ELSA-2024-12581

Описание

[5.4.17-2136.334.6]

• loop: Fix a race between loop detach and loop open (Gulam Mohamed) [Orabug: 36197800]
• x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs (Alexandre Chartre) [Orabug: 36672495]
• x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Alexandre Chartre) [Orabug: 36642472]
• wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko)
• net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879157] {CVE-2024-41090} {CVE-2024-41091}

[5.4.17-2136.334.5]

• Fix incorrect syntax in UEK6 OL8 kernel-uek.spec (Sherry Yang) [Orabug: 36847358]
• rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36722026]

[5.4.17-2136.334.4]

• Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz)
• netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik) [Orabug: 36835599] {CVE-2024-39503}
• drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski) [Orabug: 36836328] {CVE-2024-40916}
• vxlan: Fix regression when dropping packets due to invalid src addresses (Daniel Borkmann)

[5.4.17-2136.334.3]

• rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529562]
• pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36762919]

[5.4.17-2136.334.2]

• LTS tag: v5.4.278 (Alok Tiwari)
• x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (Daniel J Blueman)
• io_uring: fail NOP if non-zero op flags is passed in (Ming Lei)
• nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov)
• s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger) [Orabug: 36774592] {CVE-2024-38661}
• ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774598] {CVE-2024-39276}
• sparc: move struct termio to asm/termios.h (Mike Gilbert)
• xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet) [Orabug: 36643449] {CVE-2024-35976}
• net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36720417] {CVE-2024-36971}
• kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson)
• kdb: Merge identical case statements in kdb_read() (Daniel Thompson)
• kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson)
• kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) [Orabug: 36809288] {CVE-2024-39480}
• sparc64: Fix number of online CPUs (Sam Ravnborg)
• intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin)
• net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774612] {CVE-2024-39301}
• net/ipv6: Fix route deleting failure when metric equals 0 (xu xin)
• crypto: ecrdsa - Fix module auto-load on add_key (Vitaly Chikunov)
• KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier)
• media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil)
• media: mxl5xx: Move xpt structures off stack (Nathan Chancellor)
• media: mc: mark the media devnode as registered from the, start (Hans Verkuil)
• arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen)
• wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (Bitterblue Smith)
• arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski)
• ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (Christoffer Sandberg)
• ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov)
• drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou) [Orabug: 36774657] {CVE-2024-39471}
• media: lgdt3306a: Add a check against null-pointer-def (Zheyu Ma)
• f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu) [Orabug: 36774636] {CVE-2024-39467}
• x86/mm: Remove broken vsyscall emulation code from the page fault code (Linus Torvalds)
• nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753564] {CVE-2024-38583}
• afs: Don't cross .backup mountpoint from backup volume (Marc Dionne)
• mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz)
• binder: fix max_thread type inconsistency (Carlos Llamas)
• SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever) [Orabug: 36809512] {CVE-2024-36288}
• ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753729] {CVE-2024-38618}
• ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763551] {CVE-2024-33621}
• spi: stm32: Don't warn about spurious interrupts (Uwe Kleine-Konig)
• kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada)
• netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal) [Orabug: 36763563] {CVE-2024-36270}
• net:fec: Add fec_enet_deinit() (Xiaolei Wang)
• net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran)
• smsc95xx: use usbnet->driver_priv (Andre Edich)
• smsc95xx: remove redundant function arguments (Andre Edich)
• enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763836] {CVE-2024-38659}
• dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763844] {CVE-2024-38780}
• net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran)
• nvmet: fix ns enable/disable possible hang (Sagi Grimberg)
• spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko)
• netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug: 36763570] {CVE-2024-36286}
• net: fec: avoid lock evasion when reading pps_enable (Wei Fang)
• virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763587] {CVE-2024-37353}
• arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825258] {CVE-2024-39488}
• openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole)
• tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763591] {CVE-2024-37356}
• params: lift param_set_uint_minmax to common code (Sagi Grimberg)
• ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825262] {CVE-2024-39489}
• sunrpc: fix NFSACL RPC retry on soft mount (Dan Aloni)
• x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada)
• null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun)
• media: cec: cec-api: add locking in cec_release() (Hans Verkuil)
• media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Hans Verkuil)
• um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie)
• powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde)
• scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (Azeem Shaikh)
• media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763602] {CVE-2024-38621}
• um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768583] {CVE-2024-39292}
• um: Fix return value in ubd_init() (Duoming Zhou)
• drm/msm/dpu: Always flush the slave INTF on the CTL (Marijn Suijten)
• Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu)
• Input: ims-pcu - fix printf string overflow (Arnd Bergmann)
• libsubcmd: Fix parse-options memory leak (Ian Rogers)
• serial: sh-sci: protect invalidating RXDMA on shutdown (Wolfram Sang)
• f2fs: fix to release node block count in error path of f2fs_new_node_page() (Chao Yu)
• extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap)
• ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678064] {CVE-2024-36015}
• ppdev: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET)
• stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763763] {CVE-2024-38627}
• usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff)
• microblaze: Remove early printk call from cpuinfo-static.c (Michal Simek)
• microblaze: Remove gcc flag for non existing early_printk.c file (Michal Simek)
• iio: pressure: dps310: support negative temperature values (Thomas Haemmerle)
• greybus: arche-ctrl: move device table to its right location (Arnd Bergmann)
• serial: max3100: Fix bitwise types (Andy Shevchenko)
• serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763814] {CVE-2024-38633}
• serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug: 36763819] {CVE-2024-38634}
• firmware: dmi-id: add a release callback function (Arnd Bergmann)
• dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni)
• soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart) [Orabug: 36763825] {CVE-2024-38635}
• soundwire: cadence_master: improve PDI allocation (Bard Liao)
• soundwire: intel: don't filter out PDI0/1 (Pierre-Louis Bossart)
• soundwire: cadence/intel: simplify PDI/port mapping (Pierre-Louis Bossart)
• greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763832] {CVE-2024-38637}
• sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov)
• af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet)
• netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753581] {CVE-2024-38589}
• RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky)
• selftests/kcmp: remove unused open mode (Edward Liaw)
• selftests/kcmp: Make the test output consistent and clear (Gautam Menghani)
• SUNRPC: Fix gss_free_in_token_pages() (Chuck Lever)
• sunrpc: removed redundant procp check (Aleksandr Aprelkov)
• ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara)
• x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter)
• RDMA/hns: Use complete parentheses in macros (Chengchang Tang)
• drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (Marek Vasut)
• ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt)
• drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36678061] {CVE-2024-36014}
• fbdev: sh7760fb: allow modular build (Randy Dunlap)
• platform/x86: wmi: Make two functions static (YueHaibing)
• media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda)
• media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov)
• fbdev: sisfb: hide unused variables (Arnd Bergmann)
• powerpc/fsl-soc: hide unused const variable (Arnd Bergmann)
• drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753414] {CVE-2024-38549}
• fbdev: shmobile: fix snprintf truncation (Arnd Bergmann)
• mtd: rawnand: hynix: fixed typo (Maxim Korotkov)
• drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan Shanmugam) [Orabug: 36753424] {CVE-2024-38552}
• ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753710] {CVE-2024-38612}
• ipv6: sr: add missing seg6_local_exit (Hangbin Liu)
• net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753462] {CVE-2024-38558}
• net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet)
• af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753599] {CVE-2024-38596}
• net: ethernet: cortina: Locking fixes (Linus Walleij)
• m68k: mac: Fix reboot hang on Mac IIci (Finn Thain)
• m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753714] {CVE-2024-38613}
• net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet)
• usb: aqc111: stop lying about skb->truesize (Eric Dumazet)
• wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter)
• scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753467] {CVE-2024-38559}
• scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753472] {CVE-2024-38560}
• HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (Chen Ni)
• Revert 'sh: Handle calling csum_partial with misaligned data' (Guenter Roeck)
• sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven)
• wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753485] {CVE-2024-38565}
• wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753508] {CVE-2024-38567}
• macintosh/via-macii: Fix 'BUG: sleeping function called from invalid context' (Finn Thain)
• tcp: avoid premature drops in tcp_add_backlog() (Eric Dumazet)
• tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei)
• tcp: minor optimization in tcp_add_backlog() (Eric Dumazet)
• wifi: ath10k: populate board data for WCN3990 (Dmitry Baryshkov)
• wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui)
• x86/purgatory: Switch to the position-independent small code model (Ard Biesheuvel)
• scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov)
• scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang)
• cpufreq: exit() callback is optional (Viresh Kumar) [Orabug: 36753721] {CVE-2024-38615}
• cpufreq: Rearrange locking in cpufreq_remove_dev() (Rafael J. Wysocki)
• cpufreq: Split cpufreq_offline() (Rafael J. Wysocki)
• cpufreq: Reorganize checks in cpufreq_offline() (Rafael J. Wysocki)
• ACPI: disable -Wstringop-truncation (Arnd Bergmann)
• irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu)
• scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney)
• scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney)
• scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV (Andrew Halaney)
• scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney)
• qed: avoid truncating work queue length (Arnd Bergmann)
• wifi: ath10k: poll service ready message before failing (Baochen Qiang)
• md: fix resync softlockup when bitmap size is less than array size (Yu Kuai) [Orabug: 36753648] {CVE-2024-38598}
• null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun)
• jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753651] {CVE-2024-38599}
• s390/cio: fix tracepoint subchannel type field (Peter Oberparleiter)
• crypto: ccp - drop platform ifdef checks (Arnd Bergmann)
• parisc: add missing export of __cmpxchg_u8() (Al Viro)
• nilfs2: fix out-of-range warning (Arnd Bergmann)
• ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753536] {CVE-2024-38578}
• firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart)
• crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753541] {CVE-2024-38579}
• openpromfs: finish conversion to the new mount API (Eric Sandeen)
• nvme: find numa distance only if controller has valid numa id (Nilay Shroff)
• drm/amdkfd: Flush the process wq before creating a kfd_process (Lancelot SIX)
• ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart)
• ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang)
• ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang)
• drm/amd/display: Set color_mgmt_changed to true on unsuspend (Joshua Ashton)
• net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas)
• wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev)
• nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753557] {CVE-2024-38582}
• nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi)
• net: smc91x: Fix m68k kernel compilation for ColdFire CPU (Thorsten Blum)
• ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753661] {CVE-2024-38601}
• tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678068] {CVE-2024-36016}

[5.4.17-2136.334.1]

• rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529583]
• xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36596998]
• xfs: fix sb write verify for lazysbcount (Long Li) [Orabug: 36596998]
• rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613125]