530514]
- kvm: x86: protect masterclock with a seqcount (Paolo Bonzini) [Orabug: 38530514]
- KVM: x86: Report host tsc and realtime values in KVM_GET_CLOCK (Oliver Upton) [Orabug: 38530514]
- KVM: x86: Fix potential race in KVM_GET_CLOCK (Oliver Upton) [Orabug: 38530514]
- KVM: x86: extract KVM_GET_CLOCK/KVM_SET_CLOCK to separate functions (Paolo Bonzini) [Orabug: 38530514]
- kvm: x86: abstract locking around pvclock_update_vm_gtod_copy (Paolo Bonzini) [Orabug: 38530514]
- Revert "KVM: x86: Don't unnecessarily force masterclock update on vCPU hotplug" (Dongli Zhang) [Orabug: 38530514]

[5.15.0-315.193.1]
- uek-rpm: Set KFENCE_SAMPLE_INTERVAL to 100. (Imran Khan) [Orabug: 38549476]
- uek-rpm: Enable CONFIG_COMPAT_32BIT_TIME for x86 container kernel (Boris Ostrovsky) [Orabug: 38540641]

ELSA-2025-28049 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-28049

http://linux.oracle.com/errata/ELSA-2025-28049.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.350.3.1.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.350.3.1.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.350.3.1.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.350.3.1.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.350.3.1.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.350.3.1.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.350.3.1.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.350.3.1.el8uek.src.rpm

Related CVEs:

CVE-2024-50022
CVE-2025-22058
CVE-2025-23143
CVE-2025-39883
CVE-2025-39885
CVE-2025-39911
CVE-2025-39913
CVE-2025-39923
CVE-2025-39945
CVE-2025-39953
CVE-2025-39955
CVE-2025-39967
CVE-2025-39968
CVE-2025-39969
CVE-2025-39970
CVE-2025-39971
CVE-2025-39972
CVE-2025-39973
CVE-2025-39993
CVE-2025-39994
CVE-2025-39995
CVE-2025-39996
CVE-2025-39998
CVE-2025-40001
CVE-2025-40006
CVE-2025-40011
CVE-2025-40018
CVE-2025-40019
CVE-2025-40020
CVE-2025-40026
CVE-2025-40027
CVE-2025-40030
CVE-2025-40035
CVE-2025-40042
CVE-2025-40044
CVE-2025-40048
CVE-2025-40049
CVE-2025-40055
CVE-2025-40070
CVE-2025-40078
CVE-2025-40081
CVE-2025-40087
CVE-2025-40105
CVE-2025-40111
CVE-2025-40115
CVE-2025-40118
CVE-2025-40125
CVE-2025-40134
CVE-2025-40140
CVE-2025-40153
CVE-2025-40167
CVE-2025-40173
CVE-2025-40178
CVE-2025-40186
CVE-2025-40187
CVE-2025-40190
CVE-2025-40194
CVE-2025-40197
CVE-2025-40198
CVE-2025-40200
CVE-2025-40204
CVE-2025-40205
CVE-2025-40219
CVE-2025-40233
CVE-2025-40240

Description of changes:

[5.4.17-2136.350.3.1]
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38744458]
- fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38744453]

[5.4.17-2136.350.3]
- net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506370]

[5.4.17-2136.350.2]
- LTS tag: v5.4.301 (Alok Tiwari)
- net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg (Zhengchao Shao)
- media: s5p-mfc: remove an unused/uninitialized variable (Arnd Bergmann)
- NFSD: Fix last write offset handling in layoutcommit (Sergey Bashirov)
- NFSD: Minor cleanup in layoutcommit processing (Sergey Bashirov)
- padata: Reset next CPU when reorder sequence wraps around (Xiao Liang)
- KEYS: trusted_tpm1: Compare HMAC values in constant time (Eric Biggers)
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601819] {CVE-2025-40087}
- vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601924] {CVE-2025-40105}
- jbd2: ensure that all ongoing I/O complete before freeing blocks (Zhang Yi)
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination (Deepanshu Kartikey) [Orabug: 38649223] {CVE-2025-40167}
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (Gui-Dong Han)
- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (Theodore Ts'O) [Orabug: 38649412] {CVE-2025-40198}
- spi: cadence-quadspi: Flush posted register writes before DAC access (Pratyush Yadav)
- spi: cadence-quadspi: Flush posted register writes before INDAC access (Pratyush Yadav)
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (Zhen Ni)
- memory: samsung: exynos-srom: Correct alignment (Krzysztof Kozlowski)
- arm64: errata: Apply workarounds for Neoverse-V3AE (Mark Rutland)
- arm64: cputype: Add Neoverse-V3AE definitions (Mark Rutland)
- comedi: fix divide-by-zero in comedi_buf_munge() (Deepanshu Kartikey)
- binder: remove "invalid inc weak" check (Alice Ryhl)
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (Mathias Nyman)
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (Tim Guttzeit)
- USB: serial: option: add Telit FN920C04 ECM compositions (Li Qingwu)
- USB: serial: option: add Quectel RG255C (Reinhard Speyerer)
- USB: serial: option: add UNISOC UIS7720 (Renjun Wang)
- net: ravb: Ensure memory write completes before ringing TX doorbell (Lad Prabhakar)
- net: usb: rtl8150: Fix frame padding (Michał Pecio)
- ocfs2: clear extent cache after moving/defragmenting extents (Deepanshu Kartikey) [Orabug: 38730547] {CVE-2025-40233}
- MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering (Maciej W. Rozycki)
- Revert "cpuidle: menu: Avoid discarding useful information" (Rafael J. Wysocki)
- net: bonding: fix possible peer notify event loss or dup issue (Tonghao Zhang)
- sctp: avoid NULL dereference when chunk data buffer is missing (Alexey Simakov) [Orabug: 38730567] {CVE-2025-40240}
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (Huang, Ying)
- net: enetc: correct the value of ENETC_RXB_TRUESIZE (Wei Fang)
- rtnetlink: Allow deleting FDB entries in user namespace (Johannes Wiesboeck)
- net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del (Nikolay Aleksandrov)
- net: add ndo_fdb_del_bulk (Nikolay Aleksandrov)
- net: rtnetlink: add bulk delete support flag (Nikolay Aleksandrov)
- net: netlink: add NLM_F_BULK delete request modifier (Nikolay Aleksandrov)
- net: rtnetlink: use BIT for flag values (Nikolay Aleksandrov)
- net: rtnetlink: add helper to extract msg type's kind (Nikolay Aleksandrov)
- net: rtnetlink: add msg kind names (Nikolay Aleksandrov)
- net: rtnetlink: remove redundant assignment to variable err (Colin Ian King)
- m68k: bitops: Fix find_*_bit() signatures (Geert Uytterhoeven)
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (Yangtao Li)
- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() (Viacheslav Dubeyko)
- dlm: check for defined force value in dlm_lockspace_release (Alexander Aring)
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (Viacheslav Dubeyko)
- hfs: validate record offset in hfsplus_bmap_alloc (Yang Chenzhi)
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (Viacheslav Dubeyko)
- hfs: make proper initalization of struct hfs_find_data (Viacheslav Dubeyko)
- hfs: clear offset and space out of valid records in b-tree node (Viacheslav Dubeyko)
- exec: Fix incorrect type for ret (Xichao Zhao)
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (Viacheslav Dubeyko)
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (Randy Dunlap)
- sched/fair: Fix pelt lost idle time detection (Vincent Guittot)
- sched/balancing: Rename newidle_balance() => sched_balance_newidle() (Ingo Molnar)
- sched/fair: Trivial correction of the newidle_balance() comment (Barry Song)
- sched: Make newidle_balance() static again (Chen Yu)
- tls: don't rely on tx_work during send() (Sabrina Dubroca)
- tls: always set record_type in tls_process_cmsg (Sabrina Dubroca)
- tg3: prevent use of uninitialized remote_adv and local_adv variables (Alexey Simakov)
- tcp: fix tcp_tso_should_defer() vs large RTT (Eric Dumazet)
- amd-xgbe: Avoid spurious link down messages during interface toggle (Raju Rangoju)
- net/ip6_tunnel: Prevent perpetual tunnel growth (Dmitry Safonov) [Orabug: 38649261] {CVE-2025-40173}
- net: dlink: handle dma_map_single() failure properly (Moon Yeounsu)
- net: dl2k: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- media: pci: ivtv: Add missing check after DMA map (Thomas Fourier)
- media: pci/ivtv: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- xen/events: Update virq_to_irq on migration (Jason Andryuk)
- media: lirc: Fix error handling in lirc_register() (Ma Ke)
- media: rc: Directly use ida_free() (Keliu)
- drm/exynos: exynos7_drm_decon: remove ctx->suspended (Kaustabh Chakraborty)
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (Anderson Nascimento) [Orabug: 38649463] {CVE-2025-40205}
- pwm: berlin: Fix wrong register in suspend/resume (Jisheng Zhang)
- media: cx18: Add missing check after DMA map (Thomas Fourier)
- xen/events: Cleanup find_virq() return codes (Jason Andryuk)
- cramfs: Verify inode mode when loading from disk (Tetsuo Handa)
- fs: Add 'initramfs_options' to set initramfs mount options (Lichen Liu)
- pid: Add a judgment for ns null in pid_nr_ns (Gaoxiang17) [Orabug: 38649276] {CVE-2025-40178}
- minixfs: Verify inode mode when loading from disk (Tetsuo Handa)
- tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592033] {CVE-2025-40042}
- dm: fix NULL pointer dereference in __dm_suspend() (Zheng Qixing) [Orabug: 38649057] {CVE-2025-40134}
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (Hans de Goede)
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (Andy Shevchenko)
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (Hans de Goede)
- Squashfs: reject negative file sizes in squashfs_read_inode() (Phillip Lougher) [Orabug: 38649425] {CVE-2025-40200}
- Squashfs: add additional inode sanity checking (Phillip Lougher)
- media: mc: Clear minor number before put device (Edward Adam Davis) [Orabug: 38649399] {CVE-2025-40197}
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (Bartosz Golaszewski)
- fs: udf: fix OOB read in lengthAllocDescs handling (Larshin Sergey) [Orabug: 38592048] {CVE-2025-40044}
- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug: 38591959] {CVE-2025-40026}
- net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591965] {CVE-2025-40027}
- ext4: guard against EA inode refcount underflow in xattr update (Ahmet Eray Karadag) [Orabug: 38649330] {CVE-2025-40190}
- ext4: correctly handle queries for metadata mappings (Ojaswin Mujoo)
- ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() (Yongjian Sun)
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia)
- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) (Sean Christopherson)
- x86/umip: Check that the instruction opcode is at least two bytes (Sean Christopherson)
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (Siddharth Vadapalli)
- PCI/AER: Fix missing uevent on recovery when a reset is requested (Niklas Schnelle)
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (Niklas Schnelle) [Orabug: 38730513] {CVE-2025-40219}
- rseq/selftests: Use weak symbol reference, not definition, to link with glibc (Sean Christopherson)
- rtc: interface: Fix long-standing race when setting alarm (Esben Haabendal)
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (Esben Haabendal)
- mmc: core: SPI mode remove cmd7 (Rex Chen)
- mtd: rawnand: fsmc: Default to autodetect buswidth (Linus Walleij)
- sparc: fix error handling in scan_one_device() (Ma Ke)
- sparc64: fix hugetlb for sun4u (Anthony Yznaga)
- sctp: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 38649451] {CVE-2025-40204}
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (Thorsten Blum)
- parisc: don't reference obsolete termio struct for TC* constants (Sam James)
- lib/genalloc: fix device leak in of_gen_pool_get() (Johan Hovold)
- iio: frequency: adf4350: Fix prescaler usage. (Michael Hennerich)
- iio: dac: ad5421: use int type to store negative error codes (Rong Qianfeng)
- iio: dac: ad5360: use int type to store negative error codes (Rong Qianfeng)
- crypto: atmel - Fix dma_unmap_sg() direction (Thomas Fourier)
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (Rafael J. Wysocki) [Orabug: 38649367] {CVE-2025-40194}
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (Shuhao Fu)
- media: i2c: mt9v111: fix incorrect type for ret (Rong Qianfeng)
- firmware: meson_sm: fix device leak at probe (Johan Hovold)
- xen/manage: Fix suspend error path (Lukas Wunner)
- arm64: dts: qcom: msm8916: Add missing MDSS reset (Stephan Gerhold)
- ACPI: debug: fix signedness issues in read/write helpers (Amir Mohammad Jahangirzad)
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (Daniel Tang)
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (Gunnar Kudrjavets)
- tpm, tpm_tis: Claim locality before writing interrupt registers (Lino Sanfilippo)
- crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38581456,38705546] {CVE-2025-40019}
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (Harini T)
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (Harini T)
- tools build: Align warning options with perf (Leo Yan)
- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe (Erick Karanja)
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Kuniyuki Iwashima) [Orabug: 38649579] {CVE-2025-40186}
- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (Alexandr Sapozhnikov) [Orabug: 38649313] {CVE-2025-40187}
- drm/vmwgfx: Fix Use-after-free in validation (Ian Forbes) [Orabug: 38643546] {CVE-2025-40111}
- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() (Dan Carpenter)
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557654] {CVE-2025-40001}
- scsi: mvsas: Use sas_task_find_rq() for tagging (John Garry)
- scsi: mvsas: Delete mvs_tag_init() (John Garry)
- scsi: libsas: Add sas_task_find_rq() (John Garry)
- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver (Alok Tiwari)
- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() (Brian Masney)
- perf session: Fix handling when buffer exceeds 2 GiB (Leo Yan)
- rtc: x1205: Fix Xicor X1205 vendor prefix (Rob Herring)
- perf util: Fix compression checks returning -1 as bool (Yunseong Kim)
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (Michael Hennerich)
- clocksource/drivers/clps711x: Fix resource leaks in error paths (Zhen Ni)
- pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug: 38591981] {CVE-2025-40030}
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38592002] {CVE-2025-40035}
- mm: hugetlb: avoid soft lockup when mprotect to large memory area (Yang Shi) [Orabug: 38649150] {CVE-2025-40153}
- uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592067] {CVE-2025-40048}
- Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592077] {CVE-2025-40049}
- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable (Kohei Enju)
- nfp: fix RSS hash key size when RSS is not supported (Kohei Enju)
- drivers/base/node: fix double free in register_one_node() (Donet Tom)
- ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592110] {CVE-2025-40055}
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (I Viswanath) [Orabug: 38649096] {CVE-2025-40140}
- RDMA/siw: Always report immediate post SQ errors (Bernard Metzler)
- usb: vhci-hcd: Prevent suspending virtually attached devices (Cristian Ciocaltea)
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (Ranjan Kumar) [Orabug: 38648982] {CVE-2025-40115}
- ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug: 38581446] {CVE-2025-40018}
- NFSv4.1: fix backchannel max_resp_sz verification check (Anthony Iliopoulos)
- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice (Stephan Gerhold)
- sparc: fix accurate exception reporting in copy_{from,to}_user for M7 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_to_user for Niagara 4 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC (Michael Karcher)
- IB/sa: Fix sa_local_svc_timeout_ms read race (Vlad Dumitrescu)
- RDMA/core: Resolve MAC of next-hop device without ARP support (Parav Pandit)
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (Abdun Nihaal)
- drivers/base/node: handle error properly in register_one_node() (Donet Tom)
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (Christophe Leroy)
- netfilter: ipset: Remove unused htable_bits in macro ahash_region (Zhen Ni)
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (Hans de Goede)
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (Takashi Iwai)
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (Takashi Iwai)
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (Takashi Iwai)
- pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592170] {CVE-2025-40070}
- misc: genwqe: Fix incorrect cmd field being reported in error (Colin Ian King)
- usb: gadget: configfs: Correctly set use_os_string at bind (William Wu)
- usb: phy: twl6030: Fix incorrect type for ret (Xichao Zhao)
- tcp: fix __tcp_close() to only send RST when required (Eric Dumazet)
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (Alok Tiwari)
- wifi: mwifiex: send world regulatory domain to driver (Stefan Kerkmann)
- ALSA: lx_core: use int type to store negative error codes (Rong Qianfeng)
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (Zhang Shurong)
- scsi: myrs: Fix dma_alloc_coherent() error check (Thomas Fourier)
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (Niklas Cassel) [Orabug: 38649567] {CVE-2025-40118}
- serial: max310x: Add error checking in probe() (Dan Carpenter)
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (Dan Carpenter)
- drm/radeon/r600_cs: clean up of dead code in r600_cs (Brahmajit Das)
- i2c: designware: Add disabling clocks when probe fails (Kunihiko Hayashi)
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (Leilk Liu)
- bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592205] {CVE-2025-40078}
- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported (Akhilesh Patil)
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (Uwe Kleine-König)
- block: use int to store blk_stack_limits() return value (Rong Qianfeng)
- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (Li Nan) [Orabug: 38649026] {CVE-2025-40125}
- pinctrl: meson-gxl: add missing i2c_d pinmux (Da Xue)
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (Sneh Mankad)
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (Huisong Li)
- regmap: Remove superfluous check for !config in __regmap_init() (Geert Uytterhoeven)
- x86/vdso: Fix output operand size of RDPID (Uros Bizjak)
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592223] {CVE-2025-40081}
- driver core/PM: Set power.no_callbacks along with power.no_pm (Rafael J. Wysocki)
- staging: axis-fifo: flush RX FIFO on read errors (Ovidiu Panait)
- staging: axis-fifo: fix maximum TX packet length check (Ovidiu Panait)
- perf subcmd: avoid crash in exclude_cmds when excludes is empty (Hupu)
- dm-integrity: limit MAX_TAG_SIZE to 255 (Mikulas Patocka)
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 (Bitterblue Smith)
- USB: serial: option: add SIMCom 8230C compositions (Xiaowei Li)
- media: rc: fix races with imon_disconnect() (Larshin Sergey) [Orabug: 38548027] {CVE-2025-39993}
- media: imon: grab lock earlier in imon_ir_change_protocol() (Tetsuo Handa)
- media: imon: reorganize serialization (Tetsuo Handa)
- media: rc: Add support for another iMON 0xffdc device (Flavius Georgescu)
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (Duoming Zhou) [Orabug: 38548044] {CVE-2025-39995}
- media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou) [Orabug: 38548037] {CVE-2025-39994}
- media: tunner: xc5000: Refactor firmware load (Ricardo Ribalda)
- udp: Fix memory accounting leak. (Kuniyuki Iwashima) [Orabug: 37844325] {CVE-2025-22058}
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou) [Orabug: 38548051] {CVE-2025-39996}
- scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran) [Orabug: 38548059] {CVE-2025-39998}
- LTS tag: v5.4.300 (Alok Tiwari)
- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (Maciej S. Szmigiero)
- mm/hugetlb: fix folio is still mapped when deleted (Tu Jinjiang) [Orabug: 38560482] {CVE-2025-40006}
- i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik)
- i40e: fix validation of VF state in get resources (Lukasz Czapnik) [Orabug: 38547929] {CVE-2025-39969}
- i40e: fix idx validation in config queues msg (Lukasz Czapnik) [Orabug: 38547938] {CVE-2025-39971}
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38547952,38604168,38604171] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder)
- mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (David Hildenbrand)
- fbcon: Fix OOB access in font allocation (Thomas Zimmermann)
- fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda) [Orabug: 38547913] {CVE-2025-39967}
- i40e: add max boundary check for VF filters (Lukasz Czapnik) [Orabug: 38547923] {CVE-2025-39968}
- i40e: fix input validation logic for action_meta (Lukasz Czapnik) [Orabug: 38547933] {CVE-2025-39970}
- i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik) [Orabug: 38547946] {CVE-2025-39972}
- drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita) [Orabug: 38560496] {CVE-2025-40011}
- can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean) [Orabug: 38581463] {CVE-2025-40020}
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven)
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov)
- usb: core: Add 0x prefix to quirks debug output (Jiayi Li)
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai)
- ALSA: usb-audio: Convert comma to semicolon (Chen Ni)
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea)
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea)
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (Hans de Goede)
- net: rfkill: gpio: add DT support (Philipp Zabel)
- serial: sc16is7xx: fix bug in flow control levels init (Hugo Villeneuve)
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (Alan Stern)
- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body (Jakob Koschel)
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (Colin Ian King)
- ASoC: wm8974: Correct PLL rate rounding (Charles Keepax)
- ASoC: wm8940: Correct typo in control name (Charles Keepax)
- mmc: mvsdio: Fix dma_unmap_sg() nents value (Thomas Fourier)
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (Nathan Chancellor)
- cnic: Fix use-after-free bugs in cnic_delete_task (Duoming Zhou) [Orabug: 38503849] {CVE-2025-39945}
- net: liquidio: fix overflow in octeon_init_instr_queue() (Alexey Nepomnyashih)
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Kuniyuki Iwashima) [Orabug: 38526388] {CVE-2025-39955}
- i40e: remove redundant memory barrier when cleaning Tx descs (Maciej Fijalkowski)
- net: natsemi: fix rx_dropped double accounting on netif_rx() failure (Moon Yeounsu)
- cgroup: split cgroup_destroy_wq into 3 workqueues (Chen Ridong) [Orabug: 38503892] {CVE-2025-39953}
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch (Geert Uytterhoeven)
- wifi: mac80211: fix incorrect type for ret (Liao Yuanhong)
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (Takashi Sakamoto)
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Miaohe Lin) [Orabug: 38461848] {CVE-2025-39883}
- phy: ti-pipe3: fix device leak at unbind (Johan Hovold)
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (Stephan Gerhold) [Orabug: 38494822] {CVE-2025-39923}
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (Anders Roxell)
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (Tetsuo Handa)
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (Tetsuo Handa)
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (Michal Schmidt) [Orabug: 38494787] {CVE-2025-39911}
- i40e: Use irq_update_affinity_hint() (Nitesh Narayan Lal)
- genirq: Provide new interfaces for affinity hints (Thomas Gleixner)
- genirq: Export affinity setter for modules (Thomas Gleixner)
- genirq/affinity: Add irq_update_affinity_desc() (John Garry)
- igb: fix link test skipping when interface is admin down (Kohei Enju)
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (Stefan Wahren)
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (Fabio Porcedda)
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (Fabian Vogt)
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (Alexander Sverdlin)
- mtd: nand: raw: atmel: Fix comment in timings preparation (Alexander Dahl)
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (Christophe Kerello)
- mm/khugepaged: fix the address passed to notifier on testing young (Wei Yang)
- fuse: prevent overflow in copy_file_range return value (Miklos Szeredi)
- fuse: check if copy_file_range() returns larger than requested size (Miklos Szeredi)
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (Christophe Kerello)
- ocfs2: fix recursive semaphore deadlock in fiemap call (Mark Tinguely) [Orabug: 38461859] {CVE-2025-39885}
- EDAC/altera: Delete an inappropriate dma_free_coherent() call (Salah Triki)
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (Kuniyuki Iwashima) [Orabug: 38494797] {CVE-2025-39913}
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (Kuniyuki Iwashima) [Orabug: 37901604] {CVE-2025-23143}

[5.4.17-2136.350.1]
- device-dax: correct pgoff align in dax_set_mapping() (Kun(Llfl)) [Orabug: 37206404] {CVE-2024-50022}

[5.4.17-2136.349.3]
- Revert 'net/mlx5e: Update and set Xon/Xoff upon MTU set' (Jakub Kicinski) [Orabug: 38545204]
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (Sean Christopherson) [Orabug: 38494247]
- rds: Free all frags when rds_ib_recv_cache_put() fails (Hans Westgaard Ry) [Orabug: 38492234]

[5.4.17-2136.349.2]
- bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags (Alan Maguire) [Orabug: 36699199]

[5.4.17-2136.349.1]
- NFSv4: Don't clear capabilities that won't be reset (Trond Myklebust)
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (H. Nikolaus Schaller)
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (H. Nikolaus Schaller)
- usb: hub: Fix flushing of delayed work used for post resume purposes (Mathias Nyman)
- soc: qcom: mdt_loader: Deal with zero e_shentsize (Bjorn Andersson)
- Revert 'net/mlx5e: Update and set Xon/Xoff upon port speed set' (Tariq Toukan)
- LTS tag: v5.4.299 (Alok Tiwari)
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (John Evans) [Orabug: 38456754] {CVE-2025-39841}
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- cifs: fix integer overflow in match_server() (Roman Smirnov)
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (Larisa Grigore)
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (Larisa Grigore)
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (Larisa Grigore)
- pcmcia: Add error handling for add_interval() in do_validate_mem() (Xu Wang)
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (Takashi Iwai)
- randstruct: gcc-plugin: Fix attribute addition (Kees Cook)
- randstruct: gcc-plugin: Remove bogus void member (Kees Cook)
- vmxnet3: update MTU after device quiesce (Ronak Doshi)
- net: dsa: microchip: linearize skb for tail-tagging switches (Jakob Unterwurzacher)
- net: dsa: microchip: update tag_ksz masks for KSZ9477 family (Pieter Van Trappen)
- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (Chris Chiu)
- gpio: pca953x: fix IRQ storm on system wake up (Emanuele Ghidoli)
- iio: light: opt3001: fix deadlock due to concurrent flag access (Luca Ceresoli) [Orabug: 37977028] {CVE-2025-37968}
- iio: chemical: pms7003: use aligned_s64 for timestamp (David Lechner)
- cpufreq/sched: Explicitly synchronize limits_changed flag handling (Rafael J. Wysocki)
- mm/slub: avoid accessing metadata when pointer is invalid in object_err() (Li Qiong) [Orabug: 38494761] {CVE-2025-39902}
- mm/khugepaged: fix ->anon_vma race (Jann Horn)
- e1000e: fix heap overflow in e1000_set_eeprom (Vitaly Lifshits)
- batman-adv: fix OOB read/write in network-coding decode (Stanislav Fort)
- drm/amdgpu: drop hw access in non-DC audio fini (Alex Deucher)
- wifi: mwifiex: Initialize the chan_stats array to zero (Rong Qianfeng) [Orabug: 38494723] {CVE-2025-39891}
- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (Ma Ke)
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (Cryolitia Pukngae)
- ppp: fix memory leak in pad_compress_skb (Qingfang Deng) [Orabug: 38456781] {CVE-2025-39847}
- net: atm: fix memory leak in atm_register_sysfs when device_register fail (Wang Liang)
- ax25: properly unshare skbs in ax25_kiss_rcv() (Eric Dumazet)
- ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() (Dan Carpenter)
- net: thunder_bgx: add a missing of_node_put (Rosen Penev)
- wifi: libertas: cap SSID len in lbs_associate() (Dan Carpenter)
- wifi: cw1200: cap SSID length in cw1200_do_join() (Dan Carpenter)
- net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets (Felix Fietkau)
- i40e: Fix potential invalid access when MAC list is empty (Zhen Ni) [Orabug: 38456814] {CVE-2025-39853}
- icmp: fix icmp_ndo_send address translation for reply direction (Fabian Blase)
- mISDN: Fix memory leak in dsp_hwec_enable() (Miaoqian Lin)
- xirc2ps_cs: fix register access when enabling FullDuplex (Alok Tiwari)
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (Kuniyuki Iwashima) [Orabug: 38456834] {CVE-2025-39860}
- netfilter: conntrack: helper: Replace -EEXIST by -EBUSY (Phil Sutter)
- wifi: cfg80211: fix use-after-free in cmp_bss() (Dmitry Antipov) [Orabug: 38456860] {CVE-2025-39864}
- powerpc: boot: Remove leading zero in label in udelay() (Nathan Chancellor)

[5.4.17-2136.348.3]
- hugetlbfs: take read_lock on i_mmap for PMD sharing (Waiman Long) [Orabug: 38459576]
- kallsyms: add module_kallsyms_on_each_symbol_locked (Julian Pidancet) [Orabug: 38418686]
- kallsyms: export module_kallsyms_on_each_symbol (Julian Pidancet) [Orabug: 38418686]

[5.4.17-2136.348.2]
- uek-rpm: Move ifb module to nano modules (Harshit Mogalapalli) [Orabug: 38443798]
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38310007,38453918] {CVE-2025-38499}
- x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38424094]
- x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38424094]
- Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38424094]

[5.4.17-2136.348.1]
- LTS tag: v5.4.298 (Sherry Yang)
- Revert 'drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS' (Imre Deak)
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (Alex Deucher) [Orabug: 38343661]
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (Minjong Kim) [Orabug: 38440228] {CVE-2025-39808}
- HID: wacom: Add a new Art Pen 2 (Ping Cheng)
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (Qasim Ijaz) [Orabug: 38440310] {CVE-2025-39824}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (Li Nan) [Orabug: 38440277] {CVE-2025-39817}
- sctp: initialize more fields in sctp_v6_from_sk() (Eric Dumazet) [Orabug: 38440251] {CVE-2025-39812}
- net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts (Rohan G Thomas)
- net/mlx5e: Set local Xoff after FW update (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon port speed set (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon MTU set (Alexei Lazar)
- net: dlink: fix multicast stats being counted incorrectly (Moon Yeounsu)
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). (Kuniyuki Iwashima) [Orabug: 38440347] {CVE-2025-39828}
- net/atm: remove the atmdev_ops {get, set}sockopt methods (Christoph Hellwig)
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (Luiz Augusto von Dentz)
- powerpc/kvm: Fix ifdef to remove build warning (Madhavan Srinivasan)
- net: ipv4: fix regression in local-broadcast routes (Oscar Maes) [Orabug: 38343661]
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (Nikolay Kuratov)
- scsi: core: sysfs: Correct sysfs attributes access rights (Damien Le Moal)
- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (Tengda Wu) [Orabug: 38440259] {CVE-2025-39813}
- pinctrl: STMFX: add missing HAS_IOMEM dependency (Randy Dunlap)
- LTS tag: v5.4.297 (Sherry Yang)
- alloc_fdtable(): change calling conventions. (Al Viro)
- s390/hypfs: Enable limited access during lockdown (Peter Oberparleiter)
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (Peter Oberparleiter)
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (Takashi Iwai)
- net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate (William Liu)
- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (William Liu)
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (Jason Xing)
- ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add (Heminhong)
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (Dan Carpenter) [Orabug: 38343661]
- scsi: qla4xxx: Prevent a potential error pointer dereference (Dan Carpenter) [Orabug: 38401514] {CVE-2025-39676}
- usb: xhci: Fix slot_id resource race conflict (Weitao Wang)
- nfs: fix UAF in direct writes (Josef Bacik) [Orabug: 36596831] {CVE-2024-26958}
- NFS: Fix up commit deadlocks (Trond Myklebust)
- cifs: Fix UAF in cifs_demultiplex_thread() (Zhang Xiaoxu)
- Bluetooth: fix use-after-free in device_for_each_child() (Dmitry Antipov) [Orabug: 37433654] {CVE-2024-53237}
- act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti) [Orabug: 34882838] {CVE: CVE-2022-4269}
- net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti)
- net/sched: act_mirred: refactor the handle of xmit (Wenxu)
- selftests: forwarding: tc_actions.sh: add matchall mirror test (Jiri Pirko)
- net: sched: don't expose action qstats to skb_tc_reinsert() (Vlad Buslov)
- net: sched: extract qstats update code into functions (Vlad Buslov)
- net: sched: extract bstats update code into function (Vlad Buslov)
- net: sched: extract common action counters update code into function (Vlad Buslov)
- mm: perform the mapping_map_writable() check after call_mmap() (Lorenzo Stoakes)
- mm: update memfd seal write check to include F_SEAL_WRITE (Lorenzo Stoakes)
- mm: drop the assumption that VM_SHARED always implies writable (Lorenzo Stoakes)
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37908492] {CVE-2025-37798}
- sch_qfq: make qfq_qlen_notify() idempotent (Cong Wang)
- sch_hfsc: make hfsc_qlen_notify() idempotent (Cong Wang) [Orabug: 38158396] {CVE-2025-38177}
- sch_drr: make drr_qlen_notify() idempotent (Cong Wang)
- btrfs: populate otime when logging an inode item (Qu Wenruo)
- media: venus: hfi: explicitly release IRQ during teardown (Jorge Ramirez-Ortiz)
- f2fs: fix to avoid out-of-boundary access in dnode page (Chao Yu)
- media: venus: protect against spurious interrupts during probe (Jorge Ramirez-Ortiz)
- media: qcom: camss: cleanup media device allocated resource on error path (Vladimir Zapolskiy)
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. (Ricardo Ribalda)
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (Imre Deak)
- pwm: mediatek: Fix duty and period setting (Uwe Kleine-Konig)
- pwm: mediatek: Handle hardware enable and clock enable separately (Uwe Kleine-Konig)
- pwm: mediatek: Implement .apply() callback (Uwe Kleine-Konig)
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (Gui-Dong Han) [Orabug: 38401677] {CVE-2025-39713}
- media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() (Sakari Ailus)
- media: v4l2-ctrls: always copy the controls on completion (Hans Verkuil)
- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig (Damien Le Moal)
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header (Bjorn Andersson) [Orabug: 38423524] {CVE-2025-39787}
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (Meagan Lloyd)
- usb: musb: omap2430: fix device leak at unbind (Johan Hovold)
- NFS: Fix the setting of capabilities when automounting a new filesystem (Trond Myklebust) [Orabug: 38429211] {CVE-2025-39798}
- NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() (Trond Myklebust)
- NFSv4: Fix nfs4_bitmap_copy_adjust() (Trond Myklebust)
- usb: typec: fusb302: cache PD RX state (Sebastian Reichel)
- cdc-acm: fix race between initial clearing halt and open (Oliver Neukum)
- USB: cdc-acm: do not log successful probe on later errors (Johan Hovold)
- mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock (Breno Leitao)
- mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t (He Zhe)
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (Geoffrey D. Bennett)
- x86/fpu: Delay instruction pointer fixup until after warning (Dave Hansen)
- mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery (Andy Shevchenko)
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38395081,38501612] {CVE-2025-38724}
- pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov (Maulik Shah)
- tracing: Add down_write(trace_event_sem) when adding trace event (Steven Rostedt) [Orabug: 38324271] {CVE-2025-38539}
- usb: hub: Don't try to recover devices lost during warm reset. (Mathias Nyman)
- usb: hub: avoid warm port reset during USB3 disconnect (Mathias Nyman)
- x86/mce/amd: Add default names for MCA banks and blocks (Yazen Ghannam)
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (Zhang Lixu)
- f2fs: fix to do sanity check on ino and xnid (Chao Yu)
- mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n (Harry Yoo)
- mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() (Miaohe Lin)
- drm/sched: Remove optimization that causes hang when killing dependent jobs (Lin Cao)
- ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (Haoxiang Li) [Orabug: 38351930] {CVE-2025-38664}
- net: usbnet: Fix the wrong netif_carrier_on() call (Ammar Faizi)
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (John Ernberg)
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (Lukas Wunner)
- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (Li Zhong)
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (Ian Abbott)
- comedi: Fix initialization of data for instructions that write to subdevice (Ian Abbott)
- kbuild: Add KBUILD_CPPFLAGS to as-option invocation (Nathan Chancellor)
- kbuild: add to KBUILD_CPPFLAGS (Masahiro Yamada)
- kbuild: Add CLANG_FLAGS to as-instr (Nathan Chancellor)
- mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation (Nathan Chancellor)
- kbuild: Update assembler calls to use proper flags and language target (Nick Desaulniers)
- ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS (Nathan Chancellor)
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (Kuen-Han Tsai)
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (Zenm Chen)
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (Thorsten Blum)
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (Mael Guerin)
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (Miao Li)
- iio: proximity: isl29501: fix buffered read on big-endian systems (David Lechner)
- ftrace: Also allocate and copy hash for reading of filter files (Steven Rostedt) [Orabug: 38401581] {CVE-2025-39689}
- fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() (Xu Yilun)
- use uniform permission checks for all mount propagation changes (Al Viro)
- move_mount: allow to add a mount into an existing group (Pavel Tikhomirov)
- fs/buffer: fix use-after-free when call bh_read() helper (Ye Bin) [Orabug: 38401587] {CVE-2025-39691}
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (Timur Kristof)
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (Timur Kristof)
- memstick: Fix deadlock by moving removing flag earlier (Jiayi Li)
- media: venus: Add a check for packet size after reading from shared memory (Vedang Nagar)
- media: ov2659: Fix memory leaks in ov2659_probe() (Zhang Shurong)
- media: usbtv: Lock resolution while streaming (Ludwig Disterhof) [Orabug: 38401684] {CVE-2025-39714}
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (Haoxiang Li)
- media: gspca: Add bounds checking to firmware parser (Dan Carpenter)
- soc/tegra: pmc: Ensure power-domains are in a known state (Jonathan Hunter)
- jbd2: prevent softlockup in jbd2_log_do_checkpoint() (Baokun Li) [Orabug: 38423509] {CVE-2025-39782}
- PCI: endpoint: Fix configfs group removal on driver teardown (Damien Le Moal)
- PCI: endpoint: Fix configfs group list head handling (Damien Le Moal)
- mtd: rawnand: fsmc: Add missing check after DMA map (Thomas Fourier)
- pwm: imx-tpm: Reset counter if CMOD is 0 (Laurentiu Mihalcea)
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (Nathan Chancellor)
- zynq_fpga: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- ata: libata-scsi: Fix ata_to_sense_error() status handling (Damien Le Moal)
- ext4: fix reserved gdt blocks handling in fsmap (Ojaswin Mujoo)
- ext4: fix fsmap end of range reporting with bigalloc (Ojaswin Mujoo)
- ext4: check fast symlink for ea_inode correctly (Andreas Dilger)
- vt: defkeymap: Map keycodes above 127 to K_HOLE (Myrrh Periwinkle)
- vt: keyboard: Don't process Unicode characters in K_OFF mode (Myrrh Periwinkle)
- usb: dwc3: meson-g12a: fix device leaks at unbind (Johan Hovold)
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (Johan Hovold)
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (Nathan Chancellor)
- m68k: Fix lost column on framebuffer debug console (Finn Thain)
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (Dan Carpenter)
- serial: 8250: fix panic due to PSLVERR (Yunhui Cui) [Orabug: 38401729] {CVE-2025-39724}
- media: uvcvideo: Do not mark valid metadata as invalid (Ricardo Ribalda)
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Youngjun Lee) [Orabug: 38394816] {CVE-2025-38680}
- mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() (Waiman Long)
- parisc: Makefile: fix a typo in palo.conf (Randy Dunlap)
- btrfs: fix log tree replay failure due to file with 0 links and extents (Filipe Manana)
- thunderbolt: Fix copy+paste error in match_service_id() (Eric Biggers)
- comedi: fix race between polling and detaching (Ian Abbott)
- misc: rtsx: usb: Ensure mmc child device is active when card is present (Ricky Wu)
- drm/amdgpu: fix incorrect vm flags to map bo (Jack Xiao)
- scsi: lpfc: Remove redundant assignment to avoid memory leak (Jiasheng Jiang)
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (Meagan Lloyd)
- pNFS: Fix uninited ptr deref in block/scsi layout (Sergey Bashirov) [Orabug: 38394867] {CVE-2025-38691}
- pNFS: Handle RPC size limit for layoutcommits (Sergey Bashirov)
- pNFS: Fix disk addr range check in block/scsi layout (Sergey Bashirov)
- pNFS: Fix stripe mapping in block/scsi layout (Sergey Bashirov)
- net: phy: smsc: add proper reset flags for LAN8710A (Csaba Buday)
- ipmi: Fix strcpy source and destination the same (Corey Minyard)
- kconfig: lxdialog: fix 'space' to (de)select options (Yann E. MORIN)
- kconfig: gconf: fix potential memory leak in renderer_edited() (Masahiro Yamada)
- kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() (Masahiro Yamada)
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (Breno Leitao)
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (John Garry)
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (Ranjan Kumar)
- kconfig: nconf: Ensure null termination where strncpy is used (Shankari Anand)
- kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c (Suchit Karunakaran)
- i3c: don't fail if GETHDRCAP is unsupported (Wolfram Sang)
- PCI: pnv_php: Work around switches with broken presence detection (Timothy Pearson)
- i3c: add missing include to internal header (Wolfram Sang)
- media: uvcvideo: Fix bandwidth issue for Alcor camera (Chenchangcheng)
- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (Alex Guo) [Orabug: 38394880] {CVE-2025-38693}
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (Alex Guo) [Orabug: 38394887] {CVE-2025-38694}
- media: usb: hdpvr: disable zero-length read messages (Wolfram Sang)
- media: tc358743: Increase FIFO trigger level to 374 (Dave Stevenson)
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (Dave Stevenson)
- media: tc358743: Check I2C succeeded during probe (Dave Stevenson)
- pinctrl: stm32: Manage irq affinity settings (Cheick Traore)
- scsi: mpt3sas: Correctly handle ATA device errors (Damien Le Moal)
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (Justin Tee) [Orabug: 38394894] {CVE-2025-38695}
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (Yury Norov) [Orabug: 38423286] {CVE-2025-39742}
- MIPS: Don't crash in stack_top() for tasks without ABI or vDSO (Thomas Weissschuh)
- jfs: upper bound check of tree index in dbAllocAG (Arnaud Lecomte)
- jfs: Regular file corruption check (Edward Adam Davis)
- jfs: truncate good inode pages when hard link is 0 (Lizhi Xu)
- scsi: bfa: Double-free fix (Jackysliu) [Orabug: 38394925] {CVE-2025-38699}
- MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} (Shiji Yang)
- watchdog: dw_wdt: Fix default timeout (Sebastian Reichel)
- fs/orangefs: use snprintf() instead of sprintf() (Amir Mohammad Jahangirzad)
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Showrya M N) [Orabug: 38394931] {CVE-2025-38700}
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (Theodore Ts'O) [Orabug: 38394937] {CVE-2025-38701}
- cifs: Fix calling CIFSFindFirst() for root path without msearch (Pali Rohar)
- vhost: fail early when __vhost_add_used() fails (Jason Wang)
- net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 (Alvaro Fernandez Rojas)
- uapi: in6: restore visibility of most IPv6 socket options (Jakub Kicinski)
- net: ncsi: Fix buffer overflow in fetching version id (Hari Kalavakunta)
- net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 (Alvaro Fernandez Rojas)
- net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 (Alvaro Fernandez Rojas)
- net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs (Gal Pressman)
- wifi: iwlegacy: Check rate_idx range after addition (Stanislaw Gruszka)
- netmem: fix skb_frag_address_safe with unreadable skbs (Mina Almasry)
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_rx_interrupt(). (Thomas Fourier)
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (Anjaneyulu)
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (Rand Deeb)
- net: fec: allow disable coalescing (Jonas Rebmann)
- (powerpc/512) Fix possible dma_unmap_single() on uninitialized pointer (Thomas Fourier)
- s390/stp: Remove udelay from stp_sync_clock() (Sven Schnelle)
- wifi: iwlwifi: mvm: fix scan request validation (Avraham Stern)
- net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() (Alok Tiwari)
- net: ipv4: fix incorrect MTU in broadcast routes (Oscar Maes)
- wifi: cfg80211: Fix interface type validation (Ilan Peer)
- rcu: Protect ->defer_qs_iw_pending from data race (Paul E. McKenney) [Orabug: 38423341] {CVE-2025-39749}
- net: ag71xx: Add missing check after DMA map (Thomas Fourier)
- et131x: Add missing check after DMA map (Thomas Fourier)
- be2net: Use correct byte order and format string for TCP seq and ack_seq (Alok Tiwari)
- s390/time: Use monotonic clock in get_cycles() (Sven Schnelle)
- wifi: cfg80211: reject HTC bit for management frames (Johannes Berg)
- ktest.pl: Prevent recursion of default variable options (Steven Rostedt)
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (Xinxin Wan)
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (Cristian Ciocaltea)
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (Lucy Thrun)
- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (Kees Cook)
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (Gautham R. Shenoy)
- usb: core: usb_submit_urb: downgrade type check (Oliver Neukum)
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (Alok Tiwari)
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (Mark Brown)
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (Ulf Hansson)
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (Breno Leitao)
- ACPI: processor: fix acpi_object initialization (Sebastian Ott)
- PM: sleep: console: Fix the black screen issue (Tuhaowen)
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (Hsin-Te Yuan)
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (Rafael J. Wysocki)
- selftests: tracing: Use mutex_unlock for testing glob filter (Masami Hiramatsu)
- ARM: tegra: Use I/O memcpy to write to IRAM (Aaron Kling)
- gpio: tps65912: check the return value of regmap_update_bits() (Bartosz Golaszewski)
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (Kuninori Morimoto)
- ARM: rockchip: fix kernel hang during smp initialization (Alexander Kochetkov)
- cpufreq: Exit governor when failed to start old governor (Lifeng Zheng)
- usb: xhci: Avoid showing errors during surprise removal (Mario Limonciello)
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (Jay Chen)
- usb: xhci: Avoid showing warnings for dying controller (Mario Limonciello)
- selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t (Cynthia Huang)
- usb: xhci: print xhci->xhc_state when queue_command failed (Su Hui)
- securityfs: don't pin dentries twice, once is enough... (Al Viro)
- hfs: fix not erasing deleted b-tree node issue (Viacheslav Dubeyko)
- drbd: add missing kref_get in handle_write_conflicts (Sarah Newman) [Orabug: 38394995] {CVE-2025-38708}
- udf: Verify partition map count (Jan Kara)
- arm64: Handle KCOV __init vs inline mismatches (Kees Cook)
- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() (Tetsuo Handa)
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (Viacheslav Dubeyko)
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (Viacheslav Dubeyko)
- hfs: fix slab-out-of-bounds in hfs_bnode_read() (Viacheslav Dubeyko)
- sctp: linearize cloned gso packets in sctp_rcv (Xin Long) [Orabug: 38395059] {CVE-2025-38718}
- netfilter: ctnetlink: fix refcount leak on table dump (Florian Westphal) [Orabug: 38395068] {CVE-2025-38721}
- udp: also consider secpath when evaluating ipsec use for checksumming (Sabrina Dubroca)
- ACPI: processor: perflib: Move problematic pr->performance check (Rafael J. Wysocki)
- ACPI: processor: perflib: Fix initial _PPC limit application (Jiayi Li)
- Documentation: ACPI: Fix parent device references (Andy Shevchenko)
- fs: Prevent file descriptor table allocations exceeding INT_MAX (Sasha Levin) [Orabug: 38423397] {CVE-2025-39756}
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (Ma Ke)
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (Dai Ngo)
- net: dpaa: fix device leak when querying time stamp info (Johan Hovold)
- net: gianfar: fix device leak when querying time stamp info (Johan Hovold)
- netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38401319] {CVE-2025-38727}
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Takashi Iwai) [Orabug: 38423407] {CVE-2025-39757}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Takashi Iwai) [Orabug: 38395101] {CVE-2025-38729}
- io_uring: don't use int for ABI (Pavel Begunkov)
- usb: gadget : fix use-after-free in composite_dev_cleanup() (Taoxue) [Orabug: 38334898] {CVE-2025-38555}
- MIPS: mm: tlb-r4k: Uniquify TLB entries on init (Jiaxun Yang)
- USB: serial: option: add Foxconn T99W709 (Slark Xiao)
- vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38351771,38453914] {CVE-2025-38618}
- net/packet: fix a race in packet_set_ring() and packet_notifier() (Quang Le) [Orabug: 38351764] {CVE-2025-38617}
- perf/core: Prevent VMA split of buffer mappings (Thomas Gleixner) [Orabug: 38334948] {CVE-2025-38563}
- perf/core: Exit early on perf_mmap() fail (Thomas Gleixner) [Orabug: 38334959] {CVE-2025-38565}
- perf/core: Don't leak AUX buffer refcount on allocation failure (Thomas Gleixner)
- pptp: fix pptp_xmit() error path (Eric Dumazet)
- smb: client: let recv_done() cleanup before notifying the callers. (Stefan Metzmacher)
- benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334976] {CVE-2025-38569}
- net: drop UFO packets in udp_rcv_segment() (Wang Liang) [Orabug: 38351786] {CVE-2025-38622}
- ipv6: reject malicious packets in ipv6_gso_segment() (Eric Dumazet) [Orabug: 38334988] {CVE-2025-38572}
- pptp: ensure minimal skb length in pptp_xmit() (Eric Dumazet) [Orabug: 38335004] {CVE-2025-38574}
- netpoll: prevent hanging NAPI when netcons gets enabled (Jakub Kicinski)
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (Trond Myklebust) [Orabug: 38401745] {CVE-2025-39730}
- pci/hotplug/pnv-php: Wrap warnings in macro (Frederic Barrat)
- pci/hotplug/pnv-php: Improve error msg on power state change failure (Frederic Barrat)
- usb: chipidea: udc: fix sleeping function called from invalid context (Peter Chen)
- f2fs: fix to avoid out-of-boundary access in devs.path (Chao Yu)
- f2fs: fix to avoid panic in f2fs_evict_inode (Chao Yu)
- f2fs: fix to avoid UAF in f2fs_sync_inode_meta() (Chao Yu)
- rtc: pcf8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: hym8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: ds1307: fix incorrect maximum clock rate handling (Brian Masney)
- module: Restore the moduleparam prefix length check (Petr Pavlu)
- bpf: Check flow_dissector ctx accesses are aligned (Paul Chaignon)
- mtd: rawnand: atmel: set pmecc data setup time (Balamanikandan Gunasundar)
- mtd: rawnand: atmel: Fix dma_mapping_error() address (Thomas Fourier)
- jfs: fix metapage reference count leak in dbAllocCtl (Zheng Yu)
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (Chenyuan Yang)
- crypto: qat - fix seq_file position update in adf_ring_next() (Giovanni Cabiddu)
- dmaengine: nbpfaxi: Add missing check after DMA map (Thomas Fourier)
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (Thomas Fourier)
- fs/orangefs: Allow 2 more characters in do_c_string() (Dan Carpenter)
- soundwire: stream: restore params when prepare ports fail (Bard Liao)
- crypto: img-hash - Fix dma_unmap_sg() nents value (Thomas Fourier)
- hwrng: mtk - handle devm_pm_runtime_enable errors (Ovidiu Panait)
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (Dan Carpenter)
- scsi: isci: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: mvsas: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (Thomas Fourier)
- clk: sunxi-ng: v3s: Fix de clock definition (Paul Kocialkowski)
- perf tests bp_account: Fix leaked file descriptor (Leo Yan)
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (Mengbiao Xiong)
- pinctrl: sunxi: Fix memory leak on krealloc failure (Yuan Chen)
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (Charles Han)
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (Henry Martin)
- mtd: fix possible integer overflow in erase_xfer() (Ivan Stepchenko)
- crypto: marvell/cesa - Fix engine load inaccuracy (Herbert Xu)
- PCI: rockchip-host: Fix 'Unexpected Completion' log message (Hans Zhang)
- vrf: Drop existing dst reference in vrf_ip6_input_dst (Stanislav Fomichev)
- selftests: rtnetlink.sh: remove esp4_offload after test (Xiumei Mu)
- netfilter: xt_nfacct: don't assume acct name is null-terminated (Florian Westphal) [Orabug: 38351854] {CVE-2025-38639}
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (Jimmy Assarsson)
- can: kvaser_pciefd: Store device channel index (Jimmy Assarsson)
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (Gokul Sivakumar)
- Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (Remi Pommarel)
- mwl8k: Add missing check after DMA map (Thomas Fourier)
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (Martin Kaistra)
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (William Liu) [Orabug: 38331466] {CVE-2025-38553}
- arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX (Johan Korsnes)
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (Fedor Pchelkin)
- m68k: Don't unregister boot console needlessly (Finn Thain)
- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range (Xin Guo)
- iwlwifi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang) [Orabug: 38335110] {CVE-2025-38602}
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (Xiu Jianfeng)
- wifi: rtl818x: Kill URBs before clearing tx status queue (Daniil Dulov) [Orabug: 38335120] {CVE-2025-38604}
- caif: reduce stack size, again (Arnd Bergmann)
- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (Yuan Chen)
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (Jiayuan Chen) [Orabug: 38335131] {CVE-2025-38608}
- staging: nvec: Fix incorrect null termination of battery manufacturer (Alok Tiwari)
- samples: mei: Fix building on musl libc (Brahmajit Das)
- cpufreq: Init policy->rwsem before it may be possibly used (Lifeng Zheng)
- ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface (Annette Kobou)
- usb: early: xhci-dbc: Fix early_ioremap leak (Lucas De Marchi)
- Revert 'vmci: Prevent the dispatching of uninitialized payloads' (Greg Kroah-Hartman)
- pps: fix poll support (Denis Osterland-Heim)
- vmci: Prevent the dispatching of uninitialized payloads (Lizhi Xu)
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (Abdun Nihaal) [Orabug: 38335153] {CVE-2025-38612}
- ARM: dts: vfxxx: Correctly use two tuples for timer address (Krzysztof Kozlowski)
- hfsplus: remove mutex_lock check in hfsplus_free_extents (Yangtao Li)
- ASoC: Intel: fix SND_SOC_SOF dependencies (Arnd Bergmann)
- ethernet: intel: fix building with large NR_CPUS (Arnd Bergmann)
- usb: phy: mxs: disconnect line when USB charger is attached (Xu Yang)
- usb: chipidea: add USB PHY event (Xu Yang)
- usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use (Peter Chen)
- usb: chipidea: udc: protect usb interrupt enable (Li Jun)
- usb: chipidea: udc: add new API ci_hdrc_gadget_connect (Peter Chen)
- ALSA: hda: Add missing NVIDIA HDA codec IDs (Daniel Dadap)
- comedi: comedi_test: Fix possible deletion of uninitialized timers (Ian Abbott)
- nilfs2: reject invalid file types when reading inodes (Ryusuke Konishi)
- i2c: qup: jump out of the loop in case of timeout (Yang Xiwen) [Orabug: 38351994] {CVE-2025-38671}
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (Xiang Mei)
- net: appletalk: Fix use-after-free in AARP proxy probe (Kito Xu)
- net: appletalk: fix kerneldoc warnings (Andrew Lunn)
- RDMA/core: Rate limit GID cache warning messages (Maor Gottlieb)
- regulator: core: fix NULL dereference on unbind due to stale coupling data (Alessandro Carminati) [Orabug: 38351978] {CVE-2025-38668}
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (Mathias Nyman)
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (Mathias Nyman)
- net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158477] {CVE-2025-38193}
- power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition (Zheng Wang)
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (Minghao Chi)
- power: supply: bq24190_charger: Fix runtime PM imbalance on error (Dinghao Liu)
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (Hongyu Xie)
- virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug: 38253834] {CVE-2025-38375}
- ASoC: fsl_sai: Force a software reset when starting in consumer mode (Arun Raghavan)
- usb: dwc3: qcom: Don't leave BCR asserted (Krishna Kurapati)
- usb: musb: fix gadget state on disconnect (Drew Hamilton)
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (William Liu) [Orabug: 38254214] {CVE-2025-38468}
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (Dong Chenchen) [Orabug: 38254225] {CVE-2025-38470}
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (Luiz Augusto von Dentz)
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (Luiz Augusto von Dentz)
- Bluetooth: SMP: If an unallowed command is received consider it a failure (Luiz Augusto von Dentz)
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (Kuniyuki Iwashima) [Orabug: 38254241] {CVE-2025-38473}
- usb: net: sierra: check for no status endpoint (Oliver Neukum) [Orabug: 38254249] {CVE-2025-38474}
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (Xiang Mei) [Orabug: 38254266] {CVE-2025-38477}
- net: emaclite: Fix missing pointer increment in aligned_read() (Alok Tiwari)
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (Ian Abbott)
- comedi: Fix some signed shift left operations (Ian Abbott)
- comedi: das6402: Fix bit shift out of bounds (Ian Abbott)
- comedi: das16m1: Fix bit shift out of bounds (Ian Abbott)
- comedi: aio_iiro_16: Fix bit shift out of bounds (Ian Abbott)
- comedi: pcl812: Fix bit shift out of bounds (Ian Abbott)
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (Chen Ni)
- iio: adc: max1363: Reorder mode_list[] entries (Fabio Estevam)
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (Fabio Estevam)
- soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled (Andrew Jeffery)
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (Andrew Jeffery)
- mmc: sdhci_am654: Workaround for Errata i2312 (Judith Mendez)
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (Edson Juliano Drosdeck)
- mmc: bcm2835: Fix dma_unmap_sg() nents value (Thomas Fourier)
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (Nathan Chancellor)
- isofs: Verify inode mode when loading from disk (Jan Kara)
- dmaengine: nbpfaxi: Fix memory corruption in probe() (Dan Carpenter)
- af_packet: fix soft lockup issue caused by tpacket_snd() (Yun Lu)
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (Yun Lu)
- phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() (Nathan Chancellor)
- HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254340,38453904] {CVE-2025-38494}
- HID: core: ensure __hid_request reserves the report ID as the first byte (Benjamin Tissoires)
- HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254348,38453908] {CVE-2025-38495}
- pch_uart: Fix dma_sync_sg_for_device() nents value (Thomas Fourier)
- Input: xpad - set correct controller type for Acer NGR200 (Nilton Perim Neto)
- i2c: stm32: fix the device used for the DMA map (Clement Le Goffic)
- usb: gadget: configfs: Fix OOB read on empty string write (Xinyu Liu) [Orabug: 38254358] {CVE-2025-38497}
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (Ryan Mann)
- USB: serial: option: add Foxconn T99W640 (Slark Xiao)
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (Fabio Porcedda)
- LTS tag: v5.4.296 (Sherry Yang)
- x86/mm: Disable hugetlb page table sharing on 32-bit (Jann Horn)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (Hans de Goede)
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324280] {CVE-2025-38540}
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (Zhang Heng)
- vt: add missing notification when switching back to text mode (Nicolas Pitre)
- net: usb: qmi_wwan: add SIMCom 8230C composition (Xiaowei Li)
- atm: idt77252: Add missing dma_map_error() (Thomas Fourier)
- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254090] {CVE-2025-38439}
- bnxt_en: Fix DCB ETS validation (Shravya Kn)
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (Sean Nyekjaer)
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (Oleksij Rempel)
- net: appletalk: Fix device refcount leak in atrtr_create() (Kito Xu)
- md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254109] {CVE-2025-38445}
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug: 38324161] {CVE-2025-38513}
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (Christian Konig)
- Input: xpad - support Acer NGR 200 Controller (Nilton Perim Neto)
- Input: xpad - add VID for Turtle Beach controllers (Vicki Pfau)
- Input: xpad - add support for Amazon Game Controller (Matt Reynolds)
- NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust)
- flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes (Tigran Mkrtchyan)
- RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad)
- netlink: Fix rmem check in netlink_broadcast_deliver(). (Kuniyuki Iwashima)
- netlink: make sure we allow at least one dump skb (Jakub Kicinski)
- Revert 'ACPI: battery: negate current when discharging' (Rafael J. Wysocki)
- usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254118] {CVE-2025-38448}
- drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324180] {CVE-2025-38515}
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324186] {CVE-2025-38516}
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (Jp Kobryn)
- x86/mce: Don't remove sysfs if thresholding sysfs init fails (Yazen Ghannam)
- x86/mce/amd: Fix threshold limit reset (Yazen Ghannam)
- rxrpc: Fix oops due to non-existence of prealloc backlog struct (David Howells)
- net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254147] {CVE-2025-38457}
- atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254153] {CVE-2025-38458}
- atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254161] {CVE-2025-38459}
- atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324309] {CVE-2025-38546}
- atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254167] {CVE-2025-38460}
- tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254181] {CVE-2025-38464}
- netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254188] {CVE-2025-38465}
- fix proc_sys_compare() handling of in-lookup dentries (Al Viro)
- proc: Clear the pieces of proc_inode that proc_evict_inode cares about (Eric W. Biederman)
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug: 38254203] {CVE-2025-38467}
- staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (Nathan Chancellor)
- media: uvcvideo: Rollback non processed entities on error (Ricardo Ribalda)
- media: uvcvideo: Send control events for partial succeeds (Ricardo Ribalda)
- media: uvcvideo: Return the number of processed controls (Ricardo Ribalda)
- ACPI: PAD: fix crash in exit_round_robin() (Seiji Nishikawa) [Orabug: 37206006] {CVE-2024-49935}
- usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38401436] {CVE-2025-38404}
- Logitech C-270 even more broken (Oliver Neukum)
- rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju)
- net: rose: Fix fall-through warnings for Clang (Gustavo A R Silva)
- drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253887] {CVE-2025-38389}
- drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter)
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark)
- spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (Vladimir Oltean)
- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (Vladimir Oltean)
- dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai)
- ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier)
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (Filipe Manana)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (Filipe Manana)
- RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad)
- RDMA/core: Create and destroy counters in the ib_core (Leon Romanovsky)
- scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche)
- drm/v3d: Disable interrupts before resetting the GPU (Maira Canal)
- mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky)
- mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu)
- mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() (Yue Hu)
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253907] {CVE-2025-38395}
- regulator: gpio: Add input_supply support in gpio_regulator_config (Jerome Neanne)
- ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253875] {CVE-2025-38386}
- wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253946] {CVE-2025-38406}
- wifi: mac80211: drop invalid source address OCB frames (Johannes Berg)
- powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan)
- ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg)
- ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai)
- nui: Fix dma_mapping_error() check (Thomas Fourier)
- enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari)
- amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju)
- lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter)
- drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski)
- btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana)
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier)
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253923] {CVE-2025-38400}
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253881] {CVE-2025-38387}
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson)
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu)
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253894] {CVE-2025-38391}
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih)
- vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253937] {CVE-2025-38403}
- btrfs: don't abort filesystem when attempting to snapshot deleted subvolume (Omar Sandoval) [Orabug: 36530119] {CVE-2024-26644}
- arm64: Restrict pagetable teardown to avoid false warning (Dev Jain)
- s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS (Nathan Chancellor)
- drm/bridge: cdns-dsi: Check return value when getting default PHY config (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix connecting to next bridge (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (Aradhya Bhatia)
- drm/tegra: Assign plane type before registration (Thierry Reding)
- HID: wacom: fix kobject reference count leak (Qasim Ijaz)
- HID: wacom: fix memory leak on sysfs attribute creation failure (Qasim Ijaz)
- HID: wacom: fix memory leak on kobject creation failure (Qasim Ijaz)
- dm-raid: fix variable in journal device check (Heinz Mauelshagen)
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (Frederic Danis)
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug: 38175045] {CVE-2025-38245}
- net: enetc: Correct endianness handling in _enetc_rd_reg64 (Simon Horman)
- um: ubd: Add missing error check in start_io_thread() (Tiwei Bie)
- vsock/uapi: fix linux/vm_sockets.h userspace compilation errors (Stefano Garzarella)
- wifi: mac80211: fix beacon interval calculation overflow (Lachlan Hodges)
- attach_recursive_mnt(): do not lock the covering tree when sliding something under it (Al Viro)
- ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug: 38175065] {CVE-2025-38249}
- i2c: robotfuzz-osif: disable zero-length read messages (Wolfram Sang)
- i2c: tiny-usb: disable zero-length read messages (Wolfram Sang)
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug: 38158592] {CVE-2025-38211}
- RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private (Weihang Li)
- media: vivid: Change the siize of the composing (Denis Arefev)
- media: omap3isp: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158692] {CVE-2025-38229}
- media: cxusb: use dev_dbg() rather than hand-rolled debug (Sean Young)
- jfs: validate AG parameters in dbMount() to prevent crashes (Vasiliy Kovalev)
- fs/jfs: consolidate sanity checking in dbMount (Dave Kleikamp)
- ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (Martin Blumenstingl)
- of: Add of_property_present() helper (Rob Herring)
- of: property: define of_property_read_u{8,16,32,64}_array() unconditionally (Michael Walle)
- kbuild: hdrcheck: fix cross build with clang (Arnd Bergmann)
- kbuild: add --target to correctly cross-compile UAPI headers with Clang (Masahiro Yamada)
- bpfilter: match bit size of bpfilter_umh to that of the kernel (Masahiro Yamada)
- kbuild: use -MMD instead of -MD to exclude system headers from dependency (Masahiro Yamada)
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152869] {CVE-2025-38102}
- VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF (George Kennedy)
- ovl: Check for NULL d_inode() in ovl_dentry_upper() (Kees Cook)
- ceph: fix possible integer overflow in ceph_zero_objects() (Dmitry Kandybka)
- ALSA: hda: Ignore unsol events for cards being shut down (Cezary Rojewski)
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (Jos Wang)
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (Robert Hodaszi)
- usb: Add checks for snprintf() calls in usb_alloc_dev() (Andy Shevchenko)
- tty: serial: uartlite: register uart driver in init (Jakub Lewalski)
- usb: potential integer overflow in usbg_make_tpg() (Chen Yufeng)
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (Jonathan Cameron)
- md/md-bitmap: fix dm-raid max_write_behind setting (Yu Kuai)
- dmaengine: xilinx_dma: Set dma_device directions (Thomas Gessler)
- mfd: max14577: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- mailbox: Not protect module_put with spin_lock_irqsave (Peng Fan)
- cifs: Fix cifs_query_path_info() for Windows NT servers (Pali Rohar)

ELBA-2025-21071 Oracle Linux 8 gcc-toolset-15-gcc bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-21071

http://linux.oracle.com/errata/ELBA-2025-21071.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
gcc-toolset-15-gcc-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-gcc-c++-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-gcc-gfortran-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-gcc-plugin-annobin-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-gcc-plugin-devel-15.1.1-2.3.el8_10.i686.rpm
gcc-toolset-15-gcc-plugin-devel-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-libasan-devel-15.1.1-2.3.el8_10.i686.rpm
gcc-toolset-15-libasan-devel-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-libatomic-devel-15.1.1-2.3.el8_10.i686.rpm
gcc-toolset-15-libatomic-devel-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-libgccjit-15.1.1-2.3.el8_10.i686.rpm
gcc-toolset-15-libgccjit-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-libgccjit-devel-15.1.1-2.3.el8_10.i686.rpm
gcc-toolset-15-libgccjit-devel-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-libitm-devel-15.1.1-2.3.el8_10.i686.rpm
gcc-toolset-15-libitm-devel-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-liblsan-devel-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-libquadmath-devel-15.1.1-2.3.el8_10.i686.rpm
gcc-toolset-15-libquadmath-devel-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-libstdc++-devel-15.1.1-2.3.el8_10.i686.rpm
gcc-toolset-15-libstdc++-devel-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-libstdc++-docs-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-libtsan-devel-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-libubsan-devel-15.1.1-2.3.el8_10.i686.rpm
gcc-toolset-15-libubsan-devel-15.1.1-2.3.el8_10.x86_64.rpm
gcc-toolset-15-offload-nvptx-15.1.1-2.3.el8_10.x86_64.rpm
libasan8-15.1.1-2.3.el8_10.i686.rpm
libasan8-15.1.1-2.3.el8_10.x86_64.rpm
libtsan2-15.1.1-2.3.el8_10.x86_64.rpm

aarch64:
gcc-toolset-15-gcc-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-gcc-c++-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-gcc-gfortran-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-gcc-plugin-annobin-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-gcc-plugin-devel-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-libasan-devel-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-libatomic-devel-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-libgccjit-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-libgccjit-devel-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-libitm-devel-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-liblsan-devel-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-libstdc++-devel-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-libstdc++-docs-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-libtsan-devel-15.1.1-2.3.el8_10.aarch64.rpm
gcc-toolset-15-libubsan-devel-15.1.1-2.3.el8_10.aarch64.rpm
libasan8-15.1.1-2.3.el8_10.aarch64.rpm
libtsan2-15.1.1-2.3.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gcc-toolset-15-gcc-15.1.1-2.3.el8_10.src.rpm

Description of changes:

[15.1.1-2.3]
- re-enable annobin-plugin and offload-nvptx
- configure with --enable-host-pie --enable-host-bind-now (RHEL-95594)

[15.1.1-2.2]
- Add AS_NEEDED libstdc++.so.6 when only needed through libstdc++_nonshared
(RHEL-94867)

[15.1.1-2.1]
- adjust libstd++_nonshared.a symbols

[15.1.1-2]
- update from releases/gcc-15 branch
- PRs ada/112958, ada/120104, c/120057, c++/119863, c++/119864, c++/119938,
c++/119939, c++/119981, c++/119996, c++/120012, c++/120013,
c++/120023, c++/120125, c++/120161, c++/120350, fortran/102891,
fortran/102900, fortran/119928, fortran/119986, fortran/120049,
fortran/120107, fortran/120139, fortran/120163, fortran/120179,
fortran/120191, ipa/119852, ipa/119973, ipa/120006, ipa/120146,
libfortran/120152, libfortran/120153, libfortran/120158,
libfortran/120196, libstdc++/118260, libstdc++/119427,
libstdc++/119714, libstdc++/120029, libstdc++/120114,
libstdc++/120159, libstdc++/120187, libstdc++/120190,
libstdc++/120198, libstdc++/120293, modula2/115276, modula2/119914,
modula2/119915, modula2/120117, modula2/120188, preprocessor/116047,
preprocessor/120061, target/119610, testsuite/119909,
tree-optimization/111873, tree-optimization/119712,
tree-optimization/120043, tree-optimization/120048,
tree-optimization/120074, tree-optimization/120089,
tree-optimization/120143, tree-optimization/120211

[15.1.1-1]
- update from releases/gcc-15 branch
- GCC 15.1 release
- PRs fortran/119836, target/119327, target/119873, tree-optimization/118407

[14.2.1-7.2]
- Fix GTS version in package name.

[14.2.1-7.1]
- new package (RHEL-81741)

ELSA-2025-23137 Moderate: Oracle Linux 8 mysql:8.4 security update

Oracle Linux Security Advisory ELSA-2025-23137

http://linux.oracle.com/errata/ELSA-2025-23137.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
mecab-0.996-2.module+el8.10.0+90700+dfc34c39.x86_64.rpm
mecab-devel-0.996-2.module+el8.10.0+90700+dfc34c39.x86_64.rpm
mecab-ipadic-2.7.0.20070801-17.0.1.module+el8.10.0+90700+dfc34c39.x86_64.rpm
mecab-ipadic-EUCJP-2.7.0.20070801-17.0.1.module+el8.10.0+90700+dfc34c39.x86_64.rpm
mysql-8.4.7-1.module+el8.10.0+90724+e63c91fc.x86_64.rpm
mysql-common-8.4.7-1.module+el8.10.0+90724+e63c91fc.noarch.rpm
mysql-devel-8.4.7-1.module+el8.10.0+90724+e63c91fc.x86_64.rpm
mysql-errmsg-8.4.7-1.module+el8.10.0+90724+e63c91fc.noarch.rpm
mysql-libs-8.4.7-1.module+el8.10.0+90724+e63c91fc.x86_64.rpm
mysql-server-8.4.7-1.module+el8.10.0+90724+e63c91fc.x86_64.rpm
mysql-test-8.4.7-1.module+el8.10.0+90724+e63c91fc.x86_64.rpm
mysql-test-data-8.4.7-1.module+el8.10.0+90724+e63c91fc.noarch.rpm

aarch64:
mecab-0.996-2.module+el8.10.0+90700+dfc34c39.aarch64.rpm
mecab-devel-0.996-2.module+el8.10.0+90700+dfc34c39.aarch64.rpm
mecab-ipadic-2.7.0.20070801-17.0.1.module+el8.10.0+90700+dfc34c39.aarch64.rpm
mecab-ipadic-EUCJP-2.7.0.20070801-17.0.1.module+el8.10.0+90700+dfc34c39.aarch64.rpm
mysql-8.4.7-1.module+el8.10.0+90724+e63c91fc.aarch64.rpm
mysql-common-8.4.7-1.module+el8.10.0+90724+e63c91fc.noarch.rpm
mysql-devel-8.4.7-1.module+el8.10.0+90724+e63c91fc.aarch64.rpm
mysql-errmsg-8.4.7-1.module+el8.10.0+90724+e63c91fc.noarch.rpm
mysql-libs-8.4.7-1.module+el8.10.0+90724+e63c91fc.aarch64.rpm
mysql-server-8.4.7-1.module+el8.10.0+90724+e63c91fc.aarch64.rpm
mysql-test-8.4.7-1.module+el8.10.0+90724+e63c91fc.aarch64.rpm
mysql-test-data-8.4.7-1.module+el8.10.0+90724+e63c91fc.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/mecab-0.996-2.module+el8.10.0+90700+dfc34c39.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/mecab-ipadic-2.7.0.20070801-17.0.1.module+el8.10.0+90700+dfc34c39.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/mysql-8.4.7-1.module+el8.10.0+90724+e63c91fc.src.rpm

Related CVEs:

CVE-2025-53040
CVE-2025-53042
CVE-2025-53044
CVE-2025-53045
CVE-2025-53053
CVE-2025-53054
CVE-2025-53062
CVE-2025-53069

Description of changes:

mecab
mecab-ipadic
mysql
[8.4.7-1]
- Rebase to 8.4.7

ELSA-2025-23134 Moderate: Oracle Linux 8 mysql:8.0 security update

Oracle Linux Security Advisory ELSA-2025-23134

http://linux.oracle.com/errata/ELSA-2025-23134.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
mecab-0.996-2.module+el8.10.0+90675+bf1d9af8.x86_64.rpm
mecab-devel-0.996-2.module+el8.10.0+90675+bf1d9af8.x86_64.rpm
mecab-ipadic-2.7.0.20070801-17.0.1.module+el8.10.0+90675+bf1d9af8.x86_64.rpm
mecab-ipadic-EUCJP-2.7.0.20070801-17.0.1.module+el8.10.0+90675+bf1d9af8.x86_64.rpm
mysql-8.0.44-1.module+el8.10.0+90725+3f667d31.x86_64.rpm
mysql-common-8.0.44-1.module+el8.10.0+90725+3f667d31.x86_64.rpm
mysql-devel-8.0.44-1.module+el8.10.0+90725+3f667d31.x86_64.rpm
mysql-errmsg-8.0.44-1.module+el8.10.0+90725+3f667d31.x86_64.rpm
mysql-libs-8.0.44-1.module+el8.10.0+90725+3f667d31.x86_64.rpm
mysql-server-8.0.44-1.module+el8.10.0+90725+3f667d31.x86_64.rpm
mysql-test-8.0.44-1.module+el8.10.0+90725+3f667d31.x86_64.rpm

aarch64:
mecab-0.996-2.module+el8.10.0+90675+bf1d9af8.aarch64.rpm
mecab-devel-0.996-2.module+el8.10.0+90675+bf1d9af8.aarch64.rpm
mecab-ipadic-2.7.0.20070801-17.0.1.module+el8.10.0+90675+bf1d9af8.aarch64.rpm
mecab-ipadic-EUCJP-2.7.0.20070801-17.0.1.module+el8.10.0+90675+bf1d9af8.aarch64.rpm
mysql-8.0.44-1.module+el8.10.0+90725+3f667d31.aarch64.rpm
mysql-common-8.0.44-1.module+el8.10.0+90725+3f667d31.aarch64.rpm
mysql-devel-8.0.44-1.module+el8.10.0+90725+3f667d31.aarch64.rpm
mysql-errmsg-8.0.44-1.module+el8.10.0+90725+3f667d31.aarch64.rpm
mysql-libs-8.0.44-1.module+el8.10.0+90725+3f667d31.aarch64.rpm
mysql-server-8.0.44-1.module+el8.10.0+90725+3f667d31.aarch64.rpm
mysql-test-8.0.44-1.module+el8.10.0+90725+3f667d31.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/mecab-0.996-2.module+el8.10.0+90675+bf1d9af8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/mecab-ipadic-2.7.0.20070801-17.0.1.module+el8.10.0+90675+bf1d9af8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/mysql-8.0.44-1.module+el8.10.0+90725+3f667d31.src.rpm

Related CVEs:

CVE-2025-53040
CVE-2025-53042
CVE-2025-53044
CVE-2025-53045
CVE-2025-53053
CVE-2025-53054
CVE-2025-53062
CVE-2025-53069

Description of changes:

mysql
[8.0.44-1]
- Rebase to MySQL 8.0.44

ELEA-2025-21074 Oracle Linux 8 gcc-toolset-15-gdb bug fix and enhancement update

Oracle Linux Enhancement Advisory ELEA-2025-21074

http://linux.oracle.com/errata/ELEA-2025-21074.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
gcc-toolset-15-gdb-16.3-1.el8_10.x86_64.rpm

aarch64:
gcc-toolset-15-gdb-16.3-1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gcc-toolset-15-gdb-16.3-1.el8_10.src.rpm

Description of changes:

[16.3-1]
- Backport amd64 decoding fixes
(Tom de Vries, RHEL-7329)

* Mon May 26 2025 Guinevere Larsen [guinevere@redhat.com]
- Backport "s390: Add support for z17 as CPU name
(Jen Remus, RHEL-50069)

* Tue May 13 2025 Alexandra Hájková [ahajkova@redhat.com]
- Rebase to FSF GDB 16.3.
Deleted: gdb-rhbz2354997-gstack-drop-readnever.patch
Resolves: RHEL-92896

[16.2-1]
- Initial import of sources for GTS15 repository

* Fri Mar 28 2025 Keith Seitz [keiths@redhat.com]
- Backport "Fix gstack issues" from upstream.
(Keith Seitz, RH BZ 2354997)

* Thu Feb 13 2025 Alexandra Hájková [ahajkova@redhat.com]
- Bump the release number.

* Tue Feb 11 2025 Alexandra Hájková [ahajkova@redhat.com]
- Rebase to FSF GDB 16.2.
Dropped: gdb-backport-buildid-related-changes.patch
gdb-catchpoint-re-set.patch
gdb-remove-qnx-neutrino-support.patch
Modified: gdb-add-rpm-suggestion-script.patch

* Thu Jan 23 2025 Alexandra Hájková [ahajkova@redhat.com]
- Remove upstreamed gdb-6.3-gstack-20050411.patch.

* Fri Jan 17 2025 Guinevere Larsen [guinevere@redhat.com]
- remove gdb-test-bt-cfi-without-die.patch. This test has been
accepted upstream and will make its way back to testing with
the GDB 17 release.

* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

ELBA-2025-21075 Oracle Linux 8 gcc-toolset-15-binutils bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-21075

http://linux.oracle.com/errata/ELBA-2025-21075.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
gcc-toolset-15-binutils-2.44-3.0.1.el8_10.x86_64.rpm
gcc-toolset-15-binutils-devel-2.44-3.0.1.el8_10.i686.rpm
gcc-toolset-15-binutils-devel-2.44-3.0.1.el8_10.x86_64.rpm
gcc-toolset-15-binutils-gold-2.44-3.0.1.el8_10.x86_64.rpm
gcc-toolset-15-binutils-gprofng-2.44-3.0.1.el8_10.x86_64.rpm

aarch64:
gcc-toolset-15-binutils-2.44-3.0.1.el8_10.aarch64.rpm
gcc-toolset-15-binutils-devel-2.44-3.0.1.el8_10.aarch64.rpm
gcc-toolset-15-binutils-gold-2.44-3.0.1.el8_10.aarch64.rpm
gcc-toolset-15-binutils-gprofng-2.44-3.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gcc-toolset-15-binutils-2.44-3.0.1.el8_10.src.rpm

Description of changes:

[2.44-3.0.1]
- Disable three libctf tests that spuriously fail with old system GCCs
with backported CTF support.
Reviewed-by: Bruce McCulloch [bruce.mcculloch@oracle.com]
Reviewed-by: Jose E. Marchesi [jose.marchesi@oracle.com]

[2.44-3]
- Avoid using SCL for c10s.

[2.44-2]
- Use system alternatives even for bootstrap.

[2.44-1]
- Initial commit: Import Fedora 42 binutils to GTS-15. (RHEL-81744)

ELBA-2025-21078 Oracle Linux 8 gcc-toolset-15-annobin bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-21078

http://linux.oracle.com/errata/ELBA-2025-21078.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
gcc-toolset-15-annobin-annocheck-12.93-4.el8_10.x86_64.rpm
gcc-toolset-15-annobin-docs-12.93-4.el8_10.noarch.rpm
gcc-toolset-15-annobin-plugin-gcc-12.93-4.el8_10.x86_64.rpm

aarch64:
gcc-toolset-15-annobin-annocheck-12.93-4.el8_10.aarch64.rpm
gcc-toolset-15-annobin-docs-12.93-4.el8_10.noarch.rpm
gcc-toolset-15-annobin-plugin-gcc-12.93-4.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gcc-toolset-15-annobin-12.93-4.el8_10.src.rpm

Description of changes:

[12.93-4]
- Generate latest-annobin.tar.xz at prep phase (RHEL-95704)

[12.93-3]
- Disable bootstrapping. Also use error() in place of warning() in the gcc plugin. (RHEL-95704)

[12.93-2]
- NVR bump in order to allow rebuilding with correct GTS-15 tags. (RHEL-81744)

[12.93-1]
- Initial commit on c8s. (RHELPLAN-171846)

ELBA-2025-21077 Oracle Linux 8 gcc-toolset-15-dwz bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-21077

http://linux.oracle.com/errata/ELBA-2025-21077.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
gcc-toolset-15-dwz-0.16-0.el8_10.x86_64.rpm

aarch64:
gcc-toolset-15-dwz-0.16-0.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gcc-toolset-15-dwz-0.16-0.el8_10.src.rpm

Description of changes:

[0.16-0]
- Update to dwz 0.16, actual release

[0.15-0]
- new package (RHELPLAN-171622)

ELBA-2025-21076 Oracle Linux 8 gcc-toolset-15 bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-21076

http://linux.oracle.com/errata/ELBA-2025-21076.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
gcc-toolset-15-15.0-9.el8_10.x86_64.rpm
gcc-toolset-15-runtime-15.0-9.el8_10.x86_64.rpm

aarch64:
gcc-toolset-15-15.0-9.el8_10.aarch64.rpm
gcc-toolset-15-runtime-15.0-9.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gcc-toolset-15-15.0-9.el8_10.src.rpm

Description of changes:

[15.0-9]
- Compress man page and fix its name (RHEL-98731)

[15.0-7]
- Man page and documentation updates (RHEL-96025)

[15.0-6]
- Split out scripts into a -runtime package on RHEL10 (RHEL-94841)

[15.0-4]
- New script to replace scl-enable (RHEL-91829).

[15.0-3]
- Drop the sudo wrapper script.

[15.0-2]
- Split out a devel package to break the dependency look with gts-gcc and
gts-binutils.

[15.0-1]
- Drop scl-utils dependency on c10s and later.

[15.0-0]
- new package (RHELPLAN-171604)

ELBA-2025-19558 Oracle Linux 8 linux-firmware bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-19558

http://linux.oracle.com/errata/ELBA-2025-19558.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.45.el8.noarch.rpm
iwl100-firmware-39.31.5.1-999.45.el8.noarch.rpm
iwl105-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl135-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl2000-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl2030-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl3160-firmware-25.30.13.0-999.45.el8.noarch.rpm
iwl3945-firmware-15.32.2.9-999.45.el8.noarch.rpm
iwl4965-firmware-228.61.2.24-999.45.el8.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.45.el8.noarch.rpm
iwl5150-firmware-8.24.2.2-999.45.el8.noarch.rpm
iwl6000-firmware-9.221.4.1-999.45.el8.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl6050-firmware-41.28.5.1-999.45.el8.noarch.rpm
iwl7260-firmware-25.30.13.0-999.45.el8.noarch.rpm
iwlax2xx-firmware-20251110-999.45.el8.noarch.rpm
libertas-sd8686-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
libertas-sd8787-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
libertas-usb8388-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
libertas-usb8388-olpc-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
linux-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
linux-firmware-core-20251110-999.45.gitc0af6c70.el8.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.45.el8.noarch.rpm
iwl100-firmware-39.31.5.1-999.45.el8.noarch.rpm
iwl105-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl135-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl2000-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl2030-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl3160-firmware-25.30.13.0-999.45.el8.noarch.rpm
iwl3945-firmware-15.32.2.9-999.45.el8.noarch.rpm
iwl4965-firmware-228.61.2.24-999.45.el8.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.45.el8.noarch.rpm
iwl5150-firmware-8.24.2.2-999.45.el8.noarch.rpm
iwl6000-firmware-9.221.4.1-999.45.el8.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl6050-firmware-41.28.5.1-999.45.el8.noarch.rpm
iwl7260-firmware-25.30.13.0-999.45.el8.noarch.rpm
iwlax2xx-firmware-20251110-999.45.el8.noarch.rpm
libertas-sd8686-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
libertas-sd8787-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
libertas-usb8388-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
libertas-usb8388-olpc-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
linux-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
linux-firmware-core-20251110-999.45.gitc0af6c70.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/linux-firmware-20251110-999.45.gitc0af6c70.el8.src.rpm

Description of changes:

[20251110-999.45.gitc0af6c70.el8]
- Rebase to latest upstream [Orabug: 38523856]
- Include AMD ucode fix [Orabug: 38523856] {CVE-2025-62626}

ELBA-2025-17417 Oracle Linux 8 linux-firmware bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-17417

http://linux.oracle.com/errata/ELBA-2025-17417.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.45.el8.noarch.rpm
iwl100-firmware-39.31.5.1-999.45.el8.noarch.rpm
iwl105-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl135-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl2000-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl2030-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl3160-firmware-25.30.13.0-999.45.el8.noarch.rpm
iwl3945-firmware-15.32.2.9-999.45.el8.noarch.rpm
iwl4965-firmware-228.61.2.24-999.45.el8.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.45.el8.noarch.rpm
iwl5150-firmware-8.24.2.2-999.45.el8.noarch.rpm
iwl6000-firmware-9.221.4.1-999.45.el8.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl6050-firmware-41.28.5.1-999.45.el8.noarch.rpm
iwl7260-firmware-25.30.13.0-999.45.el8.noarch.rpm
iwlax2xx-firmware-20251110-999.45.el8.noarch.rpm
libertas-sd8686-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
libertas-sd8787-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
libertas-usb8388-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
libertas-usb8388-olpc-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
linux-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
linux-firmware-core-20251110-999.45.gitc0af6c70.el8.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.45.el8.noarch.rpm
iwl100-firmware-39.31.5.1-999.45.el8.noarch.rpm
iwl105-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl135-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl2000-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl2030-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl3160-firmware-25.30.13.0-999.45.el8.noarch.rpm
iwl3945-firmware-15.32.2.9-999.45.el8.noarch.rpm
iwl4965-firmware-228.61.2.24-999.45.el8.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.45.el8.noarch.rpm
iwl5150-firmware-8.24.2.2-999.45.el8.noarch.rpm
iwl6000-firmware-9.221.4.1-999.45.el8.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.45.el8.noarch.rpm
iwl6050-firmware-41.28.5.1-999.45.el8.noarch.rpm
iwl7260-firmware-25.30.13.0-999.45.el8.noarch.rpm
iwlax2xx-firmware-20251110-999.45.el8.noarch.rpm
libertas-sd8686-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
libertas-sd8787-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
libertas-usb8388-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
libertas-usb8388-olpc-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
linux-firmware-20251110-999.45.gitc0af6c70.el8.noarch.rpm
linux-firmware-core-20251110-999.45.gitc0af6c70.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/linux-firmware-20251110-999.45.gitc0af6c70.el8.src.rpm

Description of changes:

[20251110-999.45.gitc0af6c70.el8]
- Rebase to latest upstream [Orabug: 38523856]
- Include AMD ucode fix [Orabug: 38523856] {CVE-2025-62626}

ELSA-2025-28049 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-28049

http://linux.oracle.com/errata/ELSA-2025-28049.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.350.3.1.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.350.3.1.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.350.3.1.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.350.3.1.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.350.3.1.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.350.3.1.el8uek.src.rpm

Related CVEs:

CVE-2024-50022
CVE-2025-22058
CVE-2025-23143
CVE-2025-39883
CVE-2025-39885
CVE-2025-39911
CVE-2025-39913
CVE-2025-39923
CVE-2025-39945
CVE-2025-39953
CVE-2025-39955
CVE-2025-39967
CVE-2025-39968
CVE-2025-39969
CVE-2025-39970
CVE-2025-39971
CVE-2025-39972
CVE-2025-39973
CVE-2025-39993
CVE-2025-39994
CVE-2025-39995
CVE-2025-39996
CVE-2025-39998
CVE-2025-40001
CVE-2025-40006
CVE-2025-40011
CVE-2025-40018
CVE-2025-40019
CVE-2025-40020
CVE-2025-40026
CVE-2025-40027
CVE-2025-40030
CVE-2025-40035
CVE-2025-40042
CVE-2025-40044
CVE-2025-40048
CVE-2025-40049
CVE-2025-40055
CVE-2025-40070
CVE-2025-40078
CVE-2025-40081
CVE-2025-40087
CVE-2025-40105
CVE-2025-40111
CVE-2025-40115
CVE-2025-40118
CVE-2025-40125
CVE-2025-40134
CVE-2025-40140
CVE-2025-40153
CVE-2025-40167
CVE-2025-40173
CVE-2025-40178
CVE-2025-40186
CVE-2025-40187
CVE-2025-40190
CVE-2025-40194
CVE-2025-40197
CVE-2025-40198
CVE-2025-40200
CVE-2025-40204
CVE-2025-40205
CVE-2025-40219
CVE-2025-40233
CVE-2025-40240

Description of changes:

[5.4.17-2136.350.3.1]
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38744458]
- fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38744453]

[5.4.17-2136.350.3]
- net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506370]

