-
Fri Aug 04 2023 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.529.1.el7uek]
- vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (George Kennedy) [Orabug: 35649492] {CVE-2023-3567}
- ocfs2: always read both high and low parts of dinode link count (Alexey Asemov) [Orabug: 35643004]
-
Wed Jul 26 2023 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.528.2.el7uek]
- uek-rpm: Prevent cls_tcindex module to be loaded on demand (Sherry Yang) [Orabug: 35616811]
-
Fri Jun 30 2023 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.528.1.el7uek]
- LTS version: v4.14.320 (Saeed Mirzamohammadi)
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (Clark Wang)
- x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys (Dheeraj Kumar Srivastava)
- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (Min Li)
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (Min Li)
- drm/exynos: vidi: fix a wrong error return (Inki Dae)
- s390/cio: unregister device when the only path is gone (Vineeth Vijayan)
- usb: gadget: udc: fix NULL dereference in remove() (Dan Carpenter)
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (Helge Deller)
- nfcsim.c: Fix error checking for debugfs_create_dir (Osama Muhammad)
- arm64: Add missing Set/Way CMO encodings (Marc Zyngier)
- HID: wacom: Add error check to wacom_parse_and_register() (Denis Arefev)
- scsi: target: iscsi: Prevent login threads from racing between each other (Maurizio Lombardi)
- netfilter: nf_tables: disallow element updates of bound anonymous sets (Pablo Neira Ayuso)
- be2net: Extend xmit workaround to BE3 chip (Ross Lagerwall)
- mmc: usdhi60rol0: fix deferred probing (Sergey Shtylyov)
- mmc: omap_hsmmc: fix deferred probing (Sergey Shtylyov)
- mmc: omap: fix deferred probing (Sergey Shtylyov)
- mmc: mtk-sd: fix deferred probing (Sergey Shtylyov)
- net: qca_spi: Avoid high load if QCA7000 is not available (Stefan Wahren)
- xfrm: Linearize the skb after offloading if needed. (Sebastian Andrzej Siewior)
- nilfs2: prevent general protection fault in nilfs_clear_dirty_page() (Ryusuke Konishi)
- cgroup: Do not corrupt task iteration when rebinding subsystem (Xiu Jianfeng)
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (Michael Kelley)
- nilfs2: fix buffer corruption due to concurrent device reads (Ryusuke Konishi)
- nilfs2: reject devices with insufficient block count (Ryusuke Konishi)
- serial: lantiq: add missing interrupt ack (Bernhard Seibold)
- LTS version: v4.14.319 (Saeed Mirzamohammadi)
- mmc: block: ensure error propagation for non-blk (Christian Loehle)
- powerpc: Fix defconfig choice logic when cross compiling (Michael Ellerman)
- neighbour: delete neigh_lookup_nodev as not used (Leon Romanovsky)
- neighbour: Remove unused inline function neigh_key_eq16() (Gaosheng Cui)
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (Alex Maftei)
- net: tipc: resize nlattr array to correct size (Lin Ma)
- net: lapbether: only support ethernet devices (Eric Dumazet)
- drm/nouveau/dp: check for NULL nv_connector->native_mode (Natalia Petrova)
- igb: fix nvm.ops.read() error handling (Aleksandr Loktionov)
- sctp: fix an error code in sctp_sf_eat_auth() (Dan Carpenter)
- IB/isert: Fix incorrect release of isert connection (Saravanan Vajravel)
- IB/isert: Fix possible list corruption in CMA handler (Saravanan Vajravel)
- IB/isert: Fix dead lock in ib_isert (Saravanan Vajravel)
- ping6: Fix send to link-local addresses with VRF. (Guillaume Nault)
- netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM (Pablo Neira Ayuso)
- USB: serial: option: add Quectel EM061KGL series (Jerry Meng)
- Remove DECnet support from kernel (Stephen Hemminger)
- net: usb: qmi_wwan: add support for Compal RXM-G1 (Wes Huang)
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (Ryusuke Konishi)
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (Ryusuke Konishi)
- nios2: dts: Fix tse_mac "max-frame-size" property (Janne Grunau)
- ocfs2: check new file size on fallocate call (Luís Henriques)
- ocfs2: fix use-after-free when unmounting read-only filesystem (Luís Henriques)
- xen/blkfront: Only check REQ_FUA for writes (Ross Lagerwall)
- mips: Move initrd_start check after initrd address sanitisation. (Liviu Dudau)
- MIPS: Alchemy: fix dbdma2 (Manuel Lauss)
- power: supply: Fix logic checking if system is running from battery (Mario Limonciello)
- regulator: Fix error checking for debugfs_create_dir (Osama Muhammad)
- power: supply: Ratelimit no data debug output (Marek Vasut)
- ARM: dts: vexpress: add missing cache properties (Krzysztof Kozlowski)
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (Hans de Goede)
- power: supply: ab8500: Fix external_power_changed race (Hans de Goede)
- LTS version: v4.14.318 (Saeed Mirzamohammadi)
- btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (Zixuan Fu)
- btrfs: check return value of btrfs_commit_transaction in relocation (Josef Bacik)
- ext4: only check dquot_initialize_needed() when debugging (Theodore Ts'o)
- i2c: sprd: Delete i2c adapter in .remove's error path (Uwe Kleine-König)
- Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (Luiz Augusto von Dentz)
- ceph: fix use-after-free bug for inodes when flushing capsnaps (Xiubo Li)
- drm/amdgpu: fix xclk freq on CHIP_STONEY (Chia-I Wu)
- Input: psmouse - fix OOB access in Elantech protocol (Dmitry Torokhov)
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (Ismael Ferreras Morezuelas)
- batman-adv: Broken sync while rescheduling delayed work (Vladislav Efanov)
- bnxt_en: Query default VLAN before VNIC setup on a VF (Somnath Kotur)
- net: sched: move rtm_tca_policy declaration to include file (Eric Dumazet)
- rfs: annotate lockless accesses to RFS sock flow table (Eric Dumazet)
- rfs: annotate lockless accesses to sk->sk_rxhash (Eric Dumazet)
- Bluetooth: L2CAP: Add missing checks for invalid DCID (Sungwoo Kim)
- Bluetooth: Fix l2cap_disconnect_req deadlock (Ying Hsu)
- spi: qup: Request DMA before enabling clocks (Stephan Gerhold)
- i40e: fix build warnings in i40e_alloc.h (Greg Kroah-Hartman)
- i40iw: fix build warning in i40iw_manage_apbvt() (Greg Kroah-Hartman)
- LTS version: v4.14.317 (Saeed Mirzamohammadi)
- wifi: rtlwifi: 8192de: correct checking of IQK reload (Ping-Ke Shih)
- Fix double fget() in vhost_net_set_backend() (Al Viro)
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (Tudor Ambarus)
- cdc_ncm: Fix the build warning (Alexander Bersenev)
- cdc_ncm: Implement the 32-bit version of NCM Transfer Block (Alexander Bersenev)
- scsi: dpt_i2o: Do not process completions with invalid addresses (Ben Hutchings)
- scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD) (Ben Hutchings)
- fbcon: Fix null-ptr-deref in soft_cursor (Helge Deller)
- ext4: add lockdep annotations for i_data_sem for ea_inode's (Theodore Ts'o)
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (Sherry Sun)
- mmc: vub300: fix invalid response handling (Deren Wu)
- regulator: da905{2,5}: Remove unnecessary array check (Nathan Chancellor)
- wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (Jakub Kicinski)
- lib/dynamic_debug.c: use address-of operator on section symbols (Nathan Chancellor)
- kernel/extable.c: use address-of operator on section symbols (Nathan Chancellor)
- eth: sun: cassini: remove dead code (Martin Liška)
- gcc-12: disable '-Wdangling-pointer' warning for now (Linus Torvalds)
- ACPI: thermal: drop an always true check (Adam Borowski)
- x86/boot: Wrap literal addresses in absolute_pointer() (Kees Cook)
- ata: libata-scsi: Use correct device no in ata_find_dev() (Damien Le Moal)
- scsi: stex: Fix gcc 13 warnings (Bart Van Assche)
- usb: gadget: f_fs: Add unbind event before functionfs_unbind (Uttkarsh Aggarwal)
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (Sebastian Krzyszkowiak)
- iio: dac: mcp4725: Fix i2c_master_send() return value handling (Marek Vasut)
- HID: wacom: avoid integer overflow in wacom_intuos_inout() (Nikita Zhandarovich)
- iio: adc: mxs-lradc: fix the order of two cleanup operations (Jiakai Luo)
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (Dan Carpenter)
- atm: hide unused procfs functions (Arnd Bergmann)
- ALSA: oss: avoid missing-prototype warnings (Arnd Bergmann)
- netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT (Tom Rix)
- wifi: b43: fix incorrect __packed annotation (Arnd Bergmann)
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (Wenchao Hao)
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (Yun Lu)
- media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (Hyunwoo Kim)
- media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() (Takashi Iwai)
- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (Hyunwoo Kim)
- media: netup_unidvb: fix irq init by register it at the end of probe (Wei Chen)
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (Wei Chen)
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (Wei Chen)
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (Zhang Shurong)
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (Wei Chen)
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (Wei Chen)
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (Wei Chen)
- ASoC: ssm2602: Add workaround for playback distortions (Paweł Anikiel)
- ASoC: dwc: limit the number of overrun messages (Maxim Kochetkov)
- nbd: Fix debugfs_create_dir error checking (Ivan Orlov)
- fbdev: stifb: Fix info entry in sti_struct on error path (Helge Deller)
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (Helge Deller)
- ARM: 9295/1: unwind:fix unwind abort for uleb128 case (Haibo Li)
- mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (Lee Jones)
- net: dsa: mv88e6xxx: Increase wait after reset deactivation (Andreas Svensson)
- udp6: Fix race condition in udp6_sendmsg & connect (Vladislav Efanov)
- tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set (Cambda Zhu)
- af_packet: do not use READ_ONCE() in packet_bind() (Eric Dumazet)
- af_packet: Fix data-races of pkt_sk(sk)->num. (Kuniyuki Iwashima)
- netrom: fix info-leak in nr_write_internal() (Eric Dumazet)
- dmaengine: pl330: rename _start to prevent build error (Randy Dunlap)
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (Ruihan Li)
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (Cezary Rojewski)
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (Hans de Goede)
-
Fri Jun 16 2023 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.527.2.el7uek]
- Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE" (Greg Kroah-Hartman)
- lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release() (Ben Hutchings)
- selinux: don't use make's grouped targets feature yet (Paul Moore)
- xfs: log recovery stage split EFIs with multiple extents (Wengang Wang) [Orabug: 35475139]
- xfs: IO time one extent per EFI (Wengang Wang) [Orabug: 35475139]
- uek_kabi: Add UEK_KABI_DEPRECATE_ENUM (Sherry Yang) [Orabug: 35469884]
- bnxt_en: Clear DEFRAG flag in firmware message when retry flashing. (Pavan Chebbi) [Orabug: 35406837]
- bnxt_en: Enable batch mode when using HWRM_NVM_MODIFY to flash packages. (Michael Chan) [Orabug: 35406837]
- bnxt_en: Retry installing FW package under NO_SPACE error condition. (Pavan Chebbi) [Orabug: 35406837]
- bnxt_en: Restructure bnxt_flash_package_from_fw_obj() to execute in a loop. (Pavan Chebbi) [Orabug: 35406837]
- bnxt_en: Rearrange the logic in bnxt_flash_package_from_fw_obj(). (Michael Chan) [Orabug: 35406837]
- bnxt_en: Refactor bnxt_flash_nvram. (Pavan Chebbi) [Orabug: 35406837]
- bnxt_en: fix error handling when flashing from file (Edwin Peer) [Orabug: 35406837]
- bnxt_en: Fix return code to "flash_device". (Vasundhara Volam) [Orabug: 35406837]
- bnxt_en: Return -EAGAIN if fw command returns BUSY (Vasundhara Volam) [Orabug: 35406837]
- bnxt_en: Convert error code in firmware message response to standard code. (Michael Chan) [Orabug: 35406837]
- bnxt_en: return proper error when FW returns HWRM_ERR_CODE_RESOURCE_ACCESS_DENIED (Vasundhara Volam) [Orabug: 35406837]
- bnxt_en: Use a common function to print the same ethtool -f error message. (Michael Chan) [Orabug: 35406837]
-
Fri Jun 09 2023 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.527.1.el7uek]
- mips64: Enable CRYPTO_USER_API_SKCIPHER config (Vijay Kumar) [Orabug: 35458816]
- net/rds: Fix copy&paste error (Gerd Rausch) [Orabug: 35416949]
- uek-rpm: Blacklist cls_tcindex module (Somasundaram Krishnasamy) [Orabug: 35408336]
- LTS version: v4.14.316 (Saeed Mirzamohammadi)
- 3c589_cs: Fix an error handling path in tc589_probe() (Christophe JAILLET)
- forcedeth: Fix an error handling path in nv_probe() (Christophe JAILLET)
- x86/show_trace_log_lvl: Ensure stack pointer is aligned, again (Vernon Lovejoy)
- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (Dan Carpenter)
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg (Daisuke Nojiri)
- power: supply: bq27xxx: Fix poll_interval handling and races on remove (Hans de Goede)
- power: supply: bq27xxx: Fix I2C IRQ race on remove (Hans de Goede)
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (Hans de Goede)
- power: supply: leds: Fix blink to LED on transition (Hans de Goede)
- ipv6: Fix out-of-bounds access in ipv6_find_tlv() (Gavrilov Ilia)
- net: fix skb leak in __skb_tstamp_tx() (Pratyush Yadav)
- media: radio-shark: Add endpoint checks (Alan Stern)
- USB: sisusbvga: Add endpoint checks (Alan Stern)
- x86/mm: Avoid incomplete Global INVLPG flushes (Saeed Mirzamohammadi)
- USB: core: Add routines for endpoint checks in old drivers (Alan Stern)
- selftests/memfd: Fix unknown type name build failure (Hardik Garg)
- netfilter: nf_tables: fix register ordering (Florian Westphal)
- netfilter: nf_tables: do not allow SET_ID to refer to another table (Pablo Neira Ayuso)
- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Pablo Neira Ayuso)
- netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL (Pablo Neira Ayuso)
- netfilter: nf_tables: stricter validation of element data (Pablo Neira Ayuso) [Orabug: 34362007] {CVE-2022-34918}
- netfilter: nf_tables: allow up to 64 bytes in the set element data area (Pablo Neira Ayuso)
- netfilter: nf_tables: add nft_setelem_parse_key() (Pablo Neira Ayuso)
- netfilter: nf_tables: validate registers coming from userspace. (Pablo Neira Ayuso)
- netfilter: nftables: statify nft_parse_register() (Pablo Neira Ayuso)
- netfilter: nftables: add nft_parse_register_store() and use it (Pablo Neira Ayuso)
- netfilter: nftables: add nft_parse_register_load() and use it (Pablo Neira Ayuso)
- parisc: Allow to reboot machine after system halt (Helge Deller)
- m68k: Move signal frame following exception on 68020/030 (Finn Thain)
- spi: fsl-cpm: Use 16 bit mode for large transfers with even size (Christophe Leroy)
- spi: fsl-spi: Re-organise transfer bits_per_word adaptation (Christophe Leroy)
- spi: spi-fsl-spi: automatically adapt bits-per-word in cpu mode (Rasmus Villemoes)
- netfilter: nf_tables: bogus EBUSY in helper removal from transaction (Pablo Neira Ayuso)
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (Ryusuke Konishi)
- ceph: force updating the msg pointer in non-split case (Xiubo Li)
- serial: Add support for Advantech PCI-1611U card (Vitaliy Tomin)
- statfs: enforce statfs[64] structure initialization (Ilya Leoshkevich)
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (Nikhil Mahale)
- ALSA: hda: Fix Oops by 9.1 surround channel names (Takashi Iwai)
- usb-storage: fix deadlock when a scsi command timeouts more than once (Maxime Bizon)
- vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() (Eric Dumazet)
- igb: fix bit_shift to be in [1..8] range (Aleksandr Loktionov)
- cassini: Fix a memory leak in the error handling path of cas_init_one() (Christophe JAILLET)
- net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (Dong Chenchen)
- media: netup_unidvb: fix use-after-free at del_timer() (Duoming Zhou)
- vsock: avoid to close connected socket after the timeout (Zhuang Shengen)
- net: fec: Better handle pm_runtime_get() failing in .remove() (Uwe Kleine-König)
- af_key: Reject optional tunnel/BEET mode templates in outbound policies (Tobias Brunner)
- cpupower: Make TSC read per CPU for Mperf monitor (Wyes Karny)
- mfd: dln2: Fix memory leak in dln2_probe() (Qiang Ning)
- phy: st: miphy28lp: use _poll_timeout functions for waits (Alain Volmat)
- Input: xpad - add constants for GIP interface numbers (Vicki Pfau)
- clk: tegra20: fix gcc-7 constant overflow warning (Arnd Bergmann)
- recordmcount: Fix memory leaks in the uwrite function (Hao Zeng)
- sched: Fix KCSAN noinstr violation (Josh Poimboeuf)
- mcb-pci: Reallocate memory region to avoid memory overlapping (Rodríguez Barbarin, José Javier)
- serial: 8250: Reinit port->pm on port specific driver unbind (Tony Lindgren)
- HID: wacom: generic: Set battery quirk only when we see battery data (Jason Gerecke)
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (Kevin Groeneveld)
- HID: logitech-hidpp: Reconcile USB and Unifying serials (Bastien Nocera)
- HID: logitech-hidpp: Don't use the USB serial for USB devices (Bastien Nocera)
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (Philipp Hortmann)
- Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (Min Li)
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (Hans de Goede)
- ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa() (Ojaswin Mujoo)
- ext4: set goal start correctly in ext4_mb_normalize_request (Kemeng Shi)
- gfs2: Fix inode height consistency check (Andreas Gruenbacher)
- scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition (Zheng Wang)
- lib: cpu_rmap: Avoid use after free on rmap->obj array entries (Eli Cohen)
- net: Catch invalid index in XPS mapping (Nick Child)
- net: pasemi: Fix return type of pasemi_mac_start_tx() (Nathan Chancellor)
- ext2: Check block size validity during mount (Jan Kara)
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (Hector Martin)
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (void0red)
- ACPICA: Avoid undefined behavior: applying zero offset to null pointer (Tamir Duberstein)
- drm/tegra: Avoid potential 32-bit integer overflow (Nur Hussein)
- ACPI: EC: Fix oops when removing custom query handlers (Armin Wolf)
- memstick: r592: Fix UAF bug in r592_remove due to race condition (Zheng Wang)
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE (Alexander Stein)
- fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (Tetsuo Handa)
- af_unix: Fix a data race of sk->sk_receive_queue->qlen. (Kuniyuki Iwashima)
- ipvlan:Fix out-of-bounds caused by unclear skb->cb (t.feng)
- net: annotate sk->sk_err write from do_recvmmsg() (Eric Dumazet)
- netlink: annotate accesses to nlk->cb_running (Eric Dumazet)
- net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). (Kuniyuki Iwashima)
- LTS version: v4.14.315 (Saeed Mirzamohammadi)
- mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock (Tetsuo Handa)
- printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h (Tetsuo Handa)
- drbd: correctly submit flush bio on barrier (Christoph Böhmwalder)
- serial: 8250: Fix serial8250_tx_empty() race with DMA Tx (Ilpo Järvinen)
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (Ilpo Järvinen)
- perf bench: Share some global variables to fix build with gcc 10 (Arnaldo Carvalho de Melo)
- ext4: fix invalid free tracking in ext4_xattr_move_to_block() (Theodore Ts'o)
- ext4: remove a BUG_ON in ext4_mb_release_group_pa() (Theodore Ts'o)
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (Theodore Ts'o)
- ext4: add bounds checking in get_max_inline_xattr_value_size() (Theodore Ts'o)
- ext4: improve error recovery code paths in __ext4_remount() (Theodore Ts'o)
- ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum (Tudor Ambarus)
- HID: wacom: Set a default resolution for older tablets (Ping Cheng)
- ARM: dts: s5pv210: correct MIPI CSIS clock name (Krzysztof Kozlowski)
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite (Krzysztof Kozlowski)
- sh: nmi_debug: fix return value of __setup handler (Randy Dunlap)
- sh: math-emu: fix macro redefined warning (Randy Dunlap)
- cifs: fix pcchunk length type in smb2_copychunk_range (Pawel Witek)
- btrfs: print-tree: parent bytenr must be aligned to sector size (Anastasia Belova)
- btrfs: fix btrfs_prev_leaf() to not return the same key twice (Filipe Manana)
- perf symbols: Fix return incorrect build_id size in elf_read_build_id() (Yang Jihong)
- perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp() (Markus Elfring)
- perf vendor events power9: Remove UTF-8 characters from JSON files (Kajol Jain)
- ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (Ruliang Lin)
- af_packet: Don't send zero-byte data in packet_sendmsg_spkt(). (Kuniyuki Iwashima)
- net/sched: act_mirred: Add carrier check (Victor Nogueira)
- writeback: fix call of incorrect macro (Maxim Korotkov)
- sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() (Cong Wang)
- netfilter: nf_tables: deactivate anonymous set from preparation phase (Pablo Neira Ayuso)
- netfilter: nf_tables: bogus EBUSY when deleting set after flush (Pablo Neira Ayuso)
- netfilter: nf_tables: use-after-free in failing rule with bound set (Pablo Neira Ayuso)
- netfilter: nft_hash: fix nft_hash_deactivate (Pablo Neira Ayuso)
- netfilter: nf_tables: unbind set in rule from commit path (Pablo Neira Ayuso)
- netfilter: nf_tables: split set destruction in deactivate and destroy phase (Florian Westphal)
- perf auxtrace: Fix address filter entire kernel size (Adrian Hunter)
- dm ioctl: fix nested locking in table_clear() to remove deadlock concern (Mike Snitzer)
- dm flakey: fix a crash with invalid table line (Mikulas Patocka)
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (Mike Snitzer)
- s390/dasd: fix hanging blockdevice after request requeue (Stefan Haberland)
- btrfs: scrub: reject unsupported scrub flags (Qu Wenruo)
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (Quentin Schulz)
- wifi: rtl8xxxu: RTL8192EU always needs full init (Bitterblue Smith)
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (Ryusuke Konishi)
- nilfs2: do not write dirty data after degenerating to read-only (Ryusuke Konishi)
- parisc: Fix argument pointer in real64_call_asm() (Helge Deller)
- dmaengine: at_xdmac: do not enable all cyclic channels (Claudiu Beznea)
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (Gaosheng Cui)
- NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease (Trond Myklebust)
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (Patrick Kelsey)
- clk: add missing of_node_put() in "assigned-clocks" property parsing (Clément Léger)
- power: supply: generic-adc-battery: fix unit scaling (Sebastian Reichel)
- RDMA/rdmavt: Delete unnecessary NULL check (Natalia Petrova)
- perf/core: Fix hardlockup failure caused by perf throttle (Yang Jihong)
- powerpc/rtas: use memmove for potentially overlapping buffer copy (Nathan Lynch)
- macintosh: via-pmu-led: requires ATA to be set (Randy Dunlap)
- powerpc/sysdev/tsi108: fix resource printk format warnings (Randy Dunlap)
- powerpc/wii: fix resource printk format warnings (Randy Dunlap)
- powerpc/mpc512x: fix resource printk format warning (Randy Dunlap)
- macintosh/windfarm_smu_sat: Add missing of_node_put() (Liang He)
- spmi: Add a check for remove callback when removing a SPMI driver (Jishnu Prakash)
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (Philipp Hortmann)
- serial: 8250: Add missing wakeup event reporting (Florian Fainelli)
- tty: serial: fsl_lpuart: adjust buffer length to the intended size (Shenwei Wang)
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (Yinhao Hu)
- sh: sq: Fix incorrect element size for allocating bitmap buffer (John Paul Adrian Glaubitz)
- uapi/linux/const.h: prefer ISO-friendly __typeof__ (Saeed Mirzamohammadi)
- ia64: mm/contig: fix section mismatch warning/error (Randy Dunlap)
- of: Fix modalias string generation (Miquel Raynal)
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (Christophe Leroy)
- linux/vt_buffer.h: allow either builtin or modular for macros (Randy Dunlap)
- pstore: Revert pmsg_lock back to a normal mutex (John Stultz)
- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. (Kuniyuki Iwashima)
- net: amd: Fix link leak when verifying config failed (Gencen Gan)
- ipv4: Fix potential uninit variable access bug in __ip_make_skb() (Ziyang Xuan)
- ixgbe: Enable setting RSS table to default values (Joe Damato)
- ixgbe: Allow flow hash to be set via ethtool (Joe Damato)
- wifi: iwlwifi: mvm: check firmware response size (Johannes Berg)
- wifi: iwlwifi: make the loop for card preparation effective (Emmanuel Grumbach)
- md/raid10: fix leak of 'r10bio->remaining' for recovery (Yu Kuai)
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (Danila Chernetsov)
- scsi: target: iscsit: Fix TAS handling during conn cleanup (Mike Christie)
- net/packet: convert po->auxdata to an atomic flag (Eric Dumazet)
- net/packet: convert po->origdev to an atomic flag (Eric Dumazet)
- vlan: partially enable SIOCSHWTSTAMP in container (Vadim Fedorenko)
- scm: fix MSG_CTRUNC setting condition for SO_PASSSEC (Alexander Mikhalitsyn)
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (Fedor Pchelkin)
- wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (Dan Carpenter)
- wifi: ath6kl: minor fix for allocation size (Alexey V. Vissarionov)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (Sumit Garg)
- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (Saurabh Sengar)
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (Zheng Wang)
- x86/apic: Fix atomic update of offset in reserve_eilvt_offset() (Uros Bizjak)
- media: av7110: prevent underflow in write_ts_to_decoder() (Dan Carpenter)
- media: bdisp: Add missing check for create_workqueue (Jiasheng Jiang)
- drm/probe-helper: Cancel previous job before starting new one (Dom Cobley)
- drm/vgem: add missing mutex_destroy (Maíra Canal)
- drm/rockchip: Drop unbalanced obj unref (Rob Clark)
- selinux: ensure av_permissions.h is built when needed (Paul Moore)
- selinux: fix Makefile dependencies of flask.h (Ondrej Mosnacek)
- ubifs: Free memory for tmpfile name (Mårten Lindahl)
- ubi: Fix return value overwrite issue in try_write_vid_and_data() (Wang YanQing)
- i2c: omap: Fix standard mode false ACK readings (Reid Tonking)
- reiserfs: Add security prefix to xattr name in reiserfs_security_write() (Roberto Sassu)
- ring-buffer: Sync IRQ works before buffer destruction (Johannes Berg)
- MIPS: fw: Allow firmware to pass a empty env (Jiaxun Yang)
- staging: iio: resolver: ads1210: fix config mode (Nuno Sá)
- perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE) (Arnaldo Carvalho de Melo)
- USB: dwc3: fix runtime pm imbalance on unbind (Johan Hovold)
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod (Patrik Dahlström)
- USB: serial: option: add UNISOC vendor and TOZED LT70C product (Arınç ÜNAL)
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (Ruihan Li)
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (Jisoo Jang)
-
Tue May 23 2023 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.526.2.el7uek]
- Revert "net/sched: Retire tcindex classifier" (Saeed Mirzamohammadi) [Orabug: 35415066]
- elba.dtsi: Improved sdclk and sdclk-hsmmc timing. (David Clear) [Orabug: 35411611]
- dsc-drivers: update ionic drivers to 23.04.1-001 (Dave Kleikamp) [Orabug: 35411611]
- dsc-drivers: update ionic drivers to 22.11.1-001 (Dave Kleikamp) [Orabug: 35411611]
- dsc-drivers: update drivers for 1.15.9-C-100 (Dave Kleikamp) [Orabug: 35411611]
- kernfs: change kernfs_rename_lock into a read-write lock. (Imran Khan) [Orabug: 35257586]
- kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info. (Imran Khan) [Orabug: 35257586]
- kernfs: Introduce separate rwsem to protect inode attributes. (Imran Khan) [Orabug: 35257586]
- btrfs: scan device in non-exclusive mode (Anand Jain) [Orabug: 35153012]
- btrfs: free device in btrfs_close_devices for a single device filesystem (Anand Jain) [Orabug: 35153012]
- SUNRPC: remove the maximum number of retries in call_bind_status (Dai Ngo) [Orabug: 34640827]
- KVM: nVMX: add CR4_LA57 bit to nested CR4_FIXED1 (Chenyi Qiang) [Orabug: 32715898]
- Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" (Liu Jian)
- Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path" (Zhihao Cheng)
-
Fri May 05 2023 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.526.1.el7uek]
