ELSA-2025-20271

Описание

[5.4.17-2136.342.5]

• ima: Fix use-after-free on a dentry's dname.name (Stefan Berger) [Orabug: 36835558] {CVE-2024-39494}

[5.4.17-2136.342.4]

• sched: sch_cake: add bounds checks to host bulk flow fairness counts (Toke Hoiland-Jorgensen)
• udf: Fix use of check_add_overflow() with mixed type arguments (Ben Hutchings)
• x86/xen: allow larger contiguous memory regions in PV guests (Juergen Gross)
• xen: remove a confusing comment on auto-translated guest I/O (Petr Tesarik)
• ALSA: hda/realtek: Fixup ALC225 depop procedure (Kailang Yang)
• ALSA: hda/realtek - Add type for ALC287 (Kailang Yang)
• net: loopback: Avoid sending IP packets without an Ethernet header (Ido Schimmel)
• netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (Cong Wang)
• ocfs2: fix incorrect CPU endianness conversion causing mount failure (Heming Zhao)
• Revert 'btrfs: avoid monopolizing a core when activating a swap file' (Koichiro Den)
• gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). (Kuniyuki Iwashima)
• Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (Fedor Pchelkin)
• rds: Make sure transmit path and connection tear-down does not run concurrently (Hakon Bugge) [Orabug: 36308571]
• NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (Yanjun Zhang) [Orabug: 37206487]

[5.4.17-2136.342.3]

• LTS tag: v5.4.290 (Alok Tiwari)
• Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos)
• xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann)
• drm/v3d: Assign job pointer to NULL before signaling the fence (Maira Canal)
• Input: xpad - add support for wooting two he (arm) (Jack Greiner)
• Input: xpad - add unofficial Xbox 360 wireless receiver clone (Nilton Perim Neto)
• Input: atkbd - map F23 key to support default copilot shortcut (Mark Pearson)
• Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (Greg Kroah-Hartman)
• USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (Qasim Ijaz)
• ext4: fix slab-use-after-free in ext4_split_extent_at() (Baokun Li)
• ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path (Theodore Ts'o)
• vfio/platform: check the bounds of read/write syscalls (Alex Williamson)
• net/xen-netback: prevent UAF in xenvif_flush_hash() (Jeongjun Park)
• net: xen-netback: hash.c: Use built-in RCU list checking (Madhuparna Bhowmik)
• signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die (Eric W. Biederman)
• m68k: Add missing mmap_read_lock() to sys_cacheflush() (Liam Howlett)
• m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal (Al Viro)
• gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher)
• irqchip/sunxi-nmi: Add missing SKIP_WAKE flag (Philippe Simons)
• scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (Xiang Zhang)
• ASoC: wm8994: Add depends on MFD core (Charles Keepax)
• net: fix data-races around sk->sk_forward_alloc (Wang Liang)
• scsi: sg: Fix slab-use-after-free read in sg_release() (Suraj Sonawane)
• ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet)
• irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal)
• fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel)
• net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit)
• nvmet: propagate npwg topology (Luis Chamberlain)
• poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov)
• kheaders: Ignore silly-rename files (David Howells)
• hfs: Sanity check the root record (Leo Stone)
• mac802154: check local interfaces before deleting sdata list (Lizhi Xu)
• i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang)
• drm/v3d: Ensure job pointer is set to NULL after job completion (Maira Canal)
• nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter)
• gtp: Destroy device along with udp socket's netns dismantle. (Kuniyuki Iwashima)
• gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). (Kuniyuki Iwashima)
• gtp: use exit_batch_rtnl() method (Eric Dumazet)
• net: add exit_batch_rtnl() method (Eric Dumazet)
• net: net_namespace: Optimize the code (Yajun Deng)
• net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla)
• sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts (NGI0))
• ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam)
• ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi)
• phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (Zijun Hu)
• phy: core: fix code style in devm_of_phy_provider_unregister (Vinod Koul)
• arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis)
• arm64: dts: rockchip: add #power-domain-cells to power domain nodes (Johan Jonker)
• arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399 (Johan Jonker)
• arm64: dts: rockchip: fix defines in pd_vio node for rk3399 (Johan Jonker)
• iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori)
• iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori)
• iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam)
• iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song)
• iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco)
• iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco)
• iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco)
• iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco)
• iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco)
• usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M)
• usb: fix reference leak in usb_new_device() (Ma Ke)
• USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng)
• USB: usblp: return error when setting unsupported protocol (Jun Yan)
• usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu)
• USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold)
• usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel)
• staging: iio: ad9832: Correct phase range check (Zicheng Qu)
• staging: iio: ad9834: Correct phase range check (Zicheng Qu)
• USB: serial: option: add Neoway N723-EA support (Michal Hrusecky)
• USB: serial: option: add MeiG Smart SRM815 (Chukun Pan)
• drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen)
• ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede)
• ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede)
• drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li)
• sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts (NGI0))
• sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts (NGI0))
• dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen)
• tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington)
• net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet)
• tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan)
• tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (Jason Xing)
• net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor)
• ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura)
• dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai)
• dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai)
• dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai)
• jbd2: flush filesystem device before updating tail sequence (Zhang Yi)

[5.4.17-2136.342.2]

• Revert 'NFSD: Limit the number of concurrent async COPY operations' (Sherry Yang) [Orabug: 37660195]
• rds: ib: Avoid sleeping function inside RCU region by using sampled values instead (Hakon Bugge) [Orabug: 37586090]
• dm rq: don't queue request to blk-mq during DM suspend (Ming Lei) [Orabug: 37010188]
• dm: rearrange core declarations for extended use from dm-zone.c (Damien Le Moal) [Orabug: 37010188]

[5.4.17-2136.342.1]

• cgroup: Make operations on the cgroup root_list RCU safe (Yafang Shao) [Orabug: 37621585]
• uek: kabi: Fix build error for HIDE_INCLUDE macro (Saeed Mirzamohammadi) [Orabug: 37619102]
• oracleasm: Fix PI when use_logical_block_size is set (Martin K. Petersen) [Orabug: 37503280]
• oracleasm: Add support for per-I/O block size selection (Martin K. Petersen) [Orabug: 37503280]
• perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882938]