ELSA-2021-9488 - Unbreakable Enterprise kernel-container security update
Type: | SECURITY |
Severity: | IMPORTANT |
Release Date: | 2021-10-14 |
Description
[4.14.35-2047.508.3.el7]
- fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950}
- block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33392821]
- net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug: 33352735]
[4.14.35-2047.508.2]
- KVM: x86: Check kvm_rebooting in kvm_spurious_fault() (Sean Christopherson) [Orabug: 33360245]
- Revert uek-rpm: mark /etc/ld.so.conf.d/ files as %config (aloktiw) [Orabug: 33359680]
- net/mlx5: Rate limit errors in command interface (Leon Romanovsky) [Orabug: 33305503]
- Bluetooth: defer cleanup of resources in hci_unregister_dev() (Tetsuo Handa) [Orabug: 33292634] {CVE-2021-3573}
- Bluetooth: use correct lock to prevent UAF of hdev object (Lin Ma) [Orabug: 33292634]
- Bluetooth: fix the erroneous flush_work() order (Lin Ma) [Orabug: 33292634] {CVE-2021-3564}
- IB/core: Read subnet_prefix in ib_query_port via cache. (Anand Khoje) [Orabug: 33134287]
- IB/core: Removed port validity check from ib_get_cached_subnet_prefix (Anand Khoje) [Orabug: 33134287]
- uek-rpm: Add dm-cache-smq.ko module (John Donnelly) [Orabug: 29198153]
[4.14.35-2047.508.1]
- RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33324346]
- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Phillip Potter) [Orabug: 33329032]
- ip: Manual backport of pskb_inet_may_pull() (Hakon Bugge) [Orabug: 33329032]
- Revert Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Hakon Bugge) [Orabug: 33329032]
- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Tso) [Orabug: 33327179] {CVE-2021-40490}
- uek-rpm: add CONFIG_PVPANIC_PCI to aarch64 (Mihai Carabas) [Orabug: 33155642]
- misc/pvpanic: fix set driver data (Mihai Carabas) [Orabug: 33155642]
- misc/pvpanic-pci: Allow automatic loading (Eric Auger) [Orabug: 33155642]
- misc/pvpanic: Remove some dead-code (Christophe JAILLET) [Orabug: 33155642]
- misc/pvpanic: Make pvpanic_probe() resource managed (Christophe JAILLET) [Orabug: 33155642]
- misc/pvpanic-mmio: Use GFP_KERNEL instead of GFP_ATOMIC (Christophe JAILLET) [Orabug: 33155642]
- misc/pvpanic-mmio: Fix error handling in pvpanic_mmio_probe() (Christophe JAILLET) [Orabug: 33155642]
- misc/pvpanic-pci: Use GFP_KERNEL instead of GFP_ATOMIC (Christophe JAILLET) [Orabug: 33155642]
- misc/pvpanic-pci: Fix error handling in pvpanic_pci_probe() (Christophe JAILLET) [Orabug: 33155642]
- misc/pvpanic: Make some symbols static (YueHaibing) [Orabug: 33155642]
- misc/pvpanic: fix return value check in pvpanic_pci_probe() (Qiheng Lin) [Orabug: 33155642]
- misc/pvpanic: add PCI driver (Mihai Carabas) [Orabug: 33155642]
- misc/pvpanic: probe multiple instances (Mihai Carabas) [Orabug: 33155642]
- misc/pvpanic: split-up generic and platform dependent code (Mihai Carabas) [Orabug: 33155642]
- misc/pvpanic: Export module FDT device table (Shile Zhang) [Orabug: 33155642]
- misc: pvpanic: sysfs_emit uses should have a newline (Joe Perches) [Orabug: 33155642]
- misc: pvpanic: introduce events device attribue (zhenwei pi) [Orabug: 33155642]
- misc: pvpanic: introduce device capability (zhenwei pi) [Orabug: 33155642]
- misc: pvpanic: Check devm_ioport_map() for NULL (Andy Shevchenko) [Orabug: 33155642]
- misc: pvpanic: Replace OF headers by mod_devicetable.h (Andy Shevchenko) [Orabug: 33155642]
- misc: pvpanic: Combine ACPI and platform drivers (Andy Shevchenko) [Orabug: 33155642]
- misc: pvpanic: Use devm_platform_ioremap_resource() (Wang ShaoBo) [Orabug: 33155642]
- driver core: platform: Introduce platform_get_mem_or_io() (Andy Shevchenko) [Orabug: 33155642]
- misc: pvpanic: move bit definition to uapi header file (zhenwei pi) [Orabug: 33155642]
- misc: pvpanic: fix warning implicit declaration (Anders Roxell) [Orabug: 33155642]
- misc/pvpanic: resolve compile errors for arch=um (Peng Hao) [Orabug: 33155642]
- misc/pvpanic: fix a NULL vs IS_ERR() check (Dan Carpenter) [Orabug: 33155642]
- misc/pvpanic: remove a redundant comma (Peng Hao) [Orabug: 33155642]
- misc/pvpanic: convert to SPDX license tags (Peng Hao) [Orabug: 33155642]
- misc/pvpanic: change header file sort style (Peng Hao) [Orabug: 33155642]
- misc/pvpanic: remove unnecessary header file (Peng Hao) [Orabug: 33155642]
- misc/pvpanic : break dependency on ACPI (Peng Hao) [Orabug: 33155642]
- misc/pvpanic : grouping ACPI related stuff (Peng Hao) [Orabug: 33155642]
- misc/pvpanic: add support to get pvpanic device info FDT (Peng Hao) [Orabug: 33155642]
- dt-bindings: misc/pvpanic: add document for pvpanic-mmio (Peng Hao) [Orabug: 33155642]
- misc/pvpanic: add MMIO support (Peng Hao) [Orabug: 33155642]
- misc/pvpanic: simplify the code using acpi_dev_resource_io (Peng Hao) [Orabug: 33155642]
- pvpanic: move pvpanic to misc as common driver (Peng Hao) [Orabug: 33155642]
- fuse: fix bad inode (Miklos Szeredi) [Orabug: 32769032] {CVE-2020-36322}
- Linux 4.14.243 (Greg Kroah-Hartman)
- spi: mediatek: Fix fifo transfer (Guenter Roeck)
- Revert watchdog: iTCO_wdt: Account for rebooting on second timeout (Greg Kroah-Hartman)
- KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() (Sean Christopherson)
- KVM: do not assume PTE is writable after follow_pfn (Paolo Bonzini)
- Revert Bluetooth: Shutdown controller after workqueues are flushed or cancelled (Greg Kroah-Hartman)
- net: Fix zero-copy head len calculation. (Pravin B Shelar)
- qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() (Jia He)
- r8152: Fix potential PM refcount imbalance (Takashi Iwai)
- regulator: rt5033: Fix n_voltages settings for BUCK and LDO (Axel Lin)
- btrfs: mark compressed range uptodate only if all bio succeed (Goldwyn Rodrigues)
- Linux 4.14.242 (Greg Kroah-Hartman)
- Revert perf map: Fix dso->nsinfo refcounting (Arnaldo Carvalho de Melo)
- can: hi311x: fix a signedness bug in hi3110_cmd() (Dan Carpenter)
- sis900: Fix missing pci_disable_device() in probe and remove (Wang Hai)
- tulip: windbond-840: Fix missing pci_disable_device() in probe and remove (Wang Hai)
- sctp: fix return value check in __sctp_rcv_asconf_lookup (Marcelo Ricardo Leitner)
- net/mlx5: Fix flow table chaining (Maor Gottlieb)
- net: llc: fix skb_over_panic (Pavel Skripkin)
- mlx4: Fix missing error code in mlx4_load_one() (Jiapeng Chong)
- tipc: fix sleeping in tipc accept routine (Hoang Le)
- netfilter: nft_nat: allow to specify layer 4 protocol NAT only (Pablo Neira Ayuso)
- netfilter: conntrack: adjust stop timestamp to real expiry value (Florian Westphal)
- cfg80211: Fix possible memory leak in function cfg80211_bss_update (Nguyen Dinh Phi)
- x86/asm: Ensure asm/proto.h can be included stand-alone (Jan Kiszka)
- nfc: nfcsim: fix use after free during module unload (Krzysztof Kozlowski)
- NIU: fix incorrect error return, missed in previous revert (Paul Jakma)
- can: esd_usb2: fix memory leak (Pavel Skripkin)
- can: ems_usb: fix memory leak (Pavel Skripkin)
- can: usb_8dev: fix memory leak (Pavel Skripkin)
- can: mcba_usb_start(): add missing urb->transfer_dma initialization (Pavel Skripkin)
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (Ziyang Xuan)
- x86/kvm: fix vcpu-id indexed array sizes (Juergen Gross)
- gro: ensure frag0 meets IP header alignment (Eric Dumazet)
- virtio_net: Do not pull payload in skb->head (Eric Dumazet)
- ARM: dts: versatile: Fix up interrupt controller node names (Sudeep Holla)
- hfs: add lock nesting notation to hfs_find_init (Desmond Cheong Zhi Xi)
- hfs: fix high memory mapping in hfs_bnode_read (Desmond Cheong Zhi Xi)
- hfs: add missing clean-up in hfs_fill_super (Desmond Cheong Zhi Xi)
- sctp: move 198 addresses from unusable to private scope (Xin Long)
- net: annotate data race around sk_ll_usec (Eric Dumazet)
- net/802/garp: fix memleak in garp_request_join() (Yang Yingliang)
- net/802/mrp: fix memleak in mrp_request_join() (Yang Yingliang)
- workqueue: fix UAF in pwq_unbound_release_workfn() (Yang Yingliang)
- af_unix: fix garbage collect vs MSG_PEEK (Miklos Szeredi)
- net: split out functions related to registering inflight socket files (Jens Axboe)
- KVM: x86: determine if an exception has an error code only when injecting it. (Maxim Levitsky)
- selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c (Greg Kroah-Hartman)
[4.14.35-2047.508.0]
- Linux 4.14.241 (Greg Kroah-Hartman)
- xhci: add xhci_get_virt_ep() helper (Mathias Nyman)
- spi: spi-fsl-dspi: Fix a resource leak in an error handling path (Christophe JAILLET)
- btrfs: compression: dont try to compress if we dont have enough pages (David Sterba)
- iio: accel: bma180: Fix BMA25x bandwidth register values (Stephan Gerhold)
- iio: accel: bma180: Use explicit member assignment (Linus Walleij)
- net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear (Doug Berger)
- drm: Return -ENOTTY for non-drm ioctls (Charles Baylis)
- selftest: use mmap instead of posix_memalign to allocate memory (Peter Collingbourne)
- ixgbe: Fix packet corruption due to missing DMA sync (Markus Boehme)
- media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (Gustavo A. R. Silva)
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (Haoran Luo) [Orabug: 33198436] {CVE-2021-3679}
- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. (Minas Harutyunyan)
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (John Keeping)
- USB: serial: cp210x: fix comments for GE CS1000 (Ian Ray)
- USB: serial: option: add support for u-blox LARA-R6 family (Marco De Marco)
- usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (Yoshihiro Shimoda)
- usb: max-3421: Prevent corruption of freed memory (Mark Tomlinson)
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (Julian Sikorski)
- usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (Mathias Nyman)
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (Nicholas Piggin)
- xhci: Fix lost USB 2 remote wake (Mathias Nyman)
- ALSA: sb: Fix potential ABBA deadlock in CSP driver (Takashi Iwai)
- s390/ftrace: fix ftrace_update_ftrace_func implementation (Vasily Gorbik)
- Revert MIPS: add PMD table accounting into MIPSpmd_alloc_one (Huang Pei)
- proc: Avoid mixing integer types in mem_rw() (Marcelo Henrique Cerri)
- Revert USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (Vincent Palatin)
- spi: cadence: Correct initialisation of runtime PM again (Marek Vasut)
- scsi: target: Fix protect handling in WRITE SAME(32) (Dmitry Bogdanov)
- scsi: iscsi: Fix iface sysfs attr detection (Mike Christie)
- netrom: Decrease sock refcount when sock timers expire (Nguyen Dinh Phi)
- net: decnet: Fix sleeping inside in af_decnet (Yajun Deng)
- net: fix uninit-value in caif_seqpkt_sendmsg (Ziyang Xuan)
- s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1] (Colin Ian King)
- liquidio: Fix unintentional sign extension issue on left shift of u16 (Colin Ian King)
- spi: mediatek: fix fifo rx mode (Peter Hess)
- perf probe-file: Delete namelist in del_events() on the error path (Riccardo Mancini)
- perf test bpf: Free obj_buf (Riccardo Mancini)
- perf lzma: Close lzma stream on exit (Riccardo Mancini)
- perf probe: Fix dso->nsinfo refcounting (Riccardo Mancini)
- perf map: Fix dso->nsinfo refcounting (Riccardo Mancini)
- igb: Check if num of q_vectors is smaller than max before array access (Aleksandr Loktionov)
- iavf: Fix an error handling path in iavf_probe() (Christophe JAILLET)
- e1000e: Fix an error handling path in e1000_probe() (Christophe JAILLET)
- fm10k: Fix an error handling path in fm10k_probe() (Christophe JAILLET)
- igb: Fix an error handling path in igb_probe() (Christophe JAILLET)
- ixgbe: Fix an error handling path in ixgbe_probe() (Christophe JAILLET)
- igb: Fix use-after-free error during reset (Vinicius Costa Gomes)
- ipv6: tcp: drop silly ICMPv6 packet too big messages (Eric Dumazet)
- tcp: annotate data races around tp->mtu_info (Eric Dumazet)
- dma-buf/sync_file: Dont leak fences on merge failure (Jason Ekstrand)
- net: validate lwtstate->data before returning from skb_tunnel_info() (Taehee Yoo)
- net: send SYNACK packet with accepted fwmark (Alexander Ovechkin)
- net: ti: fix UAF in tlan_remove_one (Pavel Skripkin)
- net: qcom/emac: fix UAF in emac_remove (Pavel Skripkin)
- net: moxa: fix UAF in moxart_mac_probe (Pavel Skripkin)
- net: bcmgenet: Ensure all TX/RX queues DMAs are disabled (Florian Fainelli)
- net: bridge: sync fdb to new unicast-filtering ports (Wolfgang Bumiller)
- netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo (Vasily Averin)
- net: ipv6: fix return value of ip6_skb_dst_mtu (Vadim Fedorenko)
- sched/fair: Fix CFS bandwidth hrtimer expiry type (Odin Ugedal)
- scsi: libfc: Fix array index out of bound exception (Javed Hasan)
- scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (Colin Ian King)
- rtc: max77686: Do not enforce (incorrect) interrupt trigger type (Krzysztof Kozlowski)
- kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set (Matthias Maennich)
- thermal/core: Correct function name thermal_zone_device_unregister() (Yang Yingliang)
- arm64: dts: ls208xa: remove bus-num from dspi node (Mian Yousaf Kaukab)
- arm64: dts: juno: Update SCPI nodes as per the YAML schema (Sudeep Holla)
- ARM: dts: stm32: fix RCC node name on stm32f429 MCU (Alexandre Torgue)
- ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info (Jonathan Neuschafer)
- ARM: dts: imx6: phyFLEX: Fix UART hardware flow control (Primoz Fiser)
- ARM: dts: BCM63xx: Fix NAND nodes names (Rafal Milecki)
- ARM: NSP: dts: fix NAND nodes names (Rafal Milecki)
- ARM: Cygnus: dts: fix NAND nodes names (Rafal Milecki)
- ARM: brcmstb: dts: fix NAND nodes names (Rafal Milecki)
- reset: ti-syscon: fix to_ti_syscon_reset_data macro (Philipp Zabel)
- arm64: dts: rockchip: Fix power-controller node names for rk3328 (Elaine Zhang)
- ARM: dts: rockchip: Fix power-controller node names for rk3288 (Elaine Zhang)
- ARM: dts: rockchip: Fix the timer clocks order (Ezequiel Garcia)
- arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi (Johan Jonker)
- ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 (Johan Jonker)
- ARM: dts: gemini: add device_type on pci (Corentin Labbe)
- Linux 4.14.240 (Greg Kroah-Hartman)
- net: bridge: multicast: fix PIM hello router port marking race (Nikolay Aleksandrov)
- MIPS: vdso: Invalid GIC access through VDSO (Martin Facknitz)
- mips: disable branch profiling in boot/decompress.o (Randy Dunlap)
- mips: always link byteswap helpers into decompressor (Arnd Bergmann)
- scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (Christophe JAILLET)
- ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (Aswath Govindraju)
- memory: fsl_ifc: fix leak of private memory on probe failure (Krzysztof Kozlowski)
- memory: fsl_ifc: fix leak of IO mapping on probe failure (Krzysztof Kozlowski)
- reset: bail if try_module_get() fails (Philipp Zabel)
- ARM: dts: BCM5301X: Fixup SPI binding (Rafal Milecki)
- ARM: dts: r8a7779, marzen: Fix DU clock names (Geert Uytterhoeven)
- rtc: fix snprintf() checking in is_rtc_hctosys() (Dan Carpenter)
- memory: atmel-ebi: add missing of_node_put for loop iteration (Krzysztof Kozlowski)
- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (Krzysztof Kozlowski)
- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (Krzysztof Kozlowski)
- reset: a10sr: add missing of_match_table reference (Krzysztof Kozlowski)
- hexagon: use common DISCARDS macro (Nathan Chancellor)
- NFSv4/pNFS: Dont call _nfs4_pnfs_v3_ds_connect multiple times (Trond Myklebust)
- ALSA: isa: Fix error return code in snd_cmi8330_probe() (Zhen Lei)
- x86/fpu: Limit xstate copy size in xstateregs_set() (Thomas Gleixner)
- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (Zhihao Cheng)
- nfs: fix acl memory leak of posix_acl_create() (Gao Xiang)
- watchdog: aspeed: fix hardware timeout calculation (Tao Ren)
- um: fix error return code in winch_tramp() (Zhen Lei)
- um: fix error return code in slip_open() (Zhen Lei)
- power: supply: rt5033_battery: Fix device tree enumeration (Stephan Gerhold)
- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (Krzysztof Wilczynski)
- f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs (Chao Yu)
- virtio_console: Assure used length from device is limited (Xie Yongji) [Orabug: 33209273] {CVE-2021-38160}
- virtio_net: Fix error handling in virtnet_restore() (Xie Yongji)
- virtio-blk: Fix memory leak among suspend/resume procedure (Xie Yongji)
- ACPI: video: Add quirk for the Dell Vostro 3350 (Hans de Goede)
- ACPI: AMBA: Fix resource name in /proc/iomem (Liguang Zhang)
- pwm: tegra: Dont modify HW state in .remove callback (Uwe Kleine-Konig)
- power: supply: ab8500: add missing MODULE_DEVICE_TABLE (Zou Wei)
- power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (Zou Wei)
- NFS: nfs_find_open_context() may only select open files (Trond Myklebust)
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (Jeff Layton)
- orangefs: fix orangefs df output. (Mike Marshall)
- x86/fpu: Return proper error codes from user access functions (Thomas Gleixner)
- watchdog: iTCO_wdt: Account for rebooting on second timeout (Jan Kiszka)
- watchdog: Fix possible use-after-free by calling del_timer_sync() (Zou Wei)
- watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (Zou Wei)
- watchdog: Fix possible use-after-free in wdt_startup() (Zou Wei)
- ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1 (Nick Desaulniers)
- power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (Bixuan Cui)
- power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (Krzysztof Kozlowski)
- power: supply: ab8500: Avoid NULL pointers (Linus Walleij)
- pwm: spear: Dont modify HW state in .remove callback (Uwe Kleine-Konig)
- lib/decompress_unlz4.c: correctly handle zero-padding around initrds. (Dimitri John Ledkov)
- i2c: core: Disable client irq on reboot/shutdown (Dmitry Torokhov)
- intel_th: Wait until port is in reset before programming it (Alexander Shishkin)
- staging: rtl8723bs: fix macro value for 2.4Ghz only device (Fabio Aiuto)
- ALSA: hda: Add IRQ check for platform_get_irq() (Jiajun Cao)
- backlight: lm3630a: Fix return code of .update_status() callback (Uwe Kleine-Konig)
- powerpc/boot: Fixup device-tree on little endian (Benjamin Herrenschmidt)
- usb: gadget: hid: fix error return code in hid_bind() (Yang Yingliang)
- usb: gadget: f_hid: fix endianness issue with descriptors (Ruslan Bilovol)
- ALSA: bebob: add support for ToneWeal FW66 (Takashi Sakamoto)
- ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (Zhen Lei)
- selftests/powerpc: Fix no_handler EBB selftest (Athira Rajeev)
- ALSA: ppc: fix error return code in snd_pmac_probe() (Yang Yingliang)
- gpio: zynq: Check return value of pm_runtime_get_sync (Srinivas Neeli)
- powerpc/ps3: Add dma_mask to ps3_dma_region (Geoff Levand)
- ALSA: sb: Fix potential double-free of CSP mixer elements (Takashi Iwai)
- s390/sclp_vt220: fix console name to match device (Valentin Vidic)
- mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (Zou Wei)
- scsi: qedi: Fix null ref during abort handling (Mike Christie)
- scsi: iscsi: Fix shost->max_id use (Mike Christie)
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (Mike Christie)
- fs/jfs: Fix missing error code in lmLogInit() (Jiapeng Chong)
- tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (Christophe JAILLET)
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (John Garry)
- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (James Smart)
- scsi: lpfc: Fix Unexpected timeout error in direct attach topology (James Smart)
- w1: ds2438: fixing bug that would always get page0 (Luiz Sampaio)
- Revert ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (Takashi Sakamoto)
- misc/libmasm/module: Fix two use after free in ibmasm_init_one (Lv Yunlong)
- tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (Sherry Sun)
- PCI: aardvark: Fix kernel panic during PIO transfer (Pali Rohar)
- PCI: aardvark: Dont rely on jiffies while holding spinlock (Remi Pommarel)
- tracing: Do not reference char * as a string in histograms (Steven Rostedt (VMware))
- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (Tyrel Datwyler)
- KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() (Lai Jiangshan)
- KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled (Sean Christopherson)
- smackfs: restrict bytes count in smk_set_cipso() (Tetsuo Handa)
- jfs: fix GPF in diFree (Pavel Skripkin)
- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (Benjamin Drung)
- media: gspca/sunplus: fix zero-length control requests (Johan Hovold)
- media: gspca/sq905: fix control-request direction (Johan Hovold)
- media: zr364xx: fix memory leak in zr364xx_start_readpipe (Pavel Skripkin)
- media: dtv5100: fix control-request directions (Johan Hovold)
- dm btree remove: assign new_root only when removal succeeds (Hou Tao)
- ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe (Lv Yunlong)
- tracing: Simplify & fix saved_tgids logic (Paul Burton)
- seq_buf: Fix overflow in seq_buf_putmem_hex() (Yun Zhou)
- power: supply: ab8500: Fix an old bug (Linus Walleij)
- ipmi/watchdog: Stop watchdog timer when the current action is none (Petr Pavlu)
- qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (Nathan Chancellor)
- ASoC: tegra: Set driver_name=tegra for all machine drivers (Dmitry Osipenko)
- cpu/hotplug: Cure the cpusets trainwreck (Thomas Gleixner)
- ata: ahci_sunxi: Disable DIPM (Timo Sigurdsson)
- mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (Christian Lohle)
- mmc: core: clear flags before allowing to retune (Wolfram Sang)
- mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (Al Cooper)
- pinctrl/amd: Add device HID for new AMD GPIO controller (Maximilian Luz)
- drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (Jing Xiangfeng)
- usb: gadget: f_fs: Fix setting of device and driver data cross-references (Andrew Gabbasov)
- powerpc/barrier: Avoid collision with clangs __lwsync macro (Nathan Chancellor)
- mac80211: fix memory corruption in EAPOL handling (Davis Mosenkovs)
- fuse: reject internal errno (Miklos Szeredi)
- bdi: Do not use freezable workqueue (Mika Westerberg)
- fscrypt: dont ignore minor_hash when hash is 0 (Eric Biggers)
- sctp: add size validation when walking chunks (Marcelo Ricardo Leitner)
- sctp: validate from_addr_param return (Marcelo Ricardo Leitner) [Orabug: 33198408] {CVE-2021-3655}
- Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. (Tim Jiang)
- Bluetooth: Shutdown controller after workqueues are flushed or cancelled (Kai-Heng Feng)
- Bluetooth: Fix the HCI to MGMT status conversion table (Yu Liu)
- wireless: wext-spy: Fix out-of-bounds warning (Gustavo A. R. Silva)
- sfc: error code if SRIOV cannot be disabled (inigo Huguet)
- sfc: avoid double pci_remove of VFs (inigo Huguet)
- iwlwifi: mvm: dont change band on bound PHY contexts (Johannes Berg)
- RDMA/rxe: Dont overwrite errno from ib_umem_get() (Xiao Yang)
- vsock: notify server to shutdown when client has pending signal (Longpeng(Mike))
- atm: nicstar: register the interrupt handler in the right place (Zheyu Ma)
- atm: nicstar: use dma_free_coherent instead of kfree (Zheyu Ma)
- MIPS: add PMD table accounting into MIPSpmd_alloc_one (Huang Pei)
- cw1200: add missing MODULE_DEVICE_TABLE (Zou Wei)
- wl1251: Fix possible buffer overflow in wl1251_cmd_scan (Lee Gibson)
- wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (Tony Lindgren)
- xfrm: Fix error reporting in xfrm_state_construct. (Steffen Klassert)
- selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC (Minchan Kim)
- fjes: check return value after calling platform_get_resource() (Yang Yingliang)
- net: micrel: check return value after calling platform_get_resource() (Yang Yingliang)
- net: bcmgenet: check return value after calling platform_get_resource() (Yang Yingliang)
- virtio_net: Remove BUG() to avoid machine dead (Xianting Tian)
- dm space maps: dont reset space map allocation cursor when committing (Joe Thornber)
- RDMA/cxgb4: Fix missing error code in create_qp() (Jiapeng Chong)
- ipv6: use prandom_u32() for ID generation (Willy Tarreau)
- clk: tegra: Ensure that PLLU configuration is applied properly (Dmitry Osipenko)
- clk: renesas: r8a77995: Add ZA2 clock (Kuninori Morimoto)
- e100: handle eeprom as little endian (Jesse Brandeburg)
- udf: Fix NULL pointer dereference in udf_symlink function (Arturo Giusti)
- drm/virtio: Fix double free on probe failure (Xie Yongji)
- reiserfs: add check for invalid 1st journal block (Pavel Skripkin)
- net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT (Sebastian Andrzej Siewior)
- atm: nicstar: Fix possible use-after-free in nicstar_cleanup() (Zou Wei)
- mISDN: fix possible use-after-free in HFC_cleanup() (Zou Wei)
- atm: iphase: fix possible use-after-free in ia_module_exit() (Zou Wei)
- hugetlb: clear huge pte during flush function on mips platform (Bibo Mao)
- net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() (Andy Shevchenko)
- drm/amd/amdgpu/sriov disable all ip hw status by default (Jack Zhang)
- drm/zte: Dont select DRM_KMS_FB_HELPER (Thomas Zimmermann)
- drm/mxsfb: Dont select DRM_KMS_FB_HELPER (Thomas Zimmermann)
- mmc: vub3000: fix control-request direction (Johan Hovold)
- selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random (Dave Hansen)
- mm/huge_memory.c: dont discard hugepage if other processes are mapping it (Miaohe Lin)
- leds: ktd2692: Fix an error handling path (Christophe JAILLET)
- leds: as3645a: Fix error return code in as3645a_parse_node() (Zhen Lei)
- configfs: fix memleak in configfs_release_bin_file (Chung-Chiang Cheng)
- extcon: max8997: Add missing modalias string (Marek Szyprowski)
- extcon: sm5502: Drop invalid register write in sm5502_reg_data (Stephan Gerhold)
- phy: ti: dm816x: Fix the error handling path in dm816x_usb_phy_probe() (Christophe JAILLET)
- scsi: mpt3sas: Fix error return value in _scsih_expander_add() (Zhen Lei)
- of: Fix truncation of memory sizes on 32-bit platforms (Geert Uytterhoeven)
- ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (Richard Fitzgerald)
- staging: gdm724x: check for overflow in gdm_lte_netif_rx() (Dan Carpenter)
- staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (Dan Carpenter)
- iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() (Andy Shevchenko)
- s390: appldata depends on PROC_SYSCTL (Randy Dunlap)
- scsi: FlashPoint: Rename si_flags field (Randy Dunlap)
- tty: nozomi: Fix the error handling path of nozomi_card_init() (Christophe JAILLET)
- char: pcmcia: error out if num_bytes_read is greater than 4 in set_protocol() (Yu Kuai)
- Input: hil_kbd - fix error return code in hil_dev_connect() (Zhen Lei)
- ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (Yang Yingliang)
- iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (Jonathan Cameron)
- iio: adis_buffer: do not return ints in irq handlers (Nuno Sa)
- mwifiex: re-fix for unaligned accesses (Arnd Bergmann)
- tty: nozomi: Fix a resource leak in an error handling function (Christophe JAILLET)
- net: sched: fix warning in tcindex_alloc_perfect_hash (Pavel Skripkin)
- writeback: fix obtain a reference to a freeing memcg css (Muchun Song)
- Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (Luiz Augusto von Dentz)
- Revert ibmvnic: remove duplicate napi_schedule call in open function (Dany Madden)
- i40e: Fix error handling in i40e_vsi_open (Dinghao Liu)
- net: bcmgenet: Fix attaching to PYH failed on RPi 4B (Jian-Hong Pan)
- vxlan: add missing rcu_read_lock() in neigh_reduce() (Eric Dumazet)
- pkt_sched: sch_qfq: fix qfq_change_class() error path (Eric Dumazet)
- net: ethernet: ezchip: fix error handling (Pavel Skripkin)
- net: ethernet: ezchip: fix UAF in nps_enet_remove (Pavel Skripkin)
- net: ethernet: aeroflex: fix UAF in greth_of_remove (Pavel Skripkin)
- samples/bpf: Fix the error return code of xdp_redirects main() (Wang Hai)
- netfilter: nft_exthdr: check for IPv6 packet before further processing (Pablo Neira Ayuso)
- netlabel: Fix memory leak in netlbl_mgmt_add_common (Liu Shixin)
- ath10k: Fix an error code in ath10k_add_interface() (Yang Li)
- brcmsmac: mac80211_if: Fix a resource leak in an error handling path (Christophe JAILLET)
- wireless: carl9170: fix LEDS build errors & warnings (Randy Dunlap)
- drm: qxl: ensure surf.data is ininitialized (Colin Ian King)
- RDMA/rxe: Fix failure during driver load (Kamal Heib)
- ehea: fix error return code in ehea_restart_qps() (Zhen Lei)
- drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (Yang Yingliang)
- net: pch_gbe: Propagate error from devm_gpio_request_one() (Andy Shevchenko)
- ocfs2: fix snprintf() checking (Dan Carpenter)
- ACPI: sysfs: Fix a buffer overrun problem with description_show() (Krzysztof Wilczynski)
- crypto: nx - Fix RCU warning in nx842_OF_upd_status (Herbert Xu)
- spi: spi-sun6i: Fix chipselect/clock bug (Mirko Vogt)
- btrfs: clear log tree recovering status if starting transaction fails (David Sterba)
- hwmon: (max31790) Fix fan speed reporting for fan7..12 (Guenter Roeck)
- hwmon: (max31722) Remove non-standard ACPI device IDs (Guenter Roeck)
- media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (Dillon Min)
- mmc: usdhi6rol0: fix error return code in usdhi6_probe() (Zhen Lei)
- media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (Gustavo A. R. Silva)
- media: tc358743: Fix error return code in tc358743_probe_of() (Zhen Lei)
- media: exynos4-is: Fix a use after free in isp_video_release (Lv Yunlong)
- pata_ep93xx: fix deferred probing (Sergey Shtylyov)
- crypto: ccp - Fix a resource leak in an error handling path (Christophe JAILLET)
- pata_octeon_cf: avoid WARN_ON() in ata_host_activate() (Sergey Shtylyov)
- media: I2C: change RST to RSET to fix multiple build errors (Randy Dunlap)
- pata_rb532_cf: fix deferred probing (Sergey Shtylyov)
- sata_highbank: fix deferred probing (Sergey Shtylyov)
- crypto: ux500 - Fix error return code in hash_hw_final() (Zhen Lei)
- crypto: ixp4xx - dma_unmap the correct address (Corentin Labbe)
- media: s5p_cec: decrement usage count if disabled (Mauro Carvalho Chehab)
- ia64: mca_drv: fix incorrect array size calculation (Arnd Bergmann)
- HID: wacom: Correct base usage for capacitive ExpressKey status bits (Jason Gerecke)
- ACPI: tables: Add custom DSDT file as makefile prerequisite (Richard Fitzgerald)
- platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (Jiapeng Chong)
- ACPI: bus: Call kobject_put() in acpi_init() error path (Hanjun Guo)
- ACPICA: Fix memory leak caused by _CID repair function (Erik Kaneda)
- fs: dlm: fix memory leak when fenced (Alexander Aring)
- random32: Fix implicit truncation warning in prandom_seed_state() (Richard Fitzgerald)
- fs: dlm: cancel work sync othercon (Alexander Aring)
- block_dump: remove block_dump feature in mark_inode_dirty() (zhangyi (F))
- ACPI: EC: Make more Asus laptops use ECDT _GPE (Chris Chiu)
- lib: vsprintf: Fix handling of number field widths in vsscanf (Richard Fitzgerald)
- hv_utils: Fix passing zero to PTR_ERR warning (YueHaibing)
- ACPI: processor idle: Fix up C-state latency if not ordered (Mario Limonciello)
- HID: do not use down_interruptible() when unbinding devices (Dmitry Torokhov)
- regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (Axel Lin)
- btrfs: disable build on platforms having page size 256K (Christophe Leroy)
- btrfs: abort transaction if we fail to update the delayed inode (Josef Bacik)
- btrfs: fix error handling in __btrfs_update_delayed_inode (Josef Bacik)
- media: siano: fix device register error path (Mauro Carvalho Chehab)
- media: dvb_net: avoid speculation from net slot (Mauro Carvalho Chehab)
- crypto: shash - avoid comparing pointers to exported functions under CFI (Ard Biesheuvel)
- mmc: via-sdmmc: add a check against NULL pointer dereference (Zheyu Ma)
- media: dvd_usb: memory leak in cinergyt2_fe_attach (Dongliang Mu)
- media: st-hva: Fix potential NULL pointer dereferences (Evgeny Novikov)
- media: bt8xx: Fix a missing check bug in bt878_probe (Zheyu Ma)
- media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (Lv Yunlong)
- media: em28xx: Fix possible memory leak of em28xx struct (Igor Matheus Andrade Torrente)
- crypto: qat - remove unused macro in FW loader (Jack Xu)
- crypto: qat - check return code of qat_hal_rd_rel_reg() (Jack Xu)
- media: pvrusb2: fix warning in pvr2_i2c_core_done (Anirudh Rayabharam)
- media: cobalt: fix race condition in setting HPD (Hans Verkuil)
- media: cpia2: fix memory leak in cpia2_usb_probe (Pavel Skripkin)
- crypto: nx - add missing MODULE_DEVICE_TABLE (Bixuan Cui)
- spi: omap-100k: Fix the length judgment problem (Tian Tao)
- spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (Jay Fang)
- spi: spi-loopback-test: Fix tx_buf might be rx_buf (Jay Fang)
- spi: Make of_register_spi_device also set the fwnode (Charles Keepax)
- fuse: check connected before queueing on fpq->io (Miklos Szeredi)
- seq_buf: Make trace_seq_putmem_hex() support data longer than 8 (Yun Zhou)
- rsi: Assign beacon rate settings to the correct rate_info descriptor field (Marek Vasut)
- ssb: sdio: Dont overwrite const buffer if block_write fails (Michael Buesch)
- ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (Pali Rohar)
- serial_cs: remove wrong GLOBETROTTER.cis entry (Ondrej Zary)
- serial_cs: Add Option International GSM-Ready 56K/ISDN modem (Ondrej Zary)
- serial: sh-sci: Stop dmaengine transfer in sci_stop_tx() (Yoshihiro Shimoda)
- iio: ltr501: ltr501_read_ps(): add missing endianness conversion (Oliver Lang)
- iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (Oliver Lang)
- iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (Marc Kleine-Budde)
- rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (Martin Fuzzey)
- s390/cio: dont call css_wait_for_slow_path() inside a lock (Vineeth Vijayan)
- SUNRPC: Should wake up the privileged task firstly. (Zhang Xiaoxu)
- SUNRPC: Fix the batch tasks count wraparound. (Zhang Xiaoxu)
- can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (Stephane Grosjean)
- can: gw: synchronize rcu operations before removing gw job entry (Oliver Hartkopp)
- ext4: fix avefreec in find_group_orlov (Pan Dong)
- ext4: remove check for zero nr_to_scan in ext4_es_scan() (Zhang Yi)
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (Zhang Yi)
- ext4: fix kernel infoleak via ext4_extent_header (Anirudh Rayabharam)
- ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (Zhang Yi)
- btrfs: clear defrag status of a root if starting transaction fails (David Sterba)
- btrfs: send: fix invalid path for unlink operations after parent orphanization (Filipe Manana)
- ARM: dts: at91: sama5d4: fix pinctrl muxing (Ludovic Desroches)
- iov_iter_fault_in_readable() should do nothing in xarray case (Al Viro)
- ntfs: fix validity check for file name attribute (Desmond Cheong Zhi Xi)
- USB: cdc-acm: blacklist Heimann USB Appset device (Hannu Hartikainen)
- usb: gadget: eem: fix echo command packet response issue (Linyu Yuan)
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (Pavel Skripkin)
- Input: usbtouchscreen - fix control-request directions (Johan Hovold)
- media: dvb-usb: fix wrong definition (Pavel Skripkin)
- ALSA: usb-audio: fix rate on Ozone Z90 USB headset (Daehwan Jung)
- arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Dave Kleikamp) [Orabug: 33309109]
- Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Somasundaram Krishnasamy) [Orabug: 33307212]
Related CVEs
Updated Packages
Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
Oracle Linux 7 (x86_64) | kernel-uek-container-4.14.35-2047.508.3.el7.src.rpm | 45d55c7e28d31fb0e84882571eba8ed6 | - |
| kernel-uek-container-4.14.35-2047.508.3.el7.x86_64.rpm | 6035f29bb083c825055c4cfd4d38c1a6 | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team