Oracle Linux Security Advisory ELSA-2022-9996

https://linux.oracle.com/errata/ELSA-2022-9996.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-2047.519.2.1.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-2047.519.2.1.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-2047.519.2.1.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-2047.519.2.1.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-2047.519.2.1.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-2047.519.2.1.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-2047.519.2.1.el7uek.aarch64.rpm
perf-4.14.35-2047.519.2.1.el7uek.aarch64.rpm
python-perf-4.14.35-2047.519.2.1.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-2047.519.2.1.el7uek.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-uek-4.14.35-2047.519.2.1.el7uek.src.rpm

Related CVEs:

CVE-2022-3239




Description of changes:

[4.14.35-2047.519.2.1.el7uek]
- xfs: trim IO to found COW extent limit (Eric Sandeen)  [Orabug: 34765284]
- xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig)  [Orabug: 34765284]

[4.14.35-2047.519.2.el7uek]
- Revert "xfs: don't use delalloc extents for COW on files with extsize hints" (Saeed Mirzamohammadi)  [Orabug: 34715947]
- uapi: Fix linux/rds.h userspace compilation issues (Ka-Cheong Poon)  [Orabug: 32392165] [Orabug: 34710962]
- uapi: Fix linux/rds.h userspace compilation errors. (Vinson Lee)  [Orabug: 34710962]
- uapi: fix linux/rds.h userspace compilation error (Dmitry V. Levin)  [Orabug: 34710962]
- uapi: fix linux/rds.h userspace compilation errors (Dmitry V. Levin)  [Orabug: 34710962]
- EDAC: Drop duplicated array of strings for memory type names (Jane Chu)  [Orabug: 34645040]
- xfs: don't ever put nlink > 0 inodes on the unlinked list (Darrick J. Wong)  [Orabug: 34431355]

[4.14.35-2047.519.1.el7uek]
- uek: kabi: update kABI files for new symbol (Saeed Mirzamohammadi)  [Orabug: 34595585]
- EDAC/mce_amd: Do not load edac_mce_amd module on guests (Smita Koralahalli)  [Orabug: 34484269]

[4.14.35-2047.519.0.el7uek]
- media: em28xx: initialize refcount before kref_get (Dongliang Mu)  [Orabug: 34619521]  {CVE-2022-3239}
- net: vlan: Avoid using BUG() in vlan_proto_idx() (Florian Fainelli)  [Orabug: 34625406]
- net/rds: Send congestion map updates only via path zero (Anand Khoje)  [Orabug: 34578052]
- rds: cong: Make rds_cong_wait an array to reduce lock contention (HÃ¥kon Bugge)  [Orabug: 34574094]
- rds: cong: Make rs_cong_notify and rs_cong_mask atomic64_t (HÃ¥kon Bugge)  [Orabug: 34574094]
- scsi: tcmu: track nl commands (Mike Christie)  [Orabug: 32011411]
- scsi: tcmu: remove useless code and clean up the code style. (Xiubo Li)  [Orabug: 32011411]
- Linux 4.14.295 (Greg Kroah-Hartman) 
- ext4: make directory inode spreading reflect flexbg size (Jan Kara) 
- Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (Vitaly Kuznetsov) 
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (Stefan Haberland) 
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (Ilpo Järvinen) 
- serial: Create uart_xmit_advance() (Ilpo Järvinen) 
- net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD (Sean Anderson) 
- perf kcore_copy: Do not check /proc/modules is unchanged (Adrian Hunter) 
- can: gs_usb: gs_can_open(): fix race dev->can.state condition (Marc Kleine-Budde) 
- netfilter: ebtables: fix memory leak when blob is malformed (Florian Westphal) 
- of: mdio: Add of_node_put() when breaking out of for_each_xx (Liang He) 
- MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko (Randy Dunlap) 
- net: team: Unsync device addresses on ndo_stop (Benjamin Poirier) 
- ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header (Lu Wei) 
- iavf: Fix cached head and tail value for iavf_get_tx_pending (Brett Creeley) 
- netfilter: nf_conntrack_irc: Tighten matching on DCC message (David Leadbeater) 
- netfilter: nf_conntrack_sip: fix ct_sip_walk_headers (Igor Ryzhov) 
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (Fabio Estevam) 
- mm/slub: fix to return errno if kmalloc() fails (Chao Yu) 
- ALSA: hda: add Intel 5 Series / 3400 PCI DID (Kai Vehmanen) 
- ALSA: hda/tegra: set depop delay for tegra (Mohan Kumar) 
- USB: serial: option: add Quectel RM520N (jerry meng) 
- USB: serial: option: add Quectel BG95 0x0203 composition (Carl Yin(殷张成)) 
- USB: core: Fix RST error in hub.c (Alan Stern) 
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (Siddh Raman Pant) 
- ALSA: hda/sigmatel: Fix unused variable warning for beep power change (Takashi Iwai) 
- video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (Hyunwoo Kim) 
- mksysmap: Fix the mismatch of 'L0' symbols in System.map (Youling Tang) 
- MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() (Alexander Sverdlin) 
- net: usb: qmi_wwan: add Quectel RM520N (jerry.meng) 
- ALSA: hda/sigmatel: Keep power up while beep is enabled (Takashi Iwai) 
- regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (Xiaolei Wang) 
- ASoC: nau8824: Fix semaphore unbalance at error paths (Takashi Iwai) 
- cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Stefan Metzmacher) 
- parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() (Yang Yingliang) 
- drm/meson: Correct OSD1 global alpha value (Stuart Menefy) 
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (Pali Rohár) 
- of: fdt: fix off-by-one error in unflatten_dt_nodes() (Sergey Shtylyov) 
- Linux 4.14.294 (Greg Kroah-Hartman) 
- tracefs: Only clobber mode/uid/gid on remount if asked (Brian Norris) 
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (Hans de Goede) 
- ieee802154: cc2520: add rc code in cc2520_tx() (Li Qiong) 
- tg3: Disable tg3 device on system reboot to avoid triggering AER (Kai-Heng Feng) 
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (Jason Wang) 
- drm/msm/rd: Fix FIFO-full deadlock (Rob Clark) 
- mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() (Jann Horn) 
- Linux 4.14.293 (Greg Kroah-Hartman) 
- SUNRPC: use _bh spinlocking on ->transport_lock (NeilBrown) 
- MIPS: loongson32: ls1c: Fix hang during startup (Yang Ling) 
- USB: serial: ch341: fix disabled rx timer on older devices (Johan Hovold) 
- USB: serial: ch341: fix lost character on LCR updates (Johan Hovold) 
- usb: dwc3: fix PHY disable sequence (Johan Hovold) 
- sch_sfb: Also store skb len before calling child enqueue (Toke Høiland-Jørgensen) 
- tcp: fix early ETIMEDOUT after spurious non-SACK RTO (Neal Cardwell) 
- ipv6: sr: fix out-of-bounds read when setting HMAC data. (David Lebrun) 
- tipc: fix shift wrapping bug in map_get() (Dan Carpenter) 
- sch_sfb: Don't assume the skb is still around after enqueueing to child (Toke Høiland-Jørgensen) 
- netfilter: nf_conntrack_irc: Fix forged IP logic (David Leadbeater) 
- netfilter: br_netfilter: Drop dst references before setting. (Harsh Modi) 
- driver core: Don't probe devices after bus_type.match() probe deferral (Isaac J. Manjarres) 
- scsi: mpt3sas: Fix use-after-free warning (Sreekanth Reddy) 
- kprobes: Prohibit probes in gate area (Christian A. Ehrhardt) 
- ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (Dongxiang Ke) 
- ALSA: aloop: Fix random zeros in capture data when using jiffies timer (Pattara Teerapong) 
- ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (Tasos Sahanidis) 
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (Yang Yingliang) 
- parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines (Helge Deller) 
- parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() (Li Qiong) 
- drm/radeon: add a force flush to delay work when radeon (Zhenneng Li) 
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. (Candice Li) 
- Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" (Yee Lee) 
- fs: only do a memory barrier for the first set_buffer_uptodate() (Linus Torvalds) 
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (Stanislaw Gruszka) 
- efi: capsule-loader: Fix use-after-free in efi_capsule_write (Hyunwoo Kim) 
- ALSA: seq: Fix data-race at module auto-loading (Takashi Iwai) 
- ALSA: seq: oss: Fix data-race for max_midi_devs access (Takashi Iwai) 
- net: mac802154: Fix a condition in the receive path (Miquel Raynal) 
- wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (Siddh Raman Pant) 
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (Krishna Kurapati) 
- USB: core: Prevent nested device-reset calls (Alan Stern) 
- s390: fix nospec table alignments (Josh Poimboeuf) 
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (Gerald Schaefer) 
- usb-storage: Add ignore-residue quirk for NXP PN7462AU (Witold Lipieta) 
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (Thierry GUIBERT) 
- usb: dwc2: fix wrong order of phy_power_on and phy_init (Heiner Kallweit) 
- USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (Slark Xiao) 
- USB: serial: option: add Quectel EM060K modem (Yonglin Tan) 
- USB: serial: option: add support for OPPO R11 diag port (Yan Xinyu) 
- USB: serial: cp210x: add Decagon UCA device id (Johan Hovold) 
- xhci: Add grace period after xHC start to prevent premature runtime suspend. (Mathias Nyman) 
- thunderbolt: Use the actual buffer in tb_async_error() (Mika Westerberg) 
- hwmon: (gpio-fan) Fix array out of bounds access (Armin Wolf) 
- Input: rk805-pwrkey - fix module autoloading (Peter Robinson) 
- drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" (Colin Ian King) 
- binder: fix UAF of ref->proc caused by race condition (Carlos Llamas) 
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (Niek Nooijens) 
- vt: Clear selection before changing the font (Helge Deller) 
- staging: rtl8712: fix use after free bugs (Dan Carpenter) 
- serial: fsl_lpuart: RS485 RTS polariy is inverse (Shenwei Wang) 
- kcm: fix strp_init() order and cleanup (Cong Wang) 
- ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (Duoming Zhou) 
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (Dan Carpenter) 
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (Andy Shevchenko) 
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (Douglas Anderson) 
- bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) 
- selftests/bpf: Fix test_align verifier log patterns (Stanislav Fomichev) 
- bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (John Fastabend) 
- Linux 4.14.292 (Greg Kroah-Hartman) 
- net: neigh: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) 
- kprobes: don't call disarm_kprobe() for disabled kprobes (Kuniyuki Iwashima) 
- netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y (Geert Uytterhoeven) 
- s390/hypfs: avoid error message under KVM (Juergen Gross) 
- neigh: fix possible DoS due to net iface start/stop loop (Denis V. Lunev) 
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (Jann Horn) 
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (Yang Jihong) 
- fbdev: fb_pm2fb: Avoid potential divide by zero error (Letu Ren) 
- HID: hidraw: fix memory leak in hidraw_release() (Karthik Alapati) 
- media: pvrusb2: fix memory leak in pvr_probe (Dongliang Mu) 
- Bluetooth: L2CAP: Fix build errors in some archs (Luiz Augusto von Dentz) 
- kbuild: Fix include path in scripts/Makefile.modpost (Jing Leng) 
- x86/bugs: Add "unknown" reporting for MMIO Stale Data (Pawan Gupta) 
- x86/cpu: Add Tiger Lake to Intel family (Gayatri Kammela) 
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE (Gerald Schaefer) 
- arm64: map FDT as RW for early_init_dt_scan() (Hsin-Yi Wang) 
- mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() (Jann Horn) 
- md: call __md_stop_writes in md_stop (Guoqing Jiang) 
- mm/hugetlb: fix hugetlb not supporting softdirty tracking (David Hildenbrand) 
- asm-generic: sections: refactor memory_intersects (Quanyang Wang) 
- loop: Check for overflow while configuring loop (Siddh Raman Pant) 
- btrfs: check if root is readonly while setting security xattr (Goldwyn Rodrigues) 
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (Jacob Keller) 
- net: Fix a data-race around sysctl_somaxconn. (Kuniyuki Iwashima) 
- net: Fix a data-race around netdev_budget_usecs. (Kuniyuki Iwashima) 
- net: Fix a data-race around netdev_budget. (Kuniyuki Iwashima) 
- net: Fix a data-race around sysctl_net_busy_read. (Kuniyuki Iwashima) 
- net: Fix a data-race around sysctl_net_busy_poll. (Kuniyuki Iwashima) 
- net: Fix a data-race around sysctl_tstamp_allow_data. (Kuniyuki Iwashima) 
- ratelimit: Fix data-races in ___ratelimit(). (Kuniyuki Iwashima) 
- net: Fix data-races around weight_p and dev_weight_[rt]x_bias. (Kuniyuki Iwashima) 
- netfilter: nft_payload: do not truncate csum_offset and csum_type (Pablo Neira Ayuso) 
- netfilter: nft_payload: report ERANGE for too long offset and length (Pablo Neira Ayuso) 
- net: ipvtap - add __init/__exit annotations to module init/exit funcs (Maciej Żenczykowski) 
- bonding: 802.3ad: fix no transmission of LACPDUs (Jonathan Toppins) 
- rose: check NULL rose_loopback_neigh->loopback (Bernard Pidoux) 
- xfrm: fix refcount leak in __xfrm_policy_check() (Xin Xiong) 
- pinctrl: amd: Don't save/restore interrupt status and wake status bits (Basavaraj Natikar) 
- parisc: Fix exception handler for fldw and fstw instructions (Helge Deller) 
- audit: fix potential double free on error path from fsnotify_add_inode_mark (Gaosheng Cui) 
- Linux 4.14.291 (Greg Kroah-Hartman) 
- MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 (Nathan Chancellor) 
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (Zheyu Ma) 
- powerpc/64: Init jump labels before parse_early_param() (Zhouyi Zhou) 
- smb3: check xattr value length earlier (Steve French) 
- ALSA: timer: Use deferred fasync helper (Takashi Iwai) 
- ALSA: core: Add async signal helpers (Takashi Iwai) 
- mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start (Liang He) 
- vfio: Clear the caps->buf to NULL after free (Schspa Shi) 
- tty: serial: Fix refcount leak bug in ucc_uart.c (Liang He) 
- ext4: avoid resizing to a partial cluster size (Kiselev, Oleg) 
- ext4: avoid remove directory when directory is corrupted (Ye Bin) 
- drivers:md:fix a potential use-after-free bug (Wentao_Liang) 
- cxl: Fix a memory leak in an error handling path (Christophe JAILLET) 
- gadgetfs: ep_io - wait until IRQ finishes (Jozef Martiniak) 
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (Robert Marko) 
- usb: host: ohci-ppc-of: Fix refcount leak bug (Liang He) 
- irqchip/tegra: Fix overflow implicit truncation warnings (Sai Prakash Ranjan) 
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (Pavan Chebbi) 
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (Liang He) 
- btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() (Qu Wenruo) 
- btrfs: only write the sectors in the vertical stripe which has data stripes (Qu Wenruo) 
- kbuild: clear LDFLAGS in the top Makefile (Masahiro Yamada) 
- igb: Add lock to avoid data race (Lin Ma) 
- fec: Fix timer capture timing in fec_ptp_enable_pps() (Csókás Bence) 
- i40e: Fix to stop tx_timeout recovery if GLOBR fails (Alan Brady) 
- powerpc/pci: Fix get_phb_number() locking (Michael Ellerman) 
- netfilter: nf_tables: really skip inactive sets when allocating name (Pablo Neira Ayuso) 
- nios2: add force_successful_syscall_return() (Al Viro) 
- nios2: restarts apply only to the first sigframe we build... (Al Viro) 
- nios2: fix syscall restart checks (Al Viro) 
- nios2: traced syscall does need to check the syscall number (Al Viro) 
- nios2: don't leave NULLs in sys_call_table[] (Al Viro) 
- nios2: page fault et.al. are *not* restartable syscalls... (Al Viro) 
- atm: idt77252: fix use-after-free bugs caused by tst_timer (Duoming Zhou) 
- xen/xenbus: fix return type in xenbus_file_read() (Dan Carpenter) 
- tools build: Switch to new openssl API for test-libcrypto (Roberto Sassu) 
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (Peilin Ye) 
- vsock: Fix memory leak in vsock_connect() (Peilin Ye) 
- geneve: do not use RT_TOS for IPv6 flowlabel (Matthias May) 
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (Sakari Ailus) 
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (Nikita Travkin) 
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (Miaoqian Lin) 
- SUNRPC: Reinitialise the backchannel request buffers before reuse (Trond Myklebust) 
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (Zhang Xianwei) 
- apparmor: fix reference count leak in aa_pivotroot() (Xin Xiong) 
- apparmor: fix aa_label_asxprint return check (Tom Rix) 
- apparmor: Fix failed mount permission check error message (John Johansen) 
- apparmor: fix quiet_denied for file rules (John Johansen) 
- can: ems_usb: fix clang's -Wunaligned-access warning (Marc Kleine-Budde) 
- btrfs: fix lost error handling when looking up extended ref on log replay (Filipe Manana) 
- ata: libata-eh: Add missing command name (Damien Le Moal) 
- ALSA: info: Fix llseek return value when using callback (Amadeusz Sławiński) 
- powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E (Christophe Leroy) 
- net_sched: cls_route: disallow handle of 0 (Jamal Hadi Salim) 
- net/9p: Initialize the iounit field during fid creation (Tyler Hicks) 
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (Luiz Augusto von Dentz) 
- Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" (Jose Alonso) 
- scsi: sg: Allow waiting for commands to complete on removed device (Tony Battersby) 
- tcp: fix over estimation in sk_forced_mem_schedule() (Eric Dumazet) 
- btrfs: reject log replay if there is unsupported RO compat flag (Qu Wenruo) 
- dm raid: fix address sanitizer warning in raid_status (Mikulas Patocka) 
- dm raid: fix address sanitizer warning in raid_resume (Mikulas Patocka) 
- intel_th: pci: Add Meteor Lake-P support (Alexander Shishkin) 
- intel_th: pci: Add Raptor Lake-S PCH support (Alexander Shishkin) 
- intel_th: pci: Add Raptor Lake-S CPU support (Alexander Shishkin) 
- ext4: correct the misjudgment in ext4_iget_extra_inode (Baokun Li) 
- ext4: correct max_inline_xattr_value_size computing (Baokun Li) 
- ext4: fix extent status tree race in writeback error recovery path (Eric Whitney) 
- ext4: update s_overhead_clusters in the superblock during an on-line resize (Theodore Ts'o) 
- ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li) 
- ext4: make sure ext4_append() always allocates new block (Lukas Czerner) 
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li) 
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (David Collins) 
- x86/olpc: fix 'logical not is only applied to the left hand side' (Alexander Lobakin) 
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (Steffen Maier) 
- video: fbdev: s3fb: Check the size of screen before memset_io() (Zheyu Ma) 
- video: fbdev: arkfb: Check the size of screen before memset_io() (Zheyu Ma) 
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (Zheyu Ma) 
- tools/thermal: Fix possible path truncations (Florian Fainelli) 
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (Zheyu Ma) 
- x86/numa: Use cpumask_available instead of hardcoded NULL check (Siddh Raman Pant) 
- genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO (Arnaldo Carvalho de Melo) 
- powerpc/pci: Fix PHB numbering when using opal-phbid (Michael Ellerman) 
- kprobes: Forbid probing on trampoline and BPF code areas (Chen Zhongjin) 
- powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address (Miaoqian Lin) 
- powerpc/xive: Fix refcount leak in xive_get_max_prio (Miaoqian Lin) 
- powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader (Miaoqian Lin) 
- powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias (Pali Rohár) 
- video: fbdev: sis: fix typos in SiS_GetModeID() (Rustam Subkhankulov) 
- video: fbdev: amba-clcd: Fix refcount leak bugs (Liang He) 
- s390/zcore: fix race when reading from hardware system area (Alexander Gordeev) 
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (Liang He) 
- mfd: t7l66xb: Drop platform disable callback (Uwe Kleine-König) 
- kfifo: fix kfifo_to_user() return type (Dan Carpenter) 
- iommu/exynos: Handle failed IOMMU device registration properly (Sam Protsenko) 
- tty: n_gsm: fix DM command (Daniel Starke) 
- tty: n_gsm: fix wrong T1 retry count handling (Daniel Starke) 
- vfio/ccw: Do not change FSM state in subchannel event (Eric Farman) 
- remoteproc: qcom: wcnss: Fix handling of IRQs (Sireesh Kodali) 
- tty: n_gsm: fix race condition in gsmld_write() (Daniel Starke) 
- tty: n_gsm: fix packet re-transmission without open control channel (Daniel Starke) 
- tty: n_gsm: fix non flow control frames during mux flow off (Daniel Starke) 
- profiling: fix shift too large makes kernel panic (Chen Zhongjin) 
- ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe (Miaoqian Lin) 
- ASoC: codecs: da7210: add check for i2c_add_driver (Jiasheng Jiang) 
- ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe (Miaoqian Lin) 
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (Zhihao Cheng) 
- ext4: recover csum seed of tmp_inode after migrating to extents (Li Lingfeng) 
- RDMA/rxe: Fix error unwind in rxe_create_qp() (Zhu Yanjun) 
- mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region (Miaohe Lin) 
- platform/olpc: Fix uninitialized data in debugfs write (Dan Carpenter) 
- USB: serial: fix tty-port initialized comments (Johan Hovold) 
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (Liang He) 
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop (Liang He) 
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (Liang He) 
- RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (Jianglei Nie) 
- usb: gadget: udc: amd5536 depends on HAS_DMA (Randy Dunlap) 
- scsi: smartpqi: Fix DMA direction for RAID requests (Mahesh Rajashekhara) 
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (Eugen Hristev) 
- memstick/ms_block: Fix a memory leak (Christophe JAILLET) 
- memstick/ms_block: Fix some incorrect memory allocation (Christophe JAILLET) 
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (Miaoqian Lin) 
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (Christophe JAILLET) 
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (Miaoqian Lin) 
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (Miaoqian Lin) 
- fpga: altera-pr-ip: fix unsigned comparison with less than zero (Marco Pagani) 
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (Uwe Kleine-König) 
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (Duoming Zhou) 
- mtd: maps: Fix refcount leak in ap_flash_init (Miaoqian Lin) 
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (Miaoqian Lin) 
- dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock (Hangyu Hua) 
- net: rose: fix netdev reference changes (Eric Dumazet) 
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (Hangyu Hua) 
- wifi: wil6210: debugfs: fix uninitialized variable use in wil_write_file_wmi() (Ammar Faizi) 
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (Liang He) 
- i2c: cadence: Support PEC for SMBus block read (Lars-Peter Clausen) 
- Bluetooth: hci_intel: Add check for platform_driver_register (Jiasheng Jiang) 
- can: pch_can: pch_can_error(): initialize errc before using it (Vincent Mailhol) 
- can: error: specify the values of data[5..7] of CAN error frames (Vincent Mailhol) 
- can: usb_8dev: do not report txerr and rxerr during bus-off (Vincent Mailhol) 
- can: sun4i_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) 
- can: hi311x: do not report txerr and rxerr during bus-off (Vincent Mailhol) 
- can: sja1000: do not report txerr and rxerr during bus-off (Vincent Mailhol) 
- can: rcar_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) 
- can: pch_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) 
- wifi: p54: add missing parentheses in p54_flush() (Rustam Subkhankulov) 
- wifi: p54: Fix an error handling path in p54spi_probe() (Christophe JAILLET) 
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (Dan Carpenter) 
- fs: check FMODE_LSEEK to control internal pipe splicing (Jason A. Donenfeld) 
- selftests: timers: clocksource-switch: fix passing errors from child (Wolfram Sang) 
- selftests: timers: valid-adjtimex: build fix for newer toolchains (Wolfram Sang) 
- tcp: make retransmitted SKB fit into the send window (Yonglong Li) 
- media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment (AngeloGioacchino Del Regno) 
- drm: bridge: sii8620: fix possible off-by-one (Hangyu Hua) 
- drm/mediatek: dpi: Remove output format of YUV (Bo-Chen Chen) 
- drm/rockchip: vop: Don't crash for invalid duplicate_state() (Brian Norris) 
- drm/vc4: dsi: Correct DSI divider calculations (Dave Stevenson) 
- media: hdpvr: fix error value returns in hdpvr_read (Niels Dossche) 
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (Jiasheng Jiang) 
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (Alexey Kodanev) 
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Pavel Skripkin) 
- i2c: Fix a potential use after free (Xu Wang) 
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (Xinlei Lee) 
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (Alexey Kodanev) 
- dm: return early from dm_pr_call() if DM device is suspended (Mike Snitzer) 
- thermal/tools/tmon: Include pthread and time headers in tmon.h (Markus Mayer) 
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (Liang He) 
- arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (Sireesh Kodali) 
- ARM: dts: qcom: pm8841: add required thermal-sensor-cells (Krzysztof Kozlowski) 
- cpufreq: zynq: Fix refcount leak in zynq_get_revision (Miaoqian Lin) 
- soc: fsl: guts: machine variable might be unset (Michael Walle) 
- ARM: dts: ast2500-evb: fix board compatible (Krzysztof Kozlowski) 
- x86/pmem: Fix platform-device leak in error path (Johan Hovold) 
- ARM: bcm: Fix refcount leak in bcm_kona_smc_init (Miaoqian Lin) 
- ARM: findbit: fix overflowing offset (Russell King (Oracle)) 
- selinux: Add boundary check in put_entry() (Xiu Jianfeng) 
- PM: hibernate: defer device probing when resuming from hibernation (Tetsuo Handa) 
- ACPI: LPSS: Fix missing check in register_device_clock() (huhai) 
- ACPI: PM: save NVS memory for Lenovo G40-45 (Manyi Li) 
- ARM: OMAP2+: display: Fix refcount leak bug (Liang He) 
- ARM: dts: imx6ul: fix qspi node compatible (Alexander Stein) 
- ARM: dts: imx6ul: add missing properties for sram (Alexander Stein) 
- ext2: Add more validity checks for inode counts (Jan Kara) 
- arm64: fix oops in concurrently setting insn_emulation sysctls (haibinzhang (张海斌)) 
- arm64: Do not forget syscall when starting a new thread. (Francis Laniel) 
- netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) 
- USB: HCD: Fix URB giveback issue in tasklet function (Weitao Wang) 
- MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (Huacai Chen) 
- powerpc/powernv: Avoid crashing if rng is NULL (Michael Ellerman) 
- powerpc/fsl-pci: Fix Class Code of PCIe Root Port (Pali Rohár) 
- PCI: Add defines for normal and subtractive PCI bridges (Pali Rohár) 
- ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() (Alexander Lobakin) 
- md-raid10: fix KASAN warning (Mikulas Patocka) 
- fuse: limit nsec (Miklos Szeredi) 
- iio: light: isl29028: Fix the warning in isl29028_remove() (Zheyu Ma) 
- drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (Leo Li) 
- drm/nouveau: fix another off-by-one in nvbios_addr (Timur Tabi) 
- parisc: Fix device names in /proc/iomem (Helge Deller) 
- usbnet: Fix linkwatch use-after-free on disconnect (Lukas Wunner) 
- fs: Add missing umask strip in vfs_tmpfile (Yang Xu) 
- vfs: Check the truncate maximum size in inode_newsize_ok() (David Howells) 
- ALSA: hda/cirrus - support for iMac 12,1 model (Allen Ballway) 
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (Meng Tang) 
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (Sean Christopherson) 
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (Sean Christopherson) 
- KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (Maciej S. Szmigiero) 
- HID: wacom: Don't register pad_input for touch switch (Ping Cheng) 
- add barriers to buffer_uptodate and set_buffer_uptodate (Mikulas Patocka) 
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (Zheyu Ma) 
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (Nick Desaulniers) 
- Makefile: link with -z noexecstack --no-warn-rwx-segments (Nick Desaulniers) 
- macintosh/adb: fix oob read in do_adb_query() function (Ning Qiang) 
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only (Werner Sembach) 
- ACPI: video: Force backlight native for some TongFang devices (Werner Sembach) 
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. (Wei Mingzhi) 
- ARM: crypto: comment out gcc warning that breaks clang builds (Greg Kroah-Hartman) 
- netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) 
- net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (Liang He) 
- net: ping6: Fix memleak in ipv6_renew_options(). (Kuniyuki Iwashima) 
- scsi: ufs: host: Hold reference returned by of_parse_phandle() (Liang He) 
- s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) 
- ntfs: fix use-after-free in ntfs_ucsncmp() (ChenXiaoSong) 
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (Luiz Augusto von Dentz)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata