-
Wed May 18 2022 Jack Vogel <jack.vogel@oracle.com> [4.14.35-2047.513.2.2.el7uek]
- debug: Lock down kgdb (Stephen Brennan) [Orabug: 34152700] {CVE-2022-21499}
-
Mon May 16 2022 Jack Vogel <jack.vogel@oracle.com> [4.14.35-2047.513.2.1.el7uek]
- perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34175592] {CVE-2022-1729}
-
Mon May 09 2022 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.513.2.el7uek]
- Revert "rds/ib: recover rds connection from stuck tx path" (Nagappan Ramasamy Palaniappan) [Orabug: 34124234]
- Revert "rds/ib: reap tx completions during connection shutdown" (Nagappan Ramasamy Palaniappan) [Orabug: 34124234]
- Revert "rds/ib: handle posted ACK during connection shutdown" (Nagappan Ramasamy Palaniappan) [Orabug: 34124234]
-
Fri Apr 15 2022 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.513.1.el7uek]
- mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050]
- esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) [Orabug: 33997301] {CVE-2022-27666}
-
Fri Apr 08 2022 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.513.0.el7uek]
- rds: ib: Initialize SG table properly (Håkon Bugge) [Orabug: 34031914]
- rds: ib: Fix racy credit tracepoints (Håkon Bugge) [Orabug: 33980856]
- net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33945366]
- ice: Add E810-XXV pci device ids to UEK5 (John Donnelly) [Orabug: 33750110]
-
Wed Apr 06 2022 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.512.6.el7uek]
- Revert "rds/ib: recover rds connection from stuck rx path" (Rohit Nair) [Orabug: 34039271]
- uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774]
-
Wed Mar 30 2022 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.512.5.el7uek]
- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016}
- rds: Fix incorrect initialization order (Håkon Bugge) [Orabug: 33923372]
- btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149}
- sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966}
-
Fri Mar 18 2022 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.512.4.el7uek]
- Linux 4.14.265 (Greg Kroah-Hartman)
- ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani)
- EDAC/xgene: Fix deferred probing (Sergey Shtylyov)
- EDAC/altera: Fix deferred probing (Sergey Shtylyov)
- rtc: cmos: Evaluate century appropriate (Riwen Lu)
- selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum)
- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo)
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini)
- ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin)
- drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter)
- net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson)
- net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal)
- net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal)
- spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin)
- spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard)
- spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu)
- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel)
- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang)
- RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky)
- block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen)
- drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez)
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown)
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown)
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown)
- audit: improve audit queue handling when "audit=1" on cmdline (Paul Moore)
- af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet)
- rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet)
- net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K)
- net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju)
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov)
- netfilter: nat: limit port clash resolution attempts (Florian Westphal)
- netfilter: nat: remove l4 protocol port rovers (Florian Westphal)
- bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann)
- ipv4: raw: lock the socket in raw_bind() (Eric Dumazet)
- yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua)
- ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu)
- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (José Expósito)
- drm/msm: Fix wrong size calculation (Xianting Tian)
- net-procfs: show net devices bound packet types (Jianguo Wu)
- NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust)
- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust)
- hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck)
- ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long)
- net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi)
- ipv6_tunnel: Rate limit warning messages (Ido Schimmel)
- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini)
- rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke)
- rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar)
- i40e: fix unsigned stat widths (Joe Damato)
- i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski)
- lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy)
- powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy)
- net: sfp: ignore disabled SFP node (Marek Behún)
- usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan)
- USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern)
- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti)
- usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter)
- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern)
- tty: Add support for Brainboxes UC cards. (Cameron Williams)
- tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com)
- serial: stm32: fix software flow control transfer (Valentin Caron)
- netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso)
- PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman)
- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier)
- s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik)
- Bluetooth: refactor malicious adv data check (Brian Gix)
- Linux 4.14.264 (Greg Kroah-Hartman)
- can: bcm: fix UAF of bcm op (Ziyang Xuan)
- Linux 4.14.263 (Greg Kroah-Hartman)
- gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun)
- gianfar: simplify FCS handling and fix memory leak (Andy Spencer)
- drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie)
- mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue (Ben Hutchings)
- lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin)
- scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer)
- bcmgenet: add WOL IRQ check (Sergey Shtylyov)
- net_sched: restore "mpu xxx" handling (Kevin Bracey)
- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus)
- dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus)
- dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus)
- dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus)
- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault)
- netns: add schedule point in ops_exit_list() (Eric Dumazet)
- net: axienet: fix number of TX ring slots for available check (Robert Hancock)
- net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock)
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet)
- parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin)
- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz)
- powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz)
- powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell)
- RDMA/rxe: Fix a typo in opcode name (Chengguang Xu)
- RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu)
- Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn)
- firmware: Update Kconfig help text for Google firmware (Ben Hutchings)
- drm/radeon: fix error handling in radeon_driver_open_kms (Christian König)
- crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut)
- ext4: don't use the orphan list when migrating an inode (Theodore Ts'o)
- ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin)
- ext4: set csum seed in tmp inode while migrating to extents (Luís Henriques)
- ext4: make sure quota gets properly shutdown on error (Jan Kara)
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer)
- cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin)
- serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner)
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek)
- power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy)
- ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih)
- scsi: sr: Don't use GFP_DMA (Christoph Hellwig)
- MIPS: Octeon: Fix build errors using clang (Tianjia Zhang)
- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D)
- MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin)
- ALSA: seq: Set upper limit of processed events (Takashi Iwai)
- w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy)
- i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund)
- powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman)
- i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit)
- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin)
- powerpc/btext: add missing of_node_put (Julia Lawall)
- powerpc/cell: add missing of_node_put (Julia Lawall)
- powerpc/powernv: add missing of_node_put (Julia Lawall)
- powerpc/6xx: add missing of_node_put (Julia Lawall)
- parisc: Avoid calling faulthandler_disabled() twice (John David Anglin)
- serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner)
- serial: pl010: Drop CR register reset on set_termios (Lukas Wunner)
- net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle))
- dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber)
- dm btree: add a defensive bounds check to insert_at() (Joe Thornber)
- mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih)
- net: mdio: Demote probed message to debug print (Florian Fainelli)
- btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik)
- btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik)
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov)
- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki)
- ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki)
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf)
- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo)
- um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap)
- iwlwifi: remove module loading failure message (Johannes Berg)
- iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg)
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen)
- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng)
- arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding)
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson)
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang)
- media: igorplugusb: receiver overflow should be reported (Sean Young)
- bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni)
- net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar)
- ath10k: Fix tx hanging (Sebastian Gottschall)
- iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg)
- media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab)
- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang)
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard)
- floppy: Add max size check for user space request (Xiongwei Song)
- usb: uhci: add aspeed ast2600 uhci support (Neal Liu)
- mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen)
- HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye)
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede)
- drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch)
- mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson)
- media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma)
- HID: apple: Do not reset quirks when the Fn key is not found (José Expósito)
- usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti)
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs)
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen)
- fs: dlm: filter user dlm messages for kernel locks (Alexander Aring)
- Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun)
- RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib)
- mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap)
- mips: lantiq: add support for clk_set_parent() (Randy Dunlap)
- misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun)
- ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang)
- iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang)
- dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann)
- RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon)
- scsi: ufs: Fix race conditions related to driver data (Bart Van Assche)
- char/mwave: Adjust io port register size (Kees Cook)
- ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui)
- powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu)
- RDMA/hns: Validate the pkey index (Kamal Heib)
- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai)
- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai)
- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai)
- ext4: avoid trim error on fs with small groups (Jan Kara)
- net: mcs7830: handle usb read errors properly (Pavel Skripkin)
- pcmcia: fix setting of kthread task states (Dominik Brodowski)
- can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang)
- can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde)
- tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun)
- spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin)
- fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang)
- ppp: ensure minimum packet size in ppp_write() (Eric Dumazet)
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang)
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang)
- x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun)
- usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun)
- media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai)
- media: dw2102: Fix use after free (Anton Vasilyev)
- sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua)
- media: si2157: Fix "warm" tuner state detection (Robert Schlabbach)
- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang)
- media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang)
- floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis)
- serial: amba-pl011: do not request memory region twice (Lino Sanfilippo)
- drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang)
- drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang)
- arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov)
- netfilter: bridge: add support for pppoe filtering (Florian Westphal)
- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld)
- tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus)
- tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus)
- crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye)
- media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai)
- Bluetooth: stop proccessing malicious adv data (Pavel Skripkin)
- media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu)
- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue)
- clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard)
- clk: bcm-2835: Pick the closest clock rate (Maxime Ripard)
- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai)
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li)
- shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li)
- can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold)
- media: stk1160: fix control-message timeouts (Johan Hovold)
- media: pvrusb2: fix control-message timeouts (Johan Hovold)
- media: redrat3: fix control-message timeouts (Johan Hovold)
- media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron)
- media: s2255: fix control-message timeouts (Johan Hovold)
- media: cpia2: fix control-message timeouts (Johan Hovold)
- media: em28xx: fix control-message timeouts (Johan Hovold)
- media: mceusb: fix control-message timeouts (Johan Hovold)
- media: flexcop-usb: fix control-message timeouts (Johan Hovold)
- rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jończyk)
- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski)
- HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke)
- HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke)
- HID: uhid: Fix worker destroying device without any protection (Jann Horn)
- Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi)
- Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi)
- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger)
- media: uvcvideo: fix division by zero at stream start (Johan Hovold)
- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET)
- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor)
- staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor)
- random: fix data race on crng init time (Eric Biggers)
- random: fix data race on crng_node_pool (Eric Biggers)
- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman)
- can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde)
- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko)
- USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status (Alan Stern)
- USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern)
- Bluetooth: bfusb: fix division by zero in send path (Johan Hovold)
- Linux 4.14.262 (Greg Kroah-Hartman)
- mISDN: change function names to avoid conflicts (wolfgang huang)
- net: udp: fix alignment problem in udp4_seq_show() (yangxingwu)
- ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao)
- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng)
- ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern)
- ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern)
- phonet: refcount leak in pep_sock_accep (Hangyu Hua)
- rndis_host: support Hytera digital radios (Thomas Toye)
- power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor)
- sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet)
- ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern)
- ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern)
- i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski)
- i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu)
- mac80211: initialize variable have_higher_than_11mbit (Tom Rix)
- RDMA/core: Don't infoleak GRH fields (Leon Romanovsky)
- ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin)
- virtio_pci: Support surprise removal of virtio pci device (Parav Pandit)
- tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao)
- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao)
- Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai)
-
Fri Mar 18 2022 John Donnelly <john.p.donnelly@oracle.com> [4.14.35-2047.512.3.el7uek]
- lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317} {CVE-2021-20317}
- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520]
- uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655]
- uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455]
- sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297]
- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448}
- Linux 4.14.261 (Greg Kroah-Hartman)
- sctp: use call_rcu to free endpoint (Xin Long)
- net: fix use-after-free in tw_timer_handler (Muchun Song)
- Input: spaceball - fix parsing of movement data packets (Leo L. Schwab)
- Input: appletouch - initialize work before device registration (Pavel Skripkin)
- binder: fix async_free_space accounting for empty parcels (Todd Kjos)
- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier)
- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman)
- uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin)
- nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski)
- fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin)
- NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun)
- net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott)
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter)
- selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix)
- recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens)
- platform/x86: apple-gmux: use resource_size() with res (Wang Qing)
- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede)
- Linux 4.14.260 (Greg Kroah-Hartman)
- phonet/pep: refuse to enable an unbound pipe (Rémi Denis-Courmont)
- hamradio: improve the incomplete fix to avoid NPD (Lin Ma)
- hamradio: defer ax25 kfree after unregister_netdev (Lin Ma)
- ax25: NPD bug when detaching AX25 device (Lin Ma)
- hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck)
- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson)
- usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca)
- f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu)
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel)
- pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne)
- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper)
- Input: atmel_mxt_ts - fix double free in mxt_read_info_block (José Expósito)
- ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King)
- ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang)
- hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck)
- sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang)
- drivers: net: smc911x: Check for error irq (Jiasheng Jiang)
- fjes: Check for error irq (Jiasheng Jiang)
- bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera)
- net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn)
- qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang)
- spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu)
- HID: holtek: fix mouse probing (Benjamin Tissoires)
- can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson)
- net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski)
- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401}
- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Fix bug in retpoline mode on AMD with `spectre_v2=none` (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}
- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502]
- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}
- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}
- lib/iov_iter: initialize "flags" in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847}
- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092]
- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}
- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}
- scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182]
- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942}
- drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330}
- proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650]
- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767]
- rds: ib: Make selection of completion_vector QoS aware (Håkon Bugge) [Orabug: 33819408]
- Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698]
- dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698]
- dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698]
- dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698]
- dm: add dust target (Bryan Gurney) [Orabug: 33653698]
- hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002}
- rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747]
- rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747]
- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747]
- rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821341]
- uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558]
-
Fri Feb 18 2022 Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> [4.14.35-2047.512.1.el7uek]
- Revert "stable: clamp SUBLEVEL in 4.14" (Alan Maguire) [Orabug: 33861950]
- tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435} {CVE-2022-0435}
- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492}
- blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945]
- DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598]