ELSA-2022-9480

ELSA-2022-9480 - Unbreakable Enterprise kernel-container security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2022-06-14

Description


- 5.4.17-2136.308.7.el7
- uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329]

[5.4.17-2136.308.6]
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg)
- arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport)
- x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov)
- net/smc: Fix sock leak when release after smc_shutdown() (Tony Lu)
- dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (Vinod Koul)
- scsi: qla2xxx: Fix warning for missing error code (Nilesh Javali)
- media: Revert 'media: em28xx: add missing em28xx_close_extension' (Pavel Skripkin)
- regulator: qcom_smd: fix for_each_child.cocci warnings (kernel test robot)
- Revert 'Input: clear BTN_RIGHT/MIDDLE on buttonpads' (Jose Exposito)
- f2fs: fix to unlock page correctly in error path of is_alive() (Chao Yu)
- perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34211086] {CVE-2022-1729}
- debug: Lock down kgdb (Stephen Brennan) [Orabug: 34211075] {CVE-2022-21499}
- io_uring: always use original task when preparing req identity (Jens Axboe) [Orabug: 34211070] {CVE-2022-1786}
- ALSA: pcm: Fix races among concurrent prealloc proc writes (Takashi Iwai) [Orabug: 34007905] {CVE-2022-1048}
- ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (Takashi Iwai) [Orabug: 34007905] {CVE-2022-1048}
- ALSA: pcm: Fix races among concurrent read/write and buffer changes (Takashi Iwai) [Orabug: 34007905] {CVE-2022-1048}
- ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (Takashi Iwai) [Orabug: 34007905] {CVE-2022-1048}
- KVM: x86: avoid calling x86 emulator without a decoded instruction (Sean Christopherson) [Orabug: 34205799] {CVE-2022-1852} {CVE-2022-1852}

[5.4.17-2136.308.5]
- vfio/type1: misalignment sanity check broken when mapping dma (Anthony Yznaga) [Orabug: 34124949]
- uek-rpm: configs: enable 9P_FS for x86_64 (Todd Vierling) [Orabug: 34146030]

[5.4.17-2136.308.4]
- bpf: parse BTF with linkage set for functions (Alan Maguire) [Orabug: 34068157]
- selftests/bpf: remove BPF skeleton-based tests that got pulled in via backports (Alan Maguire) [Orabug: 34068157]
- uek-rpm: default for COMMON_CLK_MARVELL_OTX2 should be 'n' (Henry Willard) [Orabug: 34138118]

[5.4.17-2136.308.3]
- xfs: only bother with sync_filesystem during readonly remount (Darrick J. Wong) [Orabug: 34085023]
- vfs: make sync_filesystem return errors from ->sync_fs (Darrick J. Wong) [Orabug: 34085023]
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (Darrick J. Wong) [Orabug: 34085023]
- xfs: prevent UAF in xfs_log_item_in_current_chkpt (Darrick J. Wong) [Orabug: 34085023]
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (Dan Carpenter) [Orabug: 34085023]
- xfs: check sb_meta_uuid for dabuf buffer recovery (Dave Chinner) [Orabug: 34085023]
- xfs: only run COW extent recovery when there are no live extents (Darrick J. Wong) [Orabug: 34085023]
- x86/platform/uv: Log gap hole end size (Mike Travis) [Orabug: 34100339]
- x86/platform/uv: Update TSC sync state for UV5 (Mike Travis) [Orabug: 34100339]
- x86/platform/uv: Update NMI Handler for UV5 (Mike Travis) [Orabug: 34100339]
- perf/x86/intel/uncore: Fix the build on !CONFIG_PHYS_ADDR_T_64BIT (Ingo Molnar) [Orabug: 34100339]
- perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Steve Wahl) [Orabug: 34100339]
- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105318]
- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 34111386]
- xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 34111386]
- staging: mmal-vchiq: Reset buffers_with_vpu on port_enable (Dave Stevenson) [Orabug: 34125311]
- af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Haimin Zhang) [Orabug: 34135343] {CVE-2022-1353}
- clocksource: Avoid accidental unstable marking of clocksources (Waiman Long) [Orabug: 34145210]
- clocksource: Reduce clocksource-skew threshold (Paul E. McKenney) [Orabug: 34145210]
- Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34152863]
- Revert 'rds/ib: reap tx completions during connection shutdown' (Nagappan Ramasamy Palaniappan) [Orabug: 34152863]
- Revert 'rds/ib: handle posted ACK during connection shutdown' (Nagappan Ramasamy Palaniappan) [Orabug: 34152863]

[5.4.17-2136.308.2]
- KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL (James Morse)
- LTS tag: v5.4.188 (Sherry Yang)
- llc: only change llc->dev when bind() succeeds (Eric Dumazet)
- nds32: fix access_ok() checks in get/put_user (Arnd Bergmann)
- tpm: use try_get_ops() in tpm-space.c (James Bottomley)
- mac80211: fix potential double free on mesh join (Linus Lussing)
- rcu: Don't deboost before reporting expedited quiescent state (Paul E. McKenney)
- crypto: qat - disable registration of algorithms (Giovanni Cabiddu)
- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (Werner Sembach)
- ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (Maximilian Luz)
- ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (Mark Cilissen)
- ALSA: hda/realtek: Add quirk for ASUS GA402 (Jason Zheng)
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (huangwenhui)
- ALSA: oss: Fix PCM OSS buffer allocation overflow (Takashi Iwai)
- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (Takashi Iwai)
- drivers: net: xgene: Fix regression in CRC stripping (Stephane Graber)
- ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (Giacomo Guiduzzi)
- ALSA: cmipci: Restore aux vol on suspend/resume (Jonathan Teh)
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (Lars-Peter Clausen)
- ALSA: pcm: Add stream lock during PCM reset ioctl operations (Takashi Iwai)
- llc: fix netdevice reference leaks in llc_ui_bind() (Eric Dumazet)
- thermal: int340x: fix memory leak in int3400_notify() (Chuansheng Liu)
- staging: fbtft: fb_st7789v: reset display before initialization (Oliver Graute)
- tpm: Fix error handling in async work (Tadeusz Struk)
- net: ipv6: fix skb_over_panic in __ip6_append_data (Tadeusz Struk)
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (Jordy Zomer)
- nfsd: Containerise filecache laundrette (Trond Myklebust)
- nfsd: cleanup nfsd_file_lru_dispose() (Trond Myklebust)
- LTS tag: v5.4.187 (Sherry Yang)
- Revert 'selftests/bpf: Add test for bpf_timer overwriting crash' (Greg Kroah-Hartman)
- perf symbols: Fix symbol size calculation condition (Michael Petlan)
- Input: aiptek - properly check endpoint type (Pavel Skripkin)
- usb: usbtmc: Fix bug in pipe direction for control transfers (Alan Stern)
- usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (Alan Stern)
- usb: gadget: rndis: prevent integer overflow in rndis_set_response() (Dan Carpenter)
- arm64: fix clang warning about TRAMP_VALIAS (Arnd Bergmann)
- net: dsa: Add missing of_node_put() in dsa_port_parse_of (Miaoqian Lin)
- net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (Nicolas Dichtel)
- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (Marek Vasut)
- hv_netvsc: Add check for kvmalloc_array (Jiasheng Jiang)
- atm: eni: Add check for dma_map_single (Jiasheng Jiang)
- net/packet: fix slab-out-of-bounds access in packet_recvmsg() (Eric Dumazet)
- net: phy: marvell: Fix invalid comparison in the resume and suspend functions (Kurt Cancemi)
- efi: fix return value of __setup handlers (Randy Dunlap)
- ocfs2: fix crash when initialize filecheck kobj fails (Joseph Qi)
- crypto: qcom-rng - ensure buffer for generate is completely filled (Brian Masney)
- LTS tag: v5.4.186 (Sherry Yang)
- fixup for 'arm64 entry: Add macro for reading symbol address from the trampoline' (James Morse)
- kselftest/vm: fix tests build with old libc (Chengming Zhou)
- sfc: extend the locking on mcdi->seqno (Niels Dossche)
- tcp: make tcp_read_sock() more robust (Eric Dumazet)
- nl80211: Update bss channel on channel switch for P2P_CLIENT (Sreeramya Soratkal)
- drm/vrr: Set VRR capable prop only if it is attached to connector (Manasi Navare)
- iwlwifi: don't advertise TWT support (Golan Ben Ami)
- atm: firestream: check the return value of ioremap() in fs_init() (Jia-Ju Bai)
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (Lad Prabhakar)
- ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (Julian Braha)
- MIPS: smp: fill in sibling and core maps earlier (Alexander Lobakin)
- mac80211: refuse aggregations sessions before authorized (Johannes Berg)
- ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (Corentin Labbe)
- ARM: dts: rockchip: reorder rk322x hmdi clocks (Sascha Hauer)
- arm64: dts: agilex: use the compatible 'intel,socfpga-agilex-hsotg' (Dinh Nguyen)
- arm64: dts: rockchip: reorder rk3399 hdmi clocks (Sascha Hauer)
- arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (Jakob Unterwurzacher)
- xfrm: Fix xfrm migrate issues when address family changes (Yan Yan)
- xfrm: Check if_id in xfrm_migrate (Yan Yan)
- sctp: fix the processing for INIT chunk (Xin Long)
- Revert 'xfrm: state and policy should fail if XFRMA_IF_ID 0' (Kai Lueke)
- LTS tag: v5.4.185 (Sherry Yang)
- ext4: add check to prevent attempting to resize an fs with sparse_super2 (Josh Triplett)
- ARM: fix Thumb2 regression with Spectre BHB (Russell King (Oracle))
- virtio: acknowledge all features before access (Michael S. Tsirkin)
- virtio: unexport virtio_finalize_features (Michael S. Tsirkin)
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (Pali Rohar)
- riscv: Fix auipc+jalr relocation range checks (Emil Renner Berthing)
- mmc: meson: Fix usage of meson_mmc_post_req() (Rong Chen)
- net: macb: Fix lost RX packet wakeup race in NAPI receive (Robert Hancock)
- staging: gdm724x: fix use after free in gdm_lte_rx() (Dan Carpenter)
- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi)
- ARM: Spectre-BHB: provide empty stub for non-config (Randy Dunlap)
- selftests/memfd: clean up mapping in mfd_fail_write (Mike Kravetz)
- selftest/vm: fix map_fixed_noreplace test failure (Aneesh Kumar K.V)
- tracing: Ensure trace buffer is at least 4096 bytes large (Sven Schnelle)
- ipv6: prevent a possible race condition with lifetimes (Niels Dossche)
- Revert 'xen-netback: Check for hotplug-status existence before watching' (Marek Marczykowski-Gorecki)
- Revert 'xen-netback: remove 'hotplug-status' once it has served its purpose' (Marek Marczykowski-Gorecki)
- net-sysfs: add check for netdevice being present to speed_show (suresh kumar)
- selftests/bpf: Add test for bpf_timer overwriting crash (Kumar Kartikeya Dwivedi)
- net: bcmgenet: Don't claim WOL when its not available (Jeremy Linton)
- sctp: fix kernel-infoleak for SCTP sockets (Eric Dumazet)
- net: phy: DP83822: clear MISR2 register to disable interrupts (Clement Leger)
- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (Miaoqian Lin)
- gpio: ts4900: Do not set DAT and OE together (Mark Featherston)
- selftests: pmtu.sh: Kill tcpdump processes launched by subshell. (Guillaume Nault)
- NFC: port100: fix use-after-free in port100_send_complete (Pavel Skripkin)
- net/mlx5: Fix a race on command flush flow (Moshe Shemesh)
- net/mlx5: Fix size field in bufferx_reg struct (Mohammad Kabat)
- ax25: Fix NULL pointer dereference in ax25_kill_by_device (Duoming Zhou)
- net: ethernet: lpc_eth: Handle error for clk_enable (Jiasheng Jiang)
- net: ethernet: ti: cpts: Handle error for clk_enable (Jiasheng Jiang)
- ethernet: Fix error handling in xemaclite_of_probe (Miaoqian Lin)
- ARM: dts: aspeed: Fix AST2600 quad spi group (Joel Stanley)
- drm/sun4i: mixer: Fix P010 and P210 format numbers (Jernej Skrabec)
- qed: return status of qed_iov_get_link (Tom Rix)
- net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (Jia-Ju Bai)
- virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (Xie Yongji)
- arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (Pali Rohar)
- clk: qcom: gdsc: Add support to update GDSC transition delay (Taniya Das)
- LTS tag: v5.4.184 (Sherry Yang)
- Revert 'ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE' (Greg Kroah-Hartman)
- xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (Juergen Gross) {CVE-2022-23042}
- xen/gnttab: fix gnttab_end_foreign_access() without page specified (Juergen Gross) {CVE-2022-23041}
- xen/pvcalls: use alloc/free_pages_exact() (Juergen Gross) {CVE-2022-23041}
- xen/9p: use alloc/free_pages_exact() (Juergen Gross) {CVE-2022-23041}
- xen: remove gnttab_query_foreign_access() (Juergen Gross)
- xen/gntalloc: don't use gnttab_query_foreign_access() (Juergen Gross) {CVE-2022-23039}
- xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (Juergen Gross) {CVE-2022-23038}
- xen/netfront: don't use gnttab_query_foreign_access() for mapped status (Juergen Gross) {CVE-2022-23037}
- xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (Juergen Gross) {CVE-2022-23036}
- xen/grant-table: add gnttab_try_end_foreign_access() (Juergen Gross) {CVE-2022-23036} {CVE-2022-23038}
- xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (Juergen Gross) {CVE-2022-23040}
- ARM: fix build warning in proc-v7-bugs.c (Russell King (Oracle))
- ARM: Do not use NOCROSSREFS directive with ld.lld (Nathan Chancellor)
- ARM: fix co-processor register typo (Russell King (Oracle))
- ARM: fix build error when BPF_SYSCALL is disabled (Emmanuel Gil Peyrot)
- ARM: include unprivileged BPF status in Spectre V2 reporting (Russell King (Oracle))
- ARM: Spectre-BHB workaround (Russell King (Oracle))
- ARM: use LOADADDR() to get load address of sections (Russell King (Oracle))
- ARM: early traps initialisation (Russell King (Oracle))
- ARM: report Spectre v2 status through sysfs (Russell King (Oracle))
- arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (Mark Rutland)
- arm/arm64: Provide a wrapper for SMCCC 1.1 calls (Steven Price)
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (Josh Poimboeuf)
- x86/speculation: Warn about Spectre v2 LFENCE mitigation (Josh Poimboeuf)
- LTS tag: v5.4.183 (Sherry Yang)
- hamradio: fix macro redefine warning (Huang Pei)
- net: dcb: disable softirqs in dcbnl_flush_dev() (Vladimir Oltean)
- Revert 'xfrm: xfrm_state_mtu should return at least 1280 for ipv6' (Jiri Bohac)
- btrfs: add missing run of delayed items after unlink during log replay (Filipe Manana)
- btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (Sidong Yang)
- btrfs: fix lost prealloc extents beyond eof after full fsync (Filipe Manana)
- tracing: Fix return value of __setup handlers (Randy Dunlap)
- tracing/histogram: Fix sorting on old 'cpu' value (Steven Rostedt (Google))
- HID: add mapping for KEY_ALL_APPLICATIONS (William Mahon)
- HID: add mapping for KEY_DICTATE (William Mahon)
- Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (Hans de Goede)
- Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (Hans de Goede)
- nl80211: Handle nla_memdup failures in handle_nan_filter (Jiasheng Jiang)
- net: chelsio: cxgb3: check the return value of pci_find_capability() (Jia-Ju Bai)
- soc: fsl: qe: Check of ioremap return value (Jiasheng Jiang)
- memfd: fix F_SEAL_WRITE after shmem huge page allocated (Hugh Dickins)
- ibmvnic: free reset-work-item when flushing (Sukadev Bhattiprolu)
- igc: igc_write_phy_reg_gpy: drop premature return (Sasha Neftin)
- ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (Randy Dunlap)
- ARM: Fix kgdb breakpoint for Thumb2 (Russell King (Oracle))
- igc: igc_read_phy_reg_gpy: drop premature return (Corinna Vinschen)
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (Brian Norris)
- can: gs_usb: change active_channels's type from atomic_t to u8 (Vincent Mailhol)
- ASoC: cs4265: Fix the duplicated control name (Fabio Estevam)
- firmware: arm_scmi: Remove space in MODULE_ALIAS name (Alyssa Ross)
- efivars: Respect 'block' flag in efivar_entry_set_safe() (Jann Horn)
- ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (Maciej Fijalkowski)
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() (Zheyu Ma)
- net: sxgbe: fix return value of __setup handler (Randy Dunlap)
- iavf: Fix missing check for running netdev (Slawomir Laba)
- net: stmmac: fix return value of __setup handler (Randy Dunlap)
- mac80211: fix forwarded mesh frames AC & queue selection (Nicolas Escande)
- ia64: ensure proper NUMA distance and possible map initialization (Valentin Schneider)
- sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa() (Dietmar Eggemann)
- sched/topology: Make sched_init_numa() use a set for the deduplicating sort (Valentin Schneider)
- xen/netfront: destroy queues before real_num_tx_queues is zeroed (Marek Marczykowski-Gorecki)
- block: Fix fsync always failed if once failed (Ye Bin)
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (D. Wythe)
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (D. Wythe)
- net: dcb: flush lingering app table entries for unregistered devices (Vladimir Oltean)
- batman-adv: Don't expect inter-netns unique iflink indices (Sven Eckelmann)
- batman-adv: Request iflink once in batadv_get_real_netdevice (Sven Eckelmann)
- batman-adv: Request iflink once in batadv-on-batadv check (Sven Eckelmann)
- netfilter: nf_queue: fix possible use-after-free (Florian Westphal)
- netfilter: nf_queue: don't assume sk is full socket (Florian Westphal)
- xfrm: enforce validity of offload input flags (Leon Romanovsky)
- xfrm: fix the if_id check in changelink (Antony Antony)
- netfilter: fix use-after-free in __nf_register_net_hook() (Eric Dumazet)
- xfrm: fix MTU regression (Jiri Bohac)
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (Marek Vasut)
- ALSA: intel_hdmi: Fix reference to PCM buffer address (Zhen Ni)
- ata: pata_hpt37x: fix PCI clock detection (Sergey Shtylyov)
- usb: gadget: clear related members when goto fail (Hangyu Hua)
- usb: gadget: don't release an existing dev->buf (Hangyu Hua)
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (Daniele Palmas)
- i2c: qup: allow COMPILE_TEST (Wolfram Sang)
- i2c: cadence: allow COMPILE_TEST (Wolfram Sang)
- dmaengine: shdma: Fix runtime PM imbalance on error (Yongzhi Liu)
- cifs: fix double free race when mount fails in cifs_get_root() (Ronnie Sahlberg)
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (Jose Exposito)
- ASoC: rt5682: do not block workqueue if card is unbound (Kai Vehmanen)
- ASoC: rt5668: do not block workqueue if card is unbound (Kai Vehmanen)
- i2c: bcm2835: Avoid clock stretching timeouts (Eric Anholt)
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (JaeMan Park)
- mac80211_hwsim: report NOACK frames in tx_status (Benjamin Beichler)
- LTS tag: v5.4.182 (Sherry Yang)
- fget: clarify and improve __fget_files() implementation (Linus Torvalds)
- memblock: use kfree() to release kmalloced memblock regions (Miaohe Lin)
- Revert 'drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR' (Karol Herbst)
- gpio: tegra186: Fix chip_data type confusion (Marc Zyngier)
- tty: n_gsm: fix NULL pointer access due to DLCI release (daniel.starke@siemens.com)
- tty: n_gsm: fix proper link termination after failed open (daniel.starke@siemens.com)
- tty: n_gsm: fix encoding of control signal octet bit DV (daniel.starke@siemens.com)
- xhci: Prevent futile URB re-submissions due to incorrect return value. (Hongyu Xie)
- xhci: re-initialize the HC during resume if HCE was set (Puma Hsu)
- usb: dwc3: gadget: Let the interrupt handler disable bottom halves. (Sebastian Andrzej Siewior)
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (Hans de Goede)
- USB: serial: option: add Telit LE910R1 compositions (Daniele Palmas)
- USB: serial: option: add support for DW5829e (Slark Xiao)
- tracefs: Set the group ownership in apply_options() not parse_options() (Steven Rostedt (Google))
- USB: gadget: validate endpoint index for xilinx udc (Szymon Heidrich)
- usb: gadget: rndis: add spinlock for rndis response list (Daehwan Jung)
- Revert 'USB: serial: ch341: add new Product ID for CH341A' (Dmytro Bagrii)
- ata: pata_hpt37x: disable primary channel on HPT371 (Sergey Shtylyov)
- iio: Fix error handling for PM (Miaoqian Lin)
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (Cosmin Tanislav)
- iio: adc: men_z188_adc: Fix a resource leak in an error handling path (Christophe JAILLET)
- tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google))
- RDMA/ib_srp: Fix a deadlock (Bart Van Assche)
- configfs: fix a race in configfs_{,un}register_subsystem() (ChenXiaoSong)
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (Zhou Qingyang)
- net/mlx5: Fix wrong limitation of metadata match on ecpf (Ariel Levkovich)
- net/mlx5: Fix possible deadlock on rule deletion (Maor Gottlieb)
- netfilter: nf_tables: fix memory leak during stateful obj update (Florian Westphal)
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (Christophe JAILLET)
- net: Force inlining of checksum functions in net/checksum.h (Christophe Leroy)
- net: ll_temac: check the return value of devm_kmalloc() (Xiaoke Wang)
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman)
- drm/edid: Always set RGB444 (Maxime Ripard)
- openvswitch: Fix setting ipv6 fields causing hw csum failure (Paul Blakey)
- gso: do not skip outer ip header in case of ipip and net_failover (Tao Liu)
- tipc: Fix end of loop tests for list_for_each_entry() (Dan Carpenter)
- net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends (Eric Dumazet)
- bpf: Do not try bpf_msg_push_data with len 0 (Felix Maurer)
- perf data: Fix double free in perf_session__delete() (Alexey Bayduraev)
- ping: remove pr_err from ping_lookup (Xin Long)
- lan743x: fix deadlock in lan743x_phy_link_status_change() (Heiner Kallweit)
- optee: use driver internal tee_context for some rpc (Jens Wiklander)
- tee: export teedev_open() and teedev_close_context() (Jens Wiklander)
- x86/fpu: Correct pkru/xstate inconsistency (Brian Geffon)
- USB: zaurus: support another broken Zaurus (Oliver Neukum)
- drm/amdgpu: disable MMHUB PG for Picasso (Evan Quan)
- parisc/unaligned: Fix ldw() and stw() unalignment handlers (Helge Deller)
- parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel (Helge Deller)
- vhost/vsock: don't check owner in vhost_vsock_stop() while releasing (Stefano Garzarella)
- clk: jz4725b: fix mmc0 clock gating (Siarhei Volkau)
- cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (Zhang Qiao)
- LTS tag: v5.4.181 (Sherry Yang)
- kconfig: fix failing to generate auto.conf (Jing Leng)
- net: macb: Align the dma and coherent dma masks (Marc St-Amand)
- net: usb: qmi_wwan: Add support for Dell DW5829e (Slark Xiao)
- tracing: Fix tp_printk option related with tp_printk_stop_on_boot (JaeSang Yoo)
- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (Sascha Hauer)
- ata: libata-core: Disable TRIM on M88V29 (Zoltan Boszormenyi)
- kconfig: let 'shell' return enough output for deep path names (Brenda Streiff)
- arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (Christian Hewitt)
- arm64: dts: meson-g12: add ATF BL32 reserved-memory region (Christian Hewitt)
- arm64: dts: meson-gx: add ATF BL32 reserved-memory region (Christian Hewitt)
- netfilter: conntrack: don't refresh sctp entries in closed state (Florian Westphal)
- irqchip/sifive-plic: Add missing thead,c900-plic match string (Guo Ren)
- ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (Ye Guojin)
- ARM: OMAP2+: hwmod: Add of_node_put() before break (Wan Jiabing)
- KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (Jim Mattson)
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (Miaoqian Lin)
- i2c: brcmstb: fix support for DSL and CM variants (Rafal Milecki)
- copy_process(): Move fd_install() out of sighand->siglock critical section (Waiman Long)
- dmaengine: sh: rcar-dmac: Check for error num after setting mask (Jiasheng Jiang)
- net: sched: limit TC_ACT_REPEAT loops (Eric Dumazet)
- EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (Eliav Farber)
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (James Smart)
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (david regan)
- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (Bryan O'Donoghue)
- NFS: Do not report writeback errors in nfs_getattr() (Trond Myklebust)
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (Trond Myklebust)
- block/wbt: fix negative inflight counter when remove scsi device (Laibin Qiu)
- mtd: rawnand: gpmi: don't leak PM reference in error path (Christian Eggers)
- powerpc/lib/sstep: fix 'ptesync' build error (Anders Roxell)
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (Mark Brown)
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (Mark Brown)
- ALSA: hda: Fix missing codec probe on Shenker Dock 15 (Takashi Iwai)
- ALSA: hda: Fix regression on forced probe mask option (Takashi Iwai)
- libsubcmd: Fix use-after-free for realloc(..., 0) (Kees Cook)
- bonding: fix data-races around agg_select_timer (Eric Dumazet)
- drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit (Eric Dumazet)
- bonding: force carrier update when releasing slave (Zhang Changzhong)
- ping: fix the dif and sdif check in ping_lookup (Xin Long)
- net: ieee802154: ca8210: Fix lifs/sifs periods (Miquel Raynal)
- net: dsa: lan9303: fix reset on probe (Mans Rullgard)
- netfilter: nft_synproxy: unregister hooks on init error path (Pablo Neira Ayuso)
- iwlwifi: pcie: gen2: fix locking when 'HW not ready' (Johannes Berg)
- iwlwifi: pcie: fix locking when 'HW not ready' (Johannes Berg)
- mmc: block: fix read single on recovery logic (Christian Lohle)
- vsock: remove vsock from connected table when connect is interrupted by a signal (Seth Forshee)
- dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending (Tudor Ambarus)
- taskstats: Cleanup the use of task->exit_code (Eric W. Biederman)
- ext4: prevent partial update of the extent blocks (Zhang Yi)
- ext4: check for inconsistent extents between index and leaf block (Zhang Yi)
- ext4: check for out-of-order index extents in ext4_valid_extent_entries() (Zhang Yi)
- drm/radeon: Fix backlight control on iMac 12,1 (Nicholas Bishop)
- iwlwifi: fix use-after-free (Johannes Berg)
- arm64: module/ftrace: intialize PLT at load time (Mark Rutland)
- arm64: module: rework special section handling (Mark Rutland)
- module/ftrace: handle patchable-function-entry (Mark Rutland)
- ftrace: add ftrace_init_nop() (Mark Rutland)
- Revert 'module, async: async_synchronize_full() on module init iff async is used' (Igor Pylypiv)
- drm/amdgpu: fix logic inversion in check (Christian Konig)
- nvme-rdma: fix possible use-after-free in transport error_recovery work (Sagi Grimberg)
- nvme-tcp: fix possible use-after-free in transport error_recovery work (Sagi Grimberg)
- nvme: fix a possible use-after-free in controller reset during load (Sagi Grimberg)
- quota: make dquot_quota_sync return errors from ->sync_fs (Darrick J. Wong)
- vfs: make freeze_super abort when sync_filesystem returns error (Darrick J. Wong)
- ax25: improve the incomplete fix to avoid UAF and NPD bugs (Duoming Zhou)
- selftests/zram: Adapt the situation that /dev/zram0 is being used (Yang Xu)
- selftests/zram01.sh: Fix compression ratio calculation (Yang Xu)
- selftests/zram: Skip max_comp_streams interface on newer kernel (Yang Xu)
- net: ieee802154: at86rf230: Stop leaking skb's (Miquel Raynal)
- selftests: rtc: Increase test timeout so that all tests run (Nicolas F. R. A. Prado)
- platform/x86: ISST: Fix possible circular locking dependency detected (Srinivas Pandruvada)
- btrfs: send: in case of IO error log it (Davis Mosans)
- parisc: Fix sglist access in ccio-dma.c (John David Anglin)
- parisc: Fix data TLB miss in sba_unmap_sg (John David Anglin)
- parisc: Drop __init from map_pages declaration (John David Anglin)
- serial: parisc: GSC: fix build when IOSAPIC is not set (Randy Dunlap)
- Revert 'svm: Add warning message for AVIC IPI invalid target' (Sean Christopherson)
- HID:Add support for UGTABLET WP5540 (Sergio Costas)
- Makefile.extrawarn: Move -Wunaligned-access to W=1 (Nathan Chancellor)
- LTS tag: v5.4.180 (Sherry Yang)
- ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (Rafael J. Wysocki)
- perf: Fix list corruption in perf_cgroup_switch() (Song Liu)
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (James Smart)
- hwmon: (dell-smm) Speed up setting of fan speed (Armin Wolf)
- seccomp: Invalidate seccomp mode to catch death failures (Kees Cook)
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (Johan Hovold)
- USB: serial: cp210x: add NCR Retail IO box id (Johan Hovold)
- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (Stephan Brunner)
- USB: serial: option: add ZTE MF286D modem (Pawel Dembicki)
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (Cameron Williams)
- usb: gadget: f_uac2: Define specific wTerminalType (Pavel Hofman)
- usb: gadget: rndis: check size of RNDIS_MSG_SET command (Greg Kroah-Hartman)
- USB: gadget: validate interface OS descriptor requests (Szymon Heidrich)
- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (Adam Ford)
- usb: dwc3: gadget: Prevent core from processing stale TRBs (Udipto Goswami)
- usb: ulpi: Call of_node_put correctly (Sean Anderson)
- usb: ulpi: Move of_node_put to ulpi_dev_release (Sean Anderson)
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jann Horn)
- eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (Jonas Malaco)
- n_tty: wake up poll(POLLRDNORM) on receiving data (TATSUKAWA KOSUKE
- vt_ioctl: add array_index_nospec to VT_ACTIVATE (Jakob Koschel)
- vt_ioctl: fix array_index_nospec in vt_setactivate (Jakob Koschel)
- net: amd-xgbe: disable interrupts during pci removal (Raju Rangoju)
- tipc: rate limit warning for received illegal binding update (Jon Maloy)
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (Joel Stanley)
- veth: fix races around rq->rx_notify_masked (Eric Dumazet)
- net: fix a memleak when uncloning an skb dst and its metadata (Antoine Tenart)
- net: do not keep the dst cache when uncloning an skb dst and its metadata (Antoine Tenart)
- nfp: flower: fix ida_idx not being released (Louis Peens)


Related CVEs


CVE-2021-4197
CVE-2022-1048
CVE-2022-1353
CVE-2022-23036
CVE-2022-23040
CVE-2022-23041
CVE-2022-23037
CVE-2022-23038
CVE-2022-23039
CVE-2022-23042

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) kernel-uek-container-5.4.17-2136.308.7.el7.src.rpma5f38fc45352472656d2b40c776088fd-
kernel-uek-container-5.4.17-2136.308.7.el7.x86_64.rpm84c4d424e24de5d59160f120b66334a2-
kernel-uek-container-debug-5.4.17-2136.308.7.el7.x86_64.rpm1023c928053affae376e8c6fd45c0da7-
Oracle Linux 8 (x86_64) kernel-uek-container-5.4.17-2136.308.7.el8.src.rpm08f863edb2f354de9929ad53e5c215b3-
kernel-uek-container-5.4.17-2136.308.7.el8.x86_64.rpme675132aeca864d23ea9d855f8c9c5c0-
kernel-uek-container-debug-5.4.17-2136.308.7.el8.x86_64.rpm6a954ea0fae898b2f1a2ae52a787700e-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete