Oracle7: ELSA-2024-12150: kernel Important (aarch64) Security Update
Summary
[4.14.35-2047.533.3.el7uek] - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229] - sched/rt: pick_next_rt_entity(): check list_entry (Pietro Borrello) [Orabug: 35181559] {CVE-2023-1077} [4.14.35-2047.533.2.el7uek] - LTS version: 4.14.334 (Yifei Liu) - powerpc/ftrace: Fix stack teardown in ftrace_no_trace (Naveen N Rao) - powerpc/ftrace: Create a dummy stackframe to fix stack unwind (Naveen N Rao) - ring-buffer: Fix memory leak of free page (Steven Rostedt (Google)) - team: Fix use-after-free when an option instance allocation fails (Florent Revest) - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS (Baokun Li) - HID: hid-asus: add const to read-only outgoing usb buffer (Denis Benato) - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (Lech Perczak) - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation (Linus Torvalds) - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad (Aoba K) - HID: hid-asus: reset the backlight brightness level on resume (Denis Benato) - platform/x86: intel_telemetry: Fix kernel doc descriptions (Andy Shevchenko) - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (Coly Li) - blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" (Ming Lei) - appletalk: Fix Use-After-Free in atalk_ioctl (Hyunwoo Kim) - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (Nikolay Kuratov) - sign-file: Fix incorrect return values check (Yusong Gao) - net: Remove acked SYN flag from packet in the transmit queue correctly (Dong Chenchen) - qed: Fix a potential use-after-free in qed_cxt_tables_alloc (Dinghao Liu) - net/rose: Fix Use-After-Free in rose_ioctl (Hyunwoo Kim) - atm: Fix Use-After-Free in do_vcc_ioctl (Hyunwoo Kim) - atm: solos-pci: Fix potential deadlock on &tx_queue_lock (Chengfeng Ye) - atm: solos-pci: Fix potential deadlock on &cli_queue_lock (Chengfeng Ye) - qca_spi: Fix reset behavior (Stefan Wahren) - qca_debug: Fix ethtool -G iface tx behavior (Stefan Wahren) - qca_debug: Prevent crash on TX ring changes (Stefan Wahren) - LTS version: 4.14.333 (Yifei Liu) - drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group (Ido Schimmel) - psample: Require 'CAP_NET_ADMIN' when joining "packets" group (Ido Schimmel) - genetlink: add CAP_NET_ADMIN test for multicast bind (Ido Schimmel) - netlink: don't call ->netlink_bind with table lock held (Ido Schimmel) - nilfs2: fix missing error check for sb_set_blocksize call (Ryusuke Konishi) - KVM: s390/mm: Properly reset no-dat (Claudio Imbrenda) - serial: 8250_omap: Add earlycon support for the AM654 UART controller (Ronald Wahl) - serial: sc16is7xx: address RX timeout interrupt errata (Daniel Mack) - parport: Add support for Brainboxes IX/UC/PX parallel cards (Cameron Williams) - packet: Move reference count in packet_sock to atomic_long_t (Daniel Borkmann) - tracing: Fix a possible race when disabling buffered events (Petr Pavlu) - tracing: Fix incomplete locking when disabling buffered events (Petr Pavlu) - tracing: Always update snapshot buffer size (Steven Rostedt (Google)) - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (Ryusuke Konishi) - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (Jason Zhang) - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (Dinghao Liu) - tracing: Fix a warning when allocating buffered events fails (Petr Pavlu) - hwmon: (acpi_power_meter) Fix 4.29 MW bug (Armin Wolf) - RDMA/bnxt_re: Correct module description string (Kalesh AP) - tcp: do not accept ACK of bytes we never sent (Eric Dumazet) - net: hns: fix fake link up on xge port (Yonglong Liu) - drm/amdgpu: correct chunk_ptr to a pointer to chunk. (YuanShang) - tg3: Increment tx_dropped in tg3_tso_bug() (Alex Pakhunov) - tg3: Move the [rt]x_dropped counters to tg3_napi (Alex Pakhunov) - LTS version: 4.14.332 (Yifei Liu) - driver core: Release all resources during unbind before updating device links (Saravana Kannan) - net: ravb: Start TX queues after HW initialization succeeded (Claudiu Beznea) - ravb: Fix races between ravb_tx_timeout_work() and net related ops (Yoshihiro Shimoda) - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Zhengchao Shao) - btrfs: send: ensure send_fd is writable (Jann Horn) - btrfs: fix off-by-one when checking chunk map includes logical address (Filipe Manana) - powerpc: Don't clobber f0/vs0 during fp|altivec register save (Timothy Pearson) - dm verity: don't perform FEC for failed readahead IO (Wu Bo) - dm-verity: align struct dm_verity_fec_io properly (Mikulas Patocka) - firewire: core: fix possible memory leak in create_units() (Yang Yingliang) - pinctrl: avoid reload of p state in list iteration (Maria Yu) - usb: dwc3: set the dma max_seg_size (Ricardo Ribalda) - USB: serial: option: don't claim interface 4 for ZTE MF290 (Lech Perczak) - USB: serial: option: fix FM101R-GL defines (Puliang Lu) - USB: serial: option: add Fibocom L7xx modules (Victor Fragoso) - bcache: prevent potential division by zero error (Rand Deeb) - bcache: check return value from btree_node_alloc_replacement() (Coly Li) - USB: serial: option: add Luat Air72*U series products (Asuna Yang) - s390/dasd: protect device queue against concurrent access (Jan Höppner) - mtd: rawnand: brcmnand: Fix ecc chunk calculation for erased page bitfips (Claire Lin) - net: axienet: Fix check for partial TX checksum (Samuel Holland) - amd-xgbe: propagate the correct speed and duplex status (Raju Rangoju) - amd-xgbe: handle corner-case during sfp hotplug (Raju Rangoju) - arm/xen: fix xen_vcpu_info allocation alignment (Stefano Stabellini) - net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez) - ipv4: Correct/silence an endian warning in __ip_do_redirect (Kunwu Chan) - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (Jonas Karlman) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (Chen Ni) - drm/panel: simple: Fix Innolux G101ICE-L01 timings (Marek Vasut) - RDMA/irdma: Prevent zero-length STAG registration (Christopher Bednarz) - LTS version: 4.14.331 (Yifei Liu) - net: sched: fix race condition in qdisc_graft() (Eric Dumazet) - scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids (Dongli Zhang) - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (Kemeng Shi) - ext4: correct return value of ext4_convert_meta_bg (Kemeng Shi) - ext4: correct offset of gdb backup in non meta_bg group to update_backups (Kemeng Shi) - ext4: apply umask if ACL support is disabled (Max Kellermann) - media: venus: hfi: fix the check to handle session buffer requirement (Vikash Garodia) - media: sharp: fix sharp encoding (Sean Young) - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (Heiner Kallweit) - net: dsa: lan9303: consequently nested-lock physical MDIO (Alexander Sverdlin) - ALSA: info: Fix potential deadlock at disconnection (Takashi Iwai) - parisc/pgtable: Do not drop upper 5 address bits of physical address (Helge Deller) - parisc: Prevent booting 64-bit kernels on PA1.x machines (Helge Deller) - mcb: fix error handling for different scenarios when parsing (Sanjuán GarcÃa, Jorge) - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (Zhihao Cheng) - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (Herve Codina) - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (Rong Chen) - PM: hibernate: Clean up sync_read handling in snapshot_write_next() (Brian Geffon) - PM: hibernate: Use __get_safe_page() rather than touching the list (Brian Geffon) - mmc: vub300: fix an error code (Dan Carpenter) - PCI/sysfs: Protect driver's D3cold preference from user space (Lukas Wunner) - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (David Woodhouse) - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() (Paul Moore) - audit: don't take task_lock() in audit_exe_compare() code path (Paul Moore) - KVM: x86: Ignore MSR_AMD64_TW_CFG access (Maciej S. Szmigiero) - randstruct: Fix gcc-plugin performance mode to stay in group (Kees Cook) - media: venus: hfi: add checks to perform sanity on queue pointers (Vikash Garodia) - pwm: Fix double shift bug (Dan Carpenter) - gfs2: ignore negated quota changes (Bob Peterson) - media: vivid: avoid integer overflow (Hans Verkuil) - media: gspca: cpia1: shift-out-of-bounds in set_flicker (Rajeshwar R Shinde) - i2c: sun6i-p2wi: Prevent potential division by zero (Axel Lin) - tty: vcc: Add check for kstrdup() in vcc_probe() (Yi Yang) - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (Wenchao Hao) - atm: iphase: Do PCI error checks on own line (Ilpo Järvinen) - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (Cezary Rojewski) - jfs: fix array-index-out-of-bounds in diAlloc (Manas Ghandat) - jfs: fix array-index-out-of-bounds in dbFindLeaf (Manas Ghandat) - fs/jfs: Add validity check for db_maxag and db_agpref (Juntong Deng) - fs/jfs: Add check for negative db_l2nbperpage (Juntong Deng) - RDMA/hfi1: Use FIELD_GET() to extract Link Width (Ilpo Järvinen) - crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) - selftests/efivarfs: create-read: fix a resource leak (zhujun2) - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (Mario Limonciello) - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (Mario Limonciello) - net: annotate data-races around sk->sk_dst_pending_confirm (Eric Dumazet) - wifi: ath10k: fix clang-specific fortify warning (Dmitry Antipov) - wifi: ath9k: fix clang-specific fortify warnings (Dmitry Antipov) - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Ping-Ke Shih) - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size (Mike Rapoport (IBM)) - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (Ronald Wahl) - clocksource/drivers/timer-imx-gpt: Fix potential memory leak (Jacky Bai) - locking/ww_mutex/test: Fix potential workqueue corruption (John Stultz) - LTS version: 4.14.330 (Yifei Liu) - btrfs: use u64 for buffer sizes in the tree search ioctls (Filipe Manana) - fbdev: fsl-diu-fb: mark wr_reg_wa() static (Arnd Bergmann) - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (Maciej Å»enczykowski) - tg3: power down device only on SYSTEM_POWER_OFF (George Shuklin) - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. (Kuniyuki Iwashima) - dccp: Call security_inet_conn_request() after setting IPv4 addresses. (Kuniyuki Iwashima) - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Shigeru Yoshida) - llc: verify mac len before reading mac header (Willem de Bruijn) - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (Florian Fainelli) - media: s3c-camif: Avoid inappropriate kfree() (Katya Orlova) - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (Yang Yingliang) - pcmcia: ds: fix refcount leak in pcmcia_device_add() (Yang Yingliang) - pcmcia: cs: fix possible hung task and memory leak pccardd() (Yang Yingliang) - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (Christophe JAILLET) - USB: usbip: fix stub_dev hub disconnect (Jonas Blixt) - misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() (Jinjie Ruan) - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (Dan Carpenter) - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (Jia-Ju Bai) - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (Yi Yang) - mfd: dln2: Fix double put in dln2_probe (Dinghao Liu) - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (Cezary Rojewski) - sh: bios: Revive earlyprintk support (Geert Uytterhoeven) - RDMA/hfi1: Workaround truncation compilation error (Leon Romanovsky) - ext4: move 'ix' sanity check to corrent position (Gou Hao) - ARM: 9321/1: memset: cast the constant byte to unsigned char (Kursad Oney) - hwrng: geode - fix accessing registers (Jonas Gorski) - firmware: ti_sci: Mark driver as non removable (Dhruva Gole) - ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator (Krzysztof Kozlowski) - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (Christophe JAILLET) - drm/radeon: possible buffer overflow (Konstantin Meskhidze) - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (Jonas Karlman) - platform/x86: wmi: Fix probe failure when failing to register WMI devices (Armin Wolf) - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (Dan Carpenter) - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (Devi Priya) - ipv6: avoid atomic fragment on GSO packets (Yan Zhai) - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (Christophe JAILLET) - thermal: core: prevent potential string overflow (Dan Carpenter) - wifi: rtlwifi: fix EDCA limit set by BT coexistence (Dmitry Antipov) - tcp_metrics: do not create an entry from tcp_init_metrics() (Eric Dumazet) - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() (Eric Dumazet) - i40e: fix potential memory leaks in i40e_remove() (Andrii Staikov) - LTS version: 4.14.329 (Yifei Liu) - tty: 8250: Add support for Intashield IS-100 (Cameron Williams) - tty: 8250: Add support for Brainboxes UP cards (Cameron Williams) - tty: 8250: Add support for additional Brainboxes UC cards (Cameron Williams) - tty: 8250: Remove UC-257 and UC-431 (Cameron Williams) - usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility (LihaSika) - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (Vicki Pfau) - remove the sx8 block driver (Christoph Hellwig) - ata: ahci: fix enum constants for gcc-13 (Arnd Bergmann) - net: chelsio: cxgb4: add an error code check in t4_load_phy_fw (Su Hui) - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (Hans de Goede) - scsi: mpt3sas: Fix in error path (Tomas Henzl) - fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (Jorge Maidana) - ASoC: rt5650: fix the wrong result of key button (Shuming Fan) - netfilter: nfnetlink_log: silence bogus compiler warning (Florian Westphal) - fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (Arnd Bergmann) - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (Dmitry Torokhov) - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (Zhang Shurong) - irqchip/stm32-exti: add missing DT IRQ flag translation (Ben Wolsieffer) - ASoC: simple-card: fixup asoc_simple_probe() error handling (Kuninori Morimoto) - x86: Fix .brk attribute in linker script (Juergen Gross) - rpmsg: Fix possible refcount leak in rpmsg_register_device_override() (Hangyu Hua) - rpmsg: glink: Release driver_override (Bjorn Andersson) - rpmsg: Fix calling device_lock() on non-initialized device (Krzysztof Kozlowski) - rpmsg: Fix kfree() of static memory on setting driver_override (Krzysztof Kozlowski) - driver: platform: Add helper for safer setting of driver_override (Krzysztof Kozlowski) - x86/mm: Fix RESERVE_BRK() for older binutils (Josh Poimboeuf) - x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) - x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility (Thomas Gleixner) - nfsd: lock_rename() needs both directories to live on the same fs (Al Viro) - f2fs: fix to do sanity check on inode type during garbage collection (Chao Yu) - kobject: Fix slab-out-of-bounds in fill_kobj_path() (Wang Hai) - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (Lukasz Majczak) - ARM: 8933/1: replace Sun/Solaris style flag on section directive (Nick Desaulniers) - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina) - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (Herve Codina) - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina) - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (Ivan Vecera) - gtp: uapi: fix GTPA_MAX (Pablo Neira Ayuso) - tcp: fix wrong RTO timeout when received SACK reneging (Fred Chen) - r8152: Increase USB control msg timeout to 5000ms as per spec (Douglas Anderson) - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (Mateusz Palczewski) - treewide: Spelling fix in comment (Kunwu Chan) - virtio_balloon: Fix endless deflation and inflation on arm64 (Gavin Shan) - mcb-lpc: Reallocate memory region to avoid memory overlapping (RodrÃguez Barbarin, José Javier) - mcb: Return actual parsed size when reading chameleon table (RodrÃguez Barbarin, José Javier) [4.14.35-2047.533.1.el7uek] - vhost-scsi: fix vqs allocation memory corruption (Dongli Zhang) [Orabug: 36110885] - xfs: try to avoid allocation blocking on busy extents (Mark Tinguely) [Orabug: 35960820] - KVM: x86: Don't unnecessarily force masterclock update on vCPU hotplug (Sean Christopherson) [Orabug: 35910097] [4.14.35-2047.532.3.el7uek] - Revert "mmc: core: Capture correct oemid-bits for eMMC cards" (Dominique Martinet) - media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil) - perf/core: Fix potential NULL deref (Peter Zijlstra) [4.14.35-2047.532.2.el7uek] - x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl (Andrea Arcangeli) [Orabug: 35905888] - LTS version: 4.14.328 (Saeed Mirzamohammadi) - Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz) - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook) - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD) - gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen) - s390/pci: fix iommu bitmap allocation (Niklas Schnelle) - perf: Disallow mis-matched inherited group reads (Saeed Mirzamohammadi) - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu) - USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoît Monin) - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda) - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L) - Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (Andy Shevchenko) - mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman) - sky2: Make sure there is at least one frag_addr available (Kees Cook) - wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg) - wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong) - Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz) - Bluetooth: Avoid redundant authentication (Ying Hsu) - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke) - tracing: relax trace_event_eval_update() execution with cond_resched() (Clément Léger) - ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal) - gpio: timberdale: Fix potential deadlock on &tgpio->lock (Chengfeng Ye) - overlayfs: set ctime when setting mtime and atime (Jeff Layton) - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit) - btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik) - ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren) - i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt) - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter) - net: rfkill: gpio: prevent value glitch during probe (Josua Mayer) - net: ipv6: fix return value check in esp_remove_trailer (Ma Ke) - net: ipv4: fix return value check in esp_remove_trailer (Ma Ke) - xfrm: fix a data-race in xfrm_gen_index() (Saeed Mirzamohammadi) - netfilter: nft_payload: fix wrong mac header matching (Florian Westphal) - KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson) - regmap: fix NULL deref on lookup (Johan Hovold) - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski) - Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann) - Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz) - Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy) - Bluetooth: Fix a refcnt underflow problem for hci_conn (Ziyang Xuan) - Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi) - Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi) - usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Cañuelo) - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD)) - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (Krishna Kurapati) - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta) - pinctrl: avoid unsafe code pattern in find_pinctrl() (Dmitry Torokhov) - cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutný) - Input: xpad - add PXN V900 support (Matthias Berndt) - Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco) - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li) - mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia) - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl) - iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell) - usb: musb: Modify the "HWVers" register address (Xingxing Luo) - usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo) - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (Javier Carrasco) - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng) - workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long) - nfc: nci: assert requested protocol is valid (Jeremy Cline) - ixgbe: fix crash with empty VF macvlan list (Dan Carpenter) - drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu) - drm: etvnaviv: fix bad backport leading to warning (Martin Fuzzey) - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede) - RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev) - LTS version: 4.14.327 (Saeed Mirzamohammadi) - parisc: Restore __ldcw_align for PA-RISC 2.0 processors (John David Anglin) - RDMA/mlx5: Fix NULL string error (Shay Drory) - RDMA/cma: Fix truncation compilation warning in make_cma_ports (Leon Romanovsky) - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (Bartosz Golaszewski) - IB/mlx4: Fix the size of a buffer in add_port_entries() (Christophe JAILLET) - cpupower: add Makefile dependencies for install targets (Ivan Babrou) - sctp: update hb timer immediately after users change hb_interval (Xin Long) - sctp: update transport state when processing a dupcook packet (Xin Long) - tcp: fix delayed ACKs for MSS boundary condition (Neal Cardwell) - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida) - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (David Howells) - modpost: add missing else to the "of" check (Mauricio Faria de Oliveira) - scsi: target: core: Fix deadlock due to recursive locking (Junxiao Bi) - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (Richard Fitzgerald) - drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() (Alexandra Diupina) - ubi: Refuse attaching if mtd's erasesize is 0 (Zhihao Cheng) - wifi: mwifiex: Fix tlv_buf_left calculation (Gustavo A. R. Silva) - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (Dinghao Liu) - media: dvb: symbol fixup for dvb_attach() - again (Greg Kroah-Hartman) - ata: libata: disallow dev-initiated LPM transitions to unsupported states (Niklas Cassel) - net/sched: sch_hfsc: Ensure inner classes have fsc curve (Budimir Markovic) [Orabug: 35810543] {CVE-2023-4623} - ext4: fix rec_len verify error (Shida Zhang) - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (George Kennedy) - fs: binfmt_elf_efpic: fix personality for ELF-FDPIC (Greg Ungerer) - ata: libata-sata: increase PMP SRST timeout to 10s (Matthias Schiffer) - ata: libata-core: Fix port and device removal (Damien Le Moal) - ata: libata-core: Fix ata_port_request_pm() locking (Damien Le Moal) - btrfs: properly report 0 avail for very full file systems (Josef Bacik) - i2c: i801: unregister tco_pdev in i801_probe() error path (Heiner Kallweit) - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (Niklas Cassel) - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (Pan Bian) - serial: 8250_port: Check IRQ data before use (Andy Shevchenko) - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (Mika Westerberg) - watchdog: iTCO_wdt: No need to stop the timer in probe (Mika Westerberg) - ata: libahci: clear pending interrupt status (Szuying Chen) - ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones (Hannes Reinecke) - fbdev/sh7760fb: Depend on FB=y (Thomas Zimmermann) - ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() (Niklas Cassel) - ring-buffer: Avoid softlockup in ring_buffer_resize() (Zheng Yejian) - selftests/ftrace: Correctly enable event in instance-event.tc (Zheng Yejian) - parisc: irq: Make irq_stack_union static to avoid sparse warning (Helge Deller) - parisc: iosapic.c: Fix sparse warnings (Helge Deller) - parisc: sba: Fix compile warning wrt list of SBA devices (Helge Deller) - xtensa: boot/lib: fix function prototypes (Max Filippov) - xtensa: boot: don't add include-dirs (Randy Dunlap) - clk: tegra: fix error return case for recalc_rate (Timo Alho) - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (Xiaoke Wang) - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (Christophe JAILLET) - team: fix null-ptr-deref when team device type is changed (Ziyang Xuan) - powerpc/perf/hv-24x7: Update domain value check (Kajol Jain) - ipv4: fix null-deref in ipv4_link_failure (Kyle Zeng) - NFS/pNFS: Report EINVAL errors from connect() to the server (Trond Myklebust) [4.14.35-2047.532.1.el7uek] - rds/ib: Preserve dest qp num in the connect request (Arumugam Kolappan) [Orabug: 35649849] - rds: Provision to allow all trace points at module load time (Arumugam Kolappan) [Orabug: 35355776] [4.14.35-2047.531.2.el7uek] - rtnetlink: Reject negative ifindexes in RTM_NEWLINK (Ido Schimmel) [Orabug: 35867429] - Revert "rtnetlink: Reject negative ifindexes in RTM_NEWLINK" (Boris Ostrovsky) [Orabug: 35867429] - rds: Add proper refcnt when an RDS MR references an RDS Socket (HÃ¥kon Bugge) [Orabug: 35836950] - rds: Check for UAF in rds_destroy_mr (HÃ¥kon Bugge) [Orabug: 35836950] - xfs: reserve less log space when recovering log intent items (Darrick J. Wong) [Orabug: 35587163] - xfs: reserve blocks for refcount / rmap log item recovery (Darrick J. Wong) [Orabug: 35587163] - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (Pin-yen Lin) - dccp: fix dccp_v4_err()/dccp_v6_err() again (Eric Dumazet) [4.14.35-2047.531.1.el7uek] - ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block (Gautham Ananthakrishna) [Orabug: 35859332] - bnxt_en: fix NULL dereference in bnxt_flash_package_from_file() (Samasth Norway Ananda) [Orabug: 35848949] - LTS version: v4.14.326 (Saeed Mirzamohammadi) - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814287] {CVE-2023-4207} - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (William Zhang) - mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller (William Zhang) - mtd: rawnand: brcmnand: Fix potential false time out warning (William Zhang) - mtd: rawnand: brcmnand: Fix crash during the panic_write (William Zhang) - nfsd: fix change_info in NFSv4 RENAME replies (Jeff Layton) - btrfs: fix lockdep splat and potential deadlock after failure running delayed items (Filipe Manana) - attr: block mode changes of symlinks (Christian Brauner) - md/raid1: fix error: ISO C90 forbids mixed declarations (Nigel Croxon) - kobject: Add sanity check for kset->kobj.ktype in kset_register() (Zhen Lei) - serial: cpm_uart: Avoid suspicious locking (Christophe Leroy) - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (Konstantin Shelekhin) - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (Ma Ke) - media: pci: cx23885: replace BUG with error return (Hans Verkuil) - media: tuners: qt1010: replace BUG_ON with a regular error (Hans Verkuil) - iio: core: Use min() instead of min_t() to make code more robust (Andy Shevchenko) - media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() (Zhang Shurong) - media: anysee: fix null-ptr-deref in anysee_master_xfer (Zhang Shurong) - media: af9005: Fix null-ptr-deref in af9005_i2c_xfer (Zhang Shurong) - media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() (Zhang Shurong) - media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (Zhang Shurong) - powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (ruanjinjie) - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (Liu Shixin via Jfs-discussion) - fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (Andrew Kanner) - ext2: fix datatype of block number in ext2_xattr_set2() (Georg Ottinger) - md: raid1: fix potential OOB in raid1_remove_disk() (Zhang Shurong) - drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (Tuo Li) - alx: fix OOB-read compiler warning (GONG, Ruiqi) - tpm_tis: Resend command to recover from data transfer errors (Alexander Steffen) - crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (Mark O'Donovan) - wifi: mwifiex: fix fortify warning (Dmitry Antipov) - wifi: ath9k: fix printk specifier (Dongliang Mu) - hw_breakpoint: fix single-stepping when using bpf_overflow_handler (Tomislav Novak) - ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (Jiri Slaby (SUSE)) - ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (Abhishek Mainkar) - btrfs: output extra debug info if we failed to find an inline backref (Qu Wenruo) - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (Fedor Pchelkin) - parisc: Drop loops_per_jiffy from per_cpu struct (Helge Deller) - kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). (Kuniyuki Iwashima) - ixgbe: fix timestamp configuration code (Vadim Fedorenko) - kcm: Fix memory leak in error path of kcm_sendmsg() (Shigeru Yoshida) - net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() (Hangyu Hua) - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (Damien Le Moal) - ata: sata_gemini: Add missing MODULE_DESCRIPTION (Damien Le Moal) - igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (Olga Zaborska) - igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (Olga Zaborska) - kcm: Destroy mutex in kcm_exit_net() (Shigeru Yoshida) - net: sched: sch_qfq: Fix UAF in qfq_dequeue() (valis) [Orabug: 35814456] {CVE-2023-4921} - af_unix: Fix data race around sk->sk_err. (Kuniyuki Iwashima) - af_unix: Fix data-races around sk->sk_shutdown. (Kuniyuki Iwashima) - af_unix: Fix data-race around unix_tot_inflight. (Kuniyuki Iwashima) - af_unix: Fix data-races around user->unix_inflight. (Kuniyuki Iwashima) - net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr (Alex Henrie) - igb: disable virtualization features on 82580 (Corinna Vinschen) - net: read sk->sk_family once in sk_mc_loop() (Eric Dumazet) - pwm: lpc32xx: Remove handling of PWM channels (Vladimir Zapolskiy) - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (Raag Jadav) - x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() (Sean Christopherson) - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (Fedor Pchelkin) - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (Dmitry Baryshkov) - parisc: led: Reduce CPU overhead for disk & lan LED computation (Helge Deller) - parisc: led: Fix LAN receive and transmit LEDs (Helge Deller) - drm/ast: Fix DRAM init on AST2200 (Thomas Zimmermann) - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (Thomas Zimmermann) - scsi: qla2xxx: Turn off noisy message log (Quinn Tran) - scsi: qla2xxx: fix inconsistent TMF timeout (Quinn Tran) - crypto: stm32 - fix loop iterating through scatterlist for DMA (Thomas Bourgoin) - pstore/ram: Check start of empty przs during init (Enlin Mu) - net: handle ARPHRD_PPP in dev_is_mac_header_xmit() (Nicolas Dichtel) - X.509: if signature is unsupported skip validation (Thore Sommer) - dccp: Fix out of bounds access in DCCP error handler (Jann Horn) - parisc: Fix /proc/cpuinfo output for lscpu (Helge Deller) - procfs: block chmod on /proc/thread-self/comm (Aleksa Sarai) - Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" (Bjorn Helgaas) - ntb: Fix calculation ntb_transport_tx_free_entry() (Dave Jiang) - ntb: Clean up tx tail index on link down (Dave Jiang) - ntb: Drop packets when qp link is down (Dave Jiang) - media: dvb: symbol fixup for dvb_attach() (Greg Kroah-Hartman) - backlight/lv5207lp: Compare against struct fb_info.device (Thomas Zimmermann) - backlight/bd6107: Compare against struct fb_info.device (Thomas Zimmermann) - backlight/gpio_backlight: Compare against struct fb_info.device (Thomas Zimmermann) - ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() (Gustavo A. R. Silva) - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (Takashi Iwai) - PM / devfreq: Fix leak in devfreq_dev_release() (Boris Brezillon) - igb: set max size RX buffer when store bad packet is enabled (Radoslaw Tyl) [Orabug: 35924097] {CVE-2023-45871} - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU (Eric Dumazet) [Orabug: 35924001] {CVE-2023-42752} - dmaengine: ste_dma40: Add missing IRQ check in d40_probe (ruanjinjie) - rpmsg: glink: Add check for kstrdup (Jiasheng Jiang) - HID: multitouch: Correct devm device reference for hidinput input_dev name (Rahul Rameshbabu) - Revert "IB/isert: Fix incorrect release of isert connection" (Leon Romanovsky) - amba: bus: fix refcount leak (Peng Fan) - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (Yi Yang) - scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (Chengfeng Ye) - scsi: core: Use 32-bit hostnum in scsi_host_lookup() (Tony Battersby) - cgroup:namespace: Remove unused cgroup_namespaces_init() (Lu Jialin) - USB: gadget: f_mass_storage: Fix unused variable warning (Alan Stern) - media: go7007: Remove redundant if statement (Colin Ian King) - dma-buf/sync_file: Fix docs syntax (Rob Clark) - scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (Oleksandr Natalenko) - scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (Oleksandr Natalenko) - x86/APM: drop the duplicate APM_MINOR_DEV macro (Randy Dunlap) - scsi: qla4xxx: Add length check when parsing nlattrs (Lin Ma) - scsi: be2iscsi: Add length check when parsing nlattrs (Lin Ma) - scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (Lin Ma) - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (Xu Yang) - media: mediatek: vcodec: Return NULL if no vdec_fb is found (Irui Wang) - media: cx24120: Add retval check for cx24120_message_send() (Daniil Dulov) - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (Christophe JAILLET) - media: dib7000p: Fix potential division by zero (Daniil Dulov) - drivers: usb: smsusb: fix error handling code in smsusb_init_device (Dongliang Mu) - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (Chuck Lever) - fs: lockd: avoid possible wrong NULL parameter (Su Hui) - jfs: validate max amount of blocks before allocation. (Alexei Filippov) - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (Russell Currey) - nfs/blocklayout: Use the passed in gfp flags (Dan Carpenter) - wifi: ath10k: Use RMW accessors for changing LNKCTL (Ilpo Järvinen) - PCI: pciehp: Use RMW accessors for changing LNKCTL (Ilpo Järvinen) - PCI: Mark NVIDIA T4 GPUs to avoid bus reset (Wu Zongyong) - clk: sunxi-ng: Modify mismatched function name (Zhang Jianhua) - drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (Minjie Du) - ALSA: ac97: Fix possible error value of *rac97 (Su Hui) - audit: fix possible soft lockup in __audit_inode_child() (Gaosheng Cui) - smackfs: Prevent underflow in smk_set_cipso() (Dan Carpenter) - of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() (Ruan Jinjie) - drm: adv7511: Fix low refresh rate register for ADV7533/5 (Bogdan Togorean) - ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) (Krzysztof Kozlowski) - ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) (Krzysztof Kozlowski) - ARM: dts: BCM53573: Add cells sizes to PCIe node (RafaÅ MiÅecki) - netrom: Deny concurrent connect(). (Kuniyuki Iwashima) - net: arcnet: Do not call kfree_skb() under local_irq_disable() (Jinjie Ruan) - wifi: ath9k: use IS_ERR() with debugfs_create_dir() (Wang Ming) - wifi: mwifiex: avoid possible NULL skb pointer dereference (Dmitry Antipov) - wifi: ath9k: protect WMI command response buffer replacement with a lock (Fedor Pchelkin) - wifi: mwifiex: Fix missed return in oob checks failed path (Polaris Pi) - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (Dmitry Antipov) - fs: ocfs2: namei: check return value of ocfs2_add_entry() (Artem Chernyshev) - lwt: Check LWTUNNEL_XMIT_CONTINUE strictly (Yan Zhai) - crypto: caam - fix unchecked return value error (Gaurav Jain) - net: tcp: fix unexcepted socket die when snd_wnd is 0 (Menglong Dong) - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (Yuanjun Gong) - wifi: mwifiex: Fix OOB and integer underflow when rx packets (Polaris Pi) - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (Marc Kleine-Budde) - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (Zhang Shurong) - regmap: rbtree: Use alloc_flags for memory allocations (Dan Carpenter) - cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() (Liao Chang) - fs: Fix error checking for d_hash_and_lookup() (Wang Ming) - reiserfs: Check the return value from __getblk() (Matthew Wilcox) - Revert "net: macsec: preserve ingress frame ordering" (Sabrina Dubroca) - udf: Handle error when adding extent to a file (Jan Kara) - udf: Check consistency of Space Bitmap Descriptor (Vladislav Efanov) - powerpc/32s: Fix assembler warning about r0 (Christophe Leroy) - powerpc/32: Include .branch_lt in data section (Joel Stanley) - ALSA: seq: oss: Fix racy open/close of MIDI devices (Takashi Iwai) - cifs: add a warning when the in-flight count goes negative (Shyam Prasad N) - sctp: handle invalid error codes without calling BUG() (Dan Carpenter) - bnx2x: fix page fault following EEH recovery (David Christensen) - netlabel: fix shift wrapping bug in netlbl_catmap_setlong() (Dmitry Mastykin) - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (Chengfeng Ye) - idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM (Baoquan He) - net: usb: qmi_wwan: add Quectel EM05GV2 (Martin Kohn) - security: keys: perform capable check only on privileged operations (Christian Göttsche) - ASoc: codecs: ES8316: Fix DMIC config (Edgar) - fs/nls: make load_nls() take a const parameter (Saeed Mirzamohammadi) - s390/dasd: use correct number of retries for ERP requests (Stefan Haberland) - m68k: Fix invalid .section syntax (Ben Hutchings) - ethernet: atheros: fix return value check in atl1c_tso_csum() (Yuanjun Gong) - ASoC: da7219: Flush pending AAD IRQ when suspending (Dmytro Maluka) - 9p: virtio: make sure 'offs' is initialized in zc_request (Dominique Martinet) - lib/ubsan: remove returns-nonnull-attribute checks (Andrey Ryabinin) - pinctrl: amd: Don't show Invalid config param errors (Mario Limonciello) - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (Ryusuke Konishi) - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi) - serial: sc16is7xx: fix bug when first setting GPIO direction (Hugo Villeneuve) - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (Zheng Wang) [Orabug: 35282808] {CVE-2023-1989} - HID: wacom: remove the battery when the EKR is off (Aaron Armstrong Skomra) - USB: serial: option: add FOXCONN T99W368/T99W373 product (Slark Xiao) - USB: serial: option: add Quectel EM05G variant (0x030e) (Martin Kohn) - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules (Christoph Hellwig) - rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff (Christoph Hellwig) - mmc: au1xmmc: force non-modular build and remove symbol_get usage (Christoph Hellwig) - ARM: pxa: remove use of symbol_get() (Arnd Bergmann) [4.14.35-2047.530.5.el7uek] - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) [Orabug: 35824288] {CVE-2023-42753} - netfilter: xt_u32: validate user space input (Wander Lairson Costa) [Orabug: 35923468] {CVE-2023-39192} - netfilter: xt_sctp: validate the flag_info count (Wander Lairson Costa) [Orabug: 35923499] {CVE-2023-39193} [4.14.35-2047.530.4.el7uek] - rds: Fix lack of reentrancy for connection reset with dst addr zero (HÃ¥kon Bugge) [Orabug: 35819110] {CVE-2023-22024} - kernfs: fix missing kernfs_iattr_rwsem locking (Ian Kent) [Orabug: 35796772] - uek-rpm: Removing pre scriptlet to not allow firmware downgrade (Samasth Norway Ananda) [Orabug: 35756463] - scsi: megaraid_sas: Fix deadlock on firmware crashdump (Junxiao Bi) [Orabug: 35702793] [4.14.35-2047.530.3.el7uek] - Add the new PCI Device IDs to support new generation of AMD 19h processors. (Partha Sarathi Satapathy) [Orabug: 35773822] - hwmon: (k10temp) Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (Babu Moger) [Orabug: 35773822] [4.14.35-2047.530.2.el7uek] - LTS version: v4.14.325 (Saeed Mirzamohammadi) - Revert "ARM: ep93xx: fix missing-prototype warnings" (Greg Kroah-Hartman) - Revert "MIPS: Alchemy: fix dbdma2" (Greg Kroah-Hartman) - LTS version: v4.14.324 (Saeed Mirzamohammadi) - dma-buf/sw_sync: Avoid recursive lock during fence signal (Rob Clark) - scsi: core: raid_class: Remove raid_component_add() (Zhu Wang) - scsi: snic: Fix double free in snic_tgt_create() (Zhu Wang) - rtnetlink: Reject negative ifindexes in RTM_NEWLINK (Ido Schimmel) - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (Feng Tang) - media: vcodec: Fix potential array out-of-bounds in encoder queue_setup (Wei Chen) - lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels (Helge Deller) - batman-adv: Fix batadv_v_ogm_aggr_send memory leak (Remi Pommarel) - batman-adv: Fix TT global entry leak when client roamed back (Remi Pommarel) - batman-adv: Do not get eth header before batadv_check_management_packet (Remi Pommarel) - batman-adv: Trigger events for auto adjusted MTU (Sven Eckelmann) - ibmveth: Use dcbf rather than dcbfl (Michael Ellerman) - ipvs: fix racy memcpy in proc_do_sync_threshold (Sishuai Gong) - ipvs: Improve robustness to the ipvs sysctl (Junwei Hu) - igb: Avoid starting unnecessary workqueues (Alessio Igor Bogani) - sock: annotate data-races around prot->memory_pressure (Eric Dumazet) - tracing: Fix memleak due to race between current_tracer and trace (Zheng Yejian) - net: phy: broadcom: stub c45 read/write for 54810 (Justin Chen) - net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure (Lin Ma) - net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled (Jason Xing) - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Kuniyuki Iwashima) [Orabug: 35814409] {CVE-2023-4622} - ASoC: rt5665: add missed regulator_bulk_disable (Zhang Shurong) - netfilter: set default timeout to 3 secs for sctp shutdown send and recv state (Xin Long) - test_firmware: prevent race conditions by a correct implementation of locking (Mirsad Goran Todorovac) - binder: fix memory leak in binder_init() (Qi Zheng) - serial: 8250: Fix oops for port->pm on uart_change_pm() (Tony Lindgren) - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (Yang Yingliang) - cifs: Release folio lock on fscache read hit. (Russell Harmon via samba-technical) - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. (dengxiang) - net: do not allow gso_size to be set to GSO_BY_FRAGS (Eric Dumazet) - sock: Fix misuse of sk_under_memory_pressure() (Abel Wu) - i40e: fix misleading debug logs (Andrii Staikov) - team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves (Ziyang Xuan) - netfilter: nft_dynset: disallow object maps (Pablo Neira Ayuso) - xfrm: add NULL check in xfrm_update_ae_params (Lin Ma) [Orabug: 35754508] {CVE-2023-3772} - ip_vti: fix potential slab-use-after-free in decode_session6 (Zhengchao Shao) - ip6_vti: fix slab-use-after-free in decode_session6 (Zhengchao Shao) - net: af_key: fix sadb_x_filter validation (Lin Ma) - net: xfrm: Fix xfrm_address_filter OOB read (Lin Ma) [Orabug: 35923516] {CVE-2023-39194} - fbdev: mmp: fix value check in mmphw_probe() (Yuanjun Gong) - drm/amdgpu: Fix potential fence use-after-free v2 (shanzhulig) - Bluetooth: L2CAP: Fix use-after-free (Zhengping Jiang) - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (Armin Wolf) - gfs2: Fix possible data races in gfs2_show_options() (Tuo Li) - media: platform: mediatek: vpu: fix NULL ptr dereference (Hans Verkuil) - media: v4l2-mem2mem: add lock to protect parameter num_rdy (Yunfei Dong) - FS: JFS: Check for read-only mounted filesystem in txBegin (Immad Mir) - FS: JFS: Fix null-ptr-deref Read in txBegin (Immad Mir) - MIPS: dec: prom: Address -Warray-bounds warning (Gustavo A. R. Silva) - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (Yogesh) - udf: Fix uninitialized array access for some pathnames (Jan Kara) - quota: fix warning in dqgrab() (Ye Bin) - quota: Properly disable quotas when add_dquot_ref() fails (Jan Kara) - ALSA: emu10k1: roll up loops in DSP setup code for Audigy (Oswald Buddenhagen) - drm/radeon: Fix integer overflow in radeon_cs_parser_init (hackyzh002) - lib/mpi: Eliminate unused umul_ppmm definitions for MIPS (Nathan Chancellor) - LTS version: v4.14.323 (Saeed Mirzamohammadi) - alpha: remove __init annotation from exported page_is_ram() (Masahiro Yamada) - scsi: core: Fix possible memory leak if device_add() fails (Zhu Wang) - scsi: snic: Fix possible memory leak if device_add() fails (Zhu Wang) - scsi: 53c700: Check that command slot is not NULL (Alexandra Diupina) - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (Michael Kelley) - scsi: core: Fix legacy /proc parsing buffer overflow (Tony Battersby) - netfilter: nf_tables: report use refcount overflow (Pablo Neira Ayuso) - btrfs: don't stop integrity writeback too early (Christoph Hellwig) - IB/hfi1: Fix possible panic during hotplug remove (Douglas Miller) - drivers: net: prevent tun_build_skb() to exceed the packet size limit (Andrew Kanner) - dccp: fix data-race around dp->dccps_mss_cache (Eric Dumazet) - bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves (Ziyang Xuan) - net/packet: annotate data-races around tp->status (Eric Dumazet) - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (Karol Herbst) - x86/mm: Fix VDSO and VVAR placement on 5-level paging machines (Kirill A. Shutemov) - usb: dwc3: Properly handle processing of pending events (Elson Roy Serrao) - usb-storage: alauda: Fix uninit-value in alauda_check_media() (Alan Stern) - iio: cros_ec: Fix the allocation size for cros_ec_command (Yiyuan Guo) - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (Mirsad Goran Todorovac) - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (Ryusuke Konishi) - radix tree test suite: fix incorrect allocation size for pthreads (Colin Ian King) - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (Ilpo Järvinen) - ipv6: adjust ndisc_is_useropt() to also return true for PIO (Maciej Å»enczykowski) - mmc: moxart: read scr register without changing byte order (Sergei Antonov) - sparc: fix up arch_cpu_finalize_init() build breakage. (Greg Kroah-Hartman) [4.14.35-2047.530.1.el7uek] - rds: Remove gratuitous include of time.h from rds.h (Mark Haywood) [Orabug: 35742762] - smp: Reduce NMI traffic from CSD waiters to CSD destination (Imran Khan) [Orabug: 35236407] - smp: Reduce logging due to dump_stack of CSD waiters (Imran Khan) [Orabug: 35236407] [4.14.35-2047.529.3.el7uek] - uek-rpm: Update kernel linux-firmware dependency to 20230516-999.26.git6c9e0ed5. (Somasundaram Krishnasamy) [Orabug: 35724203] - LTS version: v4.14.322 (Saeed Mirzamohammadi) - drm/edid: fix objtool warning in drm_cvt_modes() (Linus Torvalds) - mtd: rawnand: omap_elm: Fix incorrect type in assignment (Roger Quadros) - test_firmware: fix a memory leak with reqs buffer (Mirsad Goran Todorovac) - ext2: Drop fragment support (Jan Kara) - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (Alan Stern) - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Sungwoo Kim) [Orabug: 35814477] {CVE-2023-40283} - fs/sysv: Null check to prevent null-ptr-deref bug (Prince Kumar Maurya) - USB: zaurus: Add ID for A-300/B-500/C-700 (Ross Maynard) - libceph: fix potential hang in ceph_osdc_notify() (Ilya Dryomov) - loop: Select I/O scheduler 'none' from inside add_disk() (Bart Van Assche) - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_net (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_vals[] (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_lock (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_stamp (Eric Dumazet) - tcp_metrics: fix addr_same() helper (Eric Dumazet) - ip6mr: Fix skb_under_panic in ip6mr_cache_report() (Yue Haibing) - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35707465] {CVE-2023-4206} - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814296] {CVE-2023-4208} - net: add missing data-race annotation for sk_ll_usec (Eric Dumazet) - net: add missing data-race annotations around sk->sk_peek_off (Eric Dumazet) - perf test uprobe_from_different_cu: Skip if there is no gcc (Georg Müller) - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (Yuanjun Gong) - word-at-a-time: use the same return type for has_zero regardless of endianness (ndesaulniers@google.com) - perf: Fix function pointer case (Peter Zijlstra) - net/sched: cls_u32: Fix reference counter leak leading to overflow (Lee Jones) [Orabug: 35635632] {CVE-2023-3609} - net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Pedro Tammela) [Orabug: 35636290] {CVE-2023-3611} - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (M A Ramdhan) [Orabug: 35636312] {CVE-2023-3776} - drm/client: Fix memory leak in drm_client_target_cloned (Jocelyn Falempe) - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress (Joe Thornber) - ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (Mark Brown) - s390/dasd: fix hanging device after quiesce/resume (Stefan Haberland) - irq-bcm6345-l1: Do not assume a fixed block to cpu mapping (Jonas Gorski) - tpm_tis: Explicitly check for error code (Alexander Steffen) - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (Gilles Buloz) - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (Zhang Shurong) - Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group (Greg Kroah-Hartman) - usb: xhci-mtk: set the dma max_seg_size (Ricardo Ribalda) - usb: ohci-at91: Fix the unhandle interrupt when resume (Guiting Shen) - can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (Marc Kleine-Budde) - USB: serial: simple: sort driver entries (Johan Hovold) - USB: serial: simple: add Kaufmann RKS+CAN VCP (Oliver Neukum) - USB: serial: option: add Quectel EC200A module support (Mohsen Tahmasebi) - USB: serial: option: support Quectel EM060K_128 (Jerry Meng) - tracing: Fix warning in trace_buffered_event_disable() (Zheng Yejian) - ring-buffer: Fix wrong stat of cpu_buffer->read (Zheng Yejian) - ata: pata_ns87415: mark ns87560_tf_read static (Arnd Bergmann) - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (Yu Kuai) - block: Fix a source code comment in include/uapi/linux/blkzoned.h (Bart Van Assche) - ASoC: fsl_spdif: Silence output on stop (Matus Gajdos) - benet: fix return value check in be_lancer_xmit_workarounds() (Yuanjun Gong) - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (Maxim Mikityanskiy) - team: reset team's flags when down link is P2P device (Hangbin Liu) - bonding: reset bond's flags when down link is P2P device (Hangbin Liu) - tcp: Reduce chance of collisions in inet6_hashfn(). (Stewart Smith) [Orabug: 35754476] {CVE-2023-1206} - ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address (Maciej Å»enczykowski) - ethernet: atheros: fix return value check in atl1e_tso_csum() (Yuanjun Gong) - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (Wang Ming) - gpio: tps68470: Make tps68470_gpio_output() always set the initial value (Hans de Goede) - tcp: annotate data-races around fastopenq.max_qlen (Eric Dumazet) - tcp: annotate data-races around tp->notsent_lowat (Eric Dumazet) - tcp: annotate data-races around rskq_defer_accept (Eric Dumazet) - netfilter: nf_tables: fix spurious set element insertion failure (Florian Westphal) - llc: Don't drop packet from non-root netns. (Kuniyuki Iwashima) - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (Zhang Shurong) - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() (Tanmay Patil) - pinctrl: amd: Use amd_pinconf_set() for all config options (Mario Limonciello) - fbdev: imxfb: warn about invalid left/right margin (Martin Kaiser) - spi: bcm63xx: fix max prepend length (Jonas Gorski) - igb: Fix igb_down hung on surprise removal (Ying Hsu) - wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() (Gustavo A. R. Silva) - bpf: Address KCSAN report on bpf_lru_list (Martin KaFai Lau) - sched/fair: Don't balance task to its current running CPU (Yicong Yang) - posix-timers: Ensure timer ID search-loop limit is valid (Saeed Mirzamohammadi) - md/raid10: prevent soft lockup while flush writes (Yu Kuai) - md: fix data corruption for raid456 when reshape restart while grow up (Yu Kuai) - nbd: Add the maximum limit of allocated index in nbd_dev_add (Zhong Jinghua) - debugobjects: Recheck debug_objects_enabled before reporting (Tetsuo Handa) - ext4: correct inline offset when handling xattrs in inode body (Eric Whitney) - can: bcm: Fix UAF in bcm_proc_show() (YueHaibing) - fuse: revalidate: don't invalidate if interrupted (Miklos Szeredi) - perf probe: Add test for regression introduced by switch to die_get_decl_file() (Georg Müller) - serial: atmel: don't enable IRQs prematurely (Dan Carpenter) - scsi: qla2xxx: Pointer may be dereferenced (Shreyas Deodhar) - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (Nilesh Javali) - scsi: qla2xxx: Fix potential NULL pointer dereference (Bikash Hazarika) - scsi: qla2xxx: Wait for io return on terminate rport (Quinn Tran) - xtensa: ISS: fix call to split_if_spec (Max Filippov) - ring-buffer: Fix deadloop issue on reading trace_pipe (Zheng Yejian) - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (Christophe JAILLET) - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (Christophe JAILLET) - Revert "8250: add support for ASIX devices with a FIFO bug" (Jiaqing Zhao) - meson saradc: fix clock divider mask length (George Stark) - hwrng: imx-rngc - fix the timeout for init and self check (Martin Kaiser) - fs: dlm: return positive pid value for F_GETLK (Alexander Aring) - md/raid0: add discard support for the 'original' layout (Jason Baron) - misc: pci_endpoint_test: Re-init completion for every test (Damien Le Moal) - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (Robin Murphy) - jfs: jfs_dmap: Validate db_l2nbperpage while mounting (Siddh Raman Pant) - ext4: only update i_reserved_data_blocks on successful block allocation (Baokun Li) - ext4: fix wrong unit use in ext4_mb_clear_bb (Kemeng Shi) - perf intel-pt: Fix CYC timestamps after standalone CBR (Adrian Hunter) - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (Ding Hui) - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (Jarkko Sakkinen) - net/sched: make psched_mtu() RTNL-less safe (Pedro Tammela) - wifi: airo: avoid uninitialized warning in airo_get_rate() (Randy Dunlap) - ipv6/addrconf: fix a potential refcount underflow for idev (Ziyang Xuan) - NTB: ntb_transport: fix possible memory leak while device_register() fails (Yang Yingliang) - ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (Yuan Can) - NTB: amd: Fix error handling in amd_ntb_pci_driver_init() (Yuan Can) - ntb: idt: Fix error handling in idt_pci_driver_init() (Yuan Can) - udp6: fix udp6_ehashfn() typo (Eric Dumazet) - net: mvneta: fix txq_map in case of txq_number==1 (Klaus Kudielka) - workqueue: clean up WORK_* constant types, clarify masking (Linus Torvalds) - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Thadeu Lima de Souza Cascardo) [Orabug: 35609785] {CVE-2023-35001} - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (Florent Revest) - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (Pablo Neira Ayuso) - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (Pablo Neira Ayuso) [Orabug: 35550219] {CVE-2023-3390} - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE (Pablo Neira Ayuso) [Orabug: 35560845] {CVE-2023-3117} {CVE-2023-3390} - spi: spi-fsl-spi: allow changing bits_per_word while CS is still active (Rasmus Villemoes) - spi: spi-fsl-spi: relax message sanity checking a little (Rasmus Villemoes) - spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg (Rasmus Villemoes) - ARM: orion5x: fix d2net gpio initialization (Arnd Bergmann) - btrfs: fix race when deleting quota root from the dirty cow roots list (Filipe Manana) - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (Fabian Frederick) - integrity: Fix possible multiple allocation in integrity_inode_get() (Tianjia Zhang) - mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M (Robert Marko) - mmc: core: disable TRIM on Kingston EMMC04G-M627 (Robert Marko) - NFSD: add encoding of op_recall flag for write delegation (Dai Ngo) - sh: dma: Fix DMA channel offset calculation (Artur Rojek) - net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX (Lin Ma) - tcp: annotate data races in __tcp_oow_rate_limited() (Eric Dumazet) - net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode (Vladimir Oltean) - powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y (Randy Dunlap) - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (Nishanth Menon) - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (Jonas Gorski) - Add MODULE_FIRMWARE() for FIRMWARE_TG357766. (Tobias Heider) - sctp: fix potential deadlock on &net->sctp.addr_wq_lock (Chengfeng Ye) - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (Christophe JAILLET) - mfd: stmpe: Only disable the regulators if they are enabled (Christophe JAILLET) - mfd: intel-lpss: Add missing check for platform_get_resource (Jiasheng Jiang) - mfd: rt5033: Drop rt5033-battery sub-device (Stephan Gerhold) - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (Li Yang) - extcon: Fix kernel doc of property capability fields to avoid warnings (Andy Shevchenko) - extcon: Fix kernel doc of property fields to avoid warnings (Andy Shevchenko) - media: usb: siano: Fix warning due to null work_func_t function pointer (Duoming Zhou) [Orabug: 35686150] {CVE-2023-4132} - media: videodev2.h: Fix struct v4l2_input tuner index comment (Marek Vasut) - media: usb: Check az6007_read() return value (Daniil Dulov) - sh: j2: Use ioremap() to translate device tree address into kernel memory (John Paul Adrian Glaubitz) - w1: fix loop in w1_fini() (Dan Carpenter) - block: change all __u32 annotations to __be32 in affs_hardblocks.h (Michael Schmitz) - USB: serial: option: add LARA-R6 01B PIDs (Davide Tronchin) - modpost: fix off by one in is_executable_section() (Dan Carpenter) - modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} (Masahiro Yamada) - modpost: fix section mismatch message for R_ARM_ABS32 (Masahiro Yamada) - crypto: nx - fix build warnings when DEBUG_FS is not enabled (Randy Dunlap) - pinctrl: at91-pio4: check return value of devm_kasprintf() (Claudiu Beznea) - perf dwarf-aux: Fix off-by-one in die_get_varname() (Namhyung Kim) - pinctrl: cherryview: Return correct value if pin in push-pull mode (Andy Shevchenko) - PCI: Add pci_clear_master() stub for non-CONFIG_PCI (Sui Jingfeng) - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (Yuchen Yang) - ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (Su Hui) - drm/radeon: fix possible division-by-zero errors (Nikita Zhandarovich) - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (Christophe JAILLET) - soc/fsl/qe: fix usb.c build errors (Randy Dunlap) - ASoC: es8316: Increment max value for ALC Capture Target Volume control (Cristian Ciocaltea) - ARM: ep93xx: fix missing-prototype warnings (Arnd Bergmann) - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (Dario Binacchi) - Input: adxl34x - do not hardcode interrupt trigger type (Marek Vasut) - ARM: dts: BCM5301X: Drop "clock-names" from the SPI node (RafaÅ MiÅecki) - Input: drv260x - sleep between polling GO bit (Luca Weiss) - radeon: avoid double free in ci_dpm_init() (Nikita Zhandarovich) - netlink: Add __sock_i_ino() for __netlink_diag_dump(). (Kuniyuki Iwashima) - netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. (Ilia.Gavrilov) - lib/ts_bm: reset initial match offset for every block of text (Jeremy Sowden) - gtp: Fix use-after-free in __gtp_encap_destroy(). (Kuniyuki Iwashima) - netlink: do not hard code device address lenth in fdb dumps (Eric Dumazet) - netlink: fix potential deadlock in netlink_set_err() (Eric Dumazet) - wifi: ath9k: convert msecs to jiffies where needed (Dmitry Antipov) - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (Remi Pommarel) - memstick r592: make memstick_debug_get_tpc_name() static (Arnd Bergmann) - kexec: fix a memory leak in crash_shrink_memory() (Zhen Lei) - watchdog/perf: more properly prevent false positives with turbo modes (Douglas Anderson) - watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config (Douglas Anderson) - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (Fedor Pchelkin) - wifi: ray_cs: Fix an error handling path in ray_probe() (Christophe JAILLET) - wifi: wl3501_cs: Fix an error handling path in wl3501_probe() (Christophe JAILLET) - wifi: atmel: Fix an error handling path in atmel_probe() (Christophe JAILLET) - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (Christophe JAILLET) - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (Christophe JAILLET) - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (Fedor Pchelkin) - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (Peter Seiderer) - evm: Complete description of evm_inode_setattr() (Roberto Sassu) - PM: domains: fix integer overflow issues in genpd_parse_state() (Nikita Zhandarovich) - md/raid10: fix io loss while replacement replace rdev (Li Nan) - md/raid10: fix wrong setting of max_corr_read_errors (Li Nan) - md/raid10: fix overflow of md/safe_mode_delay (Li Nan) - treewide: Remove uninitialized_var() usage (Kees Cook) - drm/amdgpu: Validate VM ioctl flags. (Bas Nieuwenhuizen) - scripts/tags.sh: Resolve gtags empty index generation (Ahmed S. Darwish) - drm/edid: Fix uninitialized variable in drm_cvt_modes() (Lyude Paul) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (Zheng Wang) - x86/smp: Use dedicated cache-line for mwait_play_dead() (Thomas Gleixner) - x86/microcode/AMD: Load late on both threads too (Borislav Petkov (AMD)) - gfs2: Don't deref jdesc in evict (Bob Peterson) - LTS version: v4.14.321 (Saeed Mirzamohammadi) [4.14.35-2047.529.2.el7uek] - x86/cpu: persist X86_FEATURE_NT_GOOD for late reload (Ankur Arora) [Orabug: 35693947] - uek-rpm: Disable cls_tcindex in file tcindex-disable.conf (Sherry Yang) [Orabug: 35678739] - uek-rpm: Update kernel's linux-firmware dependency. (Somasundaram Krishnasamy) [Orabug: 35678693] - Revert "sched/fair: sanitize vruntime of entity being placed" (Saeed Mirzamohammadi) [Orabug: 35651310] - Revert "sched/fair: Sanitize vruntime of entity being migrated" (Saeed Mirzamohammadi) [Orabug: 35651310] - x86/microcode/AMD: Clean up per-family patch size checks (Borislav Petkov) [Orabug: 35643967] [4.14.35-2047.529.1.el7uek] - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (George Kennedy) [Orabug: 35649492] {CVE-2023-3567} - ocfs2: always read both high and low parts of dinode link count (Alexey Asemov) [Orabug: 35643004]
SRPMs
https://oss.oracle.com:443/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.533.3.el7uek.src.rpm
x86_64
aarch64
kernel-uek-4.14.35-2047.533.3.el7uek.aarch64.rpm kernel-uek-debug-4.14.35-2047.533.3.el7uek.aarch64.rpm kernel-uek-debug-devel-4.14.35-2047.533.3.el7uek.aarch64.rpm kernel-uek-devel-4.14.35-2047.533.3.el7uek.aarch64.rpm kernel-uek-tools-4.14.35-2047.533.3.el7uek.aarch64.rpm kernel-uek-tools-libs-4.14.35-2047.533.3.el7uek.aarch64.rpm kernel-uek-tools-libs-devel-4.14.35-2047.533.3.el7uek.aarch64.rpm perf-4.14.35-2047.533.3.el7uek.aarch64.rpm python-perf-4.14.35-2047.533.3.el7uek.aarch64.rpm kernel-uek-headers-4.14.35-2047.533.3.el7uek.aarch64.rpm
i386
