Oracle Linux Security Advisory ELSA-2022-9693

https://linux.oracle.com/errata/ELSA-2022-9693.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-2047.516.1.1.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2047.516.1.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2047.516.1.1.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2047.516.1.1.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2047.516.1.1.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2047.516.1.1.el7uek.noarch.rpm


SRPMS:
https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-uek-4.14.35-2047.516.1.1.el7uek.src.rpm

Related CVEs:

CVE-2022-2588




Description of changes:

[4.14.35-2047.516.1.1.el7uek]
- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo)  [Orabug: 34460938]  {CVE-2022-2588}

[4.14.35-2047.516.1.el7uek]
- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov)  [Orabug: 34323860]  {CVE-2022-2153}
- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov)  [Orabug: 34323860]  {CVE-2022-2153}
- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson)  [Orabug: 34323860]  {CVE-2022-2153}
- xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig)  [Orabug: 34180868]

[4.14.35-2047.516.0.el7uek]
- scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy)  [Orabug: 34328903]
- uek: kabi: new protected symbols for USM in OL7 (Saeed Mirzamohammadi)  [Orabug: 34233902]
- vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga)  [Orabug: 32967885]
- vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga)  [Orabug: 32967885]
- mm: track driver pinned pages across exec (Anthony Yznaga)  [Orabug: 32967885]
- vfio/type1: Fix vfio_find_dma_valid return (Anthony Yznaga)  [Orabug: 32967885]
- vfio/type1: fix unmap all on ILP32 (Steve Sistare)  [Orabug: 32967885]
- vfio/type1: block on invalid vaddr (Steve Sistare)  [Orabug: 32967885]
- vfio/type1: implement notify callback (Steve Sistare)  [Orabug: 32967885]
- vfio: iommu driver notify callback (Steve Sistare)  [Orabug: 32967885]
- vfio/type1: implement interfaces to update vaddr (Steve Sistare)  [Orabug: 32967885]
- vfio/type1: massage unmap iteration (Steve Sistare)  [Orabug: 32967885]
- vfio: interfaces to update vaddr (Steve Sistare)  [Orabug: 32967885]
- vfio/type1: implement unmap all (Steve Sistare)  [Orabug: 32967885]
- vfio/type1: unmap cleanup (Steve Sistare)  [Orabug: 32967885]
- vfio: option to unmap all (Steve Sistare)  [Orabug: 32967885]
- Linux 4.14.284 (Greg Kroah-Hartman) 
- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) 
- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) 
- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) 
- x86/cpu: Add Comet Lake to the Intel CPU models header (Kan Liang) 
- x86/cpu: Add Cannonlake to Intel family (Rajneesh Bhardwaj) 
- x86/cpu: Add Jasper Lake to Intel family (Zhang Rui) 
- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) 
- x86/cpu: Add Elkhart Lake to Intel family (Gayatri Kammela) 
- Linux 4.14.283 (Greg Kroah-Hartman) 
- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) 
- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) 
- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) 
- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) 
- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) 
- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) 
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) 
- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) 
- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) 
- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) 
- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) 
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) 
- cifs: return errors during session setup during reconnects (Shyam Prasad N) 
- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) 
- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) 
- nodemask: Fix return values to be unsigned (Kees Cook) 
- nbd: fix io hung while disconnecting device (Yu Kuai) 
- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) 
- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) 
- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) 
- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) 
- Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" (Michal Kubecek) 
- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) 
- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) 
- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) 
- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) 
- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) 
- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) 
- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) 
- usb: dwc2: gadget: don't reset gadget's driver->bus (Marek Szyprowski) 
- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) 
- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) 
- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) 
- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) 
- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) 
- tty: Fix a possible resource leak in icom_probe (Huang Guobin) 
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) 
- lkdtm/usercopy: Expand size of "out of frame" object (Kees Cook) 
- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) 
- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) 
- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) 
- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) 
- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) 
- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) 
- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) 
- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) 
- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) 
- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) 
- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) 
- m68knommu: fix undefined reference to _init_sp' (Greg Ungerer) 
- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) 
- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) 
- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) 
- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) 
- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) 
- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) 
- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) 
- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) 
- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) 
- modpost: fix removing numeric suffixes (Alexander Lobakin) 
- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) 
- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) 
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) 
- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) 
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Järvinen) 
- serial: sh-sci: Don't allow CS5-6 (Ilpo Järvinen) 
- serial: txx9: Don't allow CS5-6 (Ilpo Järvinen) 
- serial: digicolor-usart: Don't allow CS5-6 (Ilpo Järvinen) 
- serial: meson: acquire port->lock in startup() (John Ogness) 
- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) 
- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) 
- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) 
- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) 
- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-König) 
- USB: storage: karma: fix rio_karma_init return (Lin Ma) 
- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) 
- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) 
- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) 
- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) 
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) 
- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) 
- MIPS: IP27: Remove incorrect cpu_has_fpu' override (Maciej W. Rozycki) 
- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) 
- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) 
- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) 
- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) 
- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) 
- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) 
- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) 
- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) 
- ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (Mark Brown) 
- rtl818x: Prevent using not initialized queues (Alexander Wetzel) 
- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) 
- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) 
- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) 
- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) 
- um: chan_user: Fix winch_tramp() return value (Johannes Berg) 
- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) 
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) 
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohár) 
- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) 
- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) 
- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) 
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) 
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) 
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) 
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) 
- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) 
- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) 
- dlm: fix missing lkb refcount handling (Alexander Aring) 
- dlm: fix plock invalid read (Alexander Aring) 
- ext4: avoid cycles in directory h-tree (Jan Kara) 
- ext4: verify dir block before splitting it (Jan Kara) 
- ext4: fix bug_on in ext4_writepages (Ye Bin) 
- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) 
- fs-writeback: writeback_sb_inodes：Recalculate 'wrote' according skipped pages (Zhihao Cheng) 
- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) 
- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) 
- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) 
- perf c2c: Use stdio interface if slang is not supported (Leo Yan) 
- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) 
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) 
- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) 
- mailbox: forward the hrtimer if not queued and under a lock (Björn Ardö) 
- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) 
- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) 
- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) 
- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) 
- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) 
- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) 
- powerpc/8xx: export 'cpm_setbrg' for modules (Randy Dunlap) 
- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) 
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) 
- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) 
- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) 
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) 
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) 
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) 
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) 
- rxrpc: Don't try to resend the request if we're receiving the reply (David Howells) 
- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) 
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) 
- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) 
- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) 
- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) 
- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) 
- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) 
- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) 
- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) 
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) 
- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) 
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) 
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) 
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) 
- x86: Fix return value of __setup handlers (Randy Dunlap) 
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) 
- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) 
- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) 
- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) 
- fsnotify: fix wrong lockdep annotations (Amir Goldstein) 
- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) 
- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) 
- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) 
- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) 
- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) 
- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) 
- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) 
- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) 
- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) 
- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) 
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) 
- ath9k: fix ar9003_get_eepmisc (Wenli Looi) 
- drm: fix EDID struct for old ARM OABI format (Saeed Mirzamohammadi) 
- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) 
- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) 
- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) 
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) 
- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) 
- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) 
- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) 
- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) 
- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) 
- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) 
- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) 
- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) 
- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) 
- rxrpc: Return an error to sendmsg if call failed (David Howells) 
- media: exynos4-is: Fix compile warning (Kwanghoon Son) 
- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) 
- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) 
- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) 
- openrisc: start CPU timer early in boot (Jason A. Donenfeld) 
- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) 
- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) 
- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) 
- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) 
- ASoC: dapm: Don't fold register value changes into notifications (Mark Brown) 
- ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) 
- drm/amd/pm: fix the compile warning (Evan Quan) 
- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) 
- media: cx25821: Fix the warning when removing the module (Zheyu Ma) 
- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) 
- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) 
- ath9k: fix QCA9561 PA bias level (Thibaut VARÈNE) 
- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) 
- ALSA: jack: Access input_dev under mutex (Amadeusz Sławiński) 
- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) 
- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) 
- b43: Fix assigning negative value to unsigned variable (Haowen Bai) 
- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) 
- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) 
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) 
- btrfs: repair super block num_devices automatically (Qu Wenruo) 
- btrfs: add "0x" prefix for unsupported optional features (Qu Wenruo) 
- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) 
- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) 
- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) 
- USB: serial: option: add Quectel BG95 modem (Carl Yin(殷张成)) 
- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) 
- Linux 4.14.282 (Greg Kroah-Hartman) 
- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) 
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) 
- docs: submitting-patches: Fix crossref to 'The canonical patch format' (Akira Yokosawa) 
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) 
- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) 
- dm stats: add cond_resched when looping over entries (Mikulas Patocka) 
- dm crypt: make printing of the key constant-time (Mikulas Patocka) 
- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) 
- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) 
- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) 
- exec: Force single empty string when argv is empty (Kees Cook) 
- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Haimin Zhang) 
- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) 
- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (Piyush Malgujar) 
- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) 
- net: af_key: check encryption module availability consistency (Thomas Bartschies) 
- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) 
- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) 
- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) 
- tcp: change source port randomizarion at connect() time (Eric Dumazet) 
- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) 
- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner) 
- Linux 4.14.281 (Greg Kroah-Hartman) 
- Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" (Linus Torvalds) 
- swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) 
- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) 
- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) 
- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) 
- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) 
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) 
- perf bench numa: Address compiler error on s390 (Thomas Richter) 
- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-König) 
- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) 
- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) 
- igb: skip phy status check where unavailable (Kevin Mitchell) 
- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) 
- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) 
- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) 
- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) 
- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) 
- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) 
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) 
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) 
- mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() (Ulf Hansson) 
- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (Ulf Hansson) 
- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (Ulf Hansson) 
- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) 
- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) 
- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) 
- drbd: remove usage of list iterator variable after loop (Jakob Koschel) 
- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) 
- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) 
- Input: add bounds checking to input_set_capability() (Jeff LaBundy) 
- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow)

[4.14.35-2047.515.3.el7uek]
- uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai)  [Orabug: 34325721]
- mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson)  [Orabug: 34325721]
- dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson)  [Orabug: 34325721]

[4.14.35-2047.515.2.el7uek]
- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch)  [Orabug: 34105319]

[4.14.35-2047.515.1.el7uek]
- sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira)  [Orabug: 34193333]
- mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang)  [Orabug: 34286148]

[4.14.35-2047.515.0.el7uek]
- net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra)  [Orabug: 34066209]
- rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch)  [Orabug: 34285241]
- rds: Include congested flag in rds_sock struct. (Rohit Nair)  [Orabug: 34261492]
- cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike))  [Orabug: 34234771]
- x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky)  [Orabug: 34234771]
- floppy: use a statically allocated error counter (Willy Tarreau)  [Orabug: 34218640]  {CVE-2022-1652}
- assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan)  [Orabug: 34162064]
- exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga)  [Orabug: 32387887]
- exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga)  [Orabug: 32387887]
- mm: madv_doexec_flag sysctl (Anthony Yznaga)  [Orabug: 32387887]
- mm: introduce MADV_DOEXEC (Anthony Yznaga)  [Orabug: 32387887]
- exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga)  [Orabug: 32387887]
- mm: introduce VM_EXEC_KEEP (Anthony Yznaga)  [Orabug: 32387887]
- mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga)  [Orabug: 32387887]
- mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga)  [Orabug: 32387887]
- ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga)  [Orabug: 32387887]
- Linux 4.14.280 (Greg Kroah-Hartman) 
- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) 
- ping: fix address binding wrt vrf (Nicolas Dichtel) 
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) 
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) 
- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) 
- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) 
- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) 
- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) 
- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) 
- tcp: resalt the secret every 10 seconds (Eric Dumazet) 
- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) 
- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) 
- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) 
- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) 
- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) 
- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) 
- s390/lcs: fix variable dereferenced before check (Alexandra Winter) 
- s390/ctcm: fix potential memory leak (Alexandra Winter) 
- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) 
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) 
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) 
- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) 
- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) 
- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) 
- batman-adv: Don't skb_split skbuffs with frag_list (Sven Eckelmann) 
- Linux 4.14.279 (Greg Kroah-Hartman) 
- VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) 
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) 
- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) 
- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) 
- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) 
- Bluetooth: Fix the creation of hdev->name (Itay Iellin) 
- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) 
- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) 
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (Lee Jones) 
- MIPS: Use address-of operator on section symbols (Nathan Chancellor) 
- Linux 4.14.278 (Greg Kroah-Hartman) 
- PCI: aardvark: Fix reading MSI interrupt number (Pali Rohár) 
- PCI: aardvark: Clear all MSIs at setup (Pali Rohár) 
- dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) 
- dm: fix mempool NULL pointer race when completing IO (Jiazi Li) 
- net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) 
- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) 
- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) 
- btrfs: always log symlinks in full mode (Filipe Manana) 
- smsc911x: allow using IRQ0 (Sergey Shtylyov) 
- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) 
- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) 
- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) 
- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) 
- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) 
- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) 
- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) 
- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) 
- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) 
- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) 
- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) 
- Revert "SUNRPC: attempt AF_LOCAL connect on setup" (Trond Myklebust) 
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) 
- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) 
- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) 
- tty: n_gsm: fix incorrect UA handling (Daniel Starke) 
- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) 
- tty: n_gsm: fix wrong command retry handling (Daniel Starke) 
- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) 
- tty: n_gsm: fix insufficient txframe size (Daniel Starke) 
- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) 
- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) 
- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) 
- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) 
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) 
- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) 
- bnx2x: fix napi API usage sequence (Manish Chopra) 
- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) 
- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) 
- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) 
- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) 
- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) 
- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) 
- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) 
- mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) 
- ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) 
- ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) 
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) 
- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) 
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) 
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) 
- USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) 
- hex2bin: fix access beyond string end (Mikulas Patocka) 
- hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) 
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) 
- serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) 
- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) 
- usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) 
- usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) 
- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) 
- iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) 
- iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) 
- xhci: stop polling roothubs after shutdown (Henry Lin) 
- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) 
- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) 
- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) 
- USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) 
- USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) 
- USB: quirks: add a Realtek card reader (Oliver Neukum) 
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) 
- lightnvm: disable the subsystem (Greg Kroah-Hartman) 
- net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) 
- hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) 
- hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) 
- floppy: disable FDRAWCMD by default (Willy Tarreau) 
- Linux 4.14.277 (Greg Kroah-Hartman) 
- ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) 
- ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) 
- ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) 
- ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) 
- ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) 
- ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) 
- ax25: fix reference count leaks of ax25_dev (Duoming Zhou) 
- ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) 
- block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) 
- staging: ion: Prevent incorrect reference counting behavour (Lee Jones) 
- ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Ts'o) 
- ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Ts'o) 
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) 
- ext4: fix symlink file size not match to file content (Ye Bin) 
- ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) 
- e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) 
- ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) 
- openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) 
- powerpc/perf: Fix power9 event alternatives (Athira Rajeev) 
- dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) 
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading (Zheyu Ma) 
- stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) 
- net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) 
- drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) 
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) 
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) 
- vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) 
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) 
- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) 
- ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) 
- netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) 
- net/packet: fix packet_sock xmit return value checking (Hangbin Liu) 
- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) 
- tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) 
- tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) 
- ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) 
- gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) 
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) 
- tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) 
- tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) 
- mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) 
- etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook)