Kernel, ModSecurity, Grafana, and more updates for Oracle Linux

Oracle Linux 6346 Published 2025-06-14 08:05 by Philipp Esselbach

News

ELSA-2025-20368 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-20368

http://linux.oracle.com/errata/ELSA-2025-20368.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-core-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-debug-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-devel-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-doc-6.12.0-100.28.2.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-100.28.2.el9uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-100.28.2.el9uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-core-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-debug-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-devel-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-modules-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek64k-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek64k-core-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-100.28.2.el9uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-100.28.2.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-6.12.0-100.28.2.el9uek.src.rpm

Related CVEs:

CVE-2024-28956

Description of changes:

[6.12.0-100.28.2.el9uek]
- sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash (Omar Sandoval)
- certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967533]
- Revert "block: sysfs option to change ioticks granularity" (Gulam Mohamed) [Orabug: 37921776]
- RDS: use pin_user_pages_fast() (Stephen Brennan) [Orabug: 37968545]

[6.12.0-100.28.1.el9uek]
- KVM: SEV: Add KVM_SEV_SNP_ENABLE_REQ_CERTS command (Michael Roth) [Orabug: 37894105]
- KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching (Michael Roth) [Orabug: 37894105]
- Revert "KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching" (Liam Merwick) [Orabug: 37894105]
- uek-rpm: Enable SECURITY_DMESG_RESTRICT in UEK8 (Harshit Mogalapalli) [Orabug: 37867042]

[6.12.0-2.28.3.el9uek]
- LTS version: v6.12.28 (Jack Vogel)
- dm: fix copying after src array boundaries (Tudor Ambarus)
- drm/amd/display: Fix slab-use-after-free in hdcp (Chris Bainbridge)
- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (Mario Limonciello)
- drivers: base: handle module_kobject creation (Shyam Saini)
- kernel: globalize lookup_or_create_module_kobject() (Shyam Saini)
- kernel: param: rename locate_module_kobject (Shyam Saini)
- Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" (Christian Hewitt)
- arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs (Christian Bruel)
- arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs (Christian Bruel)
- ARM: dts: opos6ul: add ksz8081 phy properties (Sébastien Szymanski)
- arm64: dts: imx95: Correct the range of PCIe app-reg region (Richard Zhu)
- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (Sudeep Holla)
- firmware: arm_scmi: Balance device refcount when destroying devices (Cristian Marussi)
- drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (Niranjana Vishwanathapura)
- sch_ets: make est_qlen_notify() idempotent (Cong Wang)
- sch_qfq: make qfq_qlen_notify() idempotent (Cong Wang)
- sch_hfsc: make hfsc_qlen_notify() idempotent (Cong Wang)
- sch_drr: make drr_qlen_notify() idempotent (Cong Wang)
- sch_htb: make htb_qlen_notify() idempotent (Cong Wang)
- accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW (Karol Wachowski)
- accel/ivpu: Fix locking order in ivpu_job_submit (Karol Wachowski)
- accel/ivpu: Abort all jobs after command queue unregister (Karol Wachowski)
- accel/ivpu: Update VPU FW API headers (Andrzej Kacprowski)
- accel/ivpu: Fix a typo (Andrew Kreimer)
- accel/ivpu: Use xa_alloc_cyclic() instead of custom function (Karol Wachowski)
- accel/ivpu: Make DB_ID and JOB_ID allocations incremental (Tomasz Rusinowicz)
- net: Fix the devmem sock opts and msgs for parisc (Pranjal Shrivastava)
- bcachefs: Remove incorrect __counted_by annotation (Alan Huang)
- mm, slab: clean up slab->obj_exts always (Zhenhua Huang)
- net: vertexcom: mse102x: Fix RX error handling (Stefan Wahren)
- net: vertexcom: mse102x: Add range check for CMD_RTS (Stefan Wahren)
- net: vertexcom: mse102x: Fix LEN_MASK (Stefan Wahren)
- net: vertexcom: mse102x: Fix possible stuck of SPI interrupt (Stefan Wahren)
- net: hns3: defer calling ptp_clock_register() (Jian Shen)
- net: hns3: fixed debugfs tm_qset size (Hao Lan)
- net: hns3: fix an interrupt residual problem (Yonglong Liu)
- net: hns3: store rx VLAN tag offload state for VF (Jian Shen)
- octeon_ep: Fix host hang issue during device reboot (Sathesh B Edara)
- net: fec: ERR007885 Workaround for conventional TX (Mattias Barthel)
- net: lan743x: Fix memleak issue when GSO enabled (Thangaraj Samynathan)
- ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations (Sagi Maimon)
- net: use sock_gen_put() when sk_state is TCP_TIME_WAIT (Jibin Zhang)
- bnxt_en: fix module unload sequence (Vadim Fedorenko)
- ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction (Alexander Stein)
- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (Alistair Francis)
- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (Alistair Francis)
- nvme-tcp: fix premature queue removal and I/O failover (Michael Liang)
- bnxt_en: Fix ethtool -d byte order for 32-bit values (Michael Chan)
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w (Shruti Parab)
- bnxt_en: Fix coredump logic to free allocated buffer (Shruti Parab)
- bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings() (Kashyap Desai)
- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (Somnath Kotur)
- bnxt_en: Fix ethtool selftest output in one of the failure cases (Kalesh AP)
- bnxt_en: Fix error handling path in bnxt_init_chip() (Shravya KN)
- ALSA: hda/realtek: Fix built-mic regression on other ASUS models (Takashi Iwai)
- net: ipv6: fix UDPv6 GSO segmentation with NAT (Felix Fietkau)
- net: dsa: felix: fix broken taprio gate states after clock jump (Vladimir Oltean)
- net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM (Chad Monroe)
- igc: fix lock order in igc_ptp_reset (Jacob Keller)
- idpf: protect shutdown from reset (Larysa Zaremba)
- idpf: fix potential memory leak on kcalloc() failure (Michal Swiatkowski)
- net: mdio: mux-meson-gxl: set reversed bit when using internal phy (Da Xue)
- net: dlink: Correct endianness handling of led_mode (Simon Horman)
- drm/mipi-dbi: Fix blanking for non-16 bit formats (Russell Cloran)
- drm/tests: shmem: Fix memleak (Maxime Ripard)
- nvme-pci: fix queue unquiesce check on slot_reset (Keith Busch)
- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (Takashi Iwai)
- scsi: ufs: core: Remove redundant query_complete trace (Keoseong Park)
- idpf: fix offloads support for encapsulated packets (Madhu Chittim)
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (Xuanqiang Luo)
- net_sched: qfq: Fix double list add in class with netem as child qdisc (Victor Nogueira)
- net_sched: ets: Fix double list add in class with netem as child qdisc (Victor Nogueira)
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (Victor Nogueira)
- net_sched: drr: Fix double list add in class with netem as child qdisc (Victor Nogueira)
- pds_core: remove write-after-free of client_id (Shannon Nelson)
- pds_core: specify auxiliary_device to be created (Shannon Nelson)
- pds_core: make pdsc_auxbus_dev_del() void (Shannon Nelson)
- net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array (Daniel Golle)
- net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised (Louis-Alexis Eyraud)
- net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll (Louis-Alexis Eyraud)
- rtase: Modify the condition used to detect overflow in rtase_calc_time_mitigation (Justin Lai)
- bnxt_en: improve TX timestamping FIFO configuration (Vadim Fedorenko)
- octeon_ep_vf: Resolve netdevice usage count issue (Sathesh B Edara)
- net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID (Vladimir Oltean)
- Bluetooth: L2CAP: copy RX timestamp to new fragments (Pauli Virtanen)
- Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths (Kiran K)
- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (En-Wei Wu)
- Bluetooth: btintel_pcie: Avoid redundant buffer allocation (Kiran K)
- Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync (Luiz Augusto von Dentz)
- Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver (Luiz Augusto von Dentz)
- Bluetooth: hci_conn: Remove alloc from critical section (Iulia Tanasescu)
- ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot (Venkata Prasad Potturu)
- accel/ivpu: Correct DCT interrupt handling (Karol Wachowski)
- net/mlx5: E-switch, Fix error handling for enabling roce (Chris Mi)
- net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover (Cosmin Ratiu)
- net/mlx5e: TC, Continue the attr process even if encap entry is invalid (Jianbo Liu)
- net/mlx5: E-Switch, Initialize MAC Address for Default GID (Maor Gottlieb)
- net/mlx5e: Use custom tunnel header for vxlan gbp (Vlad Dogaru)
- xsk: Fix race condition in AF_XDP generic RX path (e.kubanski)
- vxlan: vnifilter: Fix unlocked deletion of default FDB entry (Ido Schimmel)
- powerpc/boot: Fix dash warning (Madhavan Srinivasan)
- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (Murad Masimov)
- wifi: iwlwifi: fix the check for the SCRATCH register upon resume (Emmanuel Grumbach)
- wifi: iwlwifi: don't warn if the NIC is gone in resume (Emmanuel Grumbach)
- drm/i915/pxp: fix undefined reference to intel_pxp_gsccs_is_ready_for_sessions' (Chen Linxuan)
- ALSA: hda/realtek - Enable speaker for HP platform (Kailang Yang)
- ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init() (Chenyuan Yang)
- powerpc/boot: Check for ld-option support (Madhavan Srinivasan)
- pinctrl: imx: Return NULL if no group is matched and found (Hui Wang)
- book3s64/radix : Align section vmemmap start address to PAGE_SIZE (Donet Tom)
- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (Sheetal)
- ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB (Richard Fitzgerald)
- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (Geert Uytterhoeven)
- drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (Leo Li)
- tracing: Fix oob write in trace_seq_to_buffer() (Jeongjun Park)
- cpufreq: Fix setting policy limits when frequency tables are used (Rafael J. Wysocki)
- cpufreq: Avoid using inconsistent policy->min and policy->max (Rafael J. Wysocki)
- smb: client: fix zero length for mkdir POSIX create context (Jethro Donaldson)
- ksmbd: fix use-after-free in session logoff (Sean Heelan)
- ksmbd: fix use-after-free in kerberos authentication (Sean Heelan)
- ksmbd: fix use-after-free in ksmbd_session_rpc_open (Namjae Jeon)
- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (Shouye Liu)
- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (Mario Limonciello)
- iommu: Fix two issues in iommu_copy_struct_from_user() (Nicolin Chen)
- iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) (Mingcong Bai)
- iommu/arm-smmu-v3: Fix pgsize_bit for sva domains (Balbir Singh)
- iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids (Nicolin Chen)
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (Pavel Paklov)
- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (Janne Grunau)
- drm/amdgpu: Fix offset for HDP remap in nbio v7.11 (Lijo Lazar)
- dm: always update the array size in realloc_argv on success (Benjamin Marzinski)
- dm-integrity: fix a warning on invalid table line (Mikulas Patocka)
- dm-bufio: don't schedule in atomic context (LongPing Wei)
- x86/boot/sev: Support memory acceptance in the EFI stub under SVSM (Ard Biesheuvel)
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (Wentao Liang)
- tracing: Do not take trace_event_sem in print_event_fields() (Steven Rostedt)
- spi: tegra114: Don't fail set_cs_timing when delays are zero (Aaron Kling)
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (Ruslan Piasetskyi)
- mm/memblock: repeat setting reserved region nid if array is doubled (Wei Yang)
- mm/memblock: pass size instead of end to memblock_set_node() (Wei Yang)
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (Stephan Gerhold)
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload (Vishal Badole)
- perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. (Sean Christopherson)
- perf/x86/intel: Only check the group flag for X86 leader (Kan Liang)
- parisc: Fix double SIGFPE crash (Helge Deller)
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (Will Deacon)
- i2c: imx-lpi2c: Fix clock count when probe defers (Clark Wang)
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration (Niravkumar L Rabara)
- EDAC/altera: Test the correct error reg offset (Niravkumar L Rabara)
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (Philipp Stanner)
- drm/fdinfo: Protect against driver unbind (Tvrtko Ursulin)
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (Srinivas Pandruvada)
- btrfs: fix COW handling in run_delalloc_nocow() (Dave Chen)
- btrfs: adjust subpage bit start based on sectorsize (Josef Bacik)
- binder: fix offset calculation in debug log (Carlos Llamas)
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (Joachim Priesner)
- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (Geoffrey D. Bennett)
- Revert "rndis_host: Flag RNDIS modems as WWAN devices" (Christian Heusel)
- Bluetooth: btusb: Add 13 USB device IDs for Qualcomm WCN785x (Zijun Hu)
- Bluetooth: btusb: Add new VID/PID for WCN785x (Dorian Cruveiller)
- Bluetooth: btusb: Add ID 0x2c7c:0x0130 for Qualcomm WCN785x (Mark Dietzer)
- Bluetooth: btusb: Add one more ID 0x13d3:0x3623 for Qualcomm WCN785x (Zijun Hu)
- Bluetooth: btusb: Add one more ID 0x0489:0xe0f3 for Qualcomm WCN785x (Zijun Hu)
- Bluetooth: btusb: add Foxconn 0xe0fc for Qualcomm WCN785x (Aaron Ma)
- x86/PCI: Export find_cap() to be used in early PCI code (Rayan Dasoriya) [Orabug: 37383447]
- x86/quirks: Scan all busses for early PCI quirks (Rayan Dasoriya) [Orabug: 37383447]
- x86/quirks: Add parameter to clear MSIs early on boot (Rayan Dasoriya) [Orabug: 37383447]
- scsi: megaraid_sas: Driver version update to 07.734.00.00-rc1 (Chandrakanth Patil) [Orabug: 37877985]
- scsi: megaraid_sas: Make most module parameters static (Dr. David Alan Gilbert) [Orabug: 37877985]
- scsi: mpt3sas: Fix buffer overflow in mpt3sas_send_mctp_passthru_req() (Dan Carpenter) [Orabug: 37878012]
- scsi: mpt3sas: Fix spelling mistake "receveid" -> "received" (Colin Ian King) [Orabug: 37878012]
- scsi: mpt3sas: update driver version to 52.100.00.00 (Shivasharan S) [Orabug: 37878012]
- scsi: mpt3sas: Send a diag reset if target reset fails (Shivasharan S) [Orabug: 37878012]
- scsi: mpt3sas: Report driver capability as part of IOCINFO command (Shivasharan S) [Orabug: 37878012]
- scsi: mpt3sas: Add support for MCTP Passthrough commands (Shivasharan S) [Orabug: 37878012]
- scsi: mpt3sas: Update MPI headers to 02.00.62 version (Shivasharan S) [Orabug: 37878012]
- scsi: mpt3sas: Fix a locking bug in an error path (Bart Van Assche) [Orabug: 37878012]
- scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (Paul Menzel) [Orabug: 37878012]
- scsi: mpt3sas: Remove unused config functions (Dr. David Alan Gilbert) [Orabug: 37878012]
- scsi: mpt3sas: Add details to EEDPTagMode error message (Paul Menzel) [Orabug: 37878012]
- scsi: mpt3sas: Update driver version to 51.100.00.00 (Ranjan Kumar) [Orabug: 37878012]
- vhost-scsi: log event queue write descriptors (Dongli Zhang) [Orabug: 37883837]
- vhost-scsi: log control queue write descriptors (Dongli Zhang) [Orabug: 37883837]
- vhost-scsi: log I/O queue write descriptors (Dongli Zhang) [Orabug: 37883837]
- vhost-scsi: adjust vhost_scsi_get_desc() to log vring descriptors (Dongli Zhang) [Orabug: 37883837]
- vhost: modify vhost_log_write() for broader users (Dongli Zhang) [Orabug: 37883837]
- uek: kabi: update x86_64 kABI files for new symbols (Yifei Liu) [Orabug: 37899161]
- uek-rpm: Move vmxnet3 to module-core in UEK8 (Harshit Mogalapalli) [Orabug: 37908279]
- x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre) [Orabug: 37936569]
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (Pawan Gupta) [Orabug: 37920673]
- x86/bpf: Add IBHF call at end of classic BPF (Daniel Sneddon) [Orabug: 37920673]
- x86/bpf: Call branch history clearing sequence on exit (Daniel Sneddon) [Orabug: 37920673]
- selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956}
- x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956}
- x86/its: Add support for RSB stuffing mitigation (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956}
- x86/its: Add "vmexit" option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956}
- x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956}
- x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956}
- x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956}
- x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956}
- Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37945459] {CVE-2024-28956}

[6.12.0-2.27.2.el9uek]
- LTS version: v6.12.27 (Jack Vogel)
- bpf: Fix BPF_INTERNAL namespace import (Xi Ruoyao)
- LTS version: v6.12.26 (Jack Vogel)
- mq-deadline: don't call req_get_ioprio from the I/O completion handler (Christoph Hellwig)
- arm64: dts: ti: k3-j784s4-j742s2-main-common: Correct the GICD size (Keerthy)
- crypto: Kconfig - Select LIB generic option (Herbert Xu)
- usb: typec: class: Unlocked on error in typec_register_partner() (Dan Carpenter)
- objtool: Silence more KCOV warnings, part 2 (Josh Poimboeuf)
- objtool: Ignore end-of-section jumps for KCOV/GCOV (Josh Poimboeuf)
- usb: xhci: Fix Short Packet handling rework ignoring errors (Michal Pecio)
- nvme: fixup scan failure for non-ANA multipath controllers (Hannes Reinecke)
- MIPS: cm: Fix warning if MIPS_CM is disabled (Thomas Bogendoerfer)
- media: i2c: imx214: Fix uninitialized variable in imx214_set_ctrl() (Dan Carpenter)
- crypto: lib/Kconfig - Hide arch options from user (Herbert Xu)
- iommu: Handle race with default domain setup (Robin Murphy)
- net: dsa: mv88e6xxx: enable STU methods for 6320 family (Marek Behún)
- net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family (Marek Behún)
- net: dsa: mv88e6xxx: enable PVT for 6321 switch (Marek Behún)
- net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family (Marek Behún)
- Revert "net: dsa: mv88e6xxx: fix internal PHYs for 6320 family" (Marek Behún)
- usb: typec: class: Invalidate USB device pointers on partner unregistration (Andrei Kuchynski)
- ext4: goto right label 'out_mmap_sem' in ext4_setattr() (Baokun Li)
- comedi: jr3_pci: Fix synchronous deletion of timer (Ian Abbott)
- vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (Daniel Borkmann)
- usb: typec: class: Fix NULL pointer access (Andrei Kuchynski)
- selftests/bpf: Adjust data size to have ETH_HLEN (Shigeru Yoshida)
- selftests/bpf: check program redirect in xdp_cpumap_attach (Alexis Lothoré (eBPF Foundation))
- selftests/bpf: make xdp_cpumap_attach keep redirect prog attached (Alexis Lothoré (eBPF Foundation))
- selftests/bpf: fix bpf_map_redirect call for cpu map test (Alexis Lothoré (eBPF Foundation))
- xfs: flush inodegc before swapon (Christoph Hellwig)
- xfs: rename xfs_iomap_swapfile_activate to xfs_vm_swap_activate (Christoph Hellwig)
- xfs: Do not allow norecovery mount with quotacheck (Carlos Maiolino)
- xfs: do not check NEEDSREPAIR if ro,norecovery mount. (Lukas Herbolt)
- driver core: fix potential NULL pointer dereference in dev_uevent() (Dmitry Torokhov)
- driver core: introduce device_set_driver() helper (Dmitry Torokhov)
- Revert "drivers: core: synchronize really_probe() and dev_uevent()" (Dmitry Torokhov)
- spi: spi-imx: Add check for spi_imx_setupxfer() (Tamura Dai)
- drm/amdgpu: Use the right function for hdp flush (Lijo Lazar)
- drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4 (Christian König)
- md/raid1: Add check for missing source disk in process_checks() (Meir Elisha)
- x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove cores (Pi Xiange)
- ubsan: Fix panic from test_ubsan_out_of_bounds (Mostafa Saleh)
- spi: tegra210-quad: add rate limiting and simplify timeout error message (Breno Leitao)
- spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (Breno Leitao)
- ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" (Namjae Jeon)
- riscv: Provide all alternative macros all the time (Andrew Jones)
- iomap: skip unnecessary ifs_block_is_uptodate check (Gou Hao)
- netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS (Song Liu)
- x86/i8253: Call clockevent_i8253_disable() with interrupts disabled (Fernando Fernandez Mancera)
- ASoC: fsl_asrc_dma: get codec or cpu dai from backend (Shengjiu Wang)
- scsi: pm80xx: Set phy_attached to zero when device is gone (Igor Pylypiv)
- scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (Peter Griffin)
- scsi: ufs: exynos: Move phy calls to .exit() callback (Peter Griffin)
- scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (Peter Griffin)
- scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (Peter Griffin)
- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (Xingui Yang)
- ext4: make block validity check resistent to sb bh corruption (Ojaswin Mujoo)
- iommu: Clear iommu-dma ops on cleanup (Robin Murphy)
- cifs: Fix querying of WSL CHR and BLK reparse points over SMB1 (Pali Rohár)
- timekeeping: Add a lockdep override in tick_freeze() (Sebastian Andrzej Siewior)
- cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode (Pali Rohár)
- nvmet-fc: put ref when assoc->del_work is already scheduled (Daniel Wagner)
- nvmet-fc: take tgtport reference only once (Daniel Wagner)
- x86/bugs: Don't fill RSB on context switch with eIBRS (Josh Poimboeuf)
- x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline (Josh Poimboeuf)
- x86/bugs: Use SBPB in write_ibpb() if applicable (Josh Poimboeuf)
- selftests/mincore: Allow read-ahead pages to reach the end of the file (Qiuxu Zhuo)
- x86/xen: disable CPU idle and frequency drivers for PVH dom0 (Roger Pau Monne)
- gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment (Andy Shevchenko)
- objtool: Stop UNRET validation on UD2 (Josh Poimboeuf)
- nvme: multipath: fix return value of nvme_available_path (Uday Shankar)
- nvme: re-read ANA log page after ns scan completes (Hannes Reinecke)
- drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 (Julia Filipchuk)
- drm/amdgpu: Increase KIQ invalidate_tlbs timeout (Jay Cornwall)
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (Jean-Marc Eurin)
- ACPI: EC: Set ec_no_wakeup for Lenovo Go S (Mario Limonciello)
- nvme: requeue namespace scan on missed AENs (Hannes Reinecke)
- xen: Change xen-acpi-processor dom0 dependency (Jason Andryuk)
- perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init (Gabriel Shahrouzi)
- selftests: ublk: fix test_stripe_04 (Ming Lei)
- cgroup/cpuset: Don't allow creation of local partition over a remote one (Waiman Long)
- KVM: s390: Don't use %pK through debug printing (Thomas Weißschuh)
- KVM: s390: Don't use %pK through tracepoints (Thomas Weißschuh)
- sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP (Oleg Nesterov)
- kbuild: add dependency from vmlinux to sorttable (Xi Ruoyao)
- io_uring: always do atomic put from iowq (Pavel Begunkov)
- rtc: pcf85063: do a SW reset if POR failed (Lukas Stockmann)
- 9p/trans_fd: mark concurrent read and writes to p9_conn->err (Ignacio Encinas)
- 9p/net: fix improper handling of bogus negative read/write replies (Dominique Martinet)
- ntb_hw_amd: Add NTB PCI ID for new gen CPU (Basavaraj Natikar)
- ntb: reduce stack usage in idt_scan_mws (Arnd Bergmann)
- qibfs: fix _another_ leak (Al Viro)
- objtool, lkdtm: Obfuscate the do_nothing() pointer (Josh Poimboeuf)
- objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (Josh Poimboeuf)
- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (Josh Poimboeuf)
- objtool, panic: Disable SMAP in __stack_chk_fail() (Josh Poimboeuf)
- objtool: Silence more KCOV warnings (Josh Poimboeuf)
- um: work around sched_yield not yielding in time-travel mode (Benjamin Berg)
- thunderbolt: Scan retimers after device router has been enumerated (Mika Westerberg)
- usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (Théo Lebrun)
- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (Chenyuan Yang)
- phy: rockchip: usbdp: Avoid call hpd_event_trigger in dp_phy_init (Andy Yan)
- usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running (Michal Pecio)
- dmaengine: dmatest: Fix dmatest waiting less when interrupted (Vinicius Costa Gomes)
- i3c: master: svc: Add support for Nuvoton npcm845 i3c (Stanley Chu)
- xhci: Handle spurious events on Etron host isoc enpoints (Mathias Nyman)
- usb: xhci: Fix isochronous Ring Underrun/Overrun event handling (Michal Pecio)
- usb: xhci: Complete 'error mid TD' transfers when handling Missed Service (Michal Pecio)
- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (John Stultz)
- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (Andy Shevchenko)
- usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (Andy Shevchenko)
- fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size (Edward Adam Davis)
- fs/ntfs3: Keep write operations atomic (Lizhi Xu)
- usb: host: max3421-hcd: Add missing spi_device_id table (Alexander Stein)
- mailbox: pcc: Always clear the platform ack interrupt first (Sudeep Holla)
- mailbox: pcc: Fix the possible race in updation of chan_in_use flag (Huisong Li)
- bpf: Reject attaching fexit/fmod_ret to __noreturn functions (Yafang Shao)
- bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (Martin KaFai Lau)
- bpf: bpftool: Setting error code in do_loader() (Sewon Nam)
- s390/tty: Fix a potential memory leak bug (Haoxiang Li)
- s390/sclp: Add check for get_zeroed_page() (Haoxiang Li)
- parisc: PDT: Fix missing prototype warning (Yu-Chun Lin)
- clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() (Heiko Stuebner)
- bpf: Fix deadlock between rcu_tasks_trace and event_mutex. (Alexei Starovoitov)
- bpf: Fix kmemleak warning for percpu hashmap (Yonghong Song)
- crypto: null - Use spin lock instead of mutex (Herbert Xu)
- crypto: lib/Kconfig - Fix lib built-in failure when arch is modular (Herbert Xu)
- crypto: ccp - Add support for PCI device 0x1134 (Devaraj Rangasamy)
- MIPS: cm: Detect CM quirks from device tree (Gregory CLEMENT)
- pinctrl: mcp23s08: Get rid of spurious level interrupts (Dmitry Mastykin)
- pinctrl: renesas: rza2: Fix potential NULL pointer dereference (Chenyuan Yang)
- selftests/bpf: Fix stdout race condition in traffic monitor (Amery Hung)
- USB: wdm: add annotation (Oliver Neukum)
- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (Oliver Neukum)
- USB: wdm: close race between wdm_open and wdm_wwan_port_stop (Oliver Neukum)
- USB: wdm: handle IO errors in wdm_wwan_port_start (Oliver Neukum)
- USB: VLI disk crashes if LPM is used (Oliver Neukum)
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (Miao Li)
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (Miao Li)
- usb: dwc3: xilinx: Prevent spike in reset signal (Mike Looijmans)
- usb: dwc3: gadget: check that event count does not exceed event buffer length (Frode Isaksen)
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (Huacai Chen)
- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (Fedor Pchelkin)
- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (Fedor Pchelkin)
- usb: chipidea: ci_hdrc_imx: fix usbmisc handling (Fedor Pchelkin)
- usb: cdns3: Fix deadlock when using NCM gadget (Ralph Siemsen)
- usb: xhci: Fix invalid pointer dereference in Etron workaround (Michal Pecio)
- xhci: Limit time spent with xHC interrupts disabled during bus resume (Mathias Nyman)
- USB: serial: simple: add OWON HDS200 series oscilloscope support (Craig Hesling)
- USB: serial: option: add Sierra Wireless EM9291 (Adam Xue)
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (Michael Ehrenreich)
- serial: sifive: lock port in startup()/shutdown() callbacks (Ryo Takakura)
- serial: msm: Configure correct working mode before starting earlycon (Stephan Gerhold)
- tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT (Günther Noack)
- firmware: stratix10-svc: Add of_platform_default_populate() (Mahesh Rao)
- misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (Rengarajan S)
- misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (Rengarajan S)
- char: misc: register chrdev region with all possible minors (Thadeu Lima de Souza Cascardo)
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (Sean Christopherson)
- KVM: x86: Reset IRTE to host control if *new* route isn't postable (Sean Christopherson)
- KVM: x86: Explicitly treat routing entry type changes as changes (Sean Christopherson)
- mei: vsc: Fix fortify-panic caused by invalid counted_by() use (Hans de Goede)
- mei: me: add panther lake H DID (Alexander Usyskin)
- scsi: Improve CDL control (Damien Le Moal)
- USB: storage: quirk for ADATA Portable HDD CH94 (Oliver Neukum)
- ata: libata-scsi: Fix ata_msense_control_ata_feature() (Damien Le Moal)
- ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (Damien Le Moal)
- ata: libata-scsi: Improve CDL control (Damien Le Moal)
- mcb: fix a double free bug in chameleon_parse_gdd() (Haoxiang Li)
- cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports (Smita Koralahalli)
- KVM: SVM: Allocate IR data using atomic allocation (Sean Christopherson)
- io_uring: fix 'sync' handling of io_fallback_tw() (Jens Axboe)
- LoongArch: KVM: Fix PMU pass-through issue if VM exits to host finally (Bibo Mao)
- LoongArch: KVM: Fully clear some CSRs when VM reboot (Bibo Mao)
- LoongArch: Remove a bogus reference to ZONE_DMA (Petr Tesarik)
- LoongArch: Return NULL from huge_pte_offset() for invalid PMD (Ming Wang)
- LoongArch: Handle fp, lsx, lasx and lbt assembly symbols (Tiezhu Yang)
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (Suzuki K Poulose)
- x86/insn: Fix CTEST instruction decoding (Kirill A. Shutemov)
- drm/amd/display: Force full update in gpu reset (Roman Li)
- drm/amd/display: Fix gpu reset in multidisplay config (Roman Li)
- drm: panel: jd9365da: fix reset signal polarity in unprepare (Hugo Villeneuve)
- rust: firmware: Use ffi::c_char type in FwFunc (Christian Schrefl)
- net: phy: microchip: force IRQ polling mode for lan88xx (Fiona Klute)
- net: selftests: initialize TCP header and skb payload with zero (Oleksij Rempel)
- xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (Alexey Nepomnyashih)
- crypto: atmel-sha204a - Set hwrng quality to lowest possible (Marek Behún)
- sched_ext: Use kvzalloc for large exit_dump allocation (Breno Leitao)
- virtio_console: fix missing byte order handling for cols and rows (Halil Pasic)
- netfilter: fib: avoid lookup if socket is available (Florian Westphal)
- LoongArch: Make do_xyz() exception handlers more robust (Tiezhu Yang)
- LoongArch: Make regs_irqs_disabled() more clear (Tiezhu Yang)
- LoongArch: Select ARCH_USE_MEMTEST (Yuli Wang)
- perf/x86: Fix non-sampling (counting) events on certain x86 platforms (Luo Gengkun)
- bpf: Add namespace to BPF internal symbols (Alexei Starovoitov)
- splice: remove duplicate noinline from pipe_clear_nowait (T.J. Mercier)
- riscv: uprobes: Add missing fence.i after building the XOL buffer (Björn Töpel)
- riscv: Replace function-like macro by static inline function (Björn Töpel)
- iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (Sean Christopherson)
- block: never reduce ra_pages in blk_apply_bdi_limits (Christoph Hellwig)
- pds_core: make wait_context part of q_info (Shannon Nelson)
- pds_core: Remove unnecessary check in pds_client_adminq_cmd() (Brett Creeley)
- pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (Brett Creeley)
- pds_core: Prevent possible adminq overflow/stuck condition (Brett Creeley)
- net: dsa: mt7530: sync driver-specific behavior of MT7531 variants (Daniel Golle)
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (Cong Wang)
- net_sched: hfsc: Fix a UAF vulnerability in class handling (Cong Wang)
- fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() (Al Viro)
- net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration (Bo-Cun Chen)
- tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (Tung Nguyen)
- net: phy: leds: fix memory leak (Qingfang Deng)
- net: lwtunnel: disable BHs when required (Justin Iurman)
- scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() (Chenyuan Yang)
- scsi: core: Clear flags for scsi_cmnd that did not complete (Anastasia Kovaleva)
- net/mlx5: Move ttc allocation after switch case to prevent leaks (Henry Martin)
- net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() (Henry Martin)
- cgroup/cpuset-v1: Add missing support for cpuset_v2_mode (T.J. Mercier)
- btrfs: zoned: return EIO on RAID1 block group write pointer mismatch (Johannes Thumshirn)
- btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (Qu Wenruo)
- cpufreq: fix compile-test defaults (Johan Hovold)
- cpufreq: Do not enable by default during compile testing (Krzysztof Kozlowski)
- cpufreq: cppc: Fix invalid return value in .get() callback (Marc Zyngier)
- scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() (Chenyuan Yang)
- cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (Henry Martin)
- cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (Henry Martin)
- cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (Henry Martin)
- dma/contiguous: avoid warning about unused size_bytes (Arnd Bergmann)
- cpufreq: sun50i: prevent out-of-bounds access (Andre Przywara)
- ceph: Fix incorrect flush end position calculation (David Howells)
- lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP (Nathan Chancellor)
- drm/amd/display/dml2: use vzalloc rather than kzalloc (Alex Deucher)
- drm/amd/display: Fix unnecessary cast warnings from checkpatch (Rohit Chavan)
- drm/xe/bmg: Add one additional PCI ID (Matt Roper)
- net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (Jonathan Currier)
- scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set (Peter Griffin)
- scsi: ufs: exynos: Move UFS shareability value to drvdata (Peter Griffin)
- scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (Peter Griffin)
- scsi: ufs: exynos: Remove superfluous function parameter (Tudor Ambarus)
- scsi: ufs: exynos: Remove empty drv_init method (Tudor Ambarus)
- ksmbd: fix use-after-free in __smb2_lease_break_noti() (Namjae Jeon)
- ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL (Namjae Jeon)
- ksmbd: add netdev-up/down event debug print (Namjae Jeon)
- ksmbd: use __GFP_RETRY_MAYFAIL (Namjae Jeon)
- accel/ivpu: Fix the NPU's DPU frequency calculation (Andrzej Kacprowski)
- accel/ivpu: Add auto selection logic for job scheduler (Jacek Lawrynowicz)
- PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (Jonathan Currier)
- PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends (Thomas Gleixner)
- PCI/MSI: Convert pci_msi_ignore_mask to per MSI domain flag (Roger Pau Monne)
- scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (Tudor Ambarus)
- of: resolver: Fix device node refcount leakage in of_resolve_phandles() (Zijun Hu)
- of: resolver: Simplify of_resolve_phandles() using __free() (Rob Herring (Arm))
- arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks (Siddharth Vadapalli)
- arm64: dts: ti: Refactor J784s4 SoC files to a common file (Manorit Chawdhry)
- iio: adc: ad7768-1: Fix conversion result sign (Sergiu Cuciurean)
- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (Jonathan Cameron)
- net: dsa: mv88e6xxx: fix VTU methods for 6320 family (Marek Behún)
- media: ov08x40: Add missing ov08x40_identify_module() call on stream-start (Hans de Goede)
- media: ov08x40: Move ov08x40_identify_module() function up (Hans de Goede)
- media: i2c: imx214: Fix link frequency validation (André Apitzsch)
- media: i2c: imx214: Check number of lanes from device tree (André Apitzsch)
- media: i2c: imx214: Replace register addresses with macros (André Apitzsch)
- media: i2c: imx214: Convert to CCI register access helpers (André Apitzsch)
- media: i2c: imx214: Simplify with dev_err_probe() (André Apitzsch)
- media: i2c: imx214: Use subdev active state (André Apitzsch)
- PM: EM: Address RCU-related sparse warnings (Rafael J. Wysocki)
- PM: EM: use kfree_rcu() to simplify the code (Li RongQing)
- mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get (Tudor Ambarus)
- soc: qcom: ice: introduce devm_of_qcom_ice_get (Tudor Ambarus)
- mm/vmscan: don't try to reclaim hwpoison folio (Jinjiang Tu)
- tracing: Verify event formats that have "%*p.." (Steven Rostedt)
- tracing: Add __print_dynamic_array() helper (Steven Rostedt)
- module: sign with sha512 instead of sha1 by default (Thorsten Leemhuis)
- LTS version: v6.12.25 (Jack Vogel)
- selftests/bpf: extend changes_pkt_data with cases w/o subprograms (Eduard Zingerman)
- bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (Eduard Zingerman)
- selftests/bpf: validate that tail call invalidates packet pointers (Eduard Zingerman)
- selftests/bpf: freplace tests for tracking of changes_packet_data (Eduard Zingerman)
- bpf: check changes_pkt_data property for extension programs (Eduard Zingerman)
- selftests/bpf: test for changing packet data from global functions (Eduard Zingerman)
- bpf: track changes_pkt_data property for global functions (Eduard Zingerman)
- bpf: add find_containing_subprog() utility function (Eduard Zingerman)
- wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (P Praneesh)
- MIPS: ds1287: Match ds1287_set_base_clock() function types (WangYuli)
- MIPS: cevt-ds1287: Add missing ds1287.h include (WangYuli)
- MIPS: dec: Declare which_prom() as static (WangYuli)
- Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process" (Alexander Tsoy)
- mm/vma: add give_up_on_oom option on modify/merge, use in uffd release (Lorenzo Stoakes)
- nvmet-fc: Remove unused functions (WangYuli)
- drm/amd/display: Temporarily disable hostvm on DCN31 (Aurabindo Pillai)
- LoongArch: Eliminate superfluous get_numa_distances_cnt() (Yuli Wang)
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (Hamza Mahfooz)
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (Kunihiko Hayashi)
- misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (Kunihiko Hayashi)
- selftests/bpf: Fix raw_tp null handling test (Shung-Hsi Yu)
- md: fix mddev uaf while iterating all_mddevs list (Yu Kuai)
- platform/x86: msi-wmi-platform: Workaround a ACPI firmware bug (Armin Wolf)
- platform/x86: msi-wmi-platform: Rename "data" variable (Armin Wolf)
- kbuild: Add '-fno-builtin-wcslen' (Nathan Chancellor)
- scripts: generate_rust_analyzer: Add ffi crate (Lukas Fischer)
- cpufreq: Reference count policy in cpufreq_update_limits() (Rafael J. Wysocki)
- arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9 (Anshuman Khandual)
- arm64/sysreg: Add register fields for HFGWTR2_EL2 (Anshuman Khandual)
- arm64/sysreg: Add register fields for HFGRTR2_EL2 (Anshuman Khandual)
- arm64/sysreg: Add register fields for HFGITR2_EL2 (Anshuman Khandual)
- arm64/sysreg: Add register fields for HDFGWTR2_EL2 (Anshuman Khandual)
- arm64/sysreg: Add register fields for HDFGRTR2_EL2 (Anshuman Khandual)
- arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (Anshuman Khandual)
register (Thomas Zimmermann)
- drm/amdgpu: fix warning of drm_mm_clean (ZhenGuo Yin)
- drm/xe: Set LRC addresses before guc load (Lucas De Marchi)
- drm/xe/userptr: fix notifier vs folio deadlock (Matthew Auld)
- drm/xe/dma_buf: stop relying on placement in unmap (Matthew Auld)
- drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1 (Mario Limonciello)
- drm/amd/display: Protect FPU in dml2_init()/dml21_init() (Huacai Chen)
- drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes() (Tom Chung)
- drm/amdgpu: immediately use GTT for new allocations (Christian König)
- drm/i915/gvt: fix unterminated-string-initialization warning (Jani Nikula)
- drm/xe: Fix an out-of-bounds shift when invalidating TLB (Thomas Hellström)
- drm/sti: remove duplicate object names (Rolf Eike Beer)
- drm/imagination: take paired job reference (Brendan King)
- drm/imagination: fix firmware memory leaks (Brendan King)
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (Chris Bainbridge)
- drm/amdgpu/dma_buf: fix page_link check (Matthew Auld)
- drm/amdgpu/mes11: optimize MES pipe FW version fetching (Alex Deucher)
- drm/amd/display: Protect FPU in dml21_copy() (Huacai Chen)
- drm/amd/display: Protect FPU in dml2_validate()/dml21_validate() (Huacai Chen)
- drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1 (Mario Limonciello)
- drm/xe: Use local fence in error path of xe_migrate_clear (Matthew Brost)
- drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed (Ankit Nautiyal)
- drm/amdgpu/mes12: optimize MES pipe FW version fetching (Alex Deucher)
- drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero (Denis Arefev)
- drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero (Denis Arefev)
- drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero (Denis Arefev)
- drm/amd/pm/smu11: Prevent division by zero (Denis Arefev)
- drm/amd/pm/powerplay: Prevent division by zero (Denis Arefev)
- drm/amd/pm: Prevent division by zero (Denis Arefev)
- drm/amd/display: Increase vblank offdelay for PSR panels (Leo Li)
- drm/amd/display: Actually do immediate vblank disable (Leo Li)
- drm/amd: Handle being compiled without SI or CIK support better (Mario Limonciello)
- drm/amd/display: prevent hang on link training fail (Brendan Tam)
- drm/amdgpu: Prefer shadow rom when available (Lijo Lazar)
- drm/msm/a6xx: Fix stale rpmh votes from GPU (Akhil P Oommen)
- drm/msm/dsi: Add check for devm_kstrdup() (Haoxiang Li)
- drm/ast: Fix ast_dp connection status (Jocelyn Falempe)
- drm/repaper: fix integer overflows in repeat functions (Nikita Zhandarovich)
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (Kan Liang)
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (Kan Liang)
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (Kan Liang)
- perf/x86/intel: Allow to update user space GPRs from PEBS records (Dapeng Mi)
- platform/x86: amd: pmf: Fix STT limits (Mario Limonciello)
- RAS/AMD/FMPM: Get masked address (Yazen Ghannam)
- RAS/AMD/ATL: Include row[13] bit in row retirement (Yazen Ghannam)
- scsi: ufs: exynos: Ensure consistent phy reference counts (Peter Griffin)
- scsi: megaraid_sas: Block zero-length ATA VPD inquiry (Chandrakanth Patil)
- x86/boot/sev: Avoid shared GHCB page for early memory acceptance (Ard Biesheuvel)
- x86/cpu/amd: Fix workaround for erratum 1054 (Sandipan Das)
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov (AMD))
- virtiofs: add filesystem context source name check (Xiangsheng Hou)
- tracing: Fix filter string testing (Steven Rostedt)
- string: Add load_unaligned_zeropad() code path to sized_strscpy() (Peter Collingbourne)
- smb3 client: fix open hardlink on deferred close file error (Chunjie Zhu)
- slab: ensure slab->obj_exts is clear in a newly allocated slab page (Suren Baghdasaryan)
- selftests/mm: generate a temporary mountpoint for cgroup filesystem (Mark Brown)
- riscv: Avoid fortify warning in syscall_get_arguments() (Nathan Chancellor)
- Revert "smb: client: fix TCP timers deadlock after rmmod" (Kuniyuki Iwashima)
- Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" (Kuniyuki Iwashima)
- ksmbd: fix the warning from __kernel_write_iter (Namjae Jeon)
- ksmbd: Prevent integer overflow in calculation of deadtime (Denis Arefev)
- ksmbd: fix use-after-free in smb_break_all_levII_oplock() (Namjae Jeon)
- ksmbd: Fix dangling pointer in krb_authenticate (Sean Heelan)
- ovl: don't allow datadir only (Miklos Szeredi)
- mm: fix apply_to_existing_page_range() (Kirill A. Shutemov)
- mm: fix filemap_get_folios_contig returning batches of identical folios (Vishal Moola (Oracle))
- mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() (Baoquan He)
- mm/compaction: fix bug in hugetlb handling pathway (Vishal Moola (Oracle))
- loop: LOOP_SET_FD: send uevents for partitions (Thomas Weißschuh)
- loop: properly send KOBJ_CHANGED uevent for disk device (Thomas Weißschuh)
- isofs: Prevent the use of too small fid (Edward Adam Davis)
- i2c: cros-ec-tunnel: defer probe if parent EC is not present (Thadeu Lima de Souza Cascardo)
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (Vasiliy Kovalev)
- crypto: caam/qi - Fix drv_ctx refcount bug (Herbert Xu)
- cpufreq/sched: Explicitly synchronize limits_changed flag handling (Rafael J. Wysocki)
- btrfs: correctly escape subvol in btrfs_show_options() (Johannes Kimmel)
- Bluetooth: vhci: Avoid needless snprintf() calls (Kees Cook)
- Bluetooth: l2cap: Process valid commands in too long frame (Frédéric Danis)
- drm/msm/a6xx+: Don't let IB_SIZE overflow (Rob Clark)
- ftrace: fix incorrect hash size in register_ftrace_direct() (Menglong Dong)
- i2c: atr: Fix wrong include (Andy Shevchenko)
- nfsd: decrease sc_count directly if fail to queue dl_recall (Li Lingfeng)
- nfs: add missing selections of CONFIG_CRC32 (Eric Biggers)
- dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline() (Dan Carpenter)
- drm/v3d: Fix Indirect Dispatch configuration for V3D 7.1.6 and later (Maíra Canal)
- block: integrity: Do not call set_page_dirty_lock() (Martin K. Petersen)
- asus-laptop: Fix an uninitialized variable (Denis Arefev)
- ASoC: qcom: Fix sc7280 lpass potential buffer overflow (Evgeny Pimenov)
- ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S16 (Peter Ujfalusi)
- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (Srinivas Kandagatla)
- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (Srinivas Kandagatla)
- ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event (Herve Codina)
- Revert "PCI: Avoid reset when disabled via sysfs" (Alex Williamson)
- writeback: fix false warning in inode_to_wb() (Andreas Gruenbacher)
- rust: kbuild: use pound to support GNU Make < 4.3 (Miguel Ojeda)
- rust: disable clippy::needless_continue (Miguel Ojeda)
- rust: kasan/kbuild: fix missing flags on first build (Miguel Ojeda)
- objtool/rust: add one more noreturn Rust function for Rust 1.86.0 (Miguel Ojeda)
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (Rafael J. Wysocki)
- riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break (WangYuli)
- riscv: KGDB: Do not inline arch_kgdb_breakpoint() (WangYuli)
- kunit: qemu_configs: SH: Respect kunit cmdline (Thomas Weißschuh)
- riscv: module: Allocate PLT entries for R_RISCV_PLT32 (Samuel Holland)
- riscv: module: Fix out-of-bounds relocation access (Samuel Holland)
- riscv: Properly export reserved regions in /proc/iomem (Björn Töpel)
- riscv: Use kvmalloc_array on relocation_hashtable (Will Pierce)
- net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings (Bo-Cun Chen)
- net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps (Bo-Cun Chen)
- net: ethernet: mtk_eth_soc: reapply mdc divider on reset (Bo-Cun Chen)
- net: ti: icss-iep: Fix possible NULL pointer dereference for perout request (Meghana Malladi)
- net: ti: icss-iep: Add phase offset configuration for perout signal (Meghana Malladi)
- net: ti: icss-iep: Add pwidth configuration for perout signal (Meghana Malladi)
- ptp: ocp: fix start time alignment in ptp_ocp_signal_set (Sagi Maimon)
- net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails (Vladimir Oltean)
- net: dsa: free routing table on probe failure (Vladimir Oltean)
- net: dsa: clean up FDB, MDB, VLAN entries on unbind (Vladimir Oltean)
- net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported (Vladimir Oltean)
- net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (Vladimir Oltean)
- net: txgbe: fix memory leak in txgbe_probe() error path (Abdun Nihaal)
- net: bridge: switchdev: do not notify new brentries as changed (Jonas Gorski)
- net: b53: enable BPDU reception for management port (Jonas Gorski)
- netlink: specs: rt-link: adjust mctp attribute naming (Jakub Kicinski)
- netlink: specs: rt-link: add an attr layer around alt-ifname (Jakub Kicinski)
- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (Abdun Nihaal)
- ata: libata-sata: Save all fields from sense data descriptor (Niklas Cassel)
- loop: stop using vfs_iter_{read,write} for buffered I/O (Christoph Hellwig)
- loop: aio inherit the ioprio of original request (Yunlong Xing)
- eth: bnxt: fix missing ring index trim on error path (Jakub Kicinski)
- net: ethernet: ti: am65-cpsw: fix port_np reference counting (Michael Walle)
- net: ngbe: fix memory leak in ngbe_probe() error path (Abdun Nihaal)
- can: rockchip_canfd: fix broken quirks checks (Weizhao Ouyang)
- net: openvswitch: fix nested key length validation in the set() action (Ilya Maximets)
- netlink: specs: ovs_vport: align with C codegen capabilities (Jakub Kicinski)
- block: fix resource leak in blk_register_queue() error path (Zheng Qixing)
- net: mctp: Set SOCK_RCU_FREE (Matt Johnston)
- ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() (Damodharam Ammepalli)
- pds_core: fix memory leak in pdsc_debugfs_add_qcq() (Abdun Nihaal)
- test suite: use %zu to print size_t (Matthew Wilcox (Oracle))
- smc: Fix lockdep false-positive for IPPROTO_SMC. (Kuniyuki Iwashima)
- dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry (Geert Uytterhoeven)
- igc: add lock preventing multiple simultaneous PTM transactions (Christopher S M Hall)
- igc: cleanup PTP module if probe fails (Christopher S M Hall)
- igc: handle the IGC_PTP_ENABLED flag correctly (Christopher S M Hall)
- igc: move ktime snapshot into PTM retry loop (Christopher S M Hall)
- igc: increase wait time before retrying PTM (Christopher S M Hall)
- igc: fix PTM cycle trigger logic (Christopher S M Hall)
- Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (Johannes Berg)
- xen: fix multicall debug feature (Juergen Gross)
- ipv6: add exception routes to GC list in rt6_insert_exception (Xin Long)
- Bluetooth: l2cap: Check encryption key size on incoming connection (Frédéric Danis)
- Bluetooth: btrtl: Prevent potential NULL dereference (Dan Carpenter)
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (Luiz Augusto von Dentz)
- RDMA/core: Silence oversized kvmalloc() warning (Shay Drory)
- ASoC: cs42l43: Reset clamp override on jack removal (Charles Keepax)
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (Kailang Yang)
- ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (Takashi Iwai)
- ALSA: hda: improve bass speaker support for ASUS Zenbook UM5606WA (Jaroslav Kysela)
- ALSA: hda/cirrus_scodec_test: Don't select dependencies (Richard Fitzgerald)
- RDMA/hns: Fix wrong maximum DMA segment size (Chengchang Tang)
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (Yue Haibing)
- ovl: remove unused forward declaration (Giuseppe Scrivano)
- crypto: tegra - Fix IV usage for AES ECB (Akhil R)
- crypto: tegra - Do not use fixed size buffers (Akhil R)
- crypto: tegra - remove redundant error check on ret (Colin Ian King)
- ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (Henry Martin)
- ASoC: dwc: always enable/disable i2s irqs (Brady Norander)
- md/md-bitmap: fix stats collection for external bitmaps (Zheng Qixing)
- md/raid10: fix missing discard IO accounting (Yu Kuai)
- scsi: iscsi: Fix missing scsi_host_put() in error path (Miaoqian Lin)
- wifi: wl1251: fix memory leak in wl1251_tx_work (Abdun Nihaal)
- wifi: mac80211: Purge vif txq in ieee80211_do_stop() (Remi Pommarel)
- wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (Remi Pommarel)
- wifi: at76c50x: fix use after free access in at76_disconnect (Abdun Nihaal)
- scsi: hisi_sas: Enable force phy when SATA disk directly connected (Xingui Yang)
- aarch64: increase DEFAULT_CRASH_KERNEL_LOW_SIZE for kdump (Brian Maly) [Orabug: 37446372]
- vhost-scsi: Fix vhost_scsi_send_status() (Dongli Zhang) [Orabug: 37840543]
- vhost-scsi: Fix vhost_scsi_send_bad_target() (Dongli Zhang) [Orabug: 37840543]
- vhost-scsi: protect vq->log_used with vq->mutex (Dongli Zhang) [Orabug: 37840543]
- vhost-scsi: Reduce response iov mem use (Mike Christie) [Orabug: 37840543]
- vhost-scsi: Allocate iov_iter used for unaligned copies when needed (Mike Christie) [Orabug: 37840543]
- vhost-scsi: Stop duplicating se_cmd fields (Mike Christie) [Orabug: 37840543]
- vhost-scsi: Dynamically allocate scatterlists (Mike Christie) [Orabug: 37840543]
- vhost-scsi: Return queue full for page alloc failures during copy (Mike Christie) [Orabug: 37840543]
- vhost-scsi: Add better resource allocation failure handling (Mike Christie) [Orabug: 37840543]
- vhost-scsi: Allocate T10 PI structs only when enabled (Mike Christie) [Orabug: 37840543]
- vhost-scsi: Reduce mem use by moving upages to per queue (Mike Christie) [Orabug: 37840543]
- Revert "vhost-scsi: protect vq->log_base with vq->mutex" (Mike Christie) [Orabug: 37840543]
- Revert "vhost_scsi: log write descriptors" (Mike Christie) [Orabug: 37840543]
- scsi: mpi3mr: Event processing debug improvement (Ranjan Kumar) [Orabug: 37878021]
- scsi: mpi3mr: Add level check to control event logging (Ranjan Kumar) [Orabug: 37878021]
- scsi: mpi3mr: Reset the pending interrupt flag (Ranjan Kumar) [Orabug: 37878021]
- scsi: mpi3mr: Fix pending I/O counter (Ranjan Kumar) [Orabug: 37878021]

[6.12.0-2.24.1.el9uek]
- x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800727]
- LTS version: v6.12.24 (Jack Vogel)
- HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition (Kaixin Wang)
- s390/cpumf: Fix double free on error in cpumf_pmu_event_init() (Thomas Richter)
- Bluetooth: hci_uart: Fix another race during initialization (Arseniy Krasnov)
- media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline (Arnd Bergmann)
- kbuild: Add '-fno-builtin-wcslen' (Nathan Chancellor)
- libbpf: Prevent compiler warnings/errors (Eder Zulian)
- x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() (Myrrh Periwinkle)
- nfsd: don't ignore the return code of svc_proc_register() (Jeff Layton)
- NFSD: Fix CB_GETATTR status fix (Chuck Lever)
- NFSD: fix decoding in nfs4_xdr_dec_cb_getattr (Olga Kornievskaia)
- ACPI: platform-profile: Fix CFI violation when accessing sysfs files (Nathan Chancellor)
- iommufd: Fail replace if device has not been attached (Yi Liu)
- iommufd: Make attach_handle generic than fault specific (Nicolin Chen)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists (Douglas Anderson)
- thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold (Nícolas F. R. A. Prado)
- thermal/drivers/mediatek/lvts: Disable monitor mode during suspend (Nícolas F. R. A. Prado)
- selftests: mptcp: fix incorrect fd checks in main_loop (Cong Liu)
- selftests: mptcp: close fd_in before returning in main_loop (Geliang Tang)
- sched_ext: create_dsq: Return -EEXIST on duplicate request (Jake Hillion)
- s390: Fix linker error when -no-pie option is unavailable (Sumanth Korikkar)
- s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues (David Hildenbrand)
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (Niklas Schnelle)
- ring-buffer: Use flush_kernel_vmap_range() over flush_dcache_folio() (Steven Rostedt)
- pinctrl: samsung: add support for eint_fltcon_offset (Peter Griffin)
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (Stephan Gerhold)
- phy: freescale: imx8m-pcie: assert phy reset and perst in power off (Stefan Eichenberger)
- PCI: Fix wrong length of devres array (Philipp Stanner)
- PCI: Fix reference leak in pci_register_host_bridge() (Ma Ke)
- PCI: Fix reference leak in pci_alloc_child_bus() (Ma Ke)
- PCI: pciehp: Avoid unnecessary device replacement check (Lukas Wunner)
- PCI: j721e: Fix the value of .linkdown_irq_regfield for J784S4 (Siddharth Vadapalli)
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (Stanimir Varbanov)
- of/irq: Fix device node refcount leakages in of_irq_init() (Zijun Hu)
- of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() (Zijun Hu)
- of/irq: Fix device node refcount leakages in of_irq_count() (Zijun Hu)
- of/irq: Fix device node refcount leakage in API of_irq_parse_raw() (Zijun Hu)
- of/irq: Fix device node refcount leakage in API of_irq_parse_one() (Zijun Hu)
- ntb: use 64-bit arithmetic for the MSI doorbell mask (Fedor Pchelkin)
- net: mana: Switch to page pool for jumbo frames (Haiyang Zhang)
- misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error (Kunihiko Hayashi)
- selftests/landlock: Add a new test for setuid() (Mickaël Salaün)
- selftests/landlock: Split signal_scoping_threads tests (Mickaël Salaün)
- landlock: Prepare to add second errata (Mickaël Salaün)
- landlock: Always allow signals between threads of the same process (Mickaël Salaün)
- landlock: Add erratum for TCP fix (Mickaël Salaün)
- landlock: Add the errata interface (Mickaël Salaün)
- landlock: Move code to ease future backports (Mickaël Salaün)
- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (Sean Christopherson)
- KVM: x86: Explicitly zero-initialize on-stack CPUID unions (Sean Christopherson)
- KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests (Amit Machhiwal)
- gve: handle overflow when reporting TX consumed descriptors (Joshua Washington)
- gpio: zynq: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- gpio: tegra186: fix resource handling in ACPI probe path (Guixin Liu)
- ftrace: Properly merge notrace hashes (Andy Chiu)
- ftrace: Add cond_resched() to ftrace_graph_set_hash() (zhoumin)
- dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg' (Krzysztof Kozlowski)
- dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg' (Krzysztof Kozlowski)
- dm-verity: fix prefetch-vs-suspend race (Mikulas Patocka)
- dm-integrity: fix non-constant-time tag verification (Jo Van Bulck)
- dm-integrity: set ti->error on memory allocation failure (Mikulas Patocka)
- dm-ebs: fix prefetch-vs-suspend race (Mikulas Patocka)
- dlm: fix error if active rsb is not hashed (Alexander Aring)
- dlm: fix error if inactive rsb is not hashed (Alexander Aring)
- crypto: ccp - Fix uAPI definitions of PSP errors (Dionna Glaze)
- crypto: ccp - Fix check for the primary ASP device (Tom Lendacky)
- clk: qcom: gdsc: Set retain_ff before moving to HW CTRL (Taniya Das)
- clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code (Bryan O'Donoghue)
- clk: qcom: gdsc: Release pm subdomains in reverse add order (Bryan O'Donoghue)
- clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks (Ajit Pandey)
- clk: renesas: r9a07g043: Fix HP clock source for RZ/Five (Lad Prabhakar)
- cifs: Ensure that all non-client-specific reparse points are processed by the server (Pali Rohár)
- cifs: fix integer overflow in match_server() (Roman Smirnov)
- cifs: avoid NULL pointer dereference in dbg call (Alexandra Diupina)
- CIFS: Propagate min offload along with other parameters from primary to secondary channels. (Aman)
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (Trevor Woerner)
- tracing: Do not add length to print format in synthetic events (Steven Rostedt)
- tracing: fprobe events: Fix possible UAF on modules (Masami Hiramatsu (Google))
- x86/xen: fix balloon target initialization for PVH dom0 (Roger Pau Monne)
- sctp: detect and prevent references to a freed transport in sendmsg (Ricardo Cañuelo Navarro)
- mm/hwpoison: introduce folio_contain_hwpoisoned_page() helper (Jinjiang Tu)
- mm/hugetlb: move hugetlb_sysctl_init() to the __init section (Marc Herbert)
- mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (Shuai Xue)
- mm/userfaultfd: fix release hang over concurrent GUP (Peter Xu)
- mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock (Mathieu Desnoyers)
- mm/mremap: correctly handle partial mremap() of VMA starting at 0 (Lorenzo Stoakes)
- mm: fix lazy mmu docs and usage (Ryan Roberts)
- mm: make page_mapped_in_vma() hugetlb walk aware (Jane Chu)
- mm/rmap: reject hugetlb folios in folio_make_device_exclusive() (David Hildenbrand)
- mm/damon/ops: have damon_get_folio return folio even for tail pages (Usama Arif)
- sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes (Ryan Roberts)
- sparc/mm: disable preemption in lazy mmu mode (Ryan Roberts)
- iommu/vt-d: Wire up irq_ack() to irq_move_irq() for posted MSIs (Sean Christopherson)
- iommu/vt-d: Fix possible circular locking dependency (Lu Baolu)
- iommu/vt-d: Don't clobber posted vCPU IRTE when host IRQ affinity changes (Sean Christopherson)
- iommu/vt-d: Put IRTE back into posted MSI mode if vCPU posting is disabled (Sean Christopherson)
- iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() (Nicolin Chen)
- iommufd: Fix uninitialized rc in iommufd_access_rw() (Nicolin Chen)
- btrfs: zoned: fix zone finishing with missing devices (Johannes Thumshirn)
- btrfs: zoned: fix zone activation with missing devices (Johannes Thumshirn)
- btrfs: tests: fix chunk map leak after failure to add it to the tree (Filipe Manana)
- btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (Filipe Manana)
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (Herve Codina)
- arm64: dts: exynos: gs101: disable pinctrl_gsacore node (Peter Griffin)
- arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string (Chen-Yu Tsai)
- arm64: mm: Correct the update of max_pfn (Zhenhua Huang)
- arm64: tegra: Remove the Orin NX/Nano suspend key (Ninad Malwade)
- arm64: mops: Do not dereference src reg for a set operation (Keir Fraser)
- mtd: rawnand: Add status chack in r852_ready() (Wentao Liang)
- mtd: inftlcore: Add error check for inftl_read_oob() (Wentao Liang)
- mptcp: only inc MPJoinAckHMacFailure for HMAC failures (Matthieu Baerts (NGI0))
- mptcp: fix NULL pointer in can_accept_new_subflow (Gang Yan)
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (T Pratham)
- locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() (Boqun Feng)
- mailbox: tegra-hsp: Define dimensioning masks in SoC data (Kartik Rajput)
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (Chenyuan Yang)
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (Abel Vesa)
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (Abel Vesa)
- jbd2: remove wrong sb->s_sequence check (Jan Kara)
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (Manjunatha Venkatesh)
- i3c: master: svc: Use readsb helper for reading MDB (Stanley Chu)
- ima: limit the number of ToMToU integrity violations (Mimi Zohar)
- ima: limit the number of open-writers integrity violations (Mimi Zohar)
- smb311 client: fix missing tcon check when mounting with linux/posix extensions (Steve French)
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (Chenyuan Yang)
- svcrdma: do not unregister device for listeners (Olga Kornievskaia)
- tpm: do not start chip while suspended (Thadeu Lima de Souza Cascardo)
- udf: Fix inode_getblk() return value (Jan Kara)
- vdpa/mlx5: Fix oversized null mkey longer than 32bit (Si-Wei Liu)
- f2fs: fix to avoid atomicity corruption of atomic file (Yeongjin Gil)
- ext4: fix off-by-one error in do_split (Artem Sadovnikov)
- bus: mhi: host: Fix race between unprepare and queue_buf (Jeff Hugo)
- accel/ivpu: Fix deadlock in ivpu_ms_cleanup() (Jacek Lawrynowicz)
- accel/ivpu: Fix warning in ivpu_ipc_send_receive_internal() (Jacek Lawrynowicz)
- ALSA: hda/realtek: Enable Mute LED on HP OMEN 16 Laptop xd000xx (Sharan Kumar M)
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (Alexey Klimov)
- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns. (Srinivas Kandagatla)
- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment. (Srinivas Kandagatla)
- ASoC: q6apm-dai: make use of q6apm_get_hw_pointer (Srinivas Kandagatla)
- ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs (Srinivas Kandagatla)
- ASoC: q6apm: add q6apm_get_hw_pointer helper (Srinivas Kandagatla)
- ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() (Haoxiang Li)
- io_uring/kbuf: reject zero sized provided buffers (Jens Axboe)
- io_uring/net: fix io_req_post_cqe abuse by send bundle (Pavel Begunkov)
- io_uring/net: fix accept multishot handling (Pavel Begunkov)
- wifi: mt76: mt7925: fix the wrong simultaneous cap for MLO (Ming Yen Hsieh)
- wifi: mt76: mt7925: fix the wrong link_idx when a p2p_device is present (Ming Yen Hsieh)
- wifi: mt76: mt7925: fix country count limitation for CLC (Ming Yen Hsieh)
- wifi: mt76: mt7925: ensure wow pattern command align fw format (Ming Yen Hsieh)
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (Gavrilov Ilia)
- wifi: mt76: Add check for devm_kstrdup() (Haoxiang Li)
- clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup (Alexandre Torgue)
- mtd: Replace kcalloc() with devm_kcalloc() (Jiasheng Jiang)
- net: dsa: mv88e6xxx: fix internal PHYs for 6320 family (Marek Behún)
- net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family (Marek Behún)
- mtd: Add check for devm_kcalloc() (Jiasheng Jiang)
- mptcp: sockopt: fix getting freebind & transparent (Matthieu Baerts (NGI0))
- mptcp: sockopt: fix getting IPV6_V6ONLY (Matthieu Baerts (NGI0))
- media: chips-media: wave5: Fix timeout while testing 10bit hevc fluster (Jackson.lee)
- media: chips-media: wave5: Fix a hang after seeking (Jackson.lee)
- media: chips-media: wave5: Avoid race condition in the interrupt handler (Jackson.lee)
- media: chips-media: wave5: Fix gray color on screen (Jackson.lee)
- media: i2c: imx214: Rectify probe error handling related to runtime PM (Sakari Ailus)
- media: i2c: imx219: Rectify runtime PM handling in probe and remove (Sakari Ailus)
- media: i2c: imx319: Rectify runtime PM handling probe and remove (Sakari Ailus)
- media: venus: hfi_parser: refactor hfi packet parsing logic (Vikash Garodia)
- media: venus: hfi_parser: add check to avoid out of bound access (Vikash Garodia)
- media: nuvoton: Fix reference handling of ece_pdev (Ricardo Ribalda)
- media: nuvoton: Fix reference handling of ece_node (Ricardo Ribalda)
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (Sakari Ailus)
- media: i2c: ov7251: Set enable GPIO low in probe (Sakari Ailus)
- media: i2c: ccs: Set the device's runtime PM status correctly in probe (Sakari Ailus)
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (Sakari Ailus)
- Revert "media: imx214: Fix the error handling in imx214_probe()" (Sakari Ailus)
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (Karina Yankevich)
- media: imx219: Adjust PLL settings based on the number of MIPI lanes (Dave Stevenson)
- media: platform: stm32: Add check for clk_enable() (Jiasheng Jiang)
- media: visl: Fix ERANGE error when setting enum controls (Nicolas Dufresne)
- media: hi556: Fix memory leak (on error) in hi556_check_hwcfg() (Hans de Goede)
- media: streamzap: prevent processing IR data on URB failure (Murad Masimov)
- accel/ivpu: Fix PM related deadlocks in MS IOCTLs (Jacek Lawrynowicz)
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (Jonathan McDowell)
- mtd: rawnand: brcmnand: fix PM resume warning (Kamal Dasu)
- spi: cadence-qspi: Fix probe on AM62A LP SK (Miquel Raynal)
- KVM: arm64: Tear down vGIC on failed vCPU creation (Will Deacon)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list (Douglas Anderson)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB (Douglas Anderson)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (Douglas Anderson)
- arm64: cputype: Add MIDR_CORTEX_A76AE (Douglas Anderson)
- xenfs/xensyms: respect hypervisor's "next" indication (Jan Beulich)
- media: rockchip: rga: fix rga offset lookup (John Keeping)
- media: siano: Fix error handling in smsdvb_module_init() (Yuan Can)
- media: vim2m: print device name after registering device (Matthew Majewski)
- media: venus: hfi: add check to handle incorrect queue size (Vikash Garodia)
- media: venus: hfi: add a check to handle OOB in sfr region (Vikash Garodia)
- media: intel/ipu6: set the dev_parent of video device to pdev (Bingbu Cao)
- media: mgb4: Fix switched CMT frequency range "magic values" sets (Martin Tůma)
- media: i2c: adv748x: Fix test pattern selection mask (Niklas Söderlund)
- media: mgb4: Fix CMT registers update logic (Martin Tůma)
- media: uapi: rkisp1-config: Fix typo in extensible params example (Niklas Söderlund)
- media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning (Arnd Bergmann)
- media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (Jiasheng Jiang)
- dt-bindings: media: st,stmipid02: correct lane-polarities maxItems (Alain Volmat)
- auxdisplay: hd44780: Fix an API misuse in hd44780.c (Haoxiang Li)
- HID: pidff: Fix set_device_control() (Tomasz Pakuła)
- HID: pidff: Fix 90 degrees direction name North -> East (Tomasz Pakuła)
- HID: pidff: Compute INFINITE value instead of using hardcoded 0xffff (Tomasz Pakuła)
- HID: pidff: Clamp effect playback LOOP_COUNT value (Tomasz Pakuła)
- HID: pidff: Rename two functions to align them with naming convention (Tomasz Pakuła)
- HID: pidff: Remove redundant call to pidff_find_special_keys (Tomasz Pakuła)
- HID: pidff: Support device error response from PID_BLOCK_LOAD (Tomasz Pakuła)
- HID: pidff: Comment and code style update (Tomasz Pakuła)
- HID: hid-universal-pidff: Add Asetek wheelbases support (Tomasz Pakuła)
- HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX (Tomasz Pakuła)
- HID: pidff: Factor out pool report fetch and remove excess declaration (Tomasz Pakuła)
- HID: pidff: Use macros instead of hardcoded min/max values for shorts (Tomasz Pakuła)
- HID: pidff: Simplify pidff_rescale_signed (Tomasz Pakuła)
- HID: pidff: Move all hid-pidff definitions to a dedicated header (Tomasz Pakuła)
- HID: pidff: Factor out code for setting gain (Tomasz Pakuła)
- HID: pidff: Rescale time values to match field units (Tomasz Pakuła)
- HID: pidff: Define values used in pidff_find_special_fields (Tomasz Pakuła)
- HID: pidff: Simplify pidff_upload_effect function (Tomasz Pakuła)
- HID: pidff: Completely rework and fix pidff_reset function (Tomasz Pakuła)
- HID: pidff: Stop all effects before enabling actuators (Tomasz Pakuła)
- HID: pidff: Clamp PERIODIC effect period to device's logical range (Tomasz Pakuła)
- s390/pci: Fix s390_mmio_read/write syscall page fault handling (Niklas Schnelle)
- ext4: don't treat fhandle lookup of ea_inode as FS corruption (Jann Horn)
- bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags (Willem de Bruijn)
- erofs: set error to bio if file-backed IO fails (Sheng Yong)
- pwm: fsl-ftm: Handle clk_get_rate() returning 0 (Uwe Kleine-König)
- pwm: rcar: Improve register calculation (Uwe Kleine-König)
- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (Josh Poimboeuf)
- tpm: End any active auth session before shutdown (Jonathan McDowell)
- tpm, tpm_tis: Workaround failed command reception on Infineon devices (Jonathan McDowell)
- ktest: Fix Test Failures Due to Missing LOG_FILE Directories (Ayush Jain)
- tracing: probe-events: Add comments about entry data storing code (Masami Hiramatsu (Google))
- fbdev: omapfb: Add 'plane' value check (Leonid Arapov)
- drm/amdgpu: grab an additional reference on the gang fence v2 (Christian König)
- drm/amdgpu: Fix the race condition for draining retry fault (Emily Deng)
- PCI: Enable Configuration RRS SV early (Bjorn Helgaas)
- drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (Wentao Liang)
- PCI: Add Rockchip Vendor ID (Shawn Lin)
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (AngeloGioacchino Del Regno)
- drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (AngeloGioacchino Del Regno)
- drm/xe/xelp: Move Wa_16011163337 from tunings to workarounds (Tvrtko Ursulin)
- drm/amdkfd: debugfs hang_hws skip GPU with MES (Philip Yang)
- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (Philip Yang)
- drm/amdkfd: Fix mode1 reset crash issue (Philip Yang)
- drm/amdkfd: clamp queue size to minimum (David Yat Sin)
- drivers: base: devres: Allow to release group on device release (Lucas De Marchi)
- drm/amd/display: stop DML2 from removing pipes based on planes (Mike Katsnelson)
- drm/bridge: panel: forbid initializing a panel with unknown connector type (Luca Ceresoli)
- drm/debugfs: fix printk format for bridge index (Luca Ceresoli)
- drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (Andrew Wyatt)
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (Andrew Wyatt)
- drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (Andrew Wyatt)
- drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (Andrew Wyatt)
- drm: panel-orientation-quirks: Add support for AYANEO 2S (Andrew Wyatt)
- drm/amdgpu: Unlocked unmap only clear page table leaves (Philip Yang)
- drm/amd/display: Update Cursor request mode to the beginning prefetch always (Zhikai Zhai)
- drm/xe/vf: Don't try to trigger a full GT reset if VF (Michal Wajdeczko)
- drm/xe/bmg: Add new PCI IDs (Shekhar Chauhan)
- drm: allow encoder mode_set even when connectors change for crtc (Abhinav Kumar)
- Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE (Pedro Nishiyama)
- Bluetooth: Add quirk for broken READ_VOICE_SETTING (Pedro Nishiyama)
- Bluetooth: qca: simplify WCN399x NVM loading (Dmitry Baryshkov)
- Bluetooth: hci_qca: use the power sequencer for wcn6750 (Janaki Ramaiah Thota)
- Bluetooth: btusb: Add 2 HWIDs for MT7922 (Jiande Lu)
- Bluetooth: hci_uart: fix race during initialization (Arseniy Krasnov)
- Bluetooth: btintel_pcie: Add device id of Whale Peak (Kiran K)
- tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER (Gabriele Paoloni)
- net: vlan: don't propagate flags on open (Stanislav Fomichev)
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (Icenowy Zheng)
- btrfs: harden block_group::bg_list against list_del() races (Boris Burkov)
- ahci: Marvell 88SE9215 controllers prefer DMA for ATAPI (Huacai Chen)
- scsi: st: Fix array overflow in st_setup() (Kai Mäkisara)
- cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (Philipp Hahn)
- ext4: ignore xattrs past end (Bhupesh)
- Revert "f2fs: rebuild nat_bits during umount" (Chao Yu)
- ext4: protect ext4_release_dquot against freezing (Ojaswin Mujoo)
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller (Daniel Kral)
- net: sfp: add quirk for FS SFP-10GM-T copper SFP+ module (Martin Schiller)
- f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() (Chao Yu)
- wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (Manish Dharanenthiran)
- net: sfp: add quirk for 2.5G OEM BX SFP (Birger Koblitz)
- ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode (Niklas Cassel)
- jfs: add sanity check for agwidth in dbMount (Edward Adam Davis)
- jfs: Prevent copying of nlink with value 0 from disk inode (Edward Adam Davis)
- fs/jfs: Prevent integer overflow in AG size calculation (Rand Deeb)
- fs/jfs: cast inactags to s64 to prevent potential overflow (Rand Deeb)
- jfs: Fix uninit-value access of imap allocated in the diMount() function (Zhongqiu Han)
- can: flexcan: add NXP S32G2/S32G3 SoC support (Ciprian Marian Costea)
- can: flexcan: Add quirk to handle separate interrupt lines for mailboxes (Ciprian Marian Costea)
- page_pool: avoid infinite loop to schedule delayed worker (Jason Xing)
- net: usb: asix_devices: add FiberGecko DeviceID (Max Schulze)
- scsi: target: spc: Fix RSOC parameter data header size (Chaohai Chen)
- wifi: mac80211: ensure sdata->work is canceled before initialized. (Miri Korenblit)
- wifi: mac80211: add strict mode disabling workarounds (Johannes Berg)
- f2fs: don't retry IO for corrupted data scenario (Chao Yu)
- net: page_pool: don't cast mp param to devmem (Pavel Begunkov)
- ata: libata-core: Add 'external' to the libata.force kernel parameter (Niklas Cassel)
- wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (P Praneesh)
- wifi: ath12k: fix memory leak in ath12k_pci_remove() (Miaoqing Pan)
- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (Miaoqing Pan)
- wifi: ath11k: Fix DMA buffer allocation to resolve SWIOTLB issues (P Praneesh)
- platform/x86: x86-android-tablets: Add select POWER_SUPPLY to Kconfig (Hans de Goede)
- ASoC: amd: yc: update quirk data for new Lenovo model (Syed Saba kareem)
- ASoC: amd: Add DMI quirk for ACP6X mic support (keenplify)
- ALSA: usb-audio: Fix CME quirk for UF series keyboards (Ricard Wanderlof)
- mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (Kaustabh Chakraborty)
- media: s5p-mfc: Corrected NV12M/NV21M plane-sizes (Aakarsh Jain)
- media: uvcvideo: Add quirk for Actions UVC05 (Ricardo Ribalda)
- ASoC: fsl_audmix: register card device depends on 'dais' property (Shengjiu Wang)
- ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (Maxim Mikityanskiy)
- ALSA: hda: intel: Fix Optimus when GPU has no sound (Maxim Mikityanskiy)
- ASoC: amd: ps: use macro for ACP6.3 pci revision id (Vijendar Mukunda)
- HID: pidff: Fix null pointer dereference in pidff_find_fields (Tomasz Pakuła)
- HID: pidff: Add PERIODIC_SINE_ONLY quirk (Tomasz Pakuła)
- HID: Add hid-universal-pidff driver and supported device ids (Tomasz Pakuła)
- HID: pidff: Add FIX_WHEEL_DIRECTION quirk (Tomasz Pakuła)
- HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol (Tomasz Pakuła)
- HID: pidff: Add PERMISSIVE_CONTROL quirk (Tomasz Pakuła)
- HID: pidff: Add MISSING_PBO quirk and its detection (Tomasz Pakuła)
- HID: pidff: Add MISSING_DELAY quirk and its detection (Tomasz Pakuła)
- HID: pidff: Do not send effect envelope if it's empty (Tomasz Pakuła)
- HID: pidff: Convert infinite length from Linux API to PID standard (Tomasz Pakuła)
- ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (Zhang Heng)
- platform/chrome: cros_ec_lpc: Match on Framework ACPI device (Daniel Schaefer)
- zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault (Ingo Molnar)
- xen/mcelog: Add __nonstring annotations for unterminated strings (Kees Cook)
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (Douglas Anderson)
- Flush console log from kernel_power_off() (Paul E. McKenney)
- PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() (Lizhi Xu)
- perf/dwc_pcie: fix some unreleased resources (Yunhui Cui)
- perf: arm_pmu: Don't disable counter in armpmu_add() (Mark Rutland)
- x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine (Max Grobecker)
- x86/ia32: Leave NULL selector values 0~3 unchanged (Xin Li (Intel))
- x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 (Uros Bizjak)
- x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW (Matthew Wilcox (Oracle))
- pm: cpupower: bench: Prevent NULL dereference on malloc failure (Zhongqiu Han)
- umount: Allow superblock owners to force umount (Trond Myklebust)
- fs: consistently deref the files table with rcu_dereference_raw() (Mateusz Guzik)
- iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (Louis-Alexis Eyraud)
- iommu/exynos: Fix suspend/resume with IDENTITY domain (Marek Szyprowski)
- nft_set_pipapo: fix incorrect avx2 match of 5th field octet (Florian Westphal)
- net: ppp: Add bound checking for skb data on ppp_sync_txmung (Arnaud Lecomte)
- ipv6: Align behavior across nexthops during path selection (Ido Schimmel)
- net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (Vladimir Oltean)
- net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() (Vladimir Oltean)
- smb: client: fix UAF in decryption with multichannel (Paulo Alcantara)
- net_sched: sch_sfq: move the limit validation (Octavian Purdila)
- net_sched: sch_sfq: use a temporary work area for validating configuration (Octavian Purdila)
- nvmet-fcloop: swap list_add_tail arguments (Daniel Wagner)
- drm/i915/huc: Fix fence not released on early probe errors (Janusz Krzysztofik)
- ata: sata_sx4: Add error handling in pdc20621_i2c_read() (Wentao Liang)
- net: libwx: handle page_pool_dev_alloc_pages error (Chenyuan Yang)
- drm/tests: probe-helper: Fix drm_display_mode memory leak (Maxime Ripard)
- drm/tests: modes: Fix drm_display_mode memory leak (Maxime Ripard)
- drm/tests: cmdline: Fix drm_display_mode memory leak (Maxime Ripard)
- drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (Maxime Ripard)
- drm/tests: modeset: Fix drm_display_mode memory leak (Maxime Ripard)
- net: ethtool: Don't call .cleanup_data when prepare_data fails (Maxime Chevallier)
- tc: Ensure we have enough buffer space when sending filter netlink notifications (Toke Høiland-Jørgensen)
- octeontx2-pf: qos: fix VF root node parent queue index (Hariprasad Kelam)
- net: tls: explicitly disallow disconnect (Jakub Kicinski)
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Cong Wang)
- tipc: fix memory leak in tipc_link_xmit (Tung Nguyen)
- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (Josh Poimboeuf)
- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (Henry Martin)
- drm/xe/hw_engine: define sysfs_ops on all directories (Tejas Upadhyay)
- x86/acpi: Don't limit CPUs to 1 for Xen PV guests due to disabled ACPI (Petr Vaněk)
- drm/i915: Disable RPG during live selftest (Badal Nilawar)
- ublk: fix handling recovery & reissue in ublk_abort_queue() (Ming Lei)
- ublk: refactor recovery configuration flag helpers (Uday Shankar)
- selftests/futex: futex_waitv wouldblock test should fail (Edward Liaw)
- gpiolib: of: Fix the choice for Ingenic NAND quirk (Andy Shevchenko)
- cgroup/cpuset: Further optimize code if CONFIG_CPUSETS_V1 not set (Waiman Long)
- cgroup/cpuset: Enforce at most one rebuild_sched_domains_locked() call per operation (Waiman Long)
- cgroup/cpuset: Revert "Allow suppression of sched domain rebuild in update_cpumasks_hier()" (Waiman Long)
- cgroup/cpuset: Fix error handling in remote_partition_disable() (Waiman Long)
- cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask() (Waiman Long)
- ASoC: Intel: adl: add 2xrt1316 audio configuration (Bard Liao)

ELSA-2025-8837 Important: Oracle Linux 9 mod_security security update

Oracle Linux Security Advisory ELSA-2025-8837

http://linux.oracle.com/errata/ELSA-2025-8837.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
mod_security-2.9.6-2.el9_6.x86_64.rpm
mod_security-mlogc-2.9.6-2.el9_6.x86_64.rpm

aarch64:
mod_security-2.9.6-2.el9_6.aarch64.rpm
mod_security-mlogc-2.9.6-2.el9_6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//mod_security-2.9.6-2.el9_6.src.rpm

Related CVEs:

CVE-2025-47947

Description of changes:

[2.9.6-2]
- add fix for CVE-2025-47947
- Resolves: RHEL-93016

ELSA-2025-8916 Moderate: Oracle Linux 9 grafana-pcp security update

Oracle Linux Security Advisory ELSA-2025-8916

http://linux.oracle.com/errata/ELSA-2025-8916.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-pcp-5.1.1-11.el9_6.x86_64.rpm

aarch64:
grafana-pcp-5.1.1-11.el9_6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//grafana-pcp-5.1.1-11.el9_6.src.rpm

Related CVEs:

CVE-2025-22871

Description of changes:

[5.1.1-11]
- Resolves RHEL-89314: CVE-2025-22871

ELSA-2025-8813 Important: Oracle Linux 9 .NET 8.0 security update

Oracle Linux Security Advisory ELSA-2025-8813

http://linux.oracle.com/errata/ELSA-2025-8813.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
aspnetcore-runtime-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm
aspnetcore-runtime-dbg-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm
aspnetcore-targeting-pack-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm
dotnet-apphost-pack-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm
dotnet-hostfxr-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm
dotnet-runtime-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm
dotnet-runtime-dbg-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm
dotnet-sdk-8.0-8.0.117-1.0.1.el9_6.x86_64.rpm
dotnet-sdk-dbg-8.0-8.0.117-1.0.1.el9_6.x86_64.rpm
dotnet-targeting-pack-8.0-8.0.17-1.0.1.el9_6.x86_64.rpm
dotnet-templates-8.0-8.0.117-1.0.1.el9_6.x86_64.rpm
dotnet-sdk-8.0-source-built-artifacts-8.0.117-1.0.1.el9_6.x86_64.rpm

aarch64:
aspnetcore-runtime-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm
aspnetcore-runtime-dbg-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm
aspnetcore-targeting-pack-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm
dotnet-apphost-pack-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm
dotnet-hostfxr-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm
dotnet-runtime-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm
dotnet-runtime-dbg-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm
dotnet-sdk-8.0-8.0.117-1.0.1.el9_6.aarch64.rpm
dotnet-sdk-dbg-8.0-8.0.117-1.0.1.el9_6.aarch64.rpm
dotnet-targeting-pack-8.0-8.0.17-1.0.1.el9_6.aarch64.rpm
dotnet-templates-8.0-8.0.117-1.0.1.el9_6.aarch64.rpm
dotnet-sdk-8.0-source-built-artifacts-8.0.117-1.0.1.el9_6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//dotnet8.0-8.0.117-1.0.1.el9_6.src.rpm

Related CVEs:

CVE-2025-30399

Description of changes:

[8.0.117-1.0.1]
- Add support for Oracle Linux

[8.0.117-1]
- Update to .NET SDK 8.0.117 and Runtime 8.0.17
- Resolves: RHEL-94420

ELSA-2025-8643 Important: Oracle Linux 9 kernel security update

Oracle Linux Security Advisory ELSA-2025-8643

http://linux.oracle.com/errata/ELSA-2025-8643.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-abi-stablelists-5.14.0-570.21.1.0.1.el9_6.noarch.rpm
kernel-core-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-debug-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-debug-core-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-debug-devel-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-debug-devel-matched-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-core-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-extra-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-debug-uki-virt-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-devel-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-devel-matched-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-doc-5.14.0-570.21.1.0.1.el9_6.noarch.rpm
kernel-headers-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-modules-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-modules-core-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-modules-extra-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-tools-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-tools-libs-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-uki-virt-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-uki-virt-addons-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
perf-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
python3-perf-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
rtla-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
rv-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-cross-headers-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
kernel-tools-libs-devel-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm
libperf-5.14.0-570.21.1.0.1.el9_6.x86_64.rpm

aarch64:
kernel-headers-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm
kernel-tools-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm
kernel-tools-libs-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm
perf-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm
python3-perf-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm
rtla-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm
rv-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm
kernel-cross-headers-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm
kernel-tools-libs-devel-5.14.0-570.21.1.0.1.el9_6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-570.21.1.0.1.el9_6.src.rpm

Related CVEs:

CVE-2025-21920
CVE-2025-21926
CVE-2025-21997
CVE-2025-22055
CVE-2025-37785
CVE-2025-37943

Description of changes:

[5.14.0-570.21.1.0.1.el9_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 64 (Geetha Sowjanya)
- ring-buffer: Fix bytes_dropped calculation issue (Feng Yang)
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) [Orabug: 37976879] {CVE-2025-37937}
- fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche)
- perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo)
- perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo)
- perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo)
- ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) [Orabug: 37844394] {CVE-2025-22079}
- kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain)
- perf units: Fix insufficient array space (Arnaldo Carvalho de Melo)
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron)
- coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen)
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz)
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn)
- mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) [Orabug: 37844422] {CVE-2025-22086}
- power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber)
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn)
- clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet)
- clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet)
- clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet)
- IB/mad: Check available slots before posting receive WRs (Maher Sanalla)
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis)
- pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro)
- lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal)
- clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet)
- fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov)
- mdacon: rework dependency list (Arnd Bergmann)
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring)
- PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo Järvinen)
- PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter)
- PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang)
- PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) [Orabug: 37844108] {CVE-2024-58093}
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno)
- ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai)
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen)
- lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior)
- PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki)
- thermal: int340x: Add NULL check for adev (Chenyuan Yang) [Orabug: 37844584] {CVE-2025-23136}
- EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo)
- EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo)
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo)
- selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher)
- x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann)
- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg)
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan)
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport)
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) [Orabug: 37844141] {CVE-2025-22020}
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda)
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda)
- tty: serial: 8250: Add some more device IDs (Cameron Williams)
- counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier)
- netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) [Orabug: 37844145] {CVE-2025-22021}
- ARM: Remove address checking for MMUless devices (Yanjun Yang)
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook)
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook)
- atm: Fix NULL pointer dereference (Minjoong Kim) [Orabug: 37838897] {CVE-2025-22018}
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge)
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge)
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) [Orabug: 37828196] {CVE-2025-21996}
- batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann)
- ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven)
- mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen)
- drm/v3d: Don't run jobs that have errors flagged in its fence (Maíra Canal)
- i2c: omap: fix IRQ storms (Andreas Kemnade)
- net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma)
- net: atm: fix use after free in lec_send() (Dan Carpenter) [Orabug: 37828221] {CVE-2025-22004}
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima)
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) [Orabug: 37828229] {CVE-2025-22005}
- Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) [Orabug: 37828235] {CVE-2025-22007}
- RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel)
- xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu)
- firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori)
- i2c: sis630: Fix an error handling path in sis630_probe() (Christophe Jaillet)
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe Jaillet)
- i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe Jaillet)
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe Jaillet)
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov)
- qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li)
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) [Orabug: 37828049] {CVE-2025-21956}
- drm/atomic: Filter out redundant DPMS calls (Ville Syrjälä)
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) [Orabug: 37828167] {CVE-2025-21991}
- USB: serial: option: match on interface class for Telit FN990B (Johan Hovold)
- USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda)
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng)
- block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei)
- drm/nouveau: Do not override forced connector status (Thomas Zimmermann)
- x86/irq: Define trace events conditionally (Arnd Bergmann)
- fuse: don't truncate cached, mutated symlink (Miklos Szeredi)
- nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner)
- sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin)
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li)
- ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto)
- s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter)
- HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao) [Orabug: 37828174] {CVE-2025-21992}
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu)
- ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding)
- scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) [Orabug: 37828056] {CVE-2025-21957}
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) [Orabug: 37828181] {CVE-2025-21993}
- powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori)
- hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko)
- nvme-fc: go straight to connecting state when initializing (Daniel Wagner)
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran)
- netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin)
- net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) [Orabug: 37828110] {CVE-2025-21971}
- ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter)
- netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) [Orabug: 37828064] {CVE-2025-21959}
- Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley)
- drivers/hv: Replace binary semaphore with mutex (Davidlohr Bueso)
- netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao)
- netpoll: netpoll_send_skb() returns transmit status (Eric Dumazet)
- netpoll: move netpoll_send_skb() out of line (Eric Dumazet)
- netpoll: remove dev argument from netpoll_send_skb_on_dev() (Eric Dumazet)
- netpoll: Fix use correct return type for ndo_start_xmit() (Yunjian Wang)
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber)
- sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov)
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse)

[5.4.17-2136.344.1.el8uek]
- RDS: avoid using offlined CPU during reconnect (Arumugam Kolappan) [Orabug: 37800559]
- x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800729]
- x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800729]
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size (Boris Ostrovsky) [Orabug: 37800729]
- nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37861518]

ELSA-2025-8958 Moderate: Oracle Linux 8 libxml2 security update

Oracle Linux Security Advisory ELSA-2025-8958

http://linux.oracle.com/errata/ELSA-2025-8958.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libxml2-2.9.7-20.el8_10.i686.rpm
libxml2-2.9.7-20.el8_10.x86_64.rpm
libxml2-devel-2.9.7-20.el8_10.i686.rpm
libxml2-devel-2.9.7-20.el8_10.x86_64.rpm
python3-libxml2-2.9.7-20.el8_10.x86_64.rpm

aarch64:
libxml2-2.9.7-20.el8_10.aarch64.rpm
libxml2-devel-2.9.7-20.el8_10.aarch64.rpm
python3-libxml2-2.9.7-20.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//libxml2-2.9.7-20.el8_10.src.rpm

Related CVEs:

CVE-2025-32414

Description of changes:

[2.9.7-20]
- Fix CVE-2025-32414 (RHEL-88198)

ELBA-2025-8743-1 Oracle Linux 8 kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-8743-1

http://linux.oracle.com/errata/ELBA-2025-8743-1.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.56.1.0.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.56.1.0.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
perf-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.56.1.0.1.el8_10.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-553.56.1.0.1.el8_10.src.rpm

Description of changes:

[4.18.0-553.56.1.0.1.el8_10.OL8]
- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 _flags & _IO_USER_LOCK) == 0)
_IO_lock_lock (*stream->_lock);
OraBug: 28481550.
Reviewed-by: Qing Zhao [qing.zhao@oracle.com]

[2.28-251.22]
- CVE-2025-4802: static setuid dlopen may search LD_LIBRARY_PATH (RHEL-92685)

[2.28-251.21]
- elf: Keep using minimal malloc after early DTV resize (RHEL-71921)

[2.28-251.20]
- Add missing libnss_testX.so requirement for tst-nss-test3 (RHEL-88813)

[2.28-251.19]
- libio: Fix a deadlock after fork in popen
- libio: Correctly link tst-popen-fork against libpthread (RHEL-86018)

[2.28-251.18]
- x86: Avoid integer truncation with large cache sizes (RHEL-76387)

[2.28-251.17]
- x86: Check the lower byte of EAX of CPUID leaf 2 (RHEL-76211)

[2.28-251.16]
- nscd: Fix an unlikely TTL issue in the netgroup cache (RHEL-35280)

[2.28-251.15]
- CVE-2025-0395: Fix a buffer overflow in assert (RHEL-83306)

[2.28-251.14]
- Correct locking and cancellation cleanup in syslog functions (RHEL-78390)

[2.28-251.13]
- Restore internal ABI to avoid tooling false positives (RHEL-8381)

[2.28-251.12]
- Fix missed wakeup in POSIX thread condition variables (RHEL-8381)

[2.28-251.11]
- add GB18030-2022 charmap and tests (RHEL-67806)

[2.28-251.10]
- Remove some unused ppc64le string functions (RHEL-61259)

[2.28-251.9]
- Use /sbin/ldconfig path for lorax compatibility (RHEL-63048)

[2.28-251.8]
- aarch64: MTE compatible strncmp (RHEL-61255)

[2.28-251.7]
- Use UsrMove path destination in the RPM files (RHEL-63048)

[2.28-251.6]
- s390x: Fix segfault in wcsncmp
- Enhanced test coverage for strncmp, wcsncmp (RHEL-49490)

[2.28-251.5]
- elf: Clarify and invert second argument of _dl_allocate_tls_init
- elf: Avoid re-initializing already allocated TLS in dlopen (RHEL-36147)

[2.28-251.4]
- elf: Avoid some free (NULL) calls in _dl_update_slotinfo
- elf: Support recursive use of dynamic TLS in interposed malloc (RHEL-39994)

[2.28-251.3]
- Update i386 libm-test-ulps (RHEL-52428)

[2.28-251.2]
- CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34264)
- CVE-2024-33600: nscd: null pointer dereferences in netgroup cache (RHEL-34267)
- CVE-2024-33601: nscd: crash on out-of-memory condition (RHEL-34271)
- CVE-2024-33602: nscd: memory corruption with NSS netgroup modules (RHEL-34273)

[2.28-251.1]
- CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-31804)

[2.28-251]
- Cache information in x86_64 ld.so --list-diagnostics output (RHEL-21997)

[2.28-250]
- getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19445)

[2.28-249]
- Updates for AMD cache size computation (RHEL-3010)

[2.28-248]
- Re-enable output buffering for wide stdio streams (RHEL-19824)

[2.28-247]
- Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17468)

[2.28-246]
- Include CentOS Hyperscaler SIG patches backported by Intel (RHEL-15696)

[2.28-245]
- Improve compatibility between underlinking and IFUNC resolvers (RHEL-16825)

[2.28-244]
- Restore compatibility with C90 compilers (RHEL-15867)

[2.28-243]
- ldconfig should skip temporary files created by RPM (RHEL-13720)

[2.28-242]
- Fix force-first handling in dlclose (RHEL-10481)

[2.28-241]
- Avoid lazy binding failures during dlclose (RHEL-3639)

[2.28-240]
- Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-12894)

[2.28-239]
- nscd: Skip unusable entries in first pass in prune_cache (RHEL-1192)

[2.28-238]
- Fix slow tls access after dlopen (RHEL-2122)

[2.28-237]
- Enable running a single test from the testsuite (RHEL-3757)

[2.28-236.7]
- CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3036)

[2.28-236.6]
- Revert: Always call destructors in reverse constructor order (#2233338)

[2.28-236.5]
- CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2423)

[2.28-236.4]
- CVE-2023-4813: Work around RHEL-8 limitation in test (RHEL-2435)

[2.28-236.3]
- CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435)

[2.28-236.2]
- CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaaa mode (#2234714)

[2.28-236.1]
- Always call destructors in reverse constructor order (#2233338)

[2.28-236]
- Fix string and memory function tuning on small systems (#2180462)

[2.28-235]
- Fix temporal threshold calculations (#2180462)

[2.28-234]
- Ignore symbolic link change on /etc/nsswitch.conf (#2229709)

[2.28-233]
- Update test to closer match upstream. (#2176707)

[2.28-232]
- Make libSegFault.so NODELETE (#2224348)

[2.28-231]
- Update ESTALE error message translations (#2186781)

[2.28-230]
- Don't block SIGCHILD when system() is called concurrently (#2176707)

[2.28-229]
- resolv_conf: release lock on allocation failure (#2213909)

[2.28-228]
- gmon: Various bug fixes (#2180155)

[2.28-227]
- Change sgetsgent_r to set errno. (#2172949)

[2.28-226]
- Fix incorrect inline feraiseexcept on i686, x86-64 (#2183081)

[2.28-225]
- Enforce a specififc internal ordering for tunables (#2154914)

[2.28-224]
- Fix rtld-audit trampoline for aarch64 (#2144568)

[2.28-223]
- Backport upstream fixes to tst-pldd (#2142937)

[2.28-222]
- Restore IPC_64 support in sysvipc *ctl functions (#2141989)

[2.28-221]
- Switch to fast DSO dependency sorting algorithm (#1159809)

[2.28-220]
- Explicitly switch to --with-default-link=no (#2109510)
- Define MAP_SYNC on ppc64le (#2139875)

[2.28-219]
- Fix -Wstrict-overflow warning when using CMSG_NXTHDR macro (#2116938)

[2.28-218]
- Fix dlmopen/dlclose/dlmopen sequence and libc initialization (#2121746)

[2.28-217]
- Fix memory corruption in printf with thousands separators and large
integer width (#2122501)

[2.28-216]
- Retain .gnu_debuglink section for libc.so.6 (#2115830)
- Remove .annobin* symbols from ld.so
- Remove redundant ld.so debuginfo file

[2.28-215]
- Improve malloc implementation (#1871383)

[2.28-214]
- Fix hwcaps search path size computation (#2125222)

[2.28-213]
- Fix nscd netlink cache invalidation if epoll is used (#2122498)

[2.28-212]
- Run tst-audit-tlsdesc, tst-audit-tlsdesc-dlopen everywhere (#2118667)

[2.28-211]
- Preserve GLRO (dl_naudit) internal ABI (#2119304)
- Avoid s390x ABI change due to z16 recognition on s390x (#2119304)

[2.28-210]
- Fix locale en_US@ampm (#2104907)

[2.28-209]
- Improve dynamic loader auditing interface (LD_AUDIT) (#2047981)
- Add dlinfo() API support for RTLD_DI_PHDR (#2097898)

[2.28-208]
- Update syscall-names.list to Linux 5.18. (#2080349)

[2.28-207]
- Add the no-aaaa DNS stub resolver option (#2096189)

[2.28-206]
- Fix deadlocks in pthread_atfork handlers (#1888660)

* Tue Jun 07 2022 DJ Delorie 64 (Geetha Sowjanya)
- ring-buffer: Fix bytes_dropped calculation issue (Feng Yang)
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) [Orabug: 37976879] {CVE-2025-37937}
- fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche)
- perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo)
- perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo)
- perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo)
- ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) [Orabug: 37844394] {CVE-2025-22079}
- kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain)
- perf units: Fix insufficient array space (Arnaldo Carvalho de Melo)
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron)
- coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen)
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz)
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn)
- mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) [Orabug: 37844422] {CVE-2025-22086}
- power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber)
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn)
- clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet)
- clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet)
- clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet)
- IB/mad: Check available slots before posting receive WRs (Maher Sanalla)
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis)
- pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro)
- lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal)
- clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet)
- fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov)
- mdacon: rework dependency list (Arnd Bergmann)
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring)
- PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo Järvinen)
- PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter)
- PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang)
- PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) [Orabug: 37844108] {CVE-2024-58093}
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno)
- ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai)
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen)
- lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior)
- PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki)
- thermal: int340x: Add NULL check for adev (Chenyuan Yang) [Orabug: 37844584] {CVE-2025-23136}
- EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo)
- EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo)
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo)
- selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher)
- x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann)
- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg)
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan)
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport)
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) [Orabug: 37844141] {CVE-2025-22020}
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda)
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda)
- tty: serial: 8250: Add some more device IDs (Cameron Williams)
- counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier)
- netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) [Orabug: 37844145] {CVE-2025-22021}
- ARM: Remove address checking for MMUless devices (Yanjun Yang)
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook)
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook)
- atm: Fix NULL pointer dereference (Minjoong Kim) [Orabug: 37838897] {CVE-2025-22018}
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge)
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge)
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) [Orabug: 37828196] {CVE-2025-21996}
- batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann)
- ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven)
- mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen)
- drm/v3d: Don't run jobs that have errors flagged in its fence (Maíra Canal)
- i2c: omap: fix IRQ storms (Andreas Kemnade)
- net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma)
- net: atm: fix use after free in lec_send() (Dan Carpenter) [Orabug: 37828221] {CVE-2025-22004}
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima)
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) [Orabug: 37828229] {CVE-2025-22005}
- Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) [Orabug: 37828235] {CVE-2025-22007}
- RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel)
- xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu)
- firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori)
- i2c: sis630: Fix an error handling path in sis630_probe() (Christophe Jaillet)
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe Jaillet)
- i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe Jaillet)
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe Jaillet)
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov)
- qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li)
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) [Orabug: 37828049] {CVE-2025-21956}
- drm/atomic: Filter out redundant DPMS calls (Ville Syrjälä)
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) [Orabug: 37828167] {CVE-2025-21991}
- USB: serial: option: match on interface class for Telit FN990B (Johan Hovold)
- USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda)
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng)
- block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei)
- drm/nouveau: Do not override forced connector status (Thomas Zimmermann)
- x86/irq: Define trace events conditionally (Arnd Bergmann)
- fuse: don't truncate cached, mutated symlink (Miklos Szeredi)
- nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner)
- sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin)
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li)
- ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto)
- s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter)
- HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao) [Orabug: 37828174] {CVE-2025-21992}
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu)
- ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding)
- scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) [Orabug: 37828056] {CVE-2025-21957}
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) [Orabug: 37828181] {CVE-2025-21993}
- powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori)
- hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko)
- nvme-fc: go straight to connecting state when initializing (Daniel Wagner)
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran)
- netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin)
- net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) [Orabug: 37828110] {CVE-2025-21971}
- ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter)
- netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) [Orabug: 37828064] {CVE-2025-21959}
- Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley)
- drivers/hv: Replace binary semaphore with mutex (Davidlohr Bueso)
- netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao)
- netpoll: netpoll_send_skb() returns transmit status (Eric Dumazet)
- netpoll: move netpoll_send_skb() out of line (Eric Dumazet)
- netpoll: remove dev argument from netpoll_send_skb_on_dev() (Eric Dumazet)
- netpoll: Fix use correct return type for ndo_start_xmit() (Yunjian Wang)
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber)
- sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov)
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse)

[5.4.17-2136.344.1.el8uek]
- RDS: avoid using offlined CPU during reconnect (Arumugam Kolappan) [Orabug: 37800559]
- x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800729]
- x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800729]
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size (Boris Ostrovsky) [Orabug: 37800729]
- nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37861518]

ELSA-2025-20372 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2025-20372

http://linux.oracle.com/errata/ELSA-2025-20372.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.344.4.1.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.344.4.1.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.344.4.1.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.344.4.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.344.4.1.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.344.4.1.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.344.4.1.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.344.4.1.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.344.4.1.el7uek.src.rpm

Related CVEs:

CVE-2023-52667
CVE-2024-38555
CVE-2024-50000
CVE-2024-50001
CVE-2024-58093
CVE-2025-21956
CVE-2025-21957
CVE-2025-21959
CVE-2025-21971
CVE-2025-21991
CVE-2025-21992
CVE-2025-21993
CVE-2025-21996
CVE-2025-22004
CVE-2025-22005
CVE-2025-22007
CVE-2025-22018
CVE-2025-22020
CVE-2025-22021
CVE-2025-22035
CVE-2025-22045
CVE-2025-22054
CVE-2025-22063
CVE-2025-22071
CVE-2025-22073
CVE-2025-22079
CVE-2025-22086
CVE-2025-23136
CVE-2025-37937
CVE-2025-38637

Description of changes:

[5.4.17-2136.344.4.1.el7uek]
- certs: Reference revocation list for all keyrings (Eric Snowberg) [Orabug: 38052126]

[5.4.17-2136.344.4.el7uek]
- certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967555]

[5.4.17-2136.344.3.el7uek]
- net/mlx5e: Don't call cleanup on profile rollback failure (Cosmin Ratiu) [Orabug: 37670859]
- net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (Elena Salomatkina) [Orabug: 37206299,37670859] {CVE-2024-50000}
- net/mlx5: Fix error path in multi-packet WQE transmit (Gerd Bayer) [Orabug: 37206302,37670859] {CVE-2024-50001}
- net/mlx5: Discard command completions in internal error (Akiva Goldberger) [Orabug: 36753438,37670859] {CVE-2024-38555}
- net/mlx5e: fix a potential double-free in fs_any_create_groups (Dinghao Liu) [Orabug: 36802351,37670859] {CVE-2023-52667}
- net/mlx5: Reclaim max 50K pages at once (Anand Khoje) [Orabug: 36275016]

[5.4.17-2136.344.2.el7uek]
- LTS tag: v5.4.292 (Alok Tiwari)
- jfs: add index corruption check to DT_GETPAGE() (Roman Smirnov)
- tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu) [Orabug: 37844202] {CVE-2025-22035}
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (Karel Balej)
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (Paul Menzel)
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn) [Orabug: 37844275] {CVE-2025-22045}
- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume (Guilherme G. Piccoli)
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (Markus Elfring)
- can: flexcan: only change CAN state when link up in system PM (Haibo Chen)
- arcnet: Add NULL check in com20020pci_probe() (Henry Martin) [Orabug: 37844303] {CVE-2025-22054}
- net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy (David Oberhollenzer)
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (Fernando Fernandez Mancera)
- vsock: avoid timeout during connect() if the socket is closing (Stefano Garzarella)
- net_sched: skbprio: Remove overly strict queue assertions (Cong Wang) [Orabug: 37855375] {CVE-2025-38637}
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu) [Orabug: 37844344] {CVE-2025-22063}
- ntb: intel: Fix using link status DB's (Nikita Shubin)
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Yajun Deng)
- spufs: fix a leak in spufs_create_context() (Al Viro) [Orabug: 37844365] {CVE-2025-22071}
- spufs: fix a leak on spufs_new_file() failure (Al Viro) [Orabug: 37844378] {CVE-2025-22073}
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (Tasos Sahanidis)
- can: statistics: use atomic access in hot path (Oliver Hartkopp)
- locking/semaphore: Use wake_q to wake up processes outside lock critical section (Waiman Long)
- sched/deadline: Use online cpus for validating runtime (Shrikanth Hegde)
- affs: don't write overlarge OFS data block size fields (Simon Tatham)
- affs: generate OFS sequence numbers starting at 1 (Simon Tatham)
- wifi: iwlwifi: fw: allocate chained SG tables for dump (Johannes Berg)
- sched/smt: Always inline sched_smt_active() (Josh Poimboeuf)
- octeontx2-af: Fix mbox INTR handler when num VFs > 64 (Geetha Sowjanya)
- ring-buffer: Fix bytes_dropped calculation issue (Feng Yang)
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) [Orabug: 37976879] {CVE-2025-37937}
- fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche)
- perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo)
- perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo)
- perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo)
- ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) [Orabug: 37844394] {CVE-2025-22079}
- kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain)
- perf units: Fix insufficient array space (Arnaldo Carvalho de Melo)
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron)
- coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen)
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz)
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn)
- mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) [Orabug: 37844422] {CVE-2025-22086}
- power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber)
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn)
- clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet)
- clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet)
- clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet)
- IB/mad: Check available slots before posting receive WRs (Maher Sanalla)
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis)
- pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro)
- lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal)
- clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet)
- fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov)
- mdacon: rework dependency list (Arnd Bergmann)
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring)
- PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo Järvinen)
- PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter)
- PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang)
- PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) [Orabug: 37844108] {CVE-2024-58093}
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno)
- ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai)
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen)
- lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior)
- PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki)
- thermal: int340x: Add NULL check for adev (Chenyuan Yang) [Orabug: 37844584] {CVE-2025-23136}
- EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo)
- EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo)
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo)
- selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher)
- x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann)
- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg)
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan)
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport)
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) [Orabug: 37844141] {CVE-2025-22020}
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda)
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda)
- tty: serial: 8250: Add some more device IDs (Cameron Williams)
- counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier)
- netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) [Orabug: 37844145] {CVE-2025-22021}
- ARM: Remove address checking for MMUless devices (Yanjun Yang)
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook)
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook)
- atm: Fix NULL pointer dereference (Minjoong Kim) [Orabug: 37838897] {CVE-2025-22018}
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge)
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge)
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) [Orabug: 37828196] {CVE-2025-21996}
- batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann)
- ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven)
- mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen)
- drm/v3d: Don't run jobs that have errors flagged in its fence (Maíra Canal)
- i2c: omap: fix IRQ storms (Andreas Kemnade)
- net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma)
- net: atm: fix use after free in lec_send() (Dan Carpenter) [Orabug: 37828221] {CVE-2025-22004}
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima)
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) [Orabug: 37828229] {CVE-2025-22005}
- Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) [Orabug: 37828235] {CVE-2025-22007}
- RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel)
- xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu)
- firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori)
- i2c: sis630: Fix an error handling path in sis630_probe() (Christophe Jaillet)
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe Jaillet)
- i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe Jaillet)
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe Jaillet)
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov)
- qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li)
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) [Orabug: 37828049] {CVE-2025-21956}
- drm/atomic: Filter out redundant DPMS calls (Ville Syrjälä)
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) [Orabug: 37828167] {CVE-2025-21991}
- USB: serial: option: match on interface class for Telit FN990B (Johan Hovold)
- USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda)
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng)
- block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei)
- drm/nouveau: Do not override forced connector status (Thomas Zimmermann)
- x86/irq: Define trace events conditionally (Arnd Bergmann)
- fuse: don't truncate cached, mutated symlink (Miklos Szeredi)
- nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner)
- sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin)
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li)
- ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto)
- s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter)
- HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao) [Orabug: 37828174] {CVE-2025-21992}
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu)
- ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding)
- scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) [Orabug: 37828056] {CVE-2025-21957}
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) [Orabug: 37828181] {CVE-2025-21993}
- powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori)
- hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko)
- nvme-fc: go straight to connecting state when initializing (Daniel Wagner)
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran)
- netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin)
- net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) [Orabug: 37828110] {CVE-2025-21971}
- ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter)
- netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) [Orabug: 37828064] {CVE-2025-21959}
- Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley)
- drivers/hv: Replace binary semaphore with mutex (Davidlohr Bueso)
- netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao)
- netpoll: netpoll_send_skb() returns transmit status (Eric Dumazet)
- netpoll: move netpoll_send_skb() out of line (Eric Dumazet)
- netpoll: remove dev argument from netpoll_send_skb_on_dev() (Eric Dumazet)
- netpoll: Fix use correct return type for ndo_start_xmit() (Yunjian Wang)
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber)
- sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov)
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse)

[5.4.17-2136.344.1.el7uek]
- RDS: avoid using offlined CPU during reconnect (Arumugam Kolappan) [Orabug: 37800559]
- x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800729]
- x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800729]
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size (Boris Ostrovsky) [Orabug: 37800729]
- nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37861518]

[5.4.17-2136.343.5.el7uek]
- sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283,37846673] {CVE-2025-21638}
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497303,37846668] {CVE-2025-21640}
- uek-rpm: remove .el7 from shim version (Samasth Norway Ananda) [Orabug: 37834734]

[5.4.17-2136.343.4.el7uek]
- bpf: Use preempt_count() directly in bpf_send_signal_common() (Hou Tao)
- Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" (Magali Lemes)
- jfs: fix slab-out-of-bounds read in ea_get() (Qasim Ijaz) [Orabug: 37855411] {CVE-2025-39735}
- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (John Keeping)
- Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" (Magali Lemes)
- net: usb: usbnet: restore usb%d name exception for local mac addresses (Dominique Martinet)
- vlan: fix memory leak in vlan_newlink() (Eric Dumazet)
- rds: ib: Fix NULL ptr deref in rds_ib_cq_follow_affinity (Håkon Bugge) [Orabug: 37747826]

[5.4.17-2136.343.3.el7uek]
- LTS tag: v5.4.291 (Sherry Yang)
- eeprom: digsy_mtc: Make GPIO lookup table match the device (Andy Shevchenko)
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (Visweswara Tanuku) [Orabug: 37827905] {CVE-2025-21914}
- intel_th: pci: Add Panther Lake-P/U support (Alexander Shishkin)
- intel_th: pci: Add Panther Lake-H support (Alexander Shishkin)
- intel_th: pci: Add Arrow Lake support (Pawel Chmielewski)
- Squashfs: check the inode number is not the invalid value of zero (Phillip Lougher) [Orabug: 36597911] {CVE-2024-26982}
- xhci: pci: Fix indentation in the PCI device ID definitions (Andy Shevchenko)
- usb: gadget: Check bmAttributes only if configuration is valid (Prashanth K)
- usb: gadget: Fix setting self-powered state on suspend (Marek Szyprowski)
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (Prashanth K)
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (AngeloGioacchino Del Regno)
- usb: typec: ucsi: increase timeout for PPM reset operations (Fedor Pchelkin)
- usb: atm: cxacru: fix a flaw in existing endpoint checks (Nikita Zhandarovich) [Orabug: 37828336] {CVE-2025-21916}
- usb: renesas_usbhs: Flush the notify_hotplug_work (Claudiu Beznea) [Orabug: 37827913] {CVE-2025-21917}
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (Miao Li)
- usb: renesas_usbhs: Use devm_usb_get_phy() (Claudiu Beznea)
- usb: renesas_usbhs: Call clk_put() (Claudiu Beznea)
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (Christian Heusel)
- gpio: rcar: Fix missing of_node_put() call (Fabrizio Castro)
- net: ipv6: fix missing dst ref drop in ila lwtunnel (Justin Iurman)
- net: ipv6: fix dst ref loop in ila lwtunnel (Justin Iurman)
- net-timestamp: support TCP GSO case for a few missing flags (Jason Xing)
- vlan: enforce underlying device type (Oscar Maes) [Orabug: 37827929] {CVE-2025-21920}
- ppp: Fix KMSAN uninit-value warning with bpf (Jiayuan Chen) [Orabug: 37827937] {CVE-2025-21922}
- be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink (Nikolay Aleksandrov)
- drm/sched: Fix preprocessor guard (Philipp Stanner)
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (Xinghuo Chen)
- llc: do not use skb_get() before dev_queue_xmit() (Eric Dumazet) [Orabug: 37827950] {CVE-2025-21925}
- hwmon: (ad7314) Validate leading zero bits and return error (Erik Schumacher)
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (Maud Spierings)
- hwmon: (pmbus) Initialise page count in pmbus_identify() (Titus Rwantare)
- caif_virtio: fix wrong pointer check in cfv_probe() (Vitaliy Shevtsov) [Orabug: 37827863] {CVE-2025-21904}
- net: gso: fix ownership in __udp_gso_segment (Antoine Tenart) [Orabug: 37827956] {CVE-2025-21926}
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (Zhang Lixu) [Orabug: 37827964] {CVE-2025-21928}
- HID: google: fix unused variable warning under !CONFIG_ACPI (Yu-Chun Lin)
- wifi: iwlwifi: limit printed string from FW file (Johannes Berg) [Orabug: 37827870] {CVE-2025-21905}
- mm/page_alloc: fix uninitialized variable (Hao Zhang)
- rapidio: fix an API misues when rio_add_net() fails (Haoxiang Li) [Orabug: 37827984] {CVE-2025-21934}
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (Haoxiang Li) [Orabug: 37827989] {CVE-2025-21935}
- wifi: nl80211: reject cooked mode if it is set along with other flags (Vitaliy Shevtsov) [Orabug: 37827880] {CVE-2025-21909}
- wifi: cfg80211: regulatory: improve invalid hints checking (Nikita Zhandarovich) [Orabug: 37827887] {CVE-2025-21910}
- x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 (Ahmed S. Darwish)
- x86/cpu: Validate CPUID leaf 0x2 EDX output (Ahmed S. Darwish)
- x86/cacheinfo: Validate CPUID leaf 0x2 EDX output (Ahmed S. Darwish)
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (Mingcong Bai)
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (Richard Thier)
- ALSA: hda/realtek: update ALC222 depop optimize (Kailang Yang)
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (Hoku Ishibe)
- HID: appleir: Fix potential NULL dereference at raw event handle (Daniil Dulov) [Orabug: 37828025] {CVE-2025-21948}
- Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" (Rob Herring)
- drm/amdgpu: disable BAR resize on Dell G5 SE (Alex Deucher)
- drm/amdgpu: Check extended configuration space register when system uses large bar (Ma Jun)
- drm/amdgpu: skip BAR resizing if the bios already did it (Alex Deucher)
- acct: perform last write from workqueue (Christian Brauner) [Orabug: 37702044] {CVE-2025-21846}
- kernel/acct.c: use dedicated helper to access rlimit values (Yang Yang)
- kernel/acct.c: use #elif instead of #end and #elif (Sh_Def)
- drop_monitor: fix incorrect initialization order (Gavrilov Ilia) [Orabug: 37702107] {CVE-2025-21862}
- pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (Quang Le) [Orabug: 37611837] {CVE-2025-21702}
- sched/core: Prevent rescheduling when interrupts are disabled (Thomas Gleixner) [Orabug: 37766213] {CVE-2024-58090}
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (Kaustabh Chakraborty)
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (Bh Hsieh)
- usbnet: gl620a: fix endpoint checking in genelink_bind() (Nikita Zhandarovich) [Orabug: 37766256] {CVE-2025-21877}
- perf/core: Fix low freq setting via IOC_PERIOD (Kan Liang)
- ftrace: Avoid potential division by zero in function_stat_show() (Nikolay Kuratov) [Orabug: 37827849] {CVE-2025-21898}
- x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems (Russell Senior)
- net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. (Harshal Chaudhari)
- ipvs: Always clear ipvs_property flag in skb_scrub_packet() (Philo Lu)
- ASoC: es8328: fix route from DAC to output (Nicolas Frattaroli)
- net: cadence: macb: Synchronize stats calculations (Sean Anderson)
- sunrpc: suppress warnings for unused procfs functions (Arnd Bergmann)
- batman-adv: Drop unmanaged ELP metric worker (Sven Eckelmann) [Orabug: 37650307] {CVE-2025-21823}
- batman-adv: Ignore neighbor throughput metrics in error case (Sven Eckelmann)
- acct: block access to kernel internal filesystems (Christian Brauner)
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (John Veness)
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (Haoxiang Li) [Orabug: 37702054] {CVE-2025-21848}
- tee: optee: Fix supplicant wait loop (Sumit Garg) [Orabug: 37766233] {CVE-2025-21871}
- power: supply: da9150-fg: fix potential overflow (Andrey Vatoropin)
- flow_dissector: Fix port range key handling in BPF conversion (Cong Wang)
- flow_dissector: Fix handling of mixed port and port-range keys (Cong Wang)
- net: extract port range fields from fl_flow_key (Maksym Glubokiy)
- geneve: Suppress list corruption splat in geneve_destroy_tunnels(). (Kuniyuki Iwashima)
- geneve: Fix use-after-free in geneve_find_dev(). (Kuniyuki Iwashima) [Orabug: 37702088] {CVE-2025-21858}
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (Christophe Leroy) [Orabug: 37702123] {CVE-2025-21866}
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (Christophe Leroy)
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (Michael Ellerman)
- USB: gadget: f_midi: f_midi_complete to call queue_work (Jill Donahue) [Orabug: 37702094] {CVE-2025-21859}
- usb/gadget: f_midi: Replace tasklet with work (Davidlohr Bueso)
- usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API (Allen Pais)
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (Selvarasu Ganesan)
- usb: dwc3: Increase DWC3 controller halt timeout (Wesley Cheng)
- memcg: fix soft lockup in the OOM process (Chen Ridong) [Orabug: 37649599] {CVE-2024-57977}
- mm: update mark_victim tracepoints fields (Carlos Galo)
- crypto: testmgr - some more fixes to RSA test vectors (Ignat Korchagin)
- crypto: testmgr - populate RSA CRT parameters in RSA test vectors (Ignat Korchagin)
- crypto: testmgr - fix version number of RSA tests (Lei He)
- crypto: testmgr - Fix wrong test case of RSA (Lei He)
- crypto: testmgr - fix wrong key length for pkcs1pad (Lei He)
- driver core: bus: Fix double free in driver API bus_register() (Zijun Hu) [Orabug: 37206511] {CVE-2024-50055}
- scsi: storvsc: Set correct data length for sending SCSI command without payload (Long Li)
- vlan: move dev_put into vlan_dev_uninit (Xin Long)
- vlan: introduce vlan_dev_free_egress_priority (Xin Long)
- pps: Fix a use-after-free (Calvin Owens) [Orabug: 37649607] {CVE-2024-57979}
- btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana)
- x86/i8253: Disable PIT timer 0 when not in use (David Woodhouse)
- parport_pc: add support for ASIX AX99100 (Jiaqing Zhao)
- serial: 8250_pci: add support for ASIX AX99100 (Jiaqing Zhao)
- can: ems_pci: move ASIX AX99100 ids to pci_ids.h (Jiaqing Zhao)
- nilfs2: protect access to buffers with no active references (Ryusuke Konishi) [Orabug: 37650248] {CVE-2025-21811}
- nilfs2: do not force clear folio if buffer is referenced (Ryusuke Konishi) [Orabug: 37649878] {CVE-2025-21722}
- nilfs2: do not output warnings when clearing dirty buffers (Ryusuke Konishi)
- alpha: replace hardcoded stack offsets with autogenerated ones (Ivan Kokshaysky)
- ndisc: extend RCU protection in ndisc_send_skb() (Eric Dumazet) [Orabug: 37650045] {CVE-2025-21760}
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (Eric Dumazet) [Orabug: 37650052] {CVE-2025-21761}
- arp: use RCU protection in arp_xmit() (Eric Dumazet) [Orabug: 37650059] {CVE-2025-21762}
- neighbour: use RCU protection in __neigh_notify() (Eric Dumazet) [Orabug: 37650066] {CVE-2025-21763}
- neighbour: delete redundant judgment statements (Li Zetao)
- ndisc: use RCU protection in ndisc_alloc_skb() (Eric Dumazet) [Orabug: 37650072] {CVE-2025-21764}
- ipv6: use RCU protection in ip6_default_advmss() (Eric Dumazet) [Orabug: 37650078] {CVE-2025-21765}
- ipv4: use RCU protection in inet_select_addr() (Eric Dumazet)
- ipv4: use RCU protection in rt_is_expired() (Eric Dumazet)
- net: add dev_net_rcu() helper (Eric Dumazet)
- net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() (Jiri Pirko)
- regmap-irq: Add missing kfree() (Jiasheng Jiang)
- partitions: mac: fix handling of bogus partition table (Jann Horn) [Orabug: 37650105] {CVE-2025-21772}
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (Xu Wang)
- alpha: align stack for page fault and user unaligned trap handlers (Ivan Kokshaysky)
- serial: 8250: Fix fifo underflow on flush (John Keeping)
- alpha: make stack 16-byte aligned (most cases) (Ivan Kokshaysky)
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (Alexander Hölzl)
- can: c_can: fix unbalanced runtime PM disable in error path (Krzysztof Kozlowski)
- USB: serial: option: drop MeiG Smart defines (Johan Hovold)
- USB: serial: option: fix Telit Cinterion FN990A name (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FN990B compositions (Fabio Porcedda)
- USB: serial: option: add MeiG Smart SLM828 (Chester A. Unal)
- usb: cdc-acm: Fix handling of oversized fragments (Jann Horn)
- usb: cdc-acm: Check control transfer buffer size before access (Jann Horn) [Orabug: 37634049] {CVE-2025-21704}
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (Marek Vasut)
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (Alan Stern) [Orabug: 37650120] {CVE-2025-21776}
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (John Keeping) [Orabug: 37685650] {CVE-2025-21835}
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (Mathias Nyman)
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (Huanglei)
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (Huacai Chen)
- usb: dwc2: gadget: remove of_node reference upon udc_stop (Fabrice Gasnier)
- usb: gadget: udc: renesas_usb3: Fix compiler warning (Guo Ren)
- usb: roles: set switch registered flag early on (Elson Roy Serrao)
- batman-adv: fix panic during interface removal (Andy Strohman) [Orabug: 37650144] {CVE-2025-21781}
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (Hans de Goede)
- orangefs: fix a oob in orangefs_debug_write (Mike Marshall) [Orabug: 37650149] {CVE-2025-21782}
- Grab mm lock before grabbing pt lock (Maksym Planeta)
- vfio/pci: Enable iowrite64 and ioread64 for vfio pci (Ramesh Thomas)
- media: cxd2841er: fix 64-bit division on gcc-9 (Arnd Bergmann)
- gpio: bcm-kona: Add missing newline to dev_err format string (Artur Weber)
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (Artur Weber)
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (Artur Weber)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (Radu Rendec) [Orabug: 37650160] {CVE-2025-21785}
- team: better TEAM_OPTION_TYPE_STRING validation (Eric Dumazet) [Orabug: 37650167] {CVE-2025-21787}
- vrf: use RCU protection in l3mdev_l3_out() (Eric Dumazet) [Orabug: 37650181] {CVE-2025-21791}
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (Eric Dumazet)
- HID: multitouch: Add NULL check in mt_input_configured (Charles Han) [Orabug: 37649788] {CVE-2024-58020}
- ocfs2: check dir i_size in ocfs2_find_entry (Su Yue)
- MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static (Yuli Wang)
- ptp: Ensure info->enable callback is always set (Thomas Weißschuh) [Orabug: 37650263] {CVE-2025-21814}
- net/ncsi: wait for the last response to Deselect Package before configuring channel (Paul Fertser)
- misc: fastrpc: Fix registered buffer page address (Ekansh Gupta)
- mtd: onenand: Fix uninitialized retlen in do_otp_read() (Ivan Stepchenko)
- NFC: nci: Add bounds checking in nci_hci_create_pipe() (Dan Carpenter) [Orabug: 37649936] {CVE-2025-21735}
- nilfs2: fix possible int overflows in nilfs_fiemap() (Nikita Zhandarovich) [Orabug: 37649942] {CVE-2025-21736}
- ocfs2: handle a symlink read error correctly (Matthew Wilcox) [Orabug: 37649687] {CVE-2024-58001}
- vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687}
- nvmem: core: improve range check for nvmem_cell_write() (Jennifer Berringer)
- crypto: qce - unregister previously registered algos in error path (Bartosz Golaszewski)
- crypto: qce - fix goto jump in error path (Bartosz Golaszewski)
- media: uvcvideo: Remove redundant NULL assignment (Ricardo Ribalda)
- media: uvcvideo: Fix event flags in uvc_ctrl_send_events (Ricardo Ribalda)
- media: ov5640: fix get_light_freq on auto (Samuel Bobrowicz)
- soc: qcom: smem_state: fix missing of_node_put in error path (Krzysztof Kozlowski)
- kbuild: Move -Wenum-enum-conversion to W=2 (Nathan Chancellor)
- powerpc/pseries/eeh: Fix get PE state translation (Narayana Murty N)
- serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (Claudiu Beznea)
- serial: sh-sci: Drop __initdata macro for port_cfg (Claudiu Beznea)
- soc: qcom: socinfo: Avoid out of bounds read of serial number (Stephan Gerhold) [Orabug: 37649715] {CVE-2024-58007}
- usb: gadget: f_tcm: Don't prepare BOT write request twice (Thinh Nguyen)
- usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (Thinh Nguyen)
- usb: gadget: f_tcm: Decrement command ref count on cleanup (Thinh Nguyen)
- usb: gadget: f_tcm: Translate error to sense (Thinh Nguyen)
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (Marcel Hamer) [Orabug: 37649971] {CVE-2025-21744}
- HID: hid-sensor-hub: don't use stale platform-data on remove (Heiko Stuebner)
- of: reserved-memory: Fix using wrong number of cells to get property 'alignment' (Zijun Hu)
- of: Fix of_find_node_opts_by_path() handling of alias+path+options (Zijun Hu)
- of: Correct child specifier used as input of the 2nd nexus node (Zijun Hu)
- perf bench: Fix undefined behavior in cmpworker() (Kuan-Wei Chiu)
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (Anastasia Belova)
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (Gabor Juhos)
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (Haoxiang Li)
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (David Hildenbrand)
- KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (Sean Christopherson) [Orabug: 37678567] {CVE-2024-58083}
- arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (Jakob Unterwurzacher)
- binfmt_flat: Fix integer overflow bug on 32 bit systems (Dan Carpenter) [Orabug: 37649721] {CVE-2024-58010}
- m68k: vga: Fix I/O defines (Thomas Zimmermann)
- s390/futex: Fix FUTEX_OP_ANDN implementation (Heiko Carstens)
- leds: lp8860: Write full EEPROM, not only half of it (Alexander Sverdlin)
- cpufreq: s3c64xx: Fix compilation warning (Viresh Kumar)
- tun: revert fix group permission check (Willem de Bruijn)
- net: rose: lock the socket in rose_bind() (Eric Dumazet) [Orabug: 37649987] {CVE-2025-21749}
- udp: gso: do not drop small packets when PMTU reduces (Yan Zhai)
- tg3: Disable tg3 PCIe AER on system reboot (Lenny Szubowicz)
- gpu: drm_dp_cec: fix broken CEC adapter properties check (Hans Verkuil)
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (Prasad Pandit)
- nvme: handle connectivity loss in nvme_set_queue_count (Daniel Wagner)
- usb: xhci: Fix NULL pointer dereference on certain command aborts (Michał Pecio) [Orabug: 37649622] {CVE-2024-57981}
- usb: xhci: Add timeout argument in address_device USB HCD callback (Hardik Gajjar)
- net: usb: rtl8150: enable basic endpoint checking (Nikita Zhandarovich) [Orabug: 37649812] {CVE-2025-21708}
- net: usb: rtl8150: use new tasklet API (Emil Renner Berthing)
- tasklet: Introduce new initialization API (Romain Perier)
- kbuild: userprogs: use correct lld when linking through clang (Thomas Weißschuh)
- media: uvcvideo: Remove dangling pointers (Ricardo Ribalda) [Orabug: 37649696] {CVE-2024-58002}
- media: uvcvideo: Only save async fh if success (Ricardo Ribalda)
- nilfs2: handle errors that nilfs_prepare_chunk() may return (Ryusuke Konishi) [Orabug: 37649870] {CVE-2025-21721}
- nilfs2: eliminate staggered calls to kunmap in nilfs_rename (Ryusuke Konishi)
- nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link (Ryusuke Konishi)
- spi-mxs: Fix chipselect glitch (Ralf Schlatterbeck)
- x86/mm: Don't disable PCID when INVLPG has been fixed by microcode (Xi Ruoyao)
- APEI: GHES: Have GHES honor the panic= setting (Borislav Petkov)
- HID: Wacom: Add PCI Wacom device support (Even Xu)
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (Hans de Goede)
- tomoyo: don't emit warning in tomoyo_write_control() (Tetsuo Handa)
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (Dmitry Antipov) [Orabug: 37649750] {CVE-2024-58014}
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (Shawn Lin)
- tun: fix group permission check (Stas Sergeev)
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (Kuan-Wei Chiu) [Orabug: 37649768] {CVE-2024-58017}
- x86/amd_nb: Restrict init function to AMD-based systems (Yazen Ghannam)
- sched: Don't try to catch up excess steal time. (Suleiman Souhlal)
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (Josef Bacik)
- btrfs: fix use-after-free when attempting to join an aborted transaction (Filipe Manana) [Orabug: 37650014] {CVE-2025-21753}
- btrfs: output the reason for open_ctree() failure (Qu Wenruo)
- usb: gadget: f_tcm: Don't free command immediately (Thinh Nguyen) [Orabug: 37678479] {CVE-2024-58055}
- media: uvcvideo: Fix double free in error path (Laurent Pinchart) [Orabug: 37649615] {CVE-2024-57980}
- HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (Alan Stern) [Orabug: 37649644] {CVE-2024-57986}
- usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (Jos Wang)
- drivers/card_reader/rtsx_usb: Restore interrupt based detection (Sean Rhodes)
- ktest.pl: Check kernelrelease return in get_version (Ricardo B. Marliere)
- NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Chuck Lever)
- hexagon: Fix unbalanced spinlock in die() (Lin Yujun)
- hexagon: fix using plain integer as NULL pointer warning in cmpxchg (Willem de Bruijn)
- genksyms: fix memory leak when the same symbol is read from *.symref file (Masahiro Yamada)
- genksyms: fix memory leak when the same symbol is added from source (Masahiro Yamada)
- net: sh_eth: Fix missing rtnl lock in suspend/resume path (Kory Maincent)
- vsock: Allow retrying on connect() failure (Michal Luczaj)
- perf trace: Fix runtime error of index out of bounds (Howard Chu)
- net: davicom: fix UAF in dm9000_drv_remove (Chenyuan Yang) [Orabug: 37649846] {CVE-2025-21715}
- net: rose: fix timer races against user threads (Eric Dumazet) [Orabug: 37649856] {CVE-2025-21718}
- PM: hibernate: Add error handling for syscore_suspend() (Xu Wang)
- ipmr: do not call mr_mfc_uses_dev() for unres entries (Eric Dumazet) [Orabug: 37649862] {CVE-2025-21719}
- net: fec: implement TSO descriptor cleanup (Dheeraj Reddy Jonnalagadda)
- ubifs: skip dumping tnc tree when zroot is null (Pangliyuan) [Orabug: 37678491] {CVE-2024-58058}
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (Oleksij Rempel) [Orabug: 37678517] {CVE-2024-58069}
- dmaengine: ti: edma: fix OF node reference leaks in edma_driver (Joe Hattori)
- module: Extend the preempt disabled section in dereference_symbol_descriptor(). (Sebastian Andrzej Siewior)
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (Su Yue)
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (Guixin Liu)
- scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 (Paul Menzel)
- staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (Joe Hattori)
- media: uvcvideo: Propagate buf->error to userspace (Ricardo Ribalda)
- media: camif-core: Add check for clk_enable() (Jiasheng Jiang)
- media: mipi-csis: Add check for clk_enable() (Jiasheng Jiang)
- PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (Zijun Hu)
- media: lmedm04: Handle errors for lme2510_int_read (Chen Ni)
- media: lmedm04: Use GFP_KERNEL for URB allocation/submission. (Malcolm Priestley)
- media: rc: iguanair: handle timeouts (Oliver Neukum)
- fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (Joe Hattori)
- ARM: dts: mediatek: mt7623: fix IR nodename (Rafał Miłecki)
- arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names (Chen-Yu Tsai)
- arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property (Chen-Yu Tsai)
- rdma/cxgb4: Prevent potential integer overflow on 32bit (Dan Carpenter) [Orabug: 37649564] {CVE-2024-57973}
- RDMA/mlx4: Avoid false error about access to uninitialized gids array (Leon Romanovsky)
- bpf: Send signals asynchronously if !preemptible (Puranjay Mohan) [Orabug: 37649909] {CVE-2025-21728}
- perf report: Fix misleading help message about --demangle (Jiachen Zhang)
- perf top: Don't complain about lack of vmlinux when not resolving some kernel samples (Arnaldo Carvalho de Melo)
- padata: fix sysfs store callback check (Thomas Weißschuh)
- ktest.pl: Remove unused declarations in run_bisect_test function (Ba Jing)
- perf header: Fix one memory leakage in process_bpf_prog_info() (Zhongqiu Han)
- perf header: Fix one memory leakage in process_bpf_btf() (Zhongqiu Han)
- ASoC: sun4i-spdif: Add clock multiplier settings (George Lander)
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (Marco Leogrande)
- net: sched: Disallow replacing of child qdisc from one parent to another (Jamal Hadi Salim) [Orabug: 37592533] {CVE-2025-21700}
- net/mlxfw: Drop hard coded max FW flash image size (Maher Sanalla)
- net: let net.core.dev_weight always be non-zero (Liu Jian) [Orabug: 37650232] {CVE-2025-21806}
- clk: analogbits: Fix incorrect calculation of vco rate delta (Bo Gan)
- selftests: harness: fix printing of mismatch values in __EXPECT() (Dmitry V. Levin)
- selftests/harness: Display signed values correctly (Kees Cook)
- wifi: wlcore: fix unbalanced pm_runtime calls (Andreas Kemnade)
- regulator: of: Implement the unwind path of of_regulator_match() (Joe Hattori)
- team: prevent adding a device which is already a team device lower (Octavian Purdila) [Orabug: 37678523] {CVE-2024-58071}
- cpupower: fix TSC MHz calculation (He Rongguang)
- wifi: rtlwifi: pci: wait for firmware loading before releasing memory (Thadeu Lima de Souza Cascardo)
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path (Thadeu Lima de Souza Cascardo) [Orabug: 37678504] {CVE-2024-58063}
- wifi: rtlwifi: remove unused check_buddy_priv (Thadeu Lima de Souza Cascardo) [Orabug: 37678530] {CVE-2024-58072}
- wifi: rtlwifi: remove unused dualmac control leftovers (Dmitry Antipov)
- wifi: rtlwifi: remove unused timer and related code (Dmitry Antipov)
- rtlwifi: replace usage of found with dedicated list iterator variable (Jakob Koschel)
- dt-bindings: mmc: controller: clarify the address-cells description (Neil Armstrong)
- wifi: rtlwifi: usb: fix workqueue leak when probe fails (Thadeu Lima de Souza Cascardo)
- wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (Thadeu Lima de Souza Cascardo)
- rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg (Larry Finger)
- wifi: rtlwifi: do not complete firmware loading needlessly (Thadeu Lima de Souza Cascardo)
- ipmi: ipmb: Add check devm_kasprintf() returned value (Charles Han) [Orabug: 37678457] {CVE-2024-58051}
- drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (Ivan Stepchenko) [Orabug: 37678463] {CVE-2024-58052}
- drm/etnaviv: Fix page property being used for non writecombine buffers (Sui Jingfeng)
- partitions: ldm: remove the initial kernel-doc notation (Randy Dunlap)
- nbd: don't allow reconnect after disconnect (Yu Kuai) [Orabug: 37649918] {CVE-2025-21731}
- afs: Fix directory format encoding struct (David Howells)
- overflow: Allow mixed type arguments (Kees Cook)
- overflow: Correct check_shl_overflow() comment (Keith Busch)
- overflow: Add __must_check attribute to check_*() helpers (Kees Cook)

[5.4.17-2136.343.2.el7uek]
- rds: ib: Do not attempt to insert RDMA exthdr twice (Håkon Bugge) [Orabug: 37721764]
- net: mana: Fix TX CQE error handling (Haiyang Zhang) [Orabug: 36983924] {CVE-2023-52532}
- net/mlx5: Stop waiting for PCI if pci channel is offline (Moshe Shemesh) [Orabug: 36929747]
- rds: ib: Fix racy send affinity work cancellation (Håkon Bugge) [Orabug: 36605776]
- uek-rpm: install the perf exec dir (Stephen Brennan) [Orabug: 35023180]
- uek-rpm: switch to new secureboot certificates and upgrade shim (Samasth Norway Ananda) [Orabug: 37764002]

[5.4.17-2136.343.1.el7uek]
- rds: ib: Make traffic_class visible to user-space (Håkon Bugge) [Orabug: 37617866]
- rds: ib: Remove incorrect update of the path record sl and qos_class fields (Håkon Bugge) [Orabug: 37617866]
- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Felix Fietkau) [Orabug: 36683418] {CVE-2024-36929}
- udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [Orabug: 36643088] {CVE-2024-35884}
- udp: never accept GSO_FRAGLIST packets (Paolo Abeni) [Orabug: 36643088] {CVE-2024-35884}
- udp: initialize is_flist with 0 in udp_gro_receive (Xin Long) [Orabug: 36643088] {CVE-2024-35884}

[5.4.17-2136.342.5.el7uek]
- ima: Fix use-after-free on a dentry's dname.name (Stefan Berger) [Orabug: 36835558] {CVE-2024-39494}

[5.4.17-2136.342.4.el7uek]
- sched: sch_cake: add bounds checks to host bulk flow fairness counts (Toke Høiland-Jørgensen) [Orabug: 37497384] {CVE-2025-21647}
- udf: Fix use of check_add_overflow() with mixed type arguments (Ben Hutchings)
- x86/xen: allow larger contiguous memory regions in PV guests (Juergen Gross)
- xen: remove a confusing comment on auto-translated guest I/O (Petr Tesarik)
- ALSA: hda/realtek: Fixup ALC225 depop procedure (Kailang Yang)
- ALSA: hda/realtek - Add type for ALC287 (Kailang Yang)
- net: loopback: Avoid sending IP packets without an Ethernet header (Ido Schimmel)
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37611855] {CVE-2025-21703}
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (Heming Zhao)
- Revert "btrfs: avoid monopolizing a core when activating a swap file" (Koichiro Den)
- gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). (Kuniyuki Iwashima) [Orabug: 37707676] {CVE-2025-21865}
- Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (Fedor Pchelkin) [Orabug: 37650394] {CVE-2024-58009}
- rds: Make sure transmit path and connection tear-down does not run concurrently (Håkon Bugge) [Orabug: 36308571]
- NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (Yanjun Zhang) [Orabug: 37206487] {CVE-2024-50046}

[5.4.17-2136.342.3.el7uek]
- LTS tag: v5.4.290 (Alok Tiwari)
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos)
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann)
- drm/v3d: Assign job pointer to NULL before signaling the fence (Maíra Canal) [Orabug: 37707590] {CVE-2025-21688}
- Input: xpad - add support for wooting two he (arm) (Jack Greiner)
- Input: xpad - add unofficial Xbox 360 wireless receiver clone (Nilton Perim Neto)
- Input: atkbd - map F23 key to support default copilot shortcut (Mark Pearson)
- Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (Greg Kroah-Hartman)
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (Qasim Ijaz) [Orabug: 37592080] {CVE-2025-21689}
- ext4: fix slab-use-after-free in ext4_split_extent_at() (Baokun Li) [Orabug: 37200960] {CVE-2024-49884}
- ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path (Theodore Ts'O)
- vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687}
- net/xen-netback: prevent UAF in xenvif_flush_hash() (Jeongjun Park) [Orabug: 37206012] {CVE-2024-49936}
- net: xen-netback: hash.c: Use built-in RCU list checking (Madhuparna Bhowmik)
- signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die (Eric W. Biederman)
- m68k: Add missing mmap_read_lock() to sys_cacheflush() (Liam R Howlett)
- m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal (Al Viro)
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher) [Orabug: 37592129] {CVE-2025-21699}
- irqchip/sunxi-nmi: Add missing SKIP_WAKE flag (Philippe Simons)
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (Xiang Zhang)
- ASoC: wm8994: Add depends on MFD core (Charles Keepax)
- net: fix data-races around sk->sk_forward_alloc (Wang Liang) [Orabug: 37388796] {CVE-2024-53124}
- scsi: sg: Fix slab-use-after-free read in sg_release() (Surajsonawane2415) [Orabug: 37434118] {CVE-2024-56631}
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200707] {CVE-2024-47707}
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal)
- fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel) [Orabug: 37592153] {CVE-2025-21694}
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit)
- nvmet: propagate npwg topology (Luis Chamberlain)
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov)
- kheaders: Ignore silly-rename files (David Howells)
- hfs: Sanity check the root record (Leo Stone)
- mac802154: check local interfaces before deleting sdata list (Lizhi Xu) [Orabug: 37555776] {CVE-2024-57948}
- i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang)
- drm/v3d: Ensure job pointer is set to NULL after job completion (Maíra Canal) [Orabug: 37592115] {CVE-2025-21697}
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter)
- gtp: Destroy device along with udp socket's netns dismantle. (Kuniyuki Iwashima) [Orabug: 37555832] {CVE-2025-21678}
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). (Kuniyuki Iwashima)
- gtp: use exit_batch_rtnl() method (Eric Dumazet)
- net: add exit_batch_rtnl() method (Eric Dumazet)
- net: net_namespace: Optimize the code (Yajun Deng)
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla)
- sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497290] {CVE-2025-21639}
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam) [Orabug: 37485004,37707634] {CVE-2024-57892}
- ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi)
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (Zijun Hu)
- phy: core: fix code style in devm_of_phy_provider_unregister (Vinod Koul)
- arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis)
- arm64: dts: rockchip: add #power-domain-cells to power domain nodes (Johan Jonker)
- arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399 (Johan Jonker)
- arm64: dts: rockchip: fix defines in pd_vio node for rk3399 (Johan Jonker)
- iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori)
- iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori) [Orabug: 37497149] {CVE-2024-57904}
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam)
- iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song)
- iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497160] {CVE-2024-57906}
- iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497169] {CVE-2024-57908}
- iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497179] {CVE-2024-57910}
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497183] {CVE-2024-57911}
- iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497189] {CVE-2024-57912}
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M) [Orabug: 37497196] {CVE-2024-57913}
- usb: fix reference leak in usb_new_device() (Ma Ke)
- USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng)
- USB: usblp: return error when setting unsupported protocol (Yan Jun)
- usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu) [Orabug: 37592120,37497205] {CVE-2024-57915,CVE-2025-21698}
- USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold)
- usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel)
- staging: iio: ad9832: Correct phase range check (Zicheng Qu)
- staging: iio: ad9834: Correct phase range check (Zicheng Qu)
- USB: serial: option: add Neoway N723-EA support (Michal Hrusecky)
- USB: serial: option: add MeiG Smart SRM815 (Chukun Pan)
- drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen)
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede)
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede)
- drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li) [Orabug: 37497225] {CVE-2024-57922}
- sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283] {CVE-2025-21638}
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497303] {CVE-2025-21640}
- dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen) [Orabug: 37506783] {CVE-2025-21664}
- tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington)
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet) [Orabug: 37497346] {CVE-2025-21653}
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan)
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (Jason Xing)
- net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor)
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura)
- dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai)
- dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai)
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai) [Orabug: 37497249] {CVE-2024-57929}
- jbd2: flush filesystem device before updating tail sequence (Zhang Yi)

[5.4.17-2136.342.2.el7uek]
- Revert "NFSD: Limit the number of concurrent async COPY operations" (Sherry Yang) [Orabug: 37660195]
- rds: ib: Avoid sleeping function inside RCU region by using sampled values instead (Håkon Bugge) [Orabug: 37586090]
- dm rq: don't queue request to blk-mq during DM suspend (Ming Lei) [Orabug: 37010188]
- dm: rearrange core declarations for extended use from dm-zone.c (Damien Le Moal) [Orabug: 37010188]

[5.4.17-2136.342.1.el7uek]
- cgroup: Make operations on the cgroup root_list RCU safe (Yafang Shao) [Orabug: 37621585]
- uek: kabi: Fix build error for HIDE_INCLUDE macro (Saeed Mirzamohammadi) [Orabug: 37619102]
- oracleasm: Fix PI when use_logical_block_size is set (Martin K. Petersen) [Orabug: 37503280]
- oracleasm: Add support for per-I/O block size selection (Martin K. Petersen) [Orabug: 37503280]
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882938] {CVE-2023-52450}

[5.4.17-2136.341.3.el7uek]
- io_uring: fix possible deadlock in io_register_iowq_max_workers() (Hagar Hemdan) [Orabug: 36897354,37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (Jens Axboe) [Orabug: 37304721,37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring: use kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- fs: create kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring: rename kiocb_end_write() local helper (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
- vfs: check dentry is still valid in get_link() (Ian Kent) [Orabug: 37536393]
- RDS: avoid queueing delayed work on an offlined cpu (Praveen Kumar Kannoju) [Orabug: 37260584]
- NFSD: Limit the number of concurrent async COPY operations (Chuck Lever) [Orabug: 37206187,37664124] {CVE-2024-49974}

[5.4.17-2136.341.2.el7uek]
- LTS tag: v5.4.289 (Sherry Yang)
- mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (Seiji Nishikawa)
- drm: adv7511: Drop dsi single lane support (Biju Das)
- net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Nikolay Kuratov)
- sky2: Add device ID 11ab:4373 for Marvell 88E8075 (Pascal Hambourg)
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (Evgenii Shatokhin)
- RDMA/uverbs: Prevent integer overflow issue (Dan Carpenter)
- modpost: fix the missed iteration for the max bit in do_input() (Masahiro Yamada)
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (Masahiro Yamada)
- ARC: build: Try to guess GCC variant of cross compiler (Leon Romanovsky)
- irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (Uros Bizjak)
- net: usb: qmi_wwan: add Telit FE910C04 compositions (Daniele Palmas)
- bpf: fix potential error return (Anton Protopopov)
- sound: usb: format: don't warn that raw DSD is unsupported (Adrian Ratiu)
- wifi: mac80211: wake the queues in case of failure in resume (Emmanuel Grumbach)
- ila: serialize calls to nf_register_net_hooks() (Eric Dumazet)
- ALSA: usb-audio: US16x08: Initialize array before use (Tanya Agarwal)
- net: llc: reset skb->transport_header (Antonio Pastor)
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (Pablo Neira Ayuso)
- netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva)
- netrom: check buffer length before accessing it (Ilya Shchipletsov)
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly (Stefan Ekenberg)
- drm: bridge: adv7511: Enable SPDIF DAI (Bogdan Togorean)
- RDMA/bnxt_re: Fix max_qp_wrs reported (Selvin Xavier)
- RDMA/bnxt_re: Fix reporting hw_ver in query_device (Kalesh AP)
- RDMA/bnxt_re: Add check for path mtu in modify_qp (Saravanan Vajravel)
- RDMA/mlx5: Enforce same type port association for multiport RoCE (Patrisious Haddad)
- net/mlx5: Make API mlx5_core_is_ecpf accept const pointer (Parav Pandit)
- IB/mlx5: Introduce and use mlx5_core_is_vf() (Parav Pandit)
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (Michael Kelley)
- selinux: ignore unknown extended permissions (Thiébaud Weksteen)
- ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet)
- skb_expand_head() adjust skb->truesize incorrectly (Vasily Averin)
- btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana)
- tracing: Constify string literal data member in struct trace_event_call (Christian Göttsche)
- bpf: fix recursive lock when verdict program return SK_PASS (Jiayuan Chen)
- ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029070] {CVE-2024-44986}
- ipv6: use skb_expand_head in ip6_xmit (Vasily Averin)
- ipv6: use skb_expand_head in ip6_finish_output2 (Vasily Averin)
- skbuff: introduce skb_expand_head() (Vasily Averin)
- MIPS: Probe toolchain support of -msym32 (Jiaxun Yang)
- epoll: Add synchronous wakeup support for ep_poll_callback (Xuewen Yan)
- virtio-blk: don't keep queue frozen during system suspend (Ming Lei)
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (Ranjan Kumar)
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (Armin Wolf)
- regmap: Use correct format specifier for logging range errors (Mark Brown)
- scsi: megaraid_sas: Fix for a potential deadlock (Tomas Henzl)
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (Magnus Lindholm)
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (Masami Hiramatsu (Google))
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (Chen Ridong) [Orabug: 37452681] {CVE-2024-56767}
- dmaengine: mv_xor: fix child node refcount handling in early exit (Javier Carrasco)
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (Zijun Hu)
- phy: core: Fix that API devm_phy_put() fails to release the phy (Zijun Hu)
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (Zijun Hu)
- phy: core: Fix an OF node refcount leakage in _of_phy_get() (Zijun Hu)
- mtd: diskonchip: Cast an operand to prevent potential overflow (Zichen Xie)
- bpf: Check negative offsets in __bpf_skb_min_len() (Cong Wang)
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (Nikita Zhandarovich) [Orabug: 37452687] {CVE-2024-56769}
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (Zijun Hu)
- of: Fix error path in of_parse_phandle_with_args_map() (Herve Codina)
- udmabuf: also check for F_SEAL_FUTURE_WRITE (Jann Horn)
- nilfs2: prevent use of deleted inode (Edward Adam Davis)
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (Trond Myklebust)
- btrfs: tree-checker: reject inline extent items with 0 ref count (Qu Wenruo)
- zram: refuse to use zero sized block device as backing device (Kairui Song)
- sh: clk: Fix clk_enable() to return 0 on NULL clk (Geert Uytterhoeven)
- USB: serial: option: add Telit FE910C04 rmnet compositions (Daniele Palmas)
- USB: serial: option: add MediaTek T7XX compositions (Jack Wu)
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (Mank Wang)
- USB: serial: option: add MeiG Smart SLM770A (Michal Hrusecky)
- USB: serial: option: add TCL IK512 MBIM & ECM (Daniel Swanemar)
- efivarfs: Fix error on non-existent file (James Bottomley)
- i2c: riic: Always round-up when calculating bus period (Geert Uytterhoeven)
- chelsio/chtls: prevent potential integer overflow on 32bit (Dan Carpenter)
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (Prathamesh Shete)
- netfilter: ipset: Fix for recursive locking warning (Phil Sutter)
- net: ethernet: bgmac-platform: fix an OF node reference leak (Joe Hattori)
- net: hinic: Fix cleanup in create_rxqs/txqs() (Dan Carpenter)
- ionic: use ee->offset when returning sprom data (Shannon Nelson)
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (Guangguan Wang)
- erofs: fix incorrect symlink detection in fast symlink (Gao Xiang)
- erofs: fix order >= MAX_ORDER warning due to crafted negative i_size (Gao Xiang)
- drm/i915: Fix memory leak by correcting cache object name in error handler (Jiasheng Jiang)
- PCI: Add ACS quirk for Broadcom BCM5760X NIC (Ajit Khaparde)
- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (Takashi Iwai)
- PCI/AER: Disable AER service on suspend (Kai-Heng Feng)
- usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled (Peng Hongchi)
- net: sched: fix ordering of qlen adjustment (Lion Ackermann) [Orabug: 37433383] {CVE-2024-53164}

[5.4.17-2136.341.1.el7uek]
- kpcimgr: fix flush_icache_range arguments (Joe Dobosenski) [Orabug: 37525298]
- uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530220]

[5.4.17-2136.340.4.el7uek]
- ftrace: use preempt_enable/disable notrace macros to avoid double fault (Koichiro Den)
- nfsd: restore callback functionality for NFSv4.0 (NeilBrown)
- i2c: pnx: Fix timeout in wait functions (Vladimir Riabchun)
- of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (Zijun Hu)
- af_packet: fix vlan_get_tci() vs MSG_PEEK (Eric Dumazet)
- af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (Eric Dumazet)
- mtd: rawnand: fix double free in atmel_pmecc_create_user() (Dan Carpenter) [Orabug: 37506347] {CVE-2024-56766}

[5.4.17-2136.340.3.el7uek]
- Revert "xen/swiotlb: add alignment check for dma buffers" (Harshvardhan Jha) [Orabug: 37475435]
- vfio/iommu_type1: Fix some sanity checks in detach group (Keqian Zhu) [Orabug: 37136890]
- Revert "vfio/iommu_type1: Fix some sanity checks in detach group" (Dongli Zhang) [Orabug: 37136890]
- rds: ib: Avoid UAF on RDS Socket's rs_trans_lock (Håkon Bugge) [Orabug: 36693622]
- rds: ib: Fix blocked processes related to race in rds_rdma_free_dev_rs_worker() (Håkon Bugge) [Orabug: 36693622]
- rds: ib: Fix deterministic UAF in rds_rdma_free_dev_rs_worker() (Håkon Bugge) [Orabug: 36693622]
- Revert "KVM: SVM: Add a module parameter to override iommu AVIC usage" (Alejandro Jimenez) [Orabug: 35001679]

[5.4.17-2136.340.2.el7uek]
- LTS tag: v5.4.288 (Alok Tiwari)
- ALSA: usb-audio: Fix a DMA to stack memory bug (Dan Carpenter)
- xen/netfront: fix crash when removing device (Juergen Gross) [Orabug: 37427542] {CVE-2024-53240}
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (Raghavendra Rao Ananta)
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (Nathan Chancellor)
- blk-iocost: fix weight updates of inner active iocgs (Tejun Heo)
- blk-iocost: clamp inuse and skip noops in __propagate_weights() (Tejun Heo)
- ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired (Daniil Tatianin)
- net/sched: netem: account for backlog updates from child qdisc (Martin Ottens)
- qca_spi: Make driver probing reliable (Stefan Wahren)
- qca_spi: Fix clock speed for multiple QCA7000 (Stefan Wahren)
- ACPI: resource: Fix memory resource type union access (Ilpo Järvinen)
- net: lapb: increase LAPB_HEADER_LEN (Eric Dumazet) [Orabug: 37434237] {CVE-2024-56659}
- tipc: fix NULL deref in cleanup_bearer() (Eric Dumazet) [Orabug: 37506456] {CVE-2024-56661}
- batman-adv: Do not let TT changes list grows indefinitely (Remi Pommarel)
- batman-adv: Remove uninitialized data in full table TT response (Remi Pommarel)
- batman-adv: Do not send uninitialized TT changes (Remi Pommarel)
- bpf, sockmap: Fix update element with same (Michal Luczaj)
- xfs: don't drop errno values when we fail to ficlone the entire range (Darrick J. Wong)
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (Lianqin Hu) [Orabug: 37434264] {CVE-2024-56670}
- usb: ehci-hcd: fix call balance of clocks handling routines (Vitalii Mordan)
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (Stefan Wahren)
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (Joe Hattori)
- usb: host: max3421-hcd: Correctly abort a USB request. (Mark Tomlinson)
- LTS tag: v5.4.287 (Alok Tiwari)
- bpf, xdp: Update devmap comments to reflect napi/rcu usage (John Fastabend)
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Takashi Iwai) [Orabug: 37427489] {CVE-2024-53150}
- PCI: rockchip-ep: Fix address translation unit programming (Damien Le Moal)
- Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" (Zhang Zekun)
- modpost: Add .irqentry.text to OTHER_SECTIONS (Thomas Gleixner)
- jffs2: Fix rtime decompressor (Richard Weinberger)
- jffs2: Prevent rtime decompress memory corruption (Kinsey Moore)
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (Kunkun Jiang)
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (Kunkun Jiang)
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (Jing Zhang)
- perf/x86/intel/pt: Fix buffer full but size is 0 case (Adrian Hunter)
- bpf: fix OOB devmap writes when deleting elements (Maciej Fijalkowski) [Orabug: 37434047] {CVE-2024-56615}
- xdp: Simplify devmap cleanup (Björn Töpel)
- misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle (Parker Newman)
- powerpc/prom_init: Fixup missing powermac #size-cells (Michael Ellerman)
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set (Xu Yang)
- i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock (Defa Li)
- PCI: Add ACS quirk for Wangxun FF5xxx NICs (Mengyuan Lou)
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge (Keith Busch)
- f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. (Qi Han) [Orabug: 37433861] {CVE-2024-56586}
- nvdimm: rectify the illogical code within nd_dax_probe() (Yi Yang)
- pinctrl: qcom-pmic-gpio: add support for PM8937 (Barnabás Czémán)
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (Kai Mäkisara)
- scsi: st: Don't modify unknown block number in MTIOCGET (Kai Mäkisara)
- leds: class: Protect brightness_show() with led_cdev->led_access mutex (Mukesh Ojha) [Orabug: 37433869] {CVE-2024-56587}
- tracing: Use atomic64_inc_return() in trace_clock_counter() (Uros Bizjak)
- netpoll: Use rcu_access_pointer() in __netpoll_setup (Breno Leitao)
- net/neighbor: clear error in case strict check is not set (Jakub Kicinski)
- rocker: fix link status detection in rocker_carrier_init() (Dmitry Antipov)
- ASoC: hdmi-codec: reorder channel allocation list (Jonas Karlman)
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (Hilda Wu)
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (Norbert van Bolhuis) [Orabug: 37433908] {CVE-2024-56593}
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment (Jiapeng Chong)
- drm/amdgpu: set the right AMDGPU sg segment limitation (Prike Liang) [Orabug: 37433914] {CVE-2024-56594}
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (Nihar Chaithanya) [Orabug: 37433920] {CVE-2024-56595}
- jfs: fix array-index-out-of-bounds in jfs_readdir (Ghanshyam Agrawal) [Orabug: 37433928] {CVE-2024-56596}
- jfs: fix shift-out-of-bounds in dbSplit (Ghanshyam Agrawal) [Orabug: 37433934] {CVE-2024-56597}
- jfs: array-index-out-of-bounds fix in dtReadFirst (Ghanshyam Agrawal) [Orabug: 37433941] {CVE-2024-56598}
- wifi: ath5k: add PCI ID for Arcadyan devices (Rosen Penev)
- wifi: ath5k: add PCI ID for SX76X (Rosen Penev)
- net: inet6: do not leave a dangling sk pointer in inet6_create() (Ignat Korchagin) [Orabug: 37433955] {CVE-2024-56600}
- net: inet: do not leave a dangling sk pointer in inet_create() (Ignat Korchagin) [Orabug: 37433962] {CVE-2024-56601}
- net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (Ignat Korchagin) [Orabug: 37433970] {CVE-2024-56602}
- net: af_can: do not leave a dangling sk pointer in can_create() (Ignat Korchagin) [Orabug: 37433977] {CVE-2024-56603}
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (Ignat Korchagin) [Orabug: 37433990] {CVE-2024-56605}
- af_packet: avoid erroring out after sock_init_data() in packet_create() (Ignat Korchagin) [Orabug: 37433996] {CVE-2024-56606}
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (Elena Salomatkina)
- net: ethernet: fs_enet: Use %pa to format resource_size_t (Simon Horman)
- net: fec_mpc52xx_phy: Use %pa to format resource_size_t (Simon Horman)
- samples/bpf: Fix a resource leak (Zhu Jun)
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (Igor Artemiev)
- drm/mcde: Enable module autoloading (Liao Chen)
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (Joaquín Ignacio Aramendía)
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (Rohan Barar)
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (David Given)
- s390/cpum_sf: Handle CPU hotplug remove during sampling (Thomas Richter)
- mmc: core: Further prevent card detect during shutdown (Ulf Hansson)
- regmap: detach regmap from dev on regmap_exit (Cosmin Tanislav)
- dma-buf: fix dma_fence_array_signaled v4 (Christian König)
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (Liequan Che)
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37434065] {CVE-2024-56619}
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (Saurav Kashyap)
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (Anil Gurumurthy)
- scsi: qla2xxx: Fix NVMe and NPIV connect issue (Quinn Tran)
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (Wengang Wang)
- tracing: Fix cmp_entries_dup() to respect sort() comparison rules (Kuan-Wei Chiu)
- HID: wacom: fix when get product name maybe null pointer (WangYuli) [Orabug: 37434108] {CVE-2024-56629}
- bpf: Fix exact match conditions in trie_get_next_key() (Hou Tao)
- bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie (Hou Tao)
- ocfs2: free inode when ocfs2_get_init_inode() fails (Tetsuo Handa) [Orabug: 37434113] {CVE-2024-56630}
- spi: mpc52xx: Add cancel_work_sync before module remove (Pei Xiao)
- tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (Zijian Zhang) [Orabug: 37434127] {CVE-2024-56633}
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (Pei Xiao)
- gpio: grgpio: Add NULL check in grgpio_probe (Charles Han) [Orabug: 37434131] {CVE-2024-56634}
- gpio: grgpio: use a helper variable to store the address of ofdev->dev (Bartosz Golaszewski)
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (Eric Biggers)
- x86/asm: Reorder early variables (Jiri Slaby)
- xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (Qiu-ji Chen) [Orabug: 37433540] {CVE-2024-53198}
- xen/xenbus: fix locking (Juergen Gross)
- xenbus/backend: Protect xenbus callback with lock (SeongJae Park)
- xenbus/backend: Add memory pressure handler callback (SeongJae Park)
- xen/xenbus: reference count registered modules (Paul Durrant)
- netfilter: nft_set_hash: skip duplicated elements pending gc run (Pablo Neira Ayuso)
- netfilter: ipset: Hold module reference while requesting a module (Phil Sutter) [Orabug: 37434143] {CVE-2024-56637}
- igb: Fix potential invalid memory access in igb_init_module() (Yuan Can)
- net/qed: allow old cards not supporting "num_images" to work (Louis Leseur)
- tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (Kuniyuki Iwashima) [Orabug: 37434161] {CVE-2024-56642}
- tipc: add new AEAD key structure for user API (Tuong Lien)
- tipc: enable creating a "preliminary" node (Tuong Lien)
- tipc: add reference counter to bearer (Tuong Lien)
- dccp: Fix memory leak in dccp_feat_change_recv (Ivan Solodovnikov) [Orabug: 37434167] {CVE-2024-56643}
- can: j1939: j1939_session_new(): fix skb reference counting (Dmitry Antipov)
- net/sched: tbf: correct backlog statistic for GSO packets (Martin Ottens)
- netfilter: x_tables: fix LED ID check in led_tg_check() (Dmitry Antipov) [Orabug: 37434200] {CVE-2024-56650}
- ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (Jinghao Jia)
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (Dario Binacchi)
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (Dario Binacchi)
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (Yassine Oudjana)
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (Oleksandr Ocheretnyi)
- drm/etnaviv: flush shader L1 cache after user commandstream (Lucas Stach)
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (Yang Erkun)
- nfsd: make sure exp active before svc_export_show (Yang Erkun) [Orabug: 37433745] {CVE-2024-56558}
- dm thin: Add missing destroy_work_on_stack() (Yuan Can)
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (Frank Li) [Orabug: 37433756] {CVE-2024-56562}
- util_macros.h: fix/rework find_closest() macros (Alexandru Ardelean)
- ad7780: fix division by zero in ad7780_write_raw() (Zicheng Qu) [Orabug: 37433772] {CVE-2024-56567}
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (Gabor Juhos)
- ftrace: Fix regression with module command in stack_trace_filter (guoweikang) [Orabug: 37433784] {CVE-2024-56569}
- ovl: Filter invalid inodes with missing lookup function (Vasiliy Kovalev) [Orabug: 37433789] {CVE-2024-56570}
- media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (Gaosheng Cui) [Orabug: 37433798] {CVE-2024-56572}
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (Jinjie Ruan)
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (Jinjie Ruan)
- media: ts2020: fix null-ptr-deref in ts2020_probe() (Li Zetao) [Orabug: 37433805] {CVE-2024-56574}
- media: i2c: tc358743: Fix crash in the probe error path when using polling (Alexander Shiyan) [Orabug: 37433817] {CVE-2024-56576}
- btrfs: ref-verify: fix use-after-free after invalid ref action (Filipe Manana) [Orabug: 37433832] {CVE-2024-56581}
- quota: flush quota_release_work upon quota writeback (Ojaswin Mujoo)
- ASoC: fsl_micfil: fix the naming style for mask definition (Shengjiu Wang)
- sh: intc: Fix use-after-free bug in register_intc_controller() (Dan Carpenter) [Orabug: 37433393] {CVE-2024-53165}
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (Liu Jian) [Orabug: 37434314] {CVE-2024-56688}
- SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE (Trond Myklebust)
- SUNRPC: correct error code comment in xs_tcp_setup_socket() (Calum Mackay)
- modpost: remove incorrect code in do_eisa_entry() (Masahiro Yamada)
- rtc: ab-eoz9: don't fail temperature reads on undervoltage notification (Maxime Chevallier)
- 9p/xen: fix release of IRQ (Alex Zenla) [Orabug: 37434374] {CVE-2024-56704}
- 9p/xen: fix init sequence (Alex Zenla)
- block: return unsigned int from bdev_io_min (Christoph Hellwig)
- jffs2: fix use of uninitialized variable (Qingfang Deng)
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (Waqar Hameed) [Orabug: 37433414] {CVE-2024-53171}
- ubi: fastmap: Fix duplicate slab cache names while attaching (Zhihao Cheng) [Orabug: 37433419] {CVE-2024-53172}
- ubifs: Correct the total block count by deducting journal reservation (Zhihao Cheng)
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (Yongliang Gao) [Orabug: 37434456] {CVE-2024-56739}
- rtc: abx80x: Fix WDT bit position of the status register (Nobuhiro Iwamatsu)
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (Trond Myklebust) [Orabug: 37433426] {CVE-2024-53173}
- um: Always dump trace for specified task in show_stack (Tiwei Bie)
- um: Clean up stacktrace dump (Johannes Berg)
- um: add show_stack_loglvl() (Dmitry Safonov)
- um/sysrq: remove needless variable sp (Dmitry Safonov)
- um: Fix the return value of elf_core_copy_task_fpregs (Tiwei Bie)
- um: Fix potential integer overflow during physmem setup (Tiwei Bie) [Orabug: 37427464] {CVE-2024-53145}
- rpmsg: glink: Propagate TX failures in intentless mode as well (Bjorn Andersson)
- SUNRPC: make sure cache entry active before cache_show (Yang Erkun) [Orabug: 37433433] {CVE-2024-53174}
- NFSD: Prevent a potential integer overflow (Chuck Lever) [Orabug: 37427470] {CVE-2024-53146}
- lib: string_helpers: silence snprintf() output truncation warning (Bartosz Golaszewski)
- usb: dwc3: gadget: Fix checking for number of TRBs left (Thinh Nguyen)
- ALSA: hda/realtek: Apply quirk for Medion E15433 (Takashi Iwai)
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (Dinesh Kumar)
- ALSA: hda/realtek: Set PCBeep to default value for ALC274 (Kailang Yang)
- ALSA: hda/realtek: Update ALC225 depop procedure (Kailang Yang)
- media: wl128x: Fix atomicity violation in fmc_send_cmd() (Qiu-ji Chen) [Orabug: 37434358] {CVE-2024-56700}
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (Jason Gerecke)
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (Muchun Song)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (Will Deacon)
- sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (Huacai Chen)
- um: vector: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433467] {CVE-2024-53181}
- serial: 8250: omap: Move pm_runtime_get_sync (Bin Liu)
- um: net: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433475] {CVE-2024-53183}
- um: ubd: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433484] {CVE-2024-53184}
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (Zhihao Cheng)
- spi: Fix acpi deferred irq probe (Stanislaw Gruszka)
- netfilter: ipset: add missing range check in bitmap_ip_uadt (Jeongjun Park) [Orabug: 37388867] {CVE-2024-53141}
- Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" (Greg Kroah-Hartman)
- serial: sh-sci: Clean sci_ports[0] after at earlycon exit (Claudiu Beznea)
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (Andrej Shadura)
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (Nicolas Bouchinet)
- comedi: Flush partial mappings in error case (Jann Horn) [Orabug: 37427482] {CVE-2024-53148}
- PCI: Fix use-after-free of slot->bus on hot remove (Lukas Wunner) [Orabug: 37433516] {CVE-2024-53194}
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (Qiu-ji Chen)
- jfs: xattr: check invalid xattr size more strictly (Artem Sadovnikov)
- ext4: fix FS_IOC_GETFSMAP handling (Theodore Ts'o)
- ext4: supress data-race warnings in ext4_free_inodes_{count,set}() (Jeongjun Park)
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Benoît Sevens) [Orabug: 37433532] {CVE-2024-53197}
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (Manikanta Mylavarapu)
- usb: ehci-spear: fix call balance of sehci clk handling routines (Vitalii Mordan)
- apparmor: fix 'Do simple duplicate message elimination' (chao liu)
- staging: greybus: uart: clean up TIOCGSERIAL (Johan Hovold)
- misc: apds990x: Fix missing pm_runtime_disable() (Jinjie Ruan)
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock (Edward Adam Davis)
- USB: chaoskey: fail open after removal (Oliver Neukum)
- usb: yurex: make waiting on yurex_write interruptible (Oliver Neukum)
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (Jeongjun Park)
- ipmr: fix tables suspicious RCU usage (Paolo Abeni)
- ipmr: convert /proc handlers to rcu_read_lock() (Eric Dumazet)
- net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken (Maxime Chevallier)
- marvell: pxa168_eth: fix call balance of pep->clk handling routines (Vitalii Mordan)
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (Oleksij Rempel)
- tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets (Pavan Chebbi)
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (Oleksij Rempel)
- power: supply: core: Remove might_sleep() from power_supply_put() (Bart Van Assche)
- vfio/pci: Properly hide first-in-list PCIe extended capability (Avihai Horon) [Orabug: 37433578] {CVE-2024-53214}
- NFSD: Fix nfsd4_shutdown_copy() (Chuck Lever)
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (Chuck Lever)
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (Chuck Lever) [Orabug: 37433594] {CVE-2024-53217}
- rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length (Jonathan Marek)
- rpmsg: glink: Fix GLINK command prefix (Bjorn Andersson)
- rpmsg: glink: Send READ_NOTIFY command in FIFO full case (Arun Kumar Neelakantam)
- rpmsg: glink: Add TX_DATA_CONT command while sending (Arun Kumar Neelakantam)
- perf trace: Avoid garbage when not printing a syscall's arguments (Benjamin Peterson)
- perf trace: Do not lose last events in a race (Benjamin Peterson)
- m68k: coldfire/device.c: only build FEC when HW macros are defined (Antonio Quartulli)
- m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x (Jean-Michel Hautbois)
- PCI: cpqphp: Fix PCIBIOS_* return value confusion (Ilpo Järvinen)
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (weiyufeng)
- perf probe: Correct demangled symbols in C++ program (Leo Yan)
- perf cs-etm: Don't flush when packet_queue fills up (James Clark)
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock (Nuno Sa)
- clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand (Alexandru Ardelean)
- dt-bindings: clock: axi-clkgen: include AXI clk (Nuno Sa)
- dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format (Alexandru Ardelean)
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (Zhen Lei) [Orabug: 37434478] {CVE-2024-56746}
- fbdev/sh7760fb: Alloc DMA memory from hardware device (Thomas Zimmermann)
- powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static (Michal Suchanek)
- ocfs2: fix uninitialized value in ocfs2_file_read_iter() (Dmitry Antipov) [Orabug: 37427503] {CVE-2024-53155}
- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (Zhen Lei) [Orabug: 37434484] {CVE-2024-56747}
- scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (Zhen Lei) [Orabug: 37434489] {CVE-2024-56748}
- scsi: fusion: Remove unused variable 'rc' (Zeng Heng)
- scsi: bfa: Fix use-after-free in bfad_im_module_exit() (Ye Bin) [Orabug: 37433630] {CVE-2024-53227}
- mfd: rt5033: Fix missing regmap_del_irq_chip() (Zhang Changzhong)
- mtd: rawnand: atmel: Fix possible memory leak (Miquel Raynal)
- cpufreq: loongson2: Unregister platform_driver on failure (Yuan Can)
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (Andy Shevchenko) [Orabug: 37434429] {CVE-2024-56723}
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (Andy Shevchenko) [Orabug: 37434434] {CVE-2024-56724}
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (Andy Shevchenko) [Orabug: 37434330] {CVE-2024-56691}
- mfd: intel_soc_pmic_bxtwc: Use dev_err_probe() (Andy Shevchenko)
- mfd: da9052-spi: Change read-mask to write-mask (Marcus Folkesson)
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (Jinjie Ruan)
- trace/trace_event_perf: remove duplicate samples on the first tracepoint event (Levi Yun)
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock (Breno Leitao)
- ALSA: 6fire: Release resources at card release (Takashi Iwai) [Orabug: 37433660] {CVE-2024-53239}
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (Takashi Iwai) [Orabug: 37433666] {CVE-2024-56531}
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (Takashi Iwai) [Orabug: 37433672] {CVE-2024-56532}
- net: rfkill: gpio: Add check for clk_enable() (Mingwei Zheng)
- selftests: net: really check for bg process completion (Paolo Abeni)
- bpf, sockmap: Fix sk_msg_reset_curr (Zijian Zhang)
- bpf, sockmap: Several fixes to bpf_msg_pop_data (Zijian Zhang)
- bpf, sockmap: Several fixes to bpf_msg_push_data (Zijian Zhang)
- drm/etnaviv: hold GPU lock across perfmon sampling (Lucas Stach)
- drm/etnaviv: fix power register offset on GC300 (Doug Brown)
- drm/etnaviv: dump: fix sparse warnings (Marc Kleine-Budde)
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- drm/panfrost: Remove unused id_mask from struct panfrost_model (Steven Price)
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (Alper Nebi Yasak) [Orabug: 37433695] {CVE-2024-56539}
- bpf: Fix the xdp_adjust_tail sample prog issue (Yuan Chen)
- ASoC: fsl_micfil: fix regmap_write_bits usage (Shengjiu Wang)
- ASoC: fsl_micfil: use GENMASK to define register bit fields (Sascha Hauer)
- ASoC: fsl_micfil: do not define SHIFT/MASK for single bits (Sascha Hauer)
- ASoC: fsl_micfil: Drop unnecessary register read (Sascha Hauer)
- dt-bindings: vendor-prefixes: Add NeoFidelity, Inc (Igor Prusov)
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- drm/omap: Fix locking in omap_gem_new_dmabuf() (Tomi Valkeinen)
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (Jeongjun Park) [Orabug: 37427509] {CVE-2024-53156}
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (Andy Shevchenko)
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (Luo Qiu) [Orabug: 37427515] {CVE-2024-53157}
- regmap: irq: Set lockdep class for hierarchical IRQ domains (Andy Shevchenko)
- ARM: dts: cubieboard4: Fix DCDC5 regulator constraints (Andre Przywara)
- tpm: fix signed/unsigned bug when checking event logs (Gregory Price)
- efi/tpm: Pass correct address to memblock_reserve (Jerry Snitselaar)
- mmc: mmc_spi: drop buggy snprintf() (Bartosz Golaszewski)
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (Dan Carpenter) [Orabug: 37427524] {CVE-2024-53158}
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
- time: Fix references to _msecs_to_jiffies() handling of values (Miguel Ojeda)
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (Christophe JAILLET)
- crypto: bcm - add error check in the ahash_hmac_init function (Chen Ridong) [Orabug: 37434298] {CVE-2024-56681}
- crypto: cavium - Fix the if condition to exit loop after timeout (Everest K.C)
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (Yi Yang) [Orabug: 37434323] {CVE-2024-56690}
- EDAC/fsl_ddr: Fix bad bit shift operations (Priyanka Singh)
- EDAC/bluefield: Fix potential integer overflow (David Thompson) [Orabug: 37427533] {CVE-2024-53161}
- firmware: google: Unregister driver_info on failure (Yuan Can)
- firmware: google: Unregister driver_info on failure and exit in gsmi (Arthur Heymans)
- hfsplus: don't query the device logical block size multiple times (Thadeu Lima de Souza Cascardo) [Orabug: 37433720] {CVE-2024-56548}
- s390/syscalls: Avoid creation of arch/arch/ directory (Masahiro Yamada)
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (Aleksandr Mishin)
- m68k: mvme147: Reinstate early console (Daniel Palmer)
- m68k: mvme16x: Add and use "mvme16x.h" (Geert Uytterhoeven)
- m68k: mvme147: Fix SCSI controller IRQ numbers (Daniel Palmer)
- nvme-pci: fix freeing of the HMB descriptor table (Christoph Hellwig) [Orabug: 37434510] {CVE-2024-56756}
- initramfs: avoid filename buffer overrun (David Disseldorp) [Orabug: 37388874] {CVE-2024-53142}
- mips: asm: fix warning when disabling MIPS_FP_SUPPORT (Jonas Gorski)
- x86/xen/pvh: Annotate indirect branch as safe (Josh Poimboeuf)
- nvme: fix metadata handling in nvme-passthrough (Puranjay Mohan)
- cifs: Fix buffer overflow when parsing NFS reparse points (Pali Rohár) [Orabug: 37206284] {CVE-2024-49996}
- ipmr: Fix access to mfc_cache_list without lock held (Breno Leitao)
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (David Wang)
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (Luo Yifan)
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (Luo Yifan)
- regulator: rk808: Add apply_bit for BUCK3 on RK809 (Mikhail Rudenko)
- soc: qcom: Add check devm_kasprintf() returned value (Charles Han)
- net: usb: qmi_wwan: add Quectel RG650V (Benoît Monin)
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (Arnd Bergmann)
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (Piyush Raj Chouhan)
- selftests/watchdog-test: Fix system accidentally reset after watchdog-test (Li Zhijian)
- mac80211: fix user-power when emulating chanctx (Ben Greear)
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (Hans de Goede)
- kbuild: Use uname for LINUX_COMPILE_HOST detection (Chris Down)
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (Mauro Carvalho Chehab)
- nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (Ryusuke Konishi) [Orabug: 37388819] {CVE-2024-53130}
- ocfs2: fix UBSAN warning in ocfs2_verify_volume() (Dmitry Antipov)
- nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (Ryusuke Konishi) [Orabug: 37388825] {CVE-2024-53131}
- KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (Sean Christopherson) [Orabug: 37388846] {CVE-2024-53135}
- ocfs2: uncache inode which has failed entering the group (Dmitry Antipov) [Orabug: 37388753] {CVE-2024-53112}
- net/mlx5e: kTLS, Fix incorrect page refcounting (Dragos Tatulea)
- net/mlx5: fs, lock FTE when checking if active (Mark Bloch)
- netlink: terminate outstanding dump on socket close (Jakub Kicinski) [Orabug: 37388861] {CVE-2024-53140}
- LTS tag: v5.4.286 (Alok Tiwari)
- 9p: fix slab cache name creation for real (Linus Torvalds)
- md/raid10: improve code of mrdev in raid10_sync_request (Li Nan)
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (Reinhard Speyerer)
- fs: Fix uninitialized value issue in from_kuid and from_kgid (Alessandro Zanni) [Orabug: 37331928] {CVE-2024-53101}
- powerpc/powernv: Free name on error in opal_event_init() (Michael Ellerman)
- sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML (Julian Vetter)
- bpf: use kvzmalloc to allocate BPF verifier environment (Rik van Riel)
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (WangYuli)
- 9p: Avoid creating multiple slab caches with the same name (Pedro Falcato)
- ALSA: usb-audio: Add endianness annotations (Jan Schär)
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Hyunwoo Kim) [Orabug: 37298681] {CVE-2024-50264}
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (Hyunwoo Kim) [Orabug: 37344480] {CVE-2024-53103}
- ftrace: Fix possible use-after-free issue in ftrace_location() (Zheng Yejian) [Orabug: 36753574] {CVE-2024-38588}
- NFSD: Fix NFSv4's PUTPUBFH operation (Chuck Lever)
- ALSA: usb-audio: Add quirks for Dell WD19 dock (Jan Schär)
- ALSA: usb-audio: Support jack detection on Dell dock (Jan Schär)
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (Andrew Kanner) [Orabug: 37298685] {CVE-2024-50265}
- irqchip/gic-v3: Force propagation of the active state with a read-back (Marc Zyngier)
- USB: serial: option: add Quectel RG650V (Benoît Monin)
- USB: serial: option: add Fibocom FG132 0x0112 composition (Reinhard Speyerer)
- USB: serial: qcserial: add support for Sierra Wireless EM86xx (Jack Wu)
- USB: serial: io_edgeport: fix use after free in debug printk (Dan Carpenter) [Orabug: 37298695] {CVE-2024-50267}
- usb: musb: sunxi: Fix accessing an released usb phy (Zijun Hu) [Orabug: 37298703] {CVE-2024-50269}
- fs/proc: fix compile warning about variable 'vmcore_mmap_ops' (Qi Xi)
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (Benoit Sevens) [Orabug: 37344485] {CVE-2024-53104}
- net: bridge: xmit: make sure we have at least eth header len bytes (Nikolay Aleksandrov) [Orabug: 36753372] {CVE-2024-38538}
- spi: fix use-after-free of the add_lock mutex (Michael Walle)
- spi: Fix deadlock when adding SPI controllers on SPI buses (Mark Brown)
- mtd: rawnand: protect access to rawnand devices while in suspend (Sean Nyekjaer)
- btrfs: reinitialize delayed ref list after deleting it from the list (Filipe Manana) [Orabug: 37298715] {CVE-2024-50273}
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (Roberto Sassu) [Orabug: 37304779] {CVE-2024-53066}
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (Zichen Xie)
- dm cache: fix potential out-of-bounds access on the first resume (Ming-Hung Tsai) [Orabug: 37298732] {CVE-2024-50278}
- dm cache: optimize dirty bit checking with find_next_bit when resizing (Ming-Hung Tsai)
- dm cache: fix out-of-bounds access to the dirty bitset when resizing (Ming-Hung Tsai) [Orabug: 37298737] {CVE-2024-50279}
- dm cache: correct the number of origin blocks to match the target length (Ming-Hung Tsai)
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (Alex Deucher) [Orabug: 37298751] {CVE-2024-50282}
- pwm: imx-tpm: Use correct MODULO value for EPWM mode (Erik Schumacher)
- media: v4l2-tpg: prevent the risk of a division by zero (Mauro Carvalho Chehab) [Orabug: 37298782] {CVE-2024-50287}
- media: cx24116: prevent overflows on SNR calculus (Mauro Carvalho Chehab) [Orabug: 37298797] {CVE-2024-50290}
- media: s5p-jpeg: prevent buffer overflows (Mauro Carvalho Chehab) [Orabug: 37304763] {CVE-2024-53061}
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (Murad Masimov)
- media: adv7604: prevent underflow condition when reporting colorspace (Mauro Carvalho Chehab)
- media: dvb_frontend: don't play tricks with underflow values (Mauro Carvalho Chehab)
- media: dvbdev: prevent the risk of out of memory access (Mauro Carvalho Chehab) [Orabug: 37304769] {CVE-2024-53063}
- media: stb0899_algo: initialize cfr before using it (Mauro Carvalho Chehab)
- net: hns3: fix kernel crash when uninstalling driver (Peiyang Wang) [Orabug: 37298811] {CVE-2024-50296}
- can: c_can: fix {rx,tx}_errors statistics (Dario Binacchi)
- sctp: properly validate chunk size in sctp_sf_ootb() (Xin Long) [Orabug: 37298820] {CVE-2024-50299}
- net: enetc: set MAC address to the VF net_device (Wei Fang)
- enetc: simplify the return expression of enetc_vf_set_mac_addr() (Qinglang Miao)
- security/keys: fix slab-out-of-bounds in key_task_permission (Chen Ridong) [Orabug: 37298827] {CVE-2024-50301}
- HID: core: zero-initialize the report buffer (Jiri Kosina) [Orabug: 37298834] {CVE-2024-50302}
- ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin (Heiko Stuebner)
- ARM: dts: rockchip: Fix the spi controller on rk3036 (Heiko Stuebner)
- ARM: dts: rockchip: drop grf reference from rk3036 hdmi (Heiko Stuebner)
- ARM: dts: rockchip: fix rk3036 acodec node (Heiko Stuebner)
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (Heiko Stuebner)
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (Heiko Stuebner)
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (Diederik de Haas)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (Geert Uytterhoeven)

[5.4.17-2136.340.1.el7uek]
- rds/ib: avoid scq/rcq polling during rds connection shutdown (Arumugam Kolappan) [Orabug: 37092563]
- RDMA/mlx5: Send UAR page index as ioctl attribute (Akiva Goldberger) [Orabug: 37029739]
- RDMA: Pass entire uverbs attr bundle to create cq function (Akiva Goldberger) [Orabug: 37029739]
- IB/uverbs: Enable CQ ioctl commands by default (Yishai Hadas) [Orabug: 37029739]

[5.4.17-2136.339.5.el7uek]
- tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() (Nikolay Kuratov)
- vhost_scsi: log write descriptors (Dongli Zhang) [Orabug: 37393533]
- vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang) [Orabug: 37393533]

[5.4.17-2136.339.4.el7uek]
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (Kashyap Desai)
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" (Aurelien Jarno)
- mm: revert "mm: shmem: fix data-race in shmem_getattr()" (Andrew Morton)
- net/ipv6: release expired exception dst cached in socket (Jiri Wiesner) [Orabug: 37434173] {CVE-2024-56644}
- Revert "unicode: Don't special case ignorable code points" (Linus Torvalds)
- powerpc/vdso: Flag VDSO64 entry points as functions (Christophe Leroy)
- Revert "usb: gadget: composite: fix OS descriptors w_value logic" (Michal Vrastil)

[5.4.17-2136.339.3.el7uek]
- Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37364531]
- rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 (William Kucharski) [Orabug: 37265127]
- rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation (William Kucharski) [Orabug: 37265125]
- rds: rds_message_alloc() needlessly zeroes m_used_sgs (William Kucharski) [Orabug: 37265123]
- rds: tracepoint in rds_receive_csum_err() prints pointless information (William Kucharski) [Orabug: 37265121]
- rds: rds_inc_init() should initialize the inc->i_conn_path field (William Kucharski) [Orabug: 37265117]
- rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption (William Kucharski) [Orabug: 37265115]
- md/raid10: fix task hung in raid10d (Li Nan) [Orabug: 37126683]
- md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (Yu Kuai) [Orabug: 37126683]
- md/raid10: avoid deadlock on recovery. (Vitaly Mayatskikh) [Orabug: 37126683]

[5.4.17-2136.339.2.el7uek]
- arm64/cpu_errata: Spectre-BHB mitigation for AMPERE1 expects a loop of 11 iterations. (Miguel Luis) [Orabug: 37027863]

[5.4.17-2136.339.1.el7uek]
- net/rds: report pending-messages count in RDS_INQ response (Devesh Sharma) [Orabug: 35596047] [Orabug: 35316633]
- net/rds: Introduce RDS-INQ feature to RDS protocol (Devesh Sharma) [Orabug: 35316632] [Orabug: 37109336]
- net/rds: Supporting SIOCOUTQ to read pending sends (Devesh Sharma) [Orabug: 34460809] [Orabug: 37072814]
- mm/memory-failure: pass the folio and the page to collect_procs() (Matthew Wilcox (Oracle)) [Orabug: 37270264]
- KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD (Sean Christopherson) [Orabug: 37273706]
- KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding (Sean Christopherson) [Orabug: 37273706]
- objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 37273706] {CVE-2022-29901}
- x86/spec_ctrl: AMD AutoIBRS cannot be dynamically enabled or disabled (Alexandre Chartre) [Orabug: 37310552]
- x86/msr: Add functions to set/clear the bit of an MSR on all cpus (Alexandre Chartre) [Orabug: 37310552]

.NET updates for AlmaLinux

Linux Kernel, Kubernetes, Thunderbird, Openidc, Python, Java updates for SUSE

Kernel, ModSecurity, Grafana, and more updates for Oracle Linux

ELSA-2025-20368 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

ELSA-2025-8837 Important: Oracle Linux 9 mod_security security update

ELSA-2025-8916 Moderate: Oracle Linux 9 grafana-pcp security update

ELSA-2025-8813 Important: Oracle Linux 9 .NET 8.0 security update

ELSA-2025-8643 Important: Oracle Linux 9 kernel security update

ELSA-2025-8958 Moderate: Oracle Linux 8 libxml2 security update

ELBA-2025-8743-1 Oracle Linux 8 kernel bug fix update

ELSA-2025-20372 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Windows

Linux

macOS

Community