ELBA-2025-20661 Oracle Linux 8 oVirt 4.5 ovirt-engine bug fix update
ELSA-2025-20663 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2025-20663 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2025-17802 Important: Oracle Linux 8 webkit2gtk3 security update
ELSA-2025-17715 Moderate: Oracle Linux 8 vim security update
ELSA-2025-17415 Moderate: Oracle Linux 8 gnutls security, bug fix, and enhancement update
ELEA-2025-17427 Oracle Linux 8 nodejs:20 bug fix and enhancement update
ELBA-2025-17425 Oracle Linux 8 pki-deps:10.6 bug fix and enhancement update
ELBA-2025-20651 Oracle Linux 9 kexec-tools bug fix update
ELSA-2025-20663 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELBA-2025-20659 Oracle Linux 8 oracle-ai-database-preinstall-26ai bug fix update
ELSA-2025-17742 Moderate: Oracle Linux 9 vim security update
ELBA-2025-20658 Oracle Linux 9 oracle-ai-database-preinstall-26ai bug fix update
ELSA-2025-17776 Moderate: Oracle Linux 10 kernel security update
ELBA-2025-17897 Oracle Linux 10 389-ds-base bug fix and enhancement update
ELBA-2025-20661 Oracle Linux 8 oVirt 4.5 ovirt-engine bug fix update
Oracle Linux Bug Fix Advisory ELBA-2025-20661
http://linux.oracle.com/errata/ELBA-2025-20661.html
The following updated rpms for Oracle Linux 8 oVirt 4.5 have been uploaded to the Unbreakable Linux Network:
x86_64:
ovirt-engine-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-backend-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-dbscripts-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-health-check-bundler-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-restapi-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-setup-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-setup-base-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-setup-plugin-cinderlib-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-setup-plugin-imageio-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-common-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-setup-plugin-websocket-proxy-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-tools-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-tools-backup-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-vmconsole-proxy-helper-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-webadmin-portal-4.5.5-1.57.el8.noarch.rpm
ovirt-engine-websocket-proxy-4.5.5-1.57.el8.noarch.rpm
python3-ovirt-engine-lib-4.5.5-1.57.el8.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/ovirt-engine-4.5.5-1.57.el8.src.rpm
Description of changes:
[4.5.5-1.57]
- Disable persistent reservation when SCSI passthrough is disabled
[4.5.5-1.56]
- Fix SCSI passthrough when passthrough and persistent reservation are both disabled
[4.5.5-1.55]
- Fix Sapphire Rapids CPU types for install and update
- Add Emerald Rapids CPU type
ELSA-2025-20663 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2025-20663
http://linux.oracle.com/errata/ELSA-2025-20663.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2136.348.3.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.348.3.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.348.3.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.348.3.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.348.3.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.348.3.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.348.3.el8uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.348.3.el8uek.src.rpm
Related CVEs:
CVE-2023-52572
CVE-2024-26644
CVE-2024-26958
CVE-2024-49935
CVE-2024-53237
CVE-2025-37798
CVE-2025-38102
CVE-2025-38177
CVE-2025-38193
CVE-2025-38211
CVE-2025-38226
CVE-2025-38229
CVE-2025-38230
CVE-2025-38245
CVE-2025-38249
CVE-2025-38262
CVE-2025-38347
CVE-2025-38371
CVE-2025-38375
CVE-2025-38377
CVE-2025-38386
CVE-2025-38387
CVE-2025-38389
CVE-2025-38391
CVE-2025-38395
CVE-2025-38400
CVE-2025-38401
CVE-2025-38403
CVE-2025-38404
CVE-2025-38406
CVE-2025-38439
CVE-2025-38445
CVE-2025-38448
CVE-2025-38457
CVE-2025-38458
CVE-2025-38459
CVE-2025-38460
CVE-2025-38464
CVE-2025-38465
CVE-2025-38467
CVE-2025-38468
CVE-2025-38470
CVE-2025-38473
CVE-2025-38474
CVE-2025-38477
CVE-2025-38478
CVE-2025-38480
CVE-2025-38481
CVE-2025-38482
CVE-2025-38483
CVE-2025-38494
CVE-2025-38495
CVE-2025-38497
CVE-2025-38499
CVE-2025-38513
CVE-2025-38514
CVE-2025-38515
CVE-2025-38516
CVE-2025-38529
CVE-2025-38530
CVE-2025-38538
CVE-2025-38539
CVE-2025-38540
CVE-2025-38542
CVE-2025-38546
CVE-2025-38553
CVE-2025-38555
CVE-2025-38563
CVE-2025-38565
CVE-2025-38569
CVE-2025-38572
CVE-2025-38574
CVE-2025-38577
CVE-2025-38578
CVE-2025-38581
CVE-2025-38602
CVE-2025-38604
CVE-2025-38608
CVE-2025-38612
CVE-2025-38617
CVE-2025-38618
CVE-2025-38622
CVE-2025-38630
CVE-2025-38635
CVE-2025-38639
CVE-2025-38650
CVE-2025-38652
CVE-2025-38663
CVE-2025-38664
CVE-2025-38666
CVE-2025-38668
CVE-2025-38671
CVE-2025-38677
CVE-2025-38680
CVE-2025-38687
CVE-2025-38691
CVE-2025-38693
CVE-2025-38694
CVE-2025-38695
CVE-2025-38697
CVE-2025-38698
CVE-2025-38699
CVE-2025-38700
CVE-2025-38701
CVE-2025-38708
CVE-2025-38713
CVE-2025-38714
CVE-2025-38715
CVE-2025-38718
CVE-2025-38721
CVE-2025-38724
CVE-2025-38727
CVE-2025-38729
CVE-2025-39676
CVE-2025-39689
CVE-2025-39691
CVE-2025-39709
CVE-2025-39710
CVE-2025-39713
CVE-2025-39714
CVE-2025-39724
CVE-2025-39730
CVE-2025-39736
CVE-2025-39737
CVE-2025-39742
CVE-2025-39743
CVE-2025-39749
CVE-2025-39751
CVE-2025-39752
CVE-2025-39756
CVE-2025-39757
CVE-2025-39766
CVE-2025-39782
CVE-2025-39783
CVE-2025-39787
CVE-2025-39794
CVE-2025-39798
CVE-2025-39808
CVE-2025-39812
CVE-2025-39813
CVE-2025-39817
CVE-2025-39824
CVE-2025-39828
Description of changes:
[5.4.17-2136.348.3.el8uek]
- hugetlbfs: take read_lock on i_mmap for PMD sharing (Waiman Long) [Orabug: 38459576]
- kallsyms: add module_kallsyms_on_each_symbol_locked (Julian Pidancet) [Orabug: 37629344] [Orabug: 38418686]
- kallsyms: export module_kallsyms_on_each_symbol (Julian Pidancet) [Orabug: 37629344] [Orabug: 38418686]
[5.4.17-2136.348.2.el8uek]
- uek-rpm: Move ifb module to nano modules (Harshit Mogalapalli) [Orabug: 38443798]
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38310007] {CVE-2025-38499}
- x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38424094]
- x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38424094]
- Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38424094]
[5.4.17-2136.348.1.el8uek]
- LTS tag: v5.4.298 (Sherry Yang)
- Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" (Imre Deak)
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- Revert "drm/amdgpu: fix incorrect vm flags to map bo" (Alex Deucher) [Orabug: 38343661]
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (Minjong Kim) [Orabug: 38440228] {CVE-2025-39808}
- HID: wacom: Add a new Art Pen 2 (Ping Cheng)
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (Qasim Ijaz) [Orabug: 38440310] {CVE-2025-39824}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (Li Nan) [Orabug: 38440277] {CVE-2025-39817}
- sctp: initialize more fields in sctp_v6_from_sk() (Eric Dumazet) [Orabug: 38440251] {CVE-2025-39812}
- net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts (Rohan G Thomas)
- net/mlx5e: Set local Xoff after FW update (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon port speed set (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon MTU set (Alexei Lazar)
- net: dlink: fix multicast stats being counted incorrectly (Moon Yeounsu)
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). (Kuniyuki Iwashima) [Orabug: 38440347] {CVE-2025-39828}
- net/atm: remove the atmdev_ops {get, set}sockopt methods (Christoph Hellwig)
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (Luiz Augusto von Dentz)
- powerpc/kvm: Fix ifdef to remove build warning (Madhavan Srinivasan)
- net: ipv4: fix regression in local-broadcast routes (Oscar Maes) [Orabug: 38343661]
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (Nikolay Kuratov)
- scsi: core: sysfs: Correct sysfs attributes access rights (Damien Le Moal)
- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (Tengda Wu) [Orabug: 38440259] {CVE-2025-39813}
- pinctrl: STMFX: add missing HAS_IOMEM dependency (Randy Dunlap)
- LTS tag: v5.4.297 (Sherry Yang)
- alloc_fdtable(): change calling conventions. (Al Viro)
- s390/hypfs: Enable limited access during lockdown (Peter Oberparleiter)
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (Peter Oberparleiter)
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (Takashi Iwai)
- net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate (William Liu)
- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (William Liu)
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (Jason Xing)
- ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add (Heminhong)
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (Dan Carpenter) [Orabug: 38343661]
- scsi: qla4xxx: Prevent a potential error pointer dereference (Dan Carpenter) [Orabug: 38401514] {CVE-2025-39676}
- usb: xhci: Fix slot_id resource race conflict (Weitao Wang)
- nfs: fix UAF in direct writes (Josef Bacik) [Orabug: 36596831] {CVE-2024-26958}
- NFS: Fix up commit deadlocks (Trond Myklebust)
- cifs: Fix UAF in cifs_demultiplex_thread() (Zhang Xiaoxu) [Orabug: 36154626] {CVE-2023-1192}
- Bluetooth: fix use-after-free in device_for_each_child() (Dmitry Antipov) [Orabug: 37433654] {CVE-2024-53237}
- act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti)
- net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti)
- net/sched: act_mirred: refactor the handle of xmit (Wenxu)
- selftests: forwarding: tc_actions.sh: add matchall mirror test (Jiri Pirko)
- net: sched: don't expose action qstats to skb_tc_reinsert() (Vlad Buslov)
- net: sched: extract qstats update code into functions (Vlad Buslov)
- net: sched: extract bstats update code into function (Vlad Buslov)
- net: sched: extract common action counters update code into function (Vlad Buslov)
- mm: perform the mapping_map_writable() check after call_mmap() (Lorenzo Stoakes)
- mm: update memfd seal write check to include F_SEAL_WRITE (Lorenzo Stoakes)
- mm: drop the assumption that VM_SHARED always implies writable (Lorenzo Stoakes)
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37908492] {CVE-2025-37798}
- sch_qfq: make qfq_qlen_notify() idempotent (Cong Wang)
- sch_hfsc: make hfsc_qlen_notify() idempotent (Cong Wang) [Orabug: 38158396] {CVE-2025-38177}
- sch_drr: make drr_qlen_notify() idempotent (Cong Wang)
- btrfs: populate otime when logging an inode item (Qu Wenruo)
- media: venus: hfi: explicitly release IRQ during teardown (Jorge Ramirez-Ortiz)
- f2fs: fix to avoid out-of-boundary access in dnode page (Chao Yu)
- media: venus: protect against spurious interrupts during probe (Jorge Ramirez-Ortiz)
- media: qcom: camss: cleanup media device allocated resource on error path (Vladimir Zapolskiy)
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. (Ricardo Ribalda)
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (Imre Deak)
- pwm: mediatek: Fix duty and period setting (Uwe Kleine-König)
- pwm: mediatek: Handle hardware enable and clock enable separately (Uwe Kleine-König)
- pwm: mediatek: Implement .apply() callback (Uwe Kleine-König)
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (Gui-Dong Han) [Orabug: 38401677] {CVE-2025-39713}
- media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() (Sakari Ailus)
- media: v4l2-ctrls: always copy the controls on completion (Hans Verkuil)
- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig (Damien Le Moal)
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header (Bjorn Andersson)
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (Meagan Lloyd)
- usb: musb: omap2430: fix device leak at unbind (Johan Hovold)
- NFS: Fix the setting of capabilities when automounting a new filesystem (Trond Myklebust) [Orabug: 38429211] {CVE-2025-39798}
- NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() (Trond Myklebust)
- NFSv4: Fix nfs4_bitmap_copy_adjust() (Trond Myklebust)
- usb: typec: fusb302: cache PD RX state (Sebastian Reichel)
- cdc-acm: fix race between initial clearing halt and open (Oliver Neukum)
- USB: cdc-acm: do not log successful probe on later errors (Johan Hovold)
- mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock (Breno Leitao)
- mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t (He Zhe)
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (Geoffrey D. Bennett)
- x86/fpu: Delay instruction pointer fixup until after warning (Dave Hansen)
- mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery (Andy Shevchenko)
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38395081] {CVE-2025-38724}
- pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov (Maulik Shah)
- tracing: Add down_write(trace_event_sem) when adding trace event (Steven Rostedt) [Orabug: 38324271] {CVE-2025-38539}
- usb: hub: Don't try to recover devices lost during warm reset. (Mathias Nyman)
- usb: hub: avoid warm port reset during USB3 disconnect (Mathias Nyman)
- x86/mce/amd: Add default names for MCA banks and blocks (Yazen Ghannam)
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (Zhang Lixu)
- f2fs: fix to do sanity check on ino and xnid (Chao Yu)
- mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n (Harry Yoo)
- mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() (Miaohe Lin)
- drm/sched: Remove optimization that causes hang when killing dependent jobs (Lin Cao)
- ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (Haoxiang Li) [Orabug: 38351930] {CVE-2025-38664}
- net: usbnet: Fix the wrong netif_carrier_on() call (Ammar Faizi)
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (John Ernberg)
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (Lukas Wunner)
- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (Li Zhong)
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (Ian Abbott)
- comedi: Fix initialization of data for instructions that write to subdevice (Ian Abbott)
- kbuild: Add KBUILD_CPPFLAGS to as-option invocation (Nathan Chancellor)
- kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS (Masahiro Yamada)
- kbuild: Add CLANG_FLAGS to as-instr (Nathan Chancellor)
- mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation (Nathan Chancellor)
- kbuild: Update assembler calls to use proper flags and language target (Nick Desaulniers)
- ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS (Nathan Chancellor)
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (Kuen-Han Tsai)
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (Zenm Chen)
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (Thorsten Blum)
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (Mael Guerin)
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (Miao Li)
- iio: proximity: isl29501: fix buffered read on big-endian systems (David Lechner)
- ftrace: Also allocate and copy hash for reading of filter files (Steven Rostedt) [Orabug: 38401581] {CVE-2025-39689}
- fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() (Xu Yilun)
- use uniform permission checks for all mount propagation changes (Al Viro)
- move_mount: allow to add a mount into an existing group (Pavel Tikhomirov)
- fs/buffer: fix use-after-free when call bh_read() helper (Ye Bin) [Orabug: 38401587] {CVE-2025-39691}
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (Timur Kristóf)
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (Timur Kristóf)
- memstick: Fix deadlock by moving removing flag earlier (Jiayi Li)
- media: venus: Add a check for packet size after reading from shared memory (Vedang Nagar)
- media: ov2659: Fix memory leaks in ov2659_probe() (Zhang Shurong)
- media: usbtv: Lock resolution while streaming (Ludwig Disterhof) [Orabug: 38401684] {CVE-2025-39714}
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (Haoxiang Li)
- media: gspca: Add bounds checking to firmware parser (Dan Carpenter)
- soc/tegra: pmc: Ensure power-domains are in a known state (Jonathan Hunter)
- jbd2: prevent softlockup in jbd2_log_do_checkpoint() (Baokun Li) [Orabug: 38423509] {CVE-2025-39782}
- PCI: endpoint: Fix configfs group removal on driver teardown (Damien Le Moal)
- PCI: endpoint: Fix configfs group list head handling (Damien Le Moal)
- mtd: rawnand: fsmc: Add missing check after DMA map (Thomas Fourier)
- pwm: imx-tpm: Reset counter if CMOD is 0 (Laurentiu Mihalcea)
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (Nathan Chancellor)
- zynq_fpga: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- ata: libata-scsi: Fix ata_to_sense_error() status handling (Damien Le Moal)
- ext4: fix reserved gdt blocks handling in fsmap (Ojaswin Mujoo)
- ext4: fix fsmap end of range reporting with bigalloc (Ojaswin Mujoo)
- ext4: check fast symlink for ea_inode correctly (Andreas Dilger)
- vt: defkeymap: Map keycodes above 127 to K_HOLE (Myrrh Periwinkle)
- vt: keyboard: Don't process Unicode characters in K_OFF mode (Myrrh Periwinkle)
- usb: dwc3: meson-g12a: fix device leaks at unbind (Johan Hovold)
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (Johan Hovold)
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (Nathan Chancellor)
- m68k: Fix lost column on framebuffer debug console (Finn Thain)
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (Dan Carpenter)
- serial: 8250: fix panic due to PSLVERR (Yunhui Cui) [Orabug: 38401729] {CVE-2025-39724}
- media: uvcvideo: Do not mark valid metadata as invalid (Ricardo Ribalda)
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Youngjun Lee) [Orabug: 38394816] {CVE-2025-38680}
- mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() (Waiman Long)
- parisc: Makefile: fix a typo in palo.conf (Randy Dunlap)
- btrfs: fix log tree replay failure due to file with 0 links and extents (Filipe Manana)
- thunderbolt: Fix copy+paste error in match_service_id() (Eric Biggers)
- comedi: fix race between polling and detaching (Ian Abbott)
- misc: rtsx: usb: Ensure mmc child device is active when card is present (Ricky Wu)
- drm/amdgpu: fix incorrect vm flags to map bo (Jack Xiao)
- scsi: lpfc: Remove redundant assignment to avoid memory leak (Jiasheng Jiang)
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (Meagan Lloyd)
- pNFS: Fix uninited ptr deref in block/scsi layout (Sergey Bashirov) [Orabug: 38394867] {CVE-2025-38691}
- pNFS: Handle RPC size limit for layoutcommits (Sergey Bashirov)
- pNFS: Fix disk addr range check in block/scsi layout (Sergey Bashirov)
- pNFS: Fix stripe mapping in block/scsi layout (Sergey Bashirov)
- net: phy: smsc: add proper reset flags for LAN8710A (Csaba Buday)
- ipmi: Fix strcpy source and destination the same (Corey Minyard)
- kconfig: lxdialog: fix 'space' to (de)select options (Yann E. MORIN)
- kconfig: gconf: fix potential memory leak in renderer_edited() (Masahiro Yamada)
- kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() (Masahiro Yamada)
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (Breno Leitao)
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (John Garry)
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (Ranjan Kumar)
- kconfig: nconf: Ensure null termination where strncpy is used (Shankari Anand)
- kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c (Suchit Karunakaran)
- i3c: don't fail if GETHDRCAP is unsupported (Wolfram Sang)
- PCI: pnv_php: Work around switches with broken presence detection (Timothy Pearson)
- i3c: add missing include to internal header (Wolfram Sang)
- media: uvcvideo: Fix bandwidth issue for Alcor camera (Chenchangcheng)
- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (Alex Guo) [Orabug: 38394880] {CVE-2025-38693}
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (Alex Guo) [Orabug: 38394887] {CVE-2025-38694}
- media: usb: hdpvr: disable zero-length read messages (Wolfram Sang)
- media: tc358743: Increase FIFO trigger level to 374 (Dave Stevenson)
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (Dave Stevenson)
- media: tc358743: Check I2C succeeded during probe (Dave Stevenson)
- pinctrl: stm32: Manage irq affinity settings (Cheick Traore)
- scsi: mpt3sas: Correctly handle ATA device errors (Damien Le Moal)
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (Justin Tee) [Orabug: 38394894] {CVE-2025-38695}
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (Yury Norov) [Orabug: 38423286] {CVE-2025-39742}
- MIPS: Don't crash in stack_top() for tasks without ABI or vDSO (Thomas Weißschuh)
- jfs: upper bound check of tree index in dbAllocAG (Arnaud Lecomte)
- jfs: Regular file corruption check (Edward Adam Davis)
- jfs: truncate good inode pages when hard link is 0 (Lizhi Xu)
- scsi: bfa: Double-free fix (Jackysliu) [Orabug: 38394925] {CVE-2025-38699}
- MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} (Shiji Yang)
- watchdog: dw_wdt: Fix default timeout (Sebastian Reichel)
- fs/orangefs: use snprintf() instead of sprintf() (Amir Mohammad Jahangirzad)
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Showrya M N) [Orabug: 38394931] {CVE-2025-38700}
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (Theodore Ts'O) [Orabug: 38394937] {CVE-2025-38701}
- cifs: Fix calling CIFSFindFirst() for root path without msearch (Pali Rohár)
- vhost: fail early when __vhost_add_used() fails (Jason Wang)
- net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 (Álvaro Fernández Rojas)
- uapi: in6: restore visibility of most IPv6 socket options (Jakub Kicinski)
- net: ncsi: Fix buffer overflow in fetching version id (Hari Kalavakunta)
- net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 (Álvaro Fernández Rojas)
- net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 (Álvaro Fernández Rojas)
- net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs (Gal Pressman)
- wifi: iwlegacy: Check rate_idx range after addition (Stanislaw Gruszka)
- netmem: fix skb_frag_address_safe with unreadable skbs (Mina Almasry)
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_rx_interrupt(). (Thomas Fourier)
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (Anjaneyulu)
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (Rand Deeb)
- net: fec: allow disable coalescing (Jonas Rebmann)
- (powerpc/512) Fix possible dma_unmap_single() on uninitialized pointer (Thomas Fourier)
- s390/stp: Remove udelay from stp_sync_clock() (Sven Schnelle)
- wifi: iwlwifi: mvm: fix scan request validation (Avraham Stern)
- net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() (Alok Tiwari)
- net: ipv4: fix incorrect MTU in broadcast routes (Oscar Maes)
- wifi: cfg80211: Fix interface type validation (Ilan Peer)
- rcu: Protect ->defer_qs_iw_pending from data race (Paul E. McKenney) [Orabug: 38423341] {CVE-2025-39749}
- net: ag71xx: Add missing check after DMA map (Thomas Fourier)
- et131x: Add missing check after DMA map (Thomas Fourier)
- be2net: Use correct byte order and format string for TCP seq and ack_seq (Alok Tiwari)
- s390/time: Use monotonic clock in get_cycles() (Sven Schnelle)
- wifi: cfg80211: reject HTC bit for management frames (Johannes Berg)
- ktest.pl: Prevent recursion of default variable options (Steven Rostedt)
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (Xinxin Wan)
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (Cristian Ciocaltea)
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (Lucy Thrun) [Orabug: 38423359] {CVE-2025-39751}
- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (Kees Cook)
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (Gautham R. Shenoy)
- usb: core: usb_submit_urb: downgrade type check (Oliver Neukum)
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (Alok Tiwari)
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (Mark Brown)
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (Ulf Hansson)
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (Breno Leitao)
- ACPI: processor: fix acpi_object initialization (Sebastian Ott)
- PM: sleep: console: Fix the black screen issue (Tuhaowen)
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (Hsin-Te Yuan)
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (Rafael J. Wysocki)
- selftests: tracing: Use mutex_unlock for testing glob filter (Masami Hiramatsu)
- ARM: tegra: Use I/O memcpy to write to IRAM (Aaron Kling)
- gpio: tps65912: check the return value of regmap_update_bits() (Bartosz Golaszewski)
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (Kuninori Morimoto)
- ARM: rockchip: fix kernel hang during smp initialization (Alexander Kochetkov)
- cpufreq: Exit governor when failed to start old governor (Lifeng Zheng)
- usb: xhci: Avoid showing errors during surprise removal (Mario Limonciello)
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (Jay Chen)
- usb: xhci: Avoid showing warnings for dying controller (Mario Limonciello)
- selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t (Cynthia Huang)
- usb: xhci: print xhci->xhc_state when queue_command failed (Su Hui)
- securityfs: don't pin dentries twice, once is enough... (Al Viro)
- hfs: fix not erasing deleted b-tree node issue (Viacheslav Dubeyko)
- drbd: add missing kref_get in handle_write_conflicts (Sarah Newman) [Orabug: 38394995] {CVE-2025-38708}
- udf: Verify partition map count (Jan Kara)
- arm64: Handle KCOV __init vs inline mismatches (Kees Cook)
- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() (Tetsuo Handa)
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (Viacheslav Dubeyko)
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (Viacheslav Dubeyko)
- hfs: fix slab-out-of-bounds in hfs_bnode_read() (Viacheslav Dubeyko)
- sctp: linearize cloned gso packets in sctp_rcv (Xin Long) [Orabug: 38395059] {CVE-2025-38718}
- netfilter: ctnetlink: fix refcount leak on table dump (Florian Westphal) [Orabug: 38395068] {CVE-2025-38721}
- udp: also consider secpath when evaluating ipsec use for checksumming (Sabrina Dubroca)
- ACPI: processor: perflib: Move problematic pr->performance check (Rafael J. Wysocki) [Orabug: 38429229] {CVE-2025-39799}
- ACPI: processor: perflib: Fix initial _PPC limit application (Jiayi Li)
- Documentation: ACPI: Fix parent device references (Andy Shevchenko)
- fs: Prevent file descriptor table allocations exceeding INT_MAX (Sasha Levin) [Orabug: 38423397] {CVE-2025-39756}
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (Ma Ke)
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (Dai Ngo)
- net: dpaa: fix device leak when querying time stamp info (Johan Hovold)
- net: gianfar: fix device leak when querying time stamp info (Johan Hovold)
- netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38401319] {CVE-2025-38727}
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Takashi Iwai) [Orabug: 38423407] {CVE-2025-39757}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Takashi Iwai) [Orabug: 38395101] {CVE-2025-38729}
- io_uring: don't use int for ABI (Pavel Begunkov)
- usb: gadget : fix use-after-free in composite_dev_cleanup() (Taoxue) [Orabug: 38334898] {CVE-2025-38555}
- MIPS: mm: tlb-r4k: Uniquify TLB entries on init (Jiaxun Yang)
- USB: serial: option: add Foxconn T99W709 (Slark Xiao)
- vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38351771] {CVE-2025-38618}
- net/packet: fix a race in packet_set_ring() and packet_notifier() (Quang Le) [Orabug: 38351764] {CVE-2025-38617}
- perf/core: Prevent VMA split of buffer mappings (Thomas Gleixner) [Orabug: 38334948] {CVE-2025-38563}
- perf/core: Exit early on perf_mmap() fail (Thomas Gleixner) [Orabug: 38334959] {CVE-2025-38565}
- perf/core: Don't leak AUX buffer refcount on allocation failure (Thomas Gleixner)
- pptp: fix pptp_xmit() error path (Eric Dumazet)
- smb: client: let recv_done() cleanup before notifying the callers. (Stefan Metzmacher)
- benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334976] {CVE-2025-38569}
- net: drop UFO packets in udp_rcv_segment() (Wang Liang) [Orabug: 38351786] {CVE-2025-38622}
- ipv6: reject malicious packets in ipv6_gso_segment() (Eric Dumazet) [Orabug: 38334988] {CVE-2025-38572}
- pptp: ensure minimal skb length in pptp_xmit() (Eric Dumazet) [Orabug: 38335004] {CVE-2025-38574}
- netpoll: prevent hanging NAPI when netcons gets enabled (Jakub Kicinski)
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (Trond Myklebust) [Orabug: 38401745] {CVE-2025-39730}
- pci/hotplug/pnv-php: Wrap warnings in macro (Frederic Barrat)
- pci/hotplug/pnv-php: Improve error msg on power state change failure (Frederic Barrat)
- usb: chipidea: udc: fix sleeping function called from invalid context (Peter Chen)
- f2fs: fix to avoid out-of-boundary access in devs.path (Chao Yu)
- f2fs: fix to avoid panic in f2fs_evict_inode (Chao Yu)
- f2fs: fix to avoid UAF in f2fs_sync_inode_meta() (Chao Yu)
- rtc: pcf8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: hym8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: ds1307: fix incorrect maximum clock rate handling (Brian Masney)
- module: Restore the moduleparam prefix length check (Petr Pavlu)
- bpf: Check flow_dissector ctx accesses are aligned (Paul Chaignon)
- mtd: rawnand: atmel: set pmecc data setup time (Balamanikandan Gunasundar)
- mtd: rawnand: atmel: Fix dma_mapping_error() address (Thomas Fourier)
- jfs: fix metapage reference count leak in dbAllocCtl (Zheng Yu)
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (Chenyuan Yang)
- crypto: qat - fix seq_file position update in adf_ring_next() (Giovanni Cabiddu)
- dmaengine: nbpfaxi: Add missing check after DMA map (Thomas Fourier)
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (Thomas Fourier)
- fs/orangefs: Allow 2 more characters in do_c_string() (Dan Carpenter)
- soundwire: stream: restore params when prepare ports fail (Bard Liao)
- crypto: img-hash - Fix dma_unmap_sg() nents value (Thomas Fourier)
- hwrng: mtk - handle devm_pm_runtime_enable errors (Ovidiu Panait)
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (Dan Carpenter)
- scsi: isci: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: mvsas: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (Thomas Fourier)
- clk: sunxi-ng: v3s: Fix de clock definition (Paul Kocialkowski)
- perf tests bp_account: Fix leaked file descriptor (Leo Yan)
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (Mengbiao Xiong)
- pinctrl: sunxi: Fix memory leak on krealloc failure (Yuan Chen)
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (Charles Han)
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (Henry Martin)
- mtd: fix possible integer overflow in erase_xfer() (Ivan Stepchenko)
- crypto: marvell/cesa - Fix engine load inaccuracy (Herbert Xu)
- PCI: rockchip-host: Fix "Unexpected Completion" log message (Hans Zhang)
- vrf: Drop existing dst reference in vrf_ip6_input_dst (Stanislav Fomichev)
- selftests: rtnetlink.sh: remove esp4_offload after test (Xiumei Mu)
- netfilter: xt_nfacct: don't assume acct name is null-terminated (Florian Westphal) [Orabug: 38351854] {CVE-2025-38639}
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (Jimmy Assarsson)
- can: kvaser_pciefd: Store device channel index (Jimmy Assarsson)
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (Gokul Sivakumar)
- Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (Remi Pommarel)
- mwl8k: Add missing check after DMA map (Thomas Fourier)
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (Martin Kaistra)
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (William Liu) [Orabug: 38331466] {CVE-2025-38553}
- arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX (Johan Korsnes)
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (Fedor Pchelkin)
- m68k: Don't unregister boot console needlessly (Finn Thain)
- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range (Xin Guo)
- iwlwifi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang) [Orabug: 38335110] {CVE-2025-38602}
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (Xiu Jianfeng)
- wifi: rtl818x: Kill URBs before clearing tx status queue (Daniil Dulov) [Orabug: 38335120] {CVE-2025-38604}
- caif: reduce stack size, again (Arnd Bergmann)
- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (Yuan Chen)
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (Jiayuan Chen) [Orabug: 38335131] {CVE-2025-38608}
- staging: nvec: Fix incorrect null termination of battery manufacturer (Alok Tiwari)
- samples: mei: Fix building on musl libc (Brahmajit Das)
- cpufreq: Init policy->rwsem before it may be possibly used (Lifeng Zheng)
- ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface (Annette Kobou)
- usb: early: xhci-dbc: Fix early_ioremap leak (Lucas De Marchi)
- Revert "vmci: Prevent the dispatching of uninitialized payloads" (Greg Kroah-Hartman)
- pps: fix poll support (Denis Osterland-Heim)
- vmci: Prevent the dispatching of uninitialized payloads (Lizhi Xu)
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (Abdun Nihaal) [Orabug: 38335153] {CVE-2025-38612}
- ARM: dts: vfxxx: Correctly use two tuples for timer address (Krzysztof Kozlowski)
- hfsplus: remove mutex_lock check in hfsplus_free_extents (Yangtao Li)
- ASoC: Intel: fix SND_SOC_SOF dependencies (Arnd Bergmann)
- ethernet: intel: fix building with large NR_CPUS (Arnd Bergmann)
- usb: phy: mxs: disconnect line when USB charger is attached (Xu Yang)
- usb: chipidea: add USB PHY event (Xu Yang)
- usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use (Peter Chen)
- usb: chipidea: udc: protect usb interrupt enable (Li Jun)
- usb: chipidea: udc: add new API ci_hdrc_gadget_connect (Peter Chen)
- ALSA: hda: Add missing NVIDIA HDA codec IDs (Daniel Dadap)
- comedi: comedi_test: Fix possible deletion of uninitialized timers (Ian Abbott)
- nilfs2: reject invalid file types when reading inodes (Ryusuke Konishi)
- i2c: qup: jump out of the loop in case of timeout (Yang Xiwen) [Orabug: 38351994] {CVE-2025-38671}
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (Xiang Mei)
- net: appletalk: Fix use-after-free in AARP proxy probe (Kito Xu)
- net: appletalk: fix kerneldoc warnings (Andrew Lunn)
- RDMA/core: Rate limit GID cache warning messages (Maor Gottlieb)
- regulator: core: fix NULL dereference on unbind due to stale coupling data (Alessandro Carminati) [Orabug: 38351978] {CVE-2025-38668}
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (Mathias Nyman)
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (Mathias Nyman)
- net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158477] {CVE-2025-38193}
- power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition (Zheng Wang)
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (Minghao Chi)
- power: supply: bq24190_charger: Fix runtime PM imbalance on error (Dinghao Liu)
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (Hongyu Xie)
- virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug: 38253834] {CVE-2025-38375}
- ASoC: fsl_sai: Force a software reset when starting in consumer mode (Arun Raghavan)
- usb: dwc3: qcom: Don't leave BCR asserted (Krishna Kurapati)
- usb: musb: fix gadget state on disconnect (Drew Hamilton)
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (William Liu) [Orabug: 38254214] {CVE-2025-38468}
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (Dong Chenchen) [Orabug: 38254225] {CVE-2025-38470}
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (Luiz Augusto von Dentz)
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (Luiz Augusto von Dentz)
- Bluetooth: SMP: If an unallowed command is received consider it a failure (Luiz Augusto von Dentz)
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (Kuniyuki Iwashima) [Orabug: 38254241] {CVE-2025-38473}
- usb: net: sierra: check for no status endpoint (Oliver Neukum) [Orabug: 38254249] {CVE-2025-38474}
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (Xiang Mei) [Orabug: 38254266] {CVE-2025-38477}
- net: emaclite: Fix missing pointer increment in aligned_read() (Alok Tiwari)
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (Ian Abbott)
- comedi: Fix some signed shift left operations (Ian Abbott)
- comedi: das6402: Fix bit shift out of bounds (Ian Abbott)
- comedi: das16m1: Fix bit shift out of bounds (Ian Abbott)
- comedi: aio_iiro_16: Fix bit shift out of bounds (Ian Abbott)
- comedi: pcl812: Fix bit shift out of bounds (Ian Abbott)
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (Chen Ni)
- iio: adc: max1363: Reorder mode_list[] entries (Fabio Estevam)
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (Fabio Estevam)
- soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled (Andrew Jeffery)
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (Andrew Jeffery)
- mmc: sdhci_am654: Workaround for Errata i2312 (Judith Mendez)
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (Edson Juliano Drosdeck)
- mmc: bcm2835: Fix dma_unmap_sg() nents value (Thomas Fourier)
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (Nathan Chancellor)
- isofs: Verify inode mode when loading from disk (Jan Kara)
- dmaengine: nbpfaxi: Fix memory corruption in probe() (Dan Carpenter)
- af_packet: fix soft lockup issue caused by tpacket_snd() (Yun Lu)
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (Yun Lu)
- phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() (Nathan Chancellor)
- HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254340] {CVE-2025-38494}
- HID: core: ensure __hid_request reserves the report ID as the first byte (Benjamin Tissoires)
- HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254348] {CVE-2025-38495}
- pch_uart: Fix dma_sync_sg_for_device() nents value (Thomas Fourier)
- Input: xpad - set correct controller type for Acer NGR200 (Nilton Perim Neto)
- i2c: stm32: fix the device used for the DMA map (Clément Le Goffic)
- usb: gadget: configfs: Fix OOB read on empty string write (Xinyu Liu) [Orabug: 38254358] {CVE-2025-38497}
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (Ryan Mann)
- USB: serial: option: add Foxconn T99W640 (Slark Xiao)
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (Fabio Porcedda)
- LTS tag: v5.4.296 (Sherry Yang)
- x86/mm: Disable hugetlb page table sharing on 32-bit (Jann Horn)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (Hans de Goede)
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324280] {CVE-2025-38540}
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (Zhang Heng)
- vt: add missing notification when switching back to text mode (Nicolas Pitre)
- net: usb: qmi_wwan: add SIMCom 8230C composition (Xiaowei Li)
- atm: idt77252: Add missing dma_map_error() (Thomas Fourier)
- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254090] {CVE-2025-38439}
- bnxt_en: Fix DCB ETS validation (Shravya Kn)
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (Sean Nyekjaer)
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (Oleksij Rempel)
- net: appletalk: Fix device refcount leak in atrtr_create() (Kito Xu)
- md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254109] {CVE-2025-38445}
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug: 38324161] {CVE-2025-38513}
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (Christian König)
- Input: xpad - support Acer NGR 200 Controller (Nilton Perim Neto)
- Input: xpad - add VID for Turtle Beach controllers (Vicki Pfau)
- Input: xpad - add support for Amazon Game Controller (Matt Reynolds)
- NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust)
- flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes (Tigran Mkrtchyan)
- RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad)
- netlink: Fix rmem check in netlink_broadcast_deliver(). (Kuniyuki Iwashima)
- netlink: make sure we allow at least one dump skb (Jakub Kicinski)
- Revert "ACPI: battery: negate current when discharging" (Rafael J. Wysocki)
- usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254118] {CVE-2025-38448}
- drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324180] {CVE-2025-38515}
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324186] {CVE-2025-38516}
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (Jp Kobryn)
- x86/mce: Don't remove sysfs if thresholding sysfs init fails (Yazen Ghannam)
- x86/mce/amd: Fix threshold limit reset (Yazen Ghannam)
- rxrpc: Fix oops due to non-existence of prealloc backlog struct (David Howells)
- net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254147] {CVE-2025-38457}
- atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254153] {CVE-2025-38458}
- atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254161] {CVE-2025-38459}
- atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324309] {CVE-2025-38546}
- atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254167] {CVE-2025-38460}
- tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254181] {CVE-2025-38464}
- netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254188] {CVE-2025-38465}
- fix proc_sys_compare() handling of in-lookup dentries (Al Viro)
- proc: Clear the pieces of proc_inode that proc_evict_inode cares about (Eric W. Biederman)
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug: 38254203] {CVE-2025-38467}
- staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (Nathan Chancellor)
- media: uvcvideo: Rollback non processed entities on error (Ricardo Ribalda)
- media: uvcvideo: Send control events for partial succeeds (Ricardo Ribalda)
- media: uvcvideo: Return the number of processed controls (Ricardo Ribalda)
- ACPI: PAD: fix crash in exit_round_robin() (Seiji Nishikawa) [Orabug: 37206006] {CVE-2024-49935}
- usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38401436] {CVE-2025-38404}
- Logitech C-270 even more broken (Oliver Neukum)
- rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju)
- net: rose: Fix fall-through warnings for Clang (Gustavo A R Silva)
- drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253887] {CVE-2025-38389}
- drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter)
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark)
- spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (Vladimir Oltean)
- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (Vladimir Oltean)
- dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai)
- ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier)
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (Filipe Manana)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (Filipe Manana)
- RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad)
- RDMA/core: Create and destroy counters in the ib_core (Leon Romanovsky)
- scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche)
- drm/v3d: Disable interrupts before resetting the GPU (Maíra Canal)
- mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky)
- mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu)
- mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() (Yue Hu)
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253907] {CVE-2025-38395}
- regulator: gpio: Add input_supply support in gpio_regulator_config (Jerome Neanne)
- ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253875] {CVE-2025-38386}
- wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253946] {CVE-2025-38406}
- wifi: mac80211: drop invalid source address OCB frames (Johannes Berg)
- powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan)
- ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg)
- ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai)
- nui: Fix dma_mapping_error() check (Thomas Fourier)
- enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari)
- amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju)
- lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter)
- drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski)
- btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana)
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier)
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253923] {CVE-2025-38400}
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253881] {CVE-2025-38387}
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson)
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu)
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253894] {CVE-2025-38391}
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih)
- vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253937] {CVE-2025-38403}
- btrfs: don't abort filesystem when attempting to snapshot deleted subvolume (Omar Sandoval) [Orabug: 36530119] {CVE-2024-26644}
- arm64: Restrict pagetable teardown to avoid false warning (Dev Jain)
- s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS (Nathan Chancellor)
- drm/bridge: cdns-dsi: Check return value when getting default PHY config (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix connecting to next bridge (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (Aradhya Bhatia)
- drm/tegra: Assign plane type before registration (Thierry Reding)
- HID: wacom: fix kobject reference count leak (Qasim Ijaz)
- HID: wacom: fix memory leak on sysfs attribute creation failure (Qasim Ijaz)
- HID: wacom: fix memory leak on kobject creation failure (Qasim Ijaz)
- dm-raid: fix variable in journal device check (Heinz Mauelshagen)
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (Frédéric Danis)
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug: 38175045] {CVE-2025-38245}
- net: enetc: Correct endianness handling in _enetc_rd_reg64 (Simon Horman)
- um: ubd: Add missing error check in start_io_thread() (Tiwei Bie)
- vsock/uapi: fix linux/vm_sockets.h userspace compilation errors (Stefano Garzarella)
- wifi: mac80211: fix beacon interval calculation overflow (Lachlan Hodges)
- attach_recursive_mnt(): do not lock the covering tree when sliding something under it (Al Viro)
- ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug: 38175065] {CVE-2025-38249}
- i2c: robotfuzz-osif: disable zero-length read messages (Wolfram Sang)
- i2c: tiny-usb: disable zero-length read messages (Wolfram Sang)
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug: 38158592] {CVE-2025-38211}
- RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private (Weihang Li)
- media: vivid: Change the siize of the composing (Denis Arefev)
- media: omap3isp: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158692] {CVE-2025-38229}
- media: cxusb: use dev_dbg() rather than hand-rolled debug (Sean Young)
- jfs: validate AG parameters in dbMount() to prevent crashes (Vasiliy Kovalev)
- fs/jfs: consolidate sanity checking in dbMount (Dave Kleikamp)
- ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (Martin Blumenstingl)
- of: Add of_property_present() helper (Rob Herring)
- of: property: define of_property_read_u{8,16,32,64}_array() unconditionally (Michael Walle)
- kbuild: hdrcheck: fix cross build with clang (Arnd Bergmann)
- kbuild: add --target to correctly cross-compile UAPI headers with Clang (Masahiro Yamada)
- bpfilter: match bit size of bpfilter_umh to that of the kernel (Masahiro Yamada)
- kbuild: use -MMD instead of -MD to exclude system headers from dependency (Masahiro Yamada)
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152869] {CVE-2025-38102}
- VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF (George Kennedy)
- ovl: Check for NULL d_inode() in ovl_dentry_upper() (Kees Cook)
- ceph: fix possible integer overflow in ceph_zero_objects() (Dmitry Kandybka)
- ALSA: hda: Ignore unsol events for cards being shut down (Cezary Rojewski)
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (Jos Wang)
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (Robert Hodaszi)
- usb: Add checks for snprintf() calls in usb_alloc_dev() (Andy Shevchenko)
- tty: serial: uartlite: register uart driver in init (Jakub Lewalski)
- usb: potential integer overflow in usbg_make_tpg() (Chen Yufeng)
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (Jonathan Cameron)
- md/md-bitmap: fix dm-raid max_write_behind setting (Yu Kuai)
- dmaengine: xilinx_dma: Set dma_device directions (Thomas Gessler)
- mfd: max14577: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- mailbox: Not protect module_put with spin_lock_irqsave (Peng Fan)
- cifs: Fix cifs_query_path_info() for Windows NT servers (Pali Rohár)
ELSA-2025-20663 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2025-20663
http://linux.oracle.com/errata/ELSA-2025-20663.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2136.348.3.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.348.3.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.348.3.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.348.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.348.3.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.348.3.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.348.3.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.348.3.el7uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.348.3.el7uek.src.rpm
Related CVEs:
CVE-2023-52572
CVE-2024-26644
CVE-2024-26958
CVE-2024-49935
CVE-2024-53237
CVE-2025-37798
CVE-2025-38102
CVE-2025-38177
CVE-2025-38193
CVE-2025-38211
CVE-2025-38226
CVE-2025-38229
CVE-2025-38230
CVE-2025-38245
CVE-2025-38249
CVE-2025-38262
CVE-2025-38347
CVE-2025-38371
CVE-2025-38375
CVE-2025-38377
CVE-2025-38386
CVE-2025-38387
CVE-2025-38389
CVE-2025-38391
CVE-2025-38395
CVE-2025-38400
CVE-2025-38401
CVE-2025-38403
CVE-2025-38404
CVE-2025-38406
CVE-2025-38439
CVE-2025-38445
CVE-2025-38448
CVE-2025-38457
CVE-2025-38458
CVE-2025-38459
CVE-2025-38460
CVE-2025-38464
CVE-2025-38465
CVE-2025-38467
CVE-2025-38468
CVE-2025-38470
CVE-2025-38473
CVE-2025-38474
CVE-2025-38477
CVE-2025-38478
CVE-2025-38480
CVE-2025-38481
CVE-2025-38482
CVE-2025-38483
CVE-2025-38494
CVE-2025-38495
CVE-2025-38497
CVE-2025-38499
CVE-2025-38513
CVE-2025-38514
CVE-2025-38515
CVE-2025-38516
CVE-2025-38529
CVE-2025-38530
CVE-2025-38538
CVE-2025-38539
CVE-2025-38540
CVE-2025-38542
CVE-2025-38546
CVE-2025-38553
CVE-2025-38555
CVE-2025-38563
CVE-2025-38565
CVE-2025-38569
CVE-2025-38572
CVE-2025-38574
CVE-2025-38577
CVE-2025-38578
CVE-2025-38581
CVE-2025-38602
CVE-2025-38604
CVE-2025-38608
CVE-2025-38612
CVE-2025-38617
CVE-2025-38618
CVE-2025-38622
CVE-2025-38630
CVE-2025-38635
CVE-2025-38639
CVE-2025-38650
CVE-2025-38652
CVE-2025-38663
CVE-2025-38664
CVE-2025-38666
CVE-2025-38668
CVE-2025-38671
CVE-2025-38677
CVE-2025-38680
CVE-2025-38687
CVE-2025-38691
CVE-2025-38693
CVE-2025-38694
CVE-2025-38695
CVE-2025-38697
CVE-2025-38698
CVE-2025-38699
CVE-2025-38700
CVE-2025-38701
CVE-2025-38708
CVE-2025-38713
CVE-2025-38714
CVE-2025-38715
CVE-2025-38718
CVE-2025-38721
CVE-2025-38724
CVE-2025-38727
CVE-2025-38729
CVE-2025-39676
CVE-2025-39689
CVE-2025-39691
CVE-2025-39709
CVE-2025-39710
CVE-2025-39713
CVE-2025-39714
CVE-2025-39724
CVE-2025-39730
CVE-2025-39736
CVE-2025-39737
CVE-2025-39742
CVE-2025-39743
CVE-2025-39749
CVE-2025-39751
CVE-2025-39752
CVE-2025-39756
CVE-2025-39757
CVE-2025-39766
CVE-2025-39782
CVE-2025-39783
CVE-2025-39787
CVE-2025-39794
CVE-2025-39798
CVE-2025-39808
CVE-2025-39812
CVE-2025-39813
CVE-2025-39817
CVE-2025-39824
CVE-2025-39828
Description of changes:
[5.4.17-2136.348.3.el7uek]
- hugetlbfs: take read_lock on i_mmap for PMD sharing (Waiman Long) [Orabug: 38459576]
- kallsyms: add module_kallsyms_on_each_symbol_locked (Julian Pidancet) [Orabug: 37629344] [Orabug: 38418686]
- kallsyms: export module_kallsyms_on_each_symbol (Julian Pidancet) [Orabug: 37629344] [Orabug: 38418686]
[5.4.17-2136.348.2.el7uek]
- uek-rpm: Move ifb module to nano modules (Harshit Mogalapalli) [Orabug: 38443798]
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38310007] {CVE-2025-38499}
- x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38424094]
- x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38424094]
- Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38424094]
[5.4.17-2136.348.1.el7uek]
- LTS tag: v5.4.298 (Sherry Yang)
- Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" (Imre Deak)
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- Revert "drm/amdgpu: fix incorrect vm flags to map bo" (Alex Deucher) [Orabug: 38343661]
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (Minjong Kim) [Orabug: 38440228] {CVE-2025-39808}
- HID: wacom: Add a new Art Pen 2 (Ping Cheng)
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (Qasim Ijaz) [Orabug: 38440310] {CVE-2025-39824}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (Li Nan) [Orabug: 38440277] {CVE-2025-39817}
- sctp: initialize more fields in sctp_v6_from_sk() (Eric Dumazet) [Orabug: 38440251] {CVE-2025-39812}
- net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts (Rohan G Thomas)
- net/mlx5e: Set local Xoff after FW update (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon port speed set (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon MTU set (Alexei Lazar)
- net: dlink: fix multicast stats being counted incorrectly (Moon Yeounsu)
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). (Kuniyuki Iwashima) [Orabug: 38440347] {CVE-2025-39828}
- net/atm: remove the atmdev_ops {get, set}sockopt methods (Christoph Hellwig)
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (Luiz Augusto von Dentz)
- powerpc/kvm: Fix ifdef to remove build warning (Madhavan Srinivasan)
- net: ipv4: fix regression in local-broadcast routes (Oscar Maes) [Orabug: 38343661]
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (Nikolay Kuratov)
- scsi: core: sysfs: Correct sysfs attributes access rights (Damien Le Moal)
- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (Tengda Wu) [Orabug: 38440259] {CVE-2025-39813}
- pinctrl: STMFX: add missing HAS_IOMEM dependency (Randy Dunlap)
- LTS tag: v5.4.297 (Sherry Yang)
- alloc_fdtable(): change calling conventions. (Al Viro)
- s390/hypfs: Enable limited access during lockdown (Peter Oberparleiter)
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (Peter Oberparleiter)
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (Takashi Iwai)
- net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate (William Liu)
- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (William Liu)
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (Jason Xing)
- ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add (Heminhong)
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (Dan Carpenter) [Orabug: 38343661]
- scsi: qla4xxx: Prevent a potential error pointer dereference (Dan Carpenter) [Orabug: 38401514] {CVE-2025-39676}
- usb: xhci: Fix slot_id resource race conflict (Weitao Wang)
- nfs: fix UAF in direct writes (Josef Bacik) [Orabug: 36596831] {CVE-2024-26958}
- NFS: Fix up commit deadlocks (Trond Myklebust)
- cifs: Fix UAF in cifs_demultiplex_thread() (Zhang Xiaoxu) [Orabug: 36154626] {CVE-2023-1192}
- Bluetooth: fix use-after-free in device_for_each_child() (Dmitry Antipov) [Orabug: 37433654] {CVE-2024-53237}
- act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti)
- net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti)
- net/sched: act_mirred: refactor the handle of xmit (Wenxu)
- selftests: forwarding: tc_actions.sh: add matchall mirror test (Jiri Pirko)
- net: sched: don't expose action qstats to skb_tc_reinsert() (Vlad Buslov)
- net: sched: extract qstats update code into functions (Vlad Buslov)
- net: sched: extract bstats update code into function (Vlad Buslov)
- net: sched: extract common action counters update code into function (Vlad Buslov)
- mm: perform the mapping_map_writable() check after call_mmap() (Lorenzo Stoakes)
- mm: update memfd seal write check to include F_SEAL_WRITE (Lorenzo Stoakes)
- mm: drop the assumption that VM_SHARED always implies writable (Lorenzo Stoakes)
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37908492] {CVE-2025-37798}
- sch_qfq: make qfq_qlen_notify() idempotent (Cong Wang)
- sch_hfsc: make hfsc_qlen_notify() idempotent (Cong Wang) [Orabug: 38158396] {CVE-2025-38177}
- sch_drr: make drr_qlen_notify() idempotent (Cong Wang)
- btrfs: populate otime when logging an inode item (Qu Wenruo)
- media: venus: hfi: explicitly release IRQ during teardown (Jorge Ramirez-Ortiz)
- f2fs: fix to avoid out-of-boundary access in dnode page (Chao Yu)
- media: venus: protect against spurious interrupts during probe (Jorge Ramirez-Ortiz)
- media: qcom: camss: cleanup media device allocated resource on error path (Vladimir Zapolskiy)
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. (Ricardo Ribalda)
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (Imre Deak)
- pwm: mediatek: Fix duty and period setting (Uwe Kleine-König)
- pwm: mediatek: Handle hardware enable and clock enable separately (Uwe Kleine-König)
- pwm: mediatek: Implement .apply() callback (Uwe Kleine-König)
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (Gui-Dong Han) [Orabug: 38401677] {CVE-2025-39713}
- media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() (Sakari Ailus)
- media: v4l2-ctrls: always copy the controls on completion (Hans Verkuil)
- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig (Damien Le Moal)
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header (Bjorn Andersson)
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (Meagan Lloyd)
- usb: musb: omap2430: fix device leak at unbind (Johan Hovold)
- NFS: Fix the setting of capabilities when automounting a new filesystem (Trond Myklebust) [Orabug: 38429211] {CVE-2025-39798}
- NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() (Trond Myklebust)
- NFSv4: Fix nfs4_bitmap_copy_adjust() (Trond Myklebust)
- usb: typec: fusb302: cache PD RX state (Sebastian Reichel)
- cdc-acm: fix race between initial clearing halt and open (Oliver Neukum)
- USB: cdc-acm: do not log successful probe on later errors (Johan Hovold)
- mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock (Breno Leitao)
- mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t (He Zhe)
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (Geoffrey D. Bennett)
- x86/fpu: Delay instruction pointer fixup until after warning (Dave Hansen)
- mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery (Andy Shevchenko)
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38395081] {CVE-2025-38724}
- pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov (Maulik Shah)
- tracing: Add down_write(trace_event_sem) when adding trace event (Steven Rostedt) [Orabug: 38324271] {CVE-2025-38539}
- usb: hub: Don't try to recover devices lost during warm reset. (Mathias Nyman)
- usb: hub: avoid warm port reset during USB3 disconnect (Mathias Nyman)
- x86/mce/amd: Add default names for MCA banks and blocks (Yazen Ghannam)
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (Zhang Lixu)
- f2fs: fix to do sanity check on ino and xnid (Chao Yu)
- mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n (Harry Yoo)
- mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() (Miaohe Lin)
- drm/sched: Remove optimization that causes hang when killing dependent jobs (Lin Cao)
- ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (Haoxiang Li) [Orabug: 38351930] {CVE-2025-38664}
- net: usbnet: Fix the wrong netif_carrier_on() call (Ammar Faizi)
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (John Ernberg)
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (Lukas Wunner)
- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (Li Zhong)
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (Ian Abbott)
- comedi: Fix initialization of data for instructions that write to subdevice (Ian Abbott)
- kbuild: Add KBUILD_CPPFLAGS to as-option invocation (Nathan Chancellor)
- kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS (Masahiro Yamada)
- kbuild: Add CLANG_FLAGS to as-instr (Nathan Chancellor)
- mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation (Nathan Chancellor)
- kbuild: Update assembler calls to use proper flags and language target (Nick Desaulniers)
- ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS (Nathan Chancellor)
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (Kuen-Han Tsai)
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (Zenm Chen)
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (Thorsten Blum)
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (Mael Guerin)
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (Miao Li)
- iio: proximity: isl29501: fix buffered read on big-endian systems (David Lechner)
- ftrace: Also allocate and copy hash for reading of filter files (Steven Rostedt) [Orabug: 38401581] {CVE-2025-39689}
- fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() (Xu Yilun)
- use uniform permission checks for all mount propagation changes (Al Viro)
- move_mount: allow to add a mount into an existing group (Pavel Tikhomirov)
- fs/buffer: fix use-after-free when call bh_read() helper (Ye Bin) [Orabug: 38401587] {CVE-2025-39691}
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (Timur Kristóf)
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (Timur Kristóf)
- memstick: Fix deadlock by moving removing flag earlier (Jiayi Li)
- media: venus: Add a check for packet size after reading from shared memory (Vedang Nagar)
- media: ov2659: Fix memory leaks in ov2659_probe() (Zhang Shurong)
- media: usbtv: Lock resolution while streaming (Ludwig Disterhof) [Orabug: 38401684] {CVE-2025-39714}
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (Haoxiang Li)
- media: gspca: Add bounds checking to firmware parser (Dan Carpenter)
- soc/tegra: pmc: Ensure power-domains are in a known state (Jonathan Hunter)
- jbd2: prevent softlockup in jbd2_log_do_checkpoint() (Baokun Li) [Orabug: 38423509] {CVE-2025-39782}
- PCI: endpoint: Fix configfs group removal on driver teardown (Damien Le Moal)
- PCI: endpoint: Fix configfs group list head handling (Damien Le Moal)
- mtd: rawnand: fsmc: Add missing check after DMA map (Thomas Fourier)
- pwm: imx-tpm: Reset counter if CMOD is 0 (Laurentiu Mihalcea)
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (Nathan Chancellor)
- zynq_fpga: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- ata: libata-scsi: Fix ata_to_sense_error() status handling (Damien Le Moal)
- ext4: fix reserved gdt blocks handling in fsmap (Ojaswin Mujoo)
- ext4: fix fsmap end of range reporting with bigalloc (Ojaswin Mujoo)
- ext4: check fast symlink for ea_inode correctly (Andreas Dilger)
- vt: defkeymap: Map keycodes above 127 to K_HOLE (Myrrh Periwinkle)
- vt: keyboard: Don't process Unicode characters in K_OFF mode (Myrrh Periwinkle)
- usb: dwc3: meson-g12a: fix device leaks at unbind (Johan Hovold)
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (Johan Hovold)
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (Nathan Chancellor)
- m68k: Fix lost column on framebuffer debug console (Finn Thain)
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (Dan Carpenter)
- serial: 8250: fix panic due to PSLVERR (Yunhui Cui) [Orabug: 38401729] {CVE-2025-39724}
- media: uvcvideo: Do not mark valid metadata as invalid (Ricardo Ribalda)
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Youngjun Lee) [Orabug: 38394816] {CVE-2025-38680}
- mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() (Waiman Long)
- parisc: Makefile: fix a typo in palo.conf (Randy Dunlap)
- btrfs: fix log tree replay failure due to file with 0 links and extents (Filipe Manana)
- thunderbolt: Fix copy+paste error in match_service_id() (Eric Biggers)
- comedi: fix race between polling and detaching (Ian Abbott)
- misc: rtsx: usb: Ensure mmc child device is active when card is present (Ricky Wu)
- drm/amdgpu: fix incorrect vm flags to map bo (Jack Xiao)
- scsi: lpfc: Remove redundant assignment to avoid memory leak (Jiasheng Jiang)
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (Meagan Lloyd)
- pNFS: Fix uninited ptr deref in block/scsi layout (Sergey Bashirov) [Orabug: 38394867] {CVE-2025-38691}
- pNFS: Handle RPC size limit for layoutcommits (Sergey Bashirov)
- pNFS: Fix disk addr range check in block/scsi layout (Sergey Bashirov)
- pNFS: Fix stripe mapping in block/scsi layout (Sergey Bashirov)
- net: phy: smsc: add proper reset flags for LAN8710A (Csaba Buday)
- ipmi: Fix strcpy source and destination the same (Corey Minyard)
- kconfig: lxdialog: fix 'space' to (de)select options (Yann E. MORIN)
- kconfig: gconf: fix potential memory leak in renderer_edited() (Masahiro Yamada)
- kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() (Masahiro Yamada)
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (Breno Leitao)
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (John Garry)
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (Ranjan Kumar)
- kconfig: nconf: Ensure null termination where strncpy is used (Shankari Anand)
- kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c (Suchit Karunakaran)
- i3c: don't fail if GETHDRCAP is unsupported (Wolfram Sang)
- PCI: pnv_php: Work around switches with broken presence detection (Timothy Pearson)
- i3c: add missing include to internal header (Wolfram Sang)
- media: uvcvideo: Fix bandwidth issue for Alcor camera (Chenchangcheng)
- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (Alex Guo) [Orabug: 38394880] {CVE-2025-38693}
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (Alex Guo) [Orabug: 38394887] {CVE-2025-38694}
- media: usb: hdpvr: disable zero-length read messages (Wolfram Sang)
- media: tc358743: Increase FIFO trigger level to 374 (Dave Stevenson)
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (Dave Stevenson)
- media: tc358743: Check I2C succeeded during probe (Dave Stevenson)
- pinctrl: stm32: Manage irq affinity settings (Cheick Traore)
- scsi: mpt3sas: Correctly handle ATA device errors (Damien Le Moal)
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (Justin Tee) [Orabug: 38394894] {CVE-2025-38695}
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (Yury Norov) [Orabug: 38423286] {CVE-2025-39742}
- MIPS: Don't crash in stack_top() for tasks without ABI or vDSO (Thomas Weißschuh)
- jfs: upper bound check of tree index in dbAllocAG (Arnaud Lecomte)
- jfs: Regular file corruption check (Edward Adam Davis)
- jfs: truncate good inode pages when hard link is 0 (Lizhi Xu)
- scsi: bfa: Double-free fix (Jackysliu) [Orabug: 38394925] {CVE-2025-38699}
- MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} (Shiji Yang)
- watchdog: dw_wdt: Fix default timeout (Sebastian Reichel)
- fs/orangefs: use snprintf() instead of sprintf() (Amir Mohammad Jahangirzad)
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Showrya M N) [Orabug: 38394931] {CVE-2025-38700}
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (Theodore Ts'O) [Orabug: 38394937] {CVE-2025-38701}
- cifs: Fix calling CIFSFindFirst() for root path without msearch (Pali Rohár)
- vhost: fail early when __vhost_add_used() fails (Jason Wang)
- net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 (Álvaro Fernández Rojas)
- uapi: in6: restore visibility of most IPv6 socket options (Jakub Kicinski)
- net: ncsi: Fix buffer overflow in fetching version id (Hari Kalavakunta)
- net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 (Álvaro Fernández Rojas)
- net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 (Álvaro Fernández Rojas)
- net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs (Gal Pressman)
- wifi: iwlegacy: Check rate_idx range after addition (Stanislaw Gruszka)
- netmem: fix skb_frag_address_safe with unreadable skbs (Mina Almasry)
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_rx_interrupt(). (Thomas Fourier)
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (Anjaneyulu)
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (Rand Deeb)
- net: fec: allow disable coalescing (Jonas Rebmann)
- (powerpc/512) Fix possible dma_unmap_single() on uninitialized pointer (Thomas Fourier)
- s390/stp: Remove udelay from stp_sync_clock() (Sven Schnelle)
- wifi: iwlwifi: mvm: fix scan request validation (Avraham Stern)
- net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() (Alok Tiwari)
- net: ipv4: fix incorrect MTU in broadcast routes (Oscar Maes)
- wifi: cfg80211: Fix interface type validation (Ilan Peer)
- rcu: Protect ->defer_qs_iw_pending from data race (Paul E. McKenney) [Orabug: 38423341] {CVE-2025-39749}
- net: ag71xx: Add missing check after DMA map (Thomas Fourier)
- et131x: Add missing check after DMA map (Thomas Fourier)
- be2net: Use correct byte order and format string for TCP seq and ack_seq (Alok Tiwari)
- s390/time: Use monotonic clock in get_cycles() (Sven Schnelle)
- wifi: cfg80211: reject HTC bit for management frames (Johannes Berg)
- ktest.pl: Prevent recursion of default variable options (Steven Rostedt)
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (Xinxin Wan)
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (Cristian Ciocaltea)
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (Lucy Thrun) [Orabug: 38423359] {CVE-2025-39751}
- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (Kees Cook)
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (Gautham R. Shenoy)
- usb: core: usb_submit_urb: downgrade type check (Oliver Neukum)
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (Alok Tiwari)
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (Mark Brown)
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (Ulf Hansson)
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (Breno Leitao)
- ACPI: processor: fix acpi_object initialization (Sebastian Ott)
- PM: sleep: console: Fix the black screen issue (Tuhaowen)
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (Hsin-Te Yuan)
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (Rafael J. Wysocki)
- selftests: tracing: Use mutex_unlock for testing glob filter (Masami Hiramatsu)
- ARM: tegra: Use I/O memcpy to write to IRAM (Aaron Kling)
- gpio: tps65912: check the return value of regmap_update_bits() (Bartosz Golaszewski)
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (Kuninori Morimoto)
- ARM: rockchip: fix kernel hang during smp initialization (Alexander Kochetkov)
- cpufreq: Exit governor when failed to start old governor (Lifeng Zheng)
- usb: xhci: Avoid showing errors during surprise removal (Mario Limonciello)
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (Jay Chen)
- usb: xhci: Avoid showing warnings for dying controller (Mario Limonciello)
- selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t (Cynthia Huang)
- usb: xhci: print xhci->xhc_state when queue_command failed (Su Hui)
- securityfs: don't pin dentries twice, once is enough... (Al Viro)
- hfs: fix not erasing deleted b-tree node issue (Viacheslav Dubeyko)
- drbd: add missing kref_get in handle_write_conflicts (Sarah Newman) [Orabug: 38394995] {CVE-2025-38708}
- udf: Verify partition map count (Jan Kara)
- arm64: Handle KCOV __init vs inline mismatches (Kees Cook)
- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() (Tetsuo Handa)
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (Viacheslav Dubeyko)
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (Viacheslav Dubeyko)
- hfs: fix slab-out-of-bounds in hfs_bnode_read() (Viacheslav Dubeyko)
- sctp: linearize cloned gso packets in sctp_rcv (Xin Long) [Orabug: 38395059] {CVE-2025-38718}
- netfilter: ctnetlink: fix refcount leak on table dump (Florian Westphal) [Orabug: 38395068] {CVE-2025-38721}
- udp: also consider secpath when evaluating ipsec use for checksumming (Sabrina Dubroca)
- ACPI: processor: perflib: Move problematic pr->performance check (Rafael J. Wysocki) [Orabug: 38429229] {CVE-2025-39799}
- ACPI: processor: perflib: Fix initial _PPC limit application (Jiayi Li)
- Documentation: ACPI: Fix parent device references (Andy Shevchenko)
- fs: Prevent file descriptor table allocations exceeding INT_MAX (Sasha Levin) [Orabug: 38423397] {CVE-2025-39756}
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (Ma Ke)
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (Dai Ngo)
- net: dpaa: fix device leak when querying time stamp info (Johan Hovold)
- net: gianfar: fix device leak when querying time stamp info (Johan Hovold)
- netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38401319] {CVE-2025-38727}
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Takashi Iwai) [Orabug: 38423407] {CVE-2025-39757}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Takashi Iwai) [Orabug: 38395101] {CVE-2025-38729}
- io_uring: don't use int for ABI (Pavel Begunkov)
- usb: gadget : fix use-after-free in composite_dev_cleanup() (Taoxue) [Orabug: 38334898] {CVE-2025-38555}
- MIPS: mm: tlb-r4k: Uniquify TLB entries on init (Jiaxun Yang)
- USB: serial: option: add Foxconn T99W709 (Slark Xiao)
- vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38351771] {CVE-2025-38618}
- net/packet: fix a race in packet_set_ring() and packet_notifier() (Quang Le) [Orabug: 38351764] {CVE-2025-38617}
- perf/core: Prevent VMA split of buffer mappings (Thomas Gleixner) [Orabug: 38334948] {CVE-2025-38563}
- perf/core: Exit early on perf_mmap() fail (Thomas Gleixner) [Orabug: 38334959] {CVE-2025-38565}
- perf/core: Don't leak AUX buffer refcount on allocation failure (Thomas Gleixner)
- pptp: fix pptp_xmit() error path (Eric Dumazet)
- smb: client: let recv_done() cleanup before notifying the callers. (Stefan Metzmacher)
- benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334976] {CVE-2025-38569}
- net: drop UFO packets in udp_rcv_segment() (Wang Liang) [Orabug: 38351786] {CVE-2025-38622}
- ipv6: reject malicious packets in ipv6_gso_segment() (Eric Dumazet) [Orabug: 38334988] {CVE-2025-38572}
- pptp: ensure minimal skb length in pptp_xmit() (Eric Dumazet) [Orabug: 38335004] {CVE-2025-38574}
- netpoll: prevent hanging NAPI when netcons gets enabled (Jakub Kicinski)
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (Trond Myklebust) [Orabug: 38401745] {CVE-2025-39730}
- pci/hotplug/pnv-php: Wrap warnings in macro (Frederic Barrat)
- pci/hotplug/pnv-php: Improve error msg on power state change failure (Frederic Barrat)
- usb: chipidea: udc: fix sleeping function called from invalid context (Peter Chen)
- f2fs: fix to avoid out-of-boundary access in devs.path (Chao Yu)
- f2fs: fix to avoid panic in f2fs_evict_inode (Chao Yu)
- f2fs: fix to avoid UAF in f2fs_sync_inode_meta() (Chao Yu)
- rtc: pcf8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: hym8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: ds1307: fix incorrect maximum clock rate handling (Brian Masney)
- module: Restore the moduleparam prefix length check (Petr Pavlu)
- bpf: Check flow_dissector ctx accesses are aligned (Paul Chaignon)
- mtd: rawnand: atmel: set pmecc data setup time (Balamanikandan Gunasundar)
- mtd: rawnand: atmel: Fix dma_mapping_error() address (Thomas Fourier)
- jfs: fix metapage reference count leak in dbAllocCtl (Zheng Yu)
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (Chenyuan Yang)
- crypto: qat - fix seq_file position update in adf_ring_next() (Giovanni Cabiddu)
- dmaengine: nbpfaxi: Add missing check after DMA map (Thomas Fourier)
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (Thomas Fourier)
- fs/orangefs: Allow 2 more characters in do_c_string() (Dan Carpenter)
- soundwire: stream: restore params when prepare ports fail (Bard Liao)
- crypto: img-hash - Fix dma_unmap_sg() nents value (Thomas Fourier)
- hwrng: mtk - handle devm_pm_runtime_enable errors (Ovidiu Panait)
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (Dan Carpenter)
- scsi: isci: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: mvsas: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (Thomas Fourier)
- clk: sunxi-ng: v3s: Fix de clock definition (Paul Kocialkowski)
- perf tests bp_account: Fix leaked file descriptor (Leo Yan)
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (Mengbiao Xiong)
- pinctrl: sunxi: Fix memory leak on krealloc failure (Yuan Chen)
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (Charles Han)
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (Henry Martin)
- mtd: fix possible integer overflow in erase_xfer() (Ivan Stepchenko)
- crypto: marvell/cesa - Fix engine load inaccuracy (Herbert Xu)
- PCI: rockchip-host: Fix "Unexpected Completion" log message (Hans Zhang)
- vrf: Drop existing dst reference in vrf_ip6_input_dst (Stanislav Fomichev)
- selftests: rtnetlink.sh: remove esp4_offload after test (Xiumei Mu)
- netfilter: xt_nfacct: don't assume acct name is null-terminated (Florian Westphal) [Orabug: 38351854] {CVE-2025-38639}
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (Jimmy Assarsson)
- can: kvaser_pciefd: Store device channel index (Jimmy Assarsson)
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (Gokul Sivakumar)
- Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (Remi Pommarel)
- mwl8k: Add missing check after DMA map (Thomas Fourier)
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (Martin Kaistra)
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (William Liu) [Orabug: 38331466] {CVE-2025-38553}
- arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX (Johan Korsnes)
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (Fedor Pchelkin)
- m68k: Don't unregister boot console needlessly (Finn Thain)
- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range (Xin Guo)
- iwlwifi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang) [Orabug: 38335110] {CVE-2025-38602}
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (Xiu Jianfeng)
- wifi: rtl818x: Kill URBs before clearing tx status queue (Daniil Dulov) [Orabug: 38335120] {CVE-2025-38604}
- caif: reduce stack size, again (Arnd Bergmann)
- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (Yuan Chen)
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (Jiayuan Chen) [Orabug: 38335131] {CVE-2025-38608}
- staging: nvec: Fix incorrect null termination of battery manufacturer (Alok Tiwari)
- samples: mei: Fix building on musl libc (Brahmajit Das)
- cpufreq: Init policy->rwsem before it may be possibly used (Lifeng Zheng)
- ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface (Annette Kobou)
- usb: early: xhci-dbc: Fix early_ioremap leak (Lucas De Marchi)
- Revert "vmci: Prevent the dispatching of uninitialized payloads" (Greg Kroah-Hartman)
- pps: fix poll support (Denis Osterland-Heim)
- vmci: Prevent the dispatching of uninitialized payloads (Lizhi Xu)
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (Abdun Nihaal) [Orabug: 38335153] {CVE-2025-38612}
- ARM: dts: vfxxx: Correctly use two tuples for timer address (Krzysztof Kozlowski)
- hfsplus: remove mutex_lock check in hfsplus_free_extents (Yangtao Li)
- ASoC: Intel: fix SND_SOC_SOF dependencies (Arnd Bergmann)
- ethernet: intel: fix building with large NR_CPUS (Arnd Bergmann)
- usb: phy: mxs: disconnect line when USB charger is attached (Xu Yang)
- usb: chipidea: add USB PHY event (Xu Yang)
- usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use (Peter Chen)
- usb: chipidea: udc: protect usb interrupt enable (Li Jun)
