ELSA-2022-7683

ELSA-2022-7683 - kernel security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2022-11-15

Description


[4.18.0-425.3.1.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]

[4.18.0-425.3.1]
- iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2129297]
- sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2119638]
- sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2119638]
- netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst (Florian Westphal) [2047366]
- netfilter: conntrack: remove unneeded indent level (Florian Westphal) [2047366]
- netfilter: conntrack: ignore overly delayed tcp packets (Florian Westphal) [2047366]
- netfilter: conntrack: prepare tcp_in_window for ternary return value (Florian Westphal) [2047366]
- netfilter: conntrack: remove pr_debug callsites from tcp tracker (Florian Westphal) [2047366]
- netfilter: conntrack: work around exceeded receive window (Florian Westphal) [2047366]
- netfilter: conntrack: improve RST handling when tuple is re-used (Florian Westphal) [2047366]
- netfilter: conntrack: avoid misleading invalid in log message (Florian Westphal) [2047366]
- netfilter: remove BUG_ON() after skb_header_pointer() (Florian Westphal) [2047366]
- iavf: Detach device during reset task (Petr Oros) [2069206]

[4.18.0-425.2.1]
- EDAC/ghes: Set the DIMM label unconditionally (Aristeu Rozanski) [2109712]
- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2123508]

[4.18.0-425.1.1]
- i40e: Fix kernel crash during module removal (Ivan Vecera) [2091489]
- redhat: enable zstream release numbering for rhel 8.7 (Jarod Wilson)
- ice: Allow operation with reduced device MSI-X (Petr Oros) [2102844]

[4.18.0-425]
- EDAC/amd64: Add new register offset support and related changes (Aristeu Rozanski) [2048792]
- EDAC/amd64: Set memory type per DIMM (Aristeu Rozanski) [2048792]
- Revert ixgbevf: Mailbox improvements (Ken Cox) [2120545]
- Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120545]
- drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2118755]

[4.18.0-424]
- redhat: configs: add CONFIG_SERIAL_MULTI_INSTANTIATE=m for x86_64 (Jaroslav Kysela) [2005073]
- ACPI: scan: Add CLSA0101 Laptop Support (Jaroslav Kysela) [2005073]
- platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (Jaroslav Kysela) [2005073]
- platform/x86: serial-multi-instantiate: Sort ACPI IDs by HID (Jaroslav Kysela) [2005073]
- platform/x86: serial-multi-instantiate: Get rid of redundant else (Jaroslav Kysela) [2005073]
- platform/x86: serial-multi-instantiate: Use while (i--) pattern to clean up (Jaroslav Kysela) [2005073]
- platform/x86: serial-multi-instantiate: Improve dev_err_probe() messaging (Jaroslav Kysela) [2005073]
- platform/x86: serial-multi-instantiate: Drop duplicate check (Jaroslav Kysela) [2005073]
- platform/x86: serial-multi-instantiate: Improve autodetection (Jaroslav Kysela) [2005073]
- ACPI / scan: Create platform device for CS35L41 (Jaroslav Kysela) [2005073]
- ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (Jaroslav Kysela) [2005073]
- platform/x86: serial-multi-instantiate: Add SPI support (Jaroslav Kysela) [2005073]
- platform/x86: serial-multi-instantiate: Reorganize I2C functions (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Use the new i2c_acpi_client_count() helper (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Use device_get_match_data() to get driver data (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Simplify with dev_err_probe() (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Drop redundant ACPI_PTR() (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Replace zero-length array with flexible-array member (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Derive the device name from parent (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Use struct_size() helper (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Allow to have same slaves (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Introduce IOAPIC IRQ support (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Distinguish IRQ resource type (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Count I2cSerialBus() resources (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Get rid of obsolete conditional (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Defer probe when no adapter found (Jaroslav Kysela) [2005073]
- platform/x86: i2c-multi-instantiate: Accept errors of i2c_acpi_new_device() (Jaroslav Kysela) [2005073]
- serdev: Fix detection of UART devices on Apple machines. (Jaroslav Kysela) [2005073]
- serdev: Add ACPI devices by ResourceSource field (Jaroslav Kysela) [2005073]
- spi: Return deferred probe error when controller isnt yet available (Jaroslav Kysela) [2005073]
- spi/acpi: avoid spurious matches during slave enumeration (Jaroslav Kysela) [2005073]
- spi: Add API to count spi acpi resources (Jaroslav Kysela) [2005073]
- spi: Support selection of the index of the ACPI Spi Resource before alloc (Jaroslav Kysela) [2005073]
- ACPI: Test for ACPI_SUCCESS rather than !ACPI_FAILURE (Jaroslav Kysela) [2005073]
- spi/acpi: fix incorrect ACPI parent check (Jaroslav Kysela) [2005073]
- spi: Create helper API to lookup ACPI info for spi device (Jaroslav Kysela) [2005073]
- spi/acpi: enumerate all SPI slaves in the namespace (Jaroslav Kysela) [2005073]
- spi: kill useless initializer in spi_register_controller() (Jaroslav Kysela) [2005073]
- spi: fix ctrl->num_chipselect constraint (Jaroslav Kysela) [2005073]
- spi: Dont call spi_get_gpio_descs() before device name is set (Jaroslav Kysela) [2005073]
- spi: Avoid undefined behaviour when counting unused native CSs (Jaroslav Kysela) [2005073]
- spi: Allow to have all native CSs in use along with GPIOs (Jaroslav Kysela) [2005073]
- spi: Add missing error handling for CS GPIOs (Jaroslav Kysela) [2005073]
- spi: export tracepoint symbols to modules (Jaroslav Kysela) [2005073]
- spi: Fix zero length xfer bug (Jaroslav Kysela) [2005073]
- spi: Add generic support for unused native cs with cs-gpios (Jaroslav Kysela) [2005073]
- spi: Reduce kthread priority (Jaroslav Kysela) [2005073]
- spi: core: Use DEVICE_ATTR_RW() for SPI slave control sysfs attribute (Jaroslav Kysela) [2005073]
- i2c: acpi: Add an i2c_acpi_client_count() helper function (Jaroslav Kysela) [2005073]
- s390/qeth: cache link_info for ethtool (Michal Schmidt) [2117098]
- nfp: amend removal of MODULE_VERSION (Stefan Assmann) [1955769]
- x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115080] {CVE-2022-26373}
- x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115080] {CVE-2022-26373}
- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]
- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]
- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Waiman Long) [2115080]
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115080]
- x86/amd: Use IBPB for firmware calls (Waiman Long) [2115080]
- x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115080]
- iavf: Fix reset error handling (Petr Oros) [2119759]
- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2119759]
- iavf: Fix adminq error handling (Petr Oros) [2119759]
- iavf: Fix missing state logs (Petr Oros) [2119759]
- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [1978613]

[4.18.0-423]
- netfilter: ipset: fix suspicious RCU usage in find_set_and_id (Florian Westphal) [2118526]
- net/mlx5e: Update netdev features after changing XDP state (Amir Tzin) [2049440]
- net/mlx5e: CT: Use own workqueue instead of mlx5e priv (Amir Tzin) [2049440]
- net/mlx5e: CT: Add ct driver counters (Amir Tzin) [2049440]
- net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules (Amir Tzin) [2049440]
- net/mlx5e: Align mlx5e_cleanup_uplink_rep_tx() with upstream code. (Amir Tzin) [2049440]
- net/mlx5e: Correct the calculation of max channels for rep (Amir Tzin) [2049440]
- Documentation: devlink: mlx5.rst: Fix htmldoc build warning (Amir Tzin) [2049440]
- net/mlx5: fs, fail conflicting actions (Amir Tzin) [2049440]
- net/mlx5: Rearm the FW tracer after each tracer event (Amir Tzin) [2049440]
- net/mlx5: correct ECE offset in query qp output (Amir Tzin) [2049440]
- net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (Amir Tzin) [2049440]
- net/mlx5e: TC NIC mode, fix tc chains miss table (Amir Tzin) [2049440]
- net/mlx5: Dont use already freed action pointer (Amir Tzin) [2049440]
- net/mlx5: fix typo in comment (Amir Tzin) [2049440]
- IB/mlx5: Fix undefined behavior due to shift overflowing the constant (Amir Tzin) [2049440]
- net/mlx5e: Force ethertype usage in mlx5_ct_fs_smfs_fill_mask() (Amir Tzin) [2049440]
- net/mlx5: Drain fw_reset when removing device (Amir Tzin) [2049440]
- net/mlx5e: CT: Fix setting flow_source for smfs ct tuples (Amir Tzin) [2049440]
- net/mlx5e: CT: Fix support for GRE tuples (Amir Tzin) [2049440]
- net/mlx5e: Remove HW-GRO from reported features (Amir Tzin) [2049440]
- net/mlx5e: Properly block HW GRO when XDP is enabled (Amir Tzin) [2049440]
- net/mlx5e: Properly block LRO when XDP is enabled (Amir Tzin) [2049440]
- net/mlx5e: Block rx-gro-hw feature in switchdev mode (Amir Tzin) [2049440]
- net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock (Amir Tzin) [2049440]
- net/mlx5: Initialize flow steering during driver probe (Amir Tzin) [2049440]
- net/mlx5: Fix matching on inner TTC (Amir Tzin) [2049440]
- net/mlx5: Avoid double clear or set of sync reset requested (Amir Tzin) [2049440]
- net/mlx5: Fix deadlock in sync reset flow (Amir Tzin) [2049440]
- net/mlx5e: Fix trust state reset in reload (Amir Tzin) [2049440]
- net/mlx5e: Avoid checking offload capability in post_parse action (Amir Tzin) [2049440]
- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Amir Tzin) [2049440]
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Amir Tzin) [2049440]
- net/mlx5e: Lag, Dont skip fib events on current dst (Amir Tzin) [2049440]
- net/mlx5e: Lag, Fix fib_info pointer assignment (Amir Tzin) [2049440]
- net/mlx5e: Lag, Fix use-after-free in fib event handler (Amir Tzin) [2049440]
- net/mlx5e: Fix the calling of update_buffer_lossy() API (Amir Tzin) [2049440]
- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Amir Tzin) [2049440]
- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Amir Tzin) [2049440]
- RDMA/mlx5: Add a missing update of cache->last_add (Amir Tzin) [2049440]
- RDMA/mlx5: Dont remove cache MRs when a delay is needed (Amir Tzin) [2049440]
- net/mlx5e: HTB, remove unused function declaration (Amir Tzin) [2049440]
- net/mlx5e: Statify function mlx5_cmd_trigger_completions (Amir Tzin) [2049440]
- net/mlx5: Remove unused fill page array API function (Amir Tzin) [2049440]
- net/mlx5: Remove unused exported contiguous coherent buffer allocation API (Amir Tzin) [2049440]
- net/mlx5: CT: Remove extra rhashtable remove on tuple entries (Amir Tzin) [2049440]
- net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory (Amir Tzin) [2049440]
- net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce memory (Amir Tzin) [2049440]
- net/mlx5: DR, Remove num_of_entries byte_size from struct mlx5_dr_icm_chunk (Amir Tzin) [2049440]
- net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce memory (Amir Tzin) [2049440]
- net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk (Amir Tzin) [2049440]
- net/mlx5: DR, Adjust structure member to reduce memory hole (Amir Tzin) [2049440]
- net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear (Amir Tzin) [2049440]
- net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle (Amir Tzin) [2049440]
- net/mlx5e: RX, Test the XDP program existence out of the handler (Amir Tzin) [2049440]
- net/mlx5e: Build SKB in place over the first fragment in non-linear legacy RQ (Amir Tzin) [2049440]
- net/mlx5e: Add headroom only to the first fragment in legacy RQ (Amir Tzin) [2049440]
- net/mlx5e: Validate MTU when building non-linear legacy RQ fragments info (Amir Tzin) [2049440]
- net/mlx5e: MPLSoUDP encap, support action vlan pop_eth explicitly (Amir Tzin) [2049440]
- net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit (Amir Tzin) [2049440]
- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (Amir Tzin) [2049440]
- net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats (Amir Tzin) [2049440]
- net/mlx5e: Remove overzealous validations in netlink EEPROM query (Amir Tzin) [2049440]
- net/mlx5: Parse module mapping using mlx5_ifc (Amir Tzin) [2049440]
- net/mlx5: Query the maximum MCIA register read size from firmware (Amir Tzin) [2049440]
- net/mlx5: CT: Create smfs dr matchers dynamically (Amir Tzin) [2049440]
- net/mlx5: CT: Add software steering ct flow steering provider (Amir Tzin) [2049440]
- net/mlx5: Add smfs lib to export direct steering API to CT (Amir Tzin) [2049440]
- net/mlx5: DR, Add helper to get backing dr table from a mlx5 flow table (Amir Tzin) [2049440]
- net/mlx5: CT: Introduce a platform for multiple flow steering providers (Amir Tzin) [2049440]
- net/mlx5: Node-aware allocation for the doorbell pgdir (Amir Tzin) [2049440]
- net/mlx5: Node-aware allocation for UAR (Amir Tzin) [2049440]
- net/mlx5: Node-aware allocation for the EQs (Amir Tzin) [2049440]
- net/mlx5: Node-aware allocation for the EQ table (Amir Tzin) [2049440]
- net/mlx5: Node-aware allocation for the IRQ table (Amir Tzin) [2049440]
- net/mlx5: Delete useless module.h include (Amir Tzin) [2049440]
- net/mlx5: DR, Add support for ConnectX-7 steering (Amir Tzin) [2049440]
- net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 (Amir Tzin) [2049440]
- net/mlx5: DR, Rename action modify fields to reflect naming in HW spec (Amir Tzin) [2049440]
- net/mlx5: DR, Fix handling of different actions on the same STE in STEv1 (Amir Tzin) [2049440]
- net/mlx5: DR, Remove unneeded comments (Amir Tzin) [2049440]
- net/mlx5: DR, Add support for matching on Internet Header Length (IHL) (Amir Tzin) [2049440]
- net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior (Amir Tzin) [2049440]
- net/mlx5: Add debugfs counters for page commands failures (Amir Tzin) [2049440]
- net/mlx5: Add pages debugfs (Amir Tzin) [2049440]
- net/mlx5: Move debugfs entries to separate struct (Amir Tzin) [2049440]
- net/mlx5: Change release_all_pages cap bit location (Amir Tzin) [2049440]
- net/mlx5: Remove redundant error on reclaim pages (Amir Tzin) [2049440]
- net/mlx5: Remove redundant error on give pages (Amir Tzin) [2049440]
- net/mlx5: Remove redundant notify fail on give pages (Amir Tzin) [2049440]
- net/mlx5: Add command failures data to debugfs (Amir Tzin) [2049440]
- net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act() (Amir Tzin) [2049440]
- net/mlx5: Support GRE conntrack offload (Amir Tzin) [2049440]
- mlx5: add support for page_pool_get_stats (Amir Tzin) [2049440]
- net/mlx5: Add migration commands definitions (Amir Tzin) [2049440]
- net/mlx5: Introduce migration bits and structures (Amir Tzin) [2049440]
- net/mlx5: Expose APIs to get/put the mlx5 core device (Amir Tzin) [2049440]
- net/mlx5: Disable SRIOV before PF removal (Amir Tzin) [2049440]
- net/mlx5: Reuse exported virtfn index function call (Amir Tzin) [2049440]
- net/mlx5: Add clarification on sync reset failure (Amir Tzin) [2049440]
- net/mlx5: Add reset_state field to MFRL register (Amir Tzin) [2049440]
- RDMA/mlx5: Use new command interface API (Amir Tzin) [2049440]
- net/mlx5: cmdif, Refactor error handling and reporting of async commands (Amir Tzin) [2049440]
- net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} (Amir Tzin) [2049440]
- net/mlx5: cmdif, Add new api for command execution (Amir Tzin) [2049440]
- net/mlx5: cmdif, cmd_check refactoring (Amir Tzin) [2049440]
- net/mlx5: cmdif, Return value improvements (Amir Tzin) [2049440]
- net/mlx5: Lag, offload active-backup drops to hardware (Amir Tzin) [2049440]
- net/mlx5: Lag, record inactive state of bond device (Amir Tzin) [2049440]
- net/mlx5: Lag, dont use magic numbers for ports (Amir Tzin) [2049440]
- net/mlx5: Lag, use local variable already defined to access E-Switch (Amir Tzin) [2049440]
- net/mlx5: E-switch, add drop rule support to ingress ACL (Amir Tzin) [2049440]
- net/mlx5: E-switch, remove special uplink ingress ACL handling (Amir Tzin) [2049440 2049580]
- net/mlx5: E-Switch, reserve and use same uplink metadata across ports (Amir Tzin) [2049440 2049580]
- net/mlx5: Add ability to insert to specific flow group (Amir Tzin) [2049440]
- mlx5: remove unused static inlines (Amir Tzin) [2049440]
- RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled() (Amir Tzin) [2049440]
- RDMA/mlx5: Store ndescs instead of the translation table size (Amir Tzin) [2049440]
- RDMA/mlx5: Merge similar flows of allocating MR from the cache (Amir Tzin) [2049440]
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (Amir Tzin) [2049440]
- RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent (Amir Tzin) [2049440]
- net/mlx5e: TC, Allow sample action with CT (Amir Tzin) [2049440 2049659]
- net/mlx5e: TC, Make post_act parse CT and sample actions (Amir Tzin) [2049440 2049659]
- net/mlx5e: TC, Clean redundant counter flag from tc action parsers (Amir Tzin) [2049440 2049659]
- net/mlx5e: Use multi table support for CT and sample actions (Amir Tzin) [2049440 2049659]
- net/mlx5e: Create new flow attr for multi table actions (Amir Tzin) [2049440 2049659]
- net/mlx5e: Add post act offload/unoffload API (Amir Tzin) [2049440 2049659]
- net/mlx5e: Pass actions param to actions_match_supported() (Amir Tzin) [2049440 2049659]
- net/mlx5e: TC, Move flow hashtable to be per rep (Amir Tzin) [2049440]
- net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev mode (Amir Tzin) [2049440]
- net/mlx5e: E-Switch, Add PTP counters for uplink representor (Amir Tzin) [2049440]
- net/mlx5e: RX, Restrict bulk size for small Striding RQs (Amir Tzin) [2049440]
- net/mlx5e: Default to Striding RQ when not conflicting with CQE compression (Amir Tzin) [2049440]
- net/mlx5e: Generalize packet merge error message (Amir Tzin) [2049440]
- net/mlx5e: Add support for using xdp->data_meta (Amir Tzin) [2049440]
- net/mlx5e: Fix spelling mistake supoported -> supported (Amir Tzin) [2049440]
- net/mlx5e: Optimize the common case condition in mlx5e_select_queue (Amir Tzin) [2049440]
- net/mlx5e: Optimize modulo in mlx5e_select_queue (Amir Tzin) [2049440]
- net/mlx5e: Optimize mlx5e_select_queue (Amir Tzin) [2049440]
- net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state (Amir Tzin) [2049440]
- net/mlx5e: Move repeating code that gets TC prio into a function (Amir Tzin) [2049440]
- net/mlx5e: Use select queue parameters to sync with control flow (Amir Tzin) [2049440]
- net/mlx5e: Move mlx5e_select_queue to en/selq.c (Amir Tzin) [2049440]
- net/mlx5e: Introduce select queue parameters (Amir Tzin) [2049440]
- net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues (Amir Tzin) [2049440]
- net/mlx5e: Use a barrier after updating txq2sq (Amir Tzin) [2049440]
- net/mlx5e: Disable TX queues before registering the netdev (Amir Tzin) [2049440]
- net/mlx5e: Cleanup of start/stop all queues (Amir Tzin) [2049440]
- net/mlx5e: Use FW limitation for max MPW WQEBBs (Amir Tzin) [2049440]
- net/mlx5e: Read max WQEBBs on the SQ from firmware (Amir Tzin) [2049440]
- net/mlx5e: Remove unused tstamp SQ field (Amir Tzin) [2049440]
- RDMA/mlx5: Delete useless module.h include (Amir Tzin) [2049440]
- RDMA/mlx5: Delete get_num_static_uars function (Amir Tzin) [2049440]
- net/mlx5: VLAN push on RX, pop on TX (Amir Tzin) [2049440 2049616]
- net/mlx5: Introduce software defined steering capabilities (Amir Tzin) [2049440 2049616]
- net/mlx5: Remove unused TIR modify bitmask enums (Amir Tzin) [2049440]
- net/mlx5e: CT, Remove redundant flow args from tc ct calls (Amir Tzin) [2049440 2049659]
- net/mlx5e: TC, Store mapped tunnel id on flow attr (Amir Tzin) [2049440 2049659]
- net/mlx5e: Test CT and SAMPLE on flow attr (Amir Tzin) [2049440 2049580 2049659]
- net/mlx5e: Refactor eswitch attr flags to just attr flags (Amir Tzin) [2049440 2049580 2049659]
- net/mlx5e: CT, Dont set flow flag CT for ct clear flow (Amir Tzin) [2049440 2049659]
- net/mlx5e: TC, Hold sample_attr on stack instead of pointer (Amir Tzin) [2049440 2049580 2049659]
- net/mlx5e: TC, Reject rules with multiple CT actions (Amir Tzin) [2049440 2049659]
- net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Amir Tzin) [2049440 2049659]
- net/mlx5e: TC, Pass attr to tc_act can_offload() (Amir Tzin) [2049440 2049659]
- net/mlx5e: TC, Split pedit offloads verify from alloc_tc_pedit_action() (Amir Tzin) [2049440 2049659]
- net/mlx5e: TC, Move pedit_headers_action to parse_attr (Amir Tzin) [2049440 2049659]
- net/mlx5e: Move counter creation call to alloc_flow_attr_counter() (Amir Tzin) [2049440 2049659]
- net/mlx5e: Pass attr arg for attaching/detaching encaps (Amir Tzin) [2049440 2049659]
- net/mlx5e: Move code chunk setting encap dests into its own function (Amir Tzin) [2049440 2049659]
- net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2116328] {CVE-2022-2588}
- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Florian Westphal) [2116356] {CVE-2022-2586}
- netfilter: nf_tables: do not allow SET_ID to refer to another table (Florian Westphal) [2116356] {CVE-2022-2586}
- netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) [2116159] {CVE-2022-36946}
- net: let flow have same hash in two directions (Ivan Vecera) [2111094]
- ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Ivan Vecera) [2111094]
- net: Add notifications when multipath hash field change (Ivan Vecera) [2111094]
- selftests: forwarding: Add test for custom multipath hash with IPv6 GRE (Ivan Vecera) [2111094]
- selftests: forwarding: Add test for custom multipath hash with IPv4 GRE (Ivan Vecera) [2111094]
- selftests: forwarding: Add test for custom multipath hash (Ivan Vecera) [2111094]
- ipv6: Add custom multipath hash policy (Ivan Vecera) [2111094]
- ipv6: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]
- ipv6: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]
- ipv6: Use a more suitable label name (Ivan Vecera) [2111094]
- ipv4: Add custom multipath hash policy (Ivan Vecera) [2111094]
- ipv4: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]
- ipv4: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]
- ipv6: Use math to point per net sysctls into the appropriate struct net (Ivan Vecera) [2111094]
- selftest/net/forwarding: declare NETIFS p9 p10 (Ivan Vecera) [2111094]
- ipv6: Fix sysctl max for fib_multipath_hash_policy (Ivan Vecera) [2111094]
- selftests: forwarding: Test multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]
- ipv6: Support multipath hashing on inner IP pkts (Ivan Vecera) [2111094]
- ipv4: Multipath hashing on inner L3 needs to consider inner IPv6 pkts (Ivan Vecera) [2111094]
- ipv4: Support multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]
- ipv4: Initialize flowi4_multipath_hash in data path (Ivan Vecera) [2111094]
- net: ipv4: Fix NULL pointer dereference in route lookup (Ivan Vecera) [2111094]
- route: Add multipath_hash in flowi_common to make user-define hash (Ivan Vecera) [2111094]

[4.18.0-422]
- drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2097647]
- rpm: convert gcc and libelf to Recommends (Jarod Wilson) [2114900]
- redhat: add ca7 to redhat/git/files (Jarod Wilson)


Related CVEs


CVE-2022-23960
CVE-2020-36516
CVE-2022-1016
CVE-2022-1048
CVE-2022-28390
CVE-2021-3640
CVE-2021-30002
CVE-2022-1184
CVE-2022-26373
CVE-2022-0168
CVE-2022-0854
CVE-2022-27950
CVE-2022-2639
CVE-2022-2938
CVE-2022-29581
CVE-2020-36558
CVE-2022-2586
CVE-2022-2078
CVE-2022-0617
CVE-2022-24448
CVE-2022-1055
CVE-2022-21499
CVE-2022-1852
CVE-2022-36946
CVE-2022-28893
CVE-2022-20368

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) kernel-4.18.0-425.3.1.el8.src.rpm5e8b01fc59738ed5c37eea8f1ffd7277-
bpftool-4.18.0-425.3.1.el8.aarch64.rpm61530c047c37380f3cd20ff60e00363f-
kernel-cross-headers-4.18.0-425.3.1.el8.aarch64.rpme1835d525fa4041fa34793f571b78fa5-
kernel-headers-4.18.0-425.3.1.el8.aarch64.rpm8b0e70926735beec672c68ef451f9950-
kernel-tools-4.18.0-425.3.1.el8.aarch64.rpm609c509b42228d93dc1185a050ab77cd-
kernel-tools-libs-4.18.0-425.3.1.el8.aarch64.rpm6fedde3e24cb8293ce8ff7b03304be63-
kernel-tools-libs-devel-4.18.0-425.3.1.el8.aarch64.rpmf51a7d0ff2537bac3f2d3f322128247b-
perf-4.18.0-425.3.1.el8.aarch64.rpm06adb1905c79e8bb1f013755cd70ed2f-
python3-perf-4.18.0-425.3.1.el8.aarch64.rpm2db403cb2d079fb7861bf97d6ad9b726-
Oracle Linux 8 (x86_64) kernel-4.18.0-425.3.1.el8.src.rpm5e8b01fc59738ed5c37eea8f1ffd7277-
bpftool-4.18.0-425.3.1.el8.x86_64.rpme447442f3adf1a4fc0c531d0b4bfcffe-
kernel-4.18.0-425.3.1.el8.x86_64.rpm89858cc63849db903c64365e51214f1f-
kernel-abi-stablelists-4.18.0-425.3.1.el8.noarch.rpm5f6a23e0ea8924213d5d8ea5c0057d44-
kernel-core-4.18.0-425.3.1.el8.x86_64.rpm5610a00db13d6626ac9c4430b17408ef-
kernel-cross-headers-4.18.0-425.3.1.el8.x86_64.rpmef35eb374a40fb4269cb0cf71d385e78-
kernel-debug-4.18.0-425.3.1.el8.x86_64.rpm56cf6e22161064f19454890e9b26166f-
kernel-debug-core-4.18.0-425.3.1.el8.x86_64.rpm88961499014ada6473aa0451f16c21b8-
kernel-debug-devel-4.18.0-425.3.1.el8.x86_64.rpm18ffc67bf20b4ef451585b8a9bda0847-
kernel-debug-modules-4.18.0-425.3.1.el8.x86_64.rpm7d257527c581bac909f184d3523cbfff-
kernel-debug-modules-extra-4.18.0-425.3.1.el8.x86_64.rpm630943fa76a0a5c54bad7c05ffb68368-
kernel-devel-4.18.0-425.3.1.el8.x86_64.rpm41d62f820bc4563e8cc648f996b9b3db-
kernel-doc-4.18.0-425.3.1.el8.noarch.rpmf0535c4efb25c6a73cd34da7846a8b21-
kernel-headers-4.18.0-425.3.1.el8.x86_64.rpmd78bf64e582b18c3832398a4c71b8da5-
kernel-modules-4.18.0-425.3.1.el8.x86_64.rpmd0ae3149b383bfec2cc05fad6a1d78cf-
kernel-modules-extra-4.18.0-425.3.1.el8.x86_64.rpmf32208cc63533088c6db15ce3ce20ce5-
kernel-tools-4.18.0-425.3.1.el8.x86_64.rpmec31b50a7ef06df95315026c8e5fc1e1-
kernel-tools-libs-4.18.0-425.3.1.el8.x86_64.rpm4ff41ee3a3b6f75287e9837532de3e88-
kernel-tools-libs-devel-4.18.0-425.3.1.el8.x86_64.rpm9b5da95743633b056e673099d2e96ad5-
perf-4.18.0-425.3.1.el8.x86_64.rpm12566e524cd231a50b70dbc2261c5b44-
python3-perf-4.18.0-425.3.1.el8.x86_64.rpm1ab26ced323b1909fc9408cf0f3f9530-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete