ELSA-2023-13039

Описание

[4.14.35-2047.532.3]

• Revert 'mmc: core: Capture correct oemid-bits for eMMC cards' (Dominique Martinet)
• media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil)
• perf/core: Fix potential NULL deref (Peter Zijlstra)

[4.14.35-2047.532.2]

• x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl (Andrea Arcangeli) [Orabug: 35905888]
• LTS version: 4.14.328 (Saeed Mirzamohammadi)
• Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz)
• Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook)
• Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD)
• gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen)
• s390/pci: fix iommu bitmap allocation (Niklas Schnelle)
• perf: Disallow mis-matched inherited group reads (Saeed Mirzamohammadi)
• USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu)
• USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoit Monin)
• USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda)
• ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L)
• Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (Andy Shevchenko)
• mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman)
• sky2: Make sure there is at least one frag_addr available (Kees Cook)
• wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg)
• wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong)
• Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz)
• Bluetooth: Avoid redundant authentication (Ying Hsu)
• HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke)
• tracing: relax trace_event_eval_update() execution with cond_resched() (Clement Leger)
• ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal)
• gpio: timberdale: Fix potential deadlock on &tgpio->lock (Chengfeng Ye)
• overlayfs: set ctime when setting mtime and atime (Jeff Layton)
• i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit)
• btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik)
• ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren)
• i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt)
• net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter)
• net: rfkill: gpio: prevent value glitch during probe (Josua Mayer)
• net: ipv6: fix return value check in esp_remove_trailer (Ma Ke)
• net: ipv4: fix return value check in esp_remove_trailer (Ma Ke)
• xfrm: fix a data-race in xfrm_gen_index() (Saeed Mirzamohammadi)
• netfilter: nft_payload: fix wrong mac header matching (Florian Westphal)
• KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson)
• regmap: fix NULL deref on lookup (Johan Hovold)
• nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski)
• Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann)
• Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz)
• Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy)
• Bluetooth: Fix a refcnt underflow problem for hci_conn (Ziyang Xuan)
• Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi)
• Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi)
• usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Canuelo)
• x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD))
• usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (Krishna Kurapati)
• usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta)
• pinctrl: avoid unsafe code pattern in find_pinctrl() (Dmitry Torokhov)
• cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutny)
• Input: xpad - add PXN V900 support (Matthias Berndt)
• Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco)
• ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li)
• mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia)
• iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl)
• iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell)
• usb: musb: Modify the 'HWVers' register address (Xingxing Luo)
• usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo)
• net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (Javier Carrasco)
• usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng)
• workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long)
• nfc: nci: assert requested protocol is valid (Jeremy Cline)
• ixgbe: fix crash with empty VF macvlan list (Dan Carpenter)
• drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze)
• ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu)
• drm: etvnaviv: fix bad backport leading to warning (Martin Fuzzey)
• HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede)
• RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev)
• LTS version: 4.14.327 (Saeed Mirzamohammadi)
• parisc: Restore __ldcw_align for PA-RISC 2.0 processors (John David Anglin)
• RDMA/mlx5: Fix NULL string error (Shay Drory)
• RDMA/cma: Fix truncation compilation warning in make_cma_ports (Leon Romanovsky)
• gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (Bartosz Golaszewski)
• IB/mlx4: Fix the size of a buffer in add_port_entries() (Christophe JAILLET)
• cpupower: add Makefile dependencies for install targets (Ivan Babrou)
• sctp: update hb timer immediately after users change hb_interval (Xin Long)
• sctp: update transport state when processing a dupcook packet (Xin Long)
• tcp: fix delayed ACKs for MSS boundary condition (Neal Cardwell)
• net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida)
• ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (David Howells)
• modpost: add missing else to the 'of' check (Mauricio Faria de Oliveira)
• scsi: target: core: Fix deadlock due to recursive locking (Junxiao Bi)
• regmap: rbtree: Fix wrong register marked as in-cache when creating new node (Richard Fitzgerald)
• drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() (Alexandra Diupina)
• ubi: Refuse attaching if mtd's erasesize is 0 (Zhihao Cheng)
• wifi: mwifiex: Fix tlv_buf_left calculation (Gustavo A. R. Silva)
• scsi: zfcp: Fix a double put in zfcp_port_enqueue() (Dinghao Liu)
• media: dvb: symbol fixup for dvb_attach() - again (Greg Kroah-Hartman)
• ata: libata: disallow dev-initiated LPM transitions to unsupported states (Niklas Cassel)
• net/sched: sch_hfsc: Ensure inner classes have fsc curve (Budimir Markovic) [Orabug: 35810543] {CVE-2023-4623}
• ext4: fix rec_len verify error (Shida Zhang)
• vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (George Kennedy)
• fs: binfmt_elf_efpic: fix personality for ELF-FDPIC (Greg Ungerer)
• ata: libata-sata: increase PMP SRST timeout to 10s (Matthias Schiffer)
• ata: libata-core: Fix port and device removal (Damien Le Moal)
• ata: libata-core: Fix ata_port_request_pm() locking (Damien Le Moal)
• btrfs: properly report 0 avail for very full file systems (Josef Bacik)
• i2c: i801: unregister tco_pdev in i801_probe() error path (Heiner Kallweit)
• ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (Niklas Cassel)
• nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (Pan Bian)
• serial: 8250_port: Check IRQ data before use (Andy Shevchenko)
• watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (Mika Westerberg)
• watchdog: iTCO_wdt: No need to stop the timer in probe (Mika Westerberg)
• ata: libahci: clear pending interrupt status (Szuying Chen)
• ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones (Hannes Reinecke)
• fbdev/sh7760fb: Depend on FB=y (Thomas Zimmermann)
• ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() (Niklas Cassel)
• ring-buffer: Avoid softlockup in ring_buffer_resize() (Zheng Yejian)
• selftests/ftrace: Correctly enable event in instance-event.tc (Zheng Yejian)
• parisc: irq: Make irq_stack_union static to avoid sparse warning (Helge Deller)
• parisc: iosapic.c: Fix sparse warnings (Helge Deller)
• parisc: sba: Fix compile warning wrt list of SBA devices (Helge Deller)
• xtensa: boot/lib: fix function prototypes (Max Filippov)
• xtensa: boot: don't add include-dirs (Randy Dunlap)
• clk: tegra: fix error return case for recalc_rate (Timo Alho)
• i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (Xiaoke Wang)
• gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (Christophe JAILLET)
• team: fix null-ptr-deref when team device type is changed (Ziyang Xuan)
• powerpc/perf/hv-24x7: Update domain value check (Kajol Jain)
• ipv4: fix null-deref in ipv4_link_failure (Kyle Zeng)
• NFS/pNFS: Report EINVAL errors from connect() to the server (Trond Myklebust)

[4.14.35-2047.532.1]

• rds/ib: Preserve dest qp num in the connect request (Arumugam Kolappan) [Orabug: 35649849]
• rds: Provision to allow all trace points at module load time (Arumugam Kolappan) [Orabug: 35355776]