- usb: chipidea: udc: add new API ci_hdrc_gadget_connect (Peter Chen)
- ALSA: hda: Add missing NVIDIA HDA codec IDs (Daniel Dadap)
- comedi: comedi_test: Fix possible deletion of uninitialized timers (Ian Abbott)
- nilfs2: reject invalid file types when reading inodes (Ryusuke Konishi)
- i2c: qup: jump out of the loop in case of timeout (Yang Xiwen) [Orabug: 38351994] {CVE-2025-38671}
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (Xiang Mei)
- net: appletalk: Fix use-after-free in AARP proxy probe (Kito Xu)
- net: appletalk: fix kerneldoc warnings (Andrew Lunn)
- RDMA/core: Rate limit GID cache warning messages (Maor Gottlieb)
- regulator: core: fix NULL dereference on unbind due to stale coupling data (Alessandro Carminati) [Orabug: 38351978] {CVE-2025-38668}
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (Mathias Nyman)
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (Mathias Nyman)
- net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158477] {CVE-2025-38193}
- power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition (Zheng Wang)
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (Minghao Chi)
- power: supply: bq24190_charger: Fix runtime PM imbalance on error (Dinghao Liu)
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (Hongyu Xie)
- virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug: 38253834] {CVE-2025-38375}
- ASoC: fsl_sai: Force a software reset when starting in consumer mode (Arun Raghavan)
- usb: dwc3: qcom: Don't leave BCR asserted (Krishna Kurapati)
- usb: musb: fix gadget state on disconnect (Drew Hamilton)
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (William Liu) [Orabug: 38254214] {CVE-2025-38468}
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (Dong Chenchen) [Orabug: 38254225] {CVE-2025-38470}
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (Luiz Augusto von Dentz)
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (Luiz Augusto von Dentz)
- Bluetooth: SMP: If an unallowed command is received consider it a failure (Luiz Augusto von Dentz)
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (Kuniyuki Iwashima) [Orabug: 38254241] {CVE-2025-38473}
- usb: net: sierra: check for no status endpoint (Oliver Neukum) [Orabug: 38254249] {CVE-2025-38474}
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (Xiang Mei) [Orabug: 38254266] {CVE-2025-38477}
- net: emaclite: Fix missing pointer increment in aligned_read() (Alok Tiwari)
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (Ian Abbott)
- comedi: Fix some signed shift left operations (Ian Abbott)
- comedi: das6402: Fix bit shift out of bounds (Ian Abbott)
- comedi: das16m1: Fix bit shift out of bounds (Ian Abbott)
- comedi: aio_iiro_16: Fix bit shift out of bounds (Ian Abbott)
- comedi: pcl812: Fix bit shift out of bounds (Ian Abbott)
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (Chen Ni)
- iio: adc: max1363: Reorder mode_list[] entries (Fabio Estevam)
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (Fabio Estevam)
- soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled (Andrew Jeffery)
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (Andrew Jeffery)
- mmc: sdhci_am654: Workaround for Errata i2312 (Judith Mendez)
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (Edson Juliano Drosdeck)
- mmc: bcm2835: Fix dma_unmap_sg() nents value (Thomas Fourier)
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (Nathan Chancellor)
- isofs: Verify inode mode when loading from disk (Jan Kara)
- dmaengine: nbpfaxi: Fix memory corruption in probe() (Dan Carpenter)
- af_packet: fix soft lockup issue caused by tpacket_snd() (Yun Lu)
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (Yun Lu)
- phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() (Nathan Chancellor)
- HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254340] {CVE-2025-38494}
- HID: core: ensure __hid_request reserves the report ID as the first byte (Benjamin Tissoires)
- HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254348] {CVE-2025-38495}
- pch_uart: Fix dma_sync_sg_for_device() nents value (Thomas Fourier)
- Input: xpad - set correct controller type for Acer NGR200 (Nilton Perim Neto)
- i2c: stm32: fix the device used for the DMA map (Clément Le Goffic)
- usb: gadget: configfs: Fix OOB read on empty string write (Xinyu Liu) [Orabug: 38254358] {CVE-2025-38497}
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (Ryan Mann)
- USB: serial: option: add Foxconn T99W640 (Slark Xiao)
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (Fabio Porcedda)
- LTS tag: v5.4.296 (Sherry Yang)
- x86/mm: Disable hugetlb page table sharing on 32-bit (Jann Horn)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (Hans de Goede)
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324280] {CVE-2025-38540}
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (Zhang Heng)
- vt: add missing notification when switching back to text mode (Nicolas Pitre)
- net: usb: qmi_wwan: add SIMCom 8230C composition (Xiaowei Li)
- atm: idt77252: Add missing dma_map_error() (Thomas Fourier)
- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254090] {CVE-2025-38439}
- bnxt_en: Fix DCB ETS validation (Shravya Kn)
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (Sean Nyekjaer)
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (Oleksij Rempel)
- net: appletalk: Fix device refcount leak in atrtr_create() (Kito Xu)
- md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254109] {CVE-2025-38445}
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug: 38324161] {CVE-2025-38513}
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (Christian König)
- Input: xpad - support Acer NGR 200 Controller (Nilton Perim Neto)
- Input: xpad - add VID for Turtle Beach controllers (Vicki Pfau)
- Input: xpad - add support for Amazon Game Controller (Matt Reynolds)
- NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust)
- flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes (Tigran Mkrtchyan)
- RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad)
- netlink: Fix rmem check in netlink_broadcast_deliver(). (Kuniyuki Iwashima)
- netlink: make sure we allow at least one dump skb (Jakub Kicinski)
- Revert "ACPI: battery: negate current when discharging" (Rafael J. Wysocki)
- usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254118] {CVE-2025-38448}
- drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324180] {CVE-2025-38515}
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324186] {CVE-2025-38516}
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (Jp Kobryn)
- x86/mce: Don't remove sysfs if thresholding sysfs init fails (Yazen Ghannam)
- x86/mce/amd: Fix threshold limit reset (Yazen Ghannam)
- rxrpc: Fix oops due to non-existence of prealloc backlog struct (David Howells)
- net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254147] {CVE-2025-38457}
- atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254153] {CVE-2025-38458}
- atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254161] {CVE-2025-38459}
- atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324309] {CVE-2025-38546}
- atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254167] {CVE-2025-38460}
- tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254181] {CVE-2025-38464}
- netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254188] {CVE-2025-38465}
- fix proc_sys_compare() handling of in-lookup dentries (Al Viro)
- proc: Clear the pieces of proc_inode that proc_evict_inode cares about (Eric W. Biederman)
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug: 38254203] {CVE-2025-38467}
- staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (Nathan Chancellor)
- media: uvcvideo: Rollback non processed entities on error (Ricardo Ribalda)
- media: uvcvideo: Send control events for partial succeeds (Ricardo Ribalda)
- media: uvcvideo: Return the number of processed controls (Ricardo Ribalda)
- ACPI: PAD: fix crash in exit_round_robin() (Seiji Nishikawa) [Orabug: 37206006] {CVE-2024-49935}
- usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38401436] {CVE-2025-38404}
- Logitech C-270 even more broken (Oliver Neukum)
- rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju)
- net: rose: Fix fall-through warnings for Clang (Gustavo A R Silva)
- drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253887] {CVE-2025-38389}
- drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter)
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark)
- spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (Vladimir Oltean)
- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (Vladimir Oltean)
- dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai)
- ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier)
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (Filipe Manana)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (Filipe Manana)
- RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad)
- RDMA/core: Create and destroy counters in the ib_core (Leon Romanovsky)
- scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche)
- drm/v3d: Disable interrupts before resetting the GPU (Maíra Canal)
- mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky)
- mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu)
- mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() (Yue Hu)
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253907] {CVE-2025-38395}
- regulator: gpio: Add input_supply support in gpio_regulator_config (Jerome Neanne)
- ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253875] {CVE-2025-38386}
- wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253946] {CVE-2025-38406}
- wifi: mac80211: drop invalid source address OCB frames (Johannes Berg)
- powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan)
- ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg)
- ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai)
- nui: Fix dma_mapping_error() check (Thomas Fourier)
- enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari)
- amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju)
- lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter)
- drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski)
- btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana)
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier)
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253923] {CVE-2025-38400}
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253881] {CVE-2025-38387}
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson)
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu)
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253894] {CVE-2025-38391}
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih)
- vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253937] {CVE-2025-38403}
- btrfs: don't abort filesystem when attempting to snapshot deleted subvolume (Omar Sandoval) [Orabug: 36530119] {CVE-2024-26644}
- arm64: Restrict pagetable teardown to avoid false warning (Dev Jain)
- s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS (Nathan Chancellor)
- drm/bridge: cdns-dsi: Check return value when getting default PHY config (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix connecting to next bridge (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (Aradhya Bhatia)
- drm/tegra: Assign plane type before registration (Thierry Reding)
- HID: wacom: fix kobject reference count leak (Qasim Ijaz)
- HID: wacom: fix memory leak on sysfs attribute creation failure (Qasim Ijaz)
- HID: wacom: fix memory leak on kobject creation failure (Qasim Ijaz)
- dm-raid: fix variable in journal device check (Heinz Mauelshagen)
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (Frédéric Danis)
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug: 38175045] {CVE-2025-38245}
- net: enetc: Correct endianness handling in _enetc_rd_reg64 (Simon Horman)
- um: ubd: Add missing error check in start_io_thread() (Tiwei Bie)
- vsock/uapi: fix linux/vm_sockets.h userspace compilation errors (Stefano Garzarella)
- wifi: mac80211: fix beacon interval calculation overflow (Lachlan Hodges)
- attach_recursive_mnt(): do not lock the covering tree when sliding something under it (Al Viro)
- ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug: 38175065] {CVE-2025-38249}
- i2c: robotfuzz-osif: disable zero-length read messages (Wolfram Sang)
- i2c: tiny-usb: disable zero-length read messages (Wolfram Sang)
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug: 38158592] {CVE-2025-38211}
- RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private (Weihang Li)
- media: vivid: Change the siize of the composing (Denis Arefev)
- media: omap3isp: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158692] {CVE-2025-38229}
- media: cxusb: use dev_dbg() rather than hand-rolled debug (Sean Young)
- jfs: validate AG parameters in dbMount() to prevent crashes (Vasiliy Kovalev)
- fs/jfs: consolidate sanity checking in dbMount (Dave Kleikamp)
- ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (Martin Blumenstingl)
- of: Add of_property_present() helper (Rob Herring)
- of: property: define of_property_read_u{8,16,32,64}_array() unconditionally (Michael Walle)
- kbuild: hdrcheck: fix cross build with clang (Arnd Bergmann)
- kbuild: add --target to correctly cross-compile UAPI headers with Clang (Masahiro Yamada)
- bpfilter: match bit size of bpfilter_umh to that of the kernel (Masahiro Yamada)
- kbuild: use -MMD instead of -MD to exclude system headers from dependency (Masahiro Yamada)
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152869] {CVE-2025-38102}
- VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF (George Kennedy)
- ovl: Check for NULL d_inode() in ovl_dentry_upper() (Kees Cook)
- ceph: fix possible integer overflow in ceph_zero_objects() (Dmitry Kandybka)
- ALSA: hda: Ignore unsol events for cards being shut down (Cezary Rojewski)
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (Jos Wang)
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (Robert Hodaszi)
- usb: Add checks for snprintf() calls in usb_alloc_dev() (Andy Shevchenko)
- tty: serial: uartlite: register uart driver in init (Jakub Lewalski)
- usb: potential integer overflow in usbg_make_tpg() (Chen Yufeng)
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (Jonathan Cameron)
- md/md-bitmap: fix dm-raid max_write_behind setting (Yu Kuai)
- dmaengine: xilinx_dma: Set dma_device directions (Thomas Gessler)
- mfd: max14577: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- mailbox: Not protect module_put with spin_lock_irqsave (Peng Fan)
- cifs: Fix cifs_query_path_info() for Windows NT servers (Pali Rohár)
ELSA-2025-17802 Important: Oracle Linux 8 webkit2gtk3 security update
Oracle Linux Security Advisory ELSA-2025-17802
http://linux.oracle.com/errata/ELSA-2025-17802.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
webkit2gtk3-2.50.0-1.el8_10.i686.rpm
webkit2gtk3-2.50.0-1.el8_10.x86_64.rpm
webkit2gtk3-devel-2.50.0-1.el8_10.i686.rpm
webkit2gtk3-devel-2.50.0-1.el8_10.x86_64.rpm
webkit2gtk3-jsc-2.50.0-1.el8_10.i686.rpm
webkit2gtk3-jsc-2.50.0-1.el8_10.x86_64.rpm
webkit2gtk3-jsc-devel-2.50.0-1.el8_10.i686.rpm
webkit2gtk3-jsc-devel-2.50.0-1.el8_10.x86_64.rpm
aarch64:
webkit2gtk3-2.50.0-1.el8_10.aarch64.rpm
webkit2gtk3-devel-2.50.0-1.el8_10.aarch64.rpm
webkit2gtk3-jsc-2.50.0-1.el8_10.aarch64.rpm
webkit2gtk3-jsc-devel-2.50.0-1.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/webkit2gtk3-2.50.0-1.el8_10.src.rpm
Related CVEs:
CVE-2025-43272
CVE-2025-43342
CVE-2025-43356
CVE-2025-43368
Description of changes:
[2.50.0-1]
- Update to 2.50.0
ELSA-2025-17715 Moderate: Oracle Linux 8 vim security update
Oracle Linux Security Advisory ELSA-2025-17715
http://linux.oracle.com/errata/ELSA-2025-17715.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
vim-X11-8.0.1763-21.0.1.el8_10.x86_64.rpm
vim-common-8.0.1763-21.0.1.el8_10.x86_64.rpm
vim-enhanced-8.0.1763-21.0.1.el8_10.x86_64.rpm
vim-filesystem-8.0.1763-21.0.1.el8_10.noarch.rpm
vim-minimal-8.0.1763-21.0.1.el8_10.x86_64.rpm
aarch64:
vim-X11-8.0.1763-21.0.1.el8_10.aarch64.rpm
vim-common-8.0.1763-21.0.1.el8_10.aarch64.rpm
vim-enhanced-8.0.1763-21.0.1.el8_10.aarch64.rpm
vim-filesystem-8.0.1763-21.0.1.el8_10.noarch.rpm
vim-minimal-8.0.1763-21.0.1.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/vim-8.0.1763-21.0.1.el8_10.src.rpm
Related CVEs:
CVE-2025-53905
CVE-2025-53906
Description of changes:
[8.0.1763-21.0.1]
- Remove upstream references [Orabug: 31197557]
- Added glibc-gconv-extra to common requires to provide ISO-8859-2 [Orabug: 34114984]
[2:8.0.1763-21]
- RHEL-112003 CVE-2025-53905 vim: Vim path traversial
- RHEL-112007 CVE-2025-53906 vim: Vim path traversal
[2:8.0.1763-20]
- fix issue reported by covscan
[2:8.0.1763-20]
- CVE-2022-1785 vim: Out-of-bounds Write
- CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c
- CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c
[2:8.0.1763-20]
- CVE-2022-1621 vim: heap buffer overflow
- CVE-2022-1629 vim: buffer over-read
[2:8.0.1763-20]
- CVE-2022-1154 vim: use after free in utf_ptr2char
ELSA-2025-17415 Moderate: Oracle Linux 8 gnutls security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2025-17415
http://linux.oracle.com/errata/ELSA-2025-17415.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
gnutls-3.6.16-8.el8_10.4.i686.rpm
gnutls-3.6.16-8.el8_10.4.x86_64.rpm
gnutls-c++-3.6.16-8.el8_10.4.i686.rpm
gnutls-c++-3.6.16-8.el8_10.4.x86_64.rpm
gnutls-dane-3.6.16-8.el8_10.4.i686.rpm
gnutls-dane-3.6.16-8.el8_10.4.x86_64.rpm
gnutls-devel-3.6.16-8.el8_10.4.i686.rpm
gnutls-devel-3.6.16-8.el8_10.4.x86_64.rpm
gnutls-utils-3.6.16-8.el8_10.4.x86_64.rpm
aarch64:
gnutls-3.6.16-8.el8_10.4.aarch64.rpm
gnutls-c++-3.6.16-8.el8_10.4.aarch64.rpm
gnutls-dane-3.6.16-8.el8_10.4.aarch64.rpm
gnutls-devel-3.6.16-8.el8_10.4.aarch64.rpm
gnutls-utils-3.6.16-8.el8_10.4.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/gnutls-3.6.16-8.el8_10.4.src.rpm
Related CVEs:
CVE-2025-6395
CVE-2025-32988
CVE-2025-32990
Description of changes:
[3.6.16-8.4]
- Backport the fixes for CVE-2025-6395, CVE-2025-32988 and CVE-2025-32990
[3.6.16-8.3]
- Backport the fix for CVE-2024-12243
ELEA-2025-17427 Oracle Linux 8 nodejs:20 bug fix and enhancement update
Oracle Linux Enhancement Advisory ELEA-2025-17427
http://linux.oracle.com/errata/ELEA-2025-17427.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
nodejs-20.19.5-1.module+el8.10.0+90685+bdc244f6.x86_64.rpm
nodejs-devel-20.19.5-1.module+el8.10.0+90685+bdc244f6.x86_64.rpm
nodejs-docs-20.19.5-1.module+el8.10.0+90685+bdc244f6.noarch.rpm
nodejs-full-i18n-20.19.5-1.module+el8.10.0+90685+bdc244f6.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el8.10.0+90685+bdc244f6.noarch.rpm
nodejs-packaging-2021.06-4.module+el8.10.0+90685+bdc244f6.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90685+bdc244f6.noarch.rpm
npm-10.8.2-1.20.19.5.1.module+el8.10.0+90685+bdc244f6.x86_64.rpm
aarch64:
nodejs-20.19.5-1.module+el8.10.0+90685+bdc244f6.aarch64.rpm
nodejs-devel-20.19.5-1.module+el8.10.0+90685+bdc244f6.aarch64.rpm
nodejs-docs-20.19.5-1.module+el8.10.0+90685+bdc244f6.noarch.rpm
nodejs-full-i18n-20.19.5-1.module+el8.10.0+90685+bdc244f6.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el8.10.0+90685+bdc244f6.noarch.rpm
nodejs-packaging-2021.06-4.module+el8.10.0+90685+bdc244f6.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90685+bdc244f6.noarch.rpm
npm-10.8.2-1.20.19.5.1.module+el8.10.0+90685+bdc244f6.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-20.19.5-1.module+el8.10.0+90685+bdc244f6.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el8.10.0+90685+bdc244f6.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-packaging-2021.06-4.module+el8.10.0+90685+bdc244f6.src.rpm
Description of changes:
nodejs
[1:20.19.5-1]
- Update to version 20.19.5
Resolves: RHEL-100423
ELBA-2025-17425 Oracle Linux 8 pki-deps:10.6 bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2025-17425
http://linux.oracle.com/errata/ELBA-2025-17425.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
apache-commons-collections-3.2.2-10.module+el8.10.0+90642+1ede0e5a.noarch.rpm
apache-commons-lang-2.6-21.module+el8.10.0+90682+879b1f6e.noarch.rpm
apache-commons-net-3.6-3.module+el8.10.0+90642+1ede0e5a.noarch.rpm
bea-stax-api-1.2.0-16.module+el8.10.0+90682+879b1f6e.noarch.rpm
fasterxml-oss-parent-69-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
glassfish-fastinfoset-1.2.13-9.module+el8.10.0+90682+879b1f6e.noarch.rpm
glassfish-jaxb-api-2.2.12-8.module+el8.10.0+90682+879b1f6e.noarch.rpm
glassfish-jaxb-core-2.2.11-12.module+el8.10.0+90642+1ede0e5a.noarch.rpm
glassfish-jaxb-runtime-2.2.11-12.module+el8.10.0+90642+1ede0e5a.noarch.rpm
glassfish-jaxb-txw2-2.2.11-12.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-annotations-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-bom-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-core-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-databind-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-jaxrs-json-provider-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-jaxrs-providers-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-module-jaxb-annotations-2.19.1-2.module+el8.10.0+90682+879b1f6e.noarch.rpm
jackson-modules-base-2.19.1-2.module+el8.10.0+90682+879b1f6e.noarch.rpm
jackson-parent-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jakarta-commons-httpclient-3.1-28.module+el8.10.0+90682+879b1f6e.noarch.rpm
javassist-3.18.1-8.module+el8.10.0+90682+879b1f6e.noarch.rpm
javassist-javadoc-3.18.1-8.module+el8.10.0+90682+879b1f6e.noarch.rpm
pki-servlet-engine-9.0.62-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
relaxngDatatype-2011.1-7.module+el8.10.0+90682+879b1f6e.noarch.rpm
slf4j-1.7.25-4.module+el8.10.0+90682+879b1f6e.noarch.rpm
slf4j-jdk14-1.7.25-4.module+el8.10.0+90682+879b1f6e.noarch.rpm
stax-ex-1.7.7-8.module+el8.10.0+90682+879b1f6e.noarch.rpm
velocity-1.7-24.module+el8.10.0+90642+1ede0e5a.noarch.rpm
xalan-j2-2.7.1-38.module+el8.10.0+90682+879b1f6e.noarch.rpm
xerces-j2-2.11.0-34.module+el8.10.0+90642+1ede0e5a.noarch.rpm
xml-commons-apis-1.4.01-25.module+el8.10.0+90682+879b1f6e.noarch.rpm
xml-commons-resolver-1.2-26.module+el8.10.0+90642+1ede0e5a.noarch.rpm
xmlstreambuffer-1.5.4-8.module+el8.10.0+90682+879b1f6e.noarch.rpm
xsom-0-19.20110809svn.module+el8.10.0+90642+1ede0e5a.noarch.rpm
aarch64:
apache-commons-collections-3.2.2-10.module+el8.10.0+90642+1ede0e5a.noarch.rpm
apache-commons-lang-2.6-21.module+el8.10.0+90682+879b1f6e.noarch.rpm
apache-commons-net-3.6-3.module+el8.10.0+90642+1ede0e5a.noarch.rpm
bea-stax-api-1.2.0-16.module+el8.10.0+90682+879b1f6e.noarch.rpm
fasterxml-oss-parent-69-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
glassfish-fastinfoset-1.2.13-9.module+el8.10.0+90682+879b1f6e.noarch.rpm
glassfish-jaxb-api-2.2.12-8.module+el8.10.0+90682+879b1f6e.noarch.rpm
glassfish-jaxb-core-2.2.11-12.module+el8.10.0+90642+1ede0e5a.noarch.rpm
glassfish-jaxb-runtime-2.2.11-12.module+el8.10.0+90642+1ede0e5a.noarch.rpm
glassfish-jaxb-txw2-2.2.11-12.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-annotations-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-bom-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-core-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-databind-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-jaxrs-json-provider-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-jaxrs-providers-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jackson-module-jaxb-annotations-2.19.1-2.module+el8.10.0+90682+879b1f6e.noarch.rpm
jackson-modules-base-2.19.1-2.module+el8.10.0+90682+879b1f6e.noarch.rpm
jackson-parent-2.19.1-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
jakarta-commons-httpclient-3.1-28.module+el8.10.0+90682+879b1f6e.noarch.rpm
javassist-3.18.1-8.module+el8.10.0+90682+879b1f6e.noarch.rpm
javassist-javadoc-3.18.1-8.module+el8.10.0+90682+879b1f6e.noarch.rpm
pki-servlet-engine-9.0.62-1.module+el8.10.0+90642+1ede0e5a.noarch.rpm
relaxngDatatype-2011.1-7.module+el8.10.0+90682+879b1f6e.noarch.rpm
slf4j-1.7.25-4.module+el8.10.0+90682+879b1f6e.noarch.rpm
slf4j-jdk14-1.7.25-4.module+el8.10.0+90682+879b1f6e.noarch.rpm
stax-ex-1.7.7-8.module+el8.10.0+90682+879b1f6e.noarch.rpm
velocity-1.7-24.module+el8.10.0+90642+1ede0e5a.noarch.rpm
xalan-j2-2.7.1-38.module+el8.10.0+90682+879b1f6e.noarch.rpm
xerces-j2-2.11.0-34.module+el8.10.0+90642+1ede0e5a.noarch.rpm
xml-commons-apis-1.4.01-25.module+el8.10.0+90682+879b1f6e.noarch.rpm
xml-commons-resolver-1.2-26.module+el8.10.0+90642+1ede0e5a.noarch.rpm
xmlstreambuffer-1.5.4-8.module+el8.10.0+90682+879b1f6e.noarch.rpm
xsom-0-19.20110809svn.module+el8.10.0+90642+1ede0e5a.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/apache-commons-collections-3.2.2-10.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/apache-commons-lang-2.6-21.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/apache-commons-net-3.6-3.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/bea-stax-1.2.0-16.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/fasterxml-oss-parent-69-1.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/glassfish-fastinfoset-1.2.13-9.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/glassfish-jaxb-2.2.11-12.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/glassfish-jaxb-api-2.2.12-8.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/jackson-annotations-2.19.1-1.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/jackson-bom-2.19.1-1.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/jackson-core-2.19.1-1.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/jackson-databind-2.19.1-1.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/jackson-jaxrs-providers-2.19.1-1.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/jackson-modules-base-2.19.1-2.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/jackson-parent-2.19.1-1.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/jakarta-commons-httpclient-3.1-28.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/javassist-3.18.1-8.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/pki-servlet-engine-9.0.62-1.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/relaxngDatatype-2011.1-7.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/slf4j-1.7.25-4.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/stax-ex-1.7.7-8.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/velocity-1.7-24.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/xalan-j2-2.7.1-38.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/xerces-j2-2.11.0-34.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/xml-commons-apis-1.4.01-25.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/xml-commons-resolver-1.2-26.module+el8.10.0+90642+1ede0e5a.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/xmlstreambuffer-1.5.4-8.module+el8.10.0+90682+879b1f6e.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/xsom-0-19.20110809svn.module+el8.10.0+90642+1ede0e5a.src.rpm
Description of changes:
apache-commons-collections
apache-commons-lang
apache-commons-net
bea-stax
fasterxml-oss-parent
[69-1]
- Rebase to version 69
- Resolves: RHEL-103106
glassfish-fastinfoset
glassfish-jaxb
glassfish-jaxb-api
jackson-annotations
[2.19.1-1]
- Rebase to upstream version 2.19.1
- Resolves: RHEL-103106
jackson-bom
[2.19.1-1]
- Rebase to version 2.19.1
- Resolves: RHEL-103106
jackson-core
[2.19.1-1]
- Rebase to upstream version 2.19.1
- Resolves: RHEL-103106
jackson-databind
[2.19.1-1]
- Rebase to upstream version 2.19.1
- Resolves: RHEL-103106
jackson-jaxrs-providers
[2.19.1-1]
- Rebase to upstream version 2.19.1
- Resolves: RHEL-103106
jackson-modules-base
[2.19.1-2]
- Remove dependency from jakarta activitaion
- Resolves: RHEL-113006
jackson-parent
[2.19.1-1]
- Rebase to version 2.19.1
- Resolves: RHEL-103106
jakarta-commons-httpclient
javassist
pki-servlet-engine
relaxngDatatype
slf4j
stax-ex
velocity
xalan-j2
xerces-j2
xml-commons-apis
xml-commons-resolver
xmlstreambuffer
xsom
ELBA-2025-20651 Oracle Linux 9 kexec-tools bug fix update
Oracle Linux Bug Fix Advisory ELBA-2025-20651
http://linux.oracle.com/errata/ELBA-2025-20651.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
kexec-tools-2.0.31-1.0.1.el9_6.x86_64.rpm
aarch64:
kexec-tools-2.0.31-1.0.1.el9_6.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kexec-tools-2.0.31-1.0.1.el9_6.src.rpm
Description of changes:
[2.0.31-1.0.1]
- Update kexec-tools to latest version upstream [Orabug: 38442340]
ELSA-2025-20663 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2025-20663
http://linux.oracle.com/errata/ELSA-2025-20663.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
aarch64:
kernel-uek-5.4.17-2136.348.3.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.348.3.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.348.3.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.348.3.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.348.3.el8uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.348.3.el8uek.src.rpm
Related CVEs:
CVE-2023-52572
CVE-2024-26644
CVE-2024-26958
CVE-2024-49935
CVE-2024-53237
CVE-2025-37798
CVE-2025-38102
CVE-2025-38177
CVE-2025-38193
CVE-2025-38211
CVE-2025-38226
CVE-2025-38229
CVE-2025-38230
CVE-2025-38245
CVE-2025-38249
CVE-2025-38262
CVE-2025-38347
CVE-2025-38371
CVE-2025-38375
CVE-2025-38377
CVE-2025-38386
CVE-2025-38387
CVE-2025-38389
CVE-2025-38391
CVE-2025-38395
CVE-2025-38400
CVE-2025-38401
CVE-2025-38403
CVE-2025-38404
CVE-2025-38406
CVE-2025-38439
CVE-2025-38445
CVE-2025-38448
CVE-2025-38457
CVE-2025-38458
CVE-2025-38459
CVE-2025-38460
CVE-2025-38464
CVE-2025-38465
CVE-2025-38467
CVE-2025-38468
CVE-2025-38470
CVE-2025-38473
CVE-2025-38474
CVE-2025-38477
CVE-2025-38478
CVE-2025-38480
CVE-2025-38481
CVE-2025-38482
CVE-2025-38483
CVE-2025-38494
CVE-2025-38495
CVE-2025-38497
CVE-2025-38499
CVE-2025-38513
CVE-2025-38514
CVE-2025-38515
CVE-2025-38516
CVE-2025-38529
CVE-2025-38530
CVE-2025-38538
CVE-2025-38539
CVE-2025-38540
CVE-2025-38542
CVE-2025-38546
CVE-2025-38553
CVE-2025-38555
CVE-2025-38563
CVE-2025-38565
CVE-2025-38569
CVE-2025-38572
CVE-2025-38574
CVE-2025-38577
CVE-2025-38578
CVE-2025-38581
CVE-2025-38602
CVE-2025-38604
CVE-2025-38608
CVE-2025-38612
CVE-2025-38617
CVE-2025-38618
CVE-2025-38622
CVE-2025-38630
CVE-2025-38635
CVE-2025-38639
CVE-2025-38650
CVE-2025-38652
CVE-2025-38663
CVE-2025-38664
CVE-2025-38666
CVE-2025-38668
CVE-2025-38671
CVE-2025-38677
CVE-2025-38680
CVE-2025-38687
CVE-2025-38691
CVE-2025-38693
CVE-2025-38694
CVE-2025-38695
CVE-2025-38697
CVE-2025-38698
CVE-2025-38699
CVE-2025-38700
CVE-2025-38701
CVE-2025-38708
CVE-2025-38713
CVE-2025-38714
CVE-2025-38715
CVE-2025-38718
CVE-2025-38721
CVE-2025-38724
CVE-2025-38727
CVE-2025-38729
CVE-2025-39676
CVE-2025-39689
CVE-2025-39691
CVE-2025-39709
CVE-2025-39710
CVE-2025-39713
CVE-2025-39714
CVE-2025-39724
CVE-2025-39730
CVE-2025-39736
CVE-2025-39737
CVE-2025-39742
CVE-2025-39743
CVE-2025-39749
CVE-2025-39751
CVE-2025-39752
CVE-2025-39756
CVE-2025-39757
CVE-2025-39766
CVE-2025-39782
CVE-2025-39783
CVE-2025-39787
CVE-2025-39794
CVE-2025-39798
CVE-2025-39808
CVE-2025-39812
CVE-2025-39813
CVE-2025-39817
CVE-2025-39824
CVE-2025-39828
Description of changes:
[5.4.17-2136.348.3.el8uek]
- hugetlbfs: take read_lock on i_mmap for PMD sharing (Waiman Long) [Orabug: 38459576]
- kallsyms: add module_kallsyms_on_each_symbol_locked (Julian Pidancet) [Orabug: 37629344] [Orabug: 38418686]
- kallsyms: export module_kallsyms_on_each_symbol (Julian Pidancet) [Orabug: 37629344] [Orabug: 38418686]
[5.4.17-2136.348.2.el8uek]
- uek-rpm: Move ifb module to nano modules (Harshit Mogalapalli) [Orabug: 38443798]
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38310007] {CVE-2025-38499}
- x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38424094]
- x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38424094]
- x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38424094]
- Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38424094]
[5.4.17-2136.348.1.el8uek]
- LTS tag: v5.4.298 (Sherry Yang)
- Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" (Imre Deak)
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- Revert "drm/amdgpu: fix incorrect vm flags to map bo" (Alex Deucher) [Orabug: 38343661]
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (Minjong Kim) [Orabug: 38440228] {CVE-2025-39808}
- HID: wacom: Add a new Art Pen 2 (Ping Cheng)
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (Qasim Ijaz) [Orabug: 38440310] {CVE-2025-39824}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (Li Nan) [Orabug: 38440277] {CVE-2025-39817}
- sctp: initialize more fields in sctp_v6_from_sk() (Eric Dumazet) [Orabug: 38440251] {CVE-2025-39812}
- net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts (Rohan G Thomas)
- net/mlx5e: Set local Xoff after FW update (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon port speed set (Alexei Lazar)
- net/mlx5e: Update and set Xon/Xoff upon MTU set (Alexei Lazar)
- net: dlink: fix multicast stats being counted incorrectly (Moon Yeounsu)
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). (Kuniyuki Iwashima) [Orabug: 38440347] {CVE-2025-39828}
- net/atm: remove the atmdev_ops {get, set}sockopt methods (Christoph Hellwig)
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (Luiz Augusto von Dentz)
- powerpc/kvm: Fix ifdef to remove build warning (Madhavan Srinivasan)
- net: ipv4: fix regression in local-broadcast routes (Oscar Maes) [Orabug: 38343661]
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (Nikolay Kuratov)
- scsi: core: sysfs: Correct sysfs attributes access rights (Damien Le Moal)
- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (Tengda Wu) [Orabug: 38440259] {CVE-2025-39813}
- pinctrl: STMFX: add missing HAS_IOMEM dependency (Randy Dunlap)
- LTS tag: v5.4.297 (Sherry Yang)
- alloc_fdtable(): change calling conventions. (Al Viro)
- s390/hypfs: Enable limited access during lockdown (Peter Oberparleiter)
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (Peter Oberparleiter)
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (Takashi Iwai)
- net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate (William Liu)
- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (William Liu)
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (Jason Xing)
- ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add (Heminhong)
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (Dan Carpenter) [Orabug: 38343661]
- scsi: qla4xxx: Prevent a potential error pointer dereference (Dan Carpenter) [Orabug: 38401514] {CVE-2025-39676}
- usb: xhci: Fix slot_id resource race conflict (Weitao Wang)
- nfs: fix UAF in direct writes (Josef Bacik) [Orabug: 36596831] {CVE-2024-26958}
- NFS: Fix up commit deadlocks (Trond Myklebust)
- cifs: Fix UAF in cifs_demultiplex_thread() (Zhang Xiaoxu) [Orabug: 36154626] {CVE-2023-1192}
- Bluetooth: fix use-after-free in device_for_each_child() (Dmitry Antipov) [Orabug: 37433654] {CVE-2024-53237}
- act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti)
- net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti)
- net/sched: act_mirred: refactor the handle of xmit (Wenxu)
- selftests: forwarding: tc_actions.sh: add matchall mirror test (Jiri Pirko)
- net: sched: don't expose action qstats to skb_tc_reinsert() (Vlad Buslov)
- net: sched: extract qstats update code into functions (Vlad Buslov)
- net: sched: extract bstats update code into function (Vlad Buslov)
- net: sched: extract common action counters update code into function (Vlad Buslov)
- mm: perform the mapping_map_writable() check after call_mmap() (Lorenzo Stoakes)
- mm: update memfd seal write check to include F_SEAL_WRITE (Lorenzo Stoakes)
- mm: drop the assumption that VM_SHARED always implies writable (Lorenzo Stoakes)
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37908492] {CVE-2025-37798}
- sch_qfq: make qfq_qlen_notify() idempotent (Cong Wang)
- sch_hfsc: make hfsc_qlen_notify() idempotent (Cong Wang) [Orabug: 38158396] {CVE-2025-38177}
- sch_drr: make drr_qlen_notify() idempotent (Cong Wang)
- btrfs: populate otime when logging an inode item (Qu Wenruo)
- media: venus: hfi: explicitly release IRQ during teardown (Jorge Ramirez-Ortiz)
- f2fs: fix to avoid out-of-boundary access in dnode page (Chao Yu)
- media: venus: protect against spurious interrupts during probe (Jorge Ramirez-Ortiz)
- media: qcom: camss: cleanup media device allocated resource on error path (Vladimir Zapolskiy)
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. (Ricardo Ribalda)
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (Imre Deak)
- pwm: mediatek: Fix duty and period setting (Uwe Kleine-König)
- pwm: mediatek: Handle hardware enable and clock enable separately (Uwe Kleine-König)
- pwm: mediatek: Implement .apply() callback (Uwe Kleine-König)
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (Gui-Dong Han) [Orabug: 38401677] {CVE-2025-39713}
- media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() (Sakari Ailus)
- media: v4l2-ctrls: always copy the controls on completion (Hans Verkuil)
- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig (Damien Le Moal)
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header (Bjorn Andersson)
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (Meagan Lloyd)
- usb: musb: omap2430: fix device leak at unbind (Johan Hovold)
- NFS: Fix the setting of capabilities when automounting a new filesystem (Trond Myklebust) [Orabug: 38429211] {CVE-2025-39798}
- NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() (Trond Myklebust)
- NFSv4: Fix nfs4_bitmap_copy_adjust() (Trond Myklebust)
- usb: typec: fusb302: cache PD RX state (Sebastian Reichel)
- cdc-acm: fix race between initial clearing halt and open (Oliver Neukum)
- USB: cdc-acm: do not log successful probe on later errors (Johan Hovold)
- mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock (Breno Leitao)
- mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t (He Zhe)
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (Geoffrey D. Bennett)
- x86/fpu: Delay instruction pointer fixup until after warning (Dave Hansen)
- mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery (Andy Shevchenko)
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38395081] {CVE-2025-38724}
- pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov (Maulik Shah)
- tracing: Add down_write(trace_event_sem) when adding trace event (Steven Rostedt) [Orabug: 38324271] {CVE-2025-38539}
- usb: hub: Don't try to recover devices lost during warm reset. (Mathias Nyman)
- usb: hub: avoid warm port reset during USB3 disconnect (Mathias Nyman)
- x86/mce/amd: Add default names for MCA banks and blocks (Yazen Ghannam)
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (Zhang Lixu)
- f2fs: fix to do sanity check on ino and xnid (Chao Yu)
- mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n (Harry Yoo)
- mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() (Miaohe Lin)
- drm/sched: Remove optimization that causes hang when killing dependent jobs (Lin Cao)
- ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (Haoxiang Li) [Orabug: 38351930] {CVE-2025-38664}
- net: usbnet: Fix the wrong netif_carrier_on() call (Ammar Faizi)
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (John Ernberg)
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (Lukas Wunner)
- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (Li Zhong)
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (Ian Abbott)
- comedi: Fix initialization of data for instructions that write to subdevice (Ian Abbott)
- kbuild: Add KBUILD_CPPFLAGS to as-option invocation (Nathan Chancellor)
- kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS (Masahiro Yamada)
- kbuild: Add CLANG_FLAGS to as-instr (Nathan Chancellor)
- mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation (Nathan Chancellor)
- kbuild: Update assembler calls to use proper flags and language target (Nick Desaulniers)
- ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS (Nathan Chancellor)
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (Kuen-Han Tsai)
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (Zenm Chen)
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (Thorsten Blum)
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (Mael Guerin)
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (Miao Li)
- iio: proximity: isl29501: fix buffered read on big-endian systems (David Lechner)
- ftrace: Also allocate and copy hash for reading of filter files (Steven Rostedt) [Orabug: 38401581] {CVE-2025-39689}
- fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() (Xu Yilun)
- use uniform permission checks for all mount propagation changes (Al Viro)
- move_mount: allow to add a mount into an existing group (Pavel Tikhomirov)
- fs/buffer: fix use-after-free when call bh_read() helper (Ye Bin) [Orabug: 38401587] {CVE-2025-39691}
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (Timur Kristóf)
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (Timur Kristóf)
- memstick: Fix deadlock by moving removing flag earlier (Jiayi Li)
- media: venus: Add a check for packet size after reading from shared memory (Vedang Nagar)
- media: ov2659: Fix memory leaks in ov2659_probe() (Zhang Shurong)
- media: usbtv: Lock resolution while streaming (Ludwig Disterhof) [Orabug: 38401684] {CVE-2025-39714}
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (Haoxiang Li)
- media: gspca: Add bounds checking to firmware parser (Dan Carpenter)
- soc/tegra: pmc: Ensure power-domains are in a known state (Jonathan Hunter)
- jbd2: prevent softlockup in jbd2_log_do_checkpoint() (Baokun Li) [Orabug: 38423509] {CVE-2025-39782}
- PCI: endpoint: Fix configfs group removal on driver teardown (Damien Le Moal)
- PCI: endpoint: Fix configfs group list head handling (Damien Le Moal)
- mtd: rawnand: fsmc: Add missing check after DMA map (Thomas Fourier)
- pwm: imx-tpm: Reset counter if CMOD is 0 (Laurentiu Mihalcea)
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (Nathan Chancellor)
- zynq_fpga: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- ata: libata-scsi: Fix ata_to_sense_error() status handling (Damien Le Moal)
- ext4: fix reserved gdt blocks handling in fsmap (Ojaswin Mujoo)
- ext4: fix fsmap end of range reporting with bigalloc (Ojaswin Mujoo)
- ext4: check fast symlink for ea_inode correctly (Andreas Dilger)
- vt: defkeymap: Map keycodes above 127 to K_HOLE (Myrrh Periwinkle)
- vt: keyboard: Don't process Unicode characters in K_OFF mode (Myrrh Periwinkle)
- usb: dwc3: meson-g12a: fix device leaks at unbind (Johan Hovold)
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (Johan Hovold)
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (Nathan Chancellor)
- m68k: Fix lost column on framebuffer debug console (Finn Thain)
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (Dan Carpenter)
- serial: 8250: fix panic due to PSLVERR (Yunhui Cui) [Orabug: 38401729] {CVE-2025-39724}
- media: uvcvideo: Do not mark valid metadata as invalid (Ricardo Ribalda)
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Youngjun Lee) [Orabug: 38394816] {CVE-2025-38680}
- mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() (Waiman Long)
- parisc: Makefile: fix a typo in palo.conf (Randy Dunlap)
- btrfs: fix log tree replay failure due to file with 0 links and extents (Filipe Manana)
- thunderbolt: Fix copy+paste error in match_service_id() (Eric Biggers)
- comedi: fix race between polling and detaching (Ian Abbott)
- misc: rtsx: usb: Ensure mmc child device is active when card is present (Ricky Wu)
- drm/amdgpu: fix incorrect vm flags to map bo (Jack Xiao)
- scsi: lpfc: Remove redundant assignment to avoid memory leak (Jiasheng Jiang)
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (Meagan Lloyd)
- pNFS: Fix uninited ptr deref in block/scsi layout (Sergey Bashirov) [Orabug: 38394867] {CVE-2025-38691}
- pNFS: Handle RPC size limit for layoutcommits (Sergey Bashirov)
- pNFS: Fix disk addr range check in block/scsi layout (Sergey Bashirov)
- pNFS: Fix stripe mapping in block/scsi layout (Sergey Bashirov)
- net: phy: smsc: add proper reset flags for LAN8710A (Csaba Buday)
- ipmi: Fix strcpy source and destination the same (Corey Minyard)
- kconfig: lxdialog: fix 'space' to (de)select options (Yann E. MORIN)
- kconfig: gconf: fix potential memory leak in renderer_edited() (Masahiro Yamada)
- kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() (Masahiro Yamada)
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (Breno Leitao)
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (John Garry)
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (Ranjan Kumar)
- kconfig: nconf: Ensure null termination where strncpy is used (Shankari Anand)
- kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c (Suchit Karunakaran)
- i3c: don't fail if GETHDRCAP is unsupported (Wolfram Sang)
- PCI: pnv_php: Work around switches with broken presence detection (Timothy Pearson)
- i3c: add missing include to internal header (Wolfram Sang)
- media: uvcvideo: Fix bandwidth issue for Alcor camera (Chenchangcheng)
- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (Alex Guo) [Orabug: 38394880] {CVE-2025-38693}
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (Alex Guo) [Orabug: 38394887] {CVE-2025-38694}
- media: usb: hdpvr: disable zero-length read messages (Wolfram Sang)
- media: tc358743: Increase FIFO trigger level to 374 (Dave Stevenson)
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (Dave Stevenson)
- media: tc358743: Check I2C succeeded during probe (Dave Stevenson)
- pinctrl: stm32: Manage irq affinity settings (Cheick Traore)
- scsi: mpt3sas: Correctly handle ATA device errors (Damien Le Moal)
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (Justin Tee) [Orabug: 38394894] {CVE-2025-38695}
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (Yury Norov) [Orabug: 38423286] {CVE-2025-39742}
- MIPS: Don't crash in stack_top() for tasks without ABI or vDSO (Thomas Weißschuh)
- jfs: upper bound check of tree index in dbAllocAG (Arnaud Lecomte)
- jfs: Regular file corruption check (Edward Adam Davis)
- jfs: truncate good inode pages when hard link is 0 (Lizhi Xu)
- scsi: bfa: Double-free fix (Jackysliu) [Orabug: 38394925] {CVE-2025-38699}
- MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} (Shiji Yang)
- watchdog: dw_wdt: Fix default timeout (Sebastian Reichel)
- fs/orangefs: use snprintf() instead of sprintf() (Amir Mohammad Jahangirzad)
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Showrya M N) [Orabug: 38394931] {CVE-2025-38700}
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (Theodore Ts'O) [Orabug: 38394937] {CVE-2025-38701}
- cifs: Fix calling CIFSFindFirst() for root path without msearch (Pali Rohár)
- vhost: fail early when __vhost_add_used() fails (Jason Wang)
- net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 (Álvaro Fernández Rojas)
- uapi: in6: restore visibility of most IPv6 socket options (Jakub Kicinski)
- net: ncsi: Fix buffer overflow in fetching version id (Hari Kalavakunta)
- net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 (Álvaro Fernández Rojas)
- net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 (Álvaro Fernández Rojas)
- net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs (Gal Pressman)
- wifi: iwlegacy: Check rate_idx range after addition (Stanislaw Gruszka)
- netmem: fix skb_frag_address_safe with unreadable skbs (Mina Almasry)
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_rx_interrupt(). (Thomas Fourier)
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (Anjaneyulu)
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (Rand Deeb)
- net: fec: allow disable coalescing (Jonas Rebmann)
- (powerpc/512) Fix possible dma_unmap_single() on uninitialized pointer (Thomas Fourier)
- s390/stp: Remove udelay from stp_sync_clock() (Sven Schnelle)
- wifi: iwlwifi: mvm: fix scan request validation (Avraham Stern)
- net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() (Alok Tiwari)
- net: ipv4: fix incorrect MTU in broadcast routes (Oscar Maes)
- wifi: cfg80211: Fix interface type validation (Ilan Peer)
- rcu: Protect ->defer_qs_iw_pending from data race (Paul E. McKenney) [Orabug: 38423341] {CVE-2025-39749}
- net: ag71xx: Add missing check after DMA map (Thomas Fourier)
- et131x: Add missing check after DMA map (Thomas Fourier)
- be2net: Use correct byte order and format string for TCP seq and ack_seq (Alok Tiwari)
- s390/time: Use monotonic clock in get_cycles() (Sven Schnelle)
- wifi: cfg80211: reject HTC bit for management frames (Johannes Berg)
- ktest.pl: Prevent recursion of default variable options (Steven Rostedt)
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (Xinxin Wan)
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (Cristian Ciocaltea)
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (Lucy Thrun) [Orabug: 38423359] {CVE-2025-39751}
- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (Kees Cook)
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (Gautham R. Shenoy)
- usb: core: usb_submit_urb: downgrade type check (Oliver Neukum)
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (Alok Tiwari)
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (Mark Brown)
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (Ulf Hansson)
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (Breno Leitao)
- ACPI: processor: fix acpi_object initialization (Sebastian Ott)
- PM: sleep: console: Fix the black screen issue (Tuhaowen)
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (Hsin-Te Yuan)
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (Rafael J. Wysocki)
- selftests: tracing: Use mutex_unlock for testing glob filter (Masami Hiramatsu)
- ARM: tegra: Use I/O memcpy to write to IRAM (Aaron Kling)
- gpio: tps65912: check the return value of regmap_update_bits() (Bartosz Golaszewski)
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (Kuninori Morimoto)
- ARM: rockchip: fix kernel hang during smp initialization (Alexander Kochetkov)
- cpufreq: Exit governor when failed to start old governor (Lifeng Zheng)
- usb: xhci: Avoid showing errors during surprise removal (Mario Limonciello)
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (Jay Chen)
- usb: xhci: Avoid showing warnings for dying controller (Mario Limonciello)
- selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t (Cynthia Huang)
- usb: xhci: print xhci->xhc_state when queue_command failed (Su Hui)
- securityfs: don't pin dentries twice, once is enough... (Al Viro)
- hfs: fix not erasing deleted b-tree node issue (Viacheslav Dubeyko)
- drbd: add missing kref_get in handle_write_conflicts (Sarah Newman) [Orabug: 38394995] {CVE-2025-38708}
- udf: Verify partition map count (Jan Kara)
- arm64: Handle KCOV __init vs inline mismatches (Kees Cook)
- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() (Tetsuo Handa)
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (Viacheslav Dubeyko)
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (Viacheslav Dubeyko)
- hfs: fix slab-out-of-bounds in hfs_bnode_read() (Viacheslav Dubeyko)
- sctp: linearize cloned gso packets in sctp_rcv (Xin Long) [Orabug: 38395059] {CVE-2025-38718}
- netfilter: ctnetlink: fix refcount leak on table dump (Florian Westphal) [Orabug: 38395068] {CVE-2025-38721}
- udp: also consider secpath when evaluating ipsec use for checksumming (Sabrina Dubroca)
- ACPI: processor: perflib: Move problematic pr->performance check (Rafael J. Wysocki) [Orabug: 38429229] {CVE-2025-39799}
- ACPI: processor: perflib: Fix initial _PPC limit application (Jiayi Li)
- Documentation: ACPI: Fix parent device references (Andy Shevchenko)
- fs: Prevent file descriptor table allocations exceeding INT_MAX (Sasha Levin) [Orabug: 38423397] {CVE-2025-39756}
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (Ma Ke)
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (Dai Ngo)
- net: dpaa: fix device leak when querying time stamp info (Johan Hovold)
- net: gianfar: fix device leak when querying time stamp info (Johan Hovold)
- netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38401319] {CVE-2025-38727}
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Takashi Iwai) [Orabug: 38423407] {CVE-2025-39757}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Takashi Iwai) [Orabug: 38395101] {CVE-2025-38729}
- io_uring: don't use int for ABI (Pavel Begunkov)
- usb: gadget : fix use-after-free in composite_dev_cleanup() (Taoxue) [Orabug: 38334898] {CVE-2025-38555}
- MIPS: mm: tlb-r4k: Uniquify TLB entries on init (Jiaxun Yang)
- USB: serial: option: add Foxconn T99W709 (Slark Xiao)
- vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38351771] {CVE-2025-38618}
- net/packet: fix a race in packet_set_ring() and packet_notifier() (Quang Le) [Orabug: 38351764] {CVE-2025-38617}
- perf/core: Prevent VMA split of buffer mappings (Thomas Gleixner) [Orabug: 38334948] {CVE-2025-38563}
- perf/core: Exit early on perf_mmap() fail (Thomas Gleixner) [Orabug: 38334959] {CVE-2025-38565}
- perf/core: Don't leak AUX buffer refcount on allocation failure (Thomas Gleixner)
- pptp: fix pptp_xmit() error path (Eric Dumazet)
- smb: client: let recv_done() cleanup before notifying the callers. (Stefan Metzmacher)
- benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334976] {CVE-2025-38569}
- net: drop UFO packets in udp_rcv_segment() (Wang Liang) [Orabug: 38351786] {CVE-2025-38622}
- ipv6: reject malicious packets in ipv6_gso_segment() (Eric Dumazet) [Orabug: 38334988] {CVE-2025-38572}
- pptp: ensure minimal skb length in pptp_xmit() (Eric Dumazet) [Orabug: 38335004] {CVE-2025-38574}
- netpoll: prevent hanging NAPI when netcons gets enabled (Jakub Kicinski)
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (Trond Myklebust) [Orabug: 38401745] {CVE-2025-39730}
- pci/hotplug/pnv-php: Wrap warnings in macro (Frederic Barrat)
- pci/hotplug/pnv-php: Improve error msg on power state change failure (Frederic Barrat)
- usb: chipidea: udc: fix sleeping function called from invalid context (Peter Chen)
- f2fs: fix to avoid out-of-boundary access in devs.path (Chao Yu)
- f2fs: fix to avoid panic in f2fs_evict_inode (Chao Yu)
- f2fs: fix to avoid UAF in f2fs_sync_inode_meta() (Chao Yu)
- rtc: pcf8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: hym8563: fix incorrect maximum clock rate handling (Brian Masney)
- rtc: ds1307: fix incorrect maximum clock rate handling (Brian Masney)
- module: Restore the moduleparam prefix length check (Petr Pavlu)
- bpf: Check flow_dissector ctx accesses are aligned (Paul Chaignon)
- mtd: rawnand: atmel: set pmecc data setup time (Balamanikandan Gunasundar)
- mtd: rawnand: atmel: Fix dma_mapping_error() address (Thomas Fourier)
- jfs: fix metapage reference count leak in dbAllocCtl (Zheng Yu)
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (Chenyuan Yang)
- crypto: qat - fix seq_file position update in adf_ring_next() (Giovanni Cabiddu)
- dmaengine: nbpfaxi: Add missing check after DMA map (Thomas Fourier)
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (Thomas Fourier)
- fs/orangefs: Allow 2 more characters in do_c_string() (Dan Carpenter)
- soundwire: stream: restore params when prepare ports fail (Bard Liao)
- crypto: img-hash - Fix dma_unmap_sg() nents value (Thomas Fourier)
- hwrng: mtk - handle devm_pm_runtime_enable errors (Ovidiu Panait)
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (Dan Carpenter)
- scsi: isci: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: mvsas: Fix dma_unmap_sg() nents value (Thomas Fourier)
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (Thomas Fourier)
- clk: sunxi-ng: v3s: Fix de clock definition (Paul Kocialkowski)
- perf tests bp_account: Fix leaked file descriptor (Leo Yan)
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (Mengbiao Xiong)
- pinctrl: sunxi: Fix memory leak on krealloc failure (Yuan Chen)
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (Charles Han)
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (Henry Martin)
- mtd: fix possible integer overflow in erase_xfer() (Ivan Stepchenko)
- crypto: marvell/cesa - Fix engine load inaccuracy (Herbert Xu)
- PCI: rockchip-host: Fix "Unexpected Completion" log message (Hans Zhang)
- vrf: Drop existing dst reference in vrf_ip6_input_dst (Stanislav Fomichev)
- selftests: rtnetlink.sh: remove esp4_offload after test (Xiumei Mu)
- netfilter: xt_nfacct: don't assume acct name is null-terminated (Florian Westphal) [Orabug: 38351854] {CVE-2025-38639}
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (Jimmy Assarsson)
- can: kvaser_pciefd: Store device channel index (Jimmy Assarsson)
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (Gokul Sivakumar)
- Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (Remi Pommarel)
- mwl8k: Add missing check after DMA map (Thomas Fourier)
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (Martin Kaistra)
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (William Liu) [Orabug: 38331466] {CVE-2025-38553}
- arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX (Johan Korsnes)
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (Fedor Pchelkin)
- m68k: Don't unregister boot console needlessly (Finn Thain)
- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range (Xin Guo)
- iwlwifi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang) [Orabug: 38335110] {CVE-2025-38602}
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (Xiu Jianfeng)
- wifi: rtl818x: Kill URBs before clearing tx status queue (Daniil Dulov) [Orabug: 38335120] {CVE-2025-38604}
- caif: reduce stack size, again (Arnd Bergmann)
- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (Yuan Chen)
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (Jiayuan Chen) [Orabug: 38335131] {CVE-2025-38608}
- staging: nvec: Fix incorrect null termination of battery manufacturer (Alok Tiwari)
- samples: mei: Fix building on musl libc (Brahmajit Das)
- cpufreq: Init policy->rwsem before it may be possibly used (Lifeng Zheng)
- ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface (Annette Kobou)
- usb: early: xhci-dbc: Fix early_ioremap leak (Lucas De Marchi)
- Revert "vmci: Prevent the dispatching of uninitialized payloads" (Greg Kroah-Hartman)
- pps: fix poll support (Denis Osterland-Heim)
- vmci: Prevent the dispatching of uninitialized payloads (Lizhi Xu)
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (Abdun Nihaal) [Orabug: 38335153] {CVE-2025-38612}
- ARM: dts: vfxxx: Correctly use two tuples for timer address (Krzysztof Kozlowski)
- hfsplus: remove mutex_lock check in hfsplus_free_extents (Yangtao Li)
- ASoC: Intel: fix SND_SOC_SOF dependencies (Arnd Bergmann)
- ethernet: intel: fix building with large NR_CPUS (Arnd Bergmann)
- usb: phy: mxs: disconnect line when USB charger is attached (Xu Yang)
- usb: chipidea: add USB PHY event (Xu Yang)
- usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use (Peter Chen)
- usb: chipidea: udc: protect usb interrupt enable (Li Jun)
- usb: chipidea: udc: add new API ci_hdrc_gadget_connect (Peter Chen)
- ALSA: hda: Add missing NVIDIA HDA codec IDs (Daniel Dadap)
- comedi: comedi_test: Fix possible deletion of uninitialized timers (Ian Abbott)
- nilfs2: reject invalid file types when reading inodes (Ryusuke Konishi)
- i2c: qup: jump out of the loop in case of timeout (Yang Xiwen) [Orabug: 38351994] {CVE-2025-38671}
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (Xiang Mei)
- net: appletalk: Fix use-after-free in AARP proxy probe (Kito Xu)
- net: appletalk: fix kerneldoc warnings (Andrew Lunn)
- RDMA/core: Rate limit GID cache warning messages (Maor Gottlieb)
- regulator: core: fix NULL dereference on unbind due to stale coupling data (Alessandro Carminati) [Orabug: 38351978] {CVE-2025-38668}
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (Mathias Nyman)
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (Mathias Nyman)
- net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158477] {CVE-2025-38193}
- power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition (Zheng Wang)
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (Minghao Chi)
- power: supply: bq24190_charger: Fix runtime PM imbalance on error (Dinghao Liu)
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (Hongyu Xie)
- virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug: 38253834] {CVE-2025-38375}
- ASoC: fsl_sai: Force a software reset when starting in consumer mode (Arun Raghavan)
- usb: dwc3: qcom: Don't leave BCR asserted (Krishna Kurapati)
- usb: musb: fix gadget state on disconnect (Drew Hamilton)
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (William Liu) [Orabug: 38254214] {CVE-2025-38468}
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (Dong Chenchen) [Orabug: 38254225] {CVE-2025-38470}
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (Luiz Augusto von Dentz)
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (Luiz Augusto von Dentz)
- Bluetooth: SMP: If an unallowed command is received consider it a failure (Luiz Augusto von Dentz)
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (Kuniyuki Iwashima) [Orabug: 38254241] {CVE-2025-38473}
- usb: net: sierra: check for no status endpoint (Oliver Neukum) [Orabug: 38254249] {CVE-2025-38474}
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (Xiang Mei) [Orabug: 38254266] {CVE-2025-38477}
- net: emaclite: Fix missing pointer increment in aligned_read() (Alok Tiwari)
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (Ian Abbott)
- comedi: Fix some signed shift left operations (Ian Abbott)
- comedi: das6402: Fix bit shift out of bounds (Ian Abbott)
- comedi: das16m1: Fix bit shift out of bounds (Ian Abbott)
- comedi: aio_iiro_16: Fix bit shift out of bounds (Ian Abbott)
- comedi: pcl812: Fix bit shift out of bounds (Ian Abbott)
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (Chen Ni)
- iio: adc: max1363: Reorder mode_list[] entries (Fabio Estevam)
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (Fabio Estevam)
- soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled (Andrew Jeffery)
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (Andrew Jeffery)
- mmc: sdhci_am654: Workaround for Errata i2312 (Judith Mendez)
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (Edson Juliano Drosdeck)
- mmc: bcm2835: Fix dma_unmap_sg() nents value (Thomas Fourier)
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (Nathan Chancellor)
- isofs: Verify inode mode when loading from disk (Jan Kara)
- dmaengine: nbpfaxi: Fix memory corruption in probe() (Dan Carpenter)
- af_packet: fix soft lockup issue caused by tpacket_snd() (Yun Lu)
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (Yun Lu)
- phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() (Nathan Chancellor)
- HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254340] {CVE-2025-38494}
- HID: core: ensure __hid_request reserves the report ID as the first byte (Benjamin Tissoires)
- HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254348] {CVE-2025-38495}
- pch_uart: Fix dma_sync_sg_for_device() nents value (Thomas Fourier)
- Input: xpad - set correct controller type for Acer NGR200 (Nilton Perim Neto)
- i2c: stm32: fix the device used for the DMA map (Clément Le Goffic)
- usb: gadget: configfs: Fix OOB read on empty string write (Xinyu Liu) [Orabug: 38254358] {CVE-2025-38497}
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (Ryan Mann)
- USB: serial: option: add Foxconn T99W640 (Slark Xiao)
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (Fabio Porcedda)
- LTS tag: v5.4.296 (Sherry Yang)
- x86/mm: Disable hugetlb page table sharing on 32-bit (Jann Horn)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (Hans de Goede)
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324280] {CVE-2025-38540}
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (Zhang Heng)
- vt: add missing notification when switching back to text mode (Nicolas Pitre)
- net: usb: qmi_wwan: add SIMCom 8230C composition (Xiaowei Li)
- atm: idt77252: Add missing dma_map_error() (Thomas Fourier)
- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254090] {CVE-2025-38439}
- bnxt_en: Fix DCB ETS validation (Shravya Kn)
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (Sean Nyekjaer)
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (Oleksij Rempel)
- net: appletalk: Fix device refcount leak in atrtr_create() (Kito Xu)
- md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254109] {CVE-2025-38445}
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug: 38324161] {CVE-2025-38513}
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (Christian König)
- Input: xpad - support Acer NGR 200 Controller (Nilton Perim Neto)
- Input: xpad - add VID for Turtle Beach controllers (Vicki Pfau)
- Input: xpad - add support for Amazon Game Controller (Matt Reynolds)
- NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust)
- flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes (Tigran Mkrtchyan)
- RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad)
- netlink: Fix rmem check in netlink_broadcast_deliver(). (Kuniyuki Iwashima)
- netlink: make sure we allow at least one dump skb (Jakub Kicinski)
- Revert "ACPI: battery: negate current when discharging" (Rafael J. Wysocki)
- usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254118] {CVE-2025-38448}
- drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324180] {CVE-2025-38515}
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324186] {CVE-2025-38516}
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (Jp Kobryn)
- x86/mce: Don't remove sysfs if thresholding sysfs init fails (Yazen Ghannam)
- x86/mce/amd: Fix threshold limit reset (Yazen Ghannam)
- rxrpc: Fix oops due to non-existence of prealloc backlog struct (David Howells)
- net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254147] {CVE-2025-38457}
- atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254153] {CVE-2025-38458}
- atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254161] {CVE-2025-38459}
- atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324309] {CVE-2025-38546}
- atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254167] {CVE-2025-38460}
- tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254181] {CVE-2025-38464}
- netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254188] {CVE-2025-38465}
- fix proc_sys_compare() handling of in-lookup dentries (Al Viro)
- proc: Clear the pieces of proc_inode that proc_evict_inode cares about (Eric W. Biederman)
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug: 38254203] {CVE-2025-38467}
- staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (Nathan Chancellor)
- media: uvcvideo: Rollback non processed entities on error (Ricardo Ribalda)
- media: uvcvideo: Send control events for partial succeeds (Ricardo Ribalda)
- media: uvcvideo: Return the number of processed controls (Ricardo Ribalda)
- ACPI: PAD: fix crash in exit_round_robin() (Seiji Nishikawa) [Orabug: 37206006] {CVE-2024-49935}
- usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38401436] {CVE-2025-38404}
- Logitech C-270 even more broken (Oliver Neukum)
- rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju)
- net: rose: Fix fall-through warnings for Clang (Gustavo A R Silva)
- drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253887] {CVE-2025-38389}
- drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter)
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark)
- spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (Vladimir Oltean)
- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (Vladimir Oltean)
- dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai)
- ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier)
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (Filipe Manana)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (Filipe Manana)
- RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad)
- RDMA/core: Create and destroy counters in the ib_core (Leon Romanovsky)
- scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche)
- drm/v3d: Disable interrupts before resetting the GPU (Maíra Canal)
- mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky)
- mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu)
- mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() (Yue Hu)
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253907] {CVE-2025-38395}
- regulator: gpio: Add input_supply support in gpio_regulator_config (Jerome Neanne)
- ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253875] {CVE-2025-38386}
- wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253946] {CVE-2025-38406}
- wifi: mac80211: drop invalid source address OCB frames (Johannes Berg)
- powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan)
- ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg)
- ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai)
- nui: Fix dma_mapping_error() check (Thomas Fourier)
- enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari)
- amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju)
- lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter)
- drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski)
- btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana)
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier)
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253923] {CVE-2025-38400}
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253881] {CVE-2025-38387}
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson)
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu)
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253894] {CVE-2025-38391}
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih)
- vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253937] {CVE-2025-38403}
- btrfs: don't abort filesystem when attempting to snapshot deleted subvolume (Omar Sandoval) [Orabug: 36530119] {CVE-2024-26644}
- arm64: Restrict pagetable teardown to avoid false warning (Dev Jain)
- s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS (Nathan Chancellor)
- drm/bridge: cdns-dsi: Check return value when getting default PHY config (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix connecting to next bridge (Aradhya Bhatia)
- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (Aradhya Bhatia)
- drm/tegra: Assign plane type before registration (Thierry Reding)
- HID: wacom: fix kobject reference count leak (Qasim Ijaz)
- HID: wacom: fix memory leak on sysfs attribute creation failure (Qasim Ijaz)
- HID: wacom: fix memory leak on kobject creation failure (Qasim Ijaz)
- dm-raid: fix variable in journal device check (Heinz Mauelshagen)
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (Frédéric Danis)
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug: 38175045] {CVE-2025-38245}
- net: enetc: Correct endianness handling in _enetc_rd_reg64 (Simon Horman)
- um: ubd: Add missing error check in start_io_thread() (Tiwei Bie)
- vsock/uapi: fix linux/vm_sockets.h userspace compilation errors (Stefano Garzarella)
- wifi: mac80211: fix beacon interval calculation overflow (Lachlan Hodges)
- attach_recursive_mnt(): do not lock the covering tree when sliding something under it (Al Viro)
- ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug: 38175065] {CVE-2025-38249}
- i2c: robotfuzz-osif: disable zero-length read messages (Wolfram Sang)
- i2c: tiny-usb: disable zero-length read messages (Wolfram Sang)
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug: 38158592] {CVE-2025-38211}
- RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private (Weihang Li)
- media: vivid: Change the siize of the composing (Denis Arefev)
- media: omap3isp: use sgtable-based scatterlist wrappers (Marek Szyprowski)
- media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158692] {CVE-2025-38229}
- media: cxusb: use dev_dbg() rather than hand-rolled debug (Sean Young)
- jfs: validate AG parameters in dbMount() to prevent crashes (Vasiliy Kovalev)
- fs/jfs: consolidate sanity checking in dbMount (Dave Kleikamp)
- ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (Martin Blumenstingl)
- of: Add of_property_present() helper (Rob Herring)
- of: property: define of_property_read_u{8,16,32,64}_array() unconditionally (Michael Walle)
- kbuild: hdrcheck: fix cross build with clang (Arnd Bergmann)
- kbuild: add --target to correctly cross-compile UAPI headers with Clang (Masahiro Yamada)
- bpfilter: match bit size of bpfilter_umh to that of the kernel (Masahiro Yamada)
- kbuild: use -MMD instead of -MD to exclude system headers from dependency (Masahiro Yamada)
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152869] {CVE-2025-38102}
- VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF (George Kennedy)
- ovl: Check for NULL d_inode() in ovl_dentry_upper() (Kees Cook)
- ceph: fix possible integer overflow in ceph_zero_objects() (Dmitry Kandybka)
- ALSA: hda: Ignore unsol events for cards being shut down (Cezary Rojewski)
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (Jos Wang)
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (Robert Hodaszi)
- usb: Add checks for snprintf() calls in usb_alloc_dev() (Andy Shevchenko)
- tty: serial: uartlite: register uart driver in init (Jakub Lewalski)
- usb: potential integer overflow in usbg_make_tpg() (Chen Yufeng)
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (Jonathan Cameron)
- md/md-bitmap: fix dm-raid max_write_behind setting (Yu Kuai)
- dmaengine: xilinx_dma: Set dma_device directions (Thomas Gessler)
- mfd: max14577: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- mailbox: Not protect module_put with spin_lock_irqsave (Peng Fan)
- cifs: Fix cifs_query_path_info() for Windows NT servers (Pali Rohár)
ELBA-2025-20659 Oracle Linux 8 oracle-ai-database-preinstall-26ai bug fix update
Oracle Linux Bug Fix Advisory ELBA-2025-20659
http://linux.oracle.com/errata/ELBA-2025-20659.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
oracle-ai-database-preinstall-26ai-1.0-1.el8.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/oracle-ai-database-preinstall-26ai-1.0-1.el8.src.rpm
Description of changes:
[1.0-1]
- Initial version
ELSA-2025-17742 Moderate: Oracle Linux 9 vim security update
Oracle Linux Security Advisory ELSA-2025-17742
http://linux.oracle.com/errata/ELSA-2025-17742.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
vim-X11-8.2.2637-22.0.1.el9_6.1.x86_64.rpm
vim-common-8.2.2637-22.0.1.el9_6.1.x86_64.rpm
vim-enhanced-8.2.2637-22.0.1.el9_6.1.x86_64.rpm
vim-filesystem-8.2.2637-22.0.1.el9_6.1.noarch.rpm
vim-minimal-8.2.2637-22.0.1.el9_6.1.x86_64.rpm
aarch64:
vim-X11-8.2.2637-22.0.1.el9_6.1.aarch64.rpm
vim-common-8.2.2637-22.0.1.el9_6.1.aarch64.rpm
vim-enhanced-8.2.2637-22.0.1.el9_6.1.aarch64.rpm
vim-filesystem-8.2.2637-22.0.1.el9_6.1.noarch.rpm
vim-minimal-8.2.2637-22.0.1.el9_6.1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/vim-8.2.2637-22.0.1.el9_6.1.src.rpm
Related CVEs:
CVE-2025-53905
CVE-2025-53906
Description of changes:
[8.2.2637-22.0.1.1]
- Remove upstream references [Orabug: 31197557]
[2:8.2.2637-22.1]
- RHEL-112006 CVE-2025-53905 vim: Vim path traversial
- RHEL-112010 CVE-2025-53906 vim: Vim path traversal
[2:8.2.2637-22]
- RHEL-2159 vim: Heap Use After Free in function ins_compl_get_exp in vim/vim
[2:8.2.2637-21]
- RHEL-40602 CVE-2021-3903 vim: heap-based buffer overflow vulnerability
ELBA-2025-20658 Oracle Linux 9 oracle-ai-database-preinstall-26ai bug fix update
Oracle Linux Bug Fix Advisory ELBA-2025-20658
http://linux.oracle.com/errata/ELBA-2025-20658.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
oracle-ai-database-preinstall-26ai-1.0-1.el9.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/oracle-ai-database-preinstall-26ai-1.0-1.el9.src.rpm
Description of changes:
[1.0-1]
- Initial version
ELSA-2025-17776 Moderate: Oracle Linux 10 kernel security update
Oracle Linux Security Advisory ELSA-2025-17776
http://linux.oracle.com/errata/ELSA-2025-17776.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-abi-stablelists-6.12.0-55.39.1.0.1.el10_0.noarch.rpm
kernel-core-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-cross-headers-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-debug-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-debug-core-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-debug-devel-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-debug-devel-matched-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-core-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-extra-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-debug-uki-virt-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-devel-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-devel-matched-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-doc-6.12.0-55.39.1.0.1.el10_0.noarch.rpm
kernel-headers-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-modules-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-modules-core-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-modules-extra-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-tools-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-tools-libs-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-tools-libs-devel-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-uki-virt-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
kernel-uki-virt-addons-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
libperf-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
perf-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
python3-perf-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
rtla-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
rv-6.12.0-55.39.1.0.1.el10_0.x86_64.rpm
aarch64:
kernel-cross-headers-6.12.0-55.39.1.0.1.el10_0.aarch64.rpm
kernel-headers-6.12.0-55.39.1.0.1.el10_0.aarch64.rpm
kernel-tools-6.12.0-55.39.1.0.1.el10_0.aarch64.rpm
kernel-tools-libs-6.12.0-55.39.1.0.1.el10_0.aarch64.rpm
kernel-tools-libs-devel-6.12.0-55.39.1.0.1.el10_0.aarch64.rpm
libperf-6.12.0-55.39.1.0.1.el10_0.aarch64.rpm
perf-6.12.0-55.39.1.0.1.el10_0.aarch64.rpm
python3-perf-6.12.0-55.39.1.0.1.el10_0.aarch64.rpm
rtla-6.12.0-55.39.1.0.1.el10_0.aarch64.rpm
rv-6.12.0-55.39.1.0.1.el10_0.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-55.39.1.0.1.el10_0.src.rpm
Related CVEs:
CVE-2025-38556
CVE-2025-39757
CVE-2025-39761
Description of changes:
[6.12.0-55.39.1.0.1.el10_0.OL10]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64
