ELSA-2022-9690

ELSA-2022-9690 - Unbreakable Enterprise kernel-container security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2022-08-09

Description


[5.15.0-1.43.4.1]
- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588}

[5.15.0-1.43.4]
- Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286]
- Revert selftests/bpf: Add test for reg2btf_ids out of bounds access (Alan Maguire) [Orabug: 34399286]

[5.15.0-1.43.3]
- x86/alternative: The retpoline alternative is not applied (Alexandre Chartre) [Orabug: 34395937]
- x86/ftrace: Do not copy ftrace_stub() in ftrace trampoline (Alexandre Chartre) [Orabug: 34395937]

[5.15.0-100.43.0]
- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364336]
- ocfs2: dlmfs: dont clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364336]
- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34364336]
- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34366723]
- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34393053] {CVE-2022-21505}

[5.15.0-1.43.1]
- LTS version: v5.15.43 (Jack Vogel)
- mptcp: Do TCP fallback on early DSS checksum failure (Mat Martineau)
- LTS version: v5.15.42 (Jack Vogel)
- afs: Fix afs_getattr() to refetch file status if callback break occurred (David Howells)
- i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (Yang Yingliang)
- mt76: mt7921e: fix possible probe failure after reboot (Sean Wang)
- dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (Jae Hyun Yoo)
- Input: ili210x - fix reset timing (Marek Vasut)
- arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (Shreyas K K)
- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler)
- net: atlantic: add check for MAX_SKB_FRAGS (Grant Grundler)
- net: atlantic: reduce scope of is_rsc_complete (Grant Grundler)
- net: atlantic: fix frag[0] not initialized (Grant Grundler)
- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang)
- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang)
- nl80211: fix locking in nl80211_set_tx_bitrate_mask() (Johannes Berg)
- net: fix wrong network header length (Lina Wang)
- fbdev: Prevent possible use-after-free in fb_release() (Daniel Vetter)
- Revert fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas)
- selftests: add ping test with ping_group_range tuned (Nicolas Dichtel)
- nl80211: validate S1G channel width (Kieran Frewen)
- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau)
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov)
- scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (Brian Bunker)
- perf bench numa: Address compiler error on s390 (Thomas Richter)
- perf regs x86: Fix arch__intr_reg_mask() for the hybrid platform (Kan Liang)
- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig)
- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen)
- perf build: Fix check for btf__load_from_kernel_by_id() in libbpf (Arnaldo Carvalho de Melo)
- scsi: ufs: core: Fix referencing invalid rsp field (Daejun Park)
- riscv: dts: sifive: fu540-c000: align dma node name with dtschema (Krzysztof Kozlowski)
- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn)
- netfilter: flowtable: move dst_check to packet path (Ritaro Takenaka)
- netfilter: flowtable: pass flowtable to nf_flow_table_iterate() (Pablo Neira Ayuso)
- netfilter: flowtable: fix TCP flow teardown (Pablo Neira Ayuso)
- igb: skip phy status check where unavailable (Kevin Mitchell)
- mptcp: fix checksum byte order (Paolo Abeni)
- mptcp: reuse __mptcp_make_csum in validate_data_csum (Geliang Tang)
- mptcp: change the parameter of __mptcp_make_csum (Geliang Tang)
- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel)
- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel)
- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang)
- net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy)
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Maor Dickman)
- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou)
- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET)
- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu)
- ice: Fix interrupt moderation settings getting cleared (Michal Wilczynski)
- ice: move ice_container_type onto ice_ring_container (Maciej Fijalkowski)
- ice: fix possible under reporting of ethtool Tx and Rx statistics (Paul Greenwalt)
- ice: fix crash when writing timestamp on RX rings (Arkadiusz Kubalewski)
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu)
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu)
- net: systemport: Fix an error handling path in bcm_sysport_probe() (Christophe JAILLET)
- Revert PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar)
- netfilter: nft_flow_offload: fix offload with pppoe + vlan (Felix Fietkau)
- net: fix dev_fill_forward_path with pppoe + bridge (Felix Fietkau)
- netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices (Felix Fietkau)
- netfilter: flowtable: fix excessive hw offload attempts after failure (Felix Fietkau)
- net/sched: act_pedit: sanitize shift argument before usage (Paolo Abeni)
- xfrm: fix disable_policy flag use when arriving from different devices (Eyal Birger)
- xfrm: rework default policy structure (Nicolas Dichtel)
- net: macb: Increment rx bd head after allocating skb and buffer (Harini Katakam)
- net: ipa: record proper RX transaction count (Alex Elder)
- ALSA: hda - fix unused Realtek function when PM is not enabled (Randy Dunlap)
- pinctrl: mediatek: mt8365: fix IES control pins (Mattijs Korpershoek)
- ARM: dts: aspeed: Add video engine to g6 (Howard Chiu)
- ARM: dts: aspeed: Add secure boot controller node (Joel Stanley)
- ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (Eddie James)
- ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (Jae Hyun Yoo)
- pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (Jae Hyun Yoo)
- ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (Jae Hyun Yoo)
- dma-buf: ensure unique directory name for dmabuf stats (Charan Teja Kalla)
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (Jerome Pouiller)
- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua)
- drm/i915/dmc: Add MMIO range restrictions (Anusha Srivatsa)
- drm/amd: Dont reset dGPUs if the system is going to s2idle (Mario Limonciello)
- libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov)
- crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (Ondrej Mosnacek)
- arm64: mte: Ensure the cleared tags are visible before setting the PTE (Catalin Marinas)
- arm64: paravirt: Use RCU read locks to guard stolen_time (Prakruthi Deepak Heragu)
- KVM: x86/mmu: Update number of zapped pages even if page list is stable (Sean Christopherson)
- Revert can: m_can: pci: use custom bit timings for Elkhart Lake (Jarkko Nikula)
- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (Rafael J. Wysocki)
- Fix double fget() in vhost_net_set_backend() (Al Viro)
- selinux: fix bad cleanup on error in hashtab_duplicate() (Ondrej Mosnacek)
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (Werner Sembach)
- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai)
- ALSA: usb-audio: Restore Rane SL-1 quirk (Takashi Iwai)
- nilfs2: fix lockdep warnings during disk space reclamation (Ryusuke Konishi)
- nilfs2: fix lockdep warnings in page operations for btree nodes (Ryusuke Konishi)
- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun)
- platform/chrome: cros_ec_debugfs: detach log reader wq from devm (Tzung-Bi Shih)
- drbd: remove usage of list iterator variable after loop (Jakob Koschel)
- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang)
- fs: fix an infinite loop in iomap_fiemap (Guo Xuenan)
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (Mario Limonciello)
- nvme-multipath: fix hang when disk goes live over reconnect (Anton Eidelman)
- nvmet: use a private workqueue instead of the system workqueue (Sagi Grimberg)
- tools/virtio: compile with -pthread (Michael S. Tsirkin)
- vhost_vdpa: dont setup irq offloading when irq_num < 0 (Zhu Lingshan)
- s390/pci: improve zpci_dev reference counting (Niklas Schnelle)
- s390/traps: improve panic message for translation-specification exception (Heiko Carstens)
- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (Kai-Heng Feng)
- crypto: x86/chacha20 - Avoid spurious jumps to other functions (Peter Zijlstra)
- crypto: stm32 - fix reference leak in stm32_crc_remove (Zheng Yongjun)
- rtc: sun6i: Fix time overflow handling (Andre Przywara)
- gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher)
- nvme-pci: add quirks for Samsung X5 SSDs (Monish Kumar R)
- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun)
- Input: add bounds checking to input_set_capability() (Jeff LaBundy)
- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow)
- rtc: pcf2127: fix bug when reading alarm registers (Hugo Villeneuve)
- rtc: fix use-after-free on device removal (Vincent Whitchurch)
- Revert drm/i915/opregion: check port number bounds for SWSCI display power state (Greg Thelen)
- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (Hyeonggon Yoo)
- Watchdog: sp5100_tco: Enable Family 17h+ CPUs (Terry Bowman)
- Watchdog: sp5100_tco: Add initialization using EFCH MMIO (Terry Bowman)
- Watchdog: sp5100_tco: Refactor MMIO base address initialization (Terry Bowman)
- Watchdog: sp5100_tco: Move timer initialization into function (Terry Bowman)
- i2c: piix4: Enable EFCH MMIO for Family 17h+ (Terry Bowman)
- i2c: piix4: Add EFCH MMIO support for SMBus port select (Terry Bowman)
- i2c: piix4: Add EFCH MMIO support to SMBus base address detect (Terry Bowman)
- i2c: piix4: Add EFCH MMIO support to region request and release (Terry Bowman)
- i2c: piix4: Move SMBus port selection into function (Terry Bowman)
- i2c: piix4: Move SMBus controller base address detect into function (Terry Bowman)
- i2c: piix4: Move port I/O region request/release code into functions (Terry Bowman)
- i2c: piix4: Replace hardcoded memory map size with a #define (Terry Bowman)
- kernel/resource: Introduce request_mem_region_muxed() (Terry Bowman)
- io_uring: arm poll for non-nowait files (Pavel Begunkov)
- usb: gadget: fix race when gadget driver register via ioctl (Schspa Shi)
- LTS version: v5.15.41 (Jack Vogel)
- usb: gadget: uvc: allow for application to cleanly shutdown (Dan Vacura)
- usb: gadget: uvc: rename function to be more consistent (Michael Tretter)
- ping: fix address binding wrt vrf (Nicolas Dichtel)
- mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (Naoya Horiguchi)
- dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (Charan Teja Reddy)
- Revert drm/amd/pm: keep the BACO feature enabled for suspend (Alex Deucher)
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin)
- SUNRPC: Ensure that the gssproxy client can start in a connected state (Trond Myklebust)
- net: phy: micrel: Pass .probe for KS8737 (Fabio Estevam)
- net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (Fabio Estevam)
- arm[64]/memremap: dont abuse pfn_valid() to ensure presence of linear map (Mike Rapoport)
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long)
- writeback: Avoid skipping inode writeback (Jing Xia)
- net: phy: Fix race condition on link status change (Francesco Dolcini)
- net: atlantic: always deep reset on pm op, fixing up my null deref regression (Manuel Ullmann)
- i40e: i40e_main: fix a missing check on list iterator (Xiaomeng Tong)
- drm/nouveau/tegra: Stop using iommu_present() (Robin Murphy)
- drm/vmwgfx: Disable command buffers on svga3 without gbobjects (Zack Rusin)
- mm/huge_memory: do not overkill when splitting huge_zero_page (Xu Yu)
- Revert mm/memory-failure.c: skip huge_zero_page in memory_failure() (Xu Yu)
- ceph: fix setting of xattrs on async created inodes (Jeff Layton)
- serial: 8250_mtk: Fix register address for XON/XOFF character (AngeloGioacchino Del Regno)
- serial: 8250_mtk: Fix UART_EFR register address (AngeloGioacchino Del Regno)
- fsl_lpuart: Dont enable interrupts too early (Indan Zupancic)
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (Miaoqian Lin)
- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer)
- USB: serial: option: add Fibocom L610 modem (Sven Schwermer)
- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang)
- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen)
- usb: typec: tcpci_mt6360: Update for BMC PHY setting (ChiYuan Huang)
- usb: typec: tcpci: Dont skip cleanup in .remove() on error (Uwe Kleine-Konig)
- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov)
- tty: n_gsm: fix mux activation issues in gsm_config() (Daniel Starke)
- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Daniel Starke)
- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang)
- x86/mm: Fix marking of unused sub-pmd ranges (Adrian-Ken Rueegsegger)
- usb: xhci-mtk: fix fs isocs transfer error (Chunfeng Yun)
- KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (Alexander Graf)
- firmware_loader: use kernel credentials when reading firmware (Thiebaud Weksteen)
- interconnect: Restore sync state by ignoring ipa-virt in provider count (Stephen Boyd)
- tcp: drop the hash_32() part from the index calculation (Willy Tarreau)
- tcp: increase source port perturb table to 2^16 (Willy Tarreau)
- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau)
- tcp: add small random increments to the source port (Willy Tarreau)
- tcp: resalt the secret every 10 seconds (Eric Dumazet)
- tcp: use different parts of the port_offset for index and offset (Willy Tarreau)
- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau)
- net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (Matthew Hagan)
- net: emaclite: Dont advertise 1000BASE-T and do auto negotiation (Shravya Kumbham)
- ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (Ajit Kumar Pandey)
- s390: disable -Warray-bounds (Sven Schnelle)
- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown)
- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown)
- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown)
- iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (Ashish Mhetre)
- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (Duoming Zhou)
- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong))
- gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher)
- drm/vmwgfx: Fix fencing on SVGAv3 (Zack Rusin)
- tls: Fix context leak on tls_device_down (Maxim Mikityanskiy)
- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo)
- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang)
- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (Florian Fainelli)
- drm/vc4: hdmi: Fix build error for implicit function declaration (Hui Tang)
- net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (Florian Fainelli)
- net: ethernet: mediatek: ppe: fix wrong size passed to memset() (Yang Yingliang)
- net/sched: act_pedit: really ensure the skb is writable (Paolo Abeni)
- s390/lcs: fix variable dereferenced before check (Alexandra Winter)
- s390/ctcm: fix potential memory leak (Alexandra Winter)
- s390/ctcm: fix variable dereferenced before check (Alexandra Winter)
- virtio: fix virtio transitional ids (Shunsuke Mie)
- arm64: vdso: fix makefile dependency on vdso.so (Joey Gouly)
- selftests: vm: Makefile: rename TARGETS to VMTARGETS (Joel Savitz)
- procfs: prevent unprivileged processes accessing fdinfo dir (Kalesh Singh)
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap)
- dim: initialize all struct fields (Jesse Brandeburg)
- ionic: fix missing pci_release_regions() on error in ionic_probe() (Yang Yingliang)
- nfs: fix broken handling of the softreval mount option (Dan Aloni)
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg)
- net: sfc: fix memory leak due to ptp channel (Taehee Yoo)
- sfc: Use swap() instead of open coding it (Jiapeng Chong)
- fbdev: efifb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas)
- net: chelsio: cxgb4: Avoid potential negative array offset (Kees Cook)
- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet)
- drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (Christophe JAILLET)
- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal)
- ice: fix PTP stale Tx timestamps cleanup (Michal Michalik)
- ice: Fix race during aux device (un)plugging (Ivan Vecera)
- platform/surface: aggregator: Fix initialization order when compiling as builtin module (Maximilian Luz)
- fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas)
- fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas)
- fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas)
- net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (Vladimir Oltean)
- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (Vladimir Oltean)
- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (Vladimir Oltean)
- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (Vladimir Oltean)
- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan)
- mac80211: Reset MBSSID parameters upon connection (Manikanta Pubbisetty)
- hwmon: (tmp401) Add OF device ID table (Camel Guo)
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (Guenter Roeck)
- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann)
- LTS version: v5.15.40 (Jack Vogel)
- mm: fix invalid page pointer returned with FOLL_PIN gups (Peter Xu)
- mm/mlock: fix potential imbalanced rlimit ucounts adjustment (Miaohe Lin)
- mm/hwpoison: fix error page recovered but reported not recovered (Naoya Horiguchi)
- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song)
- mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (Muchun Song)
- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song)
- mm: fix missing cache flush for all tail pages of compound page (Muchun Song)
- udf: Avoid using stale lengthOfImpUse (Jan Kara)
- rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (Gleb Fotengauer-Malinovskiy)
- Bluetooth: Fix the creation of hdev->name (Itay Iellin)
- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in perf bench mem memcpy (Arnaldo Carvalho de Melo)
- kbuild: move objtool_args back to scripts/Makefile.build (Masahiro Yamada)
- LTS version: v5.15.39 (Jack Vogel)
- PCI: aardvark: Update comment about link going down after link-up (Marek Behun)
- PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (Marek Behun)
- PCI: aardvark: Dont mask irq when mapping (Pali Rohar)
- PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (Pali Rohar)
- PCI: aardvark: Use separate INTA interrupt for emulated root bridge (Pali Rohar)
- PCI: aardvark: Fix support for PME requester on emulated bridge (Pali Rohar)
- PCI: aardvark: Add support for PME interrupts (Pali Rohar)
- PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (Pali Rohar)
- PCI: aardvark: Add support for ERR interrupt on emulated bridge (Pali Rohar)
- PCI: aardvark: Enable MSI-X support (Pali Rohar)
- PCI: aardvark: Fix setting MSI address (Pali Rohar)
- PCI: aardvark: Add support for masking MSI interrupts (Pali Rohar)
- PCI: aardvark: Refactor unmasking summary MSI interrupt (Pali Rohar)
- PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (Marek Behun)
- PCI: aardvark: Make msi_domain_info structure a static driver structure (Marek Behun)
- PCI: aardvark: Make MSI irq_chip structures static driver structures (Marek Behun)
- PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (Pali Rohar)
- PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar)
- PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (Pali Rohar)
- PCI: aardvark: Disable common PHY when unbinding driver (Pali Rohar)
- PCI: aardvark: Disable link training when unbinding driver (Pali Rohar)
- PCI: aardvark: Assert PERST# when unbinding driver (Pali Rohar)
- PCI: aardvark: Fix memory leak in driver unbind (Pali Rohar)
- PCI: aardvark: Mask all interrupts when unbinding driver (Pali Rohar)
- PCI: aardvark: Disable bus mastering when unbinding driver (Pali Rohar)
- PCI: aardvark: Comment actions in driver remove method (Pali Rohar)
- PCI: aardvark: Clear all MSIs at setup (Pali Rohar)
- PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (Pali Rohar)
- PCI: pci-bridge-emul: Add definitions for missing capabilities registers (Pali Rohar)
- PCI: pci-bridge-emul: Add description for class_revision field (Pali Rohar)
- rcu: Apply callbacks processing time limit only on softirq (Frederic Weisbecker)
- rcu: Fix callbacks processing time limit retaining cond_resched() (Frederic Weisbecker)
- Revert parisc: Mark sched_clock unstable only if clocks are not syncronized (Helge Deller)
- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU)
- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar)
- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar)
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (Wanpeng Li)
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (Paolo Bonzini)
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini)
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (Wanpeng Li)
- KVM: selftests: Silence compiler warning in the kvm_page_table_test (Thomas Huth)
- kvm: selftests: do not use bitfields larger than 32-bits for PTEs (Paolo Bonzini)
- iommu/dart: Add missing module owner to ops structure (Hector Martin)
- net/mlx5e: Lag, Dont skip fib events on current dst (Vlad Buslov)
- net/mlx5e: Lag, Fix fib_info pointer assignment (Vlad Buslov)
- net/mlx5e: Lag, Fix use-after-free in fib event handler (Vlad Buslov)
- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Aya Levin)
- fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas)
- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das)
- gpio: mvebu: drop pwm base assignment (Baruch Siach)
- drm/amdgpu: Ensure HDA function is suspended before ASIC reset (Kai-Heng Feng)
- drm/amdgpu: dont set s3 and s0ix at the same time (Mario Limonciello)
- drm/amdgpu: explicitly check for s0ix when evicting resources (Mario Limonciello)
- drm/amdgpu: unify BO evicting method in amdgpu_ttm (Nirmoy Das)
- btrfs: always log symlinks in full mode (Filipe Manana)
- btrfs: force v2 space cache usage for subpage mount (Qu Wenruo)
- smsc911x: allow using IRQ0 (Sergey Shtylyov)
- selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (Vladimir Oltean)
- bnxt_en: Fix unnecessary dropping of RX packets (Michael Chan)
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (Somnath Kotur)
- selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (Ido Schimmel)
- rxrpc: Enable IPv6 checksums on transport socket (David Howells)
- mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (Eric Dumazet)
- hinic: fix bug of wq out of bound access (Qiao Ma)
- btrfs: do not BUG_ON() on failure to update inode when setting xattr (Filipe Manana)
- drm/msm/dp: remove fail safe mode related code (Kuogee Hsieh)
- selftests/net: so_txtime: usage(): fix documentation of default clock (Marc Kleine-Budde)
- selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (Marc Kleine-Budde)
- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham)
- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet)
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (Yang Yingliang)
- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (Niels Dossche)
- net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (Yang Yingliang)
- net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (Yang Yingliang)
- net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (Yang Yingliang)
- NFSv4: Dont invalidate inode attributes on delegation return (Trond Myklebust)
- RDMA/irdma: Fix possible crash due to NULL netdev in notifier (Mustafa Ismail)
- RDMA/irdma: Reduce iWARP QP destroy time (Shiraz Saleem)
- RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (Tatyana Nikolova)
- RDMA/siw: Fix a condition race issue in MPA request processing (Cheng Xu)
- SUNRPC release the transport of a relocated task with an assigned transport (Olga Kornievskaia)
- selftests/seccomp: Dont call read() on TTY from background pgrp (Jann Horn)
- net/mlx5: Fix deadlock in sync reset flow (Moshe Shemesh)
- net/mlx5: Avoid double clear or set of sync reset requested (Moshe Shemesh)
- net/mlx5e: Fix the calling of update_buffer_lossy() API (Mark Zhang)
- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Paul Blakey)
- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Vlad Buslov)
- net/mlx5e: Fix trust state reset in reload (Moshe Tal)
- iommu/dart: check return value after calling platform_get_resource() (Yang Yingliang)
- iommu/vt-d: Drop stop marker messages (Lu Baolu)
- ASoC: soc-ops: fix error handling (Pierre-Louis Bossart)
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu)
- hwmon: (pmbus) disable PEC if not enabled (Adam Wujek)
- hwmon: (adt7470) Fix warning on module removal (Armin Wolf)
- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (Puyou Lu)
- gpio: visconti: Fix fwnode of GPIO IRQ (Nobuhiro Iwamatsu)
- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou)
- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou)
- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou)
- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson)
- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson)
- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom)
- can: isotp: remove re-binding of bound socket (Oliver Hartkopp)
- can: grcan: grcan_close(): fix deadlock (Duoming Zhou)
- s390/dasd: Fix read inconsistency for ESE DASD devices (Jan Hoppner)
- s390/dasd: Fix read for ESE with blksize < 4k (Jan Hoppner)
- s390/dasd: prevent double format of tracks for ESE devices (Stefan Haberland)
- s390/dasd: fix data corruption for ESE devices (Stefan Haberland)
- ASoC: meson: Fix event generation for AUI CODEC mux (Mark Brown)
- ASoC: meson: Fix event generation for G12A tohdmi mux (Mark Brown)
- ASoC: meson: Fix event generation for AUI ACODEC mux (Mark Brown)
- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown)
- ASoC: da7219: Fix change notifications for tone generator frequency (Mark Brown)
- genirq: Synchronize interrupt thread startup (Thomas Pfaff)
- net: stmmac: disable Split Header (SPH) for Intel platforms (Tan Tee Min)
- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche)
- firewire: remove check of list iterator against head past the loop body (Jakob Koschel)
- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye)
- timekeeping: Mark NMI safe time accessors as notrace (Kurt Kanzenbach)
- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust)
- RISC-V: relocate DTB if its outside memory region (Nick Kossifidis)
- drm/amdgpu: do not use passthrough mode in Xen dom0 (Marek Marczykowski-Gorecki)
- drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (Harry Wentland)
- iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (Nicolin Chen)
- iommu/vt-d: Calculate mask for non-aligned flushes (David Stevens)
- KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (Kyle Huey)
- x86/fpu: Prevent FPU state corruption (Thomas Gleixner)
- gpiolib: of: fix bounds check for gpio-reserved-ranges (Andrei Lalaev)
- mmc: core: Set HS clock speed before sending HS CMD13 (Brian Norris)
- mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (Samuel Holland)
- mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (Shaik Sajida Bhanu)
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto)
- ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (Zihao Wang)
- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller)
- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki)
- LTS version: v5.15.38 (Jack Vogel)
- powerpc/64: Add UADDR64 relocation support (Alexey Kardashevskiy)
- objtool: Fix type of reloc::addend (Peter Zijlstra)
- objtool: Fix code relocs vs weak symbols (Peter Zijlstra)
- eeprom: at25: Use DMA safe buffers (Christophe Leroy)
- perf symbol: Remove arch__symbols__fixup_end() (Namhyung Kim)
- tty: n_gsm: fix software flow control handling (Daniel Starke)
- tty: n_gsm: fix incorrect UA handling (Daniel Starke)
- tty: n_gsm: fix reset fifo race condition (Daniel Starke)
- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Daniel Starke)
- tty: n_gsm: fix wrong signal octets encoding in MSC (Daniel Starke)
- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke)
- tty: n_gsm: fix wrong command retry handling (Daniel Starke)
- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke)
- tty: n_gsm: fix wrong DLCI release order (Daniel Starke)
- tty: n_gsm: fix insufficient txframe size (Daniel Starke)
- netfilter: nft_socket: only do sk lookups when indev is available (Florian Westphal)
- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke)
- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke)
- tty: n_gsm: fix mux cleanup after unregister tty device (Daniel Starke)
- tty: n_gsm: fix decoupled mux resource (Daniel Starke)
- tty: n_gsm: fix restart handling via CLD command (Daniel Starke)
- perf symbol: Update symbols__fixup_end() (Namhyung Kim)
- perf symbol: Pass is_kallsyms to symbols__fixup_end() (Namhyung Kim)
- x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov)
- ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (Tim Harvey)
- ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (Eugen Hristev)
- btrfs: fix leaked plug after failure syncing log on zoned filesystems (Filipe Manana)
- thermal: int340x: Fix attr.show callback prototype (Kees Cook)
- ACPI: processor: idle: Avoid falling back to C3 type C-states (Ville Syrjala)
- net: ethernet: stmmac: fix write to sgmii_adapter_base (Dinh Nguyen)
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (Imre Deak)
- drm/i915: Check EDID for HDR static metadata when choosing blc (Jouni Hogander)
- netfilter: Update ip6_route_me_harder to consider L3 domain (Martin Willi)
- mtd: rawnand: qcom: fix memory corruption that causes panic (Md Sadre Alam)
- kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (Zqiang)
- zonefs: Clear inode information flags on inode creation (Damien Le Moal)
- zonefs: Fix management of open zones (Damien Le Moal)
- Revert ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (Ville Syrjala)
- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar)
- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar)
- powerpc/perf: Fix 32bit compile (Alexey Kardashevskiy)
- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou)
- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg)
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka)
- bonding: do not discard lowest hash bit for non layer3+4 hashing (suresh kumar)
- ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (Namjae Jeon)
- ksmbd: increment reference count of parent fp (Namjae Jeon)
- arch: xtensa: platforms: Fix deadlock in rs_close() (Duoming Zhou)
- ext4: fix bug_on in start_this_handle during umount filesystem (Ye Bin)
- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma)
- ASoC: Intel: soc-acpi: correct device endpoints for max98373 (Chao Song)
- tcp: fix F-RTO may not work correctly when receiving DSACK (Pengcheng Yang)
- Revert ibmvnic: Add ethtool private flag for driver-defined queue limits (Dany Madden)
- ixgbe: ensure IPsec VF<->PF compatibility (Leon Romanovsky)
- perf arm-spe: Fix addresses of synthesized SPE events (Timothy Hayes)
- gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher)
- gfs2: Make sure not to return short direct writes (Andreas Gruenbacher)
- gfs2: Minor retry logic cleanup (Andreas Gruenbacher)
- gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher)
- net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (Yang Yingliang)
- bnx2x: fix napi API usage sequence (Manish Chopra)
- tls: Skip tls_append_frag on zero copy size (Maxim Mikityanskiy)
- drm/amd/display: Fix memory leak in dcn21_clock_source_create (Miaoqian Lin)
- drm/amdkfd: Fix GWS queue count (David Yat Sin)
- netfilter: conntrack: fix udp offload timeout sysctl (Volodymyr Mytnyk)
- io_uring: check reserved fields for recv/recvmsg (Jens Axboe)
- io_uring: check reserved fields for send/sendmsg (Jens Axboe)
- net: dsa: lantiq_gswip: Dont set GSWIP_MII_CFG_RMII_CLK (Martin Blumenstingl)
- drm/sun4i: Remove obsolete references to PHYS_OFFSET (Samuel Holland)
- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (Nathan Rossi)
- net: phy: marvell10g: fix return value on error (Baruch Siach)
- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon)
- cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (Vladimir Zapolskiy)
- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang)
- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET)
- tcp: make sure treq->af_specific is initialized (Eric Dumazet)
- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet)
- ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (Peilin Ye)
- ip6_gre: Make o_seqno start from 0 in native mode (Peilin Ye)
- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye)
- net/smc: sync err code when tcp connection was refused (liuyacan)
- net: hns3: add return value for mailbox handling in PF (Jian Shen)
- net: hns3: add validity check for message data length (Jian Shen)
- net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (Jie Wang)
- net: hns3: clear inited state and stop client after failed to register netdev (Jian Shen)
- cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (Xiaobing Luo)
- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi)
- arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (Fabio Estevam)
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (Max Krummenacher)
- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long)
- wireguard: device: check for metadata_dst with skb_valid_dst() (Nikolay Aleksandrov)
- tcp: ensure to use the most recently sent skb when filling the rate sample (Pengcheng Yang)
- pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (Marek Vasut)
- tcp: md5: incorrect tcp_header_len for incoming connections (Francesco Ruggeri)
- pinctrl: rockchip: fix RK3308 pinmux bits (Luca Ceresoli)
- bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (Eyal Birger)
- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (Pablo Neira Ayuso)
- net: dsa: Add missing of_node_put() in dsa_port_link_register_of (Miaoqian Lin)


Related CVEs


CVE-2022-2588

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (x86_64) kernel-uek-container-5.15.0-1.43.4.1.el8.src.rpmd31f56a4c771efde0e0badf25b47b378-
kernel-uek-container-5.15.0-1.43.4.1.el8.x86_64.rpmcac870841b1ab7d51ac298f780f388f2-
kernel-uek-container-debug-5.15.0-1.43.4.1.el8.x86_64.rpm083cfd9ad5ce208283ad29d05e44b0b1-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete