Oracle Linux Security Advisory ELSA-2023-12117

https://linux.oracle.com/errata/ELSA-2023-12117.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-2047.522.3.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-2047.522.3.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-2047.522.3.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-2047.522.3.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-2047.522.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-2047.522.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-2047.522.3.el7uek.aarch64.rpm
perf-4.14.35-2047.522.3.el7uek.aarch64.rpm
python-perf-4.14.35-2047.522.3.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-2047.522.3.el7uek.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.522.3.el7uek.src.rpm

Related CVEs:

CVE-2022-3303
CVE-2022-3524
CVE-2022-3640
CVE-2022-42895
CVE-2022-42896




Description of changes:

[4.14.35-2047.522.3.el7uek]
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Sasha Levin)  [Orabug: 34653896]  {CVE-2022-3303}
- net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch)  [Orabug: 34979172]
- net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch)  [Orabug: 34607787]
- Revert "RDS: TCP: Track peer's connection generation number" (Gerd Rausch)  [Orabug: 34700111]
- net/rds: Use the first lane until RDS_EXTHDR_NPATHS arrives (Gerd Rausch)  [Orabug: 28720880]
- net/rds: Kick-start TCP receiver after accept (Gerd Rausch)  [Orabug: 34600821]
- net/rds: rds_tcp_conn_path_shutdown must not discard messages (Gerd Rausch)  [Orabug: 34560682]
- net/rds: Encode cp_index in TCP source port (Gerd Rausch)  [Orabug: 34556027]

[4.14.35-2047.522.2.el7uek]
- tcp: fix ambiguity for SACKed TLP retransmits with RTT < min_rtt (Neal Cardwell)  [Orabug: 34961109]
- vhost-scsi: Fix max number of virtqueues (Mike Christie)  [Orabug: 34915131]
- net/rds: drop rs_transport module reference count on error (Gerd Rausch)  [Orabug: 34500808]
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (Gulam Mohamed)  [Orabug: 34306796]
- IB/mlx5: Add a signature check to received EQEs and CQEs (Rohit Nair)  [Orabug: 34105979]
- net/rds: rds_tcp_accept_one ought to not discard messages (Gerd Rausch)  [Orabug: 34488377]
- net/rds: No shortcut out of RDS_CONN_ERROR (Gerd Rausch)  [Orabug: 34276065]
- net/rds: Don't force state RDS_CONN_RESETTING (Gerd Rausch)  [Orabug: 34276065]
- net/rds: Preserve essential connection state flags (Gerd Rausch)  [Orabug: 34276065]

[4.14.35-2047.522.1.el7uek]
- uek-rpm: ol7: Add enhanced kABI diagnostics (Stephen Brennan)  [Orabug: 34879138]
- uek-rpm: ol7: Add Symtypes files (Stephen Brennan)  [Orabug: 34879138]
- uek-rpm: ol7: Enable creation of Symtypes files (Stephen Brennan)  [Orabug: 34879138]
- uek-rpm: Add kabi tool and documentation (Stephen Brennan)  [Orabug: 34879138]
- xfs: don't reuse busy extents on extent trim (Brian Foster)  [Orabug: 34605583]
- RDMA/ucma: Put a lock around every call to the rdma_cm layer (Jason Gunthorpe)  [Orabug: 34106064]
- LTS version: v4.14.302 (Saeed Mirzamohammadi) 
- net: mvneta: Fix an out of bounds check (Dan Carpenter) 
- ipv6: avoid use-after-free in ip6_fragment() (Eric Dumazet) 
- net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() (Yang Yingliang) 
- ethernet: aeroflex: fix potential skb leak in greth_init_rings() (Zhang Changzhong) 
- tipc: Fix potential OOB in tipc_link_proto_rcv() (YueHaibing) 
- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (Liu Jian) 
- net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (Liu Jian) 
- net: stmmac: fix "snps,axi-config" node property parsing (Jisheng Zhang) 
- NFC: nci: Bounds check struct nfc_target arrays (Kees Cook) 
- net: mvneta: Prevent out of bounds read in mvneta_config_rss() (Dan Carpenter) 
- net: encx24j600: Fix invalid logic in reading of MISTAT register (Valentina Goncharenko) 
- net: encx24j600: Add parentheses to fix precedence (Valentina Goncharenko) 
- mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (Wei Yongjun) 
- Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (Wang ShaoBo) 
- igb: Allocate MSI-X vector when testing (Akihiko Odaki) 
- e1000e: Fix TX dispatch condition (Akihiko Odaki) 
- gpio: amd8111: Fix PCI device reference count leak (Xiongfeng Wang) 
- ca8210: Fix crash by zero initializing data (Hauke Mehrtens) 
- ieee802154: cc2520: Fix error return code in cc2520_hw_init() (Ziyang Xuan) 
- HID: core: fix shift-out-of-bounds in hid_report_raw_event (ZhangPeng) 
- HID: hid-lg4ff: Add check for empty lbuf (Anastasia Belova) 
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (Thomas Huth) 
- memcg: fix possible use-after-free in memcg_write_event_control() (Tejun Heo) 
- media: v4l2-dv-timings.c: fix too strict blanking sanity checks (Hans Verkuil) 
- xen/netback: do some code cleanup (Juergen Gross) 
- net: usb: qmi_wwan: add u-blox 0x1342 composition (Davide Tronchin) 
- regulator: twl6030: fix get status of twl6032 regulators (Andreas Kemnade) 
- ASoC: soc-pcm: Add NULL check in BE reparenting (Srinivasa Rao Mandadapu) 
- ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (Kees Cook) 
- ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (Johan Jonker) 
- ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation (Giulio Benetti) 
- ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (Tomislav Novak) 
- ARM: dts: rockchip: fix ir-receiver node names (Johan Jonker) 
- arm: dts: rockchip: fix node name for hym8563 rtc (Sebastian Reichel) 
- LTS version: v4.14.301 (Saeed Mirzamohammadi) 
- ipc/sem: Fix dangling sem_array access in semtimedop race (Jann Horn) 
- v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails (Linus Torvalds) 
- mmc: sdhci: Fix voltage switch delay (Adrian Hunter) 
- mmc: sdhci: use FIELD_GET for preset value bit masks (Masahiro Yamada) 
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (Michael Kelley) 
- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz)   {CVE-2022-42896}
- x86/pm: Add enumeration check before spec MSRs save/restore setup (Saeed Mirzamohammadi) 
- nvme: restrict management ioctls to admin (Keith Busch) 
- tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima)  [Orabug: 34719346]  {CVE-2022-3524}
- iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (Xiongfeng Wang) 
- pinctrl: single: Fix potential division by zero (Maxim Korotkov) 
- ASoC: ops: Fix bounds check for _sx controls (Mark Brown) 
- efi: random: Properly limit the size of the random seed (Ben Hutchings) 
- nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (ZhangPeng) 
- tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep" (Tiezhu Yang) 
- btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (ChenXiaoSong) 
- perf: Add sample_flags to indicate the PMU-filled sample data (Kan Liang) 
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (Yang Yingliang) 
- hwmon: (coretemp) Check for null before removing sysfs attrs (Phil Auld) 
- net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (Yoshihiro Shimoda) 
- packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE (Willem de Bruijn) 
- net: hsr: Fix potential use-after-free (YueHaibing) 
- dsa: lan9303: Correct stat name (Jerry Ray) 
- net/9p: Fix a potential socket leak in p9_socket_open (Wang Hai) 
- net: net_netdev: Fix error handling in ntb_netdev_init_module() (Yuan Can) 
- net: phy: fix null-ptr-deref while probe() failed (Yang Yingliang) 
- qlcnic: fix sleep-in-atomic-context bugs caused by msleep (Duoming Zhou) 
- can: cc770: cc770_isa_probe(): add missing free_cc770dev() (Zhang Changzhong) 
- can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (Zhang Changzhong) 
- net/mlx5: Fix uninitialized variable bug in outlen_write() (YueHaibing) 
- of: property: decrement node refcount in of_fwnode_get_reference_args() (Yang Yingliang) 
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (Gaosheng Cui) 
- hwmon: (i5500_temp) fix missing pci_disable_device() (Yang Yingliang) 
- iio: light: rpr0521: add missing Kconfig dependencies (Paul Gazzillo) 
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (Wei Yongjun) 
- iio: health: afe4403: Fix oob read in afe4403_read_raw (Wei Yongjun) 
- drm/amdgpu: always register an MMU notifier for userptr (Christian König) 
- net: usb: qmi_wwan: add Telit 0x103a composition (Enrico Sau) 
- tcp: configurable source port perturb table size (Gleb Mazovetskiy) 
- platform/x86: hp-wmi: Ignore Smart Experience App event (Kai-Heng Feng) 
- platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (Hans de Goede) 
- platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (Xiongfeng Wang) 
- xen/platform-pci: add missing free_irq() in error path (ruanjinjie) 
- serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (Lukas Wunner) 
- Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (Aman Dhoot) 
- nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (Chen Zhongjin) 
- kconfig: display recursive dependency resolution hint just once (Masahiro Yamada) 
- iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (Chen Zhongjin) 
- iio: light: apds9960: fix wrong register for gesture gain (Alejandro Concepción Rodríguez) 
- arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (Jakob Unterwurzacher) 
- nios2: add FORCE for vmlinuz.gz (Randy Dunlap) 
- s390/crashdump: fix TOD programmable field size (Heiko Carstens) 
- net: thunderx: Fix the ACPI memory leak (Yu Liao) 
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (Martin Faltesek) 
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) 
- s390/dasd: fix no record found for raw_track_access (Stefan Haberland) 
- dccp/tcp: Reset saddr on failure after inet6?_hash_connect(). (Kuniyuki Iwashima) 
- NFC: nci: fix memory leak in nci_rx_data_packet() (Liu Shixin) 
- xfrm: Fix ignored return value in xfrm6_init() (Chen Zhongjin) 
- net/qla3xxx: fix potential memleak in ql3xxx_send() (Zhang Changzhong) 
- net/mlx4: Check retval of mlx4_bitmap_init (Peter Kosyh) 
- ARM: mxs: fix memory leak in mxs_machine_init() (Zheng Yongjun) 
- 9p/fd: fix issue of list_del corruption in p9_fd_cancel() (Zhengchao Shao) 
- net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() (Wang Hai) 
- nfc/nci: fix race with opening and closing (Lin Ma) 
- ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (Michael Grzeschik) 
- bus: sunxi-rsb: Support atomic transfers (Samuel Holland) 
- ARM: dts: am335x-pcm-953: Define fixed regulators in root node (Dominik Haller) 
- af_key: Fix send_acquire race with pfkey_register (Herbert Xu) 
- MIPS: pic32: treat port as signed integer (Jason A. Donenfeld) 
- spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (Sean Nyekjaer) 
- wifi: mac80211: Fix ack frame idr leak when mesh has no route (Nicolas Cavallari) 
- audit: fix undefined behavior in bit shift for AUDIT_BIT (Gaosheng Cui) 
- wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (Jonas Jelonek) 
- LTS version: v4.14.300 (Saeed Mirzamohammadi) 
- ntfs: check overflow when iterating ATTR_RECORDs (Hawkins Jiawei) 
- ntfs: fix out-of-bounds read in ntfs_attr_find() (Hawkins Jiawei) 
- ntfs: fix use-after-free in ntfs_attr_find() (Hawkins Jiawei) 
- mm: fs: initialize fsdata passed to write_begin/write_end interface (Alexander Potapenko) 
- 9p/trans_fd: always use O_NONBLOCK read/write (Tetsuo Handa) 
- gfs2: Switch from strlcpy to strscpy (Andreas Gruenbacher) 
- gfs2: Check sb_bsize_shift after reading superblock (Andrew Price) 
- 9p: trans_fd/p9_conn_cancel: drop client lock earlier (Dominique Martinet) 
- kcm: close race conditions on sk_receive_queue (Cong Wang) 
- bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (Baisong Zhong) 
- kcm: avoid potential race in kcm_tx_work (Eric Dumazet) 
- tcp: cdg: allow tcp_cdg_release() to be called multiple times (Eric Dumazet) 
- macvlan: enforce a consistent minimal mtu (Eric Dumazet) 
- serial: 8250: Flush DMA Rx on RLSI (Ilpo Järvinen) 
- nilfs2: fix use-after-free bug of ns_writer on remount (Ryusuke Konishi) 
- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (Alexander Potapenko) 
- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (Xiongfeng Wang) 
- mmc: core: properly select voltage range without power cycle (Yann Gautier) 
- serial: 8250_lpss: Configure DMA also w/o DMA filter (Ilpo Järvinen) 
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (Ilpo Järvinen) 
- dm ioctl: fix misbehavior if list_versions races with module loading (Mikulas Patocka) 
- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (Mitja Spes) 
- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (Yang Yingliang) 
- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (Yang Yingliang) 
- usb: chipidea: fix deadlock in ci_otg_del_timer (Duoming Zhou) 
- usb: add NO_LPM quirk for Realforce 87U Keyboard (Nicolas Dumazet) 
- USB: serial: option: add Fibocom FM160 0x0111 composition (Reinhard Speyerer) 
- USB: serial: option: add u-blox LARA-L6 modem (Davide Tronchin) 
- USB: serial: option: add u-blox LARA-R6 00B modem (Davide Tronchin) 
- USB: serial: option: remove old LARA-R6 PID (Davide Tronchin) 
- USB: serial: option: add Sierra Wireless EM9191 (Benoît Monin) 
- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (Takashi Iwai) 
- ring_buffer: Do not deactivate non-existant pages (Daniil Tatianin) 
- ftrace: Fix null pointer dereference in ftrace_add_mod() (Xiu Jianfeng) 
- ftrace: Optimize the allocation for mcount entries (Wang Wensheng) 
- ftrace: Fix the possible incorrect kernel message (Wang Wensheng) 
- cifs: Fix wrong return value checking when GETFLAGS (Zhang Xiaoxu) 
- net/x25: Fix skb leak in x25_lapb_receive_frame() (Wei Yongjun) 
- drbd: use after free in drbd_create_device() (Dan Carpenter) 
- xen/pcpu: fix possible memory leak in register_pcpu() (Yang Yingliang) 
- net: caif: fix double disconnect client in chnl_net_open() (Zhengchao Shao) 
- mISDN: fix misuse of put_device() in mISDN_register_device() (Wang ShaoBo) 
- mISDN: fix possible memory leak in mISDN_dsp_element_register() (Yang Yingliang) 
- net: bgmac: Drop free_netdev() from bgmac_enet_remove() (Wei Yongjun) 
- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (Zeng Heng) 
- parport_pc: Avoid FIFO port location truncation (Maciej W. Rozycki) 
- block: sed-opal: kmalloc the cmd/resp buffers (Serge Semin) 
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (Chen Zhongjin) 
- tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (Duoming Zhou) 
- serial: 8250: omap: Flush PM QOS work on remove (Tony Lindgren) 
- serial: 8250_omap: remove wait loop from Errata i202 workaround (Matthias Schiffer) 
- ASoC: core: Fix use-after-free in snd_soc_exit() (Chen Zhongjin) 
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (Luiz Augusto von Dentz) 
- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (Nathan Huckleberry) 
- selftests/futex: fix build for clang (Ricardo Cañuelo) 
- x86/cpu: Restore AMD's DE_CFG MSR after resume (Borislav Petkov) 
- dmaengine: at_hdmac: Check return code of dma_async_device_register (Tudor Ambarus) 
- dmaengine: at_hdmac: Fix impossible condition (Tudor Ambarus) 
- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable (Tudor Ambarus) 
- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (Tudor Ambarus) 
- dmaengine: at_hdmac: Don't start transactions at tx_submit level (Tudor Ambarus) 
- dmaengine: at_hdmac: Fix at_lli struct definition (Tudor Ambarus) 
- cert host tools: Stop complaining about deprecated OpenSSL functions (Linus Torvalds) 
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (ZhangPeng) 
- btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() (Zhang Xiaoxu) 
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (Jorge Lopez) 
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (Matthew Auld) 
- nilfs2: fix deadlock in nilfs_count_free_blocks() (Ryusuke Konishi) 
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (Takashi Iwai) 
- ALSA: hda: fix potential memleak in 'add_widget_node' (Ye Bin) 
- arm64: efi: Fix handling of misaligned runtime regions and drop warning (Ard Biesheuvel) 
- net: macvlan: fix memory leaks of macvlan_common_newlink (Chuang Wang) 
- net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() (Zhengchao Shao) 
- ethernet: s2io: disable napi when start nic failed in s2io_card_up() (Zhengchao Shao) 
- net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (Zhengchao Shao) 
- drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (Zhengchao Shao) 
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (Christophe JAILLET) 
- tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (Xin Long) 
- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (Alexander Potapenko) 
- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (Yuan Can) 
- hamradio: fix issue of dev reference count leakage in bpq_device_event() (Zhengchao Shao) 
- net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event() (Zhengchao Shao) 
- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (Gaosheng Cui) 
- net: fman: Unregister ethernet device on removal (Sean Anderson) 
- bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (Alex Barba) 
- net: gso: fix panic on frag_list with mixed head alloc types (Jiri Benc) 
- HID: hyperv: fix possible memory leak in mousevsc_probe() (Yang Yingliang) 
- LTS version: v4.14.299 (Saeed Mirzamohammadi) 
- wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) 
- linux/const.h: move UL() macro to include/linux/const.h (Masahiro Yamada) 
- linux/const.h: prefix include guard of uapi/linux/const.h with _UAPI (Masahiro Yamada) 
- KVM: x86: emulator: update the emulation mode after CR0 write (Maxim Levitsky) 
- KVM: x86: emulator: introduce emulator_recalc_and_set_mode (Maxim Levitsky) 
- KVM: x86: emulator: em_sysexit should update ctxt->mode (Maxim Levitsky) 
- KVM: x86: Mask off reserved bits in CPUID.80000008H (Jim Mattson) 
- ext4: fix warning in 'ext4_da_release_space' (Ye Bin) 
- parisc: Export iosapic_serial_irq() symbol for serial port driver (Helge Deller) 
- parisc: Make 8250_gsc driver dependend on CONFIG_PARISC (Helge Deller) 
- efi: random: reduce seed size to 32 bytes (Ard Biesheuvel) 
- ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (John Veness) 
- capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (Gaosheng Cui) 
- tcp/udp: Make early_demux back namespacified. (Kuniyuki Iwashima) 
- btrfs: fix type of parameter generation in btrfs_get_dentry (David Sterba) 
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (Yu Kuai) 
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz)   {CVE-2022-42895}
- i2c: xiic: Add platform module alias (Martin Tůma) 
- media: dvb-frontends/drxk: initialize err to 0 (Hans Verkuil) 
- media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) 
- net, neigh: Fix null-ptr-deref in neigh_table_clear() (Chen Zhongjin) 
- net: mdio: fix undefined behavior in bit shift for __mdiobus_register (Gaosheng Cui) 
- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (Zhengchao Shao) 
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) 
- btrfs: fix ulist leaks in error paths of qgroup self tests (Filipe Manana) 
- btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (Filipe Manana) 
- isdn: mISDN: netjet: fix wrong check of device registration (Yang Yingliang) 
- mISDN: fix possible memory leak in mISDN_register_device() (Yang Yingliang) 
- rose: Fix NULL pointer dereference in rose_send_frame() (Zhang Qilong) 
- ipvs: use explicitly signed chars (Jason A. Donenfeld) 
- net: sched: Fix use after free in red_enqueue() (Dan Carpenter) 
- ata: pata_legacy: fix pdc20230_set_piomode() (Sergey Shtylyov) 
- net: fec: fix improper use of NETDEV_TX_BUSY (Zhang Changzhong) 
- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (Shang XiaoJing) 
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (Shang XiaoJing) 
- net: dsa: Fix possible memory leaks in dsa_loop_init() (Chen Zhongjin) 
- nfs4: Fix kmemleak when allocate slot failed (Zhang Xiaoxu) 
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (Trond Myklebust) 
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (Trond Myklebust)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata