Stay Secure with the Latest Linux Advisories

security advisorycritical issueupdate

Oracle Linux 8 ELSA-2025-20100 critical: kernel update issues

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-20100 http://linux.oracle.com/errata/ELSA-2025-20100.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.340.4.1.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.340.4.1.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.340.4.1.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.340.4.1.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.340.4.1.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.340.4.1.el8uek.src.rpm RelatedCVEs: CVE-2024-38538 CVE-2024-38588 CVE-2024-49996 CVE-2024-50264 CVE-2024-50265 CVE-2024-50267 CVE-2024-50269 CVE-2024-50273 CVE-2024-50278 CVE-2024-50279 CVE-2024-50282 CVE-2024-50287 CVE-2024-50290 CVE-2024-50296 CVE-2024-50299 CVE-2024-50301 CVE-2024-50302 CVE-2024-53061 CVE-2024-53063 CVE-2024-53066 CVE-2024-53101 CVE-2024-53103 CVE-2024-53104 CVE-2024-53112 CVE-2024-53130 CVE-2024-53131 CVE-2024-53135 CVE-2024-53140 CVE-2024-53141 CVE-2024-53142 CVE-2024-53145 CVE-2024-53146 CVE-2024-53148 CVE-2024-53150 CVE-2024-53155 CVE-2024-53156 CVE-2024-53157 CVE-2024-53158 CVE-2024-53161 CVE-2024-53165 CVE-2024-53171 CVE-2024-53172 CVE-2024-53173 CVE-2024-53174 CVE-2024-53181 CVE-2024-53183 CVE-2024-53184 CVE-2024-53194 CVE-2024-53197 CVE-2024-53198 CVE-2024-53214 CVE-2024-53217 CVE-2024-53227 CVE-2024-53239 CVE-2024-53240 CVE-2024-56531 CVE-2024-56532 CVE-2024-56539 CVE-2024-56548 CVE-2024-56558 CVE-2024-56562 CVE-2024-56567 CVE-2024-56569 CVE-2024-56570 CVE-2024-56572 CVE-2024-56574 CVE-2024-56576 CVE-2024-56581 CVE-2024-56586 CVE-2024-56587 CVE-2024-56593 CVE-2024-56594 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56598 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56605 CVE-2024-56606 CVE-2024-56615 CVE-2024-56619 CVE-2024-56629 CVE-2024-56630 CVE-2024-56633 CVE-2024-56634 CVE-2024-56637 CVE-2024-56642 CVE-2024-56643 CVE-2024-56650 CVE-2024-56659 CVE-2024-56661 CVE-2024-56670 CVE-2024-56681 CVE-2024-56688 CVE-2024-56690 CVE-2024-56691 CVE-2024-56700 CVE-2024-56704 CVE-2024-56723 CVE-2024-56724 CVE-2024-56739 CVE-2024-56746 CVE-2024-56747 CVE-2024-56748 CVE-2024-56756 Description of changes: [5.4.17-2136.340.4.1.el8uek] - RDS: avoid queueing delayed work on an offlined cpu (Praveen Kumar Kannoju) [Orabug: 37566743] [5.4.17-2136.340.4.el8uek] - ftrace: use preempt_enable/disable notrace macros to avoid double fault (Koichiro Den) - nfsd: restore callback functionality for NFSv4.0 (NeilBrown) - i2c: pnx: Fix timeout in wait functions (Vladimir Riabchun) - of/irq: Fix usinguninitialized variable @addr_len in API of_irq_parse_one() (Zijun Hu) - af_packet: fix vlan_get_tci() vs MSG_PEEK (Eric Dumazet) - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (Eric Dumazet) - mtd: rawnand: fix double free in atmel_pmecc_create_user() (Dan Carpenter) [5.4.17-2136.340.3.el8uek] - Revert "xen/swiotlb: add alignment check for dma buffers" (Harshvardhan Jha) [Orabug: 37475435] - vfio/iommu_type1: Fix some sanity checks in detach group (Keqian Zhu) [Orabug: 37136890] - Revert "vfio/iommu_type1: Fix some sanity checks in detach group" (Dongli Zhang) [Orabug: 37136890] - rds: ib: Avoid UAF on RDS Socket's rs_trans_lock (Håkon Bugge) [Orabug: 36693622] - rds: ib: Fix blocked processes related to race in rds_rdma_free_dev_rs_worker() (Håkon Bugge) [Orabug: 36693622] - rds: ib: Fix deterministic UAF in rds_rdma_free_dev_rs_worker() (Håkon Bugge) [Orabug: 36693622] - Revert "KVM: SVM: Add a module parameter to override iommu AVIC usage" (Alejandro Jimenez) [Orabug: 35001679] [5.4.17-2136.340.2.el8uek] - LTS tag: v5.4.288 (Alok Tiwari) - ALSA: usb-audio: Fix a DMA to stack memory bug (Dan Carpenter) - xen/netfront: fix crash when removing device (Juergen Gross) [Orabug: 37427542] {CVE-2024-53240} - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (Raghavendra Rao Ananta) - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (Nathan Chancellor) - blk-iocost: fix weight updates of inner active iocgs (Tejun Heo) - blk-iocost: clamp inuse and skip noops in __propagate_weights() (Tejun Heo) - ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired (Daniil Tatianin) - net/sched: netem: account for backlog updates from child qdisc (Martin Ottens) - qca_spi: Make driver probing reliable (Stefan Wahren) - qca_spi: Fix clock speed for multiple QCA7000 (Stefan Wahren) - ACPI: resource: Fix memory resource type union access (Ilpo Järvinen) - net: lapb: increase LAPB_HEADER_LEN (Eric Dumazet) [Orabug: 37434237] {CVE-2024-56659} -tipc: fix NULL deref in cleanup_bearer() (Eric Dumazet) [Orabug: 37506456] {CVE-2024-56661} - batman-adv: Do not let TT changes list grows indefinitely (Remi Pommarel) - batman-adv: Remove uninitialized data in full table TT response (Remi Pommarel) - batman-adv: Do not send uninitialized TT changes (Remi Pommarel) - bpf, sockmap: Fix update element with same (Michal Luczaj) - xfs: don't drop errno values when we fail to ficlone the entire range (Darrick J. Wong) - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (Lianqin Hu) [Orabug: 37434264] {CVE-2024-56670} - usb: ehci-hcd: fix call balance of clocks handling routines (Vitalii Mordan) - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (Stefan Wahren) - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (Joe Hattori) - usb: host: max3421-hcd: Correctly abort a USB request. (Mark Tomlinson) - LTS tag: v5.4.287 (Alok Tiwari) - bpf, xdp: Update devmap comments to reflect napi/rcu usage (John Fastabend) - ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Takashi Iwai) [Orabug: 37427489] {CVE-2024-53150} - PCI: rockchip-ep: Fix address translation unit programming (Damien Le Moal) - Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" (Zhang Zekun) - modpost: Add .irqentry.text to OTHER_SECTIONS (Thomas Gleixner) - jffs2: Fix rtime decompressor (Richard Weinberger) - jffs2: Prevent rtime decompress memory corruption (Kinsey Moore) - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (Kunkun Jiang) - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (Kunkun Jiang) - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (Jing Zhang) - perf/x86/intel/pt: Fix buffer full but size is 0 case (Adrian Hunter) - bpf: fix OOB devmap writes when deleting elements (Maciej Fijalkowski) [Orabug: 37434047] {CVE-2024-56615} - xdp: Simplify devmap cleanup (Björn Töpel) - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle(Parker Newman) - powerpc/prom_init: Fixup missing powermac #size-cells (Michael Ellerman) - usb: chipidea: udc: handle USB Error Interrupt if IOC not set (Xu Yang) - i3c: Use i3cdev-> desc-> info instead of calling i3c_device_get_info() to avoid deadlock (Defa Li) - PCI: Add ACS quirk for Wangxun FF5xxx NICs (Mengyuan Lou) - PCI: Add 'reset_subordinate' to reset hierarchy below bridge (Keith Busch) - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. (Qi Han) [Orabug: 37433861] {CVE-2024-56586} - nvdimm: rectify the illogical code within nd_dax_probe() (Yi Yang) - pinctrl: qcom-pmic-gpio: add support for PM8937 (Barnabás Czémán) - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (Kai Mäkisara) - scsi: st: Don't modify unknown block number in MTIOCGET (Kai Mäkisara) - leds: class: Protect brightness_show() with led_cdev-> led_access mutex (Mukesh Ojha) [Orabug: 37433869] {CVE-2024-56587} - tracing: Use atomic64_inc_return() in trace_clock_counter() (Uros Bizjak) - netpoll: Use rcu_access_pointer() in __netpoll_setup (Breno Leitao) - net/neighbor: clear error in case strict check is not set (Jakub Kicinski) - rocker: fix link status detection in rocker_carrier_init() (Dmitry Antipov) - ASoC: hdmi-codec: reorder channel allocation list (Jonas Karlman) - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (Hilda Wu) - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (Norbert van Bolhuis) [Orabug: 37433908] {CVE-2024-56593} - wifi: ipw2x00: libipw_rx_any(): fix bad alignment (Jiapeng Chong) - drm/amdgpu: set the right AMDGPU sg segment limitation (Prike Liang) [Orabug: 37433914] {CVE-2024-56594} - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (Nihar Chaithanya) [Orabug: 37433920] {CVE-2024-56595} - jfs: fix array-index-out-of-bounds in jfs_readdir (Ghanshyam Agrawal) [Orabug: 37433928] {CVE-2024-56596} - jfs: fix shift-out-of-bounds in dbSplit (Ghanshyam Agrawal) [Orabug: 37433934]{CVE-2024-56597} - jfs: array-index-out-of-bounds fix in dtReadFirst (Ghanshyam Agrawal) [Orabug: 37433941] {CVE-2024-56598} - wifi: ath5k: add PCI ID for Arcadyan devices (Rosen Penev) - wifi: ath5k: add PCI ID for SX76X (Rosen Penev) - net: inet6: do not leave a dangling sk pointer in inet6_create() (Ignat Korchagin) [Orabug: 37433955] {CVE-2024-56600} - net: inet: do not leave a dangling sk pointer in inet_create() (Ignat Korchagin) [Orabug: 37433962] {CVE-2024-56601} - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (Ignat Korchagin) [Orabug: 37433970] {CVE-2024-56602} - net: af_can: do not leave a dangling sk pointer in can_create() (Ignat Korchagin) [Orabug: 37433977] {CVE-2024-56603} - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (Ignat Korchagin) [Orabug: 37433990] {CVE-2024-56605} - af_packet: avoid erroring out after sock_init_data() in packet_create() (Ignat Korchagin) [Orabug: 37433996] {CVE-2024-56606} - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (Elena Salomatkina) - net: ethernet: fs_enet: Use %pa to format resource_size_t (Simon Horman) - net: fec_mpc52xx_phy: Use %pa to format resource_size_t (Simon Horman) - samples/bpf: Fix a resource leak (Zhu Jun) - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (Igor Artemiev) - drm/mcde: Enable module autoloading (Liao Chen) - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (Joaquín Ignacio Aramendía) - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (Rohan Barar) - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (David Given) - s390/cpum_sf: Handle CPU hotplug remove during sampling (Thomas Richter) - mmc: core: Further prevent card detect during shutdown (Ulf Hansson) - regmap: detach regmap from dev on regmap_exit (Cosmin Tanislav) - dma-buf: fix dma_fence_array_signaled v4 (Christian König) - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (Liequan Che) - nilfs2: fix potentialout-of-bounds memory access in nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37434065] {CVE-2024-56619} - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (Saurav Kashyap) - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (Anil Gurumurthy) - scsi: qla2xxx: Fix NVMe and NPIV connect issue (Quinn Tran) - ocfs2: update seq_file index in ocfs2_dlm_seq_next (Wengang Wang) - tracing: Fix cmp_entries_dup() to respect sort() comparison rules (Kuan-Wei Chiu) - HID: wacom: fix when get product name maybe null pointer (WangYuli) [Orabug: 37434108] {CVE-2024-56629} - bpf: Fix exact match conditions in trie_get_next_key() (Hou Tao) - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie (Hou Tao) - ocfs2: free inode when ocfs2_get_init_inode() fails (Tetsuo Handa) [Orabug: 37434113] {CVE-2024-56630} - spi: mpc52xx: Add cancel_work_sync before module remove (Pei Xiao) - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (Zijian Zhang) [Orabug: 37434127] {CVE-2024-56633} - drm/sti: Add __iomem for mixer_dbg_mxn's parameter (Pei Xiao) - gpio: grgpio: Add NULL check in grgpio_probe (Charles Han) [Orabug: 37434131] {CVE-2024-56634} - gpio: grgpio: use a helper variable to store the address of ofdev-> dev (Bartosz Golaszewski) - crypto: x86/aegis128 - access 32-bit arguments as 32-bit (Eric Biggers) - x86/asm: Reorder early variables (Jiri Slaby) - xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (Qiu-ji Chen) [Orabug: 37433540] {CVE-2024-53198} - xen/xenbus: fix locking (Juergen Gross) - xenbus/backend: Protect xenbus callback with lock (SeongJae Park) - xenbus/backend: Add memory pressure handler callback (SeongJae Park) - xen/xenbus: reference count registered modules (Paul Durrant) - netfilter: nft_set_hash: skip duplicated elements pending gc run (Pablo Neira Ayuso) - netfilter: ipset: Hold module reference while requesting a module (Phil Sutter) [Orabug: 37434143] {CVE-2024-56637} - igb: Fix potential invalid memory access in igb_init_module() (YuanCan) - net/qed: allow old cards not supporting "num_images" to work (Louis Leseur) - tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (Kuniyuki Iwashima) [Orabug: 37434161] {CVE-2024-56642} - tipc: add new AEAD key structure for user API (Tuong Lien) - tipc: enable creating a "preliminary" node (Tuong Lien) - tipc: add reference counter to bearer (Tuong Lien) - dccp: Fix memory leak in dccp_feat_change_recv (Ivan Solodovnikov) [Orabug: 37434167] {CVE-2024-56643} - can: j1939: j1939_session_new(): fix skb reference counting (Dmitry Antipov) - net/sched: tbf: correct backlog statistic for GSO packets (Martin Ottens) - netfilter: x_tables: fix LED ID check in led_tg_check() (Dmitry Antipov) [Orabug: 37434200] {CVE-2024-56650} - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (Jinghao Jia) - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (Dario Binacchi) - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (Dario Binacchi) - watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (Yassine Oudjana) - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (Oleksandr Ocheretnyi) - drm/etnaviv: flush shader L1 cache after user commandstream (Lucas Stach) - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (Yang Erkun) - nfsd: make sure exp active before svc_export_show (Yang Erkun) [Orabug: 37433745] {CVE-2024-56558} - dm thin: Add missing destroy_work_on_stack() (Yuan Can) - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (Frank Li) [Orabug: 37433756] {CVE-2024-56562} - util_macros.h: fix/rework find_closest() macros (Alexandru Ardelean) - ad7780: fix division by zero in ad7780_write_raw() (Zicheng Qu) [Orabug: 37433772] {CVE-2024-56567} - clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (Gabor Juhos) - ftrace: Fix regression with module command in stack_trace_filter (guoweikang) [Orabug: 37433784] {CVE-2024-56569} - ovl: Filter invalid inodes with missing lookup function (VasiliyKovalev) [Orabug: 37433789] {CVE-2024-56570} - media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (Gaosheng Cui) [Orabug: 37433798] {CVE-2024-56572} - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (Jinjie Ruan) - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (Jinjie Ruan) - media: ts2020: fix null-ptr-deref in ts2020_probe() (Li Zetao) [Orabug: 37433805] {CVE-2024-56574} - media: i2c: tc358743: Fix crash in the probe error path when using polling (Alexander Shiyan) [Orabug: 37433817] {CVE-2024-56576} - btrfs: ref-verify: fix use-after-free after invalid ref action (Filipe Manana) [Orabug: 37433832] {CVE-2024-56581} - quota: flush quota_release_work upon quota writeback (Ojaswin Mujoo) - ASoC: fsl_micfil: fix the naming style for mask definition (Shengjiu Wang) - sh: intc: Fix use-after-free bug in register_intc_controller() (Dan Carpenter) [Orabug: 37433393] {CVE-2024-53165} - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (Liu Jian) [Orabug: 37434314] {CVE-2024-56688} - SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE (Trond Myklebust) - SUNRPC: correct error code comment in xs_tcp_setup_socket() (Calum Mackay) - modpost: remove incorrect code in do_eisa_entry() (Masahiro Yamada) - rtc: ab-eoz9: don't fail temperature reads on undervoltage notification (Maxime Chevallier) - 9p/xen: fix release of IRQ (Alex Zenla) [Orabug: 37434374] {CVE-2024-56704} - 9p/xen: fix init sequence (Alex Zenla) - block: return unsigned int from bdev_io_min (Christoph Hellwig) - jffs2: fix use of uninitialized variable (Qingfang Deng) - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (Waqar Hameed) [Orabug: 37433414] {CVE-2024-53171} - ubi: fastmap: Fix duplicate slab cache names while attaching (Zhihao Cheng) [Orabug: 37433419] {CVE-2024-53172} - ubifs: Correct the total block count by deducting journal reservation (Zhihao Cheng) - rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (Yongliang Gao) [Orabug:37434456] {CVE-2024-56739} - rtc: abx80x: Fix WDT bit position of the status register (Nobuhiro Iwamatsu) - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (Trond Myklebust) [Orabug: 37433426] {CVE-2024-53173} - um: Always dump trace for specified task in show_stack (Tiwei Bie) - um: Clean up stacktrace dump (Johannes Berg) - um: add show_stack_loglvl() (Dmitry Safonov) - um/sysrq: remove needless variable sp (Dmitry Safonov) - um: Fix the return value of elf_core_copy_task_fpregs (Tiwei Bie) - um: Fix potential integer overflow during physmem setup (Tiwei Bie) [Orabug: 37427464] {CVE-2024-53145} - rpmsg: glink: Propagate TX failures in intentless mode as well (Bjorn Andersson) - SUNRPC: make sure cache entry active before cache_show (Yang Erkun) [Orabug: 37433433] {CVE-2024-53174} - NFSD: Prevent a potential integer overflow (Chuck Lever) [Orabug: 37427470] {CVE-2024-53146} - lib: string_helpers: silence snprintf() output truncation warning (Bartosz Golaszewski) - usb: dwc3: gadget: Fix checking for number of TRBs left (Thinh Nguyen) - ALSA: hda/realtek: Apply quirk for Medion E15433 (Takashi Iwai) - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (Dinesh Kumar) - ALSA: hda/realtek: Set PCBeep to default value for ALC274 (Kailang Yang) - ALSA: hda/realtek: Update ALC225 depop procedure (Kailang Yang) - media: wl128x: Fix atomicity violation in fmc_send_cmd() (Qiu-ji Chen) [Orabug: 37434358] {CVE-2024-56700} - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (Jason Gerecke) - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (Muchun Song) - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (Will Deacon) - sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (Huacai Chen) - um: vector: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433467] {CVE-2024-53181} - serial: 8250: omap: Move pm_runtime_get_sync (Bin Liu) - um: net: Do not usedrvdata in release (Tiwei Bie) [Orabug: 37433475] {CVE-2024-53183} - um: ubd: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433484] {CVE-2024-53184} - ubi: wl: Put source PEB into correct list if trying locking LEB failed (Zhihao Cheng) - spi: Fix acpi deferred irq probe (Stanislaw Gruszka) - netfilter: ipset: add missing range check in bitmap_ip_uadt (Jeongjun Park) [Orabug: 37388867] {CVE-2024-53141} - Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" (Greg Kroah-Hartman) - serial: sh-sci: Clean sci_ports[0] after at earlycon exit (Claudiu Beznea) - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (Andrej Shadura) - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (Nicolas Bouchinet) - comedi: Flush partial mappings in error case (Jann Horn) [Orabug: 37427482] {CVE-2024-53148} - PCI: Fix use-after-free of slot-> bus on hot remove (Lukas Wunner) [Orabug: 37433516] {CVE-2024-53194} - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (Qiu-ji Chen) - jfs: xattr: check invalid xattr size more strictly (Artem Sadovnikov) - ext4: fix FS_IOC_GETFSMAP handling (Theodore Ts'o) - ext4: supress data-race warnings in ext4_free_inodes_{count,set}() (Jeongjun Park) - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Benoît Sevens) [Orabug: 37433532] {CVE-2024-53197} - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (Manikanta Mylavarapu) - usb: ehci-spear: fix call balance of sehci clk handling routines (Vitalii Mordan) - apparmor: fix 'Do simple duplicate message elimination' (chao liu) - staging: greybus: uart: clean up TIOCGSERIAL (Johan Hovold) - misc: apds990x: Fix missing pm_runtime_disable() (Jinjie Ruan) - USB: chaoskey: Fix possible deadlock chaoskey_list_lock (Edward Adam Davis) - USB: chaoskey: fail open after removal (Oliver Neukum) - usb: yurex: make waiting on yurex_write interruptible (Oliver Neukum) - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (Jeongjun Park) -ipmr: fix tables suspicious RCU usage (Paolo Abeni) - ipmr: convert /proc handlers to rcu_read_lock() (Eric Dumazet) - net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken (Maxime Chevallier) - marvell: pxa168_eth: fix call balance of pep-> clk handling routines (Vitalii Mordan) - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (Oleksij Rempel) - tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets (Pavan Chebbi) - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (Oleksij Rempel) - power: supply: core: Remove might_sleep() from power_supply_put() (Bart Van Assche) - vfio/pci: Properly hide first-in-list PCIe extended capability (Avihai Horon) [Orabug: 37433578] {CVE-2024-53214} - NFSD: Fix nfsd4_shutdown_copy() (Chuck Lever) - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (Chuck Lever) - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (Chuck Lever) [Orabug: 37433594] {CVE-2024-53217} - rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length (Jonathan Marek) - rpmsg: glink: Fix GLINK command prefix (Bjorn Andersson) - rpmsg: glink: Send READ_NOTIFY command in FIFO full case (Arun Kumar Neelakantam) - rpmsg: glink: Add TX_DATA_CONT command while sending (Arun Kumar Neelakantam) - perf trace: Avoid garbage when not printing a syscall's arguments (Benjamin Peterson) - perf trace: Do not lose last events in a race (Benjamin Peterson) - m68k: coldfire/device.c: only build FEC when HW macros are defined (Antonio Quartulli) - m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x (Jean-Michel Hautbois) - PCI: cpqphp: Fix PCIBIOS_* return value confusion (Ilpo Järvinen) - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (weiyufeng) - perf probe: Correct demangled symbols in C++ program (Leo Yan) - perf cs-etm: Don't flush when packet_queue fills up (James Clark) - clk: clk-axi-clkgen: make sure to enable the AXI bus clock (Nuno Sa) - clk: axi-clkgen: usedevm_platform_ioremap_resource() short-hand (Alexandru Ardelean) - dt-bindings: clock: axi-clkgen: include AXI clk (Nuno Sa) - dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format (Alexandru Ardelean) - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (Zhen Lei) [Orabug: 37434478] {CVE-2024-56746} - fbdev/sh7760fb: Alloc DMA memory from hardware device (Thomas Zimmermann) - powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static (Michal Suchanek) - ocfs2: fix uninitialized value in ocfs2_file_read_iter() (Dmitry Antipov) [Orabug: 37427503] {CVE-2024-53155} - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (Zhen Lei) [Orabug: 37434484] {CVE-2024-56747} - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (Zhen Lei) [Orabug: 37434489] {CVE-2024-56748} - scsi: fusion: Remove unused variable 'rc' (Zeng Heng) - scsi: bfa: Fix use-after-free in bfad_im_module_exit() (Ye Bin) [Orabug: 37433630] {CVE-2024-53227} - mfd: rt5033: Fix missing regmap_del_irq_chip() (Zhang Changzhong) - mtd: rawnand: atmel: Fix possible memory leak (Miquel Raynal) - cpufreq: loongson2: Unregister platform_driver on failure (Yuan Can) - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (Andy Shevchenko) [Orabug: 37434429] {CVE-2024-56723} - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (Andy Shevchenko) [Orabug: 37434434] {CVE-2024-56724} - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (Andy Shevchenko) [Orabug: 37434330] {CVE-2024-56691} - mfd: intel_soc_pmic_bxtwc: Use dev_err_probe() (Andy Shevchenko) - mfd: da9052-spi: Change read-mask to write-mask (Marcus Folkesson) - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (Jinjie Ruan) - trace/trace_event_perf: remove duplicate samples on the first tracepoint event (Levi Yun) - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (Breno Leitao) - ALSA: 6fire: Release resources at card release (Takashi Iwai) [Orabug: 37433660] {CVE-2024-53239} - ALSA:caiaq: Use snd_card_free_when_closed() at disconnection (Takashi Iwai) [Orabug: 37433666] {CVE-2024-56531} - ALSA: us122l: Use snd_card_free_when_closed() at disconnection (Takashi Iwai) [Orabug: 37433672] {CVE-2024-56532} - net: rfkill: gpio: Add check for clk_enable() (Mingwei Zheng) - selftests: net: really check for bg process completion (Paolo Abeni) - bpf, sockmap: Fix sk_msg_reset_curr (Zijian Zhang) - bpf, sockmap: Several fixes to bpf_msg_pop_data (Zijian Zhang) - bpf, sockmap: Several fixes to bpf_msg_push_data (Zijian Zhang) - drm/etnaviv: hold GPU lock across perfmon sampling (Lucas Stach) - drm/etnaviv: fix power register offset on GC300 (Doug Brown) - drm/etnaviv: dump: fix sparse warnings (Marc Kleine-Budde) - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - drm/panfrost: Remove unused id_mask from struct panfrost_model (Steven Price) - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (Alper Nebi Yasak) [Orabug: 37433695] {CVE-2024-56539} - bpf: Fix the xdp_adjust_tail sample prog issue (Yuan Chen) - ASoC: fsl_micfil: fix regmap_write_bits usage (Shengjiu Wang) - ASoC: fsl_micfil: use GENMASK to define register bit fields (Sascha Hauer) - ASoC: fsl_micfil: do not define SHIFT/MASK for single bits (Sascha Hauer) - ASoC: fsl_micfil: Drop unnecessary register read (Sascha Hauer) - dt-bindings: vendor-prefixes: Add NeoFidelity, Inc (Igor Prusov) - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - drm/omap: Fix locking in omap_gem_new_dmabuf() (Tomi Valkeinen) - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (Jeongjun Park) [Orabug: 37427509] {CVE-2024-53156} - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (Andy Shevchenko) - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (Luo Qiu) [Orabug: 37427515] {CVE-2024-53157} -regmap: irq: Set lockdep class for hierarchical IRQ domains (Andy Shevchenko) - ARM: dts: cubieboard4: Fix DCDC5 regulator constraints (Andre Przywara) - tpm: fix signed/unsigned bug when checking event logs (Gregory Price) - efi/tpm: Pass correct address to memblock_reserve (Jerry Snitselaar) - mmc: mmc_spi: drop buggy snprintf() (Bartosz Golaszewski) - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (Dan Carpenter) [Orabug: 37427524] {CVE-2024-53158} - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - time: Fix references to _msecs_to_jiffies() handling of values (Miguel Ojeda) - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (Christophe JAILLET) - crypto: bcm - add error check in the ahash_hmac_init function (Chen Ridong) [Orabug: 37434298] {CVE-2024-56681} - crypto: cavium - Fix the if condition to exit loop after timeout (Everest K.C) - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (Yi Yang) [Orabug: 37434323] {CVE-2024-56690} - EDAC/fsl_ddr: Fix bad bit shift operations (Priyanka Singh) - EDAC/bluefield: Fix potential integer overflow (David Thompson) [Orabug: 37427533] {CVE-2024-53161} - firmware: google: Unregister driver_info on failure (Yuan Can) - firmware: google: Unregister driver_info on failure and exit in gsmi (Arthur Heymans) - hfsplus: don't query the device logical block size multiple times (Thadeu Lima de Souza Cascardo) [Orabug: 37433720] {CVE-2024-56548} - s390/syscalls: Avoid creation of arch/arch/ directory (Masahiro Yamada) - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (Aleksandr Mishin) - m68k: mvme147: Reinstate early console (Daniel Palmer) - m68k: mvme16x: Add and use "mvme16x.h" (Geert Uytterhoeven) - m68k: mvme147: Fix SCSI controller IRQ numbers (Daniel Palmer) - nvme-pci: fix freeing of the HMB descriptor table (Christoph Hellwig) [Orabug: 37434510] {CVE-2024-56756} - initramfs: avoid filename buffer overrun (David Disseldorp) [Orabug: 37388874]{CVE-2024-53142} - mips: asm: fix warning when disabling MIPS_FP_SUPPORT (Jonas Gorski) - x86/xen/pvh: Annotate indirect branch as safe (Josh Poimboeuf) - nvme: fix metadata handling in nvme-passthrough (Puranjay Mohan) - cifs: Fix buffer overflow when parsing NFS reparse points (Pali Rohár) [Orabug: 37206284] {CVE-2024-49996} - ipmr: Fix access to mfc_cache_list without lock held (Breno Leitao) - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (David Wang) - ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (Luo Yifan) - ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (Luo Yifan) - regulator: rk808: Add apply_bit for BUCK3 on RK809 (Mikhail Rudenko) - soc: qcom: Add check devm_kasprintf() returned value (Charles Han) - net: usb: qmi_wwan: add Quectel RG650V (Benoît Monin) - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (Arnd Bergmann) - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (Piyush Raj Chouhan) - selftests/watchdog-test: Fix system accidentally reset after watchdog-test (Li Zhijian) - mac80211: fix user-power when emulating chanctx (Ben Greear) - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (Hans de Goede) - kbuild: Use uname for LINUX_COMPILE_HOST detection (Chris Down) - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (Mauro Carvalho Chehab) - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (Ryusuke Konishi) [Orabug: 37388819] {CVE-2024-53130} - ocfs2: fix UBSAN warning in ocfs2_verify_volume() (Dmitry Antipov) - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (Ryusuke Konishi) [Orabug: 37388825] {CVE-2024-53131} - KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (Sean Christopherson) [Orabug: 37388846] {CVE-2024-53135} - ocfs2: uncache inode which has failed entering the group (Dmitry Antipov) [Orabug: 37388753] {CVE-2024-53112} - net/mlx5e: kTLS, Fix incorrect page refcounting (Dragos Tatulea) - net/mlx5:fs, lock FTE when checking if active (Mark Bloch) - netlink: terminate outstanding dump on socket close (Jakub Kicinski) [Orabug: 37388861] {CVE-2024-53140} - LTS tag: v5.4.286 (Alok Tiwari) - 9p: fix slab cache name creation for real (Linus Torvalds) - md/raid10: improve code of mrdev in raid10_sync_request (Li Nan) - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (Reinhard Speyerer) - fs: Fix uninitialized value issue in from_kuid and from_kgid (Alessandro Zanni) [Orabug: 37331928] {CVE-2024-53101} - powerpc/powernv: Free name on error in opal_event_init() (Michael Ellerman) - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML (Julian Vetter) - bpf: use kvzmalloc to allocate BPF verifier environment (Rik van Riel) - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (WangYuli) - 9p: Avoid creating multiple slab caches with the same name (Pedro Falcato) - ALSA: usb-audio: Add endianness annotations (Jan Schär) - vsock/virtio: Initialization of the dangling pointer occurring in vsk-> trans (Hyunwoo Kim) [Orabug: 37298681] {CVE-2024-50264} - hv_sock: Initializing vsk-> trans to NULL to prevent a dangling pointer (Hyunwoo Kim) [Orabug: 37344480] {CVE-2024-53103} - ftrace: Fix possible use-after-free issue in ftrace_location() (Zheng Yejian) [Orabug: 36753574] {CVE-2024-38588} - NFSD: Fix NFSv4's PUTPUBFH operation (Chuck Lever) - ALSA: usb-audio: Add quirks for Dell WD19 dock (Jan Schär) - ALSA: usb-audio: Support jack detection on Dell dock (Jan Schär) - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (Andrew Kanner) [Orabug: 37298685] {CVE-2024-50265} - irqchip/gic-v3: Force propagation of the active state with a read-back (Marc Zyngier) - USB: serial: option: add Quectel RG650V (Benoît Monin) - USB: serial: option: add Fibocom FG132 0x0112 composition (Reinhard Speyerer) - USB: serial: qcserial: add support for Sierra Wireless EM86xx (Jack Wu) - USB: serial: io_edgeport: fix use after free in debug printk (Dan Carpenter) [Orabug:37298695] {CVE-2024-50267} - usb: musb: sunxi: Fix accessing an released usb phy (Zijun Hu) [Orabug: 37298703] {CVE-2024-50269} - fs/proc: fix compile warning about variable 'vmcore_mmap_ops' (Qi Xi) - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (Benoit Sevens) [Orabug: 37344485] {CVE-2024-53104} - net: bridge: xmit: make sure we have at least eth header len bytes (Nikolay Aleksandrov) [Orabug: 36753372] {CVE-2024-38538} - spi: fix use-after-free of the add_lock mutex (Michael Walle) - spi: Fix deadlock when adding SPI controllers on SPI buses (Mark Brown) - mtd: rawnand: protect access to rawnand devices while in suspend (Sean Nyekjaer) - btrfs: reinitialize delayed ref list after deleting it from the list (Filipe Manana) [Orabug: 37298715] {CVE-2024-50273} - nfs: Fix KMSAN warning in decode_getfattr_attrs() (Roberto Sassu) [Orabug: 37304779] {CVE-2024-53066} - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (Zichen Xie) - dm cache: fix potential out-of-bounds access on the first resume (Ming-Hung Tsai) [Orabug: 37298732] {CVE-2024-50278} - dm cache: optimize dirty bit checking with find_next_bit when resizing (Ming-Hung Tsai) - dm cache: fix out-of-bounds access to the dirty bitset when resizing (Ming-Hung Tsai) [Orabug: 37298737] {CVE-2024-50279} - dm cache: correct the number of origin blocks to match the target length (Ming-Hung Tsai) - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (Alex Deucher) [Orabug: 37298751] {CVE-2024-50282} - pwm: imx-tpm: Use correct MODULO value for EPWM mode (Erik Schumacher) - media: v4l2-tpg: prevent the risk of a division by zero (Mauro Carvalho Chehab) [Orabug: 37298782] {CVE-2024-50287} - media: cx24116: prevent overflows on SNR calculus (Mauro Carvalho Chehab) [Orabug: 37298797] {CVE-2024-50290} - media: s5p-jpeg: prevent buffer overflows (Mauro Carvalho Chehab) [Orabug: 37304763] {CVE-2024-53061} - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (Murad Masimov) -media: adv7604: prevent underflow condition when reporting colorspace (Mauro Carvalho Chehab) - media: dvb_frontend: don't play tricks with underflow values (Mauro Carvalho Chehab) - media: dvbdev: prevent the risk of out of memory access (Mauro Carvalho Chehab) [Orabug: 37304769] {CVE-2024-53063} - media: stb0899_algo: initialize cfr before using it (Mauro Carvalho Chehab) - net: hns3: fix kernel crash when uninstalling driver (Peiyang Wang) [Orabug: 37298811] {CVE-2024-50296} - can: c_can: fix {rx,tx}_errors statistics (Dario Binacchi) - sctp: properly validate chunk size in sctp_sf_ootb() (Xin Long) [Orabug: 37298820] {CVE-2024-50299} - net: enetc: set MAC address to the VF net_device (Wei Fang) - enetc: simplify the return expression of enetc_vf_set_mac_addr() (Qinglang Miao) - security/keys: fix slab-out-of-bounds in key_task_permission (Chen Ridong) [Orabug: 37298827] {CVE-2024-50301} - HID: core: zero-initialize the report buffer (Jiri Kosina) [Orabug: 37298834] {CVE-2024-50302} - ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin (Heiko Stuebner) - ARM: dts: rockchip: Fix the spi controller on rk3036 (Heiko Stuebner) - ARM: dts: rockchip: drop grf reference from rk3036 hdmi (Heiko Stuebner) - ARM: dts: rockchip: fix rk3036 acodec node (Heiko Stuebner) - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (Heiko Stuebner) - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (Heiko Stuebner) - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (Diederik de Haas) - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (Geert Uytterhoeven) [5.4.17-2136.340.1.el8uek] - rds/ib: avoid scq/rcq polling during rds connection shutdown (Arumugam Kolappan) [Orabug: 37092563] - RDMA/mlx5: Send UAR page index as ioctl attribute (Akiva Goldberger) [Orabug: 37029739] - RDMA: Pass entire uverbs attr bundle to create cq function (Akiva Goldberger) [Orabug: 37029739] - IB/uverbs: Enable CQ ioctl commands by default (Yishai Hadas) [Orabug:37029739] _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . The Oracle Linux ELSA-2025-20101 notification presents essential kernel enhancements featuring vital security remedies.. Oracle Linux,kernel update,security advisory,critical issue,memory leak. . Severity: Critical. LinuxSecurity.com Team

Feb 14, 2025 •Critical Oracle