Oracle8: ELSA-2023-12196: kernel Important Security Update
Summary
[5.15.0-8.91.4.1.el8uek] - uek-rpm: Add opbmc to core rpm (Somasundaram Krishnasamy) [Orabug: 35157130] [5.15.0-8.91.4.el8uek] - selftests/vm: remove ARRAY_SIZE define from individual tests (Shuah Khan) [Orabug: 35088471] - selftests: Provide local define of __cpuid_count() (Reinette Chatre) [Orabug: 35088471] - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (Shuah Khan) [Orabug: 35088471] - uek-rpm: aarch64 enable DETECT_HUNG_TASK (Tom Saeger) [Orabug: 34580801] [5.15.0-8.91.3.el8uek] - Update README with UEK Text Description (Somasundaram Krishnasamy) [Orabug: 35084845] - uek-rpm: config-x86-64*: Disable CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT (Alejandro Jimenez) [Orabug: 35059109] - Revert "RDMA/irdma: Fix warning, move switch variable into case" (Jack Vogel) [Orabug: 35048858] - Revert "RDMA/irdma: Move variable into switch case" (Jack Vogel) [Orabug: 35048858] - Revert "ACPI/IORT: Move variables in switch, fix for build warnings." (Jack Vogel) [Orabug: 35048858] [5.15.0-8.91.2.el8uek] - RDMA/addr: Refresh neighbour entries upon rdma_resolve_addr() (Gerd Rausch) [Orabug: 35060575] - net/rds: Go back to alloc_ordered_workqueue() (Gerd Rausch) [Orabug: 35042697] - sched/core: Remove sched_uek cmdline parameter (Konrad Rzeszutek Wilk) [Orabug: 35049222] - uek-misc: Initial version (Konrad Rzeszutek Wilk) [Orabug: 35049222] - treewide: Move the definition in a global file (Konrad Rzeszutek Wilk) [Orabug: 35049222] - treewide: Rename wake_affine_idle_pull into on_exadata (Konrad Rzeszutek Wilk) [Orabug: 35049222] - sched/core: Remove sched_uek=preempt (Konrad Rzeszutek Wilk) [Orabug: 35049222] - perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table (Kan Liang) [Orabug: 35038311] - perf/x86/uncore: Add a quirk for UPI on SPR (Kan Liang) [Orabug: 35038311] - perf/x86/uncore: Ignore broken units in discovery table (Kan Liang) [Orabug: 35038311] - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (Kan Liang) [Orabug: 35038311] - perf/x86/uncore: Factor out uncore_device_to_die() (Kan Liang) [Orabug: 35038311] - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Introduce UPI topology type (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Get UPI NodeID and GroupID (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Generalize IIO topology support (Alexander Antonov) [Orabug: 35038311] - net/rds: Delegate fan-out to a background worker (Gerd Rausch) [Orabug: 34994148] - i40e: Add basic support for I710 devices (Stanislaw Grzeszczak) [Orabug: 35059783] [5.15.0-8.91.1.el8uek] - LTS version: v5.15.91 (Jack Vogel) - perf/x86/amd: fix potential integer overflow on shift of a int (Colin Ian King) - netfilter: conntrack: unify established states for SCTP paths (Sriram Yagnaraman) - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (Thomas Gleixner) - block: fix and cleanup bio_check_ro (Christoph Hellwig) - kbuild: Allow kernel installation packaging to override pkg-config (Chun-Tse Shao) - cpufreq: governor: Use kobject release() method to free dbs_data (Kevin Hao) - cpufreq: Move to_gov_attr_set() to cpufreq.h (Kevin Hao) - Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (Dmitry Torokhov) - tools: gpio: fix -c option of gpio-event-mon (Ivo Borisov Shopov) - treewide: fix up files incorrectly marked executable (Linus Torvalds) - net: mdio-mux-meson-g12a: force internal PHY off on mux switch (Jerome Brunet) - net/tg3: resolve deadlock in tg3_reset_task() during EEH (David Christensen) - thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() (Rafael J. Wysocki) - net: mctp: mark socks as dead on unhash, prevent re-add (Jeremy Kerr) - net: ravb: Fix possible hang if RIS2_QFF1 happen (Yoshihiro Shimoda) - net: ravb: Fix lack of register setting after system resumed for Gen3 (Yoshihiro Shimoda) - ravb: Rename "no_ptp_cfg_active" and "ptp_cfg_active" variables (Biju Das) - gpio: mxc: Unlock on error path in mxc_flip_edge() (Dan Carpenter) - nvme: fix passthrough csi check (Keith Busch) - riscv/kprobe: Fix instruction simulation of JALR (Liao Chang) - sctp: fail if no bound addresses can be used for a given scope (Marcelo Ricardo Leitner) - net/sched: sch_taprio: do not schedule in taprio_reset() (Eric Dumazet) - netrom: Fix use-after-free of a listening socket. (Kuniyuki Iwashima) - netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE (Sriram Yagnaraman) - ipv4: prevent potential spectre v1 gadget in fib_metrics_match() (Eric Dumazet) - ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() (Eric Dumazet) - netlink: annotate data races around sk_state (Eric Dumazet) - netlink: annotate data races around dst_portid and dst_group (Eric Dumazet) - netlink: annotate data races around nlk->portid (Eric Dumazet) - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (Pablo Neira Ayuso) - drm/i915/selftest: fix intel_selftest_modify_policy argument types (Arnd Bergmann) - net: fix UaF in netns ops registration error path (Paolo Abeni) - netlink: prevent potential spectre v1 gadgets (Eric Dumazet) - i2c: designware: use casting of u64 in clock multiplication to avoid overflow (Lareine Khawaly) - scsi: ufs: core: Fix devfreq deadlocks (Johan Hovold) - net: mana: Fix IRQ name - add PCI and queue number (Haiyang Zhang) - EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info (Manivannan Sadhasivam) - EDAC/device: Respect any driver-supplied workqueue polling value (Manivannan Sadhasivam) - ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment (Giulio Benetti) - ipv6: fix reachability confirmation with proxy_ndp (Gergely Risko) - thermal: intel: int340x: Protect trip temperature from concurrent updates (Srinivas Pandruvada) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE activation/deactivation (Marc Zyngier) - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (Hendrik Borghorst) - ovl: fail on invalid uid/gid mapping at copy up (Miklos Szeredi) - ksmbd: limit pdu length size according to connection status (Namjae Jeon) - ksmbd: downgrade ndr version error message to debug (Namjae Jeon) - ksmbd: do not sign response to session request for guest login (Marios Makassikis) - ksmbd: add max connections parameter (Namjae Jeon) - ksmbd: add smbd max io size parameter (Namjae Jeon) - i2c: mv64xxx: Add atomic_xfer method to driver (Chris Morgan) - i2c: mv64xxx: Remove shutdown method from driver (Chris Morgan) - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (David Howells) - ftrace/scripts: Update the instructions for ftrace-bisect.sh (Steven Rostedt (Google)) - trace_events_hist: add check for return value of 'create_hist_field' (Natalia Petrova) - tracing: Make sure trace_printk() can output as soon as it can be used (Steven Rostedt (Google)) - module: Don't wait for GOING modules (Petr Pavlu) - KVM: SVM: fix tsc scaling cache logic (Maxim Levitsky) - scsi: hpsa: Fix allocation size for scsi_host_alloc() (Alexey V. Vissarionov) - drm/amdgpu: complete gfxoff allow signal during suspend without delay (Harsh Jain) - Bluetooth: hci_sync: cancel cmd_timer if hci_open failed (Archie Pusaka) - exit: Use READ_ONCE() for all oops/warn limit reads (Kees Cook) - docs: Fix path paste-o for /sys/kernel/warn_count (Kees Cook) - panic: Expose "warn_count" to sysfs (Kees Cook) - panic: Introduce warn_limit (Kees Cook) - panic: Consolidate open-coded panic_on_warn checks (Kees Cook) - exit: Allow oops_limit to be disabled (Kees Cook) - exit: Expose "oops_count" to sysfs (Kees Cook) - exit: Put an upper limit on how often we can oops (Jann Horn) - panic: Separate sysctl logic from CONFIG_SMP (Kees Cook) - ia64: make IA64_MCA_RECOVERY bool instead of tristate (Randy Dunlap) - csky: Fix function name in csky_alignment() and die() (Nathan Chancellor) - h8300: Fix build errors from do_exit() to make_task_dead() transition (Nathan Chancellor) - hexagon: Fix function name in die() (Nathan Chancellor) - objtool: Add a missing comma to avoid string concatenation (Eric W. Biederman) - exit: Add and use make_task_dead. (Eric W. Biederman) - kasan: no need to unset panic_on_warn in end_report() (Tiezhu Yang) - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (Tiezhu Yang) - panic: unset panic_on_warn inside panic() (Tiezhu Yang) - kernel/panic: move panic sysctls to its own file (tangmeng) - sysctl: add a new register_sysctl_init() interface (Xiaoming Ni) - fs: reiserfs: remove useless new_opts in reiserfs_remount (Dongliang Mu) - x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (Deepak Sharma) - drm/i915: Remove unused variable (Nirmoy Das) - Revert "selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID" (Sasha Levin) - drm/i915: Allow switching away via vga-switcheroo if uninitialized (Thomas Zimmermann) - firmware: coreboot: Check size of table entry and use flex-array (Kees Cook) - lockref: stop doing cpu_relax in the cmpxchg loop (Mateusz Guzik) - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (Hans de Goede) - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (Michael Klein) - r8152: add vendor/device ID pair for Microsoft Devkit (Andre Przywara) - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (Yihang Li) - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (Heiko Carstens) - spi: spidev: remove debug messages that access spidev->spi without locking (Bartosz Golaszewski) - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (Mark Brown) - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (Mark Brown) - cpufreq: armada-37xx: stop using 0 as NULL pointer (Miles Chen) - perf/x86/intel/uncore: Add Emerald Rapids (Kan Liang) - perf/x86/msr: Add Emerald Rapids (Kan Liang) - s390: expicitly align _edata and _end symbols on page boundary (Alexander Gordeev) - s390/debug: add _ASM_S390_ prefix to header guard (Niklas Schnelle) - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (Patrick Thompson) - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (Hui Wang) - ASoC: fsl_micfil: Correct the number of steps on SX controls (Chancel Liu) - cpufreq: Add SM6375 to cpufreq-dt-platdev blocklist (Konrad Dybcio) - kcsan: test: don't put the expect array on the stack (Max Filippov) - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (Sumit Gupta) - scsi: iscsi: Fix multiple iSCSI session unbind events sent to userspace (Wenchao Hao) - tcp: fix rate_app_limited to default to 1 (David Morley) - net: stmmac: enable all safety features by default (Andrew Halaney) - thermal: core: call put_device() only after device_register() fails (Viresh Kumar) - thermal/core: fix error code in __thermal_cooling_device_register() (Dan Carpenter) - thermal: Validate new state in cur_state_store() (Viresh Kumar) - thermal/core: Rename 'trips' to 'num_trips' (Daniel Lezcano) - thermal/core: Remove duplicate information when an error occurs (Daniel Lezcano) - net: dsa: microchip: ksz9477: port map correction in ALU table entry register (Rakesh Sankaranarayanan) - selftests/net: toeplitz: fix race on tpacket_v3 block close (Willem de Bruijn) - driver core: Fix test_async_probe_init saves device in wrong array (Chen Zhongjin) - w1: fix WARNING after calling w1_process() (Yang Yingliang) - w1: fix deadloop in __w1_remove_master_device() (Yang Yingliang) - device property: fix of node refcount leak in fwnode_graph_get_next_endpoint() (Yang Yingliang) - ptdma: pt_core_execute_cmd() should use spinlock (Eric Pilmore) - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (Kevin Hao) - tcp: avoid the lookup process failing to get sk in ehash table (Jason Xing) - nvme-pci: fix timeout request state check (Keith Busch) - drm/amd/display: fix issues with driver unload (Hamza Mahfooz) - phy: phy-can-transceiver: Skip warning if no "max-bitrate" (Geert Uytterhoeven) - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (Liu Shixin) - cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) - HID: betop: check shape of output reports (Pietro Borrello) - l2tp: prevent lockdep issue in l2tp_tunnel_register() (Eric Dumazet) - virtio-net: correctly enable callback during start_xmit (Jason Wang) - net: macb: fix PTP TX timestamp failure due to packet padding (Robert Hancock) - dmaengine: Fix double increment of client_count in dma_chan_get() (Koba Ko) - drm/panfrost: fix GENERIC_ATOMIC64 dependency (Arnd Bergmann) - net: mlx5: eliminate anonymous module_init & module_exit (Randy Dunlap) - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (Maor Dickman) - net: ipa: disable ipa interrupt during suspend (Caleb Connolly) - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (Ying Hsu) - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (Udipto Goswami) - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (Udipto Goswami) - HID: revert CHERRY_MOUSE_000C quirk (Jiri Kosina) - pinctrl: rockchip: fix mux route data for rk3568 (Jonas Karlman) - net: stmmac: fix invalid call to mdiobus_get_phy() (Heiner Kallweit) - HID: check empty report_list in bigben_probe() (Pietro Borrello) - HID: check empty report_list in hid_validate_values() (Pietro Borrello) - net: mdio: validate parameter addr in mdiobus_get_phy() (Heiner Kallweit) - net: usb: sr9700: Handle negative len (Szymon Heidrich) - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (Geetha sowjanya) - l2tp: close all race conditions in l2tp_tunnel_register() (Cong Wang) - l2tp: convert l2tp_tunnel_list to idr (Cong Wang) - l2tp: Don't sleep and disable BH under writer-side sk_callback_lock (Jakub Sitnicki) - l2tp: Serialize access to sk_user_data with sk_callback_lock (Jakub Sitnicki) [Orabug: 34951574] {CVE-2022-4129} - net/sched: sch_taprio: fix possible use-after-free (Eric Dumazet) - net: stmmac: Fix queue statistics reading (Kurt Kanzenbach) - pinctrl: rockchip: fix reading pull type on rk3568 (Jonas Karlman) - pinctrl/rockchip: add error handling for pull/drive register getters (Sebastian Reichel) - pinctrl/rockchip: Use temporary variable for struct device (Andy Shevchenko) - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (Szymon Heidrich) [Orabug: 35037701] {CVE-2023-23559} - gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode (Marek Vasut) - gpio: mxc: Protect GPIO irqchip RMW with bgpio spinlock (Marek Vasut) - gpio: use raw spinlock for gpio chip shadowed data (Schspa Shi) - sch_htb: Avoid grafting on htb_destroy_class_offload when destroying htb (Rahul Rameshbabu) - net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() (Vladimir Oltean) - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (Esina Ekaterina) - net: nfc: Fix use-after-free in local_cleanup() (Jisoo Jang) - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (Shang XiaoJing) - bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (Luis Gerhorst) - amd-xgbe: Delay AN timeout during KR training (Raju Rangoju) - amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent (Raju Rangoju) - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (Claudiu Beznea) - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (Xingyuan Mo) - phy: ti: fix Kconfig warning and operator precedence (Randy Dunlap) - arm64: dts: qcom: msm8992-libra: Fix the memory map (Konrad Dybcio) - arm64: dts: qcom: msm8992-libra: Add CPU regulators (Konrad Dybcio) - arm64: dts: qcom: msm8992: Don't use sfpb mutex (Konrad Dybcio) - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (Christophe JAILLET) - affs: initialize fsdata in affs_truncate() (Alexander Potapenko) - IB/hfi1: Remove user expected buffer invalidate race (Dean Luick) - IB/hfi1: Immediately remove invalid memory from hardware (Dean Luick) - IB/hfi1: Fix expected receive setup error exit issues (Dean Luick) - IB/hfi1: Reserve user expected TIDs (Dean Luick) - IB/hfi1: Reject a zero-length user expected buffer (Dean Luick) - RDMA/core: Fix ib block iterator counter overflow (Yonatan Nachum) - tomoyo: fix broken dependency on *.conf.default (Masahiro Yamada) - firmware: arm_scmi: Harden shared memory access in fetch_notification (Cristian Marussi) - firmware: arm_scmi: Harden shared memory access in fetch_response (Cristian Marussi) - EDAC/highbank: Fix memory leak in highbank_mc_probe() (Miaoqian Lin) - reset: uniphier-glue: Fix possible null-ptr-deref (Hui Tang) - reset: uniphier-glue: Use reset_control_bulk API (Philipp Zabel) - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (Miaoqian Lin) - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (Tim Harvey) - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (Jiasheng Jiang) - ARM: imx: add missing of_node_put() (Dario Binacchi) - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (Adam Ford) - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (Fabio Estevam) - ARM: dts: imx7d-pico: Use 'clock-frequency' (Fabio Estevam) - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (Fabio Estevam) - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (Fabio Estevam) - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (Jayesh Choudhary) - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (Gaosheng Cui) - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (Gaosheng Cui) - memory: tegra: Remove clients SID override programming (Ashish Mhetre) - LTS version: v5.15.90 (Jack Vogel) - io_uring/rw: remove leftover debug statement (Jens Axboe) - io_uring/rw: ensure kiocb_end_write() is always called (Jens Axboe) - io_uring: fix double poll leak on repolling (Pavel Begunkov) - io_uring: Clean up a false-positive warning from GCC 9.3.0 (Alviro Iskandar Setiawan) - mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (Hugh Dickins) - soc: qcom: apr: Make qcom,protection-domain optional again (Stephan Gerhold) - Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" (Eric Dumazet) - block: mq-deadline: Rename deadline_is_seq_writes() (Damien Le Moal) - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (Yang Yingliang) - net/ulp: use consistent error code when blocking ULP (Paolo Abeni) - io_uring/net: fix fast_iov assignment in io_setup_async_msg() (Stefan Metzmacher) - io_uring: io_kiocb_update_pos() should not touch file for non -1 offset (Jens Axboe) - tracing: Use alignof__(struct {type b;}) instead of offsetof() (Steven Rostedt (Google)) - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (YingChi Long) - Revert "drm/amdgpu: make display pinning more flexible (v2)" (Alex Deucher) - efi: rt-wrapper: Add missing include (Ard Biesheuvel) - arm64: efi: Execute runtime services from a dedicated stack (Ard Biesheuvel) - fs/ntfs3: Fix attr_punch_hole() null pointer derenference (Alon Zahavi) - drm/amdgpu: drop experimental flag on aldebaran (Alex Deucher) - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (Joshua Ashton) - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (Joshua Ashton) - drm/amd/display: Fix set scaling doesn's work (hongao) - drm/i915/display: Check source height is > 0 (Drew Davenport) - drm/i915: re-disable RC6p on Sandy Bridge (Sasa Dragic) - mei: me: add meteor lake point M DID (Alexander Usyskin) - gsmi: fix null-deref in gsmi_get_variable (Khazhismel Kumykov) - serial: atmel: fix incorrect baudrate setup (Tobias Schramm) - serial: amba-pl011: fix high priority character transmission in rs486 mode (Lino Sanfilippo) - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (Reinette Chatre) - dmaengine: tegra210-adma: fix global intr clear (Mohan Kumar) - dmaengine: lgm: Move DT parsing after initialization (Peter Harliman Liem) - serial: pch_uart: Pass correct sg to dma_unmap_sg() (Ilpo Järvinen) - dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation (Heiner Kallweit) - dt-bindings: phy: g12a-usb2-phy: fix compatible string documentation (Heiner Kallweit) - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (Juhyung Park) - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (Maciej Å»enczykowski) - usb: gadget: g_webcam: Send color matching descriptor per frame (Daniel Scally) - usb: typec: altmodes/displayport: Fix pin assignment calculation (Prashant Malani) - usb: typec: altmodes/displayport: Add pin assignment helper (Prashant Malani) - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (ChiYuan Huang) - usb: host: ehci-fsl: Fix module alias (Alexander Stein) - usb: cdns3: remove fetched trb from cache before dequeuing (Pawel Laszczak) - USB: serial: cp210x: add SCALANCE LPE-9000 device id (Michael Adler) - USB: gadgetfs: Fix race between mounting and unmounting (Alan Stern) - tty: fix possible null-ptr-defer in spk_ttyio_release (Gaosheng Cui) - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (Krzysztof Kozlowski) - staging: mt7621-dts: change some node hex addresses to lower case (Sergio Paracuellos) - bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD and PERF_BPF_EVENT_PROG_UNLOAD (Paul Moore) - riscv: dts: sifive: fu740: fix size of pcie 32bit memory (Ben Dooks) - thunderbolt: Use correct function to calculate maximum USB3 link rate (Mika Westerberg) - cifs: do not include page data when checking signature (Enzo Matsumiya) - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (Filipe Manana) - btrfs: do not abort transaction on failure to write log tree when syncing log (Filipe Manana) - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (Haibo Chen) - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (Samuel Holland) - ACPI: PRM: Check whether EFI runtime is available (Ard Biesheuvel) - comedi: adv_pci1760: Fix PWM instruction handling (Ian Abbott) - usb: core: hub: disable autosuspend for TI TUSB8041 (Flavio Suligoi) - misc: fastrpc: Fix use-after-free race condition for maps (Ola Jeppsson) - misc: fastrpc: Don't remove map on creater_process and device_release (Abel Vesa) - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (Greg Kroah-Hartman) - staging: vchiq_arm: fix enum vchiq_status return types (Arnd Bergmann) - USB: serial: option: add Quectel EM05CN modem (Duke Xin(è¾å®æ)) - USB: serial: option: add Quectel EM05CN (SG) modem (Duke Xin(è¾å®æ)) - USB: serial: option: add Quectel EC200U modem (Ali Mirghasemi) - USB: serial: option: add Quectel EM05-G (RS) modem (Duke Xin(è¾å®æ)) - USB: serial: option: add Quectel EM05-G (CS) modem (Duke Xin(è¾å®æ)) - USB: serial: option: add Quectel EM05-G (GR) modem (Duke Xin(è¾å®æ)) - prlimit: do_prlimit needs to have a speculation check (Greg Kroah-Hartman) - xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables (Mathias Nyman) - usb: acpi: add helper to check port lpm capability using acpi _DSM (Mathias Nyman) - xhci: Add a flag to disable USB3 lpm on a xhci root port level. (Mathias Nyman) - xhci: Add update_hub_device override for PCI xHCI hosts (Mathias Nyman) - xhci: Fix null pointer dereference when host dies (Mathias Nyman) - usb: xhci: Check endpoint is valid before dereferencing it (Jimmy Hu) - xhci-pci: set the dma max_seg_size (Ricardo Ribalda) - io_uring/rw: defer fsnotify calls to task context (Jens Axboe) - io_uring: do not recalculate ppos unnecessarily (Dylan Yudaken) - io_uring: update kiocb->ki_pos at execution time (Dylan Yudaken) - io_uring: remove duplicated calls to io_kiocb_ppos (Dylan Yudaken) - io_uring: ensure that cached task references are always put on exit (Jens Axboe) - io_uring: fix async accept on O_NONBLOCK sockets (Dylan Yudaken) - io_uring: allow re-poll if we made progress (Jens Axboe) - io_uring: support MSG_WAITALL for IORING_OP_SEND(MSG) (Jens Axboe) - io_uring: add flag for disabling provided buffer recycling (Jens Axboe) - io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly (Jens Axboe) - io_uring: improve send/recv error handling (Pavel Begunkov) - io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups (Jens Axboe) - eventfd: provide a eventfd_signal_mask() helper (Jens Axboe) - eventpoll: add EPOLL_URING_WAKE poll wakeup flag (Jens Axboe) - io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL (Jens Axboe) - hugetlb: unshare some PMDs when splitting VMAs (James Houghton) - drm/amd: Delay removal of the firmware framebuffer (Sasha Levin) - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (Guchun Chen) - ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform (Jeremy Szu) - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (Andy Chi) - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (Ding Hui) - nilfs2: fix general protection fault in nilfs_btree_insert() (Ryusuke Konishi) - zonefs: Detect append writes at invalid locations (Damien Le Moal) - Add exception protection processing for vd in axi_chan_handle_err function (Shawn.Shao) - wifi: mac80211: sdata can be NULL during AMPDU start (Alexander Wetzel) - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (Arend van Spriel) - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (Krzysztof Kozlowski) - fbdev: omapfb: avoid stack overflow warning (Arnd Bergmann) - perf/x86/rapl: Treat Tigerlake like Icelake (Chris Wilson) - f2fs: let's avoid panic if extent_tree is not created (Jaegeuk Kim) - x86/asm: Fix an assembler warning with current binutils (Mikulas Patocka) - btrfs: always report error in run_one_delayed_ref() (Qu Wenruo) - RDMA/srp: Move large values to a new enum for gcc13 (Jiri Slaby (SUSE)) - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (Chunhao Lin) - net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats (Daniil Tatianin) - vduse: Validate vq_num in vduse_validate_config() (Harshit Mogalapalli) - virtio_pci: modify ENOENT to EINVAL (Angus Chen) - tools/virtio: initialize spinlocks in vring_test.c (Ricardo Cañuelo) - selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID (Hao Sun) - pNFS/filelayout: Fix coalescing test for single DS (Olga Kornievskaia) - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (Naohiro Aota) - LTS version: v5.15.89 (Jack Vogel) - pinctrl: amd: Add dynamic debugging for active GPIOs (Mario Limonciello) - Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout" (Ferry Toth) - block: handle bio_split_to_limits() NULL return (Jens Axboe) - io_uring/io-wq: only free worker if it was allocated for creation (Jens Axboe) - io_uring/io-wq: free worker if task_work creation is canceled (Jens Axboe) - efi: fix NULL-deref in init error path (Johan Hovold) - arm64: cmpxchg_double*: hazard against entire exchange variable (Mark Rutland) - arm64: atomics: remove LL/SC trampolines (Mark Rutland) - arm64: atomics: format whitespace consistently (Mark Rutland) - io_uring: lock overflowing for IOPOLL (Pavel Begunkov) - KVM: x86: Do not return host topology information from KVM_GET_SUPPORTED_CPUID (Paolo Bonzini) - Documentation: KVM: add API issues section (Paolo Bonzini) - mm: Always release pages to the buddy allocator in memblock_free_late(). (Aaron Thompson) - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (Maximilian Luz) - igc: Fix PPS delta between two synchronized end-points (Christopher S Hall) - perf build: Properly guard libbpf includes (Ian Rogers) - net/mlx5e: Don't support encap rules with gbp option (Gavin Li) - net/mlx5: Fix ptp max frequency adjustment range (Rahul Rameshbabu) - net/sched: act_mpls: Fix warning during failed attribute validation (Ido Schimmel) - tools/nolibc: fix the O_* fcntl/open macro definitions for riscv (Willy Tarreau) - tools/nolibc: restore mips branch ordering in the _start block (Willy Tarreau) - tools/nolibc: Remove .global _start from the entry point code (Ammar Faizi) - tools/nolibc/arch: mark the _start symbol as weak (Willy Tarreau) - tools/nolibc/arch: split arch-specific code into individual files (Willy Tarreau) - tools/nolibc/types: split syscall-specific definitions into their own files (Willy Tarreau) - tools/nolibc/std: move the standard type definitions to std.h (Willy Tarreau) - tools/nolibc: use pselect6 on RISCV (Willy Tarreau) - tools/nolibc: x86-64: Use mov $60,%eax instead of mov $60,%rax (Ammar Faizi) - tools/nolibc: x86: Remove r8, r9 and r10 from the clobber list (Ammar Faizi) - af_unix: selftest: Fix the size of the parameter to connect() (Mirsad Goran Todorovac) - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (Minsuk Kang) - hvc/xen: lock console list traversal (Roger Pau Monne) - octeontx2-af: Fix LMAC config in cgx_lmac_rx_tx_enable (Angela Czubak) - tipc: fix unexpected link reset due to discovery messages (Tung Nguyen) - ALSA: usb-audio: Relax hw constraints for implicit fb sync (Takashi Iwai) - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (Takashi Iwai) - ASoC: wm8904: fix wrong outputs volume after power reactivation (Emanuele Ghidoli) - scsi: ufs: core: WLUN suspend SSU/enter hibern8 fail recovery (Peter Wang) - scsi: ufs: Stop using the clock scaling lock in the error handler (Bart Van Assche) - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (Shin'ichiro Kawasaki) - regulator: da9211: Use irq handler when ready (Ricardo Ribalda) - x86/resctrl: Fix task CLOSID/RMID update race (Peter Newman) - EDAC/device: Fix period calculation in edac_device_reset_delay_period() (Eliav Farber) - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (Peter Zijlstra) - powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (Kajol Jain) - netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. (Gavrilov Ilia) - sched/core: Fix use-after-free bug in dup_user_cpus_ptr() (Waiman Long) - iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() (Christophe JAILLET) - iommu/iova: Fix alloc iova overflows issue (Yunfei Wang) - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (Ferry Toth) - bus: mhi: host: Fix race between channel preparation and M0 event (Qiang Yu) - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (Herbert Xu) [Orabug: 35005828] {CVE-2023-0394} - ixgbe: fix pci device refcount leak (Yang Yingliang) - platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe (Hans de Goede) - dt-bindings: msm/dsi: Don't require vcca-supply on 14nm PHY (Konrad Dybcio) - dt-bindings: msm/dsi: Don't require vdds-supply on 10nm PHY (Konrad Dybcio) - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (Kuogee Hsieh) - platform/x86: ideapad-laptop: Add Legion 5 15ARH05 DMI id to set_fn_lock_led_list[] (Hans de Goede) - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (Bryan O'Donoghue) - dt-bindings: msm: dsi-controller-main: Fix description of core clock (Bryan O'Donoghue) - dt-bindings: msm: dsi-controller-main: Fix power-domain constraint (Bryan O'Donoghue) - drm/msm/adreno: Make adreno quirks not overwrite each other (Konrad Dybcio) - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (Bryan O'Donoghue) - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (Hans de Goede) - platform/surface: aggregator: Ignore command messages not intended for us (Maximilian Luz) - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (Hans de Goede) - cifs: Fix uninitialized memory read for smb311 posix symlink create (Volker Lendecke) - net/mlx5e: Set action fwd flag when parsing tc action goto (Roi Dayan) - drm/i915/gt: Reset twice (Chris Wilson) - drm/virtio: Fix GEM handle creation UAF (Rob Clark) - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (Heiko Carstens) - s390/cpum_sf: add READ_ONCE() semantics to compare and swap loops (Heiko Carstens) - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (Brian Norris) - s390/kexec: fix ipl report address for kdump (Alexander Egorenkov) - perf auxtrace: Fix address filter duplicate symbol selection (Adrian Hunter) - net: stmmac: add aux timestamps fifo clearance wait (Noor Azura Ahmad Tarmizi) - docs: Fix the docs build with Sphinx 6.0 (Jonathan Corbet) - efi: tpm: Avoid READ_ONCE() for accessing the event log (Ard Biesheuvel) - selftests: kvm: Fix a compile error in selftests/kvm/rseq_test.c (Jinrong Liang) - KVM: arm64: nvhe: Fix build with profile optimization (Denis Nikitin) - KVM: arm64: Fix S1PTW handling on RO memslots (Marc Zyngier) - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (Luka Guzenko) - ALSA: hda/realtek - Turn on power early (Yuchi Yang) - ALSA: control-led: use strscpy in set_led_id() (Jaroslav Kysela) - LTS version: v5.15.88 (Jack Vogel) - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (Chris Chiu) - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (Adrian Chan) - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (Clement Lecigne) [Orabug: 34983525] {CVE-2023-0266} - net/ulp: prevent ULP without clone op from entering the LISTEN status (Paolo Abeni) - net: sched: disallow noqueue for qdisc classes (Frederick Lawler) [Orabug: 35005790] {CVE-2022-47929} - serial: fixup backport of "serial: Deassert Transmit Enable on probe in driver-specific way" (Rasmus Villemoes) - selftests/vm/pkeys: Add a regression test for setting PKRU through ptrace (Kyle Huey) - x86/fpu: Emulate XRSTOR's behavior if the xfeatures PKRU bit is not set (Kyle Huey) - x86/fpu: Allow PKRU to be (once again) written by ptrace. (Kyle Huey) - x86/fpu: Add a pkru argument to copy_uabi_to_xstate() (Kyle Huey) - x86/fpu: Add a pkru argument to copy_uabi_from_kernel_to_xstate(). (Kyle Huey) - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (Kyle Huey) - parisc: Align parisc MADV_XXX constants with all other architectures (Helge Deller) - LTS version: v5.15.87 (Jack Vogel) - drm/mgag200: Fix PLL setup for G200_SE_A rev >=4 (Jocelyn Falempe) - io_uring: Fix unsigned 'res' comparison with zero in io_fixup_rw_res() (Harshit Mogalapalli) - efi: random: combine bootloader provided RNG seed with RNG protocol output (Ard Biesheuvel) - mbcache: Avoid nesting of cache->c_list_lock under bit locks (Jan Kara) - net: hns3: fix return value check bug of rx copybreak (Jie Wang) - btrfs: make thaw time super block check to also verify checksum (Qu Wenruo) - selftests: set the BUILD variable to absolute path (Muhammad Usama Anjum) - ext4: don't allow journal inode to have encrypt flag (Eric Biggers) - mptcp: use proper req destructor for IPv6 (Matthieu Baerts) - mptcp: dedicated request sock for subflow in v6 (Matthieu Baerts) - Revert "ACPI: PM: Add support for upcoming AMD uPEP HID AMDI007" (Mario Limonciello) - ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob (William Liu) - ksmbd: fix infinite loop in ksmbd_conn_handler_loop() (Namjae Jeon) - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (Linus Torvalds) - hfs/hfsplus: use WARN_ON for sanity check (Arnd Bergmann) - drm/i915/gvt: fix vgpu debugfs clean in remove (Zhenyu Wang) - drm/i915/gvt: fix gvt debugfs destroy (Zhenyu Wang) - riscv, kprobes: Stricter c.jr/c.jalr decoding (Björn Töpel) - riscv: uaccess: fix type of 0 variable on error in get_user() (Ben Dooks) - thermal: int340x: Add missing attribute for data rate base (Srinivas Pandruvada) - io_uring: fix CQ waiting timeout handling (Pavel Begunkov) - block: don't allow splitting of a REQ_NOWAIT bio (Jens Axboe) - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (Paul Menzel) - nfsd: fix handling of readdir in v4root vs. mount upcall timeout (Jeff Layton) - x86/bugs: Flush IBP in ib_prctl_set() (Rodrigo Branco) - x86/kexec: Fix double-free of elf header buffer (Takashi Iwai) - btrfs: check superblock to ensure the fs was not modified at thaw time (Qu Wenruo) - nvme: also return I/O command effects from nvme_command_effects (Christoph Hellwig) - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (Christoph Hellwig) - io_uring: check for valid register opcode earlier (Jens Axboe) - nvme: fix multipath crash caused by flush request when blktrace is enabled (Yanjun Zhang) - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (Hans de Goede) - udf: Fix extension of the last extent in the file (Jan Kara) - caif: fix memory leak in cfctrl_linkup_request() (Zhengchao Shao) - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (Dan Carpenter) - perf stat: Fix handling of --for-each-cgroup with --bpf-counters to match non BPF mode (Namhyung Kim) - usb: rndis_host: Secure rndis_query check against int overflow (Szymon Heidrich) - octeontx2-pf: Fix lmtst ID used in aura free (Geetha sowjanya) - drivers/net/bonding/bond_3ad: return when there's no aggregator (Daniil Tatianin) - fs/ntfs3: don't hold ni_lock when calling truncate_setsize() (Tetsuo Handa) - drm/imx: ipuv3-plane: Fix overlay plane width (Philipp Zabel) - perf tools: Fix resources leak in perf_data__open_dir() (Miaoqian Lin) - netfilter: ipset: Rework long task execution when adding/deleting entries (Jozsef Kadlecsik) - netfilter: ipset: fix hash:net,port,net hang with /0 subnet (Jozsef Kadlecsik) - net: sparx5: Fix reading of the MAC address (Horatiu Vultur) - net: sched: cbq: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983582] {CVE-2023-23454} - net: sched: atm: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983613] {CVE-2023-23455} - gpio: sifive: Fix refcount leak in sifive_gpio_probe (Miaoqian Lin) - ceph: switch to vfs_inode_has_locks() to fix file lock bug (Xiubo Li) - filelock: new helper: vfs_inode_has_locks (Jeff Layton) - drm/meson: Reduce the FIFO lines held when AFBC is not used (Carlo Caione) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (Maor Gottlieb) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (Shay Drory) - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (Miaoqian Lin) - net: ena: Update NUMA TPH hint register upon NUMA node update (David Arinzon) - net: ena: Set default value for RX interrupt moderation (David Arinzon) - net: ena: Fix rx_copybreak value update (David Arinzon) - net: ena: Use bitmask to indicate packet redirection (David Arinzon) - net: ena: Account for the number of processed bytes in XDP (David Arinzon) - net: ena: Don't register memory info on XDP exchange (David Arinzon) - net: ena: Fix toeplitz initial hash value (David Arinzon) - net: amd-xgbe: add missed tasklet_kill (Jiguang Xiao) - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (Adham Faris) - net/mlx5e: Always clear dest encap in neigh-update-del (Chris Mi) - net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Roi Dayan) - net/mlx5e: IPoIB, Don't allow CQE compression to be turned on by default (Dragos Tatulea) - net/mlx5: Avoid recovery in probe flows (Shay Drory) - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (Jiri Pirko) - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (Moshe Shemesh) - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (Stefano Garzarella) - vhost: fix range used in translate_desc() (Stefano Garzarella) - vringh: fix range used in iotlb_translate() (Stefano Garzarella) - vhost/vsock: Fix error handling in vhost_vsock_init() (Yuan Can) - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (ruanjinjie) - nfc: Fix potential resource leaks (Miaoqian Lin) - net: dsa: mv88e6xxx: depend on PTP conditionally (Johnny S. Lee) - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (Daniil Tatianin) - net: sched: fix memory leak in tcindex_set_parms (Hawkins Jiawei) - net: hns3: fix VF promisc mode not update when mac table full (Jian Shen) - net: hns3: fix miss L3E checking for rx packet (Jian Shen) - net: hns3: extract macro to simplify ring stats update code (Peng Li) - net: hns3: refactor hns3_nic_reuse_page() (Hao Chen) - net: hns3: add interrupts re-initialization while doing VF FLR (Jie Wang) - nfsd: shut down the NFSv4 state objects before the filecache (Jeff Layton) - veth: Fix race with AF_XDP exposing old or uninitialized descriptors (Shawn Bohrer) - netfilter: nf_tables: honor set timeout and garbage collection updates (Pablo Neira Ayuso) - vmxnet3: correctly report csum_level for encapsulated packet (Ronak Doshi) - netfilter: nf_tables: perform type checking for existing sets (Pablo Neira Ayuso) - netfilter: nf_tables: add function to create set stateful expressions (Pablo Neira Ayuso) - netfilter: nf_tables: consolidate set description (Pablo Neira Ayuso) - drm/panfrost: Fix GEM handle creation ref-counting (Steven Price) - bpf: pull before calling skb_postpull_rcsum() (Jakub Kicinski) - btrfs: fix an error handling path in btrfs_defrag_leaves() (Sasha Levin) - SUNRPC: ensure the matching upcall is in-flight upon downcall (minoura makoto) - drm/i915/migrate: fix length calculation (Matthew Auld) - drm/i915/migrate: fix offset calculation (Matthew Auld) - drm/i915/migrate: don't check the scratch page (Matthew Auld) - ext4: fix deadlock due to mbcache entry corruption (Jan Kara) - mbcache: automatically delete entries from cache on freeing (Jan Kara) - ext4: correct inconsistent error msg in nojournal mode (Baokun Li) - ext4: goto right label 'failed_mount3a' (Jason Yan) - ravb: Fix "failed to switch device to config mode" message during unbind (Biju Das) - perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data (Masami Hiramatsu (Google)) - perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor (Masami Hiramatsu (Google)) - media: s5p-mfc: Fix in register read and write for H264 (Smitha T Murthy) - media: s5p-mfc: Clear workbit to handle error condition (Smitha T Murthy) - media: s5p-mfc: Fix to handle reference queue during finishing (Smitha T Murthy) - x86/MCE/AMD: Clear DFR errors found in THR handler (Yazen Ghannam) - x86/mce: Get rid of msr_ops (Borislav Petkov) - btrfs: fix extent map use-after-free when handling missing device in read_one_chunk (void0red) - btrfs: move missing device handling in a dedicate function (Nikolay Borisov) - btrfs: replace strncpy() with strscpy() (Sasha Levin) - phy: qcom-qmp-combo: fix out-of-bounds clock access (Sasha Levin) - ARM: renumber bits related to _TIF_WORK_MASK (Jens Axboe) - ext4: fix off-by-one errors in fast-commit block filling (Eric Biggers) - ext4: fix unaligned memory access in ext4_fc_reserve_space() (Eric Biggers) - ext4: add missing validation of fast-commit record lengths (Eric Biggers) - ext4: don't set up encryption key during jbd2 transaction (Eric Biggers) - ext4: disable fast-commit of encrypted dir operations (Eric Biggers) - ext4: fix potential out of bound read in ext4_fc_replay_scan() (Eric Biggers) - ext4: factor out ext4_fc_get_tl() (Eric Biggers) - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (Eric Biggers) - ext4: use ext4_debug() instead of jbd_debug() (Eric Biggers) - ext4: remove unused enum EXT4_FC_COMMIT_FAILED (Eric Biggers) - tracing: Fix issue of missing one synthetic field (Zheng Yejian) - block: mq-deadline: Fix dd_finish_request() for zoned devices (Damien Le Moal) - drm/amdgpu: make display pinning more flexible (v2) (Alex Deucher) - drm/amdgpu: handle polaris10/11 overlap asics (v2) (Alex Deucher) - ext4: allocate extended attribute value in vmalloc area (Ye Bin) - ext4: avoid unaccounted block allocation when expanding inode (Jan Kara) - ext4: initialize quota before expanding inode in setproject ioctl (Jan Kara) - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (Ye Bin) - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Ye Bin) - ext4: avoid BUG_ON when creating xattrs (Jan Kara) - ext4: fix error code return to user-space in ext4_get_branch() (LuÃs Henriques) - ext4: fix corruption when online resizing a 1K bigalloc fs (Baokun Li) - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (Eric Whitney) - ext4: init quota for 'old.inode' in 'ext4_rename' (Ye Bin) - ext4: fix uninititialized value in 'ext4_evict_inode' (Ye Bin) - ext4: fix leaking uninitialized memory in fast-commit journal (Eric Biggers) - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (Baokun Li) - ext4: check and assert if marking an no_delete evicting inode dirty (Zhang Yi) - ext4: fix reserved cluster accounting in __es_remove_extent() (Ye Bin) - ext4: fix bug_on in __es_tree_search caused by bad quota inode (Baokun Li) - ext4: add helper to check quota inums (Baokun Li) - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (Baokun Li) - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (Gaosheng Cui) - ext4: fix use-after-free in ext4_orphan_cleanup (Baokun Li) - fs: ext4: initialize fsdata in pagecache_write() (Alexander Potapenko) - ext4: remove trailing newline from ext4_msg() message (LuÃs Henriques) - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (Baokun Li) - ext4: silence the warning when evicting inode with dioread_nolock (Zhang Yi) - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (Yuan Can) - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (Mikko Kovanen) - drm/vmwgfx: Validate the box size for the snooped cursor (Zack Rusin) - drm/connector: send hotplug uevent on connector cleanup (Simon Ser) - device_cgroup: Roll back to original exceptions after copy failure (Wang Weiyang) - parisc: led: Fix potential null-ptr-deref in start_task() (Shang XiaoJing) - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (Maria Yu) - iommu/amd: Fix ivrs_acpihid cmdline parsing code (Kim Phillips) - phy: qcom-qmp-combo: fix sc8180x reset (Johan Hovold) - driver core: Fix bus_type.match() error handling in __driver_attach() (Isaac J. Manjarres) - crypto: ccp - Add support for TEE for PCI ID 0x14CA (Mario Limonciello) - crypto: n2 - add missing hash statesize (Corentin Labbe) - riscv: mm: notify remote harts about mmu cache updates (Sergey Matyukevich) - riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument (Guo Ren) - PCI/sysfs: Fix double free in error path (Sascha Hauer) - PCI: Fix pci_device_is_present() for VFs by checking PF (Michael S. Tsirkin) - ipmi: fix use after free in _ipmi_destroy_user() (Dan Carpenter) - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (Huaxin Lu) - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (Alexander Sverdlin) - ipmi: fix long wait in unload when IPMI disconnect (Zhang Yuchen) - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (Maximilian Luz) - ASoC: jz4740-i2s: Handle independent FIFO flush bits (Aidan MacDonald) - wifi: wilc1000: sdio: fix module autoloading (Michael Walle) - efi: Add iMac Pro 2017 to uefi skip cert quirk (Aditya Garg) - md/bitmap: Fix bitmap chunk size overflow issues (Florian-Ewald Mueller) - block: mq-deadline: Do not break sequential write streams to zoned HDDs (Damien Le Moal) - rtc: ds1347: fix value written to century register (Ian Abbott) - cifs: fix missing display of three mount options (Steve French) - cifs: fix confusing debug message (Paulo Alcantara) - media: dvb-core: Fix UAF due to refcount races at releasing (Takashi Iwai) [Orabug: 34820628] {CVE-2022-41218} - media: dvb-core: Fix double free in dvb_register_device() (Keita Suzuki) - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (Nick Desaulniers) - staging: media: tegra-video: fix device_node use after free (Luca Ceresoli) - staging: media: tegra-video: fix chan->mipi value on error (Luca Ceresoli) - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (Yang Jihong) - tracing/probes: Handle system names with hyphens (Steven Rostedt (Google)) - tracing/hist: Fix wrong return value in parse_action_params() (Zheng Yejian) - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (Masami Hiramatsu (Google)) - tracing: Fix race where eprobes can be called before the event (Steven Rostedt (Google)) - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Masami Hiramatsu (Google)) - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (Masami Hiramatsu (Google)) - ftrace/x86: Add back ftrace_expected for ftrace bug reports (Steven Rostedt (Google)) - x86/microcode/intel: Do not retry microcode reloading on the APs (Ashok Raj) - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (Sean Christopherson) - KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails (Sean Christopherson) - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (Sean Christopherson) - of/kexec: Fix reading 32-bit "linux,initrd-{start,end}" values (Rob Herring) - perf/core: Call LSM hook after copying perf_event_attr (Namhyung Kim) - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (Zheng Yejian) - dm cache: set needs_check flag after aborting metadata (Mike Snitzer) - dm cache: Fix UAF in destroy() (Luo Meng) - dm clone: Fix UAF in clone_dtr() (Luo Meng) - dm integrity: Fix UAF in dm_integrity_dtr() (Luo Meng) - dm thin: Fix UAF in run_timer_softirq() (Luo Meng) - dm thin: resume even if in FAIL mode (Luo Meng) - dm thin: Use last transaction's pmd->root when commit failed (Zhihao Cheng) - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (Zhihao Cheng) - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (Mike Snitzer) - mptcp: remove MPTCP 'ifdef' in TCP SYN cookies (Matthieu Baerts) - mptcp: mark ops structures as ro_after_init (Florian Westphal) - fs: dlm: retry accept() until -EAGAIN or error returns (Alexander Aring) - fs: dlm: fix sock release if listen fails (Alexander Aring) - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (Chris Chiu) - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (Philipp Jungkamp) - cpufreq: Init completion before kobject_init_and_add() (Yongqiang Liu) - PM/devfreq: governor: Add a private governor_data for governor (Kant Fan) - selftests: Use optional USERCFLAGS and USERLDFLAGS (Mickaël Salaün) - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (Krzysztof Kozlowski) - ARM: ux500: do not directly dereference __iomem (Jason A. Donenfeld) - btrfs: fix resolving backrefs for inline extent followed by prealloc (Boris Burkov) - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (Wenchao Chen) - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (Krzysztof Kozlowski) - perf/x86/intel/uncore: Clear attr_update properly (Alexander Antonov) - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (Alexander Antonov) - jbd2: use the correct print format (Bixuan Cui) - ktest.pl minconfig: Unset configs instead of just removing them (Steven Rostedt) - kest.pl: Fix grub2 menu handling for rebooting (Steven Rostedt) - soc: qcom: Select REMAP_MMIO for LLCC driver (Manivannan Sadhasivam) - media: stv0288: use explicitly signed char (Jason A. Donenfeld) - net/af_packet: make sure to pull mac header (Eric Dumazet) - net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO (Hangbin Liu) - rcu-tasks: Simplify trc_read_check_handler() atomic operations (Paul E. McKenney) - ASoC/SoundWire: dai: expand 'stream' concept beyond SoundWire (Pierre-Louis Bossart) - ASoC: Intel/SOF: use set_stream() instead of set_tdm_slots() for HDAudio (Pierre-Louis Bossart) - kcsan: Instrument memcpy/memset/memmove with newer Clang (Marco Elver) - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails (Chuck Lever) - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo) - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo) - tpm: acpi: Call acpi_put_table() to fix memory leak (Hanjun Guo) - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (Deren Wu) - f2fs: allow to read node block after shutdown (Jaegeuk Kim) - f2fs: should put a page when checking the summary info (Pavel Machek) - mm, compaction: fix fast_isolate_around() to stay within boundaries (NARIBAYASHI Akira) - md: fix a crash in mempool_free (Mikulas Patocka) - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (ChiYuan Huang) - pnode: terminate at peers of source (Christian Brauner) - ALSA: line6: fix stack overflow in line6_midi_transmit (Artem Egorkine) - ALSA: line6: correct midi status byte when receiving data from podxt (Artem Egorkine) - ovl: Use ovl mounter's fsuid and fsgid in ovl_link() (Zhang Tianci) - binfmt: Fix error return code in load_elf_fdpic_binary() (Wang Yufen) - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (Aditya Garg) - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (Qiujun Huang) - pstore: Properly assign mem_type property (Luca Stefani) - HID: plantronics: Additional PIDs for double volume key presses quirk (Terry Junge) - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (José Expósito) - powerpc/rtas: avoid scheduling in rtas_os_term() (Nathan Lynch) - powerpc/rtas: avoid device tree lookups in rtas_os_term() (Nathan Lynch) - objtool: Fix SEGFAULT (Christophe Leroy) - fs/ntfs3: Fix slab-out-of-bounds in r_page (Yin Xiujiang) - fs/ntfs3: Delete duplicate condition in ntfs_read_mft() (Dan Carpenter) - fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_fill_super() (Tetsuo Handa) - fs/ntfs3: Use __GFP_NOWARN allocation at wnd_init() (Tetsuo Handa) - fs/ntfs3: Validate index root when initialize NTFS security (Edward Lo) - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (Pierre-Louis Bossart) - fs/ntfs3: Fix slab-out-of-bounds read in run_unpack (Hawkins Jiawei) - fs/ntfs3: Validate resident attribute name (Edward Lo) - fs/ntfs3: Validate buffer length while parsing index (Edward Lo) - fs/ntfs3: Validate attribute name offset (Edward Lo) - fs/ntfs3: Add null pointer check for inode operations (Edward Lo) - fs/ntfs3: Fix memory leak on ntfs_fill_super() error path (Shigeru Yoshida) - fs/ntfs3: Add null pointer check to attr_load_runs_vcn (Edward Lo) - fs/ntfs3: Validate data run offset (Edward Lo) - fs/ntfs3: Add overflow check for attribute size (edward lo) - fs/ntfs3: Validate BOOT record_size (edward lo) - nvmet: don't defer passthrough commands with trivial effects to the workqueue (Christoph Hellwig) - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (Christoph Hellwig) - ata: ahci: Fix PCS quirk application for suspend (Adam Vodopjan) - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (Yu Kuai) - ACPI: resource: do IRQ override on Lenovo 14ALC7 (Adrian Freund) - ACPI: resource: do IRQ override on XMG Core 15 (Erik Schumacher) - ACPI: resource: do IRQ override on LENOVO IdeaPad (Jiri Slaby (SUSE)) - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (Tamim Khan) - nvme-pci: fix page size checks (Keith Busch) - nvme-pci: fix mempool alloc size (Keith Busch) - nvme-pci: fix doorbell buffer value endianness (Klaus Jensen) - cifs: fix oops during encryption (Paulo Alcantara) - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (Miaoqian Lin) - IB/mlx4: Implement backend callback for "ib_get_vector_irqn" (Gerd Rausch) [Orabug: 34276618] - net/rds: Split send & receive vectors again (Gerd Rausch) [Orabug: 34276609] - drivers: base: cacheinfo: export symbol "get_cpu_cacheinfo" (Gerd Rausch) [Orabug: 34276609] - net/rds: Bring tasklets back for better latency (Gerd Rausch) [Orabug: 34276240] - net/rds: Throttle check for CQ CPU affinity (Gerd Rausch) [Orabug: 34276240] - net/rds: Follow the observed CQ CPU affinity (Gerd Rausch) [Orabug: 34276240] - net/rds: Add "preferred_cpu" option to "rds_rdma.ko" (Gerd Rausch) [Orabug: 34276240] - net/mlx5: Add new verb "ib_get_vector_irqn" (Gerd Rausch) [Orabug: 34276240] - net/rds: Use the preferred_cpu in rds_queue_{,delayed}_work (Gerd Rausch) [Orabug: 34276240] - net/rds: Make workers use the designated CPU (Gerd Rausch) [Orabug: 34276240] - net/rds: Put more CPU cores to work (Gerd Rausch) [Orabug: 34276240] - net/rds: Get rid of tasklets (Gerd Rausch) [Orabug: 34276240] - net/rds: Use the same vector for send & receive (Gerd Rausch) [Orabug: 34276240] - net/rds: Allocate rds_ib_{incoming,frag}_slab on HCA NUMA nodeid (Gerd Rausch) [Orabug: 34276240] - net/rds: Allocate pages on HCA NUMA nodeid (Gerd Rausch) [Orabug: 34276240] - uek-rpm: [act|cls]_bpf should be part of core (Alan Maguire) [Orabug: 34551630] - net/rds: Do not RESET_ALT_CONN if conn drops with DR_IB_DISCONNECTED_EVENT (Sharath Srinivasan) [Orabug: 34864406] - rds: ib: Keep IB MRs on clean_list unless we are tearing down the pool (HÃ¥kon Bugge) [Orabug: 34987233] - rds: ib: Add FRWR related statistics counters (HÃ¥kon Bugge) [Orabug: 34987233] - scsi: megaraid_sas: Skip syncing the RAID map on older controllers (Martin K. Petersen) [Orabug: 35028425] - iommu/amd: Don't block updates to GATag if guest mode is already on (Joao Martins) [Orabug: 34988288] - IB/core: Make GID table entry (gid_idx) available immediately (Konrad Rzeszutek Wilk) [Orabug: 35015836] - iommu/amd: Disable AVIC on certain systems BIOS (Joao Martins) [Orabug: 35018580] - xfs: fix incorrect i_nlink caused by inode racing (Long Li) [Orabug: 35021004]
SRPMs
https://oss.oracle.com:443/ol8/SRPMS-updates//kernel-uek-5.15.0-8.91.4.1.el8uek.src.rpm
x86_64
bpftool-5.15.0-8.91.4.1.el8uek.x86_64.rpm kernel-uek-5.15.0-8.91.4.1.el8uek.x86_64.rpm kernel-uek-core-5.15.0-8.91.4.1.el8uek.x86_64.rpm kernel-uek-debug-5.15.0-8.91.4.1.el8uek.x86_64.rpm kernel-uek-debug-core-5.15.0-8.91.4.1.el8uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-8.91.4.1.el8uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-8.91.4.1.el8uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-8.91.4.1.el8uek.x86_64.rpm kernel-uek-devel-5.15.0-8.91.4.1.el8uek.x86_64.rpm kernel-uek-doc-5.15.0-8.91.4.1.el8uek.noarch.rpm kernel-uek-modules-5.15.0-8.91.4.1.el8uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-8.91.4.1.el8uek.x86_64.rpm kernel-uek-container-5.15.0-8.91.4.1.el8uek.x86_64.rpm kernel-uek-container-debug-5.15.0-8.91.4.1.el8uek.x86_64.rpm
aarch64
bpftool-5.15.0-8.91.4.1.el8uek.aarch64.rpm kernel-uek-5.15.0-8.91.4.1.el8uek.aarch64.rpm kernel-uek-core-5.15.0-8.91.4.1.el8uek.aarch64.rpm kernel-uek-debug-5.15.0-8.91.4.1.el8uek.aarch64.rpm kernel-uek-debug-core-5.15.0-8.91.4.1.el8uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-8.91.4.1.el8uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-8.91.4.1.el8uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-8.91.4.1.el8uek.aarch64.rpm kernel-uek-devel-5.15.0-8.91.4.1.el8uek.aarch64.rpm kernel-uek-doc-5.15.0-8.91.4.1.el8uek.noarch.rpm kernel-uek-modules-5.15.0-8.91.4.1.el8uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-8.91.4.1.el8uek.aarch64.rpm
i386