[5.4.17-2136.350.2]
- LTS tag: v5.4.301 (Alok Tiwari)
- net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg (Zhengchao Shao)
- media: s5p-mfc: remove an unused/uninitialized variable (Arnd Bergmann)
- NFSD: Fix last write offset handling in layoutcommit (Sergey Bashirov)
- NFSD: Minor cleanup in layoutcommit processing (Sergey Bashirov)
- padata: Reset next CPU when reorder sequence wraps around (Xiao Liang)
- KEYS: trusted_tpm1: Compare HMAC values in constant time (Eric Biggers)
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601819] {CVE-2025-40087}
- vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601924] {CVE-2025-40105}
- jbd2: ensure that all ongoing I/O complete before freeing blocks (Zhang Yi)
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination (Deepanshu Kartikey) [Orabug: 38649223] {CVE-2025-40167}
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (Gui-Dong Han)
- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (Theodore Ts'O) [Orabug: 38649412] {CVE-2025-40198}
- spi: cadence-quadspi: Flush posted register writes before DAC access (Pratyush Yadav)
- spi: cadence-quadspi: Flush posted register writes before INDAC access (Pratyush Yadav)
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (Zhen Ni)
- memory: samsung: exynos-srom: Correct alignment (Krzysztof Kozlowski)
- arm64: errata: Apply workarounds for Neoverse-V3AE (Mark Rutland)
- arm64: cputype: Add Neoverse-V3AE definitions (Mark Rutland)
- comedi: fix divide-by-zero in comedi_buf_munge() (Deepanshu Kartikey)
- binder: remove "invalid inc weak" check (Alice Ryhl)
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (Mathias Nyman)
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (Tim Guttzeit)
- USB: serial: option: add Telit FN920C04 ECM compositions (Li Qingwu)
- USB: serial: option: add Quectel RG255C (Reinhard Speyerer)
- USB: serial: option: add UNISOC UIS7720 (Renjun Wang)
- net: ravb: Ensure memory write completes before ringing TX doorbell (Lad Prabhakar)
- net: usb: rtl8150: Fix frame padding (Michał Pecio)
- ocfs2: clear extent cache after moving/defragmenting extents (Deepanshu Kartikey) [Orabug: 38730547] {CVE-2025-40233}
- MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering (Maciej W. Rozycki)
- Revert "cpuidle: menu: Avoid discarding useful information" (Rafael J. Wysocki)
- net: bonding: fix possible peer notify event loss or dup issue (Tonghao Zhang)
- sctp: avoid NULL dereference when chunk data buffer is missing (Alexey Simakov) [Orabug: 38730567] {CVE-2025-40240}
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (Huang, Ying)
- net: enetc: correct the value of ENETC_RXB_TRUESIZE (Wei Fang)
- rtnetlink: Allow deleting FDB entries in user namespace (Johannes Wiesboeck)
- net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del (Nikolay Aleksandrov)
- net: add ndo_fdb_del_bulk (Nikolay Aleksandrov)
- net: rtnetlink: add bulk delete support flag (Nikolay Aleksandrov)
- net: netlink: add NLM_F_BULK delete request modifier (Nikolay Aleksandrov)
- net: rtnetlink: use BIT for flag values (Nikolay Aleksandrov)
- net: rtnetlink: add helper to extract msg type's kind (Nikolay Aleksandrov)
- net: rtnetlink: add msg kind names (Nikolay Aleksandrov)
- net: rtnetlink: remove redundant assignment to variable err (Colin Ian King)
- m68k: bitops: Fix find_*_bit() signatures (Geert Uytterhoeven)
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (Yangtao Li)
- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() (Viacheslav Dubeyko)
- dlm: check for defined force value in dlm_lockspace_release (Alexander Aring)
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (Viacheslav Dubeyko)
- hfs: validate record offset in hfsplus_bmap_alloc (Yang Chenzhi)
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (Viacheslav Dubeyko)
- hfs: make proper initalization of struct hfs_find_data (Viacheslav Dubeyko)
- hfs: clear offset and space out of valid records in b-tree node (Viacheslav Dubeyko)
- exec: Fix incorrect type for ret (Xichao Zhao)
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (Viacheslav Dubeyko)
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (Randy Dunlap)
- sched/fair: Fix pelt lost idle time detection (Vincent Guittot)
- sched/balancing: Rename newidle_balance() => sched_balance_newidle() (Ingo Molnar)
- sched/fair: Trivial correction of the newidle_balance() comment (Barry Song)
- sched: Make newidle_balance() static again (Chen Yu)
- tls: don't rely on tx_work during send() (Sabrina Dubroca)
- tls: always set record_type in tls_process_cmsg (Sabrina Dubroca)
- tg3: prevent use of uninitialized remote_adv and local_adv variables (Alexey Simakov)
- tcp: fix tcp_tso_should_defer() vs large RTT (Eric Dumazet)
- amd-xgbe: Avoid spurious link down messages during interface toggle (Raju Rangoju)
- net/ip6_tunnel: Prevent perpetual tunnel growth (Dmitry Safonov) [Orabug: 38649261] {CVE-2025-40173}
- net: dlink: handle dma_map_single() failure properly (Moon Yeounsu)
- net: dl2k: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- media: pci: ivtv: Add missing check after DMA map (Thomas Fourier)
- media: pci/ivtv: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- xen/events: Update virq_to_irq on migration (Jason Andryuk)
- media: lirc: Fix error handling in lirc_register() (Ma Ke)
- media: rc: Directly use ida_free() (Keliu)
- drm/exynos: exynos7_drm_decon: remove ctx->suspended (Kaustabh Chakraborty)
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (Anderson Nascimento) [Orabug: 38649463] {CVE-2025-40205}
- pwm: berlin: Fix wrong register in suspend/resume (Jisheng Zhang)
- media: cx18: Add missing check after DMA map (Thomas Fourier)
- xen/events: Cleanup find_virq() return codes (Jason Andryuk)
- cramfs: Verify inode mode when loading from disk (Tetsuo Handa)
- fs: Add 'initramfs_options' to set initramfs mount options (Lichen Liu)
- pid: Add a judgment for ns null in pid_nr_ns (Gaoxiang17) [Orabug: 38649276] {CVE-2025-40178}
- minixfs: Verify inode mode when loading from disk (Tetsuo Handa)
- tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592033] {CVE-2025-40042}
- dm: fix NULL pointer dereference in __dm_suspend() (Zheng Qixing) [Orabug: 38649057] {CVE-2025-40134}
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (Hans de Goede)
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (Andy Shevchenko)
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (Hans de Goede)
- Squashfs: reject negative file sizes in squashfs_read_inode() (Phillip Lougher) [Orabug: 38649425] {CVE-2025-40200}
- Squashfs: add additional inode sanity checking (Phillip Lougher)
- media: mc: Clear minor number before put device (Edward Adam Davis) [Orabug: 38649399] {CVE-2025-40197}
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (Bartosz Golaszewski)
- fs: udf: fix OOB read in lengthAllocDescs handling (Larshin Sergey) [Orabug: 38592048] {CVE-2025-40044}
- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug: 38591959] {CVE-2025-40026}
- net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591965] {CVE-2025-40027}
- ext4: guard against EA inode refcount underflow in xattr update (Ahmet Eray Karadag) [Orabug: 38649330] {CVE-2025-40190}
- ext4: correctly handle queries for metadata mappings (Ojaswin Mujoo)
- ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() (Yongjian Sun)
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia)
- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) (Sean Christopherson)
- x86/umip: Check that the instruction opcode is at least two bytes (Sean Christopherson)
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (Siddharth Vadapalli)
- PCI/AER: Fix missing uevent on recovery when a reset is requested (Niklas Schnelle)
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (Niklas Schnelle) [Orabug: 38730513] {CVE-2025-40219}
- rseq/selftests: Use weak symbol reference, not definition, to link with glibc (Sean Christopherson)
- rtc: interface: Fix long-standing race when setting alarm (Esben Haabendal)
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (Esben Haabendal)
- mmc: core: SPI mode remove cmd7 (Rex Chen)
- mtd: rawnand: fsmc: Default to autodetect buswidth (Linus Walleij)
- sparc: fix error handling in scan_one_device() (Ma Ke)
- sparc64: fix hugetlb for sun4u (Anthony Yznaga)
- sctp: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 38649451] {CVE-2025-40204}
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (Thorsten Blum)
- parisc: don't reference obsolete termio struct for TC* constants (Sam James)
- lib/genalloc: fix device leak in of_gen_pool_get() (Johan Hovold)
- iio: frequency: adf4350: Fix prescaler usage. (Michael Hennerich)
- iio: dac: ad5421: use int type to store negative error codes (Rong Qianfeng)
- iio: dac: ad5360: use int type to store negative error codes (Rong Qianfeng)
- crypto: atmel - Fix dma_unmap_sg() direction (Thomas Fourier)
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (Rafael J. Wysocki) [Orabug: 38649367] {CVE-2025-40194}
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (Shuhao Fu)
- media: i2c: mt9v111: fix incorrect type for ret (Rong Qianfeng)
- firmware: meson_sm: fix device leak at probe (Johan Hovold)
- xen/manage: Fix suspend error path (Lukas Wunner)
- arm64: dts: qcom: msm8916: Add missing MDSS reset (Stephan Gerhold)
- ACPI: debug: fix signedness issues in read/write helpers (Amir Mohammad Jahangirzad)
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (Daniel Tang)
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (Gunnar Kudrjavets)
- tpm, tpm_tis: Claim locality before writing interrupt registers (Lino Sanfilippo)
- crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38581456,38705546] {CVE-2025-40019}
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (Harini T)
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (Harini T)
- tools build: Align warning options with perf (Leo Yan)
- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe (Erick Karanja)
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Kuniyuki Iwashima) [Orabug: 38649579] {CVE-2025-40186}
- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (Alexandr Sapozhnikov) [Orabug: 38649313] {CVE-2025-40187}
- drm/vmwgfx: Fix Use-after-free in validation (Ian Forbes) [Orabug: 38643546] {CVE-2025-40111}
- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() (Dan Carpenter)
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557654] {CVE-2025-40001}
- scsi: mvsas: Use sas_task_find_rq() for tagging (John Garry)
- scsi: mvsas: Delete mvs_tag_init() (John Garry)
- scsi: libsas: Add sas_task_find_rq() (John Garry)
- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver (Alok Tiwari)
- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() (Brian Masney)
- perf session: Fix handling when buffer exceeds 2 GiB (Leo Yan)
- rtc: x1205: Fix Xicor X1205 vendor prefix (Rob Herring)
- perf util: Fix compression checks returning -1 as bool (Yunseong Kim)
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (Michael Hennerich)
- clocksource/drivers/clps711x: Fix resource leaks in error paths (Zhen Ni)
- pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug: 38591981] {CVE-2025-40030}
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38592002] {CVE-2025-40035}
- mm: hugetlb: avoid soft lockup when mprotect to large memory area (Yang Shi) [Orabug: 38649150] {CVE-2025-40153}
- uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592067] {CVE-2025-40048}
- Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592077] {CVE-2025-40049}
- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable (Kohei Enju)
- nfp: fix RSS hash key size when RSS is not supported (Kohei Enju)
- drivers/base/node: fix double free in register_one_node() (Donet Tom)
- ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592110] {CVE-2025-40055}
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (I Viswanath) [Orabug: 38649096] {CVE-2025-40140}
- RDMA/siw: Always report immediate post SQ errors (Bernard Metzler)
- usb: vhci-hcd: Prevent suspending virtually attached devices (Cristian Ciocaltea)
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (Ranjan Kumar) [Orabug: 38648982] {CVE-2025-40115}
- ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug: 38581446] {CVE-2025-40018}
- NFSv4.1: fix backchannel max_resp_sz verification check (Anthony Iliopoulos)
- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice (Stephan Gerhold)
- sparc: fix accurate exception reporting in copy_{from,to}_user for M7 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_to_user for Niagara 4 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC (Michael Karcher)
- IB/sa: Fix sa_local_svc_timeout_ms read race (Vlad Dumitrescu)
- RDMA/core: Resolve MAC of next-hop device without ARP support (Parav Pandit)
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (Abdun Nihaal)
- drivers/base/node: handle error properly in register_one_node() (Donet Tom)
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (Christophe Leroy)
- netfilter: ipset: Remove unused htable_bits in macro ahash_region (Zhen Ni)
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (Hans de Goede)
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (Takashi Iwai)
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (Takashi Iwai)
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (Takashi Iwai)
- pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592170] {CVE-2025-40070}
- misc: genwqe: Fix incorrect cmd field being reported in error (Colin Ian King)
- usb: gadget: configfs: Correctly set use_os_string at bind (William Wu)
- usb: phy: twl6030: Fix incorrect type for ret (Xichao Zhao)
- tcp: fix __tcp_close() to only send RST when required (Eric Dumazet)
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (Alok Tiwari)
- wifi: mwifiex: send world regulatory domain to driver (Stefan Kerkmann)
- ALSA: lx_core: use int type to store negative error codes (Rong Qianfeng)
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (Zhang Shurong)
- scsi: myrs: Fix dma_alloc_coherent() error check (Thomas Fourier)
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (Niklas Cassel) [Orabug: 38649567] {CVE-2025-40118}
- serial: max310x: Add error checking in probe() (Dan Carpenter)
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (Dan Carpenter)
- drm/radeon/r600_cs: clean up of dead code in r600_cs (Brahmajit Das)
- i2c: designware: Add disabling clocks when probe fails (Kunihiko Hayashi)
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (Leilk Liu)
- bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592205] {CVE-2025-40078}
- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported (Akhilesh Patil)
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (Uwe Kleine-König)
- block: use int to store blk_stack_limits() return value (Rong Qianfeng)
- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (Li Nan) [Orabug: 38649026] {CVE-2025-40125}
- pinctrl: meson-gxl: add missing i2c_d pinmux (Da Xue)
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (Sneh Mankad)
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (Huisong Li)
- regmap: Remove superfluous check for !config in __regmap_init() (Geert Uytterhoeven)
- x86/vdso: Fix output operand size of RDPID (Uros Bizjak)
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592223] {CVE-2025-40081}
- driver core/PM: Set power.no_callbacks along with power.no_pm (Rafael J. Wysocki)
- staging: axis-fifo: flush RX FIFO on read errors (Ovidiu Panait)
- staging: axis-fifo: fix maximum TX packet length check (Ovidiu Panait)
- perf subcmd: avoid crash in exclude_cmds when excludes is empty (Hupu)
- dm-integrity: limit MAX_TAG_SIZE to 255 (Mikulas Patocka)
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 (Bitterblue Smith)
- USB: serial: option: add SIMCom 8230C compositions (Xiaowei Li)
- media: rc: fix races with imon_disconnect() (Larshin Sergey) [Orabug: 38548027] {CVE-2025-39993}
- media: imon: grab lock earlier in imon_ir_change_protocol() (Tetsuo Handa)
- media: imon: reorganize serialization (Tetsuo Handa)
- media: rc: Add support for another iMON 0xffdc device (Flavius Georgescu)
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (Duoming Zhou) [Orabug: 38548044] {CVE-2025-39995}
- media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou) [Orabug: 38548037] {CVE-2025-39994}
- media: tunner: xc5000: Refactor firmware load (Ricardo Ribalda)
- udp: Fix memory accounting leak. (Kuniyuki Iwashima) [Orabug: 37844325] {CVE-2025-22058}
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou) [Orabug: 38548051] {CVE-2025-39996}
- scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran) [Orabug: 38548059] {CVE-2025-39998}
- LTS tag: v5.4.300 (Alok Tiwari)
- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (Maciej S. Szmigiero)
- mm/hugetlb: fix folio is still mapped when deleted (Tu Jinjiang) [Orabug: 38560482] {CVE-2025-40006}
- i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik)
- i40e: fix validation of VF state in get resources (Lukasz Czapnik) [Orabug: 38547929] {CVE-2025-39969}
- i40e: fix idx validation in config queues msg (Lukasz Czapnik) [Orabug: 38547938] {CVE-2025-39971}
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38547952,38604168,38604171] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder)
- mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (David Hildenbrand)
- fbcon: Fix OOB access in font allocation (Thomas Zimmermann)
- fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda) [Orabug: 38547913] {CVE-2025-39967}
- i40e: add max boundary check for VF filters (Lukasz Czapnik) [Orabug: 38547923] {CVE-2025-39968}
- i40e: fix input validation logic for action_meta (Lukasz Czapnik) [Orabug: 38547933] {CVE-2025-39970}
- i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik) [Orabug: 38547946] {CVE-2025-39972}
- drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita) [Orabug: 38560496] {CVE-2025-40011}
- can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean) [Orabug: 38581463] {CVE-2025-40020}
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven)
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov)
- usb: core: Add 0x prefix to quirks debug output (Jiayi Li)
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai)
- ALSA: usb-audio: Convert comma to semicolon (Chen Ni)
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea)
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea)
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (Hans de Goede)
- net: rfkill: gpio: add DT support (Philipp Zabel)
- serial: sc16is7xx: fix bug in flow control levels init (Hugo Villeneuve)
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (Alan Stern)
- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body (Jakob Koschel)
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (Colin Ian King)
- ASoC: wm8974: Correct PLL rate rounding (Charles Keepax)
- ASoC: wm8940: Correct typo in control name (Charles Keepax)
- mmc: mvsdio: Fix dma_unmap_sg() nents value (Thomas Fourier)
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (Nathan Chancellor)
- cnic: Fix use-after-free bugs in cnic_delete_task (Duoming Zhou) [Orabug: 38503849] {CVE-2025-39945}
- net: liquidio: fix overflow in octeon_init_instr_queue() (Alexey Nepomnyashih)
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Kuniyuki Iwashima) [Orabug: 38526388] {CVE-2025-39955}
- i40e: remove redundant memory barrier when cleaning Tx descs (Maciej Fijalkowski)
- net: natsemi: fix rx_dropped double accounting on netif_rx() failure (Moon Yeounsu)
- cgroup: split cgroup_destroy_wq into 3 workqueues (Chen Ridong) [Orabug: 38503892] {CVE-2025-39953}
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch (Geert Uytterhoeven)
- wifi: mac80211: fix incorrect type for ret (Liao Yuanhong)
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (Takashi Sakamoto)
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Miaohe Lin) [Orabug: 38461848] {CVE-2025-39883}
- phy: ti-pipe3: fix device leak at unbind (Johan Hovold)
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (Stephan Gerhold) [Orabug: 38494822] {CVE-2025-39923}
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (Anders Roxell)
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (Tetsuo Handa)
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (Tetsuo Handa)
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (Michal Schmidt) [Orabug: 38494787] {CVE-2025-39911}
- i40e: Use irq_update_affinity_hint() (Nitesh Narayan Lal)
- genirq: Provide new interfaces for affinity hints (Thomas Gleixner)
- genirq: Export affinity setter for modules (Thomas Gleixner)
- genirq/affinity: Add irq_update_affinity_desc() (John Garry)
- igb: fix link test skipping when interface is admin down (Kohei Enju)
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (Stefan Wahren)
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (Fabio Porcedda)
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (Fabian Vogt)
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (Alexander Sverdlin)
- mtd: nand: raw: atmel: Fix comment in timings preparation (Alexander Dahl)
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (Christophe Kerello)
- mm/khugepaged: fix the address passed to notifier on testing young (Wei Yang)
- fuse: prevent overflow in copy_file_range return value (Miklos Szeredi)
- fuse: check if copy_file_range() returns larger than requested size (Miklos Szeredi)
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (Christophe Kerello)
- ocfs2: fix recursive semaphore deadlock in fiemap call (Mark Tinguely) [Orabug: 38461859] {CVE-2025-39885}
- EDAC/altera: Delete an inappropriate dma_free_coherent() call (Salah Triki)
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (Kuniyuki Iwashima) [Orabug: 38494797] {CVE-2025-39913}
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (Kuniyuki Iwashima) [Orabug: 37901604] {CVE-2025-23143}

[5.4.17-2136.350.1]
- device-dax: correct pgoff align in dax_set_mapping() (Kun(Llfl)) [Orabug: 37206404] {CVE-2024-50022}

[5.4.17-2136.349.3]
- Revert 'net/mlx5e: Update and set Xon/Xoff upon MTU set' (Jakub Kicinski) [Orabug: 38545204]
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (Sean Christopherson) [Orabug: 38494247]
- rds: Free all frags when rds_ib_recv_cache_put() fails (Hans Westgaard Ry) [Orabug: 38492234]

[5.4.17-2136.349.2]
- bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags (Alan Maguire) [Orabug: 36699199]

[5.4.17-2136.349.1]
- NFSv4: Don't clear capabilities that won't be reset (Trond Myklebust)
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (H. Nikolaus Schaller)
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (H. Nikolaus Schaller)
- usb: hub: Fix flushing of delayed work used for post resume purposes (Mathias Nyman)
- soc: qcom: mdt_loader: Deal with zero e_shentsize (Bjorn Andersson)
- Revert 'net/mlx5e: Update and set Xon/Xoff upon port speed set' (Tariq Toukan)
- LTS tag: v5.4.299 (Alok Tiwari)
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (John Evans) [Orabug: 38456754] {CVE-2025-39841}
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- cifs: fix integer overflow in match_server() (Roman Smirnov)
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (Larisa Grigore)
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (Larisa Grigore)
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (Larisa Grigore)
- pcmcia: Add error handling for add_interval() in do_validate_mem() (Xu Wang)
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (Takashi Iwai)
- randstruct: gcc-plugin: Fix attribute addition (Kees Cook)
- randstruct: gcc-plugin: Remove bogus void member (Kees Cook)
- vmxnet3: update MTU after device quiesce (Ronak Doshi)
- net: dsa: microchip: linearize skb for tail-tagging switches (Jakob Unterwurzacher)
- net: dsa: microchip: update tag_ksz masks for KSZ9477 family (Pieter Van Trappen)
- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
- ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (Chris Chiu)
- gpio: pca953x: fix IRQ storm on system wake up (Emanuele Ghidoli)
- iio: light: opt3001: fix deadlock due to concurrent flag access (Luca Ceresoli) [Orabug: 37977028] {CVE-2025-37968}
- iio: chemical: pms7003: use aligned_s64 for timestamp (David Lechner)
- cpufreq/sched: Explicitly synchronize limits_changed flag handling (Rafael J. Wysocki)
- mm/slub: avoid accessing metadata when pointer is invalid in object_err() (Li Qiong) [Orabug: 38494761] {CVE-2025-39902}
- mm/khugepaged: fix ->anon_vma race (Jann Horn)
- e1000e: fix heap overflow in e1000_set_eeprom (Vitaly Lifshits)
- batman-adv: fix OOB read/write in network-coding decode (Stanislav Fort)
- drm/amdgpu: drop hw access in non-DC audio fini (Alex Deucher)
- wifi: mwifiex: Initialize the chan_stats array to zero (Rong Qianfeng) [Orabug: 38494723] {CVE-2025-39891}
- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (Ma Ke)
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (Cryolitia Pukngae)
- ppp: fix memory leak in pad_compress_skb (Qingfang Deng) [Orabug: 38456781] {CVE-2025-39847}
- net: atm: fix memory leak in atm_register_sysfs when device_register fail (Wang Liang)
- ax25: properly unshare skbs in ax25_kiss_rcv() (Eric Dumazet)
- ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() (Dan Carpenter)
- net: thunder_bgx: add a missing of_node_put (Rosen Penev)
- wifi: libertas: cap SSID len in lbs_associate() (Dan Carpenter)
- wifi: cw1200: cap SSID length in cw1200_do_join() (Dan Carpenter)
- net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets (Felix Fietkau)
- i40e: Fix potential invalid access when MAC list is empty (Zhen Ni) [Orabug: 38456814] {CVE-2025-39853}
- icmp: fix icmp_ndo_send address translation for reply direction (Fabian Blase)
- mISDN: Fix memory leak in dsp_hwec_enable() (Miaoqian Lin)
- xirc2ps_cs: fix register access when enabling FullDuplex (Alok Tiwari)
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (Kuniyuki Iwashima) [Orabug: 38456834] {CVE-2025-39860}
- netfilter: conntrack: helper: Replace -EEXIST by -EBUSY (Phil Sutter)
- wifi: cfg80211: fix use-after-free in cmp_bss() (Dmitry Antipov) [Orabug: 38456860] {CVE-2025-39864}
- powerpc: boot: Remove leading zero in label in udelay() (Nathan Chancellor)

[5.4.17-2136.348.3]
- hugetlbfs: take read_lock on i_mmap for PMD sharing (Waiman Long) [Orabug: 38459576]
- kallsyms: add module_kallsyms_on_each_symbol_locked (Julian Pidancet) [Orabug: 38418686]
- kallsyms: export module_kallsyms_on_each_symbol (Julian Pidancet) [Orabug: 38418686]

[5.4.17-2136.348.2]
- uek-rpm: Move ifb module to nano modules (Harshit Mogalapalli) [Orabug: 38443798]
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38310007,38453918] {CVE-2025-38499}
- x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38424094]
- x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38424094]
- Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38424094]

[5.4.17-2136.348.1]
- LTS tag: v5.4.298 (Sherry Yang)
- Revert 'drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS' (Imre Deak)
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (Alex Deucher) [Orabug: 38343661]
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (Minjong Kim) [Orabug: 38440228] {CVE-2025-39808}
- HID: wacom: Add a new Art Pen 2 (Ping Cheng)
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (Qasim Ijaz) [Orabug: 38440310] {CVE-2025-39824}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (Li Nan) [Orabug: 38440277] {CVE-2025-39817}
- sctp: initialize more fields in sctp_v6_from_sk() (Eric Dumazet) [Orabug: 38440251] {CVE-2025-39812}
- net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts (Rohan G Thomas)
- net/mlx5e: Set local Xoff after FW update (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon port speed set (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon MTU set (Alexei Lazar)
- net: dlink: fix multicast stats being counted incorrectly (Moon Yeounsu)
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). (Kuniyuki Iwashima) [Orabug: 38440347] {CVE-2025-39828}
- net/atm: remove the atmdev_ops {get, set}sockopt methods (Christoph Hellwig)
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (Luiz Augusto von Dentz)
- powerpc/kvm: Fix ifdef to remove build warning (Madhavan Srinivasan)
- net: ipv4: fix regression in local-broadcast routes (Oscar Maes) [Orabug: 38343661]
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (Nikolay Kuratov)
- scsi: core: sysfs: Correct sysfs attributes access rights (Damien Le Moal)
- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (Tengda Wu) [Orabug: 38440259] {CVE-2025-39813}
- pinctrl: STMFX: add missing HAS_IOMEM dependency (Randy Dunlap)
- LTS tag: v5.4.297 (Sherry Yang)
- alloc_fdtable(): change calling conventions. (Al Viro)
- s390/hypfs: Enable limited access during lockdown (Peter Oberparleiter)
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (Peter Oberparleiter)
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (Takashi Iwai)
- net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate (William Liu)
- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (William Liu)
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (Jason Xing)
- ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add (Heminhong)
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (Dan Carpenter) [Orabug: 38343661]
- scsi: qla4xxx: Prevent a potential error pointer dereference (Dan Carpenter) [Orabug: 38401514] {CVE-2025-39676}
- usb: xhci: Fix slot_id resource race conflict (Weitao Wang)
- nfs: fix UAF in direct writes (Josef Bacik) [Orabug: 36596831] {CVE-2024-26958}
- NFS: Fix up commit deadlocks (Trond Myklebust)
- cifs: Fix UAF in cifs_demultiplex_thread() (Zhang Xiaoxu)
- Bluetooth: fix use-after-free in device_for_each_child() (Dmitry Antipov) [Orabug: 37433654] {CVE-2024-53237}
- act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti) [Orabug: 34882838] {CVE: CVE-2022-4269}
- net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti)
- net/sched: act_mirred: refactor the handle of xmit (Wenxu)
- selftests: forwarding: tc_actions.sh: add matchall mirror test (Jiri Pirko)
- net: sched: don't expose action qstats to skb_tc_reinsert() (Vlad Buslov)
- net: sched: extract qstats update code into functions (Vlad Buslov)
- net: sched: extract bstats update code into function (Vlad Buslov)
- net: sched: extract common action counters update code into function (Vlad Buslov)
- mm: perform the mapping_map_writable() check after call_mmap() (Lorenzo Stoakes)
- mm: update memfd seal write check to include F_SEAL_WRITE (Lorenzo Stoakes)
- mm: drop the assumption that VM_SHARED always implies writable (Lorenzo Stoakes)
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37908492] {CVE-2025-37798}
- sch_qfq: make qfq_qlen_notify() idempotent (Cong Wang)
- sch_hfsc: make hfsc_qlen_notify() idempotent (Cong Wang) [Orabug: 38158396] {CVE-2025-38177}
- sch_drr: make drr_qlen_notify() idempotent (Cong Wang)
- btrfs: populate otime when logging an inode item (Qu Wenruo)
- media: venus: hfi: explicitly release IRQ during teardown (Jorge Ramirez-Ortiz)
- f2fs: fix to avoid out-of-boundary access in dnode page (Chao Yu)
- media: venus: protect against spurious interrupts during probe (Jorge Ramirez-Ortiz)
- media: qcom: camss: cleanup media device allocated resource on error path (Vladimir Zapolskiy)
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. (Ricardo Ribalda)
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (Imre Deak)
- pwm: mediatek: Fix duty and period setting (Uwe Kleine-Konig)
- pwm: mediatek: Handle hardware enable and clock enable separately (Uwe Kleine-Konig)
- pwm: mediatek: Implement .apply() callback (Uwe Kleine-Konig)
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (Gui-Dong Han) [Orabug: 38401677] {CVE-2025-39713}
- media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() (Sakari Ailus)
- media: v4l2-ctrls: always copy the controls on completion (Hans Verkuil)
- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig (Damien Le Moal)
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header (Bjorn Andersson) [Orabug: 38423524] {CVE-2025-39787}
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (Meagan Lloyd)
- usb: musb: omap2430: fix device leak at unbind (Johan Hovold)
- NFS: Fix the setting of capabilities when automounting a new filesystem (Trond Myklebust) [Orabug: 38429211] {CVE-2025-39798}
- NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() (Trond Myklebust)
- NFSv4: Fix nfs4_bitmap_copy_adjust() (Trond Myklebust)
- usb: typec: fusb302: cache PD RX state (Sebastian Reichel)
- cdc-acm: fix race between initial clearing halt and open (Oliver Neukum)
- USB: cdc-acm: do not log successful probe on later errors (Johan Hovold)
- mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock (Breno Leitao)
- mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t (He Zhe)
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (Geoffrey D. Bennett)
- x86/fpu: Delay instruction pointer fixup until after warning (Dave Hansen)
- mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery (Andy Shevchenko)
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38395081,38501612] {CVE-2025-38724}
- pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov (Maulik Shah)
- tracing: Add down_write(trace_event_sem) when adding trace event (Steven Rostedt) [Orabug: 38324271] {CVE-2025-38539}
- usb: hub: Don't try to recover devices lost during warm reset. (Mathias Nyman)
- usb: hub: avoid warm port reset during USB3 disconnect (Mathias Nyman)
- x86/mce/amd: Add default names for MCA banks and blocks (Yazen Ghannam)
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (Zhang Lixu)
- f2fs: fix to do sanity check on ino and xnid (Chao Yu)
- mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n (Harry Yoo)
- mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() (Miaohe Lin)
- drm/sched: Remove optimization that causes hang when killing dependent jobs (Lin Cao)
- ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (Haoxiang Li) [Orabug: 38351930] {CVE-2025-38664}
- net: usbnet: Fix the wrong netif_carrier_on() call (Ammar Faizi)
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (John Ernberg)
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (Lukas Wunner)
- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (Li Zhong)
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (Ian Abbott)
- comedi: Fix initialization of data for instructions that write to subdevice (Ian Abbott)
- kbuild: Add KBUILD_CPPFLAGS to as-option invocation (Nathan Chancellor)
- kbuild: add to KBUILD_CPPFLAGS (Masahiro Yamada)
- kbuild: Add CLANG_FLAGS to as-instr (Nathan Chancellor)
- mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation (Nathan Chancellor)
- kbuild: Update assembler calls to use proper flags and language target (Nick Desaulniers)
- ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS (Nathan Chancellor)
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (Kuen-Han Tsai)
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (Zenm Chen)
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (Thorsten Blum)
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (Mael Guerin)
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (Miao Li)
- iio: proximity: isl29501: fix buffered read on big-endian systems (David Lechner)
- ftrace: Also allocate and copy hash for reading of filter files (Steven Rostedt) [Orabug: 38401581] {CVE-2025-39689}
- fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() (Xu Yilun)
- use uniform permission checks for all mount propagation changes (Al Viro)
- move_mount: allow to add a mount into an existing group (Pavel Tikhomirov)
- fs/buffer: fix use-after-free when call bh_read() helper (Ye Bin) [Orabug: 38401587] {CVE-2025-39691}
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (Timur Kristof)
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (Timur Kristof)
- memstick: Fix deadlock by moving removing flag earlier (Jiayi Li)
- media: venus: Add a check for packet size after reading from shared memory (Vedang Nagar)
- media: ov2659: Fix memory leaks in ov2659_probe() (Zhang Shurong)
- media: usbtv: Lock resolution while streaming (Ludwig Disterhof) [Orabug: 38401684] {CVE-2025-39714}
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (Haoxiang Li)
- media: gspca: Add bounds checking to firmware parser (Dan Carpenter)
- soc/tegra: pmc: Ensure power-domains are in a known state (Jonathan Hunter)
- jbd2: prevent softlockup in jbd2_log_do_checkpoint() (Baokun Li) [Orabug: 38423509] {CVE-2025-39782}
- PCI: endpoint: Fix configfs group removal on driver teardown (Damien Le Moal)
- PCI: endpoint: Fix configfs group list head handling (Damien Le Moal)
- mtd: rawnand: fsmc: Add missing check after DMA map (Thomas Fourier)
- pwm: imx-tpm: Reset counter if CMOD is 0 (Laurentiu Mihalcea)
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (Nathan Chancellor)
- zynq_fpga: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- ata: libata-scsi: Fix ata_to_sense_error() status handling (Damien Le Moal)
- ext4: fix reserved gdt blocks handling in fsmap (Ojaswin Mujoo)
- ext4: fix fsmap end of range reporting with bigalloc (Ojaswin Mujoo)
- ext4: check fast symlink for ea_inode correctly (Andreas Dilger)
- vt: defkeymap: Map keycodes above 127 to K_HOLE (Myrrh Periwinkle)
- vt: keyboard: Don't process Unicode characters in K_OFF mode (Myrrh Periwinkle)
- usb: dwc3: meson-g12a: fix device leaks at unbind (Johan Hovold)
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (Johan Hovold)
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (Nathan Chancellor)
- m68k: Fix lost column on framebuffer debug console (Finn Thain)
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (Dan Carpenter)
- serial: 8250: fix panic due to PSLVERR (Yunhui Cui) [Orabug: 38401729] {CVE-2025-39724}
- media: uvcvideo: Do not mark valid metadata as invalid (Ricardo Ribalda)
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Youngjun Lee) [Orabug: 38394816] {CVE-2025-38680}
- mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() (Waiman Long)
- parisc: Makefile: fix a typo in palo.conf (Randy Dunlap)
- btrfs: fix log tree replay failure due to file with 0 links and extents (Filipe Manana)
- thunderbolt: Fix copy+paste error in match_service_id() (Eric Biggers)
- comedi: fix race between polling and detaching (Ian Abbott)
- misc: rtsx: usb: Ensure mmc child device is active when card is present (Ricky Wu)
- drm/amdgpu: fix incorrect vm flags to map bo (Jack Xiao)
- scsi: lpfc: Remove redundant assignment to avoid memory leak (Jiasheng Jiang)
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (Meagan Lloyd)
- pNFS: Fix uninited ptr deref in block/scsi layout (Sergey Bashirov) [Orabug: 38394867] {CVE-2025-38691}
- pNFS: Handle RPC size limit for layoutcommits (Sergey Bashirov)
- pNFS: Fix disk addr range check in block/scsi layout (Sergey Bashirov)
- pNFS: Fix stripe mapping in block/scsi layout (Sergey Bashirov)
- net: phy: smsc: add proper reset flags for LAN8710A (Csaba Buday)
- ipmi: Fix strcpy source and destination the same (Corey Minyard)
- kconfig: lxdialog: fix 'space' to (de)select options (Yann E. MORIN)
- kconfig: gconf: fix potential memory leak in renderer_edited() (Masahiro Yamada)
- kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() (Masahiro Yamada)
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (Breno Leitao)
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (John Garry)
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (Ranjan Kumar)
- kconfig: nconf: Ensure null termination where strncpy is used (Shankari Anand)
- kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c (Suchit Karunakaran)
- i3c: don't fail if GETHDRCAP is unsupported (Wolfram Sang)
- PCI: pnv_php: Work around switches with broken presence detection (Timothy Pearson)
- i3c: add missing include to internal header (Wolfram Sang)
- media: uvcvideo: Fix bandwidth issue for Alcor camera (Chenchangcheng)
- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (Alex Guo) [Orabug: 38394880] {CVE-2025-38693}
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (Alex Guo) [Orabug: 38394887] {CVE-2025-38694}
- media: usb: hdpvr: disable zero-length read messages (Wolfram Sang)
- media: tc358743: Increase FIFO trigger level to 374 (Dave Stevenson)
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (Dave Stevenson)
- media: tc358743: Check I2C succeeded during probe (Dave Stevenson)
- pinctrl: stm32: Manage irq affinity settings (Cheick Traore)
- scsi: mpt3sas: Correctly handle ATA device errors (Damien Le Moal)
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (Justin Tee) [Orabug: 38394894] {CVE-2025-38695}
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (Yury Norov) [Orabug: 38423286] {CVE-2025-39742}
- MIPS: Don't crash in stack_top() for tasks without ABI or vDSO (Thomas Weissschuh)
- jfs: upper bound check of tree index in dbAllocAG (Arnaud Lecomte)
- jfs: Regular file corruption check (Edward Adam Davis)
- jfs: truncate good inode pages when hard link is 0 (Lizhi Xu)
- scsi: bfa: Double-free fix (Jackysliu) [Orabug: 38394925] {CVE-2025-38699}
- MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} (Shiji Yang)
- watchdog: dw_wdt: Fix default timeout (Sebastian Reichel)
- fs/orangefs: use snprintf() instead of sprintf() (Amir Mohammad Jahangirzad)
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Showrya M N) [Orabug: 38394931] {CVE-2025-38700}
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (Theodore Ts'O) [Orabug: 38394937] {CVE-2025-38701}
- cifs: Fix calling CIFSFindFirst() for root path without msearch (Pali Rohar)
- vhost: fail early when __vhost_add_used() fails (Jason Wang)
- net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 (Alvaro Fernandez Rojas)
- uapi: in6: restore visibility of most IPv6 socket options (Jakub Kicinski)
- net: ncsi: Fix buffer overflow in fetching version id (Hari Kalavakunta)
- net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 (Alvaro Fernandez Rojas)
- net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 (Alvaro Fernandez Rojas)
- net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs (Gal Pressman)
- wifi: iwlegacy: Check rate_idx range after addition (Stanislaw Gruszka)
- netmem: fix skb_frag_address_safe with unreadable skbs (Mina Almasry)
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_rx_interrupt(). (Thomas Fourier)
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (Anjaneyulu)
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (Rand Deeb)
- net: fec: allow disable coalescing (Jonas Rebmann)
- (powerpc/512) Fix possible dma_unmap_single() on uninitialized pointer (Thomas Fourier)
- s390/stp: Remove udelay from stp_sync_clock() (Sven Schnelle)
- wifi: iwlwifi: mvm: fix scan request validation (Avraham Stern)
- net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() (Alok Tiwari)
- net: ipv4: fix incorrect MTU in broadcast routes (Oscar Maes)
- wifi: cfg80211: Fix interface type validation (Ilan Peer)
- rcu: Protect ->defer_qs_iw_pending from data race (Paul E. McKenney) [Orabug: 38423341] {CVE-2025-39749}
- net: ag71xx: Add missing check after DMA map (Thomas Fourier)
- et131x: Add missing check after DMA map (Thomas Fourier)
- be2net: Use correct byte order and format string for TCP seq and ack_seq (Alok Tiwari)
- s390/time: Use monotonic clock in get_cycles() (Sven Schnelle)
- wifi: cfg80211: reject HTC bit for management frames (Johannes Berg)
- ktest.pl: Prevent recursion of default variable options (Steven Rostedt)
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (Xinxin Wan)
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (Cristian Ciocaltea)
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (Lucy Thrun)
- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (Kees Cook)
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (Gautham R. Shenoy)
- usb: core: usb_submit_urb: downgrade type check (Oliver Neukum)
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (Alok Tiwari)
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (Mark Brown)
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (Ulf Hansson)
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (Breno Leitao)
- ACPI: processor: fix acpi_object initialization (Sebastian Ott)
- PM: sleep: console: Fix the black screen issue (Tuhaowen)
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (Hsin-Te Yuan)
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (Rafael J. Wysocki)
- selftests: tracing: Use mutex_unlock for testing glob filter (Masami Hiramatsu)
- ARM: tegra: Use I/O memcpy to write to IRAM (Aaron Kling)
- gpio: tps65912: check the return value of regmap_update_bits() (Bartosz Golaszewski)
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (Kuninori Morimoto)
- ARM: rockchip: fix kernel hang during smp initialization (Alexander Kochetkov)
- cpufreq: Exit governor when failed to start old governor (Lifeng Zheng)
- usb: xhci: Avoid showing errors during surprise removal (Mario Limonciello)
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (Jay Chen)
- usb: xhci: Avoid showing warnings for dying controller (Mario Limonciello)
- selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t (Cynthia Huang)
- usb: xhci: print xhci->xhc_state when queue_command failed (Su Hui)
- securityfs: don't pin dentries twice, once is enough... (Al Viro)
- hfs: fix not erasing deleted b-tree node issue (Viacheslav Dubeyko)
- drbd: add missing kref_get in handle_write_conflicts (Sarah Newman) [Orabug: 38394995] {CVE-2025-38708}
- udf: Verify partition map count (Jan Kara)
- arm64: Handle KCOV __init vs inline mismatches (Kees Cook)
- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() (Tetsuo Handa)
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (Viacheslav Dubeyko)
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (Viacheslav Dubeyko)
- hfs: fix slab-out-of-bounds in hfs_bnode_read() (Viacheslav Dubeyko)
- sctp: linearize cloned gso packets in sctp_rcv (Xin Long) [Orabug: 38395059] {CVE-2025-38718}
- netfilter: ctnetlink: fix refcount leak on table dump (Florian Westphal) [Orabug: 38395068] {CVE-2025-38721}
- udp: also consider secpath when evaluating ipsec use for checksumming (Sabrina Dubroca)
- ACPI: processor: perflib: Move problematic pr->performance check (Rafael J. Wysocki)
- ACPI: processor: perflib: Fix initial _PPC limit application (Jiayi Li)
- Documentation: ACPI: Fix parent device references (Andy Shevchenko)
- fs: Prevent file descriptor table allocations exceeding INT_MAX (Sasha Levin) [Orabug: 38423397] {CVE-2025-39756}
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (Ma Ke)
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (Dai Ngo)
- net: dpaa: fix device leak when querying time stamp info (Johan Hovold)
- net: gianfar: fix device leak when querying time stamp info (Johan Hovold)
- netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38401319] {CVE-2025-38727}
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Takashi Iwai) [Orabug: 38423407] {CVE-2025-39757}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Takashi Iwai) [Orabug: 38395101] {CVE-2025-38729}
- io_uring: don't use int for ABI (Pavel Begunkov)
- usb: gadget : fix use-after-free in composite_dev_cleanup() (Taoxue) [Orabug: 38334898] {CVE-2025-38555}
- MIPS: mm: tlb-r4k: Uniquify TLB entries on init (Jiaxun Yang)
- USB: serial: option: add Foxconn T99W709 (Slark Xiao)
- vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38351771,38453914] {CVE-2025-38618}
- net/packet: fix a race in packet_set_ring() and packet_notifier() (Quang Le) [Orabug: 38351764] {CVE-2025-38617}
- perf/core: Prevent VMA split of buffer mappings (Thomas Gleixner) [Orabug: 38334948] {CVE-2025-38563}
- perf/core: Exit early on perf_mmap() fail (Thomas Gleixner) [Orabug: 38334959] {CVE-2025-38565}
- perf/core: Don't leak AUX buffer refcount on allocation failure (Thomas Gleixner)
- pptp: fix pptp_xmit() error path (Eric Dumazet)
- smb: client: let recv_done() cleanup before notifying the callers. (Stefan Metzmacher)
- benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334976] {CVE-2025-38569}
- net: drop UFO packets in udp_rcv_segment() (Wang Liang) [Orabug: 38351786] {CVE-2025-38622}
- ipv6: reject malicious packets in ipv6_gso_segment() (Eric Dumazet) [Orabug: 38334988] {CVE-2025-38572}
- pptp: ensure minimal skb length in pptp_xmit() (Eric Dumazet) [Orabug: 38335004] {CVE-2025-38574}
- netpoll: prevent hanging NAPI when netcons gets enabled (Jakub Kicinski)
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (Trond Myklebust) [Orabug: 38401745] {CVE-2025-39730}
- pci/hotplug/pnv-php: Wrap warnings in macro (Frederic Barrat)
- pci/hotplug/pnv-php: Improve error msg on power state change failure (Frederic Barrat)
- usb: chipidea: udc: fix sleeping function called from invalid context (Peter Chen)
- f2fs: fix to avoid out-of-boundary access in devs.path (Chao Yu)
- f2fs: fix to avoid panic in f2fs_evict_inode (Chao Yu)
- f2fs: fix to avoid UAF in f2fs_sync_inode_meta() (Chao Yu)
- rtc: pcf8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: hym8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: ds1307: fix incorrect maximum clock rate handling (Brian Masney)
- module: Restore the moduleparam prefix length check (Petr Pavlu)
- bpf: Check flow_dissector ctx accesses are aligned (Paul Chaignon)
- mtd: rawnand: atmel: set pmecc data setup time (Balamanikandan Gunasundar)
- mtd: rawnand: atmel: Fix dma_mapping_error() address (Thomas Fourier)
- jfs: fix metapage reference count leak in dbAllocCtl (Zheng Yu)
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (Chenyuan Yang)
- crypto: qat - fix seq_file position update in adf_ring_next() (Giovanni Cabiddu)
- dmaengine: nbpfaxi: Add missing check after DMA map (Thomas Fourier)
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (Thomas Fourier)
- fs/orangefs: Allow 2 more characters in do_c_string() (Dan Carpenter)
- soundwire: stream: restore params when prepare ports fail (Bard Liao)
- crypto: img-hash - Fix dma_unmap_sg() nents value (Thomas Fourier)
- hwrng: mtk - handle devm_pm_runtime_enable errors (Ovidiu Panait)
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (Dan Carpenter)
- scsi: isci: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: mvsas: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (Thomas Fourier)
- clk: sunxi-ng: v3s: Fix de clock definition (Paul Kocialkowski)
- perf tests bp_account: Fix leaked file descriptor (Leo Yan)
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (Mengbiao Xiong)
- pinctrl: sunxi: Fix memory leak on krealloc failure (Yuan Chen)
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (Charles Han)
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (Henry Martin)
- mtd: fix possible integer overflow in erase_xfer() (Ivan Stepchenko)
- crypto: marvell/cesa - Fix engine load inaccuracy (Herbert Xu)
- PCI: rockchip-host: Fix 'Unexpected Completion' log message (Hans Zhang)
- vrf: Drop existing dst reference in vrf_ip6_input_dst (Stanislav Fomichev)
- selftests: rtnetlink.sh: remove esp4_offload after test (Xiumei Mu)
- netfilter: xt_nfacct: don't assume acct name is null-terminated (Florian Westphal) [Orabug: 38351854] {CVE-2025-38639}
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (Jimmy Assarsson)
- can: kvaser_pciefd: Store device channel index (Jimmy Assarsson)
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (Gokul Sivakumar)
- Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (Remi Pommarel)
- mwl8k: Add missing check after DMA map (Thomas Fourier)
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (Martin Kaistra)
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (William Liu) [Orabug: 38331466] {CVE-2025-38553}
- arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX (Johan Korsnes)
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (Fedor Pchelkin)
- m68k: Don't unregister boot console needlessly (Finn Thain)
- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range (Xin Guo)
- iwlwifi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang) [Orabug: 38335110] {CVE-2025-38602}
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (Xiu Jianfeng)
- wifi: rtl818x: Kill URBs before clearing tx status queue (Daniil Dulov) [Orabug: 38335120] {CVE-2025-38604}
- caif: reduce stack size, again (Arnd Bergmann)
- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (Yuan Chen)
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (Jiayuan Chen) [Orabug: 38335131] {CVE-2025-38608}
- staging: nvec: Fix incorrect null termination of battery manufacturer (Alok Tiwari)
- samples: mei: Fix building on musl libc (Brahmajit Das)
- cpufreq: Init policy->rwsem before it may be possibly used (Lifeng Zheng)
- ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface (Annette Kobou)
- usb: early: xhci-dbc: Fix early_ioremap leak (Lucas De Marchi)
- Revert 'vmci: Prevent the dispatching of uninitialized payloads' (Greg Kroah-Hartman)
- pps: fix poll support (Denis Osterland-Heim)
- vmci: Prevent the dispatching of uninitialized payloads (Lizhi Xu)
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (Abdun Nihaal) [Orabug: 38335153] {CVE-2025-38612}
- ARM: dts: vfxxx: Correctly use two tuples for timer address (Krzysztof Kozlowski)
- hfsplus: remove mutex_lock check in hfsplus_free_extents (Yangtao Li)
- ASoC: Intel: fix SND_SOC_SOF dependencies (Arnd Bergmann)
- ethernet: intel: fix building with large NR_CPUS (Arnd Bergmann)
- usb: phy: mxs: disconnect line when USB charger is attached (Xu Yang)
- usb: chipidea: add USB PHY event (Xu Yang)
- usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use (Peter Chen)
- usb: chipidea: udc: protect usb interrupt enable (Li Jun)
- usb: chipidea: udc: add new API ci_hdrc_gadget_connect (Peter Chen)
- ALSA: hda: Add missing NVIDIA HDA codec IDs (Daniel Dadap)
- comedi: comedi_test: Fix possible deletion of uninitialized timers (Ian Abbott)
- nilfs2: reject invalid file types when reading inodes (Ryusuke Konishi)
- i2c: qup: jump out of the loop in case of timeout (Yang Xiwen) [Orabug: 38351994] {CVE-2025-38671}
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (Xiang Mei)
- net: appletalk: Fix use-after-free in AARP proxy probe (Kito Xu)
- net: appletalk: fix kerneldoc warnings (Andrew Lunn)
- RDMA/core: Rate limit GID cache warning messages (Maor Gottlieb)
- regulator: core: fix NULL dereference on unbind due to stale coupling data (Alessandro Carminati) [Orabug: 38351978] {CVE-2025-38668}
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (Mathias Nyman)
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (Mathias Nyman)
- net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158477] {CVE-2025-38193}
- power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition (Zheng Wang)
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (Minghao Chi)
- power: supply: bq24190_charger: Fix runtime PM imbalance on error (Dinghao Liu)
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (Hongyu Xie)
- virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug: 38253834] {CVE-2025-38375}
- ASoC: fsl_sai: Force a software reset when starting in consumer mode (Arun Raghavan)
- usb: dwc3: qcom: Don't leave BCR asserted (Krishna Kurapati)
- usb: musb: fix gadget state on disconnect (Drew Hamilton)
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (William Liu) [Orabug: 38254214] {CVE-2025-38468}
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (Dong Chenchen) [Orabug: 38254225] {CVE-2025-38470}
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (Luiz Augusto von Dentz)
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (Luiz Augusto von Dentz)
- Bluetooth: SMP: If an unallowed command is received consider it a failure (Luiz Augusto von Dentz)
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (Kuniyuki Iwashima) [Orabug: 38254241] {CVE-2025-38473}
- usb: net: sierra: check for no status endpoint (Oliver Neukum) [Orabug: 38254249] {CVE-2025-38474}
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (Xiang Mei) [Orabug: 38254266] {CVE-2025-38477}
- net: emaclite: Fix missing pointer increment in aligned_read() (Alok Tiwari)
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (Ian Abbott)
- comedi: Fix some signed shift left operations (Ian Abbott)
- comedi: das6402: Fix bit shift out of bounds (Ian Abbott)
- comedi: das16m1: Fix bit shift out of bounds (Ian Abbott)
- comedi: aio_iiro_16: Fix bit shift out of bounds (Ian Abbott)
- comedi: pcl812: Fix bit shift out of bounds (Ian Abbott)
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (Chen Ni)
- iio: adc: max1363: Reorder mode_list[] entries (Fabio Estevam)
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (Fabio Estevam)
- soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled (Andrew Jeffery)
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (Andrew Jeffery)
- mmc: sdhci_am654: Workaround for Errata i2312 (Judith Mendez)
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (Edson Juliano Drosdeck)
- mmc: bcm2835: Fix dma_unmap_sg() nents value (Thomas Fourier)
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (Nathan Chancellor)
- isofs: Verify inode mode when loading from disk (Jan Kara)
- dmaengine: nbpfaxi: Fix memory corruption in probe() (Dan Carpenter)
- af_packet: fix soft lockup issue caused by tpacket_snd() (Yun Lu)
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (Yun Lu)
- phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() (Nathan Chancellor)
- HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254340,38453904] {CVE-2025-38494}
- HID: core: ensure __hid_request reserves the report ID as the first byte (Benjamin Tissoires)
- HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254348,38453908] {CVE-2025-38495}
- pch_uart: Fix dma_sync_sg_for_device() nents value (Thomas Fourier)
- Input: xpad - set correct controller type for Acer NGR200 (Nilton Perim Neto)
- i2c: stm32: fix the device used for the DMA map (Clement Le Goffic)
- usb: gadget: configfs: Fix OOB read on empty string write (Xinyu Liu) [Orabug: 38254358] {CVE-2025-38497}
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (Ryan Mann)
- USB: serial: option: add Foxconn T99W640 (Slark Xiao)
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (Fabio Porcedda)
- LTS tag: v5.4.296 (Sherry Yang)
- x86/mm: Disable hugetlb page table sharing on 32-bit (Jann Horn)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (Hans de Goede)
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324280] {CVE-2025-38540}
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (Zhang Heng)
- vt: add missing notification when switching back to text mode (Nicolas Pitre)
- net: usb: qmi_wwan: add SIMCom 8230C composition (Xiaowei Li)
- atm: idt77252: Add missing dma_map_error() (Thomas Fourier)
- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254090] {CVE-2025-38439}
- bnxt_en: Fix DCB ETS validation (Shravya Kn)
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (Sean Nyekjaer)
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (Oleksij Rempel)
- net: appletalk: Fix device refcount leak in atrtr_create() (Kito Xu)
- md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254109] {CVE-2025-38445}
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug: 38324161] {CVE-2025-38513}
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (Christian Konig)
- Input: xpad - support Acer NGR 200 Controller (Nilton Perim Neto)
- Input: xpad - add VID for Turtle Beach controllers (Vicki Pfau)
- Input: xpad - add support for Amazon Game Controller (Matt Reynolds)
- NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust)
- flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes (Tigran Mkrtchyan)
- RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad)
- netlink: Fix rmem check in netlink_broadcast_deliver(). (Kuniyuki Iwashima)
- netlink: make sure we allow at least one dump skb (Jakub Kicinski)
- Revert 'ACPI: battery: negate current when discharging' (Rafael J. Wysocki)
- usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254118] {CVE-2025-38448}
- drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324180] {CVE-2025-38515}
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324186] {CVE-2025-38516}
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (Jp Kobryn)
- x86/mce: Don't remove sysfs if thresholding sysfs init fails (Yazen Ghannam)
- x86/mce/amd: Fix threshold limit reset (Yazen Ghannam)
- rxrpc: Fix oops due to non-existence of prealloc backlog struct (David Howells)
- net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254147] {CVE-2025-38457}
- atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254153] {CVE-2025-38458}
- atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254161] {CVE-2025-38459}
- atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324309] {CVE-2025-38546}
- atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254167] {CVE-2025-38460}
- tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254181] {CVE-2025-38464}
- netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254188] {CVE-2025-38465}
- fix proc_sys_compare() handling of in-lookup dentries (Al Viro)
- proc: Clear the pieces of proc_inode that proc_evict_inode cares about (Eric W. Biederman)
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug: 38254203] {CVE-2025-38467}
- staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (Nathan Chancellor)
- media: uvcvideo: Rollback non processed entities on error (Ricardo Ribalda)
- media: uvcvideo: Send control events for partial succeeds (Ricardo Ribalda)
- media: uvcvideo: Return the number of processed controls (Ricardo Ribalda)
- ACPI: PAD: fix crash in exit_round_robin() (Seiji Nishikawa) [Orabug: 37206006] {CVE-2024-49935}
- usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38401436] {CVE-2025-38404}
- Logitech C-270 even more broken (Oliver Neukum)
- rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju)
- net: rose: Fix fall-through warnings for Clang (Gustavo A R Silva)
- drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253887] {CVE-2025-38389}
- drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter)
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark)
- spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (Vladimir Oltean)
- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (Vladimir Oltean)
- dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai)
- ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier)
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (Filipe Manana)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (Filipe Manana)
- RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad)
- RDMA/core: Create and destroy counters in the ib_core (Leon Romanovsky)
- scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche)
- drm/v3d: Disable interrupts before resetting the GPU (Maira Canal)
- mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky)
- mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu)
- mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() (Yue Hu)
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253907] {CVE-2025-38395}
- regulator: gpio: Add input_supply support in gpio_regulator_config (Jerome Neanne)
- ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253875] {CVE-2025-38386}
- wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253946] {CVE-2025-38406}
- wifi: mac80211: drop invalid source address OCB frames (Johannes Berg)
- powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan)
- ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg)
- ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai)
- nui: Fix dma_mapping_error() check (Thomas Fourier)
- enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari)
- amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju)
- lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter)
- drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski)
- btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana)
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier)
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253923] {CVE-2025-38400}
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253881] {CVE-2025-38387}
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson)
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu)
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253894] {CVE-2025-38391}
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih)
- vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253937] {CVE-2025-38403}
- btrfs: don't abort filesystem when attempting to snapshot deleted subvolume (Omar Sandoval) [Orabug: 36530119] {CVE-2024-26644}
- arm64: Restrict pagetable teardown to avoid false warning (Dev Jain)
- s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS (Nathan Chancellor)
- drm/bridge: cdns-dsi: Check return value when getting default PHY config (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix connecting to next bridge (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (Aradhya Bhatia)
- drm/tegra: Assign plane type before registration (Thierry Reding)
- HID: wacom: fix kobject reference count leak (Qasim Ijaz)
- HID: wacom: fix memory leak on sysfs attribute creation failure (Qasim Ijaz)
- HID: wacom: fix memory leak on kobject creation failure (Qasim Ijaz)
- dm-raid: fix variable in journal device check (Heinz Mauelshagen)
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (Frederic Danis)
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug: 38175045] {CVE-2025-38245}
- net: enetc: Correct endianness handling in _enetc_rd_reg64 (Simon Horman)
- um: ubd: Add missing error check in start_io_thread() (Tiwei Bie)
- vsock/uapi: fix linux/vm_sockets.h userspace compilation errors (Stefano Garzarella)
- wifi: mac80211: fix beacon interval calculation overflow (Lachlan Hodges)
- attach_recursive_mnt(): do not lock the covering tree when sliding something under it (Al Viro)
- ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug: 38175065] {CVE-2025-38249}
- i2c: robotfuzz-osif: disable zero-length read messages (Wolfram Sang)
- i2c: tiny-usb: disable zero-length read messages (Wolfram Sang)
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug: 38158592] {CVE-2025-38211}
- RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private (Weihang Li)
- media: vivid: Change the siize of the composing (Denis Arefev)
- media: omap3isp: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158692] {CVE-2025-38229}
- media: cxusb: use dev_dbg() rather than hand-rolled debug (Sean Young)
- jfs: validate AG parameters in dbMount() to prevent crashes (Vasiliy Kovalev)
- fs/jfs: consolidate sanity checking in dbMount (Dave Kleikamp)
- ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (Martin Blumenstingl)
- of: Add of_property_present() helper (Rob Herring)
- of: property: define of_property_read_u{8,16,32,64}_array() unconditionally (Michael Walle)
- kbuild: hdrcheck: fix cross build with clang (Arnd Bergmann)
- kbuild: add --target to correctly cross-compile UAPI headers with Clang (Masahiro Yamada)
- bpfilter: match bit size of bpfilter_umh to that of the kernel (Masahiro Yamada)
- kbuild: use -MMD instead of -MD to exclude system headers from dependency (Masahiro Yamada)
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152869] {CVE-2025-38102}
- VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF (George Kennedy)
- ovl: Check for NULL d_inode() in ovl_dentry_upper() (Kees Cook)
- ceph: fix possible integer overflow in ceph_zero_objects() (Dmitry Kandybka)
- ALSA: hda: Ignore unsol events for cards being shut down (Cezary Rojewski)
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (Jos Wang)
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (Robert Hodaszi)
- usb: Add checks for snprintf() calls in usb_alloc_dev() (Andy Shevchenko)
- tty: serial: uartlite: register uart driver in init (Jakub Lewalski)
- usb: potential integer overflow in usbg_make_tpg() (Chen Yufeng)
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (Jonathan Cameron)
- md/md-bitmap: fix dm-raid max_write_behind setting (Yu Kuai)
- dmaengine: xilinx_dma: Set dma_device directions (Thomas Gessler)
- mfd: max14577: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- mailbox: Not protect module_put with spin_lock_irqsave (Peng Fan)
- cifs: Fix cifs_query_path_info() for Windows NT servers (Pali Rohar)

Grafana and Kernel updates for AlmaLinux

Govulncheck-vulndb and Thunderbird updates for SUSE

Kernel, Firmware, X11, and more updates for Oracle Linux

ELSA-2025-28049 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

ELBA-2025-28050 Oracle Linux 7 linux-firmware bug fix update

ELSA-2025-22040 Low: Oracle Linux 7 xorg-x11-server security update

ELBA-2025-23156 Oracle Linux 10 ipmitool bug fix and enhancement update

ELBA-2025-19549 Oracle Linux 10 linux-firmware bug fix and enhancement update

ELSA-2025-28048 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

ELSA-2025-23109 Moderate: Oracle Linux 9 mysql security update

ELSA-2025-23142 Important: Oracle Linux 9 wireshark security update

ELSA-2025-23111 Moderate: Oracle Linux 9 mysql:8.4 security update

ELSA-2025-28048 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

ELSA-2025-23063 Moderate: Oracle Linux 9 ruby:3.3 security update

ELBA-2025-19540 Oracle Linux 9 linux-firmware bug fix and enhancement update

ELSA-2025-28048 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELSA-2025-28049 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELBA-2025-21071 Oracle Linux 8 gcc-toolset-15-gcc bug fix and enhancement update

ELSA-2025-23137 Moderate: Oracle Linux 8 mysql:8.4 security update

ELSA-2025-23134 Moderate: Oracle Linux 8 mysql:8.0 security update

ELEA-2025-21074 Oracle Linux 8 gcc-toolset-15-gdb bug fix and enhancement update

ELBA-2025-21075 Oracle Linux 8 gcc-toolset-15-binutils bug fix and enhancement update

ELBA-2025-21078 Oracle Linux 8 gcc-toolset-15-annobin bug fix and enhancement update

ELBA-2025-21077 Oracle Linux 8 gcc-toolset-15-dwz bug fix and enhancement update

ELBA-2025-21076 Oracle Linux 8 gcc-toolset-15 bug fix and enhancement update

ELBA-2025-19558 Oracle Linux 8 linux-firmware bug fix and enhancement update

ELBA-2025-17417 Oracle Linux 8 linux-firmware bug fix and enhancement update

ELSA-2025-28049 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Windows

Linux

macOS

Community