ELSA-2022-9534 - Unbreakable Enterprise kernel-container security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2022-06-30 |
Description
[5.15.0-0.30.19]
- net/mlx4: Increase num_srq in low_mem_profile (Dave Kleikamp) [Orabug: 34052160]
[5.15.0-0.30.18]
- Revert ocfs2: mount shared volume without ha stack (Junxiao Bi) [Orabug: 33701900]
- KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}
- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}
- x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}
- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}
- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}
- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}
- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}
- x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}
- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}
- Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}
[5.15.0-0.30.17]
- uek-rpm: New shim versions and secureboot certs (Jack Vogel) [Orabug: 34219956]
[5.15.0-0.30.16]
- perf: Correct the label position in perf_event_open (Jack Vogel) [Orabug: 34172708]
[5.15.0-0.30.15]
- sched: Fix non-CONFIG_SCHED_CORE build (Boris Ostrovsky) [Orabug: 34228424]
[5.15.0-0.30.14]
- lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34152698] {CVE-2022-21499}
- io_uring: fix race between timeout flush and removal (Jens Axboe) [Orabug: 34115159] {CVE-2022-29582}
- kvm/x86: Inherit userspaces core scheduling cookie (Boris Ostrovsky) [Orabug: 34195867]
- vhost: Inherit userspaces core scheduling cookie (Boris Ostrovsky) [Orabug: 34195867]
- sched: Add interface for copying core scheduling cookie between two tasks (Boris Ostrovsky) [Orabug: 34195867]
- KVM: x86: avoid calling x86 emulator without a decoded instruction (Sean Christopherson) [Orabug: 34205798] {CVE-2022-1852} {CVE-2022-1852}
- uek-rpm: Added squashfs module to core rpm for kdump (Vijayendra Suman) [Orabug: 34206290]
- uek-rpm: Enable CONFIG_SQUASHFS_ZSTD to support zstd compression (Harshit Mogalapalli) [Orabug: 34209438]
[5.15.0-0.30.13]
- perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34172708] {CVE-2022-1729}
- uek-rpm: Enable dependencies needed by CONFIG_SND_SOC_INTEL_HDA_DSP_COMMON (Brian Maly) [Orabug: 33711352]
[5.15.0-0.30.12]
- docs: kdump: Update the crashkernel description for arm64 (Zhen Lei) [Orabug: 34052160]
- of: fdt: Add memory for devices by DT property linux,usable-memory-range (Chen Zhou) [Orabug: 34052160]
- arm64: kdump: Reimplement crashkernel=X (Chen Zhou) [Orabug: 34052160]
- arm64: Use insert_resource() to simplify code (Zhen Lei) [Orabug: 34052160]
- kdump: return -ENOENT if required cmdline option does not exist (Zhen Lei) [Orabug: 34052160]
- Revert x86: kdump: replace the hard-coded alignment with macro CRASH_ALIGN (Dave Kleikamp) [Orabug: 34052160]
- Revert x86: kdump: make the lower bound of crash kernel reservation consistent (Dave Kleikamp) [Orabug: 34052160]
- Revert x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel() (Dave Kleikamp) [Orabug: 34052160]
- Revert x86: kdump: move xen_pv_domain() check and insert_resource() to setup_arch() (Dave Kleikamp) [Orabug: 34052160]
- Revert x86: kdump: move reserve_crashkernel[_low]() into crash_core.c (Dave Kleikamp) [Orabug: 34052160]
- Revert x86/elf: Move vmcore_elf_check_arch_cross to arch/x86/include/asm/elf.h (Dave Kleikamp) [Orabug: 34052160]
- Revert arm64: kdump: introduce some macroes for crash kernel reservation (Dave Kleikamp) [Orabug: 34052160]
- Revert arm64: kdump: reimplement crashkernel=X (Dave Kleikamp) [Orabug: 34052160]
- Revert x86, arm64: Add ARCH_WANT_RESERVE_CRASH_KERNEL config (Dave Kleikamp) [Orabug: 34052160]
- Revert kdump: update Documentation about crashkernel (Dave Kleikamp) [Orabug: 34052160]
- uek-rpm: Add modules required to pass selinux-testsuites to core rpm (Somasundaram Krishnasamy) [Orabug: 34129238]
- uek-rpm: configs: enable 9P_FS for x86_64 (Todd Vierling) [Orabug: 34146029]
- uek-rpm: Add modules to allow podman tests to run on core kernel. (Somasundaram Krishnasamy) [Orabug: 34123777]
[5.15.0-0.30.11]
- uek: kabi: Update kABI files and enable the kABI checker (Saeed Mirzamohammadi) [Orabug: 34044324]
- Revert rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 34115603]
- Revert rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 34115603]
- Revert rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 34115603]
[5.15.0-0.30.10]
- xfs, iomap: limit individual ioend chain lengths in writeback (Dave Chinner) [Orabug: 34085022]
- xfs: only bother with sync_filesystem during readonly remount (Darrick J. Wong) [Orabug: 34085022]
- vfs: make sync_filesystem return errors from ->sync_fs (Darrick J. Wong) [Orabug: 34085022]
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (Darrick J. Wong) [Orabug: 34085022]
- xfs: flush inodegc workqueue tasks before cancel (Brian Foster) [Orabug: 34085022]
- xfs: prevent UAF in xfs_log_item_in_current_chkpt (Darrick J. Wong) [Orabug: 34085022]
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (Dan Carpenter) [Orabug: 34085022]
- xfs: check sb_meta_uuid for dabuf buffer recovery (Dave Chinner) [Orabug: 34085022]
- xfs: only run COW extent recovery when there are no live extents (Darrick J. Wong) [Orabug: 34085022]
- x86/platform/uv: Log gap hole end size (Mike Travis) [Orabug: 34100359]
- x86/platform/uv: Update TSC sync state for UV5 (Mike Travis) [Orabug: 34100359]
- x86/platform/uv: Update NMI Handler for UV5 (Mike Travis) [Orabug: 34100359]
- perf/x86/intel/uncore: Fix the build on !CONFIG_PHYS_ADDR_T_64BIT (Ingo Molnar) [Orabug: 34100359]
- perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Steve Wahl) [Orabug: 34100359]
- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105317]
- uek-rpm: Move needed modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34124573] [Orabug: 34130428] [Orabug: 34130346]
- af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Haimin Zhang) [Orabug: 34135342] {CVE-2022-1353}
[5.15.0-0.30.9]
- uek-rpm: Enable CONFIG_KFENCE (Joe Jin) [Orabug: 34125090]
- rds: ib: INFO: trying to register non-static key during rmmod (Freddy Carrillo) [Orabug: 34106050]
- uek-rpm: Move few modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34087568]
- bpf: Emit bpf_timer in vmlinux BTF (Yonghong Song) [Orabug: 34085523]
- selftests/bpf: Define SYS_NANOSLEEP_KPROBE_NAME for aarch64 (Ilya Leoshkevich) [Orabug: 34085523]
- KVM: avoid NULL pointer dereference in kvm_dirty_ring_push (Paolo Bonzini) [Orabug: 34048938] {CVE-2022-1263}
[5.15.0-0.30.8]
- Revert locking/rwsem: Make handoff bit handling more consistent (John Donnelly) [Orabug: 34087272]
- Revert locking/rwsem: Always try to wake waiters in out_nolock path (John Donnelly) [Orabug: 34087272]
- x86, ctf: fix CTF suppression in the vDSO (Nick Alcock) [Orabug: 34090171]
[5.15.0-0.30.7]
- uek-rpm: config: Add support for resilient_rdmaip new kernel module (Sudhakar Dindukurti) [Orabug: 27718686] [Orabug: 30777254] [Orabug: 33877197]
- resilient_rdmaip: replace inet_ioctl() with devinet_ioctl() (Qing Huang) [Orabug: 33877197]
- rdmaip: trace message buffer size too small for rdmaip debug tracepoints (Alan Maguire) [Orabug: 33267573] [Orabug: 33877197]
- A/A Bonding: remove use of trace_printk(), replacing with tracepoints (Alan Maguire) [Orabug: 32969529] [Orabug: 33877197]
- A/A Bonding: In rdmaip synchronize access to ip_config[].rdmaip_dev (Sharath Srinivasan) [Orabug: 32486193] [Orabug: 33877197]
- A/A Bonding: dev_hold/put() the delayed GARP work handlers netdev in rdmaip (Sharath Srinivasan) [Orabug: 33161268] [Orabug: 33877197]
- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381881] [Orabug: 33877197]
- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380823] [Orabug: 33877197]
- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350973] [Orabug: 33877197]
- A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095765] [Orabug: 33877197]
- A/A Bonding: No need to call flush rdmaip_wq in rdmaip_cleanup() (Ka-Cheong Poon) [Orabug: 30875610] [Orabug: 33877197]
- A/A Bonding: Change debug levels for some debug messages (Sudhakar Dindukurti) [Orabug: 30430839] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: Remove rdmaip_garp_wq work queue (Sudhakar Dindukurti) [Orabug: 30507174] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: rdmaip does not send IPv6 address change notification (Ka-Cheong Poon) [Orabug: 30312121] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: Memory leak in rdmaip_send_gratuitous_arp (Dag Moxnes) [Orabug: 30434319] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: Use correct port when calling ib_query_port (Dag Moxnes) [Orabug: 30433360] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: Validate rdmaip_active_bonding_arps module parameter (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: Flush all the delayed works posted to rdmaip_garps_wq before destroying the workq (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: Rename riif_dlywork to rdmaip_dlywork (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: Rename rdmaip_port_ud_work to rdmaip_dly_work_req (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: Flush all the delayed works posted to rdmaip_wq before destroying the workq (Sudhakar Dindukurti) [Orabug: 29379514] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: Miscellaneous module unload changes (Sudhakar Dindukurti) [Orabug: 29781216] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: Skip sending GARPs when module unload is in progress (Sudhakar Dindukurti) [Orabug: 29781216] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: Port status is not updated correctly for dynamically added netdevs (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: rdmaip_add_new_rdmaip_port() - remove unused port argument (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: rdmaip_inetaddr_unregister() - minor updates (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: Log ip_config details if it fails to find a failover port (Sudhakar Dindukurti) [Orabug: 30213132] [Orabug: 30777254] [Orabug: 33877197]
- A/A Bonding: X8-8 RoCE network re-connect stalls after loss of switch (Sudhakar Dindukurti) [Orabug: 30213132] [Orabug: 30777254] [Orabug: 33877197]
- A/A-Bonding: Switch from dma_device to dev.parent (Dag Moxnes) [Orabug: 30149027] [Orabug: 30777254] [Orabug: 33877197]
- A/A-Bonding: Increase default net.rdmaip.active_bonding_failback_ms (Sudhakar Dindukurti) [Orabug: 30184200] [Orabug: 30777254] [Orabug: 33877197]
- A/A-Bonding: Optimize rdmaip_impl_inetaddr_event() (Sudhakar Dindukurti) [Orabug: 29929934] [Orabug: 30777254] [Orabug: 33877197]
- A/A-Bonding: ResilientRDMA does not failback on nodes configured with unused VFs starting in 1902.1.0 (Sudhakar Dindukurti) [Orabug: 29929934] [Orabug: 30777254] [Orabug: 33877197]
- Delay IP migration for failback by 10s for NETDEV_CHANGE event (Sudhakar Dindukurti) [Orabug: 29761370] [Orabug: 30777254] [Orabug: 33877197]
- RoCE:KVM guest: failover doesnt work if an interface isnt configured (Sudhakar Dindukurti) [Orabug: 29476868] [Orabug: 30777254] [Orabug: 33877197]
- Add more debug messages in Resilient RDMAIP (Sudhakar Dindukurti) [Orabug: 29683262] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Fix gratuitous ARP storm (Hakon Bugge) [Orabug: 29629971] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Potential race conditions in the module unload path (Sudhakar Dindukurti) [Orabug: 29301129] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Avoid calling ib_query_gid() by holding the dev_base_lock (Sudhakar Dindukurti) [Orabug: 29350401] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: ib_query_port() sleeping function called in a invalid context (Sudhakar Dindukurti) [Orabug: 29391490] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Sleeping function mutex_lock() called in invalid context (Sudhakar Dindukurti) [Orabug: 29430627] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Name structure fields appropriately (for better readability) (Sudhakar Dindukurti) [Orabug: 29168419] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Add rdmaip_process_async_event() (Sudhakar Dindukurti) [Orabug: 29168346] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Potential race conditions (Sudhakar Dindukurti) [Orabug: 29172556] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: check return value of the rdmaip_init_port (Sudhakar Dindukurti) [Orabug: 29168307] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Optimize rdmaip_event_handler() (Sudhakar Dindukurti) [Orabug: 29168253] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Add new function rdmaip_sched_failover_failback() to sechedule failover/failback (Sudhakar Dindukurti) [Orabug: 29167542] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Skip failover and failback operations during network reconfiguration (Sudhakar Dindukurti) [Orabug: 28946148] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Add new function rdmaip_add_new_rdmaip_port() (Sudhakar Dindukurti) [Orabug: 29167497] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Add rdmaip_update_port_status_all_layers() function (Sudhakar Dindukurti) [Orabug: 29213051] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: Add a new function rdmaip_find_port_tstate() to find port transition state (Sudhakar Dindukurti) [Orabug: 29162871] [Orabug: 30777254] [Orabug: 33877197]
- Replace alloc_page() with static allocation (Sudhakar Dindukurti) [Orabug: 29162759] [Orabug: 30777254] [Orabug: 33877197]
- Log full interface name including label during IPv4 migration (Sudhakar Dindukurti) [Orabug: 29019945] [Orabug: 30777254] [Orabug: 33877197]
- A/A : Failover and failback does not work for IP aliases (Sudhakar Dindukurti) [Orabug: 29019964] [Orabug: 30777254] [Orabug: 33877197]
- Node crashes when trace buffer is opened (Sudhakar Dindukurti) [Orabug: 28988861] [Orabug: 30777254] [Orabug: 33877197]
- module unload: Restore IPs during module unloading (Sudhakar Dindukurti) [Orabug: 27902037] [Orabug: 30777254] [Orabug: 33877197]
- Memory leak in rdmaip_device_remove() (Sudhakar Dindukurti) [Orabug: 28496850] [Orabug: 30777254] [Orabug: 33877197]
- resilient_rdmaip: Remove unused variable (Sudhakar Dindukurti) [Orabug: 28925778] [Orabug: 30777254] [Orabug: 33877197]
- A/A failback does not work in concert with ibacm (Hakon Bugge) [Orabug: 28919144] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: fix returned value not set error (Zhu Yanjun) [Orabug: 28175433] [Orabug: 30777254] [Orabug: 33877197]
- IB: RDMAIP: avoid migration to a port that is down (Zhu Yanjun) [Orabug: 28096172] [Orabug: 30777254] [Orabug: 33877197]
- IB/rdmaip: Fix bug in failover_group parsing (Hakon Bugge) [Orabug: 28198705] [Orabug: 30777254] [Orabug: 33877197]
- GARP Messages should be sent on the same port where IP is bound (Sudhakar Dindukurti) [Orabug: 28085445] [Orabug: 30777254] [Orabug: 33877197]
- system panic with active bonding enabled via resilient_rdmaip (Sudhakar Dindukurti) [Orabug: 28073806] [Orabug: 30777254] [Orabug: 33877197]
- Resilient RDMAIP should not attempt to failover/failback for the ports in grp 0 (Sudhakar Dindukurti) [Orabug: 28049781] [Orabug: 30777254] [Orabug: 33877197]
- rdmaip: ib0 is already part of another failover group (Sudhakar Dindukurti) [Orabug: 27818669] [Orabug: 30777254] [Orabug: 33877197]
- Minor typos in resilient_rdmaip parameter description (Sudhakar Dindukurti) [Orabug: 27890256] [Orabug: 30777254] [Orabug: 33877197]
- Garbled log messages related to resilient_rdmaip driver (Sudhakar Dindukurti) [Orabug: 27935928] [Orabug: 30777254] [Orabug: 33877197]
- Add Resilient RDMAIP module (Sudhakar Dindukurti) [Orabug: 27718676] [Orabug: 30777254] [Orabug: 33877197]
- netfilter: conntrack: re-init state for retransmitted syn-ack (Florian Westphal) [Orabug: 34096642]
- netfilter: conntrack: move synack init code to helper (Florian Westphal) [Orabug: 34096642]
- uek-rpm: Add few more missing modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34095625]
- scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34095621]
- IB/cma: Allow XRC INI QPs to set their local ACK timeout (Hakon Bugge) [Orabug: 34094200]
- SUNRPC: Do not dereference non-socket transports in sysfs (Trond Myklebust) [Orabug: 34056478]
- SUNRPC: lock against ->sock changing during sysfs read (NeilBrown) [Orabug: 34056478]
- SUNRPC: Check if the xprt is connected before handling sysfs reads (Anna Schumaker) [Orabug: 34056478]
- uek-rpm: Enable CONFIG_FS_VERITY (Victor Erminpour) [Orabug: 34048393]
[5.15.0-0.30.6]
- uek-rpm: Update kernel-uek-core rpm module list. (Somasundaram Krishnasamy) [Orabug: 34078005]
- Revert scsi: core: Register sysfs attributes earlier (John Donnelly) [Orabug: 34087517]
- vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 34049087]
- vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 34049087]
- mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 34049087]
- mlx5_core: set module param expose_pf_phys_port_name to true (Sharath Srinivasan) [Orabug: 33960521]
- uek-rpm: Fix DEFAULTKERNEL for aarch 64k rpms. (Somasundaram Krishnasamy) [Orabug: 33900644]
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (Dave Chinner) [Orabug: 33705403]
[5.15.0-0.30.5]
- iov_iter: Introduce nofault flag to disable page faults (Andreas Gruenbacher) [Orabug: 34073754]
- gup: Introduce FOLL_NOFAULT flag to disable page faults (Andreas Gruenbacher) [Orabug: 34073754]
- scsi: core: Use a structure member to track the SCSI command submitter (Bart Van Assche) [Orabug: 34075214]
- uek: kabi: add KABI padding to x86 struct fpu (Eric DeVolder) [Orabug: 34070418]
- uek: kabi: add KABI padding to udp and phy sturcts (Qing Huang) [Orabug: 34066357]
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (Dongli Zhang) [Orabug: 34064652]
- scsi: core: Register sysfs attributes earlier (Bart Van Assche) [Orabug: 34063798]
- uek: kabi: add kABI padding to arch/x86/include/asm/processor.h (Thomas Tai) [Orabug: 34059795]
- x86/speculation: Restore speculation related MSRs during S3 resume (Pawan Gupta) [Orabug: 34053699]
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048326] {CVE-2022-28390}
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048287] {CVE-2022-28388}
- intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34039112]
- intel_idle: add preferred_cstates module argument (Artem Bityutskiy) [Orabug: 34039112]
- intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34039112]
- uek-rpm: Modify options for CONFIG_VSOCKETS_DIAG=y (Victor Erminpour) [Orabug: 34027701]
- uek-rpm: Modify options for CONFIG_TIPC_DIAG=y (Victor Erminpour) [Orabug: 34027701]
- uek-rpm: Modify options for CONFIG_INET_SCTP_DIAG=y (Victor Erminpour) [Orabug: 34027701]
- uek-rpm: Enable CONFIG_MPTCP (Victor Erminpour) [Orabug: 34027701]
- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 30962711] [Orabug: 34018925]
- xfs: punch out data fork delalloc blocks on COW writeback failure (Brian Foster) [Orabug: 33968545]
- locking/rwsem: Always try to wake waiters in out_nolock path (Waiman Long) [Orabug: 33698977]
[5.15.0-0.30.4]
- btrfs: skip reserved bytes warning on unmount after log cleanup failure (Filipe Manana) [Orabug: 33916044]
- ALSA: pcm: Fix races among concurrent prealloc proc writes (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048}
- ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048}
- ALSA: pcm: Fix races among concurrent read/write and buffer changes (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048}
- ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048}
- mei: me: disable driver on the ign firmware (Alexander Usyskin) [Orabug: 34018911]
- uek-rpm: Separate x86_64 kABI checking for OL8/9 (Saeed Mirzamohammadi) [Orabug: 34027988]
- rds: ib: Initialize SG table properly (Hakon Bugge) [Orabug: 34031911]
- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34034593] {CVE-2022-1158}
- Revert rds/ib: recover rds connection from stuck rx path (Rohit Nair) [Orabug: 34039269]
[5.15.0-0.30.3]
- xfs: dont generate selinux audit messages for capability testing (Darrick J. Wong) [Orabug: 33678769]
- rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923371]
- turbostat: fix PC6 displaying on some systems (Artem Bityutskiy) [Orabug: 33998324]
- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34003079]
- netfilter: nf_tables: validate registers coming from userspace. (Pablo Neira Ayuso) [Orabug: 34012906] {CVE-2022-1015}
- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012923] {CVE-2022-1016}
[5.15.0-0.30.2]
- net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33974712]
- uek-rpm: aarch64: Reduce core rpms module count (Somasundaram Krishnasamy) [Orabug: 33994642]
- uek-rpm: Add few needed modules to core rpm. (Somasundaram Krishnasamy) [Orabug: 33994642]
- uek-rpm: Remove duplicate modules from kernel-uek-modules rpm (Somasundaram Krishnasamy) [Orabug: 33994642]
- selftests/vm: make MADV_POPULATE_(READ|WRITE) use in-tree headers (David Hildenbrand) [Orabug: 33797463]
- net: mana: Add handling of CQE_RX_TRUNCATED (Haiyang Zhang) [Orabug: 33839662]
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (Haiyang Zhang) [Orabug: 33839662]
- net/rds: Use unpin_user_page as pin_user_pages counterpart (Gerd Rausch) [Orabug: 33867863]
- rds: ib: Fix racy credit tracepoints (Hakon Bugge) [Orabug: 33980854]
- mm: fix MADV_DONTEXEC to clear VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 33987398]
- uek-rpm: Set CONFIG_*_DIAG options as built-ins to match RHCK9 (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable CONFIG_DEBUG_WX for x86_64 debug kernel (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable CONFIG_TMPFS_INODE64 (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable CONFIG_CXL_MEM (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable CONFIG_CMA_SYSFS (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable Platform related options from RHCK9 (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable DM_VERITY_VERIFY_ROOTHASH_SIG and DM_VERITY_FEC (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable Crypto related options from RHCK9 (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable CONFIG_CAN_* options from RHCK9 (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable CONFIG_NET_SCH_* options from RHCK9 (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable CONFIG_NF_FLOW_TABLE (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable missing Netfilter options from RHCK9 (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable CONFIG_CGROUP_MISC and CONFIG_BLK_CGROUP_FC_APPID (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable CONFIG_INTEL_IDXD_PERFMON (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Enable CONFIG_RTW88_8723DE and CONFIG_RTW88_8821CE (Victor Erminpour) [Orabug: 33904712]
- uek-rpm: Update configuration for v5.15.30.1 (aarch64 make olddefconfig) (Victor Erminpour) [Orabug: 33901403]
- uek-rpm: Update configuration for v5.15.30.1 (x86_64 make olddefconfig) (Victor Erminpour) [Orabug: 33901403]
[5.15.0-0.30.1]
- uek-rpm: config: Enable CONFIG_KEY_NOTIFICATIONS option (Somasundaram Krishnasamy) [Orabug: 33957466]
- Revert uek: kabi: Enable kABI checker for ol8 and ol9 (Jack Vogel)
- LTS version: v5.15.30 (Jack Vogel)
- ice: Fix race condition during interface enslave (Ivan Vecera)
- x86/module: Fix the paravirt vs alternative order (Peter Zijlstra)
- kselftest/vm: fix tests build with old libc (Chengming Zhou)
- bnx2: Fix an error message (Christophe JAILLET)
- sfc: extend the locking on mcdi->seqno (Niels Dossche)
- tcp: make tcp_read_sock() more robust (Eric Dumazet)
- nl80211: Update bss channel on channel switch for P2P_CLIENT (Sreeramya Soratkal)
- drm/vrr: Set VRR capable prop only if it is attached to connector (Manasi Navare)
- iwlwifi: dont advertise TWT support (Golan Ben Ami)
- atm: firestream: check the return value of ioremap() in fs_init() (Jia-Ju Bai)
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (Lad Prabhakar)
- Bluetooth: hci_core: Fix leaking sent_cmd skb (Luiz Augusto von Dentz)
- ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (Julian Braha)
- MIPS: smp: fill in sibling and core maps earlier (Alexander Lobakin)
- mac80211: refuse aggregations sessions before authorized (Johannes Berg)
- ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (Corentin Labbe)
- ARM: dts: rockchip: reorder rk322x hmdi clocks (Sascha Hauer)
- arm64: dts: agilex: use the compatible intel,socfpga-agilex-hsotg (Dinh Nguyen)
- arm64: dts: rockchip: reorder rk3399 hdmi clocks (Sascha Hauer)
- arm64: dts: rockchip: align pl330 node name with dtschema (Krzysztof Kozlowski)
- arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (Jakob Unterwurzacher)
- xfrm: Fix xfrm migrate issues when address family changes (Yan Yan)
- xfrm: Check if_id in xfrm_migrate (Yan Yan)
- arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (Quentin Schulz)
- Revert xfrm: state and policy should fail if XFRMA_IF_ID 0 (Kai Lueke)
- LTS version: v5.15.29 (Jack Vogel)
- vhost: allow batching hint without size (Jason Wang)
- Revert net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (Vladimir Oltean)
(Christoph Hellwig)
- riscv: dts: k210: fix broken IRQs on hart1 (Niklas Cassel)
- drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (Ville Syrjala)
- btrfs: make send work with concurrent block group relocation (Filipe Manana)
- drm/panel: Select DRM_DP_HELPER for DRM_PANEL_EDP (Thomas Zimmermann)
- x86/traps: Mark do_int3() NOKPROBE_SYMBOL (Li Huafei)
- x86/sgx: Free backing memory after faulting the enclave page (Jarkko Sakkinen)
- x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (Ross Philipson)
- x86/boot: Fix memremap of setup_indirect structures (Ross Philipson)
- Revert x86/boot: Fix memremap of setup_indirect structures (Jack Vogel)
- Revert x86/boot: Add setup_indirect support in early_memremap_is_setup_data (Jack Vogel)
- watch_queue: Make comment about setting ->defunct more accurate (David Howells)
- watch_queue: Fix lack of barrier/sync/lock between post and read (David Howells)
- watch_queue: Free the alloc bitmap when the watch_queue is torn down (David Howells)
- watch_queue: Fix the alloc bitmap size to reflect notes allocated (David Howells)
- watch_queue: Fix to always request a pow-of-2 pipe ring size (David Howells)
- watch_queue: Fix to release page in ->release() (David Howells)
- watch_queue, pipe: Free watchqueue state after clearing pipe ring (David Howells)
- watch_queue: Fix filter limit check (David Howells)
- ARM: fix Thumb2 regression with Spectre BHB (Russell King (Oracle))
- net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (Dima Chumak)
- virtio: acknowledge all features before access (Michael S. Tsirkin)
- virtio: unexport virtio_finalize_features (Michael S. Tsirkin)
- KVM: x86/mmu: kvm_faultin_pfn has to return false if pfh is returned (Andrei Vagin)
- swiotlb: rework fix info leak with DMA_FROM_DEVICE (Halil Pasic)
- arm64: kasan: fix include error in MTE functions (Paul Semel)
- arm64: Ensure execute-only permissions are not allowed without EPAN (Catalin Marinas)
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (Pali Rohar)
- tracing/osnoise: Force quiescent states while tracing (Nicolas Saenz Julienne)
- riscv: Fix auipc+jalr relocation range checks (Emil Renner Berthing)
- mmc: meson: Fix usage of meson_mmc_post_req() (Rong Chen)
- riscv: alternative only works on !XIP_KERNEL (Jisheng Zhang)
- net: macb: Fix lost RX packet wakeup race in NAPI receive (Robert Hancock)
- staging: gdm724x: fix use after free in gdm_lte_rx() (Dan Carpenter)
- staging: rtl8723bs: Fix access-point mode deadlock (Hans de Goede)
- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi)
- fuse: fix fileattr op failure (Miklos Szeredi)
- ARM: Spectre-BHB: provide empty stub for non-config (Randy Dunlap)
- selftests/memfd: clean up mapping in mfd_fail_write (Mike Kravetz)
- selftest/vm: fix map_fixed_noreplace test failure (Aneesh Kumar K.V)
- tracing/osnoise: Make osnoise_main to sleep for microseconds (Daniel Bristot de Oliveira)
- tracing: Ensure trace buffer is at least 4096 bytes large (Sven Schnelle)
- ipv6: prevent a possible race condition with lifetimes (Niels Dossche)
- Revert xen-netback: Check for hotplug-status existence before watching (Marek Marczykowski-Gorecki)
- Revert xen-netback: remove hotplug-status once it has served its purpose (Marek Marczykowski-Gorecki)
- drm/amdgpu: bypass tiling flag check in virtual display case (v2) (Guchun Chen)
- gpio: Return EPROBE_DEFER if gc->to_irq is NULL (Shreeya Patel)
- PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (Alex Deucher)
- hwmon: (pmbus) Clear pmbus fault/warning bits after read (Vikash Chandola)
- net-sysfs: add check for netdevice being present to speed_show (suresh kumar)
- x86/kvm: Dont use pv tlb/ipi/sched_yield if on 1 vCPU (Wanpeng Li)
- drm/vc4: hdmi: Unregister codec device on unbind (Maxime Ripard)
- spi: rockchip: terminate dma transmission when slave abort (Jon Lin)
- spi: rockchip: Fix error in getting num-cs property (Jon Lin)
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (Anton Romanov)
- KVM: Fix lockdep false negative during host resume (Wanpeng Li)
- pinctrl: tigerlake: Revert Add Alder Lake-M ACPI ID (Andy Shevchenko)
- usb: dwc3: pci: add support for the Intel Raptor Lake-S (Heikki Krogerus)
- swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic)
- selftests/bpf: Add test for bpf_timer overwriting crash (Kumar Kartikeya Dwivedi)
- net: phy: meson-gxl: improve link-up behavior (Heiner Kallweit)
- net: bcmgenet: Dont claim WOL when its not available (Jeremy Linton)
- sctp: fix kernel-infoleak for SCTP sockets (Eric Dumazet)
- net: phy: DP83822: clear MISR2 register to disable interrupts (Clement Leger)
- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (Miaoqian Lin)
- gpio: ts4900: Do not set DAT and OE together (Mark Featherston)
- selftests: pmtu.sh: Kill nettest processes launched in subshell. (Guillaume Nault)
- selftests: pmtu.sh: Kill tcpdump processes launched by subshell. (Guillaume Nault)
- NFC: port100: fix use-after-free in port100_send_complete (Pavel Skripkin)
- net/mlx5e: Lag, Only handle events from highest priority multipath entry (Roi Dayan)
- net/mlx5: Fix a race on command flush flow (Moshe Shemesh)
- net/mlx5: Fix size field in bufferx_reg struct (Mohammad Kabat)
- ax25: Fix NULL pointer dereference in ax25_kill_by_device (Duoming Zhou)
- net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (Miaoqian Lin)
- net: ethernet: lpc_eth: Handle error for clk_enable (Jiasheng Jiang)
- net: ethernet: ti: cpts: Handle error for clk_enable (Jiasheng Jiang)
- tipc: fix incorrect order of state message data sanity check (Tung Nguyen)
- ethernet: Fix error handling in xemaclite_of_probe (Miaoqian Lin)
- ice: Fix curr_link_speed advertised speed (Jedrzej Jagielski)
- ice: Dont use GFP_KERNEL in atomic context (Christophe JAILLET)
- ice: Fix error with handling of bonding MTU (Dave Ertman)
- ice: stop disabling VFs due to PF error responses (Jacob Keller)
- i40e: stop disabling VFs due to PF error responses (Jacob Keller)
- iavf: Fix handling of vlan strip virtual channel messages (Michal Maloszewski)
- ARM: dts: aspeed: Fix AST2600 quad spi group (Joel Stanley)
- net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (Russell King (Oracle))
- drm/sun4i: mixer: Fix P010 and P210 format numbers (Jernej Skrabec)
- gpiolib: acpi: Convert ACPI value of debounce to microseconds (Andy Shevchenko)
- smsc95xx: Ignore -ENODEV errors when device is unplugged (Fabio Estevam)
- qed: return status of qed_iov_get_link (Tom Rix)
- esp: Fix BEET mode inter address family tunneling on GSO (Steffen Klassert)
- esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert)
- net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (Jia-Ju Bai)
- isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (Jia-Ju Bai)
- vdpa: fix use-after-free on vp_vdpa_remove (Zhang Min)
- virtio-blk: Dont use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (Xie Yongji)
- vhost: fix hung thread due to erroneous iotlb entries (Anirudh Rayabharam)
- mISDN: Fix memory leak in dsp_pipeline_build() (Alexey Khoroshilov)
- net: phy: meson-gxl: fix interrupt handling in forced mode (Heiner Kallweit)
- vduse: Fix returning wrong type in vduse_domain_alloc_iova() (Xie Yongji)
- vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command (Si-Wei Liu)
- tipc: fix kernel panic when enabling bearer (Tung Nguyen)
- arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (Pali Rohar)
- HID: vivaldi: fix sysfs attributes leak (Dmitry Torokhov)
- clk: qcom: dispcc: Update the transition delay for MDSS GDSC (Taniya Das)
- clk: qcom: gdsc: Add support to update GDSC transition delay (Taniya Das)
- ARM: boot: dts: bcm2711: Fix HVS register range (Maxime Ripard)
- HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (Pavel Skripkin)
- HID: elo: Revert USB reference counting (Jiri Kosina)
- arm64: dts: qcom: sm8350: Correct UFS symbol clocks (Bjorn Andersson)
- arm64: dts: qcom: sm8350: Describe GCC dependency clocks (Konrad Dybcio)
- uek-rpm: Add crashkernel.default file (John Donnelly) [Orabug: 33741103]
- KVM: SVM: Dont apply SEV+SMAP workaround on code fetch or PT access (Sean Christopherson) [Orabug: 33772526]
- KVM: SVM: Inject #UD on attempted emulation for SEV guest w/o insn buffer (Sean Christopherson) [Orabug: 33772526]
- KVM: SVM: WARN if KVM attempts emulation on #UD or #GP for SEV guests (Sean Christopherson) [Orabug: 33772526]
- KVM: x86: Pass emulation type to can_emulate_instruction() (Sean Christopherson) [Orabug: 33772526]
- KVM: SVM: Explicitly require DECODEASSISTS to enable SEV support (Sean Christopherson) [Orabug: 33772526]
- rcu: Avoid unneeded function call in rcu_read_unlock() (Waiman Long) [Orabug: 33904637]
- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940518]
- uek-rpm: Enable CONFIG_DRM_VMWGFX and CONFIG_DRM_VMWGFX_FBCON for aarch64 (Victor Erminpour) [Orabug: 33947624]
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
