Oracle Linux Security Advisory ELSA-2023-12255

https://linux.oracle.com/errata/ELSA-2023-12255.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.318.7.1.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.318.7.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.318.7.1.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.318.7.1.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.318.7.1.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.318.7.1.el7uek.x86_64.rpm

aarch64:
kernel-uek-5.4.17-2136.318.7.1.el7uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.318.7.1.el7uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.318.7.1.el7uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.318.7.1.el7uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.318.7.1.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.318.7.1.el7uek.aarch64.rpm
kernel-uek-tools-libs-5.4.17-2136.318.7.1.el7uek.aarch64.rpm
perf-5.4.17-2136.318.7.1.el7uek.aarch64.rpm
python-perf-5.4.17-2136.318.7.1.el7uek.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.318.7.1.el7uek.src.rpm

Related CVEs:

CVE-2022-2196
CVE-2022-27672
CVE-2022-3108
CVE-2022-4129
CVE-2023-23559




Description of changes:

[5.4.17-2136.318.7.1.el7uek]
- KVM: arm64: Disabling disabled PMU counters wastes a lot of time (Alexandre Chartre)  [Orabug: 33312587]
- KVM: arm64: Don't zero the cycle count register when PMCR_EL0.P is set (Alexandru Elisei)  [Orabug: 33312587]
- KVM: arm64: pmu: Only handle supported event counters (Eric Auger)  [Orabug: 33312587]

[5.4.17-2136.318.7.el7uek]
- mm, compaction: Skip all pinned pages during scan (Khalid Aziz)  [Orabug: 35251798]
- xfs: add missing cmap->br_state = XFS_EXT_NORM update (Gao Xiang)  [Orabug: 35214060]
- rds/ib: Fix the softlock-up in RDS cache GC worker (Arumugam Kolappan)  [Orabug: 35146761]
- uek-rpm: Update linux-firmware dependency (Somasundaram Krishnasamy)  [Orabug: 33755589]

[5.4.17-2136.318.6.el7uek]
- net/rds: Flip the default value of "rds_wq_strictly_ordered" (Gerd Rausch)  [Orabug: 35197635]

[5.4.17-2136.318.5.el7uek]
- udf: Fix file corruption when appending just after end of preallocated extent (Jan Kara)  [Orabug: 35192763]
- selftests/ftrace: Fix bash specific "==" operator (Masami Hiramatsu (Google))  [Orabug: 35192763]
- arm64: kdump: Increase reserved memory for larger machines (Henry Willard)  [Orabug: 35051468]
- KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (Like Xu)  [Orabug: 34729426]
- KVM: x86/pmu: Introduce pmc->is_paused to reduce the call time of perf interfaces (Like Xu)  [Orabug: 34729426]
- perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table (Kan Liang)  [Orabug: 35053343]
- perf/x86/uncore: Add a quirk for UPI on SPR (Kan Liang)  [Orabug: 35053343]
- perf/x86/uncore: Ignore broken units in discovery table (Kan Liang)  [Orabug: 35053343]
- perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (Kan Liang)  [Orabug: 35053343]
- perf/x86/uncore: Factor out uncore_device_to_die() (Kan Liang)  [Orabug: 35053343]
- Revert "perf/x86/uncore: Factor out uncore_device_to_die()" (Thomas Tai)  [Orabug: 35053343]
- Revert "perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name" (Thomas Tai)  [Orabug: 35053343]
- Revert "perf/x86/uncore: Ignore broken units in discovery table" (Thomas Tai)  [Orabug: 35053343]
- Revert "perf/x86/uncore: Add a quirk for UPI on SPR" (Thomas Tai)  [Orabug: 35053343]
- Revert "perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table" (Thomas Tai)  [Orabug: 35053343]
- Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions (Tom Lendacky)  [Orabug: 35166671]  {CVE-2022-27672}
- KVM: x86: Mitigate the cross-thread return address predictions bug (Tom Lendacky)  [Orabug: 35166671]  {CVE-2022-27672}
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (Tom Lendacky)  [Orabug: 35166671]  {CVE-2022-27672}
- uek-rpm: aarch64: embedded: Enable CONFIG_RANDOMIZE_BASE to support ksplice for T93 (Thomas Tai)  [Orabug: 35180981]
- drm/amdkfd: Check for null pointer after calling kmemdup (Jiasheng Jiang)  [Orabug: 34951503]  {CVE-2022-3108}
- mm: use padata for copying page ranges in vma_dup() (Anthony Yznaga)  [Orabug: 35054622]
- mm: parallelize unmap_page_range() for some large VMAs (Anthony Yznaga)  [Orabug: 35054622]
- net/rds: serialize up+down-work to relax strict ordering (Gerd Rausch)  [Orabug: 35094723]
- rds: ib: Fix non-parenthetical mutex/semaphore use (HÃ¥kon Bugge)  [Orabug: 35155114]
- Revert "btrfs: free device in btrfs_close_devices for a single device filesystem" (Vijayendra Suman)  [Orabug: 35161536]

[5.4.17-2136.318.4.el7uek]
- ipc: update semtimedop() to use hrtimer (Prakash Sangappa)  [Orabug: 35069807]
- rds: ib: Destroy fastreg resources correctly (HÃ¥kon Bugge)  [Orabug: 35140658]
- rds: ib: Use one-bit booleans in struct rds_ib_device and keep them adjacent (HÃ¥kon Bugge)  [Orabug: 35140648]
- mips64: drivers/watchdog: Add IRQF_NOBALANCING when requesting irq (Thomas Tai)  [Orabug: 35159790]
- net: mana: Fix IRQ name - add PCI and queue number (Haiyang Zhang)  [Orabug: 35084730]
- uek-rpm: Add opbmc to nano rpm (Somasundaram Krishnasamy)  [Orabug: 35145857]

[5.4.17-2136.318.3.el7uek]
- vc_screen: don't clobber return value in vcs_read (Thomas Weißschuh) 
- LTS tag: v5.4.233 (Sherry Yang) 
- bpf: add missing header file include (Linus Torvalds) 
- Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs" (Vladimir Oltean) 
- ext4: Fix function prototype mismatch for ext4_feat_ktype (Kees Cook) 
- wifi: mwifiex: Add missing compatible string for SD8787 (Lukas Wunner) 
- uaccess: Add speculation barrier to copy_from_user() (Dave Hansen) 
- mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh (Pavel Skripkin) 
- drm/i915/gvt: fix double free bug in split_2MB_gtt_entry (Zheng Wang) 
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (Thomas Gleixner) 
- powerpc: dts: t208x: Disable 10G on MAC1 and MAC2 (Sean Anderson) 
- can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len (Marc Kleine-Budde) 
- KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (Jim Mattson) [Orabug: 34982694] {CVE-2022-2196}
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (Sean Christopherson) 
- random: always mix cycle counter in add_latent_entropy() (Jason A. Donenfeld) 
- powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G (Sean Anderson) 
- wifi: rtl8xxxu: gen2: Turn on the rate control (Bitterblue Smith) 
- drm/etnaviv: don't truncate physical page address (Lucas Stach) 
- drm: etnaviv: fix common struct sg_table related issues (Marek Szyprowski) 
- scatterlist: add generic wrappers for iterating over sgtable objects (Marek Szyprowski) 
- dma-mapping: add generic helpers for mapping sgtable objects (Marek Szyprowski) 
- LTS tag: v5.4.232 (Sherry Yang) 
- net: sched: sch: Fix off by one in htb_activate_prios() (Dan Carpenter) 
- ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak (Pierre-Louis Bossart) 
- nilfs2: fix underflow in second superblock position calculations (Ryusuke Konishi) 
- kvm: initialize all of the kvm_debugregs structure before sending it to userspace (Greg Kroah-Hartman) 
- i40e: Add checking for null for nlmsg_find_attr() (Natalia Petrova) 
- ipv6: Fix tcp socket connection with DSCP. (Guillaume Nault) 
- ipv6: Fix datagram socket connection with DSCP. (Guillaume Nault) 
- ixgbe: add double of VLAN header when computing the max MTU (Jason Xing) 
- net: mpls: fix stale pointer if allocation fails during device rename (Jakub Kicinski) 
- net: stmmac: Restrict warning on disabling DMA store and fwd mode (Cristian Ciocaltea) 
- bnxt_en: Fix mqprio and XDP ring checking logic (Michael Chan) 
- net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence (Johannes Zink) 
- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path (Miko Larsson) 
- dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions. (Kuniyuki Iwashima) 
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (Pietro Borrello) 
- net: bgmac: fix BCM5358 support by setting correct flags (Rafał Miłecki) 
- i40e: add double of VLAN header when computing the max MTU (Jason Xing) 
- ixgbe: allow to increase MTU to 3K with XDP enabled (Jason Xing) 
- revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (Andrew Morton) 
- net: Fix unwanted sign extension in netdev_stats_to_stats64() (Felix Riemann) 
- Revert "mm: Always release pages to the buddy allocator in memblock_free_late()." (Aaron Thompson) 
- hugetlb: check for undefined shift on 32 bit architectures (Mike Kravetz) 
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (Munehisa Kamata) 
- ALSA: hda/realtek - fixed wrong gpio assigned (Kailang Yang) 
- ALSA: hda/conexant: add a new hda codec SN6180 (Bo Liu) 
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (Yang Yingliang) 
- mmc: sdio: fix possible resource leaks in some error paths (Yang Yingliang) 
- ipv4: Fix incorrect route flushing when source address is deleted (Ido Schimmel) 
- Revert "ipv4: Fix incorrect route flushing when source address is deleted" (Shaoying Xu) 
- xfs: sync lazy sb accounting on quiesce of read-only mounts (Brian Foster) 
- xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks (Darrick J. Wong) 
- xfs: ensure inobt record walks always make forward progress (Darrick J. Wong) 
- xfs: fix missing CoW blocks writeback conversion retry (Darrick J. Wong) 
- xfs: fix finobt btree block recovery ordering (Dave Chinner) 
- xfs: remove the xfs_inode_log_item_t typedef (Christoph Hellwig) 
- xfs: remove the xfs_efd_log_item_t typedef (Christoph Hellwig) 
- xfs: remove the xfs_efi_log_item_t typedef (Christoph Hellwig) 
- netfilter: nft_tproxy: restrict to prerouting hook (Florian Westphal) 
- btrfs: free device in btrfs_close_devices for a single device filesystem (Anand Jain) 
- aio: fix mremap after fork null-deref (Seth Jenkins) 
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (Amit Engel) 
- s390/decompressor: specify __decompress() buf len to avoid overflow (Vasily Gorbik) 
- net: sched: sch: Bounds check priority (Kees Cook) 
- net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC (Andrey Konovalov) 
- net/rose: Fix to not accept on connected socket (Hyunwoo Kim) 
- tools/virtio: fix the vringh test for virtio ring changes (Shunsuke Mie) 
- ASoC: cs42l56: fix DT probe (Arnd Bergmann) 
- selftests/bpf: Verify copy_register_state() preserves parent/live fields (Eduard Zingerman) 
- migrate: hugetlb: check for hugetlb shared PMD in node migration (Mike Kravetz) 
- bpf: Always return target ifindex in bpf_fib_lookup (Toke Høiland-Jørgensen) 
- nvme-pci: Move enumeration by class to be last in the table (Andy Shevchenko) 
- arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (Heiner Kallweit) 
- arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (Heiner Kallweit) 
- arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (Heiner Kallweit) 
- riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte (Guo Ren) 
- ceph: flush cap releases when the session is flushed (Xiubo Li) 
- usb: typec: altmodes/displayport: Fix probe pin assign check (Prashant Malani) 
- usb: core: add quirk for Alcor Link AK9563 smartcard reader (Mark Pearson) 
- net: USB: Fix wrong-direction WARNING in plusb.c (Alan Stern) 
- pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (Andy Shevchenko) 
- pinctrl: single: fix potential NULL dereference (Maxim Korotkov) 
- pinctrl: aspeed: Fix confusing types in return value (Joel Stanley) 
- ALSA: pci: lx6464es: fix a debug loop (Dan Carpenter) 
- selftests: forwarding: lib: quote the sysctl values (Hangbin Liu) 
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (Anirudh Venkataramanan) 
- net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (Heiner Kallweit) 
- bonding: fix error checking in bond_debug_reregister() (Qi Zheng) 
- xfrm: fix bug with DSCP copy to v6 from v4 tunnel (Christian Hopps) 
- IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (Dragos Tatulea) 
- IB/hfi1: Restore allocated resources on failed copyout (Dean Luick) 
- can: j1939: do not wait 250 ms if the same addr was already claimed (Devid Antonio Filoni) 
- tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (Shiju Jose) 
- ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (Artemii Karasev) 
- btrfs: zlib: zero-initialize zlib workspace (Alexander Potapenko) 
- btrfs: limit device extents to the device size (Josef Bacik) 
- iio:adc:twl6030: Enable measurement of VAC (Andreas Kemnade) 
- wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads (Minsuk Kang) 
- f2fs: fix to do sanity check on i_extra_isize in is_alive() (Chao Yu) 
- fbdev: smscufx: fix error handling code in ufx_usb_probe (Dongliang Mu) 
- powerpc/imc-pmu: Revert nest_init_lock to being a mutex (Michael Ellerman) 
- serial: 8250_dma: Fix DMA Rx rearm race (Ilpo Järvinen) 
- serial: 8250_dma: Fix DMA Rx completion race (Ilpo Järvinen) 
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (Zhang Xiaoxu) 
- mm: swap: properly update readahead statistics in unuse_pte_range() (Andrea Righi) 
- nvmem: core: fix cell removal on error (Michael Walle) 
- Squashfs: fix handling and sanity checking of xattr_ids count (Phillip Lougher) 
- mm/swapfile: add cond_resched() in get_swap_pages() (Longlong Xia) 
- fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (Zheng Yongjun) 
- mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps (Mike Kravetz) 
- riscv: disable generation of unwind tables (Andreas Schwab) 
- parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case (Helge Deller) 
- parisc: Fix return code of pdc_iodc_print() (Helge Deller) 
- iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (Andreas Kemnade) 
- iio: adc: berlin2-adc: Add missing of_node_put() in error path (Xiongfeng Wang) 
- iio: hid: fix the retval in accel_3d_capture_sample (Dmitry Perchanov) 
- efi: Accept version 2 of memory attributes table (Ard Biesheuvel) 
- watchdog: diag288_wdt: fix __diag288() inline assembly (Alexander Egorenkov) 
- watchdog: diag288_wdt: do not use stack buffers for hardware data (Alexander Egorenkov) 
- fbcon: Check font dimension limits (Samuel Thibault) 
- Input: i8042 - add Clevo PCX0DX to i8042 quirk table (Werner Sembach) 
- Input: i8042 - add TUXEDO devices to i8042 quirk tables (Werner Sembach) 
- Input: i8042 - merge quirk tables (Werner Sembach) 
- Input: i8042 - move __initconst to fix code styling warning (Werner Sembach) 
- vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (George Kennedy) 
- usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (Udipto Goswami) 
- usb: dwc3: qcom: enable vbus override when in OTG dr-mode (Neil Armstrong) 
- usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (Wesley Cheng) 
- iio: adc: stm32-dfsdm: fill module aliases (Olivier Moysan) 
- net/x25: Fix to not accept on connected socket (Hyunwoo Kim) 
- i2c: rk3x: fix a bunch of kernel-doc warnings (Randy Dunlap) 
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (Mike Christie) 
- scsi: target: core: Fix warning on RT kernels (Maurizio Lombardi) 
- efi: fix potential NULL deref in efi_mem_reserve_persistent (Anton Gusev) 
- net: openvswitch: fix flow memory leak in ovs_flow_cmd_new (Fedor Pchelkin) 
- virtio-net: Keep stop() to follow mirror sequence of open() (Parav Pandit) 
- selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (Andrei Gherzan) 
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (Andrei Gherzan) 
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (Andrei Gherzan) 
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (Andrei Gherzan) 
- ata: libata: Fix sata_down_spd_limit() when no link speed is reported (Damien Le Moal) 
- can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (Ziyang Xuan) 
- net: phy: meson-gxl: Add generic dummy stubs for MMD register access (Chris Healy) 
- squashfs: harden sanity check in squashfs_read_xattr_id_table (Fedor Pchelkin) 
- netfilter: br_netfilter: disable sabotage_in hook after first suppression (Florian Westphal) 
- netrom: Fix use-after-free caused by accept on already connected socket (Hyunwoo Kim) 
- fix "direction" argument of iov_iter_kvec() (Al Viro) 
- fix iov_iter_bvec() "direction" argument (Al Viro) 
- WRITE is "data source", not destination... (Al Viro) 
- scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" (Martin K. Petersen) 
- arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (Pierluigi Passaro) 
- ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (Artemii Karasev) 
- ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (Andy Shevchenko) 
- bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (Yuan Can) 
- firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (Takashi Sakamoto) 
- LTS tag: v5.4.231 (Sherry Yang) 
- usb: host: xhci-plat: add wakeup entry at sysfs (Peter Chen) 
- Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (Soenke Huster) 
- ipv6: ensure sane device mtu in tunnels (Eric Dumazet) 
- exit: Use READ_ONCE() for all oops/warn limit reads (Kees Cook) 
- docs: Fix path paste-o for /sys/kernel/warn_count (Kees Cook) 
- panic: Expose "warn_count" to sysfs (Kees Cook) 
- panic: Introduce warn_limit (Kees Cook) 
- panic: Consolidate open-coded panic_on_warn checks (Kees Cook) 
- exit: Allow oops_limit to be disabled (Kees Cook) 
- exit: Expose "oops_count" to sysfs (Kees Cook) 
- exit: Put an upper limit on how often we can oops (Jann Horn) 
- ia64: make IA64_MCA_RECOVERY bool instead of tristate (Randy Dunlap) 
- csky: Fix function name in csky_alignment() and die() (Nathan Chancellor) 
- h8300: Fix build errors from do_exit() to make_task_dead() transition (Nathan Chancellor) 
- hexagon: Fix function name in die() (Nathan Chancellor) 
- objtool: Add a missing comma to avoid string concatenation (Eric W. Biederman) 
- exit: Add and use make_task_dead. (Eric W. Biederman) 
- mm: kasan: do not panic if both panic_on_warn and kasan_multishot set (David Gow) 
- panic: unset panic_on_warn inside panic() (Tiezhu Yang) 
- sysctl: add a new register_sysctl_init() interface (Xiaoming Ni) 
- dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (Hui Wang) 
- blk-cgroup: fix missing pd_online_fn() while activating policy (Yu Kuai) 
- bpf: Skip task with pid=1 in send_signal_common() (Hao Sun) 
- ARM: dts: imx: Fix pca9547 i2c-mux node name (Geert Uytterhoeven) 
- x86/asm: Fix an assembler warning with current binutils (Mikulas Patocka) 
- clk: Fix pointer casting to prevent oops in devm_clk_release() (Uwe Kleine-König) 
- perf/x86/amd: fix potential integer overflow on shift of a int (Colin Ian King) 
- netfilter: conntrack: unify established states for SCTP paths (Sriram Yagnaraman) 
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (Thomas Gleixner) 
- block: fix and cleanup bio_check_ro (Christoph Hellwig) 
- nfsd: Ensure knfsd shuts down when the "nfsd" pseudofs is unmounted (Trond Myklebust) 
- Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (Dmitry Torokhov) 
- net: mdio-mux-meson-g12a: force internal PHY off on mux switch (Jerome Brunet) 
- net: xgene: Move shared header file into include/linux (Andrew Lunn) 
- net/phy/mdio-i2c: Move header file to include/linux/mdio (Andrew Lunn) 
- net/tg3: resolve deadlock in tg3_reset_task() during EEH (David Christensen) 
- thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() (Rafael J. Wysocki) 
- net: ravb: Fix possible hang if RIS2_QFF1 happen (Yoshihiro Shimoda) 
- sctp: fail if no bound addresses can be used for a given scope (Marcelo Ricardo Leitner) 
- net/sched: sch_taprio: do not schedule in taprio_reset() (Eric Dumazet) 
- netrom: Fix use-after-free of a listening socket. (Kuniyuki Iwashima) 
- netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE (Sriram Yagnaraman) 
- ipv4: prevent potential spectre v1 gadget in fib_metrics_match() (Eric Dumazet) 
- ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() (Eric Dumazet) 
- netlink: annotate data races around sk_state (Eric Dumazet) 
- netlink: annotate data races around dst_portid and dst_group (Eric Dumazet) 
- netlink: annotate data races around nlk->portid (Eric Dumazet) 
- netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (Pablo Neira Ayuso) 
- net: fix UaF in netns ops registration error path (Paolo Abeni) 
- netlink: prevent potential spectre v1 gadgets (Eric Dumazet) 
- EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info (Manivannan Sadhasivam) 
- EDAC/device: Respect any driver-supplied workqueue polling value (Manivannan Sadhasivam) 
- ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment (Giulio Benetti) 
- thermal: intel: int340x: Protect trip temperature from concurrent updates (Srinivas Pandruvada) 
- KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (Hendrik Borghorst) 
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect (David Howells) 
- ftrace/scripts: Update the instructions for ftrace-bisect.sh (Steven Rostedt (Google)) 
- trace_events_hist: add check for return value of 'create_hist_field' (Natalia Petrova) 
- tracing: Make sure trace_printk() can output as soon as it can be used (Steven Rostedt (Google)) 
- module: Don't wait for GOING modules (Petr Pavlu) 
- scsi: hpsa: Fix allocation size for scsi_host_alloc() (Alexey V. Vissarionov) 
- Bluetooth: hci_sync: cancel cmd_timer if hci_open failed (Archie Pusaka) 
- Revert "Revert "xhci: Set HCD flag to defer primary roothub registration"" (Sasha Levin) 
- fs: reiserfs: remove useless new_opts in reiserfs_remount (Dongliang Mu) 
- mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (Haibo Chen) 
- mmc: sdhci-esdhc-imx: disable the CMD CRC check for standard tuning (Haibo Chen) 
- mmc: sdhci-esdhc-imx: clear pending interrupt and halt cqhci (Haibo Chen) 
- lockref: stop doing cpu_relax in the cmpxchg loop (Mateusz Guzik) 
- platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (Hans de Goede) 
- platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (Michael Klein) 
- scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (Yihang Li) 
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (Heiko Carstens) 
- spi: spidev: remove debug messages that access spidev->spi without locking (Bartosz Golaszewski) 
- ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (Mark Brown) 
- ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (Mark Brown) 
- cpufreq: armada-37xx: stop using 0 as NULL pointer (Miles Chen) 
- s390/debug: add _ASM_S390_ prefix to header guard (Niklas Schnelle) 
- drm: Add orientation quirk for Lenovo ideapad D330-10IGL (Patrick Thompson) 
- ASoC: fsl_micfil: Correct the number of steps on SX controls (Chancel Liu) 
- cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (Sumit Gupta) 
- tcp: fix rate_app_limited to default to 1 (David Morley) 
- net: dsa: microchip: ksz9477: port map correction in ALU table entry register (Rakesh Sankaranarayanan) 
- driver core: Fix test_async_probe_init saves device in wrong array (Chen Zhongjin) 
- w1: fix WARNING after calling w1_process() (Yang Yingliang) 
- w1: fix deadloop in __w1_remove_master_device() (Yang Yingliang) 
- tcp: avoid the lookup process failing to get sk in ehash table (Jason Xing) 
- dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (Liu Shixin) 
- dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (Swati Agarwal) 
- dmaengine: xilinx_dma: use devm_platform_ioremap_resource() (Radhey Shyam Pandey) 
- HID: betop: check shape of output reports (Pietro Borrello) 
- net: macb: fix PTP TX timestamp failure due to packet padding (Robert Hancock) 
- dmaengine: Fix double increment of client_count in dma_chan_get() (Koba Ko) 
- drm/panfrost: fix GENERIC_ATOMIC64 dependency (Arnd Bergmann) 
- net: mlx5: eliminate anonymous module_init & module_exit (Randy Dunlap) 
- usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (Udipto Goswami) 
- usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (Udipto Goswami) 
- HID: revert CHERRY_MOUSE_000C quirk (Jiri Kosina) 
- net: stmmac: fix invalid call to mdiobus_get_phy() (Heiner Kallweit) 
- HID: check empty report_list in bigben_probe() (Pietro Borrello) 
- HID: check empty report_list in hid_validate_values() (Pietro Borrello) 
- net: mdio: validate parameter addr in mdiobus_get_phy() (Heiner Kallweit) 
- net: usb: sr9700: Handle negative len (Szymon Heidrich) 
- l2tp: Don't sleep and disable BH under writer-side sk_callback_lock (Jakub Sitnicki) 
- l2tp: Serialize access to sk_user_data with sk_callback_lock (Jakub Sitnicki) [Orabug: 34951575] {CVE-2022-4129}
- net: fix a concurrency bug in l2tp_tunnel_register() (Gong, Sishuai) 
- net/sched: sch_taprio: fix possible use-after-free (Eric Dumazet) 
- wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (Szymon Heidrich) [Orabug: 35037713] {CVE-2023-23559}
- gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode (Marek Vasut) 
- net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (Esina Ekaterina) 
- net: nfc: Fix use-after-free in local_cleanup() (Jisoo Jang) 
- phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (Shang XiaoJing) 
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (Luis Gerhorst) 
- amd-xgbe: Delay AN timeout during KR training (Raju Rangoju) 
- amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent (Raju Rangoju) 
- affs: initialize fsdata in affs_truncate() (Alexander Potapenko) 
- IB/hfi1: Fix expected receive setup error exit issues (Dean Luick) 
- IB/hfi1: Reserve user expected TIDs (Dean Luick) 
- IB/hfi1: Reject a zero-length user expected buffer (Dean Luick) 
- RDMA/core: Fix ib block iterator counter overflow (Yonatan Nachum) 
- tomoyo: fix broken dependency on *.conf.default (Masahiro Yamada) 
- EDAC/highbank: Fix memory leak in highbank_mc_probe() (Miaoqian Lin) 
- HID: intel_ish-hid: Add check for ishtp_dma_tx_map (Jiasheng Jiang) 
- ARM: imx: add missing of_node_put() (Dario Binacchi) 
- ARM: imx35: Retrieve the IIM base address from devicetree (Fabio Estevam) 
- ARM: imx31: Retrieve the IIM base address from devicetree (Fabio Estevam) 
- ARM: imx27: Retrieve the SYSCTRL base address from devicetree (Fabio Estevam) 
- ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (Fabio Estevam) 
- memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (Gaosheng Cui) 
- memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (Gaosheng Cui) 
- clk: Provide new devm_clk helpers for prepared and enabled clocks (Uwe Kleine-König) 
- clk: generalize devm_clk_get() a bit (Uwe Kleine-König)

[5.4.17-2136.318.2.el7uek]
- iommu/amd: Increase kdump command sync timeout to 2secs (Joao Martins)  [Orabug: 35117313]

[5.4.17-2136.318.1.el7uek]
- uek-rpm: aarch64: embedded: Clean up T93 config file v2 (Henry Willard)  [Orabug: 35029259]
- uek-rpm: aarch64 embedded: make some modules built-in (Dave Kleikamp)  [Orabug: 35029259]
- uek-rpm: aarch64: pensando: config file update for January 2023 update (Dave Kleikamp)  [Orabug: 35089950]
- drivers/mtd/spi-nor: Winbond w25q02nw flash support. (Hiren Mehta)  [Orabug: 35089950]
- drivers/i2c: Reset Lattice RD1173 master for i2c_busy set. (Hiren Mehta)  [Orabug: 35089950]
- drivers/soc/pensando: boot_count to sysfs for kdump.log (Hiren Mehta)  [Orabug: 35089950]
- drivers/soc/pensando sbus driver (Hiren Mehta)  [Orabug: 35089950]
- drivers/reset: Add emmc hardware reset (Hiren Mehta)  [Orabug: 35089950]
- uek-rpm: Add missing dax_pmem_compat.ko to nano rpm (Somasundaram Krishnasamy)  [Orabug: 35094871]


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata