ELSA-2024-12887

Опубликовано: 18 дек. 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Платформа: Oracle Linux 9

Описание

ELSA-2024-12887: Unbreakable Enterprise kernel security update (IMPORTANT)

[5.15.0-303.171.5.2]

build: populate modules_thick.builtin for dirs containing only modules (Nick Alcock) [Orabug: 37393454]
x86/pkeys: Ensure updated PKRU value is XRSTOR'd (Aruna Ramakrishna) [Orabug: 37384237]
x86/pkeys: Change caller of update_pkru_in_sigframe() (Aruna Ramakrishna) [Orabug: 37384237]
Revert 'ocfs2: fix the la space leak when unmounting an ocfs2 volume' (Sherry Yang) [Orabug: 37383283]

[5.15.0-303.171.5.1]

sunrpc: fix a NULL deref in svc_process() when ->sv_stats doesn't exist (Calum Mackay) [Orabug: 37346134]

[5.15.0-303.171.5]

intel_idle: fix ACPI _CST matching for newer Xeon platforms (Artem Bityutskiy) [Orabug: 37249457]
x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (Peter Zijlstra) [Orabug: 37249457]
perf/tests: Add AMX instructions to x86 instruction decoder test (Adrian Hunter) [Orabug: 37249457]
x86/insn: Add AMX instructions to the x86 instruction decoder (Adrian Hunter) [Orabug: 37249457]
intel_idle: add Granite Rapids Xeon support (Artem Bityutskiy) [Orabug: 37249457]
cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE again (Peter Zijlstra) [Orabug: 37249457]
intel_idle: Fix false positive RCU splats due to incorrect hardirqs state (Waiman Long) [Orabug: 37249457]
cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (Peter Zijlstra) [Orabug: 37249457]
intel_idle: Add a new flag to initialize the AMX state (Chang S. Bae) [Orabug: 37249457]
x86/fpu: Add a helper to prepare AMX state for low-power CPU idle (Chang S. Bae) [Orabug: 37249457]
intel_idle: enable interrupts before C1 on Xeons (Artem Bityutskiy) [Orabug: 37249457]

[5.15.0-303.171.4]

rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 (William Kucharski) [Orabug: 37265126]
rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation (William Kucharski) [Orabug: 37265124]
rds: rds_message_alloc() needlessly zeroes m_used_sgs (William Kucharski) [Orabug: 37265122]
rds: tracepoint in rds_receive_csum_err() prints pointless information (William Kucharski) [Orabug: 37265120]
rds: rds_inc_init() should initialize the inc->i_conn_path field (William Kucharski) [Orabug: 37265116]
rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption (William Kucharski) [Orabug: 37265114]
Revert 'net/mlx5: disable the 'fast unload' feature on Exadata systems' (Qing Huang) [Orabug: 37285222]
Revert 'net/mlx5: pretend 'fast unload' succeeded on Exadata systems' (Qing Huang) [Orabug: 37285222]
RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688618] [Orabug: 37279176]
blk-mq: fix missing blk_account_io_done() in error path (Yu Kuai) [Orabug: 37228086]
rds: Add rds stuck shutdown timeout (Rohit Nair) [Orabug: 37214078]
KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD (Sean Christopherson) [Orabug: 37273739]
KVM: SVM: Create a stack frame in __svm_sev_es_vcpu_run() (Sean Christopherson) [Orabug: 37273739]
KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding (Sean Christopherson) [Orabug: 37273739]
mm/memory-failure: pass the folio and the page to collect_procs() (Matthew Wilcox (Oracle)) [Orabug: 37270260]
LTS version: v5.15.171 (Vijayendra Suman)
mac80211: always have ieee80211_sta_restart() (Johannes Berg)
vt: prevent kernel-infoleak in con_font_get() (Jeongjun Park)
drm/i915: Fix potential context UAFs (Rob Clark)
Revert 'drm/mipi-dsi: Set the fwnode for mipi_dsi_device' (Jason-JH.Lin)
mm: shmem: fix data-race in shmem_getattr() (Jeongjun Park) [Orabug: 37268580] {CVE-2024-50228}
wifi: iwlwifi: mvm: fix 6 GHz scan construction (Johannes Berg) [Orabug: 37304734] {CVE-2024-53055}
nilfs2: fix kernel bug due to missing clearing of checked flag (Ryusuke Konishi) [Orabug: 37268588] {CVE-2024-50230}
x86/bugs: Use code segment selector for VERW operand (Pawan Gupta) [Orabug: 37227383] {CVE-2024-50072}
ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (Edward Adam Davis) [Orabug: 37268563] {CVE-2024-50218}
mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves (Matt Fleming) [Orabug: 37268568] {CVE-2024-50219}
mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations accesses reserves (Mel Gorman)
mm/page_alloc: explicitly define what alloc flags deplete min reserves (Mel Gorman)
mm/page_alloc: explicitly record high-order atomic allocations in alloc_flags (Mel Gorman)
mm/page_alloc: treat RT tasks similar to __GFP_HIGH (Mel Gorman)
mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE (Mel Gorman)
mm/page_alloc: split out buddy removal code from rmqueue into separate helper (Mel Gorman)
mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked() (Wonhyuk Yang)
mm/page_alloc: call check_new_pages() while zone spinlock is not held (Eric Dumazet)
riscv: Remove duplicated GET_RM (Chunyan Zhang)
riscv: Remove unused GENERATING_ASM_OFFSETS (Chunyan Zhang)
riscv: Use '%u' to format the output of 'cpu' (WangYuli)
riscv: efi: Set NX compat flag in PE/COFF header (Heinrich Schuchardt)
riscv: vdso: Prevent the compiler from inserting calls to memset() (Alexandre Ghiti)
nilfs2: fix potential deadlock with newly created symlinks (Ryusuke Konishi) [Orabug: 37268584] {CVE-2024-50229}
iio: light: veml6030: fix microlux value calculation (Javier Carrasco)
iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (Zicheng Qu) [Orabug: 37268595] {CVE-2024-50232}
staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (Zicheng Qu) [Orabug: 37268597] {CVE-2024-50233}
wifi: iwlegacy: Clear stale interrupts before resuming device (Ville Syrjala) [Orabug: 37268602] {CVE-2024-50234}
wifi: ath10k: Fix memory leak in management tx (Manikanta Pubbisetty) [Orabug: 37268610] {CVE-2024-50236}
wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (Felix Fietkau) [Orabug: 37268613] {CVE-2024-50237}
xhci: Use pm_runtime_get to prevent RPM on unsupported systems (Basavaraj Natikar)
xhci: Fix Link TRB DMA in command ring stopped completion event (Faisal Hassan)
usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (Javier Carrasco)
usb: phy: Fix API devm_usb_put_phy() can not release the phy (Zijun Hu)
usbip: tools: Fix detach_port() invalid port error path (Zongmin Zhou)
misc: sgi-gru: Don't disable preemption in GRU driver (Dimitri Sivanich)
net: amd: mvme147: Fix probe banner message (Daniel Palmer)
scsi: scsi_transport_fc: Allow setting rport state to current state (Benjamin Marzinski)
fs/ntfs3: Additional check in ni_clear() (Konstantin Komarov) [Orabug: 37268638] {CVE-2024-50244}
fs/ntfs3: Fix possible deadlock in mi_read (Konstantin Komarov) [Orabug: 37268644] {CVE-2024-50245}
fs/ntfs3: Fix warning possible deadlock in ntfs_set_state (Konstantin Komarov)
fs/ntfs3: Check if more than chunk-size bytes are written (Andrew Ballance) [Orabug: 37268655] {CVE-2024-50247}
firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (Xiongfeng Wang)
netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (Pablo Neira Ayuso) [Orabug: 37268670] {CVE-2024-50251}
net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (Benoit Monin)
netfilter: Fix use-after-free in get_info() (Dong Chenchen) [Orabug: 37268689] {CVE-2024-50257}
bpf: Fix out-of-bounds write in trie_get_next_key() (Byeonguk Jeong) [Orabug: 37268702] {CVE-2024-50262}
netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (Zichen Xie) [Orabug: 37268697] {CVE-2024-50259}
net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (Pedro Tammela) [Orabug: 37304740] {CVE-2024-53057}
net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (Furong Xu) [Orabug: 37304745] {CVE-2024-53058}
ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (Christophe JAILLET)
wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (Daniel Gabay) [Orabug: 37304749] {CVE-2024-53059}
wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (Emmanuel Grumbach)
mac80211: Add support to trigger sta disconnect on hardware restart (Youghandhar Chintala)
mac80211: do drv_reconfig_complete() before restarting all (Johannes Berg)
RDMA/bnxt_re: synchronize the qp-handle table array (Selvin Xavier)
RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (Patrisious Haddad)
RDMA/cxgb4: Dump vendor specific QP details (Leon Romanovsky)
wifi: brcm80211: BRCM_TRACING should depend on TRACING (Geert Uytterhoeven)
wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (Felix Fietkau)
mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (Geert Uytterhoeven)
cgroup: Fix potential overflow issue when checking max_depth (Xiu Jianfeng)
ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (Koba Ko) [Orabug: 37264072] {CVE-2024-50141}
ACPI: PRM: Change handler_addr type to void pointer (Sudeep Holla)
ACPI: PRM: Remove unnecessary blank lines (Aubrey Li)
ksmbd: fix user-after-free from session log off (Namjae Jeon) [Orabug: 37227413] {CVE-2024-50086}
selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (Donet Tom)
LTS version: v5.15.170 (Vijayendra Suman)
xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [Orabug: 37264074] {CVE-2024-50142}
ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (Zichen Xie) [Orabug: 37252324] {CVE-2024-50103}
net: phy: dp83822: Fix reset pin definitions (Michel Alex)
serial: protect uart_port_dtr_rts() in uart_shutdown() too (Jiri Slaby (SUSE))
selinux: improve error checking in sel_write_load() (Paul Moore)
hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Haiyang Zhang)
xfrm: fix one more kernel-infoleak in algo dumping (Petr Vaganov) [Orabug: 37252349] {CVE-2024-50110}
ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (Jose Relvas)
KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (Sean Christopherson) [Orabug: 37252372] {CVE-2024-50115}
openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) (Aleksa Sarai)
nilfs2: fix kernel bug due to missing clearing of buffer delay flag (Ryusuke Konishi) [Orabug: 37252377] {CVE-2024-50116}
ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (Shubham Panwar)
ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (Christian Heusel)
drm/amd: Guard against bad data for ATIF ACPI method (Mario Limonciello) [Orabug: 37252383] {CVE-2024-50117}
btrfs: zoned: fix zone unusable accounting for freed reserved extent (Naohiro Aota)
ALSA: hda/realtek: Update default depop procedure (Kailang Yang)
ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (Andrey Shumilin) [Orabug: 37264274] {CVE-2024-50205}
bpf,perf: Fix perf_event_detach_bpf_prog error handling (Jiri Olsa)
posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (Jinjie Ruan) [Orabug: 37320233] {CVE-2024-50210}
r8169: avoid unsolicited interrupts (Heiner Kallweit)
net: sched: fix use-after-free in taprio_change() (Dmitry Antipov) [Orabug: 37252407] {CVE-2024-50127}
net: wwan: fix global oob in wwan_rtnl_policy (Lin Ma) [Orabug: 37252410] {CVE-2024-50128}
net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x (Peter Rashleigh)
net: plip: fix break; causing plip to never transmit (Jakub Boehm)
be2net: fix potential memory leak in be_xmit() (Wang Hai) [Orabug: 37264143] {CVE-2024-50167}
net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() (Wang Hai) [Orabug: 37264149] {CVE-2024-50168}
xfrm: respect ip protocols rules criteria when performing dst lookups (Eyal Birger)
xfrm: extract dst lookup parameters into a struct (Eyal Birger)
tracing: Consider the NULL character when validating the event length (Leo Yan) [Orabug: 37252415] {CVE-2024-50131}
platform/x86: dell-sysman: add support for alienware products (Crag Wang)
ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (Alexey Klimov)
arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning (junhua huang)
platform/x86: dell-wmi: Ignore suspend notifications (Armin Wolf)
udf: fix uninit-value use in udf_get_fileshortad (Gianfranco Trad) [Orabug: 37264080] {CVE-2024-50143}
arm64: Force position-independent veneers (Mark Rutland)
ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (Shengjiu Wang)
ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (Alexey Klimov)
drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (Hans de Goede) [Orabug: 37252420] {CVE-2024-50134}
exec: don't WARN for racy path_noexec check (Mateusz Guzik) [Orabug: 37206344] {CVE-2024-50010}
XHCI: Separate PORT and CAPs macros into dedicated file (Frank Li)
usb: gadget: Add function wakeup support (Elson Roy Serrao)
KVM: s390: gaccess: Check if guest address is in memslot (Nico Boehr)
KVM: s390: gaccess: Cleanup access to guest pages (Janis Schoetterl-Glausch)
KVM: s390: gaccess: Refactor access address range check (Janis Schoetterl-Glausch)
KVM: s390: gaccess: Refactor gpa and length calculation (Janis Schoetterl-Glausch)
arm64: probes: Fix uprobes for big-endian kernels (Mark Rutland) [Orabug: 37264236] {CVE-2024-50194}
arm64:uprobe fix the uprobe SWBP_INSN in big-endian (junhua huang)
Bluetooth: bnep: fix wild-memory-access in proto_unregister (Ye Bin) [Orabug: 37264096] {CVE-2024-50148}
s390: Initialize psw mask in perf_arch_fetch_caller_regs() (Heiko Carstens)
usb: typec: altmode should keep reference to parent (Thadeu Lima de Souza Cascardo) [Orabug: 37264102] {CVE-2024-50150}
smb: client: fix OOBs when building SMB2_IOCTL request (Paulo Alcantara) [Orabug: 37264107] {CVE-2024-50151}
scsi: target: core: Fix null-ptr-deref in target_alloc_device() (Wang Hai) [Orabug: 37264112] {CVE-2024-50153}
genetlink: hold RCU in genlmsg_mcast() (Eric Dumazet)
tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Kuniyuki Iwashima) [Orabug: 37264114] {CVE-2024-50154}
net: systemport: fix potential memory leak in bcm_sysport_xmit() (Wang Hai) [Orabug: 37264156] {CVE-2024-50171}
net: xilinx: axienet: fix potential memory leak in axienet_start_xmit() (Wang Hai)
net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid (Li RongQing)
net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() (Wang Hai)
macsec: don't increment counters for an unrelated SA (Sabrina Dubroca)
net: usb: usbnet: fix race in probe failure (Oliver Neukum)
drm/msm: Allocate memory for disp snapshot with kvzalloc() (Douglas Anderson)
drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (Douglas Anderson) [Orabug: 37264122] {CVE-2024-50156}
drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (Jonathan Marek)
RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (Bhargava Chenna Marreddy) [Orabug: 37264280] {CVE-2024-50208}
RDMA/bnxt_re: Return more meaningful error (Kalesh AP)
ipv4: give an IPv4 dev to blackhole_netdev (Xin Long)
RDMA/irdma: Fix misspelling of 'accept*' (Alexander Zubkov)
RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (Anumula Murali Mohan Reddy)
ALSA: hda/cs8409: Fix possible NULL dereference (Murad Masimov) [Orabug: 37264129] {CVE-2024-50160}
ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin (Florian Klink)
x86/resctrl: Avoid overflow in MB settings in bw_validate() (Martin Kletzander)
RDMA/bnxt_re: Add a check for memory allocation (Kalesh AP) [Orabug: 37264285] {CVE-2024-50209}
RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (Saravanan Vajravel)
bpf: devmap: provide rxq after redirect (Florian Kauer) [Orabug: 37264132] {CVE-2024-50162}
bpf: Make sure internal and UAPI bpf_redirect flags don't overlap (Toke Hoiland-Jorgensen) [Orabug: 37264134] {CVE-2024-50163}
LTS version: v5.15.169 (Vijayendra Suman)
ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (Vasiliy Kovalev)
powerpc/mm: Always update max/min_low_pfn in mem_topology_setup() (Aneesh Kumar K.V)
nilfs2: propagate directory read errors from nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37264266] {CVE-2024-50202}
mptcp: prevent MPC handshake on port-based signal endpoints (Paolo Abeni)
mptcp: fallback when MPTCP opts are dropped after 1st data (Matthieu Baerts (NGI0))
tcp: fix mptcp DSS corruption due to large pmtu xmit (Paolo Abeni) [Orabug: 37227408] {CVE-2024-50083}
mptcp: handle consistently DSS corruption (Paolo Abeni) [Orabug: 37264210] {CVE-2024-50185}
mptcp: track and update contiguous data status (Geliang Tang)
irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Marc Zyngier) [Orabug: 37264231] {CVE-2024-50192}
pinctrl: ocelot: fix system hang on level based interrupts (Sergey Matsievskiy) [Orabug: 37264246] {CVE-2024-50196}
x86/entry_32: Clear CPU buffers after register restore in NMI return (Pawan Gupta) [Orabug: 37264234] {CVE-2024-50193}
x86/entry_32: Do not clobber user EFLAGS.ZF (Pawan Gupta)
x86/apic: Always explicitly disarm TSC-deadline timer (Zhang Rui)
x86/resctrl: Annotate get_mem_config() functions as __init (Nathan Chancellor)
USB: serial: option: add Telit FN920C04 MBIM compositions (Daniele Palmas)
USB: serial: option: add support for Quectel EG916Q-GL (Benjamin B. Frost)
xhci: Mitigate failed set dequeue pointer commands (Mathias Nyman)
xhci: Fix incorrect stream context type macro (Mathias Nyman)
Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (Luiz Augusto von Dentz)
Bluetooth: Remove debugfs directory on module init failure (Aaron Thompson)
iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
iio: light: opt3001: add missing full-scale range value (Emil Gedenryd)
iio: light: veml6030: fix IIO device retrieval from embedded device (Javier Carrasco) [Orabug: 37264254] {CVE-2024-50198}
iio: light: veml6030: fix ALS sensor resolution (Javier Carrasco)
iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (Christophe JAILLET)
iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco)
iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (Javier Carrasco)
iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (Javier Carrasco)
iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (Javier Carrasco)
drm/vmwgfx: Handle surface check failure correctly (Nikolay Kuratov)
drm/radeon: Fix encoder->possible_clones (Ville Syrjala) [Orabug: 37264263] {CVE-2024-50201}
io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe)
blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Omar Sandoval) [Orabug: 37227403] {CVE-2024-50082}
x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (Johannes Wikner)
x86/bugs: Skip RSB fill at VMEXIT (Johannes Wikner)
x86/entry: Have entry_ibpb() invalidate return predictions (Johannes Wikner)
x86/cpufeatures: Add a IBPB_NO_RET BUG flag (Johannes Wikner)
x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (Jim Mattson)
KVM: s390: Change virtual to physical address access in diag 0x258 handler (Michael Mueller)
s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (Thomas Weissschuh)
iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (Lu Baolu) [Orabug: 37252321] {CVE-2024-50101}
io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer)
io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe)
io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer)
drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (Wachowski, Karol)
KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (Breno Leitao) [Orabug: 36835836] {CVE-2024-40953}
dm-crypt, dm-verity: disable tasklets (Mikulas Patocka)
wifi: mac80211: fix potential key use-after-free (Johannes Berg)
secretmem: disable memfd_secret() if arch cannot set direct map (Patrick Roy) [Orabug: 37264195] {CVE-2024-50182}
mm/swapfile: skip HugeTLB pages for unuse_vma (Liu Shixin) [Orabug: 37264256] {CVE-2024-50199}
fat: fix uninitialized variable (OGAWA Hirofumi)
irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (Nianyao Tang)
net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY (Oleksij Rempel)
arm64: probes: Fix simulate_ldr*_literal() (Mark Rutland)
arm64: probes: Remove broken LDR (literal) uprobe support (Mark Rutland) [Orabug: 37252316] {CVE-2024-50099}
posix-clock: Fix missing timespec64 check in pc_clock_settime() (Jinjie Ruan) [Orabug: 37264241] {CVE-2024-50195}
net: enetc: add missing static descriptor and inline keyword (Wei Fang)
net: enetc: remove xdp_drops statistic from enetc_xdp_drop() (Wei Fang)
udf: Fix bogus checksum computation in udf_rename() (Jan Kara) [Orabug: 37320204] {CVE-2024-43845}
udf: Don't return bh from udf_expand_dir_adinicb() (Jan Kara)
udf: Handle error when expanding directory (Jan Kara)
udf: Remove old directory iteration code (Jan Kara)
udf: Convert udf_link() to new directory iteration code (Jan Kara)
udf: Convert udf_mkdir() to new directory iteration code (Jan Kara)
udf: Convert udf_add_nondir() to new directory iteration (Jan Kara)
udf: Implement adding of dir entries using new iteration code (Jan Kara)
udf: Convert udf_unlink() to new directory iteration code (Jan Kara)
udf: Convert udf_rmdir() to new directory iteration code (Jan Kara)
udf: Convert empty_dir() to new directory iteration code (Jan Kara)
udf: Convert udf_get_parent() to new directory iteration code (Jan Kara)
udf: Convert udf_lookup() to use new directory iteration code (Jan Kara)
udf: Convert udf_readdir() to new directory iteration (Jan Kara)
udf: Convert udf_rename() to new directory iteration code (Jan Kara)
udf: Provide function to mark entry as deleted using new directory iteration code (Jan Kara)
udf: Implement searching for directory entry using new iteration code (Jan Kara)
udf: Move udf_expand_dir_adinicb() to its callsite (Jan Kara)
udf: Convert udf_expand_dir_adinicb() to new directory iteration (Jan Kara)
udf: New directory iteration code (Jan Kara)
ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (Vasiliy Kovalev)

[5.15.0-303.168.3]

ACPI: CPPC: Make rmw_lock a raw_spin_lock (Pierre Gondois) [Orabug: 37268714] {CVE-2024-50249}
net: usb: usbnet: fix name regression (Oliver Neukum)
mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (Matthieu Baerts (NGI0))
parport: Proper fix for array out-of-bounds access (Takashi Iwai) [Orabug: 37227435] {CVE-2024-50074}
netfilter: xtables: fix typo causing some targets not to load on IPv6 (Pablo Neira Ayuso)
block, bfq: fix procress reference leakage for bfqq in merge chain (Yu Kuai)
ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (Ido Schimmel) [Orabug: 37304697] {CVE-2024-53042}
usb: dwc3: core: Fix system suspend on TI AM62 platforms (Roger Quadros)
Revert 'driver core: Fix uevent_show() vs driver detach race' (Greg Kroah-Hartman)
jfs: Fix sanity check in dbMount (Dave Kleikamp)
octeontx2-af: Fix potential integer overflows on integer shifts (Colin Ian King)
gtp: allow -1 to be specified as file description from userspace (Pablo Neira Ayuso)
scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (Justin Tee) [Orabug: 37070103] {CVE-2024-43816}
blk-cgroup: Properly propagate the iostat update up the hierarchy (Waiman Long) [Orabug: 37264361]
blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (Ming Lei) [Orabug: 37264361] {CVE-2024-38384}
blk-cgroup: fix list corruption from resetting io stat (Ming Lei) [Orabug: 37264361] {CVE-2024-38663}
blk-cgroup: Flush stats before releasing blkcg_gq (Ming Lei) [Orabug: 37264361]
blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() (Waiman Long) [Orabug: 37264361]
blk-cgroup: don't update io stat for root cgroup (Ming Lei) [Orabug: 37264361]
blk-cgroup: Optimize blkcg_rstat_flush() (Waiman Long) [Orabug: 37264361]
blk-cgroup: Return -ENOMEM directly in blkcg_css_alloc() error path (Waiman Long) [Orabug: 37264361]
vfio/iommu_type1: replace kfree with kvfree (Jiacheng Shi) [Orabug: 37263362]
i2c: i801: Add support for Intel Birch Stream SoC (Jarkko Nikula) [Orabug: 37249533]
nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37244604]
virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (Dan Williams) [Orabug: 37070016]
virt: sevguest: Prep for kernel internal get_ext_report() (Dan Williams) [Orabug: 37070016]
configfs-tsm: Introduce a shared ABI for attestation reports (Dan Williams) [Orabug: 37070016]
virt: coco: Add a coco/Makefile and coco/Kconfig (Dan Williams) [Orabug: 37070016]
virt: sevguest: Fix passing a stack buffer as a scatterlist target (Dan Williams) [Orabug: 37070016]
x86/sev: Change snp_guest_issue_request()'s fw_err argument (Dionna Glaze) [Orabug: 37070016]
crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (Peter Gonda) [Orabug: 37070016]
virt/coco/sev-guest: Double-buffer messages (Dionna Glaze) [Orabug: 37070016]
virt/coco/sev-guest: Add throttling awareness (Dionna Glaze) [Orabug: 37070016]
virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (Borislav Petkov (AMD)) [Orabug: 37070016]
virt/coco/sev-guest: Do some code style cleanups (Borislav Petkov (AMD)) [Orabug: 37070016]
virt/coco/sev-guest: Carve out the request issuing logic into a helper (Borislav Petkov (AMD)) [Orabug: 37070016]
virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (Borislav Petkov (AMD)) [Orabug: 37070016]
virt/coco/sev-guest: Simplify extended guest request handling (Borislav Petkov (AMD)) [Orabug: 37070016]
virt/coco/sev-guest: Check SEV_SNP attribute at probe time (Borislav Petkov (AMD)) [Orabug: 37070016]
x86/sev: Mark snp_abort() noreturn (Borislav Petkov) [Orabug: 37070016]
kbuild: Drop -Wdeclaration-after-statement (Peter Zijlstra) [Orabug: 37070016]
apparmor: Free up __cleanup() name (Peter Zijlstra) [Orabug: 37070016]
fwctl: Expand adaption of code for UEK7 (Liam Merwick) [Orabug: 37070016]
mm/slab: Add __free() support for kvfree (Dan Williams) [Orabug: 37070016]
mm: move kvmalloc-related functions to slab.h (Matthew Wilcox (Oracle)) [Orabug: 37070016]
x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (Tom Lendacky) [Orabug: 37070016]
iommu/amd: Do not identity map v2 capable device when snp is enabled (Vasant Hegde) [Orabug: 37070016]
virt: sevguest: Add CONFIG_CRYPTO dependency (Arnd Bergmann) [Orabug: 37070016]
virt/sev-guest: Remove unnecessary free in init_crypto() (Rafael Mendonca) [Orabug: 37070016]
virt/sev-guest: Add a MODULE_ALIAS (Cole Robinson) [Orabug: 37070016]
virt/sev-guest: Return -EIO if certificate buffer is not large enough (Tom Lendacky) [Orabug: 37070016]
virt/sev-guest: Prevent IV reuse in the SNP guest driver (Peter Gonda) [Orabug: 37070016]
x86/compressed/64: Add identity mappings for setup_data entries (Michael Roth) [Orabug: 37070016]
x86/sev: Do not try to parse for the CC blob on non-AMD hardware (Borislav Petkov (AMD)) [Orabug: 37070016]
x86/sev: Use the GHCB protocol when available for SNP CPUID requests (Tom Lendacky) [Orabug: 37070016]
x86/boot: Fix the setup data types max limit (Borislav Petkov) [Orabug: 37070016]
x86/sev: Don't use cc_platform_has() for early SEV-SNP calls (Tom Lendacky) [Orabug: 37070016]
x86/sev: Fix calculation of end address based on number of pages (Tom Lendacky) [Orabug: 37070016]
x86/sev: Fix kernel crash due to late update to read-only ghcb_version (Ashwin Dayanand Kamat) [Orabug: 37070016]
x86/sev: Add SEV-SNP guest feature negotiation support (Nikunj A Dadhania) [Orabug: 37070016]
Revert 'x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV' (Borislav Petkov) [Orabug: 37070016]
x86/boot: Don't propagate uninitialized boot_params->cc_blob_address (Michael Roth) [Orabug: 37070016]
KVM: SVM: Only dump VMSA to klog at KERN_DEBUG level (Peter Gonda) [Orabug: 37070016]
KVM: SVM: Dump Virtual Machine Save Area (VMSA) to klog (Jarkko Sakkinen) [Orabug: 37070016]
KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (Sean Christopherson) [Orabug: 37070016]
iommu/amd: Add support for AVIC when SNP is enabled (Suravee Suthikulpanit) [Orabug: 37070016]
iommu/amd: Do not support IOMMUv2 APIs when SNP is enabled (Suravee Suthikulpanit) [Orabug: 37070016]
iommu/amd: Do not support IOMMU_DOMAIN_IDENTITY after SNP is enabled (Suravee Suthikulpanit) [Orabug: 37070016]
iommu/amd: Set translation valid bit only when IO page tables are in use (Suravee Suthikulpanit) [Orabug: 37070016]
iommu/amd: Introduce function to check and enable SNP (Brijesh Singh) [Orabug: 37070016]
iommu/amd: Globally detect SNP support (Suravee Suthikulpanit) [Orabug: 37070016]
iommu/amd: Process all IVHDs before enabling IOMMU features (Suravee Suthikulpanit) [Orabug: 37070016]
iommu/amd: Introduce global variable for storing common EFR and EFR2 (Suravee Suthikulpanit) [Orabug: 37070016]
iommu/amd: Introduce Support for Extended Feature 2 Register (Suravee Suthikulpanit) [Orabug: 37070016]
x86/sev: Remove duplicated assignment to variable info (Colin Ian King) [Orabug: 37070016]
x86/sev: Fix address space sparse warning (Borislav Petkov) [Orabug: 37070016]
x86/sev: Get the AP jump table address from secrets page (Brijesh Singh) [Orabug: 37070016]
x86/sev: Add missing __init annotations to SEV init routines (Michael Roth) [Orabug: 37070016]
crypto: ccp - Log when resetting PSP SEV state (Peter Gonda) [Orabug: 37070016]
virt: sev-guest: Pass the appropriate argument type to iounmap() (Tom Lendacky) [Orabug: 37070016]
virt: sevguest: Rename the sevguest dir and files to sev-guest (Tom Lendacky) [Orabug: 37070016]
virt: sevguest: Change driver name to reflect generic SEV support (Tom Lendacky) [Orabug: 37070016]
x86/boot: Put globals that are accessed early into the .data section (Michael Roth) [Orabug: 37070016]
virt: sevguest: Fix bool function returning negative value (Haowen Bai) [Orabug: 37070016]
virt: sevguest: Fix return value check in alloc_shared_pages() (Yang Yingliang) [Orabug: 37070016]
x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (Peter Gonda) [Orabug: 37070016]
virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (Michael Roth) [Orabug: 37070016]
virt: sevguest: Add support to get extended report (Brijesh Singh) [Orabug: 37070016]
virt: sevguest: Add support to derive key (Brijesh Singh) [Orabug: 37070016]
virt: Add SEV-SNP guest driver (Brijesh Singh) [Orabug: 37070016]
x86/sev: Register SEV-SNP guest request platform device (Brijesh Singh) [Orabug: 37070016]
x86/sev: Provide support for SNP guest request NAEs (Brijesh Singh) [Orabug: 37070016]
x86/sev: Add a sev= cmdline option (Michael Roth) [Orabug: 37070016]
x86/sev: Use firmware-validated CPUID for SEV-SNP guests (Michael Roth) [Orabug: 37070016]
x86/sev: Add SEV-SNP feature detection/setup (Michael Roth) [Orabug: 37070016]
x86/compressed/64: Add identity mapping for Confidential Computing blob (Michael Roth) [Orabug: 37070016]
x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (Michael Roth) [Orabug: 37070016]
x86/compressed: Add SEV-SNP feature detection/setup (Michael Roth) [Orabug: 37070016]
x86/boot: Add a pointer to Confidential Computing blob in bootparams (Michael Roth) [Orabug: 37070016]
x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (Michael Roth) [Orabug: 37070016]
x86/sev: Move MSR-based VMGEXITs for CPUID to helper (Michael Roth) [Orabug: 37070016]
KVM: x86: Move lookup of indexed CPUID leafs to helper (Michael Roth) [Orabug: 37070016]
x86/boot: Add Confidential Computing type to setup_data (Brijesh Singh) [Orabug: 37070016]
x86/compressed/acpi: Move EFI kexec handling into common code (Michael Roth) [Orabug: 37070016]
x86/compressed/acpi: Move EFI vendor table lookup to helper (Michael Roth) [Orabug: 37070016]
x86/compressed/acpi: Move EFI config table lookup to helper (Michael Roth) [Orabug: 37070016]
x86/compressed/acpi: Move EFI system table lookup to helper (Michael Roth) [Orabug: 37070016]
x86/head/64: Re-enable stack protection (Michael Roth) [Orabug: 37070016]
x86/sev: Use SEV-SNP AP creation to start secondary CPUs (Tom Lendacky) [Orabug: 37070016]
x86/sev: Remove do_early_exception() forward declarations (Borislav Petkov) [Orabug: 37070016]
x86/mm: Validate memory when changing the C-bit (Brijesh Singh) [Orabug: 37070016]
x86/mm/cpa: Generalize __set_memory_enc_pgtable() (Brijesh Singh) [Orabug: 37070016]
x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (Brijesh Singh) [Orabug: 37070016]
x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (Brijesh Singh) [Orabug: 37070016]
x86/head64: Add missing __head annotation to sme_postprocess_startup() (Marco Bonelli) [Orabug: 37070016]
x86/head64: Carve out the guest encryption postprocessing into a helper (Borislav Petkov) [Orabug: 37070016]
x86/sev: Add helper for validating pages in early enc attribute changes (Brijesh Singh) [Orabug: 37070016]
x86/sev: Register GHCB memory when SEV-SNP is active (Brijesh Singh) [Orabug: 37070016]
x86/compressed: Register GHCB memory when SEV-SNP is active (Brijesh Singh) [Orabug: 37070016]
x86/compressed: Add helper for validating pages in the decompression stage (Brijesh Singh) [Orabug: 37070016]
x86/sev: Check the VMPL level (Brijesh Singh) [Orabug: 37070016]
x86/sev: Add a helper for the PVALIDATE instruction (Brijesh Singh) [Orabug: 37070016]
x86/sev: Check SEV-SNP features support (Brijesh Singh) [Orabug: 37070016]
x86/sev: Save the negotiated GHCB version (Brijesh Singh) [Orabug: 37070016]
x86/sev: Define the Linux-specific guest termination reasons (Brijesh Singh) [Orabug: 37070016]
x86/mm: Extend cc_attr to include AMD SEV-SNP (Brijesh Singh) [Orabug: 37070016]
x86/sev: Detect/setup SEV/SME features earlier in boot (Michael Roth) [Orabug: 37070016]
x86/compressed/64: Detect/setup SEV/SME features earlier during boot (Michael Roth) [Orabug: 37070016]
KVM: SVM: Update the SEV-ES save area mapping (Tom Lendacky) [Orabug: 37070016]
KVM: SVM: Create a separate mapping for the GHCB save area (Tom Lendacky) [Orabug: 37070016] [Orabug: 37070016]
KVM: SVM: Create a separate mapping for the SEV-ES save area (Tom Lendacky) [Orabug: 37070016]
KVM: SVM: Define sev_features and VMPL field in the VMSA (Brijesh Singh) [Orabug: 37070016]
x86/sev: Move common memory encryption code to mem_encrypt.c (Kirill A. Shutemov) [Orabug: 37070016]
x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c (Kuppuswamy Sathyanarayanan) [Orabug: 37070016]
x86/sev: Get rid of excessive use of defines (Borislav Petkov) [Orabug: 37070016]
x86/sev: Shorten GHCB terminate macro names (Brijesh Singh) [Orabug: 37070016]
x86/coco: Add API to handle encryption mask (Kirill A. Shutemov) [Orabug: 37070016]
x86/coco: Explicitly declare type of confidential computing platform (Kirill A. Shutemov) [Orabug: 37070016]
x86/hyperv: Initialize GHCB page in Isolation VM (Tianyu Lan) [Orabug: 37070016]
x86/cc: Move arch/x86/{kernel/cc_platform.c => coco/core.c} (Kirill A. Shutemov) [Orabug: 37070016]
x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has() (Tianyu Lan) [Orabug: 37070016]
crypto: ccp - Add SEV_INIT_EX support (David Rientjes) [Orabug: 37070016]
crypto: ccp - Add psp_init_on_probe module parameter (Peter Gonda) [Orabug: 37070016]
crypto: ccp - Add SEV_INIT rc error logging on init (Peter Gonda) [Orabug: 37070016]
KVM: SVM: Hide SEV migration lockdep goo behind CONFIG_PROVE_LOCKING (Sean Christopherson) [Orabug: 37070016]
KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL (Sean Christopherson) [Orabug: 37070016]
KVM: SEV: Init target VMCBs in sev_migrate_from (Peter Gonda) [Orabug: 37070016]
KVM, SEV: Add KVM_EXIT_SHUTDOWN metadata for SEV-ES (Peter Gonda) [Orabug: 37070016]
KVM: SEV: Mark nested locking of vcpu->lock (Peter Gonda) [Orabug: 37070016]
KVM: SVM: Simplify and harden helper to flush SEV guest page(s) (Sean Christopherson) [Orabug: 37070016]
KVM: SEV: Add cond_resched() to loop in sev_clflush_pages() (Peter Gonda) [Orabug: 37070016]
KVM: SEV: Allow SEV intra-host migration of VM with mirrors (Peter Gonda) [Orabug: 37070016]
KVM: SVM: improve split between svm_prepare_guest_switch and sev_es_prepare_guest_switch (Paolo Bonzini) [Orabug: 37070016]
selftests: KVM: sev_migrate_tests: Add mirror command tests (Peter Gonda) [Orabug: 37070016]
selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (Peter Gonda) [Orabug: 37070016]
selftests: KVM: sev_migrate_tests: Fix test_sev_mirror() (Peter Gonda) [Orabug: 37070016]
KVM: SEV: Mark nested locking of kvm->lock (Wanpeng Li) [Orabug: 37070016]
KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (Tom Lendacky) [Orabug: 37070016]
KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (Sean Christopherson) [Orabug: 37070016]
KVM: SEV: accept signals in sev_lock_two_vms (Paolo Bonzini) [Orabug: 37070016]
KVM: SEV: do not take kvm->lock when destroying (Paolo Bonzini) [Orabug: 37070016]
KVM: SEV: Prohibit migration of a VM that has mirrors (Paolo Bonzini) [Orabug: 37070016]
KVM: SEV: Do COPY_ENC_CONTEXT_FROM with both VMs locked (Paolo Bonzini) [Orabug: 37070016]
selftests: sev_migrate_tests: add tests for KVM_CAP_VM_COPY_ENC_CONTEXT_FROM (Paolo Bonzini) [Orabug: 37070016]
KVM: SEV: move mirror status to destination of KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (Paolo Bonzini) [Orabug: 37070016]
KVM: SEV: cleanup locking for KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (Paolo Bonzini) [Orabug: 37070016]
KVM: SEV: do not use list_replace_init on an empty list (Paolo Bonzini) [Orabug: 37070016]
selftests: sev_migrate_tests: free all VMs (Paolo Bonzini) [Orabug: 37070016]
selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (Paolo Bonzini) [Orabug: 37070016]
KVM: SEV: Fix typo in and tweak name of cmd_allowed_from_miror() (Sean Christopherson) [Orabug: 37070016]
KVM: SEV: Drop a redundant setting of sev->asid during initialization (Sean Christopherson) [Orabug: 37070016]
KVM: SEV: Set sev_info.active after initial checks in sev_guest_init() (Sean Christopherson) [Orabug: 37070016]
KVM: SEV: unify cgroup cleanup code for svm_vm_migrate_from (Paolo Bonzini) [Orabug: 37070016]
selftest: KVM: Add intra host migration tests (Peter Gonda) [Orabug: 37070016]
KVM: selftests: Use pattern matching in .gitignore (Sean Christopherson) [Orabug: 37070016]
selftest: KVM: Add open sev dev helper (Peter Gonda) [Orabug: 37070016]
x86/kvm: Add guest support for detecting and enabling SEV Live Migration feature. (Ashish Kalra) [Orabug: 37070016]
EFI: Introduce the new AMD Memory Encryption GUID. (Ashish Kalra) [Orabug: 37070016]
mm: x86: Invoke hypercall when page encryption status is changed (Brijesh Singh) [Orabug: 37070016]
x86/kvm: Add AMD SEV specific Hypercall3 (Brijesh Singh) [Orabug: 37070016]
KVM: SEV: Add support for SEV-ES intra host migration (Peter Gonda) [Orabug: 37070016]
KVM: SEV: Add support for SEV intra host migration (Peter Gonda) [Orabug: 37070016]
KVM: SEV: provide helpers to charge/uncharge misc_cg (Paolo Bonzini) [Orabug: 37070016]
KVM: SEV: Refactor out sev_es_state struct (Peter Gonda) [Orabug: 37070016]
x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV (Tianyu Lan) [Orabug: 37070016]
x86/sev: Allow #VC exceptions on the VC2 stack (Joerg Roedel) [Orabug: 37070016]
KVM: generalize 'bugged' VM to 'dead' VM (Paolo Bonzini) [Orabug: 37070016]
x86/sev: Carve out HV call's return value verification (Borislav Petkov) [Orabug: 37070016]
KVM: Free new dirty bitmap if creating a new memslot fails (Sean Christopherson) [Orabug: 37070016]
KVM: Fix comments that refer to the non-existent install_new_memslots() (Jun Miao) [Orabug: 37070016]
KVM: x86: Retry page fault if MMU reload is pending and root has no sp (Sean Christopherson) [Orabug: 37070016]
KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that hangs vCPUs (Sean Christopherson) [Orabug: 37070016]
KVM: Dynamically allocate 'new' memslots from the get-go (Sean Christopherson) [Orabug: 37070016]
KVM: Wait 'til the bitter end to initialize the 'new' memslot (Sean Christopherson) [Orabug: 37070016]
KVM: Optimize overlapping memslots check (Maciej S. Szmigiero) [Orabug: 37070016]
KVM: Optimize gfn lookup in kvm_zap_gfn_range() (Maciej S. Szmigiero) [Orabug: 37070016]
KVM: Call kvm_arch_flush_shadow_memslot() on the old slot in kvm_invalidate_memslot() (Maciej S. Szmigiero) [Orabug: 37070016]
KVM: Keep memslots in tree-based structures instead of array-based ones (Maciej S. Szmigiero) [Orabug: 37070016]
KVM: s390: Introduce kvm_s390_get_gfn_end() (Maciej S. Szmigiero) [Orabug: 37070016]
KVM: s390: Add a routine for setting userspace CPU state (Eric Farman) [Orabug: 37070016]
KVM: Use interval tree to do fast hva lookup in memslots (Maciej S. Szmigiero) [Orabug: 37070016]
KVM: Resolve memslot ID via a hash table instead of via a static array (Maciej S. Szmigiero) [Orabug: 37070016]
Revert 'kvm: fix possible spectre gadgets in include/linux/kvm_host.h' (Liam Merwick) [Orabug: 37070016]
KVM: Move WARN on invalid memslot index to update_memslots() (Maciej S. Szmigiero) [Orabug: 37070016]
KVM: Integrate gfn_to_memslot_approx() into search_memslots() (Maciej S. Szmigiero) [Orabug: 37070016]
KVM: x86: Use nr_memslot_pages to avoid traversing the memslots array (Maciej S. Szmigiero) [Orabug: 37070016]
KVM: x86: Don't call kvm_mmu_change_mmu_pages() if the count hasn't changed (Maciej S. Szmigiero) [Orabug: 37070016]
KVM: Don't make a full copy of the old memslot in __kvm_set_memory_region() (Sean Christopherson) [Orabug: 37070016]
KVM: s390: Skip gfn/size sanity checks on memslot DELETE or FLAGS_ONLY (Sean Christopherson) [Orabug: 37070016]
KVM: x86: Don't assume old/new memslots are non-NULL at memslot commit (Sean Christopherson) [Orabug: 37070016]
KVM: Use prepare/commit hooks to handle generic memslot metadata updates (Sean Christopherson) [Orabug: 37070016]
KVM: Stop passing kvm_userspace_memory_region to arch memslot hooks (Sean Christopherson) [Orabug: 37070016]
KVM: x86: Use 'new' memslot instead of userspace memory region (Sean Christopherson) [Orabug: 37070016]
KVM: s390: Use 'new' memslot instead of userspace memory region (Sean Christopherson) [Orabug: 37070016]
KVM: PPC: Avoid referencing userspace memory region in memslot updates (Sean Christopherson) [Orabug: 37070016]
KVM: MIPS: Drop pr_debug from memslot commit to avoid using 'mem' (Sean Christopherson) [Orabug: 37070016]
KVM: arm64: Use 'new' memslot instead of userspace memory region (Sean Christopherson) [Orabug: 37070016]
KVM: Let/force architectures to deal with arch specific memslot data (Sean Christopherson) [Orabug: 37070016]
KVM: Use 'new' memslot's address space ID instead of dedicated param (Sean Christopherson) [Orabug: 37070016]
KVM: Resync only arch fields when slots_arch_lock gets reacquired (Maciej S. Szmigiero) [Orabug: 37070016]
KVM: Open code kvm_delete_memslot() into its only caller (Sean Christopherson) [Orabug: 37070016]
KVM: Require total number of memslot pages to fit in an unsigned long (Sean Christopherson) [Orabug: 37070016]
KVM: x86/mmu: Extract zapping of rmaps for gfn range to separate helper (Sean Christopherson) [Orabug: 37070016]
KVM: x86/mmu: Drop a redundant remote TLB flush in kvm_zap_gfn_range() (Sean Christopherson) [Orabug: 37070016]
KVM: x86/mmu: Retry page fault if root is invalidated by memslot update (Sean Christopherson) [Orabug: 37070016]
KVM: x86/mmu: Properly dereference rcu-protected TDP MMU sptep iterator (Sean Christopherson) [Orabug: 37070016]
KVM: x86/mmu: Don't rebuild page when the page is synced and no tlb flushing is required (Hou Wenlong) [Orabug: 37070016]
KVM: x86/mmu: Avoid memslot lookup in rmap_add (David Matlack) [Orabug: 37070016]
KVM: MMU: pass struct kvm_page_fault to mmu_set_spte (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: pass kvm_mmu_page struct to make_spte (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: set ad_disabled in TDP MMU role (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: remove unnecessary argument to mmu_set_spte (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: clean up make_spte return value (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: inline set_spte in FNAME(sync_page) (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: inline set_spte in mmu_set_spte (Paolo Bonzini) [Orabug: 37070016]
KVM: x86/mmu: Avoid memslot lookup in page_fault_handle_page_track (David Matlack) [Orabug: 37070016]
KVM: x86/mmu: Pass the memslot around via struct kvm_page_fault (David Matlack) [Orabug: 37070016] [Orabug: 37070016]
KVM: MMU: unify tdp_mmu_map_set_spte_atomic and tdp_mmu_set_spte_atomic_no_dirty_log (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: mark page dirty in make_spte (Paolo Bonzini) [Orabug: 37070016]
KVM: x86/mmu: Verify shadow walk doesn't terminate early in page faults (Sean Christopherson) [Orabug: 37070016]
KVM: MMU: change tracepoints arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: change disallowed_hugepage_adjust() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: change kvm_mmu_hugepage_adjust() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: change fast_page_fault() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: change tdp_mmu_map_handle_target_level() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: change kvm_tdp_mmu_map() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: change FNAME(fetch)() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: change __direct_map() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: change handle_abnormal_pfn() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: change kvm_faultin_pfn() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: change page_fault_handle_page_track() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: change direct_page_fault() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: change mmu->page_fault() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: Introduce struct kvm_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: MMU: pass unadulterated gpa to direct_page_fault (Paolo Bonzini) [Orabug: 37070016]
KVM: X86: Don't unsync pagetables when speculative (Lai Jiangshan) [Orabug: 37070016]
KVM: X86: Change kvm_sync_page() to return true when remote flush is needed (Lai Jiangshan) [Orabug: 37070016]
KVM: X86: Remove kvm_mmu_flush_or_zap() (Lai Jiangshan) [Orabug: 37070016]
KVM: X86: Don't flush current tlb on shadow page modification (Lai Jiangshan) [Orabug: 37070016]
net: mana: Fix RX buf alloc_size alignment and atomic op panic (Haiyang Zhang) [Orabug: 37029115] {CVE-2024-45001}
net/mlx5: pretend 'fast unload' succeeded on Exadata systems (Gerd Rausch) [Orabug: 37224000]
rds: Do not invoke the transport's recv_path() while in atomic context (Hakon Bugge) [Orabug: 36368605]

[5.15.0-303.168.2]

Revert 'rds: ib: Make sure receives are posted before connection is up' (Gerd Rausch) [Orabug: 37244182]
uek-rpm/ol9/config-mips64: Align MIPS64 Crypto configs with x86_64 (Vijay Kumar) [Orabug: 37218693]
rds: ib: Avoid reuse of IB MRs when cleaning is in progress (Hakon Bugge) [Orabug: 37206836]
spec: Set CONFIG_CRYPTO_FIPS_NAME for standard & embedded kernels (Jonah Palmer) [Orabug: 37137136]
spec: Set CONFIG_CRYPTO_FIPS_NAME for container kernels (Jonah Palmer) [Orabug: 37137136]
spec: Add UEK release macros for UEK7 (Jonah Palmer) [Orabug: 37137136]
uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol9 Pensando embedded kernels (Jonah Palmer) [Orabug: 37137136]
uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol9 T93 embedded kernels (Jonah Palmer) [Orabug: 37137136]
uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol9 MIPS64 embedded kernels (Jonah Palmer) [Orabug: 37137136]
uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol8 Bluefield 3 smartnic embedded kernels (Jonah Palmer) [Orabug: 37137136]
uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol8/ol9 standard kernels (Jonah Palmer) [Orabug: 37137136]
uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol8/ol9 container kernels (Jonah Palmer) [Orabug: 37137136]

[5.15.0-303.168.1]

LTS version: v5.15.168 (Vijayendra Suman)
net: xilinx: axienet: Schedule NAPI in two steps (Sean Anderson)
selftests: net: more strict check in net_helper (Paolo Abeni)
net: axienet: start napi before enabling Rx/Tx (Andy Chiu)
ext4: fix warning in ext4_dio_write_end_io() (Jan Kara)
netfilter: ip6t_rpfilter: Fix regression with VRF interfaces (Phil Sutter)
net: vrf: determine the dst using the original ifindex for multicast (Antoine Tenart)
net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev (Andrea Mayer)
xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup (David Ahern)
net: geneve: add missing netlink policy and size for IFLA_GENEVE_INNER_PROTO_INHERIT (Eyal Birger)
block, bfq: fix uaf for accessing waker_bfqq after splitting (Yu Kuai)
kthread: unpark only parked kthread (Frederic Weisbecker) [Orabug: 37206395] {CVE-2024-50019}
nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (Yonatan Maman) [Orabug: 37252307] {CVE-2024-50096}
mptcp: pm: do not remove closing subflows (Matthieu Baerts (NGI0))
net: dsa: lan9303: ensure chip reset and wait for READY status (Anatolij Gustschin)
net: Fix an unsafe loop on the list (Anastasia Kovaleva) [Orabug: 37206408] {CVE-2024-50024}
net: explicitly clear the sk pointer, when pf->create fails (Ignat Korchagin)
drm/v3d: Stop the active perfmon before being destroyed (Maira Canal) [Orabug: 37206424] {CVE-2024-50031}
hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (SurajSonawane2415)
usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (Icenowy Zheng)
usb: xhci: Fix problem with xhci resume from suspend (Jose Alberto Reguero)
usb: dwc3: core: Stop processing of pending events if controller is halted (Selvarasu Ganesan)
Revert 'usb: yurex: Replace snprintf() with the safer scnprintf() variant' (Oliver Neukum)
HID: plantronics: Workaround for an unexcepted opposite volume key (Wade Wang)
resource: fix region_intersects() vs add_memory_driver_managed() (Huang Ying) [Orabug: 37200930] {CVE-2024-49878}
HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (Basavaraj Natikar) [Orabug: 37264222] {CVE-2024-50189}
hwmon: (adt7470) Add missing dependency on REGMAP_I2C (Javier Carrasco)
hwmon: (adm9240) Add missing dependency on REGMAP_I2C (Javier Carrasco)
hwmon: (tmp513) Add missing dependency on REGMAP_I2C (Guenter Roeck)
x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported (Mitchell Levy)
RDMA/hns: Fix UAF for cq async event (Chengchang Tang) [Orabug: 36753395] {CVE-2024-38545}
slip: make slhc_remember() more robust against malicious packets (Eric Dumazet) [Orabug: 37206428] {CVE-2024-50033}
ppp: fix ppp_async_encode() illegal access (Eric Dumazet) [Orabug: 37206434] {CVE-2024-50035}
mctp: Handle error of rtnl_register_module(). (Kuniyuki Iwashima)
rtnetlink: Add bulk registration helpers for rtnetlink message handlers. (Kuniyuki Iwashima)
net: rtnetlink: add msg kind names (Nikolay Aleksandrov)
netfilter: fib: check correct rtable in vrf setups (Florian Westphal)
netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces. (Guillaume Nault)
netfilter: rpfilter/fib: Populate flowic_l3mdev field (Phil Sutter)
netfilter: xtables: avoid NFPROTO_UNSPEC where needed (Florian Westphal) [Orabug: 37206449] {CVE-2024-50038}
sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (Xin Long)
net: ibm: emac: mal: fix wrong goto (Rosen Penev)
net/sched: accept TCA_STAB only for root qdisc (Eric Dumazet) [Orabug: 37206456] {CVE-2024-50039}
igb: Do not bring the device up after non-fatal error (Mohamed Khalfella) [Orabug: 37206463] {CVE-2024-50040}
i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (Aleksandr Loktionov) [Orabug: 37206468] {CVE-2024-50041}
ice: Fix netif_is_ice() in Safe Mode (Marcin Szycik)
gpio: aspeed: Use devm_clk api to manage clock source (Billy Tsai)
gpio: aspeed: Add the flush write to ensure the write complete. (Billy Tsai)
net: dsa: b53: fix jumbo frames on 10/100 ports (Jonas Gorski)
net: dsa: b53: allow lower MTUs on BCM5325/5365 (Jonas Gorski)
net: dsa: b53: fix max MTU for BCM5325/BCM5365 (Jonas Gorski)
net: dsa: b53: fix max MTU for 1g switches (Jonas Gorski)
net: dsa: b53: fix jumbo frame mtu check (Jonas Gorski)
thermal: intel: int340x: processor: Fix warning during module unload (Zhang Rui) [Orabug: 37252297] {CVE-2024-50093}
thermal: int340x: processor_thermal: Set feature mask before proc_thermal_add (Srinivas Pandruvada)
net: phy: bcm84881: Fix some error handling paths (Christophe JAILLET)
Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (Luiz Augusto von Dentz) [Orabug: 37206473] {CVE-2024-50044}
netfilter: br_netfilter: fix panic with metadata_dst skb (Andy Roulin) [Orabug: 37206481] {CVE-2024-50045}
tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (Neal Cardwell)
tcp: fix to allow timestamp undo if no retransmits were sent (Neal Cardwell)
net: phy: dp83869: fix memory corruption when enabling fiber (Ingo van Lil) [Orabug: 37264220] {CVE-2024-50188}
NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (Yanjun Zhang) [Orabug: 37206486] {CVE-2024-50046}
SUNRPC: Fix integer overflow in decode_rc_list() (Dan Carpenter)
ice: fix VLAN replay after reset (Dave Ertman)
NFSD: Mark filecache 'down' if init fails (Chuck Lever)
RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (Bob Pearson)
fbdev: sisfb: Fix strbuf array overflow (Andrey Shumilin) [Orabug: 37264185] {CVE-2024-50180}
drm/amd/display: Check null pointer before dereferencing se (Alex Hung) [Orabug: 37206502] {CVE-2024-50049}
driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (Zijun Hu)
tools/iio: Add memory allocation failure check for trigger_name (Zhu Jun)
virtio_pmem: Check device status before requesting flush (Philip Chen) [Orabug: 37264203] {CVE-2024-50184}
comedi: ni_routing: tools: Check when the file could not be opened (Ruffalo Lavoisier)
usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (Shawn Shao)
usb: chipidea: udc: enable suspend interrupt after usb reset (Xu Yang)
clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (Peng Fan) [Orabug: 37264190] {CVE-2024-50181}
remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table (Peng Fan)
media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (Yunke Cao)
ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (Kaixin Wang) [Orabug: 37206539] {CVE-2024-50059}
PCI: Mark Creative Labs EMU20k2 INTx masking as broken (Alex Williamson)
i2c: i801: Use a different adapter-name for IDF adapters (Hans de Goede)
PCI: Add ACS quirk for Qualcomm SA8775P (Subramanian Ananthanarayanan)
clk: bcm: bcm53573: fix OF node leak in init (Krzysztof Kozlowski)
RDMA/rtrs-srv: Avoid null pointer deref during path establishment (Md Haris Iqbal) [Orabug: 37206562] {CVE-2024-50062}
PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (WangYuli)
RDMA/mad: Improve handling of timed out WRs of mad agent (Saravanan Vajravel) [Orabug: 37252300] {CVE-2024-50095}
ktest.pl: Avoid false positives with grub2 skip regex (Daniel Jordan)
s390/cpum_sf: Remove WARN_ON_ONCE statements (Thomas Richter)
ext4: nested locking for xattr inode (Wojciech Gladysz)
ext4: don't set SB_RDONLY after filesystem errors (Jan Kara) [Orabug: 37264225] {CVE-2024-50191}
bpf, x64: Fix a jit convergence issue (Yonghong Song)
s390/mm: Add cond_resched() to cmm_alloc/free_pages() (Gerald Schaefer)
s390/facility: Disable compile time optimization for decompressor code (Heiko Carstens)
bpf: Check percpu map value size first (Tao Chen)
Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (Mathias Krause)
virtio_console: fix misc probe bugs (Michael S. Tsirkin)
fs/ntfs3: Refactor enum_rstbl to suppress static checker (Konstantin Komarov)
selftests: net: Remove executable bits from library scripts (Benjamin Poirier)
selftests/net: synchronize udpgro tests' tx and rx connection (Lucas Karpinski)
selftests/net: give more time to udpgro bg processes to complete startup (Adrien Thierry)
tracing: Have saved_cmdlines arrays all in one allocation (Steven Rostedt (Google))
drm/crtc: fix uninitialized variable use even harder (Rob Clark)
tracing: Remove precision vsnprintf() check from print event (Steven Rostedt (Google))
net: ethernet: cortina: Drop TSO support (Linus Walleij)
unicode: Don't special case ignorable code points (Gabriel Krisman Bertazi) [Orabug: 37252273] {CVE-2024-50089}
ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() (Jaroslav Kysela) [Orabug: 36983951] {CVE-2023-52904}
perf report: Fix segfault when 'sym' sort key is not used (Namhyung Kim)
9p: add missing locking around taking dentry fid list (Dominique Martinet) [Orabug: 36774627] {CVE-2024-39463}
ext4: fix inode tree inconsistency caused by ENOMEM (zhanchengbin)
Revert 'arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings' (Sumit Semwal)
ACPI: battery: Fix possible crash when unregistering a battery hook (Armin Wolf) [Orabug: 37206091] {CVE-2024-49955}
ACPI: battery: Simplify battery hook locking (Armin Wolf)
clk: qcom: gcc-sc8180x: Add GPLL9 support (Satya Priya Kakitapalli)
r8169: add tally counter fields added with RTL8125 (Heiner Kallweit) [Orabug: 37206182] {CVE-2024-49973}
r8169: Fix spelling mistake: 'tx_underun' -> 'tx_underrun' (Colin Ian King)
dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x (Satya Priya Kakitapalli)
dt-bindings: clock: qcom: Add missing UFS QREF clocks (Manivannan Sadhasivam)
media: imx335: Fix reset-gpio handling (Umang Jain)
media: i2c: imx335: Enable regulator supplies (Kieran Bingham)
drm/rockchip: vop: clear DMA stop bit on RK3066 (Val Packett)
drm/rockchip: support gamma control on RK3399 (Hugh Cole-Baker)
drm/rockchip: define gamma registers for RK3399 (Hugh Cole-Baker)
lib/buildid: harden build ID parsing logic (Andrii Nakryiko)
build-id: require program headers to be right after ELF header (Alexey Dobriyan)
drm/amd/display: Allow backlight to go below AMDGPU_DM_DEFAULT_MIN_BACKLIGHT (Mario Limonciello)
uprobes: fix kernel info leak via '[uprobes]' vma (Oleg Nesterov)
arm64: cputype: Add Neoverse-N3 definitions (Mark Rutland)
arm64: Add Cortex-715 CPU part definition (Anshuman Khandual)
ext4: dax: fix overflowing extents beyond inode size when partially writing (Zhihao Cheng) [Orabug: 37206370] {CVE-2024-50015}
ext4: properly sync file size update after O_SYNC direct IO (Jan Kara)
spi: bcm63xx: Fix missing pm_runtime_disable() (Jinjie Ruan)
i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (Jinjie Ruan)
i2c: xiic: Use devm_clk_get_enabled() (Andi Shyti)
i2c: core: Lock address during client device instantiation (Heiner Kallweit)
i2c: create debugfs entry per adapter (Wolfram Sang)
kconfig: qconf: fix buffer overflow in debug links (Masahiro Yamada)
drm/amd/display: Fix system hang while resume with TBT monitor (Tom Chung) [Orabug: 37206307] {CVE-2024-50003}
drm/sched: Add locking to drm_sched_entity_modify_sched (Tvrtko Ursulin)
close_range(): fix the logics in descriptor table trimming (Al Viro)
tracing/timerlat: Fix a race during cpuhp processing (Wei Li) [Orabug: 37200894] {CVE-2024-49866}
tracing/hwlat: Fix a race during cpuhp processing (Wei Li)
gpio: davinci: fix lazy disable (Emanuele Ghidoli)
btrfs: wait for fixup workers before stopping cleaner kthread during umount (Filipe Manana) [Orabug: 37200896] {CVE-2024-49867}
btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (Qu Wenruo) [Orabug: 37200902] {CVE-2024-49868}
ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (Hans de Goede)
ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (Hans de Goede)
Input: adp5589-keys - fix adp5589_gpio_get_value() (Nuno Sa)
Input: adp5589-keys - fix NULL pointer dereference (Nuno Sa) [Orabug: 37200911] {CVE-2024-49871}
rtc: at91sam9: fix OF node leak in probe() error path (Krzysztof Kozlowski)
net: stmmac: Fix zero-division error when disabling tc cbs (KhaiWenTan) [Orabug: 37206640] {CVE-2024-49977}
tomoyo: fallback to realpath if symlink's pathname does not exist (Tetsuo Handa)
iio: magnetometer: ak8975: Fix reading for ak099xx sensors (Barnabas Czeman)
clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table (Satya Priya Kakitapalli)
clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable() (Manivannan Sadhasivam)
media: venus: fix use after free bug in venus_remove due to race condition (Zheng Wang) [Orabug: 37206208] {CVE-2024-49981}
clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src (Satya Priya Kakitapalli)
clk: qcom: clk-rpmh: Fix overflow in BCM vote (Mike Tipton)
media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (Hans Verkuil)
media: sun4i_csi: Implement link validate for sun4i_csi subdev (Laurent Pinchart)
clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks (Dmitry Baryshkov)
clk: rockchip: fix error for unknown clocks (Sebastian Reichel)
aoe: fix the potential use-after-free problem in more places (Chun-Yi Lee) [Orabug: 37206641] {CVE-2024-49982}
NFSD: Fix NFSv4's PUTPUBFH operation (Chuck Lever)
nfsd: map the EBADMSG to nfserr_io to avoid warning (Li Lingfeng) [Orabug: 37200917] {CVE-2024-49875}
nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (NeilBrown)
perf hist: Update hist symbol when updating maps (Matt Fleming)
exfat: fix memory leak in exfat_load_bitmap() (Yuezhang Mo) [Orabug: 37206359] {CVE-2024-50013}
riscv: define ILLEGAL_POINTER_VALUE for 64bit (Jisheng Zhang)
ext4: mark fc as ineligible using an handle in ext4_xattr_set() (Luis Henriques (SUSE))
ext4: use handle to mark fc as ineligible in __track_dentry_update() (Luis Henriques (SUSE))
ext4: fix fast commit inode enqueueing during a full journal commit (Luis Henriques (SUSE))
ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (Luis Henriques (SUSE))
ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (Luis Henriques (SUSE))
ext4: update orig_path in ext4_find_extent() (Baokun Li) [Orabug: 37200941] {CVE-2024-49881}
ext4: fix double brelse() the buffer of the extents path (Baokun Li) [Orabug: 37200947] {CVE-2024-49882}
ext4: aovid use-after-free in ext4_ext_insert_extent() (Baokun Li) [Orabug: 37200953] {CVE-2024-49883}
ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (Baokun Li) [Orabug: 37206215] {CVE-2024-49983}
ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (Luis Henriques (SUSE))
ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (Baokun Li)
ext4: fix slab-use-after-free in ext4_split_extent_at() (Baokun Li) [Orabug: 37200959] {CVE-2024-49884}
ext4: correct encrypted dentry name hash when not casefolded (yao.ly)
ext4: no need to continue when the number of entries is 1 (Edward Adam Davis) [Orabug: 37206145] {CVE-2024-49967}
ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (Ai Chao)
ALSA: line6: add hw monitor volume control to POD HD500X (Hans P. Moller)
ALSA: usb-audio: Add native DSD support for Luxman D-08u (Jan Lalinsky)
ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (Lianqin Hu)
ALSA: core: add isascii() check to card ID generator (Jaroslav Kysela)
drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (Thomas Zimmermann)
parisc: Fix itlb miss handler for 64-bit programs (Helge Deller)
perf/core: Fix small negative period being ignored (Luo Gengkun)
power: supply: hwmon: Fix missing temp1_max_alarm attribute (Hans de Goede)
spi: bcm63xx: Fix module autoloading (Jinjie Ruan)
firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (Krzysztof Kozlowski)
i2c: xiic: Wait for TX empty to avoid missed TX NAKs (Robert Hancock)
i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (Marek Vasut) [Orabug: 37206219] {CVE-2024-49985}
platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (Zach Wade) [Orabug: 37200965] {CVE-2024-49886}
selftests: vDSO: fix vdso_config for s390 (Heiko Carstens)
selftests: vDSO: fix ELF hash table entry size for s390x (Jens Remus)
selftests/mm: fix charge_reserved_hugetlb.sh test (David Hildenbrand)
selftests: vDSO: fix vDSO symbols lookup for powerpc64 (Christophe Leroy)
selftests: vDSO: fix vdso_config for powerpc (Christophe Leroy)
selftests: vDSO: fix vDSO name for powerpc (Christophe Leroy)
selftests: breakpoints: use remaining time to check if suspend succeed (Yifei Liu)
spi: s3c64xx: fix timeout counters in flush_fifo (Ben Dooks)
spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (Jinjie Ruan)
usb: typec: tcpm: Check for port partner validity before consuming it (Badhri Jagan Sridharan) [Orabug: 36683242] {CVE-2024-36893}
blk-integrity: register sysfs attributes on struct device (Thomas Weissschuh)
blk-integrity: convert to struct device_attribute (Thomas Weissschuh)
blk-integrity: use sysfs_emit (Thomas Weissschuh)
ext4: fix i_data_sem unlock order in ext4_ind_migrate() (Artem Sadovnikov) [Orabug: 37206322] {CVE-2024-50006}
ext4: avoid use-after-free in ext4_ext_show_leaf() (Baokun Li) [Orabug: 37205705] {CVE-2024-49889}
ext4: ext4_search_dir should return a proper error (Thadeu Lima de Souza Cascardo)
of/irq: Refer to actual buffer size in of_irq_parse_one() (Geert Uytterhoeven)
drm/amd/pm: ensure the fw_info is not null before using it (Tim Huang) [Orabug: 37205712] {CVE-2024-49890}
drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (Geert Uytterhoeven)
scsi: aacraid: Rearrange order of struct aac_srb_unit (Kees Cook)
drm/printer: Allow NULL data in devcoredump printer (Matthew Brost)
drm/amd/display: Initialize get_bytes_per_element's default to 1 (Alex Hung) [Orabug: 37205726] {CVE-2024-49892}
drm/amd/display: Fix index out of bounds in DCN30 color transformation (Srinivasan Shanmugam) [Orabug: 37206158] {CVE-2024-49969} {CVE-2024-49895}
drm/amd/display: Fix index out of bounds in degamma hardware format translation (Srinivasan Shanmugam) [Orabug: 37205739] {CVE-2024-49894}
drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (Srinivasan Shanmugam) [Orabug: 37205745] {CVE-2024-49895} {CVE-2024-49969}
drm/amd/display: Check stream before comparing them (Alex Hung) [Orabug: 37205751] {CVE-2024-49896}
platform/x86: touchscreen_dmi: add nanote-next quirk (Ckath)
HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (Vishnu Sankar)
drm/amdgpu: enable gfxoff quirk on HP 705G4 (Peng Liu)
drm/amdgpu: add raven1 gfxoff quirk (Peng Liu)
jfs: Fix uninit-value access of new_ea in ea_buffer (Zhao Mengmeng) [Orabug: 37205777] {CVE-2024-49900}
scsi: smartpqi: correct stream detection (Mahesh Rajashekhara)
jfs: check if leafidx greater than num leaves per dmap tree (Edward Adam Davis) [Orabug: 37205789] {CVE-2024-49902}
jfs: Fix uaf in dbFreeBits (Edward Adam Davis) [Orabug: 37205794] {CVE-2024-49903}
jfs: UBSAN: shift-out-of-bounds in dbFindBits (Remington Brasga)
drm/amd/display: Check null pointers before using dc->clk_mgr (Alex Hung) [Orabug: 37205820] {CVE-2024-49907}
ata: sata_sil: Rename sil_blacklist to sil_quirks (Damien Le Moal)
drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (Srinivasan Shanmugam) [Orabug: 37205857] {CVE-2024-49913}
iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (Sanjay K Kumar) [Orabug: 37206262] {CVE-2024-49993}
iommu/vt-d: Always reserve a domain ID for identity setup (Lu Baolu)
power: reset: brcmstb: Do not go into infinite loop if reset fails (Andrew Davis)
iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux (Marc Gonzalez)
rcuscale: Provide clear error when async specified without primitives (Paul E. McKenney)
fbdev: pxafb: Fix possible use after free in pxafb_task() (Kaixin Wang) [Orabug: 37205935] {CVE-2024-49924}
x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (Kees Cook)
ALSA: hdsp: Break infinite MIDI input flush loop (Takashi Iwai)
ALSA: asihpi: Fix potential OOB array access (Takashi Iwai) [Orabug: 37206327] {CVE-2024-50007}
tools/x86/kcpuid: Protect against faulty 'max subleaf' values (Ahmed S. Darwish)
ALSA: usb-audio: Add logitech Audio profile quirk (Joshua Pius)
ALSA: usb-audio: Define macros for quirk table entries (Takashi Iwai)
x86/ioapic: Handle allocation failures gracefully (Thomas Gleixner) [Orabug: 37205954] {CVE-2024-49927}
ALSA: usb-audio: Add input value sanity checks for standard types (Takashi Iwai)
signal: Replace BUG_ON()s (Thomas Gleixner)
nfp: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (Gustavo A. R. Silva) [Orabug: 37206332] {CVE-2024-50008}
wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (Felix Fietkau)
proc: add config & param to block forcing mem writes (Adrian Ratiu)
ACPICA: iasl: handle empty connection_node (Aleksandrs Vinarskis)
tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (Jason Xing)
net: atlantic: Avoid warning about potential string truncation (Simon Horman)
ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (Ido Schimmel)
ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). (Kuniyuki Iwashima)
net: mvpp2: Increase size of queue_name buffer (Simon Horman)
tipc: guard against string buffer overrun (Simon Horman) [Orabug: 37206276] {CVE-2024-49995}
ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (Pei Xiao) [Orabug: 37206122] {CVE-2024-49962}
ACPI: EC: Do not release locks during operation region accesses (Rafael J. Wysocki)
wifi: rtw88: select WANT_DEV_COREDUMP (Zong-Zhe Yang)
wifi: ath11k: fix array out-of-bound access in SoC stats (Karthikeyan Periyasamy) [Orabug: 37205975] {CVE-2024-49930}
nvme-pci: qdepth 1 quirk (Keith Busch)
blk_iocost: fix more out of bound shifts (Konstantin Ovsepian) [Orabug: 37205994] {CVE-2024-49933}
net: sched: consistently use rcu_replace_pointer() in taprio_change() (Dmitry Antipov)
ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (Armin Wolf)
ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (Armin Wolf)
ACPI: PAD: fix crash in exit_round_robin() (Seiji Nishikawa) [Orabug: 37206005] {CVE-2024-49935}
net: hisilicon: hns_mdio: fix OF node leak in probe() (Krzysztof Kozlowski)
net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() (Krzysztof Kozlowski)
net: hisilicon: hip04: fix OF node leak in probe() (Krzysztof Kozlowski)
net/xen-netback: prevent UAF in xenvif_flush_hash() (Jeongjun Park) [Orabug: 37206011] {CVE-2024-49936}
ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() (Aleksandr Mishin)
wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (Toke Hoiland-Jorgensen) [Orabug: 37206028] {CVE-2024-49938}
wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (Dmitry Kandybka)
f2fs: Require FMODE_WRITE for atomic write ioctls (Jann Horn) [Orabug: 37200793] {CVE-2024-47740}
ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (Takashi Iwai)
ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (Hui Wang)
ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (Takashi Iwai)
ALSA: hda/realtek: Fix the push button function for the ALC257 (Oder Chiou)
ALSA: mixer_oss: Remove some incorrect kfree_const() usages (Christophe JAILLET)
media: usbtv: Remove useless locks in usbtv_video_free() (Benjamin Gaignard) [Orabug: 36598250] {CVE-2024-27072}
i2c: xiic: Try re-initialization on bus busy timeout (Robert Hancock)
i2c: xiic: improve error message when transfer fails to start (Marc Ferland)
i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (Lars-Peter Clausen)
i2c: xiic: Fix RX IRQ busy check (Marek Vasut)
i2c: xiic: Switch from waitqueue to completion (Marek Vasut)
i2c: xiic: Fix broken locking on tx_msg (Marek Vasut)
sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (Xin Long) [Orabug: 37206050] {CVE-2024-49944}
ppp: do not assume bh is held in ppp_channel_bridge_input() (Eric Dumazet) [Orabug: 37206060] {CVE-2024-49946}
ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (Anton Danilov)
net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check (Shenwei Wang)
net: stmmac: Disable automatic FCS/Pad stripping (Kurt Kanzenbach)
stmmac_pci: Fix underflow size in stmmac_rx (Zekun Shen)
net: add more sanity checks to qdisc_pkt_len_init() (Eric Dumazet) [Orabug: 37206063] {CVE-2024-49948}
net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Eric Dumazet) [Orabug: 37206069] {CVE-2024-49949}
net: ethernet: lantiq_etop: fix memory disclosure (Aleksander Jan Bajkowski) [Orabug: 37206288] {CVE-2024-49997}
Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
netfilter: nf_tables: prevent nf_skb_duplicated corruption (Eric Dumazet) [Orabug: 37206080] {CVE-2024-49952}
net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED (Phil Sutter)
net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (Elena Salomatkina) [Orabug: 37206298] {CVE-2024-50000}
net/mlx5: Added cond_resched() to crdump collection (Mohamed Khalfella)
net/mlx5: Fix error path in multi-packet WQE transmit (Gerd Bayer) [Orabug: 37206301] {CVE-2024-50001}
ieee802154: Fix build error (Jinjie Ruan)
ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [Orabug: 37264180] {CVE-2024-50179}
mailbox: bcm2835: Fix timeout during suspend mode (Stefan Wahren) [Orabug: 37206129] {CVE-2024-49963}
mailbox: rockchip: fix a typo in module autoloading (Liao Chen)
static_call: Replace pointless WARN_ON() in static_call_module_notify() (Thomas Gleixner) [Orabug: 37206089] {CVE-2024-49954}
static_call: Handle module init failure correctly in static_call_del_module() (Thomas Gleixner) [Orabug: 37206305] {CVE-2024-50002}
spi: lpspi: Simplify some error message (Christophe JAILLET)
usb: yurex: Fix inconsistent locking bug in yurex_read() (Harshit Mogalapalli)
i2c: isch: Add missed 'else' (Andy Shevchenko)
i2c: aspeed: Update the stop sw state when the bus recovery occurs (Tommy Huang)
mm: only enforce minimum stack gap size if it's sensible (David Gow)
lockdep: fix deadlock issue between lockdep and rcu (Zhiguo Niu)
bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 (Song Liu)
x86/entry: Remove unwanted instrumentation in common_interrupt() (Dmitry Vyukov)
x86/idtentry: Incorporate definitions/declarations of the FRED entries (Xin Li)
pps: add an error check in parport_attach (Ma Ke)
pps: remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET)
usb: xhci: fix loss of data on Cadence xHC (Pawel Laszczak)
xhci: Add a quirk for writing ERST in high-low order (Daehwan Jung)
xhci: Preserve RsvdP bits in ERSTBA register correctly (Lukas Wunner)
xhci: Refactor interrupter code for initial multi interrupter support. (Mathias Nyman)
xhci: remove xhci_test_trb_in_td_math early development check (Mathias Nyman)
xhci: fix event ring segment table related masks and variables in header (Mathias Nyman)
USB: misc: yurex: fix race between read and write (Oliver Neukum)
usb: yurex: Replace snprintf() with the safer scnprintf() variant (Lee Jones)
soc: versatile: realview: fix soc_dev leak during device remove (Krzysztof Kozlowski)
soc: versatile: realview: fix memory leak during device remove (Krzysztof Kozlowski)
padata: use integer wrap around to prevent deadlock on seq_nr overflow (VanGiang Nguyen) [Orabug: 37200789] {CVE-2024-47739}
EDAC/igen6: Fix conversion of system address to physical memory address (Qiuxu Zhuo)
nfs: fix memory leak in error path of nfs4_do_reclaim (Li Lingfeng)
fs: Fix file_set_fowner LSM hook inconsistencies (Mickael Salaun)
vfs: fix race between evice_inodes() and find_inode()&iput() (Julian Sun) [Orabug: 37200603] {CVE-2024-47679}
arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (Dragan Simic)
arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (Dragan Simic)
hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (Gaosheng Cui)
hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (Gaosheng Cui)
hwrng: mtk - Use devm_pm_runtime_enable (Guoqing Jiang)
f2fs: avoid potential int overflow in sanity_check_area_boundary() (Nikita Zhandarovich)
f2fs: prevent possible int overflow in dir_block_index() (Nikita Zhandarovich)
debugobjects: Fix conditions in fill_pool() (Zhen Lei)
wifi: mt76: mt7615: check devm_kasprintf() returned value (Ma Ke)
wifi: rtw88: 8822c: Fix reported RX band width (Bitterblue Smith)
perf/x86/intel/pt: Fix sampling synchronization (Adrian Hunter)
efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (Ard Biesheuvel) [Orabug: 37200864] {CVE-2024-49858}
ACPI: resource: Add another DMI match for the TongFang GMxXGxx (Werner Sembach)
ACPI: sysfs: validate return type of _STR method (Thomas Weissschuh) [Orabug: 37200877] {CVE-2024-49860}
drbd: Add NULL check for net_conf to prevent dereference in state validation (Mikhail Lobanov)
drbd: Fix atomicity violation in drbd_uuid_set_bm() (Qiu-ji Chen)
crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (Pavan Kumar Paluri)
xhci: Set quirky xHC PCI hosts to D3 after stopping and freeing them. (Mathias Nyman)
tty: rp2: Fix reset with non forgiving PCIe host bridges (Florian Fainelli)
firmware_loader: Block path traversal (Jann Horn) [Orabug: 37200801] {CVE-2024-47742}
bus: integrator-lm: fix OF node leak in probe() (Krzysztof Kozlowski)
usb: dwc2: drd: fix clock gating on USB role switch (Tomas Marek)
usb: cdnsp: Fix incorrect usb_request status (Pawel Laszczak)
USB: class: CDC-ACM: fix race between get_serial and set_serial (Oliver Neukum)
USB: misc: cypress_cy7c63: check for short transfer (Oliver Neukum)
USB: appledisplay: close race between probe and completion handler (Oliver Neukum)
usbnet: fix cyclical race on disconnect with work queue (Oliver Neukum)
scsi: mac_scsi: Disallow bus errors during PDMA send (Finn Thain)
scsi: mac_scsi: Refactor polling loop (Finn Thain)
scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (Finn Thain)
drm/amd/display: Validate backlight caps are sane (Mario Limonciello)
drm/amd/display: Round calculated vtotal (Robin Chen)
Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (Werner Sembach)
Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (Werner Sembach)
Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (Werner Sembach)
Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (Roman Smirnov)
soc: versatile: integrator: fix OF node leak in probe() error path (Krzysztof Kozlowski)
ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (Ma Ke)
PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (Sean Anderson)
Remove *.orig pattern from .gitignore (Laurent Pinchart)
selinux,smack: don't bypass permissions check in inode_setsecctx hook (Scott Mayhew) [Orabug: 37070761] {CVE-2024-46695}
vfio/pci: fix potential memory leak in vfio_intx_enable() (Ye Bin) [Orabug: 36765615] {CVE-2024-38632}
x86/mm: Switch to new Intel CPU model defines (Tony Luck)
Input: goodix - use the new soc_intel_is_byt() helper (Hans de Goede)
drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (Fangzhi Zuo)
netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS (Simon Horman)
netfilter: nf_tables: Keep deleted flowtable hooks until after RCU (Phil Sutter)
bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() (Jiwon Kim) [Orabug: 37200774] {CVE-2024-47734}
net: qrtr: Update packets cloning when broadcasting (Youssef Samir)
tcp: check skb is non-NULL in tcp_rto_delta_us() (Josh Hunt) [Orabug: 37200622] {CVE-2024-47684}
net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (Thomas Weissschuh)
net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (Kaixin Wang) [Orabug: 37200817] {CVE-2024-47747}
netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Eric Dumazet) [Orabug: 37200629] {CVE-2024-47685}
net: xilinx: axienet: Fix packet counting (Sean Anderson)
net: axienet: Switch to 64-bit RX/TX statistics (Robert Hancock)
net: axienet: Use NAPI for TX completion path (Robert Hancock)
net: axienet: Be more careful about updating tx_bd_tail (Robert Hancock)
net: axienet: add coalesce timer ethtool configuration (Robert Hancock)
net: axienet: reduce default RX interrupt threshold to 1 (Robert Hancock)
net: axienet: implement NAPI and GRO receive (Robert Hancock)
net: axienet: don't set IRQ timer when IRQ delay not used (Robert Hancock)
net: axienet: Clean up DMA start/stop and error handling (Robert Hancock)
net: axienet: Clean up device used for DMA calls (Robert Hancock)
Revert 'dm: requeue IO if mapping table not yet available' (Mikulas Patocka)
vhost_vdpa: assign irq bypass producer token correctly (Jason Wang) [Orabug: 37200820] {CVE-2024-47748}
vdpa: Add eventfd for the vdpa callback (Xie Yongji)
interconnect: qcom: sm8250: Enable sync_state (Konrad Dybcio)
coresight: tmc: sg: Do not leak sg_table (Suzuki K Poulose)
iio: adc: ad7606: fix standby gpio state to match the documentation (Guillaume Stols)
iio: adc: ad7606: fix oversampling gpio array (Guillaume Stols)
spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (Jinjie Ruan)
spi: lpspi: release requested DMA channels (Alexander Stein)
spi: lpspi: Silence error message upon deferred probe (Alexander Stein)
f2fs: get rid of online repaire on corrupted directory (Chao Yu) [Orabug: 37200641] {CVE-2024-47690}
f2fs: clean up w/ dotdot_name (Chao Yu)
f2fs: introduce F2FS_IPU_HONOR_OPU_WRITE ipu policy (Chao Yu)
f2fs: fix to wait page writeback before setting gcing flag (Chao Yu)
f2fs: optimize error handling in redirty_blocks (Jack Qiu)
f2fs: reduce expensive checkpoint trigger frequency (Chao Yu)
f2fs: remove unneeded check condition in __f2fs_setxattr() (Chao Yu)
f2fs: fix to update i_ctime in __f2fs_setxattr() (Chao Yu)
f2fs: fix typo (Yonggil Song)
nfsd: return -EINVAL when namelen is 0 (Li Lingfeng) [Orabug: 37200649] {CVE-2024-47692}
nfsd: call cache_put if xdr_reserve_space returns NULL (Guoqing Jiang) [Orabug: 37200782] {CVE-2024-47737}
ntb_perf: Fix printk format (Max Hawking)
ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (Jinjie Ruan)
RDMA/irdma: fix error message in irdma_modify_qp_roce() (Vitaliy Shevtsov)
RDMA/cxgb4: Added NULL check for lookup_atid (Mikhail Lobanov) [Orabug: 37200823] {CVE-2024-47749}
riscv: Fix fp alignment bug in perf_callchain_user() (Jinjie Ruan)
RDMA/hns: Optimize hem allocation performance (Junxian Huang)
RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (Junxian Huang)
RDMA/hns: Refactor the abnormal interrupt handler function (Haoyue Xu)
RDMA/hns: Fix the wrong type of return value of the interrupt handler (Haoyue Xu)
RDMA/hns: Remove unused abnormal interrupt of type RAS (Haoyue Xu)
RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (Chengchang Tang) [Orabug: 37200776] {CVE-2024-47735}
RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (wenglianfa)
RDMA/hns: Don't modify rq next block addr in HIP09 QPC (Junxian Huang)
watchdog: imx_sc_wdt: Don't disable WDT in suspend (Jonas Blixt)
IB/core: Fix ib_cache_setup_one error flow cleanup (Patrisious Haddad) [Orabug: 37200653] {CVE-2024-47693}
pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function (Wang Jianzheng)
pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource() (Yangtao Li)
nfsd: fix refcount leak when file is unhashed after being found (Jeff Layton)
nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (Jeff Layton)
clk: ti: dra7-atl: Fix leak of of_nodes (David Lechner)
RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (Md Haris Iqbal) [Orabug: 37200658] {CVE-2024-47695}
RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (Jack Wang)
pinctrl: single: fix missing error code in pcs_probe() (Yang Yingliang)
RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (Zhu Yanjun) [Orabug: 37205520] {CVE-2024-47696}
PCI: xilinx-nwl: Clean up clock on probe failure/removal (Sean Anderson)
PCI: xilinx-nwl: Fix register misspelling (Sean Anderson)
PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (Dan Carpenter) [Orabug: 37205559] {CVE-2024-47756}
drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (Junlin Li) [Orabug: 37200661] {CVE-2024-47697}
drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (Junlin Li) [Orabug: 37200668] {CVE-2024-47698}
Input: ilitek_ts_i2c - add report id message validation (Emanuele Ghidoli)
Input: ilitek_ts_i2c - avoid wrong input subsystem sync (Emanuele Ghidoli)
clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 (Jonas Karlman)
remoteproc: imx_rproc: Initialize workqueue earlier (Peng Fan)
remoteproc: imx_rproc: Correct ddr alias for i.MX8M (Peng Fan)
clk: imx: imx8qxp: Parent should be initialized earlier than the clock (Peng Fan)
clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk (Peng Fan)
clk: imx: imx8mp: fix clock tree update of TF-A managed clocks (Zhipeng Wang)
perf time-utils: Fix 32-bit nsec parsing (Ian Rogers)
perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time (Yang Jihong)
perf sched timehist: Fix missing free of session in perf_sched__timehist() (Yang Jihong)
perf mem: Free the allocated sort string, fixing a leak (Namhyung Kim)
bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (Daniel Borkmann)
nilfs2: fix potential oob read in nilfs_btree_check_delete() (Ryusuke Konishi) [Orabug: 37200842] {CVE-2024-47757}
nilfs2: determine empty node blocks as corrupted (Ryusuke Konishi)
nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (Ryusuke Konishi) [Orabug: 37200675] {CVE-2024-47699}
ext4: avoid OOB when system.data xattr changes underneath the filesystem (Thadeu Lima de Souza Cascardo) [Orabug: 37200681] {CVE-2024-47701}
ext4: return error on ext4_find_inline_entry (Thadeu Lima de Souza Cascardo)
ext4: avoid negative min_clusters in find_group_orlov() (Kemeng Shi)
ext4: avoid potential buffer_head leak in __ext4_new_inode() (Kemeng Shi)
ext4: avoid buffer_head leak in ext4_mark_inode_used() (Kemeng Shi)
smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso (Jiawei Ye)
ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (yangerkun)
kthread: fix task state in kthread worker if being frozen (Chen Yu)
xz: cleanup CRC32 edits from 2018 (Lasse Collin)
selftests/bpf: Fix C++ compile error from missing _Bool type (Tony Ambardar)
selftests/bpf: Fix error compiling test_lru_map.c (Tony Ambardar)
selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (Tony Ambardar)
selftests/bpf: Fix compiling core_reloc.c with musl-libc (Tony Ambardar)
selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (Tony Ambardar)
selftests/bpf: Fix compiling flow_dissector.c with musl-libc (Tony Ambardar)
selftests/bpf: Fix compiling kfree_skb.c with musl-libc (Tony Ambardar)
selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (Tony Ambardar)
selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (Tony Ambardar)
selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (Tony Ambardar)
tpm: Clean up TPM space after command failure (Jonathan McDowell) [Orabug: 37200850] {CVE-2024-49851}
xen/swiotlb: add alignment check for dma buffers (Juergen Gross)
xen: use correct end address of kernel for conflict checking (Juergen Gross)
drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (Yuesong Li)
drm/msm: fix %s null argument error (Sherry Yang)
ipmi: docs: don't advertise deprecated sysfs entries (Wolfram Sang)
drm/msm/a5xx: workaround early ring-buffer emptiness check (Vladimir Lypak)
drm/msm: Drop priv->lastctx (Rob Clark)
drm/msm/a5xx: fix races in preemption evaluation stage (Vladimir Lypak)
drm/msm/a5xx: properly clear preemption records on resume (Vladimir Lypak)
drm/msm/a5xx: disable preemption in submits by default (Vladimir Lypak)
drm/msm: Fix incorrect file name output in adreno_request_fw() (Aleksandr Mishin)
powerpc/8xx: Fix kernel vs user address comparison (Christophe Leroy)
powerpc/8xx: Fix initial memory mapping (Christophe Leroy)
powerpc/32: Remove 'noltlbs' kernel parameter (Christophe Leroy)
powerpc/32: Remove the 'nobats' kernel parameter (Christophe Leroy)
drm/mediatek: Use spin_lock_irqsave() for CRTC event lock (Fei Shao)
jfs: fix out-of-bounds in dbNextAG() and diAlloc() (Jeongjun Park) [Orabug: 37200739] {CVE-2024-47723}
scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (Dan Carpenter) [Orabug: 37200855] {CVE-2024-49852}
drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (Liu Ying)
drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (Nikita Zhandarovich)
drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (Jonas Karlman)
drm/rockchip: vop: Allow 4096px width scaling (Alex Bee)
scsi: NCR5380: Check for phase match during PDMA fixup (Finn Thain)
scsi: NCR5380: Add SCp members to struct NCR5380_cmd (Finn Thain)
drm/radeon: properly handle vbios fake edid sizing (Alex Deucher)
drm/radeon: Replace one-element array with flexible-array member (Paulo Miguel Almeida)
drm/amdgpu: properly handle vbios fake edid sizing (Alex Deucher)
drm/amdgpu: Replace one-element array with flexible-array member (Paulo Miguel Almeida)
drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (Srinivasan Shanmugam) [Orabug: 37200736] {CVE-2024-47720}
drm/stm: Fix an error handling path in stm_drm_platform_probe() (Christophe JAILLET)
pmdomain: core: Harden inter-column space in debug summary (Geert Uytterhoeven)
mtd: powernv: Add check devm_kasprintf() returned value (Charles Han)
fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (Christophe JAILLET)
power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (Artur Weber)
power: supply: axp20x_battery: Remove design from min and max voltage (Chris Morgan)
hwmon: (ntc_thermistor) fix module autoloading (Yuntao Liu)
mtd: slram: insert break after errors in parsing the map (Mirsad Todorovac)
hwmon: (max16065) Fix alarm attributes (Guenter Roeck)
hwmon: (max16065) Remove use of i2c_match_id() (Andrew Davis)
i2c: Add i2c_get_match_data() (Biju Das)
hwmon: (max16065) Fix overflows seen when writing limits (Guenter Roeck)
m68k: Fix kernel_clone_args.flags in m68k_clone() (Finn Thain)
clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (Ankit Agrawal)
reset: k210: fix OF node leak in probe() error path (Krzysztof Kozlowski)
reset: berlin: fix OF node leak in probe() error path (Krzysztof Kozlowski)
ARM: versatile: fix OF node leak in CPUs prepare (Krzysztof Kozlowski)
ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property (Krzysztof Kozlowski)
ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks (Alexander Dahl)
arm64: dts: renesas: r9a07g044: Correct GICD and GICR sizes (Lad Prabhakar)
spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (Andy Shevchenko)
spi: ppc4xx: handle irq_of_parse_and_map() errors (Ma Ke)
block: fix potential invalid pointer dereference in blk_add_partition (Riyan Dhiman) [Orabug: 37200698] {CVE-2024-47705}
block: print symbolic error name instead of error code (Christian Heusel)
block, bfq: don't break merge chain in bfq_split_bfqq() (Yu Kuai)
block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (Yu Kuai)
block, bfq: fix possible UAF for bfqq->bic with merge chain (Yu Kuai)
net: tipc: avoid possible garbage value (Su Hui)
net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (Justin Iurman)
r8169: disable ALDPS per default for RTL8125 (Heiner Kallweit)
net: enetc: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan)
bareudp: Pull inner IP header on xmit. (Guillaume Nault)
geneve: Fix incorrect inner network header offset when innerprotoinherit is set (Gal Pressman)
net: geneve: support IPv4/IPv6 as inner protocol (Eyal Birger)
bareudp: Pull inner IP header in bareudp_udp_encap_recv(). (Guillaume Nault)
Bluetooth: btusb: Fix not handling ZPL/short-transfer (Luiz Augusto von Dentz)
can: m_can: m_can_close(): stop clocks after device has been shut down (Marc Kleine-Budde)
can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). (Kuniyuki Iwashima) [Orabug: 37205475] {CVE-2024-47709}
sock_map: Add a cond_resched() in sock_hash_free() (Eric Dumazet) [Orabug: 37200714] {CVE-2024-47710}
wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (Jiawei Ye) [Orabug: 37205501] {CVE-2024-47712}
wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (Dmitry Antipov) [Orabug: 37200719] {CVE-2024-47713}
wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (Dmitry Antipov)
wifi: mt76: mt7915: fix rx filter setting for bfee functionality (Howard Hsu)
wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (Dmitry Antipov)
x86/sgx: Fix deadlock in SGX NUMA node search (Aaron Lu) [Orabug: 37200860] {CVE-2024-49856}
cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (Nishanth Menon)
netfilter: nf_tables: remove annotation to access set timeout while holding lock (Pablo Neira Ayuso)
netfilter: nf_tables: reject expiration higher than timeout (Pablo Neira Ayuso)
netfilter: nf_tables: reject element expiration with no timeout (Pablo Neira Ayuso)
netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire (Pablo Neira Ayuso)
ACPI: CPPC: Fix MASK_VAL() usage (Clement Leger)
ACPI: bus: Avoid using CPPC if not supported by firmware (Rafael J. Wysocki)
can: j1939: use correct function name in comment (Zhang Changzhong)
padata: Honor the caller's alignment in case of chunk_size 0 (Kamlesh Gurudasani)
wifi: iwlwifi: mvm: increase the time between ranging measurements (Avraham Stern)
mount: handle OOM on mnt_warn_timestamp_expiry (Olaf Hering)
fs/namespace: fnic: Switch to use %ptTd (Andy Shevchenko)
mount: warn only once about timestamp range expiration (Anthony Iliopoulos)
fs: explicitly unregister per-superblock BDIs (Christoph Hellwig)
wifi: rtw88: remove CPT execution branch never used (Dmitry Kandybka)
net: stmmac: dwmac-loongson: Init ref and PTP clocks rate (Yanteng Si)
wifi: ath9k: Remove error checks when creating debugfs entries (Toke Hoiland-Jorgensen)
wifi: ath9k: fix parameter check in ath9k_init_debug() (Minjie Du)
ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (Aleksandr Mishin)
crypto: xor - fix template benchmarking (Helge Deller)
wifi: rtw88: always wait for both firmware loading attempts (Dmitry Antipov) [Orabug: 37200733] {CVE-2024-47718}
EDAC/synopsys: Fix error injection on Zynq UltraScale+ (Shubhrajyoti Datta)
EDAC/synopsys: Fix ECC status and IRQ control race condition (Serge Semin)
EDAC/synopsys: Re-enable the error interrupts on v3 hw (Sherry Sun)
EDAC/synopsys: Use the correct register to disable the error interrupt on v3 hw (Sherry Sun)
EDAC/synopsys: Add support for version 3 of the Synopsys EDAC DDR (Dinh Nguyen)
USB: usbtmc: prevent kernel-usb-infoleak (Edward Adam Davis) [Orabug: 37159777] {CVE-2024-47671}
USB: serial: pl2303: add device id for Macrosilicon MS3020 (Junhao Xie)
gpiolib: cdev: Ignore reconfiguration without direction (Kent Gibson)
inet: inet_defrag: prevent sk release while still in use (Florian Westphal) [Orabug: 36545059] {CVE-2024-26921}
gpio: prevent potential speculation leaks in gpio_device_get_desc() (Hagar Hemdan) [Orabug: 36993133] {CVE-2024-44931}
Revert 'wifi: cfg80211: check wiphy mutex is held for wdev mutex' (Ping-Ke Shih)
netfilter: nf_tables: missing iterator type in lookup walk (Pablo Neira Ayuso)
netfilter: nft_set_pipapo: walk over current view on netlink dump (Pablo Neira Ayuso) [Orabug: 36598033] {CVE-2024-27017}
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (Ferry Meng) [Orabug: 36891660] {CVE-2024-41016}
ocfs2: add bounds checking to ocfs2_xattr_find_entry() (Ferry Meng) [Orabug: 37159772] {CVE-2024-47670}
spi: spidev: Add missing spi_device_id for jg10309-01 (Geert Uytterhoeven)
x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (Michael Kelley)
spi: bcm63xx: Enable module autoloading (Liao Chen)
drm: komeda: Fix an issue related to normalized zpos (hongchi.peng)
spi: spidev: Add an entry for elgin,jg10309-01 (Fabio Estevam)
ASoC: tda7419: fix module autoloading (Liao Chen)
ASoC: intel: fix module autoloading (Liao Chen)
wifi: iwlwifi: clear trans->state earlier upon error (Emmanuel Grumbach)
wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead (Emmanuel Grumbach) [Orabug: 37159780] {CVE-2024-47672}
wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (Emmanuel Grumbach) [Orabug: 37159785] {CVE-2024-47673}
wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (Daniel Gabay)
wifi: iwlwifi: lower message level for FW buffer destination (Benjamin Berg)
net: ftgmac100: Ensure tx descriptor updates are visible (Jacky Chou)
microblaze: don't treat zero reserved memory regions as error (Mike Rapoport)
pinctrl: at91: make it work with current gpiolib (Thomas Blocher)
scsi: lpfc: Fix overflow build issue (Sherry Yang)
ALSA: hda/realtek - FIxed ALC285 headphone no sound (Kailang Yang)
ALSA: hda/realtek - Fixed ALC256 headphone no sound (Kailang Yang)
ASoC: allow module autoloading for table db1200_pids (Hongbo Li)
ASoC: meson: axg-card: fix 'use-after-free' (Arseniy Krasnov) [Orabug: 37116539] {CVE-2024-46849}
dma-buf: heaps: Fix off-by-one in CMA heap fault handler (T.J. Mercier) [Orabug: 37116545] {CVE-2024-46852}
soundwire: stream: Revert 'soundwire: stream: fix programming slave ports for non-continous port maps' (Krzysztof Kozlowski)
spi: nxp-fspi: fix the KASAN report out-of-bounds bug (Han Xu) [Orabug: 37116547] {CVE-2024-46853}
net: dpaa: Pad packets to ETH_ZLEN (Sean Anderson) [Orabug: 37116550] {CVE-2024-46854}
netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [Orabug: 37116554] {CVE-2024-46855}
net: ftgmac100: Enable TX interrupt to avoid TX timeout (Jacky Chou)
fou: fix initialization of grc (Muhammad Usama Anjum) [Orabug: 37195062] {CVE-2024-46865}
net/mlx5: Add missing masks and QoS bit masks for scheduling elements (Carolina Jubran)
net/mlx5: Explicitly set scheduling element and TSAR type (Carolina Jubran)
net/mlx5e: Add missing link modes to ptys2ethtool_map (Shahar Shitrit)
igb: Always call igb_xdp_ring_update_tail() under Tx lock (Sriram Yagnaraman)
ice: fix accounting for filters shared by multiple VSIs (Jacob Keller)
hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (Patryk Biel)
hwmon: (pmbus) Introduce and use write_byte_data callback (Marten Lindahl)
selftests/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected() (Michal Luczaj)
eeprom: digsy_mtc: Fix 93xx46 driver probe failure (Andy Shevchenko)
arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (FUKAUMI Naoki)
fs/ntfs3: Use kvfree to free memory allocated by kvmalloc (Konstantin Komarov)
net: tighten bad gso csum offset check in virtio_net_hdr (Willem de Bruijn)
minmax: reduce min/max macro expansion in atomisp driver (Lorenzo Stoakes)
arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (Quentin Schulz)
mptcp: pm: Fix uaf in __timer_delete_sync (Edward Adam Davis) [Orabug: 37116564] {CVE-2024-46858}
platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (Hans de Goede)
platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (Hans de Goede) [Orabug: 37116566] {CVE-2024-46859}
NFS: Avoid unnecessary rescanning of the per-server delegation list (Trond Myklebust)
NFSv4: Fix clearing of layout segments in layoutreturn (Trond Myklebust)
Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (Takashi Iwai)
drm/msm/adreno: Fix error return if missing firmware-name (Rob Clark)
platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (Maximilian Luz)
scripts: kconfig: merge_config: config files: add a trailing newline (Anders Roxell)
HID: multitouch: Add support for GT7868Q (Dmitry Savin)
Input: synaptics - enable SMBus for HP Elitebook 840 G2 (Jonathan Denose)
Input: ads7846 - ratelimit the spi_sync error message (Marek Vasut)
btrfs: update target inode's ctime on unlink (Jeff Layton)
powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (Christophe Leroy)
net: phy: vitesse: repair vsc73xx autonegotiation (Pawel Dembicki)
net: ethernet: use ip_hdrlen() instead of bit shift (Moon Yeounsu)
usbnet: ipheth: fix carrier detection in modes 1 and 4 (Foster Snowhill)
ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (Lizhi Xu) [Orabug: 37200925] {CVE-2024-49877}
ocfs2: fix null-ptr-deref when journal load failed. (Julian Sun) [Orabug: 37206096] {CVE-2024-49957}
ocfs2: remove unreasonable unlock in ocfs2_read_blocks (Lizhi Xu) [Orabug: 37206135] {CVE-2024-49965}
ocfs2: cancel dqi_sync_work before freeing oinfo (Joseph Qi) [Orabug: 37206140] {CVE-2024-49966}
ocfs2: fix uninit-value in ocfs2_get_block() (Joseph Qi)
ocfs2: fix the la space leak when unmounting an ocfs2 volume (Heming Zhao)
mm: krealloc: consider spare memory for __GFP_ZERO (Danilo Krummrich)
jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (Kemeng Shi)
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (Baokun Li) [Orabug: 37206108] {CVE-2024-49959}
drm: omapdrm: Add missing check for alloc_ordered_workqueue (Ma Ke) [Orabug: 37200934] {CVE-2024-49879} in of_msi_get_domain (Andrew Jones)
parisc: Fix stack start for ADDR_NO_RANDOMIZE personality (Helge Deller)
parisc: Fix 64-bit userspace syscall path (Helge Deller)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

bpftool

5.15.0-303.171.5.2.el8uek

kernel-uek

5.15.0-303.171.5.2.el8uek

kernel-uek-container

5.15.0-303.171.5.2.el8uek

kernel-uek-container-debug

5.15.0-303.171.5.2.el8uek

kernel-uek-core

5.15.0-303.171.5.2.el8uek

kernel-uek-debug

5.15.0-303.171.5.2.el8uek

kernel-uek-debug-core

5.15.0-303.171.5.2.el8uek

kernel-uek-debug-devel

5.15.0-303.171.5.2.el8uek

kernel-uek-debug-modules

5.15.0-303.171.5.2.el8uek

kernel-uek-debug-modules-extra

5.15.0-303.171.5.2.el8uek

kernel-uek-devel

5.15.0-303.171.5.2.el8uek

kernel-uek-doc

5.15.0-303.171.5.2.el8uek

kernel-uek-modules

5.15.0-303.171.5.2.el8uek

kernel-uek-modules-extra

5.15.0-303.171.5.2.el8uek

Oracle Linux x86_64

bpftool

5.15.0-303.171.5.2.el8uek

kernel-uek

5.15.0-303.171.5.2.el8uek

kernel-uek-container

5.15.0-303.171.5.2.el8uek

kernel-uek-container-debug

5.15.0-303.171.5.2.el8uek

kernel-uek-core

5.15.0-303.171.5.2.el8uek

kernel-uek-debug

5.15.0-303.171.5.2.el8uek

kernel-uek-debug-core

5.15.0-303.171.5.2.el8uek

kernel-uek-debug-devel

5.15.0-303.171.5.2.el8uek

kernel-uek-debug-modules

5.15.0-303.171.5.2.el8uek

kernel-uek-debug-modules-extra

5.15.0-303.171.5.2.el8uek

kernel-uek-devel

5.15.0-303.171.5.2.el8uek

kernel-uek-doc

5.15.0-303.171.5.2.el8uek

kernel-uek-modules

5.15.0-303.171.5.2.el8uek

kernel-uek-modules-extra

5.15.0-303.171.5.2.el8uek

Oracle Linux 9

Oracle Linux aarch64

bpftool

5.15.0-303.171.5.2.el9uek

kernel-uek

5.15.0-303.171.5.2.el9uek

kernel-uek-container

5.15.0-303.171.5.2.el9uek

kernel-uek-container-debug

5.15.0-303.171.5.2.el9uek

kernel-uek-core

5.15.0-303.171.5.2.el9uek

kernel-uek-debug

5.15.0-303.171.5.2.el9uek

kernel-uek-debug-core

5.15.0-303.171.5.2.el9uek

kernel-uek-debug-devel

5.15.0-303.171.5.2.el9uek

kernel-uek-debug-modules

5.15.0-303.171.5.2.el9uek

kernel-uek-debug-modules-extra

5.15.0-303.171.5.2.el9uek

kernel-uek-devel

5.15.0-303.171.5.2.el9uek

kernel-uek-doc

5.15.0-303.171.5.2.el9uek

kernel-uek-modules

5.15.0-303.171.5.2.el9uek

kernel-uek-modules-extra

5.15.0-303.171.5.2.el9uek

Oracle Linux x86_64

bpftool

5.15.0-303.171.5.2.el9uek

kernel-uek

5.15.0-303.171.5.2.el9uek

kernel-uek-container

5.15.0-303.171.5.2.el9uek

kernel-uek-container-debug

5.15.0-303.171.5.2.el9uek

kernel-uek-core

5.15.0-303.171.5.2.el9uek

kernel-uek-debug

5.15.0-303.171.5.2.el9uek

kernel-uek-debug-core

5.15.0-303.171.5.2.el9uek

kernel-uek-debug-devel

5.15.0-303.171.5.2.el9uek

kernel-uek-debug-modules

5.15.0-303.171.5.2.el9uek

kernel-uek-debug-modules-extra

5.15.0-303.171.5.2.el9uek

kernel-uek-devel

5.15.0-303.171.5.2.el9uek

kernel-uek-doc

5.15.0-303.171.5.2.el9uek

kernel-uek-modules

5.15.0-303.171.5.2.el9uek

kernel-uek-modules-extra

5.15.0-303.171.5.2.el9uek

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2024-39463

CVSS3: 7.8

ubuntu

12 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a fid through dentry while another thread unlinks it: UAF thread: refcount_t: addition on 0; use-after-free. p9_fid_get linux/./include/net/9p/client.h:262 v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129 v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181 v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314 v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400 vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248 Freed by: p9_fid_destroy (inlined) p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456 p9_fid_put linux/./include/net/9p/client.h:278 v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55 v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518 vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335 The problem is that d_fsdata was not accessed under d_lock, because d_release() normally is only c...