- 
    Tue Apr 11 2023 Kevin Lyons <kevin.x.lyons@oracle.com> - [5.14.0-162.23.1.el9_1.OL9]
    - Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] 
- 
    Thu Mar 23 2023 Patrick Talbert <ptalbert@redhat.com> [5.14.0-162.23.1.el9_1]
    - ovl: fail on invalid uid/gid mapping at copy up (Miklos Szeredi) [2165344 2165345] {CVE-2023-0386}
- intel_idle: make SPR C1 and C1E be independent (David Arcari) [2168361 2125352]
- intel_idle: Add a new flag to initialize the AMX state (David Arcari) [2168361 2117766]
- x86/fpu: Add a helper to prepare AMX state for low-power CPU idle (David Arcari) [2168361 2117766]
- x86/insn: Add AMX instructions to the x86 instruction decoder (Michael Petlan) [2168361 2140492]
- futex: Resend potentially swallowed owner death notification (Rafael Aquini) [2168836 2161817]
- tun: avoid double free in tun_free_netdev (Jon Maloy) [2156373 2156374] {CVE-2022-4744}
- 
    Thu Mar 09 2023 Patrick Talbert <ptalbert@redhat.com> [5.14.0-162.22.1.el9_1]
    - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (Jaroslav Kysela) [2163390 2125540] {CVE-2023-0266}
- 
    Thu Mar 02 2023 Patrick Talbert <ptalbert@redhat.com> [5.14.0-162.21.1.el9_1]
    - s390/boot: add secure boot trailer (Tobias Huschle) [2151528 2141966]
- s390/kexec: fix ipl report address for kdump (Tobias Huschle) [2166903 2161327]
- s390/qeth: cache link_info for ethtool (Tobias Huschle) [2166304 2110436]
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (Tobias Huschle) [2127880 2121088] 
- 
    Thu Feb 23 2023 Patrick Talbert <ptalbert@redhat.com> [5.14.0-162.20.1.el9_1]
    - cgroup/cpuset: remove unreachable code (Waiman Long) [2161105 1946801]
- kselftest/cgroup: Add cpuset v2 partition root state test (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Update description of cpuset.cpus.partition in cgroup-v2.rst (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Make partition invalid if cpumask change violates exclusivity rule (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Relocate a code block in validate_change() (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Show invalid partition reason string (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Add a new isolated cpus.partition type (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Relax constraints to partition & cpus changes (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Allow no-task partition to have empty cpuset.cpus.effective (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Miscellaneous cleanups & add helper functions (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Waiman Long) [2161105 1946801]
- cpuset: convert 'allowed' in __cpuset_node_allowed() to be boolean (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) [2161105 1946801]
- cgroup: cleanup comments (Waiman Long) [2161105 1946801]
- act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti) [2164655 2150278] {CVE-2022-4269}
- net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti) [2164655 2150278] {CVE-2022-4269}
- scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (Emanuele Giuseppe Esposito) [2170227 2150660]
- 
    Thu Feb 16 2023 Patrick Talbert <ptalbert@redhat.com> [5.14.0-162.19.1.el9_1]
    - sched/core: Use kfree_rcu() in do_set_cpus_allowed() (Waiman Long) [2160614 2143847]
- sched/core: Fix use-after-free bug in dup_user_cpus_ptr() (Waiman Long) [2160614 2143847]
- sched: Always clear user_cpus_ptr in do_set_cpus_allowed() (Waiman Long) [2143766 2107354]
- sched: Enforce user requested affinity (Waiman Long) [2143766 2107354]
- sched: Always preserve the user requested cpumask (Waiman Long) [2143766 2107354]
- sched: Introduce affinity_context (Waiman Long) [2143766 2107354]
- sched: Add __releases annotations to affine_move_task() (Waiman Long) [2143766 2107354]
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (Dean Nelson) [2168382 2122851]
- x86/fpu: Exclude dynamic states from init_fpstate (Dean Nelson) [2168382 2122851]
- x86/fpu: Fix the init_fpstate size check with the actual size (Dean Nelson) [2168382 2122851]
- x86/fpu: Configure init_fpstate attributes orderly (Dean Nelson) [2168382 2122851]
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (Dean Nelson) [2168382 2122851] 
- 
    Thu Feb 09 2023 Patrick Talbert <ptalbert@redhat.com> [5.14.0-162.18.1.el9_1]
    - powerpc/pseries: Use lparcfg to reconfig VAS windows for DLPAR CPU (Steve Best) [2154305 2133101]
- redhat/configs: Change the amd-pstate driver from builtin to loadable (David Arcari) [2151274 2143793]
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM (Steve Best) [2140085 2122830]
- powerpc/watchdog: introduce a NMI watchdog's factor (Steve Best) [2140085 2122830]
- watchdog: export lockup_detector_reconfigure (Steve Best) [2140085 2122830]
- powerpc/mobility: wait for memory transfer to complete (Steve Best) [2140085 2122830] 
- 
    Thu Feb 02 2023 Patrick Talbert <ptalbert@redhat.com> [5.14.0-162.17.1.el9_1]
    - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (Emanuele Giuseppe Esposito) [2155459 2100404]
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (Emanuele Giuseppe Esposito) [2155459 2100404]
- PCI: hv: Fix interrupt mapping for multi-MSI (Emanuele Giuseppe Esposito) [2155459 2100404]
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Emanuele Giuseppe Esposito) [2155459 2100404]
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Emanuele Giuseppe Esposito) [2155459 2100404]
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (Emanuele Giuseppe Esposito) [2155459 2100404]
- proc: proc_skip_spaces() shouldn't think it is working on C strings (Wander Lairson Costa) [2152580 2152581] {CVE-2022-4378}
- proc: avoid integer type confusion in get_proc_long (Wander Lairson Costa) [2152580 2152581] {CVE-2022-4378}
- blk-mq: run queue no matter whether the request is the last request (Ming Lei) [2162535 2118511]
- netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits (Florian Westphal) [2161724 2161725] {CVE-2023-0179}
- nvme-tcp: fix regression that causes sporadic requests to time out (Gopal Tiwari) [2161344 2124526]
- netfs: Fix dodgy maths (Xiubo Li) [2161418 2138981]
- netfs: Fix missing xas_retry() calls in xarray iteration (Xiubo Li) [2161418 2138981]
- 
    Thu Jan 26 2023 Patrick Talbert <ptalbert@redhat.com> [5.14.0-162.16.1.el9_1]
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Ricardo Robaina) [2152929 2152931] {CVE-2022-3564}
- gitlab-ci: use CI templates from production branch (Michael Hofmann)
- 
    Thu Jan 19 2023 Patrick Talbert <ptalbert@redhat.com> [5.14.0-162.15.1.el9_1]
    - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (Thomas Huth) [2158815 2140899]
- x86/fpu: Do not leak fpstate pointer on fork (Rafael Aquini) [2133083 2120448]
- Revert "usb: typec: ucsi: add a common function ucsi_unregister_connectors()" (Torez Smith) [2153277 2113003]
- i2c: ismt: Fix an out-of-bounds bug in ismt_access() (David Arcari) [2154859 2119067] {CVE-2022-2873}