-
Thu Jun 05 2025 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.345.1.el8uek]
- RDS: use get_user_pages_fast() in rdma_pin_pages() (Stephen Brennan) [Orabug: 37973441]
- x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre) [Orabug: 37959151]
- selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- x86/its: Add "vmexit" option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
- Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
-
Wed May 21 2025 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.344.4.el8uek]
- certs: Add new Oracle Linux Driver Signing (key 1) certificate (Sherry Yang) [Orabug: 37967555]
-
Thu May 15 2025 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.344.3.el8uek]
- net/mlx5e: Don't call cleanup on profile rollback failure (Cosmin Ratiu) [Orabug: 37670859]
- net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (Elena Salomatkina) [Orabug: 37206299,37670859] {CVE-2024-50000}
- net/mlx5: Fix error path in multi-packet WQE transmit (Gerd Bayer) [Orabug: 37206302,37670859] {CVE-2024-50001}
- net/mlx5: Discard command completions in internal error (Akiva Goldberger) [Orabug: 36753438,37670859] {CVE-2024-38555}
- net/mlx5e: fix a potential double-free in fs_any_create_groups (Dinghao Liu) [Orabug: 36802351,37670859] {CVE-2023-52667}
- net/mlx5: Reclaim max 50K pages at once (Anand Khoje) [Orabug: 36275016]
-
Thu May 08 2025 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.344.2.el8uek]
- LTS tag: v5.4.292 (Alok Tiwari)
- jfs: add index corruption check to DT_GETPAGE() (Roman Smirnov)
- tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu) [Orabug: 37844202] {CVE-2025-22035}
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (Karel Balej)
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (Paul Menzel)
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn) [Orabug: 37844275] {CVE-2025-22045}
- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume (Guilherme G. Piccoli)
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (Markus Elfring)
- can: flexcan: only change CAN state when link up in system PM (Haibo Chen)
- arcnet: Add NULL check in com20020pci_probe() (Henry Martin) [Orabug: 37844303] {CVE-2025-22054}
- net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy (David Oberhollenzer)
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (Fernando Fernandez Mancera)
- vsock: avoid timeout during connect() if the socket is closing (Stefano Garzarella)
- net_sched: skbprio: Remove overly strict queue assertions (Cong Wang) [Orabug: 37855375] {CVE-2025-38637}
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu) [Orabug: 37844344] {CVE-2025-22063}
- ntb: intel: Fix using link status DB's (Nikita Shubin)
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Yajun Deng)
- spufs: fix a leak in spufs_create_context() (Al Viro) [Orabug: 37844365] {CVE-2025-22071}
- spufs: fix a leak on spufs_new_file() failure (Al Viro) [Orabug: 37844378] {CVE-2025-22073}
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (Tasos Sahanidis)
- can: statistics: use atomic access in hot path (Oliver Hartkopp)
- locking/semaphore: Use wake_q to wake up processes outside lock critical section (Waiman Long)
- sched/deadline: Use online cpus for validating runtime (Shrikanth Hegde)
- affs: don't write overlarge OFS data block size fields (Simon Tatham)
- affs: generate OFS sequence numbers starting at 1 (Simon Tatham)
- wifi: iwlwifi: fw: allocate chained SG tables for dump (Johannes Berg)
- sched/smt: Always inline sched_smt_active() (Josh Poimboeuf)
- octeontx2-af: Fix mbox INTR handler when num VFs > 64 (Geetha Sowjanya)
- ring-buffer: Fix bytes_dropped calculation issue (Feng Yang)
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) [Orabug: 37976879] {CVE-2025-37937}
- fs/procfs: fix the comment above proc_pid_wchan() (Bart Van Assche)
- perf python: Check if there is space to copy all the event (Arnaldo Carvalho de Melo)
- perf python: Decrement the refcount of just created event on failure (Arnaldo Carvalho de Melo)
- perf python: Fixup description of sample.id event member (Arnaldo Carvalho de Melo)
- ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) [Orabug: 37844394] {CVE-2025-22079}
- kexec: initialize ELF lowest address to ULONG_MAX (Sourabh Jain)
- perf units: Fix insufficient array space (Arnaldo Carvalho de Melo)
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (Jonathan Cameron)
- coresight: catu: Fix number of pages while using 64k pages (Ilkka Koskinen)
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (Qasim Ijaz)
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (Jann Horn)
- mfd: sm501: Switch to BIT() to mitigate integer overflows (Nikita Zhandarovich)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) [Orabug: 37844422] {CVE-2025-22086}
- power: supply: max77693: Fix wrong conversion of charge input threshold value (Artur Weber)
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (Jann Horn)
- clk: amlogic: g12a: fix mmc A peripheral clock (Jerome Brunet)
- clk: amlogic: gxbb: drop non existing 32k clock parent (Jerome Brunet)
- clk: amlogic: g12b: fix cluster A parent data (Jerome Brunet)
- IB/mad: Check available slots before posting receive WRs (Maher Sanalla)
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent (Peter Geis)
- pinctrl: renesas: rza2: Fix missing of_node_put() call (Fabrizio Castro)
- lib: 842: Improve error handling in sw842_compress() (Tanya Agarwal)
- clk: amlogic: gxbb: drop incorrect flag on 32k clock (Jerome Brunet)
- fbdev: sm501fb: Add some geometry checks. (Danila Chernetsov)
- mdacon: rework dependency list (Arnd Bergmann)
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (Markus Elfring)
- PCI: pciehp: Don't enable HPIE when resuming in poll mode (Ilpo Järvinen)
- PCI: Remove stray put_device() in pci_register_host_bridge() (Dan Carpenter)
- PCI/portdrv: Only disable pciehp interrupts early when needed (Feng Tang)
- PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) [Orabug: 37844108] {CVE-2024-58093}
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (AngeloGioacchino Del Regno)
- ALSA: hda/realtek: Always honor no_shutup_pins (Takashi Iwai)
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (Tao Chen)
- lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() (Sebastian Andrzej Siewior)
- PM: sleep: Fix handling devices with direct_complete set on errors (Rafael J. Wysocki)
- thermal: int340x: Add NULL check for adev (Chenyuan Yang) [Orabug: 37844584] {CVE-2025-23136}
- EDAC/ie31200: Fix the error path order of ie31200_init() (Qiuxu Zhuo)
- EDAC/ie31200: Fix the DIMM size mask for several SoCs (Qiuxu Zhuo)
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer (Qiuxu Zhuo)
- selinux: Chain up tool resolving errors in install_policy.sh (Tim Schumacher)
- x86/platform: Only allow CONFIG_EISA for 32-bit (Arnd Bergmann)
- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (Benjamin Berg)
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (Jie Zhan)
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Mike Rapoport)
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) [Orabug: 37844141] {CVE-2025-22020}
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (Fabio Porcedda)
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (Fabio Porcedda)
- tty: serial: 8250: Add some more device IDs (Cameron Williams)
- counter: stm32-lptimer-cnt: fix error handling when enabling (Fabrice Gasnier)
- netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) [Orabug: 37844145] {CVE-2025-22021}
- ARM: Remove address checking for MMUless devices (Yanjun Yang)
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts (Kees Cook)
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() (Kees Cook)
- atm: Fix NULL pointer dereference (Minjoong Kim) [Orabug: 37838897] {CVE-2025-22018}
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (Terry Junge)
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (Terry Junge)
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) [Orabug: 37828196] {CVE-2025-21996}
- batman-adv: Ignore own maximum aggregation size during RX (Sven Eckelmann)
- ARM: shmobile: smp: Enforce shmobile_smp_* alignment (Geert Uytterhoeven)
- mmc: atmel-mci: Add missing clk_disable_unprepare() (Gu Bowen)
- drm/v3d: Don't run jobs that have errors flagged in its fence (Maíra Canal)
- i2c: omap: fix IRQ storms (Andreas Kemnade)
- net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES (Lin Ma)
- net: atm: fix use after free in lec_send() (Dan Carpenter) [Orabug: 37828221] {CVE-2025-22004}
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). (Kuniyuki Iwashima)
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) [Orabug: 37828229] {CVE-2025-22005}
- Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) [Orabug: 37828235] {CVE-2025-22007}
- RDMA/hns: Fix wrong value of max_sge_rd (Junxian Huang)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (Saravanan Vajravel)
- xfrm_output: Force software GSO only in tunnel mode (Cosmin Ratiu)
- firmware: imx-scu: fix OF node leak in .probe() (Joe Hattori)
- i2c: sis630: Fix an error handling path in sis630_probe() (Christophe Jaillet)
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (Christophe Jaillet)
- i2c: ali1535: Fix an error handling path in ali1535_probe() (Christophe Jaillet)
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (Christophe Jaillet)
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (Ivan Abramov)
- qlcnic: fix memory leak issues in qlcnic_sriov_common.c (Haoxiang Li)
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) [Orabug: 37828049] {CVE-2025-21956}
- drm/atomic: Filter out redundant DPMS calls (Ville Syrjälä)
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) [Orabug: 37828167] {CVE-2025-21991}
- USB: serial: option: match on interface class for Telit FN990B (Johan Hovold)
- USB: serial: option: fix Telit Cinterion FE990A name (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FE990B compositions (Fabio Porcedda)
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (Boon Khai Ng)
- block: fix 'kmem_cache of name 'bio-108' already exists' (Ming Lei)
- drm/nouveau: Do not override forced connector status (Thomas Zimmermann)
- x86/irq: Define trace events conditionally (Arnd Bergmann)
- fuse: don't truncate cached, mutated symlink (Miklos Szeredi)
- nvme: only allow entering LIVE from CONNECTING state (Daniel Wagner)
- sctp: Fix undefined behavior in left shift operation (Yu-Chun Lin)
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (Ruozhu Li)
- ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() (Kuninori Morimoto)
- s390/cio: Fix CHPID "configure" attribute caching (Peter Oberparleiter)
- HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao) [Orabug: 37828174] {CVE-2025-21992}
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (Zhang Lixu)
- ACPI: resource: IRQ override for Eluktronics MECH-17 (Gannon Kolding)
- scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) [Orabug: 37828056] {CVE-2025-21957}
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) [Orabug: 37828181] {CVE-2025-21993}
- powercap: call put_device() on an error path in powercap_register_control_type() (Joe Hattori)
- hrtimers: Mark is_migration_base() with __always_inline (Andy Shevchenko)
- nvme-fc: go straight to connecting state when initializing (Daniel Wagner)
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (Carolina Jubran)
- netfilter: nft_exthdr: fix offset with ipv4_find_option() (Alexey Kashavkin)
- net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) [Orabug: 37828110] {CVE-2025-21971}
- ipvs: prevent integer overflow in do_ip_vs_get_ctl() (Dan Carpenter)
- netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) [Orabug: 37828064] {CVE-2025-21959}
- Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() (Michael Kelley)
- drivers/hv: Replace binary semaphore with mutex (Davidlohr Bueso)
- netpoll: hold rcu read lock in __netpoll_send_skb() (Breno Leitao)
- netpoll: netpoll_send_skb() returns transmit status (Eric Dumazet)
- netpoll: move netpoll_send_skb() out of line (Eric Dumazet)
- netpoll: remove dev argument from netpoll_send_skb_on_dev() (Eric Dumazet)
- netpoll: Fix use correct return type for ndo_start_xmit() (Yunjian Wang)
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (Artur Weber)
- sched/isolation: Prevent boot crash when the boot CPU is nohz_full (Oleg Nesterov)
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (David Woodhouse)
-
Thu May 01 2025 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.344.1.el8uek]
- RDS: avoid using offlined CPU during reconnect (Arumugam Kolappan) [Orabug: 37800559]
- x86/microcode/AMD: Clean the cache if update did not load microcode (Boris Ostrovsky) [Orabug: 37800729]
- x86/microcode/AMD: Add finalize_late_load() microcode_op (Boris Ostrovsky) [Orabug: 37800729]
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Add some forgotten models to the SHA check (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Load only SHA256-checksummed patches (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Flush patch buffer mapping after application (Borislav Petkov) [Orabug: 37800729]
- x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size (Boris Ostrovsky) [Orabug: 37800729]
- nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37861518]
-
Thu Apr 17 2025 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.343.5.el8uek]
- sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283,37846673] {CVE-2025-21638}
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497303,37846668] {CVE-2025-21640}
- uek-rpm: remove .el7 from shim version (Samasth Norway Ananda) [Orabug: 37834734]
-
Fri Apr 11 2025 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.343.4.el8uek]
- bpf: Use preempt_count() directly in bpf_send_signal_common() (Hou Tao)
- Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" (Magali Lemes)
- jfs: fix slab-out-of-bounds read in ea_get() (Qasim Ijaz) [Orabug: 37855411] {CVE-2025-39735}
- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (John Keeping)
- Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" (Magali Lemes)
- net: usb: usbnet: restore usb%d name exception for local mac addresses (Dominique Martinet)
- vlan: fix memory leak in vlan_newlink() (Eric Dumazet)
- rds: ib: Fix NULL ptr deref in rds_ib_cq_follow_affinity (Håkon Bugge) [Orabug: 37747826]
-
Thu Apr 10 2025 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.343.3.el8uek]
- LTS tag: v5.4.291 (Sherry Yang)
- eeprom: digsy_mtc: Make GPIO lookup table match the device (Andy Shevchenko)
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (Visweswara Tanuku) [Orabug: 37827905] {CVE-2025-21914}
- intel_th: pci: Add Panther Lake-P/U support (Alexander Shishkin)
- intel_th: pci: Add Panther Lake-H support (Alexander Shishkin)
- intel_th: pci: Add Arrow Lake support (Pawel Chmielewski)
- Squashfs: check the inode number is not the invalid value of zero (Phillip Lougher) [Orabug: 36597911] {CVE-2024-26982}
- xhci: pci: Fix indentation in the PCI device ID definitions (Andy Shevchenko)
- usb: gadget: Check bmAttributes only if configuration is valid (Prashanth K)
- usb: gadget: Fix setting self-powered state on suspend (Marek Szyprowski)
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (Prashanth K)
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (AngeloGioacchino Del Regno)
- usb: typec: ucsi: increase timeout for PPM reset operations (Fedor Pchelkin)
- usb: atm: cxacru: fix a flaw in existing endpoint checks (Nikita Zhandarovich) [Orabug: 37828336] {CVE-2025-21916}
- usb: renesas_usbhs: Flush the notify_hotplug_work (Claudiu Beznea) [Orabug: 37827913] {CVE-2025-21917}
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (Miao Li)
- usb: renesas_usbhs: Use devm_usb_get_phy() (Claudiu Beznea)
- usb: renesas_usbhs: Call clk_put() (Claudiu Beznea)
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (Christian Heusel)
- gpio: rcar: Fix missing of_node_put() call (Fabrizio Castro)
- net: ipv6: fix missing dst ref drop in ila lwtunnel (Justin Iurman)
- net: ipv6: fix dst ref loop in ila lwtunnel (Justin Iurman)
- net-timestamp: support TCP GSO case for a few missing flags (Jason Xing)
- vlan: enforce underlying device type (Oscar Maes) [Orabug: 37827929] {CVE-2025-21920}
- ppp: Fix KMSAN uninit-value warning with bpf (Jiayuan Chen) [Orabug: 37827937] {CVE-2025-21922}
- be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink (Nikolay Aleksandrov)
- drm/sched: Fix preprocessor guard (Philipp Stanner)
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (Xinghuo Chen)
- llc: do not use skb_get() before dev_queue_xmit() (Eric Dumazet) [Orabug: 37827950] {CVE-2025-21925}
- hwmon: (ad7314) Validate leading zero bits and return error (Erik Schumacher)
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (Maud Spierings)
- hwmon: (pmbus) Initialise page count in pmbus_identify() (Titus Rwantare)
- caif_virtio: fix wrong pointer check in cfv_probe() (Vitaliy Shevtsov) [Orabug: 37827863] {CVE-2025-21904}
- net: gso: fix ownership in __udp_gso_segment (Antoine Tenart) [Orabug: 37827956] {CVE-2025-21926}
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (Zhang Lixu) [Orabug: 37827964] {CVE-2025-21928}
- HID: google: fix unused variable warning under !CONFIG_ACPI (Yu-Chun Lin)
- wifi: iwlwifi: limit printed string from FW file (Johannes Berg) [Orabug: 37827870] {CVE-2025-21905}
- mm/page_alloc: fix uninitialized variable (Hao Zhang)
- rapidio: fix an API misues when rio_add_net() fails (Haoxiang Li) [Orabug: 37827984] {CVE-2025-21934}
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (Haoxiang Li) [Orabug: 37827989] {CVE-2025-21935}
- wifi: nl80211: reject cooked mode if it is set along with other flags (Vitaliy Shevtsov) [Orabug: 37827880] {CVE-2025-21909}
- wifi: cfg80211: regulatory: improve invalid hints checking (Nikita Zhandarovich) [Orabug: 37827887] {CVE-2025-21910}
- x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 (Ahmed S. Darwish)
- x86/cpu: Validate CPUID leaf 0x2 EDX output (Ahmed S. Darwish)
- x86/cacheinfo: Validate CPUID leaf 0x2 EDX output (Ahmed S. Darwish)
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (Mingcong Bai)
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (Richard Thier)
- ALSA: hda/realtek: update ALC222 depop optimize (Kailang Yang)
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (Hoku Ishibe)
- HID: appleir: Fix potential NULL dereference at raw event handle (Daniil Dulov) [Orabug: 37828025] {CVE-2025-21948}
- Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" (Rob Herring)
- drm/amdgpu: disable BAR resize on Dell G5 SE (Alex Deucher)
- drm/amdgpu: Check extended configuration space register when system uses large bar (Ma Jun)
- drm/amdgpu: skip BAR resizing if the bios already did it (Alex Deucher)
- acct: perform last write from workqueue (Christian Brauner) [Orabug: 37702044] {CVE-2025-21846}
- kernel/acct.c: use dedicated helper to access rlimit values (Yang Yang)
- kernel/acct.c: use #elif instead of #end and #elif (Sh_Def)
- drop_monitor: fix incorrect initialization order (Gavrilov Ilia) [Orabug: 37702107] {CVE-2025-21862}
- pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (Quang Le) [Orabug: 37611837] {CVE-2025-21702}
- sched/core: Prevent rescheduling when interrupts are disabled (Thomas Gleixner) [Orabug: 37766213] {CVE-2024-58090}
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (Kaustabh Chakraborty)
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (Bh Hsieh)
- usbnet: gl620a: fix endpoint checking in genelink_bind() (Nikita Zhandarovich) [Orabug: 37766256] {CVE-2025-21877}
- perf/core: Fix low freq setting via IOC_PERIOD (Kan Liang)
- ftrace: Avoid potential division by zero in function_stat_show() (Nikolay Kuratov) [Orabug: 37827849] {CVE-2025-21898}
- x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems (Russell Senior)
- net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. (Harshal Chaudhari)
- ipvs: Always clear ipvs_property flag in skb_scrub_packet() (Philo Lu)
- ASoC: es8328: fix route from DAC to output (Nicolas Frattaroli)
- net: cadence: macb: Synchronize stats calculations (Sean Anderson)
- sunrpc: suppress warnings for unused procfs functions (Arnd Bergmann)
- batman-adv: Drop unmanaged ELP metric worker (Sven Eckelmann) [Orabug: 37650307] {CVE-2025-21823}
- batman-adv: Ignore neighbor throughput metrics in error case (Sven Eckelmann)
- acct: block access to kernel internal filesystems (Christian Brauner)
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (John Veness)
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (Haoxiang Li) [Orabug: 37702054] {CVE-2025-21848}
- tee: optee: Fix supplicant wait loop (Sumit Garg) [Orabug: 37766233] {CVE-2025-21871}
- power: supply: da9150-fg: fix potential overflow (Andrey Vatoropin)
- flow_dissector: Fix port range key handling in BPF conversion (Cong Wang)
- flow_dissector: Fix handling of mixed port and port-range keys (Cong Wang)
- net: extract port range fields from fl_flow_key (Maksym Glubokiy)
- geneve: Suppress list corruption splat in geneve_destroy_tunnels(). (Kuniyuki Iwashima)
- geneve: Fix use-after-free in geneve_find_dev(). (Kuniyuki Iwashima) [Orabug: 37702088] {CVE-2025-21858}
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (Christophe Leroy) [Orabug: 37702123] {CVE-2025-21866}
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (Christophe Leroy)
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (Michael Ellerman)
- USB: gadget: f_midi: f_midi_complete to call queue_work (Jill Donahue) [Orabug: 37702094] {CVE-2025-21859}
- usb/gadget: f_midi: Replace tasklet with work (Davidlohr Bueso)
- usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API (Allen Pais)
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (Selvarasu Ganesan)
- usb: dwc3: Increase DWC3 controller halt timeout (Wesley Cheng)
- memcg: fix soft lockup in the OOM process (Chen Ridong) [Orabug: 37649599] {CVE-2024-57977}
- mm: update mark_victim tracepoints fields (Carlos Galo)
- crypto: testmgr - some more fixes to RSA test vectors (Ignat Korchagin)
- crypto: testmgr - populate RSA CRT parameters in RSA test vectors (Ignat Korchagin)
- crypto: testmgr - fix version number of RSA tests (Lei He)
- crypto: testmgr - Fix wrong test case of RSA (Lei He)
- crypto: testmgr - fix wrong key length for pkcs1pad (Lei He)
- driver core: bus: Fix double free in driver API bus_register() (Zijun Hu) [Orabug: 37206511] {CVE-2024-50055}
- scsi: storvsc: Set correct data length for sending SCSI command without payload (Long Li)
- vlan: move dev_put into vlan_dev_uninit (Xin Long)
- vlan: introduce vlan_dev_free_egress_priority (Xin Long)
- pps: Fix a use-after-free (Calvin Owens) [Orabug: 37649607] {CVE-2024-57979}
- btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana)
- x86/i8253: Disable PIT timer 0 when not in use (David Woodhouse)
- parport_pc: add support for ASIX AX99100 (Jiaqing Zhao)
- serial: 8250_pci: add support for ASIX AX99100 (Jiaqing Zhao)
- can: ems_pci: move ASIX AX99100 ids to pci_ids.h (Jiaqing Zhao)
- nilfs2: protect access to buffers with no active references (Ryusuke Konishi) [Orabug: 37650248] {CVE-2025-21811}
- nilfs2: do not force clear folio if buffer is referenced (Ryusuke Konishi) [Orabug: 37649878] {CVE-2025-21722}
- nilfs2: do not output warnings when clearing dirty buffers (Ryusuke Konishi)
- alpha: replace hardcoded stack offsets with autogenerated ones (Ivan Kokshaysky)
- ndisc: extend RCU protection in ndisc_send_skb() (Eric Dumazet) [Orabug: 37650045] {CVE-2025-21760}
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (Eric Dumazet) [Orabug: 37650052] {CVE-2025-21761}
- arp: use RCU protection in arp_xmit() (Eric Dumazet) [Orabug: 37650059] {CVE-2025-21762}
- neighbour: use RCU protection in __neigh_notify() (Eric Dumazet) [Orabug: 37650066] {CVE-2025-21763}
- neighbour: delete redundant judgment statements (Li Zetao)
- ndisc: use RCU protection in ndisc_alloc_skb() (Eric Dumazet) [Orabug: 37650072] {CVE-2025-21764}
- ipv6: use RCU protection in ip6_default_advmss() (Eric Dumazet) [Orabug: 37650078] {CVE-2025-21765}
- ipv4: use RCU protection in inet_select_addr() (Eric Dumazet)
- ipv4: use RCU protection in rt_is_expired() (Eric Dumazet)
- net: add dev_net_rcu() helper (Eric Dumazet)
- net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() (Jiri Pirko)
- regmap-irq: Add missing kfree() (Jiasheng Jiang)
- partitions: mac: fix handling of bogus partition table (Jann Horn) [Orabug: 37650105] {CVE-2025-21772}
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (Xu Wang)
- alpha: align stack for page fault and user unaligned trap handlers (Ivan Kokshaysky)
- serial: 8250: Fix fifo underflow on flush (John Keeping)
- alpha: make stack 16-byte aligned (most cases) (Ivan Kokshaysky)
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (Alexander Hölzl)
- can: c_can: fix unbalanced runtime PM disable in error path (Krzysztof Kozlowski)
- USB: serial: option: drop MeiG Smart defines (Johan Hovold)
- USB: serial: option: fix Telit Cinterion FN990A name (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FN990B compositions (Fabio Porcedda)
- USB: serial: option: add MeiG Smart SLM828 (Chester A. Unal)
- usb: cdc-acm: Fix handling of oversized fragments (Jann Horn)
- usb: cdc-acm: Check control transfer buffer size before access (Jann Horn) [Orabug: 37634049] {CVE-2025-21704}
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (Marek Vasut)
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (Alan Stern) [Orabug: 37650120] {CVE-2025-21776}
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (John Keeping) [Orabug: 37685650] {CVE-2025-21835}
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (Mathias Nyman)
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (Huanglei)
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (Huacai Chen)
- usb: dwc2: gadget: remove of_node reference upon udc_stop (Fabrice Gasnier)
- usb: gadget: udc: renesas_usb3: Fix compiler warning (Guo Ren)
- usb: roles: set switch registered flag early on (Elson Roy Serrao)
- batman-adv: fix panic during interface removal (Andy Strohman) [Orabug: 37650144] {CVE-2025-21781}
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (Hans de Goede)
- orangefs: fix a oob in orangefs_debug_write (Mike Marshall) [Orabug: 37650149] {CVE-2025-21782}
- Grab mm lock before grabbing pt lock (Maksym Planeta)
- vfio/pci: Enable iowrite64 and ioread64 for vfio pci (Ramesh Thomas)
- media: cxd2841er: fix 64-bit division on gcc-9 (Arnd Bergmann)
- gpio: bcm-kona: Add missing newline to dev_err format string (Artur Weber)
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (Artur Weber)
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (Artur Weber)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (Radu Rendec) [Orabug: 37650160] {CVE-2025-21785}
- team: better TEAM_OPTION_TYPE_STRING validation (Eric Dumazet) [Orabug: 37650167] {CVE-2025-21787}
- vrf: use RCU protection in l3mdev_l3_out() (Eric Dumazet) [Orabug: 37650181] {CVE-2025-21791}
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (Eric Dumazet)
- HID: multitouch: Add NULL check in mt_input_configured (Charles Han) [Orabug: 37649788] {CVE-2024-58020}
- ocfs2: check dir i_size in ocfs2_find_entry (Su Yue)
- MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static (Yuli Wang)
- ptp: Ensure info->enable callback is always set (Thomas Weißschuh) [Orabug: 37650263] {CVE-2025-21814}
- net/ncsi: wait for the last response to Deselect Package before configuring channel (Paul Fertser)
- misc: fastrpc: Fix registered buffer page address (Ekansh Gupta)
- mtd: onenand: Fix uninitialized retlen in do_otp_read() (Ivan Stepchenko)
- NFC: nci: Add bounds checking in nci_hci_create_pipe() (Dan Carpenter) [Orabug: 37649936] {CVE-2025-21735}
- nilfs2: fix possible int overflows in nilfs_fiemap() (Nikita Zhandarovich) [Orabug: 37649942] {CVE-2025-21736}
- ocfs2: handle a symlink read error correctly (Matthew Wilcox) [Orabug: 37649687] {CVE-2024-58001}
- vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687}
- nvmem: core: improve range check for nvmem_cell_write() (Jennifer Berringer)
- crypto: qce - unregister previously registered algos in error path (Bartosz Golaszewski)
- crypto: qce - fix goto jump in error path (Bartosz Golaszewski)
- media: uvcvideo: Remove redundant NULL assignment (Ricardo Ribalda)
- media: uvcvideo: Fix event flags in uvc_ctrl_send_events (Ricardo Ribalda)
- media: ov5640: fix get_light_freq on auto (Samuel Bobrowicz)
- soc: qcom: smem_state: fix missing of_node_put in error path (Krzysztof Kozlowski)
- kbuild: Move -Wenum-enum-conversion to W=2 (Nathan Chancellor)
- powerpc/pseries/eeh: Fix get PE state translation (Narayana Murty N)
- serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (Claudiu Beznea)
- serial: sh-sci: Drop __initdata macro for port_cfg (Claudiu Beznea)
- soc: qcom: socinfo: Avoid out of bounds read of serial number (Stephan Gerhold) [Orabug: 37649715] {CVE-2024-58007}
- usb: gadget: f_tcm: Don't prepare BOT write request twice (Thinh Nguyen)
- usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (Thinh Nguyen)
- usb: gadget: f_tcm: Decrement command ref count on cleanup (Thinh Nguyen)
- usb: gadget: f_tcm: Translate error to sense (Thinh Nguyen)
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (Marcel Hamer) [Orabug: 37649971] {CVE-2025-21744}
- HID: hid-sensor-hub: don't use stale platform-data on remove (Heiko Stuebner)
- of: reserved-memory: Fix using wrong number of cells to get property 'alignment' (Zijun Hu)
- of: Fix of_find_node_opts_by_path() handling of alias+path+options (Zijun Hu)
- of: Correct child specifier used as input of the 2nd nexus node (Zijun Hu)
- perf bench: Fix undefined behavior in cmpworker() (Kuan-Wei Chiu)
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (Anastasia Belova)
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (Gabor Juhos)
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (Haoxiang Li)
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (David Hildenbrand)
- KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (Sean Christopherson) [Orabug: 37678567] {CVE-2024-58083}
- arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (Jakob Unterwurzacher)
- binfmt_flat: Fix integer overflow bug on 32 bit systems (Dan Carpenter) [Orabug: 37649721] {CVE-2024-58010}
- m68k: vga: Fix I/O defines (Thomas Zimmermann)
- s390/futex: Fix FUTEX_OP_ANDN implementation (Heiko Carstens)
- leds: lp8860: Write full EEPROM, not only half of it (Alexander Sverdlin)
- cpufreq: s3c64xx: Fix compilation warning (Viresh Kumar)
- tun: revert fix group permission check (Willem de Bruijn)
- net: rose: lock the socket in rose_bind() (Eric Dumazet) [Orabug: 37649987] {CVE-2025-21749}
- udp: gso: do not drop small packets when PMTU reduces (Yan Zhai)
- tg3: Disable tg3 PCIe AER on system reboot (Lenny Szubowicz)
- gpu: drm_dp_cec: fix broken CEC adapter properties check (Hans Verkuil)
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (Prasad Pandit)
- nvme: handle connectivity loss in nvme_set_queue_count (Daniel Wagner)
- usb: xhci: Fix NULL pointer dereference on certain command aborts (Michał Pecio) [Orabug: 37649622] {CVE-2024-57981}
- usb: xhci: Add timeout argument in address_device USB HCD callback (Hardik Gajjar)
- net: usb: rtl8150: enable basic endpoint checking (Nikita Zhandarovich) [Orabug: 37649812] {CVE-2025-21708}
- net: usb: rtl8150: use new tasklet API (Emil Renner Berthing)
- tasklet: Introduce new initialization API (Romain Perier)
- kbuild: userprogs: use correct lld when linking through clang (Thomas Weißschuh)
- media: uvcvideo: Remove dangling pointers (Ricardo Ribalda) [Orabug: 37649696] {CVE-2024-58002}
- media: uvcvideo: Only save async fh if success (Ricardo Ribalda)
- nilfs2: handle errors that nilfs_prepare_chunk() may return (Ryusuke Konishi) [Orabug: 37649870] {CVE-2025-21721}
- nilfs2: eliminate staggered calls to kunmap in nilfs_rename (Ryusuke Konishi)
- nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link (Ryusuke Konishi)
- spi-mxs: Fix chipselect glitch (Ralf Schlatterbeck)
- x86/mm: Don't disable PCID when INVLPG has been fixed by microcode (Xi Ruoyao)
- APEI: GHES: Have GHES honor the panic= setting (Borislav Petkov)
- HID: Wacom: Add PCI Wacom device support (Even Xu)
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (Hans de Goede)
- tomoyo: don't emit warning in tomoyo_write_control() (Tetsuo Handa)
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (Dmitry Antipov) [Orabug: 37649750] {CVE-2024-58014}
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (Shawn Lin)
- tun: fix group permission check (Stas Sergeev)
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (Kuan-Wei Chiu) [Orabug: 37649768] {CVE-2024-58017}
- x86/amd_nb: Restrict init function to AMD-based systems (Yazen Ghannam)
- sched: Don't try to catch up excess steal time. (Suleiman Souhlal)
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (Josef Bacik)
- btrfs: fix use-after-free when attempting to join an aborted transaction (Filipe Manana) [Orabug: 37650014] {CVE-2025-21753}
- btrfs: output the reason for open_ctree() failure (Qu Wenruo)
- usb: gadget: f_tcm: Don't free command immediately (Thinh Nguyen) [Orabug: 37678479] {CVE-2024-58055}
- media: uvcvideo: Fix double free in error path (Laurent Pinchart) [Orabug: 37649615] {CVE-2024-57980}
- HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (Alan Stern) [Orabug: 37649644] {CVE-2024-57986}
- usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (Jos Wang)
- drivers/card_reader/rtsx_usb: Restore interrupt based detection (Sean Rhodes)
- ktest.pl: Check kernelrelease return in get_version (Ricardo B. Marliere)
- NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Chuck Lever)
- hexagon: Fix unbalanced spinlock in die() (Lin Yujun)
- hexagon: fix using plain integer as NULL pointer warning in cmpxchg (Willem de Bruijn)
- genksyms: fix memory leak when the same symbol is read from *.symref file (Masahiro Yamada)
- genksyms: fix memory leak when the same symbol is added from source (Masahiro Yamada)
- net: sh_eth: Fix missing rtnl lock in suspend/resume path (Kory Maincent)
- vsock: Allow retrying on connect() failure (Michal Luczaj)
- perf trace: Fix runtime error of index out of bounds (Howard Chu)
- net: davicom: fix UAF in dm9000_drv_remove (Chenyuan Yang) [Orabug: 37649846] {CVE-2025-21715}
- net: rose: fix timer races against user threads (Eric Dumazet) [Orabug: 37649856] {CVE-2025-21718}
- PM: hibernate: Add error handling for syscore_suspend() (Xu Wang)
- ipmr: do not call mr_mfc_uses_dev() for unres entries (Eric Dumazet) [Orabug: 37649862] {CVE-2025-21719}
- net: fec: implement TSO descriptor cleanup (Dheeraj Reddy Jonnalagadda)
- ubifs: skip dumping tnc tree when zroot is null (Pangliyuan) [Orabug: 37678491] {CVE-2024-58058}
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (Oleksij Rempel) [Orabug: 37678517] {CVE-2024-58069}
- dmaengine: ti: edma: fix OF node reference leaks in edma_driver (Joe Hattori)
- module: Extend the preempt disabled section in dereference_symbol_descriptor(). (Sebastian Andrzej Siewior)
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (Su Yue)
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (Guixin Liu)
- scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 (Paul Menzel)
- staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (Joe Hattori)
- media: uvcvideo: Propagate buf->error to userspace (Ricardo Ribalda)
- media: camif-core: Add check for clk_enable() (Jiasheng Jiang)
- media: mipi-csis: Add check for clk_enable() (Jiasheng Jiang)
- PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (Zijun Hu)
- media: lmedm04: Handle errors for lme2510_int_read (Chen Ni)
- media: lmedm04: Use GFP_KERNEL for URB allocation/submission. (Malcolm Priestley)
- media: rc: iguanair: handle timeouts (Oliver Neukum)
- fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (Joe Hattori)
- ARM: dts: mediatek: mt7623: fix IR nodename (Rafał Miłecki)
- arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names (Chen-Yu Tsai)
- arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property (Chen-Yu Tsai)
- rdma/cxgb4: Prevent potential integer overflow on 32bit (Dan Carpenter) [Orabug: 37649564] {CVE-2024-57973}
- RDMA/mlx4: Avoid false error about access to uninitialized gids array (Leon Romanovsky)
- bpf: Send signals asynchronously if !preemptible (Puranjay Mohan) [Orabug: 37649909] {CVE-2025-21728}
- perf report: Fix misleading help message about --demangle (Jiachen Zhang)
- perf top: Don't complain about lack of vmlinux when not resolving some kernel samples (Arnaldo Carvalho de Melo)
- padata: fix sysfs store callback check (Thomas Weißschuh)
- ktest.pl: Remove unused declarations in run_bisect_test function (Ba Jing)
- perf header: Fix one memory leakage in process_bpf_prog_info() (Zhongqiu Han)
- perf header: Fix one memory leakage in process_bpf_btf() (Zhongqiu Han)
- ASoC: sun4i-spdif: Add clock multiplier settings (George Lander)
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (Marco Leogrande)
- net: sched: Disallow replacing of child qdisc from one parent to another (Jamal Hadi Salim) [Orabug: 37592533] {CVE-2025-21700}
- net/mlxfw: Drop hard coded max FW flash image size (Maher Sanalla)
- net: let net.core.dev_weight always be non-zero (Liu Jian) [Orabug: 37650232] {CVE-2025-21806}
- clk: analogbits: Fix incorrect calculation of vco rate delta (Bo Gan)
- selftests: harness: fix printing of mismatch values in __EXPECT() (Dmitry V. Levin)
- selftests/harness: Display signed values correctly (Kees Cook)
- wifi: wlcore: fix unbalanced pm_runtime calls (Andreas Kemnade)
- regulator: of: Implement the unwind path of of_regulator_match() (Joe Hattori)
- team: prevent adding a device which is already a team device lower (Octavian Purdila) [Orabug: 37678523] {CVE-2024-58071}
- cpupower: fix TSC MHz calculation (He Rongguang)
- wifi: rtlwifi: pci: wait for firmware loading before releasing memory (Thadeu Lima de Souza Cascardo)
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path (Thadeu Lima de Souza Cascardo) [Orabug: 37678504] {CVE-2024-58063}
- wifi: rtlwifi: remove unused check_buddy_priv (Thadeu Lima de Souza Cascardo) [Orabug: 37678530] {CVE-2024-58072}
- wifi: rtlwifi: remove unused dualmac control leftovers (Dmitry Antipov)
- wifi: rtlwifi: remove unused timer and related code (Dmitry Antipov)
- rtlwifi: replace usage of found with dedicated list iterator variable (Jakob Koschel)
- dt-bindings: mmc: controller: clarify the address-cells description (Neil Armstrong)
- wifi: rtlwifi: usb: fix workqueue leak when probe fails (Thadeu Lima de Souza Cascardo)
- wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (Thadeu Lima de Souza Cascardo)
- rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg (Larry Finger)
- wifi: rtlwifi: do not complete firmware loading needlessly (Thadeu Lima de Souza Cascardo)
- ipmi: ipmb: Add check devm_kasprintf() returned value (Charles Han) [Orabug: 37678457] {CVE-2024-58051}
- drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (Ivan Stepchenko) [Orabug: 37678463] {CVE-2024-58052}
- drm/etnaviv: Fix page property being used for non writecombine buffers (Sui Jingfeng)
- partitions: ldm: remove the initial kernel-doc notation (Randy Dunlap)
- nbd: don't allow reconnect after disconnect (Yu Kuai) [Orabug: 37649918] {CVE-2025-21731}
- afs: Fix directory format encoding struct (David Howells)
- overflow: Allow mixed type arguments (Kees Cook)
- overflow: Correct check_shl_overflow() comment (Keith Busch)
- overflow: Add __must_check attribute to check_*() helpers (Kees Cook)
-
Thu Apr 03 2025 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.343.2.el8uek]
- rds: ib: Do not attempt to insert RDMA exthdr twice (Håkon Bugge) [Orabug: 37721764]
- net: mana: Fix TX CQE error handling (Haiyang Zhang) [Orabug: 36983924] {CVE-2023-52532}
- net/mlx5: Stop waiting for PCI if pci channel is offline (Moshe Shemesh) [Orabug: 36929747]
- rds: ib: Fix racy send affinity work cancellation (Håkon Bugge) [Orabug: 36605776]
- uek-rpm: install the perf exec dir (Stephen Brennan) [Orabug: 35023180]
- uek-rpm: switch to new secureboot certificates and upgrade shim (Samasth Norway Ananda) [Orabug: 37764002]
-
Thu Mar 27 2025 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.343.1.el8uek]
- rds: ib: Make traffic_class visible to user-space (Håkon Bugge) [Orabug: 37617866]
- rds: ib: Remove incorrect update of the path record sl and qos_class fields (Håkon Bugge) [Orabug: 37617866]
- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Felix Fietkau) [Orabug: 36683418] {CVE-2024-36929}
- udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [Orabug: 36643088] {CVE-2024-35884}
- udp: never accept GSO_FRAGLIST packets (Paolo Abeni) [Orabug: 36643088] {CVE-2024-35884}
- udp: initialize is_flist with 0 in udp_gro_receive (Xin Long) [Orabug: 36643088] {CVE-2024-35884}