- mm, compaction: Skip all pinned pages during scan (Khalid Aziz) [Orabug: 35300710]
- LTS version: v4.14.314 (Saeed Mirzamohammadi)
- ASN.1: Fix check for strdup() success (Ekaterina Orlova)
- iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (Dan Carpenter)
- counter: 104-quad-8: Fix race condition between FLAG and CNTR reads (William Breathitt Gray)
- sctp: Call inet6_destroy_sock() via sk->sk_destruct(). (Kuniyuki Iwashima)
- dccp: Call inet6_destroy_sock() via sk->sk_destruct(). (Kuniyuki Iwashima)
- inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). (Kuniyuki Iwashima)
- tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). (Kuniyuki Iwashima)
- udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). (Kuniyuki Iwashima)
- ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li)
- ext4: remove duplicate definition of ext4_xattr_ibody_inline_set() (Ritesh Harjani)
- Revert "ext4: fix use-after-free in ext4_xattr_set_entry" (Tudor Ambarus)
- x86/purgatory: Don't generate debug info for purgatory.ro (Pingfan Liu)
- memstick: fix memory leak if card device is never registered (Greg Kroah-Hartman)
- nilfs2: initialize unused bytes in segment summary blocks (Ryusuke Konishi)
- xen/netback: use same error messages for same errors (Juergen Gross)
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (Heiko Carstens)
- net: dsa: b53: mmap: add phy ops (Álvaro Fernández Rojas)
- scsi: core: Improve scsi_vpd_inquiry() checks (Damien Le Moal)
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (Tomas Henzl)
- selftests: sigaltstack: fix -Wuninitialized (Nick Desaulniers)
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (Douglas Raillard)
- e1000e: Disable TSO on i219-LM card to increase speed (Sebastian Basierski)
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (Nikita Zhandarovich)
- i40e: fix i40e_setup_misc_vector() error handling (Aleksandr Loktionov)
- i40e: fix accessing vsi->active_filters without holding lock (Aleksandr Loktionov)
- virtio_net: bugfix overflow inside xdp_linearize_page() (Xuan Zhuo)
- net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (Gwangun Jung)
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node (Jianqun Xu)
- LTS version: v4.14.313 (Saeed Mirzamohammadi)
- arm64: KVM: Fix system register enumeration (Marc Zyngier)
- KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (Dave Martin)
- KVM: arm64: Factor out core register ID enumeration (Dave Martin)
- coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug (Steve Clevenger)
- watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (George Cherian)
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (Waiman Long)
- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (Zhihao Cheng)
- verify_pefile: relax wrapper length check (Robbie Harwood)
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (Hans de Goede)
- i2c: imx-lpi2c: clean rx/tx buffers upon new message (Alexander Stein)
- net: macb: fix a memory corruption in extended buffer descriptor mode (Roman Gushchin)
- qlcnic: check pci_reset_function result (Denis Plotnikov)
- niu: Fix missing unwind goto in niu_alloc_channels() (Harshit Mogalapalli)
- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition (Zheng Wang)
- mtdblock: tolerate corrected bit-flips (Bang Li)
- Bluetooth: Fix race condition in hidp_session_thread (Min Li)
- Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (Luiz Augusto von Dentz)
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (Oswald Buddenhagen)
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation (Oswald Buddenhagen)
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (Oswald Buddenhagen)
- ALSA: emu10k1: fix capture interrupt handler unlinking (Oswald Buddenhagen)
- mm/swap: fix swap_info_struct race between swapoff and get_swap_pages() (Rongwei Wang)
- ring-buffer: Fix race while reader and writer are on the same page (Zheng Yejian)
- ftrace: Mark get_lock_parent_ip() __always_inline (John Keeping)
- perf/core: Fix the same task check in perf_event_set_output (Kan Liang)
- nilfs2: fix sysfs interface lifetime (Ryusuke Konishi)
- nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (Ryusuke Konishi)
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (Biju Das)
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit (William Breathitt Gray)
- USB: serial: option: add Quectel RM500U-CN modem (Bjørn Mork)
- USB: serial: option: add Telit FE990 compositions (Enrico Sau)
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (Kees Jan Koster)
- gpio: davinci: Add irq chip flag to skip set wake (Dhruva Gole)
- ipv6: Fix an uninit variable access bug in __ip6_make_skb() (Ziyang Xuan)
- icmp: guard against too small mtu (Eric Dumazet)
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (Felix Fietkau)
- pwm: cros-ec: Explicitly set .polarity in .get_state() (Uwe Kleine-König)
- LTS version: v4.14.312 (Saeed Mirzamohammadi)
- ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (Harshit Mogalapalli)
- net: sched: cbq: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983585] {CVE-2023-23454}
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Ye Bin)
- usb: host: ohci-pxa27x: Fix and & vs | typo (Dan Carpenter)
- s390/uaccess: add missing earlyclobber annotations to __clear_user() (Heiko Carstens)
- drm/etnaviv: fix reference leak when mmaping imported buffer (Lucas Stach)
- ALSA: usb-audio: Fix regression on detection of Roland VS-100 (Takashi Iwai)
- ALSA: hda/conexant: Partial revert of a quirk for Lenovo (Takashi Iwai)
- pinctrl: at91-pio4: fix domain name assignment (Johan Hovold)
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (David Disseldorp)
- Input: focaltech - use explicitly signed char type (Jason A. Donenfeld)
- i40e: fix registers dump after run ethtool adapter self test (Radoslaw Tyl)
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (Ivan Orlov)
- scsi: megaraid_sas: Fix crash after a double completion (Tomas Henzl)
- fbdev: au1200fb: Fix potential divide by zero (Wei Chen)
- fbdev: lxfb: Fix potential divide by zero (Wei Chen)
- fbdev: intelfb: Fix potential divide by zero (Wei Chen)
- fbdev: nvidia: Fix potential divide by zero (Wei Chen)
- sched_getaffinity: don't assume 'cpumask_size()' is fully initialized (Linus Torvalds)
- fbdev: tgafb: Fix potential divide by zero (Wei Chen)
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (Kuninori Morimoto)
- ALSA: asihpi: check pao in control_message() (Kuninori Morimoto)
- md: avoid signed overflow in slot_store() (NeilBrown)
- ocfs2: fix data corruption after failed write (Jan Kara via Ocfs2-devel)
- sched/fair: Sanitize vruntime of entity being migrated (Vincent Guittot)
- sched/fair: sanitize vruntime of entity being placed (Zhang Qiao)
- dm crypt: add cond_resched() to dmcrypt_write() (Mikulas Patocka)
- dm stats: check for and propagate alloc_percpu failure (Jiasheng Jiang)
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (Wei Chen)
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (Ryusuke Konishi)
- usb: chipidea: core: fix possible concurrent when switch role (Xu Yang)
- usb: chipdea: core: fix return -EINVAL if request role is the same with current role (Xu Yang)
- igb: revert rtnl_lock() that causes deadlock (Lin Ma)
- usb: gadget: u_audio: don't let userspace block driver unbind (Alvin Šipraga)
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (Joel Selvaraj)
- sh: sanitize the flags on sigreturn (Al Viro)
- net: usb: qmi_wwan: add Telit 0x1080 composition (Enrico Sau)
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (Enrico Sau)
- scsi: ufs: core: Add soft dependency on governor_simpleondemand (Adrien Thierry)
- scsi: target: iscsi: Fix an error message in iscsi_check_key() (Maurizio Lombardi)
- m68k: Only force 030 bus error if PC not in exception table (Michael Schmitz)
- ca8210: fix mac_len negative array access (Alexander Aring)
- riscv: Bump COMMAND_LINE_SIZE value to 1024 (Alexandre Ghiti)
- thunderbolt: Use const qualifier for `ring_interrupt_index` (Mario Limonciello)
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (Yaroslav Furman)
- hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs (Frank Crawford)
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (Zheng Wang)
- Bluetooth: btqcomsmd: Fix command timeout after setting BD address (Stephan Gerhold)
- net: mdio: thunder: Add missing fwnode_handle_put() (Liang He)
- hvc/xen: prevent concurrent accesses to the shared ring (Roger Pau Monne)
- atm: idt77252: fix kmemleak when rmmod idt77252 (Li Zetao)
- net/mlx5: Read the TC mapping of all priorities on ETS query (Maher Sanalla)
- bpf: Adjust insufficient default bpf_jit_limit (Daniel Borkmann)
- net/ps3_gelic_net: Use dma_mapping_error (Geoff Levand)
- net/ps3_gelic_net: Fix RX sk_buff length (Geoff Levand)
- net: qcom/emac: Fix use after free bug in emac_remove due to race condition (Zheng Wang)
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach (Zheng Wang)
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (Daniil Tatianin)
- net: usb: smsc95xx: Limit packet length to skb->len (Szymon Heidrich)
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (Yu Kuai)
- i2c: imx-lpi2c: check only for enabled interrupt flags (Alexander Stein)
- igbvf: Regard vf reset nack as success (Akihiko Odaki)
- intel/igbvf: free irq on the error path in igbvf_request_msix() (Gaosheng Cui)
- iavf: fix inverted Rx hash condition leading to disabled hash (Alexander Lobakin)
- power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (Zheng Wang)
- LTS version: v4.14.311 (Saeed Mirzamohammadi)
- HID: uhid: Over-ride the default maximum data buffer value with our own (Lee Jones)
- HID: core: Provide new max_buffer_size attribute to over-ride the default (Lee Jones)
- serial: 8250_em: Fix UART port type (Biju Das)
- drm/i915: Don't use stolen memory for ring buffers with LLC (John Harrison)
- fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (Helge Deller)
- ftrace: Fix invalid address access in lookup_rec() when index is 0 (Chen Zhongjin)
- sh: intc: Avoid spurious sizeof-pointer-div warning (Michael Karcher)
- ext4: fix task hung in ext4_xattr_delete_inode (Baokun Li)
- ext4: fail ext4_iget if special inode unallocated (Baokun Li)
- mmc: atmel-mci: fix race between stop command and start of next command (Tobias Schramm)
- media: m5mols: fix off-by-one loop termination error (Linus Torvalds)
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (Zheng Wang)
- hwmon: (adt7475) Fix masking of hysteresis registers (Tony O'Brien)
- hwmon: (adt7475) Display smoothing attributes in correct order (Tony O'Brien)
- ethernet: sun: add check for the mdesc_grab() (Liang He)
- net/iucv: Fix size of interrupt data (Alexandra Winter)
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (Szymon Heidrich)
- ipv4: Fix incorrect table ID in IOCTL path (Ido Schimmel)
- block: sunvdc: add check for mdesc_grab() returning NULL (Liang He)
- nvmet: avoid potential UAF in nvmet_req_complete() (Damien Le Moal)
- net: usb: smsc75xx: Limit packet length to skb->len (Szymon Heidrich)
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (Zheng Wang)
- net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (Heiner Kallweit)
- net: tunnels: annotate lockless accesses to dev->needed_headroom (Eric Dumazet)
- qed/qed_dev: guard against a possible division by zero (Daniil Tatianin)
- nfc: pn533: initialize struct pn533_out_arg properly (Fedor Pchelkin)
- tcp: tcp_make_synack() can be called from process context (Breno Leitao)
- fs: sysfs_emit_at: Remove PAGE_SIZE alignment check (Eric Biggers)
- ext4: fix cgroup writeback accounting with fs-layer encryption (Eric Biggers)
- LTS version: v4.14.310 (Saeed Mirzamohammadi)
- drm/i915: Don't use BAR mappings for ring buffers with LLC (John Harrison)
- tipc: improve function tipc_wait_for_cond() (Tung Nguyen)
- media: ov5640: Fix analogue gain control (Paul Elder)
- PCI: Add SolidRun vendor ID (Alvaro Karsz)
- macintosh: windfarm: Use unsigned type for 1-bit bitfields (Nathan Chancellor)
- alpha: fix R_ALPHA_LITERAL reloc for large modules (Edward Humes)
- MIPS: Fix a compilation issue (xurui)
- net: caif: Fix use-after-free in cfusbl_device_notify() (Shigeru Yoshida)
- ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() (Eric Dumazet)
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (Kang Chen)
- nfc: change order inside nfc_se_io error path (Fedor Pchelkin)
- ext4: zero i_disksize when initializing the bootloader inode (Zhihao Cheng)
- ext4: fix WARNING in ext4_update_inline_data (Ye Bin)
- ext4: move where set the MAY_INLINE_DATA flag is set (Ye Bin)
- ext4: fix another off-by-one fsmap error on 1k block filesystems (Darrick J. Wong)
- ext4: fix RENAME_WHITEOUT handling for inline directories (Eric Whitney)
- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (Andrew Cooper)
- LTS version: v4.14.309 (Saeed Mirzamohammadi)
- staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh (Philipp Hortmann)
- staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script (Philipp Hortmann)
- wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" (Hector Martin)
- LTS version: v4.14.308 (Saeed Mirzamohammadi)
- thermal: intel: powerclamp: Fix cur_state for multi package system (Srinivas Pandruvada)
- tcp: Fix listen() regression in 4.14.303. (Kuniyuki Iwashima)
- s390/setup: init jump labels before command line parsing (Vasily Gorbik)
- s390/maccess: add no DAT mode to kernel_write (Vasily Gorbik)
- Bluetooth: hci_sock: purge socket queues in the destruct() callback (Nguyen Dinh Phi)
- phy: rockchip-typec: Fix unsigned comparison with less than zero (Jiapeng Chong)
- usb: uvc: Enumerate valid values for color matching (Daniel Scally)
- USB: ene_usb6250: Allocate enough memory for full object (Kees Cook)
- usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (Kees Cook)
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (Harshit Mogalapalli)
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (Harshit Mogalapalli)
- tools/iio/iio_utils:fix memory leak (Yulong Zhang)
- tty: serial: fsl_lpuart: disable the CTS when send break signal (Sherry Sun)
- tty: fix out-of-bounds access in tty_driver_lookup_tty() (Sven Schnelle)
- media: uvcvideo: Handle cameras with invalid descriptors (Ricardo Ribalda)
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (Darrell Kavanagh)
- tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (Jia-Ju Bai)
- thermal: intel: quark_dts: fix error pointer dereference (Dan Carpenter)
- scsi: ipr: Work around fortify-string warning (Arnd Bergmann)
- tcp: tcp_check_req() can be called from process context (Eric Dumazet)
- ARM: dts: spear320-hmi: correct STMPE GPIO compatible (Krzysztof Kozlowski)
- nfc: fix memory leak of se_io context in nfc_genl_se_io (Fedor Pchelkin)
- 9p/xen: fix connection sequence (Juergen Gross)
- 9p/xen: fix version parsing (Juergen Gross)
- net: fix __dev_kfree_skb_any() vs drop monitor (Eric Dumazet)
- netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() (Hangyu Hua)
- watchdog: pcwd_usb: Fix attempting to access uninitialized memory (Li Hua)
- watchdog: Fix kmemleak in watchdog_cdev_register (Chen Jun)
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (ruanjinjie)
- x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list (Ammar Faizi)
- ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed (Zhihao Cheng)
- ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() (Zhihao Cheng)
- ubifs: ubifs_writepage: Mark page dirty after writing inode failed (Zhihao Cheng)
- ubifs: dirty_cow_znode: Fix memleak in error handling path (Zhihao Cheng)
- ubifs: Re-statistic cleaned znode count if commit failed (Zhihao Cheng)
- ubi: Fix possible null-ptr-deref in ubi_free_volume() (Yang Yingliang)
- ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() (Li Zetao)
- ubi: Fix use-after-free when volume resizing failed (Li Zetao)
- ubifs: Reserve one leb for each journal head while doing budget (Zhihao Cheng)
- ubifs: Fix wrong dirty space budget for dirty inode (Zhihao Cheng)
- ubifs: Rectify space budget for ubifs_xrename() (Zhihao Cheng)
- ubi: ensure that VID header offset + VID header size <= alloc, size (George Kennedy)
- pwm: stm32-lp: fix the check on arr and cmp registers update (Fabrice Gasnier)
- fs/jfs: fix shift exponent db_agl2size negative (Liu Shixin via Jfs-discussion)
- net/sched: Retire tcindex classifier (Jamal Hadi Salim)
- kbuild: Port silent mode detection to future gnu make. (Dmitry Goncharov)
- drm/radeon: Fix eDP for single-display iMac11,2 (Mark Hawrylak)
- PCI: Avoid FLR for AMD FCH AHCI adapters (Damien Le Moal)
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (Tomas Henzl)
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses (Tomas Henzl)
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (Tomas Henzl)
- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (Tomas Henzl)
- scsi: ses: Don't attach if enclosure has no components (James Bottomley)
- scsi: qla2xxx: Fix erroneous link down (Quinn Tran)
- scsi: qla2xxx: Fix link failure in NPIV environment (Quinn Tran)
- ktest.pl: Fix missing "end_monitor" when machine check fails (Steven Rostedt)
- mips: fix syscall_get_nr (Elvira Khabirova)
- alpha: fix FEN fault handling (Al Viro)
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (Ilya Dryomov)
- ARM: dts: exynos: correct TMU phandle in Odroid XU (Krzysztof Kozlowski)
- ARM: dts: exynos: correct TMU phandle in Exynos4 (Krzysztof Kozlowski)
- dm flakey: don't corrupt the zero page (Mikulas Patocka)
- dm flakey: fix logic when corrupting a bio (Mikulas Patocka)
- wifi: cfg80211: Fix use after free for wext (Alexander Wetzel)
- wifi: rtl8xxxu: Use a longer retry limit of 48 (Bitterblue Smith)
- ext4: refuse to create ea block when umounted (Jun Nie)
- ext4: optimize ea_inode block expansion (Jun Nie)
- ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (Dmitry Fomin)
- irqdomain: Drop bogus fwspec-mapping error handling (Johan Hovold)
- irqdomain: Fix disassociation race (Johan Hovold)
- irqdomain: Fix association race (Johan Hovold)
- ima: Align ima_file_mmap() parameters with mmap_file LSM hook (Roberto Sassu)
- Documentation/hw-vuln: Document the interaction between IBRS and STIBP (KP Singh)
- x86/microcode/AMD: Fix mixed steppings support (Borislav Petkov (AMD))
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (Borislav Petkov (AMD))
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (Borislav Petkov (AMD))
- x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (Yang Jihong)
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (Yang Jihong)
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (Sean Christopherson)
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (Sean Christopherson)
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (Sean Christopherson)
- udf: Fix file corruption when appending just after end of preallocated extent (Jan Kara)
- udf: Do not update file length for failed writes to inline files (Jan Kara)
- udf: Do not bother merging very long extents (Jan Kara)
- udf: Truncate added extents on failed expansion (Jan Kara)
- ocfs2: fix non-auto defrag path not working issue (Heming Zhao via Ocfs2-devel)
- ocfs2: fix defrag path triggering jbd2 ASSERT (Heming Zhao via Ocfs2-devel)
- f2fs: fix information leak in f2fs_move_inline_dirents() (Eric Biggers)
- fs: hfsplus: fix UAF issue in hfsplus_put_super (Dongliang Mu)
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (Liu Shixin)
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter (Vasily Gorbik)
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (Vasily Gorbik)
- rtc: pm8xxx: fix set-alarm race (Johan Hovold)
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (Jun ASAKA)
- spi: bcm63xx-hsspi: Fix multi-bit mode setting (William Zhang)
- dm cache: add cond_resched() to various workqueue loops (Mike Snitzer)
- dm thin: add cond_resched() to various workqueue loops (Mike Snitzer)
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks (Claudiu Beznea)
- regulator: s5m8767: Bounds check id indexing into arrays (Kees Cook)
- regulator: max77802: Bounds check regulator id against opmode (Kees Cook)
- ASoC: kirkwood: Iterate over array indexes instead of using pointer math (Kees Cook)
- docs/scripts/gdb: add necessary make scripts_gdb step (Jakob Koschel)
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang)
- drm/radeon: free iio for atombios when driver shutdown (Liwei Song)
- ACPI: video: Fix Lenovo Ideapad Z570 DMI match (Hans de Goede)
- m68k: Check syscall_trace_enter() return code (Michael Schmitz)
- net: bcmgenet: Add a check for oversized packets (Florian Fainelli)
- ACPI: Don't build ACPICA with '-Os' (Mark Rutland)
- inet: fix fast path in __inet_hash_connect() (Pietro Borrello)
- timers: Prevent union confusion from unexpected restart_syscall() (Jann Horn)
- thermal: intel: Fix unsigned comparison with less than zero (Yang Li)
- rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait() (Paul E. McKenney)
- wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (Jisoo Jang)
- ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (Markuss Broks)
- udf: Define EFSCORRUPTED error code (Jan Kara)
- rpmsg: glink: Avoid infinite loop on intent for missing channel (Bjorn Andersson)
- media: usb: siano: Fix use after free bugs caused by do_submit_urb (Duoming Zhou)
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (Duoming Zhou) [Orabug: 35181651] {CVE-2023-1118}
- media: platform: ti: Add missing check for devm_regulator_get (Jiasheng Jiang)
- MIPS: vpe-mt: drop physical_memsize (Randy Dunlap)
- powerpc/pseries/lparcfg: add missing RTAS retry status handling (Nathan Lynch)
- powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (Frederic Barrat)
- Input: ads7846 - don't check penirq immediately for 7845 (Luca Ellero)
- Input: ads7846 - don't report pressure for ads7845 (Luca Ellero)
- mtd: rawnand: sunxi: Fix the size of the last OOB region (Samuel Holland)
- mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (Qiheng Lin)
- dm: remove flush_scheduled_work() during local_exit() (Mike Snitzer)
- scsi: aic94xx: Add missing check for dma_map_single() (Jiasheng Jiang)
- hwmon: (ltc2945) Handle error case in ltc2945_value_store (Jonathan Cormier)
- gpio: vf610: connect GPIO label to dev name (Haibo Chen)
- ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress() (Kuninori Morimoto)
- drm/mediatek: Drop unbalanced obj unref (Rob Clark)
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (Daniel Mentz)
- ALSA: hda/ca0132: minor fix for allocation size (Alexey V. Vissarionov)
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (Miaoqian Lin)
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (Jiasheng Jiang)
- gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (Liang He)
- drm/bridge: megachips: Fix error handling in i2c_register_driver() (Yuan Can)
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (Geert Uytterhoeven)
- irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts (Florian Fainelli)
- can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error (Frank Jungclaus)
- wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (Dan Carpenter)
- m68k: /proc/hardware should depend on PROC_FS (Randy Dunlap)
- crypto: rsa-pkcs1pad - Use akcipher_request_complete (Herbert Xu)
- Bluetooth: L2CAP: Fix potential user-after-free (Luiz Augusto von Dentz)
- cpufreq: davinci: Fix clk use after free (Uwe Kleine-König)
- irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe (Miaoqian Lin)
- irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains (Miaoqian Lin)
- net/mlx5: Enhance debug print in page allocation failure (Jack Morgenstein)
- crypto: seqiv - Handle EBUSY correctly (Herbert Xu)
- ACPI: battery: Fix missing NUL-termination with large strings (Armin Wolf)
- wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (Minsuk Kang)
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (Fedor Pchelkin)
- wifi: orinoco: check return value of hermes_write_wordrec() (Alexey Kodanev)
- ACPICA: nsrepair: handle cases without a return value correctly (Daniil Tatianin)
- lib/mpi: Fix buffer overrun when SG is too long (Herbert Xu)
- genirq: Fix the return type of kstat_cpu_irqs_sum() (Zhen Lei)
- wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
- wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
- wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (Zhengchao Shao)
- wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (Zhang Changzhong)
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (Zhengchao Shao)
- wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang)
- wifi: libertas: fix memory leak in lbs_init_adapter() (Zhengchao Shao)
- arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (Neil Armstrong)
- arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (Neil Armstrong)
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (Neil Armstrong)
- ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato (Krzysztof Kozlowski)
- ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (Yang Yingliang)
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (Martin Blumenstingl)
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name (Martin Blumenstingl)
- ARM: zynq: Fix refcount leak in zynq_early_slcr_init (Qiheng Lin)
- ARM: OMAP2+: Fix memory leak in realtime_counter_init() (Chen Hui)
- HID: asus: use spinlock to safely schedule workers (Pietro Borrello) [Orabug: 35181604] {CVE-2023-1079}
- HID: asus: use spinlock to protect concurrent accesses (Pietro Borrello)
- HID: asus: Remove check for same LED brightness on set (Luke D. Jones)
- USB: core: Don't hold device lock while reading the "descriptors" sysfs file (Alan Stern)
- USB: serial: option: add support for VW/Skoda "Carstick LTE" (Florian Zumbiehl)
- dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (Jiasheng Jiang)
- bpf: Fix truncation handling for mod32 dst reg wrt zero (Daniel Borkmann)
- bpf: Fix 32 bit src register truncation on div/mod (Daniel Borkmann) [Orabug: 33041998] {CVE-2021-3600}
- bpf: fix subprog verifier bypass by div/mod by 0 exception (Daniel Borkmann)
- bpf: Do not use ax register in interpreter on div/mod (Daniel Borkmann)
- net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues(). (Kuniyuki Iwashima)
- IB/hfi1: Assign npages earlier (Dean Luick)
- btrfs: send: limit number of clones and allocated memory size (David Sterba)
- ARM: dts: rockchip: add power-domains property to dp node on rk3288 (Johan Jonker)
- LTS version: v4.14.307 (Saeed Mirzamohammadi)
- wifi: mwifiex: Add missing compatible string for SD8787 (Lukas Wunner)
- uaccess: Add speculation barrier to copy_from_user() (Dave Hansen)
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (Thomas Gleixner)
- powerpc: dts: t208x: Disable 10G on MAC1 and MAC2 (Sean Anderson)
- random: always mix cycle counter in add_latent_entropy() (Jason A. Donenfeld)
- powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G (Sean Anderson)
- wifi: rtl8xxxu: gen2: Turn on the rate control (Bitterblue Smith)
-
Wed Apr 19 2023 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.525.1.el7uek]
- net/rds: use appropriate return code while dropping a connection (Praveen Kumar Kannoju) [Orabug: 35279328]
- net/rds: use appropriate reason while dropping a connection (Praveen Kumar Kannoju) [Orabug: 35278125]
- netfilter: ebtables: fix table blob use-after-free (Florian Westphal) [Orabug: 35256192]
- net/rds: Adding TCP stats for TCP keepalive timeout (Nagappan Ramasamy Palaniappan) [Orabug: 35254380]
- x86/cpu: Fix LFENCE serialization check in init_amd() (Rhythm Mahajan) [Orabug: 35225921]
- taskstats: Fix memory leak due to taskstats_counts objects. (Imran Khan) [Orabug: 34768713]
-
Wed Mar 29 2023 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.524.5.el7uek]
- rds/ib: Fix the softlock-up in RDS cache GC worker (Arumugam Kolappan) [Orabug: 35079728]
-
Thu Mar 23 2023 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.524.4.el7uek]
- xfs: add missing cmap->br_state = XFS_EXT_NORM update (Gao Xiang) [Orabug: 35202792]
- x86/tsc: Disable clocksource watchdog for TSC on qualified platorms (Feng Tang) [Orabug: 35181414]
- x86/tsc: Add a timer to make sure TSC_adjust is always checked (Feng Tang) [Orabug: 35181414]