ELSA-2025-20521

Описание

[5.4.17-2136.346.6]

• net/mlx5: Add poll-eq API to be used by ULP's (Praveen Kumar Kannoju) [Orabug: 38109070]
• net/rds: poll eq during user-reset (Praveen Kumar Kannoju) [Orabug: 38189315]

[5.4.17-2136.346.5]

• perf: Fix perf_event_validate_size() lockdep splat (Mark Rutland) [Orabug: 36261486] {CVE-2023-6931}
• perf: Fix perf_event_validate_size() (Peter Zijlstra) [Orabug: 36261486] {CVE-2023-6931}
• net/mlx5: set graceful_period to 0 to allow multiple transmission queue recovery (Praveen Kumar Kannoju) [Orabug: 38182891]

[5.4.17-2136.346.4]

• pwm: mediatek: Ensure to disable clocks in error path (Uwe Kleine-Konig)
• Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (Ulf Hansson)
• net/sched: Always pass notifications when child class becomes empty (Lion Ackermann)

[5.4.17-2136.346.3]

• x86/bpf: Classic BPF program can fail when BHB barrier is used (Alexandre Chartre) [Orabug: 38151403]
• Add Zen34 clients (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
• x86/process: Move the buffer clearing before MONITOR (Kim Phillips) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
• KVM: SVM: Advertize TSA CPUID bits to guests (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
• x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
• KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
• x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
• x86/CPU/AMD: Add ZenX generations flags (Borislav Petkov) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}
• x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits (Boris Ostrovsky) [Orabug: 38172250] {CVE-2024-36350,CVE-2024-36357}

[5.4.17-2136.346.2]

• Revert 'x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2' on v6.6 and older (Breno Leitao)
• tracing: Fix compilation warning on arm32 (Pan Taixi)
• PM: sleep: Fix power.is_suspended cleanup for direct-complete devices (Rafael J. Wysocki)
• LTS tag: v5.4.294 (Alok Tiwari)
• platform/x86: thinkpad_acpi: Ignore battery threshold change event notification (Mark Pearson)
• platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (Valtteri Koskivuori)
• spi: spi-sun4i: fix early activation (Alessandro Grassi)
• um: let 'make clean' properly clean underlying SUBARCH as well (Masahiro Yamada)
• platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (John Chau)
• nfs: don't share pNFS DS connections between net namespaces (Jeff Layton)
• HID: quirks: Add ADATA XPG alpha wireless mouse support (Milton Barrera)
• coredump: hand a pidfd to the usermode coredump helper (Christian Brauner)
• fork: use pidfd_prepare() (Christian Brauner)
• pid: add pidfd_prepare() (Christian Brauner)
• pidfd: check pid has attached task in fdinfo (Christian Brauner)
• coredump: fix error handling for replace_fd() (Christian Brauner)
• net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Pedro Tammela) [Orabug: 38049365] {CVE-2025-38001}
• smb: client: Reset all search buffer pointers when releasing buffer (Zhaolong Wang)
• smb: client: Fix use-after-free in cifs_fill_dirent (Zhaolong Wang) [Orabug: 38094972] {CVE-2025-38051}
• drm/i915/gvt: fix unterminated-string-initialization warning (Jani Nikula)
• netfilter: nf_tables: do not defer rule destruction via call_rcu (Florian Westphal) [Orabug: 38186911] {CVE-2024-56655}
• netfilter: nf_tables: wait for rcu grace period on net_device removal (Pablo Neira Ayuso)
• netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx (Florian Westphal)
• kbuild: Disable -Wdefault-const-init-unsafe (Nathan Chancellor)
• spi: spi-fsl-dspi: restrict register range for regmap access (Larisa Grigore)
• mm/page_alloc.c: avoid infinite retries caused by cpuset race (Tianyang Zhang)
• drm/edid: fixed the bug that hdr metadata was not reset (Feijuan Li)
• llc: fix data loss when reading from a socket in llc_ui_recvmsg() (Gavrilov Ilia)
• ALSA: pcm: Fix race of buffer access at PCM OSS layer (Takashi Iwai) [Orabug: 38095147] {CVE-2025-38078}
• can: bcm: add missing rcu read protection for procfs content (Oliver Hartkopp) [Orabug: 38049371] {CVE-2025-38003}
• can: bcm: add locking for bcm_op runtime updates (Oliver Hartkopp) [Orabug: 38049376] {CVE-2025-38004}
• crypto: algif_hash - fix double free in hash_accept (Ivan Pravdin) [Orabug: 38095156] {CVE-2025-38079}
• sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Cong Wang) [Orabug: 38049359] {CVE-2025-38000}
• net: dwmac-sun8i: Use parsed internal PHY address instead of 1 (Paul Kocialkowski)
• bridge: netfilter: Fix forwarding of fragmented packets (Ido Schimmel)
• xfrm: Sanitize marks before insert (Paul Chaignon)
• __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (Al Viro) [Orabug: 38095002] {CVE-2025-38058}
• xenbus: Allow PVH dom0 a non-local xenstore (Jason Andryuk)
• btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (Goldwyn Rodrigues) [Orabug: 38094858] {CVE-2025-38034}
• nvmet-tcp: don't restore null sk_state_change (Alistair Francis) [Orabug: 38094865] {CVE-2025-38035}
• ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 (Takashi Iwai)
• pinctrl: meson: define the pull up/down resistor value as 60 kOhm (Martin Blumenstingl)
• drm: Add valid clones check (Jessica Zhang)
• drm/atomic: clarify the rules around drm_atomic_state->allow_modeset (Simona Vetter)
• regulator: ad5398: Add device tree support (Isaac Scott)
• wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate (Bitterblue Smith)
• bpftool: Fix readlink usage in get_fd_type (Viktor Malik)
• HID: usbkbd: Fix the bit shift number for LED_KANA (Junan)
• scsi: st: Restore some drive settings after reset (Kai Makisara)
• scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (Justin Tee)
• rcu: fix header guard for rcu_all_qs() (Ankur Arora)
• rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y (Ankur Arora)
• vxlan: Annotate FDB data races (Ido Schimmel) [Orabug: 38094881] {CVE-2025-38037}
• hwmon: (xgene-hwmon) use appropriate type for the latency value (Andrey Vatoropin)
• ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). (Kuniyuki Iwashima)
• net/mlx5e: reduce rep rxq depth to 256 for ECPF (William Tu)
• net/mlx5e: set the tx_queue_len for pfifo_fast (William Tu)
• net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB (Alexei Lazar)
• phy: core: don't require set_mode() callback for phy_get_mode() to work (Dmitry Baryshkov)
• net/mlx4_core: Avoid impossible mlx4_db_alloc() order value (Kees Cook)
• smack: recognize ipv4 CIPSO w/o categories (Konstantin Andreev)
• pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map (Valentin Caron)
• ASoC: ops: Enforce platform maximum on initial value (Martin Poviser)
• net/mlx5: Apply rate-limiting to high temperature warning (Shahar Shitrit)
• net/mlx5: Modify LSB bitmask in temperature event to include only the first bit (Shahar Shitrit)
• ACPI: HED: Always initialize before evged (Xiaofei Tan)
• PCI: Fix old_size lower bound in calculate_iosize() too (Ilpo Jarvinen)
• EDAC/ie31200: work around false positive build warning (Arnd Bergmann)
• net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (Peter Seiderer) [Orabug: 38095027] {CVE-2025-38061}
• wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU (Bitterblue Smith)
• scsi: mpt3sas: Send a diag reset if target reset fails (Shivasharan S)
• MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core (Paul Burton)
• MIPS: Use arch specific syscall name match function (Bibo Mao)
• cpuidle: menu: Avoid discarding useful information (Rafael J. Wysocki)
• x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() (Waiman Long)
• bonding: report duplicate MAC address in all situations (Hangbin Liu)
• net: xgene-v2: remove incorrect ACPI_PTR annotation (Arnd Bergmann)
• drm/amdkfd: KFD release_work possible circular locking (Philip Yang)
• net/mlx5: Avoid report two health errors on same syndrome (Moshe Shemesh)
• fpga: altera-cvp: Increase credit timeout (Kuhanh Murugasen Krishnan)
• drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence (AngeloGioacchino Del Regno)
• hwmon: (gpio-fan) Add missing mutex locks (Alexander Stein)
• x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 (Breno Leitao)
• net: pktgen: fix mpls maximum labels list parsing (Peter Seiderer)
• pinctrl: bcm281xx: Use 'unsigned int' instead of bare 'unsigned' (Artur Weber)
• media: cx231xx: set device_caps for 417 (Hans Verkuil) [Orabug: 38094937] {CVE-2025-38044}
• orangefs: Do not truncate file size (Matthew Wilcox) [Orabug: 38095058] {CVE-2025-38065}
• dm cache: prevent BUG_ON by blocking retries on failed device resumes (Ming-Hung Tsai) [Orabug: 38095065] {CVE-2025-38066}
• media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() (Markus Elfring)
• ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 (Svyatoslav Ryhel)
• ieee802154: ca8210: Use proper setters and getters for bitwise types (Andy Shevchenko)
• rtc: ds1307: stop disabling alarms on probe (Alexandre Belloni)
• powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 (Andreas Schwab)
• mmc: sdhci: Disable SD card clock before changing parameters (Erick Shepherd)
• netfilter: conntrack: Bound nf_conntrack sysctl writes (Nicolas Bouchinet)
• posix-timers: Add cond_resched() to posix_timer_add() search loop (Eric Dumazet)
• xen: Add support for XenServer 6.1 platform device (Frediano Ziglio)
• dm: restrict dm device size to 2^63-512 bytes (Mikulas Patocka)
• kbuild: fix argument parsing in scripts/config (Seyediman Seyedarab)
• scsi: st: ERASE does not change tape location (Kai Makisara)
• scsi: st: Tighten the page format heuristics with MODE SELECT (Kai Makisara)
• ext4: reorder capability check last (Christian Gottsche)
• um: Update min_low_pfn to match changes in uml_reserved (Tiwei Bie)
• um: Store full CSGSFS and SS register from mcontext (Benjamin Berg)
• btrfs: send: return -ENAMETOOLONG when attempting a path that is too long (Filipe Manana)
• btrfs: avoid linker error in btrfs_find_create_tree_block() (Mark Harmstone)
• i2c: pxa: fix call balance of i2c->clk handling routines (Vitalii Mordan)
• mmc: host: Wait for Vdd to settle on card power off (Erick Shepherd)
• libnvdimm/labels: Fix divide error in nd_label_data_init() (Robert Richter) [Orabug: 38095111] {CVE-2025-38072}
• pNFS/flexfiles: Report ENETDOWN as a connection error (Trond Myklebust)
• tools/build: Don't pass test log files to linker (Ian Rogers)
• dql: Fix dql->limit value when reset. (Jing Su)
• SUNRPC: rpc_clnt_set_transport() must not change the autobind setting (Trond Myklebust)
• NFSv4: Treat ENETUNREACH errors as fatal for state recovery (Trond Myklebust)
• fbdev: core: tileblit: Implement missing margin clearing for tileblit (Zsolt Kajtar)
• fbdev: fsl-diu-fb: add missing device_remove_file() (Shixiong Ou)
• mailbox: use error ret code of of_parse_phandle_with_args() (Tudor Ambarus)
• kconfig: merge_config: use an empty file as initfile (Daniel Gomez)
• cgroup: Fix compilation issue due to cgroup_mutex not being exported (Gao Xu)
• dma-mapping: avoid potential unused data compilation warning (Marek Szyprowski)
• scsi: target: iscsi: Fix timeout on deleted connection (Dmitry Bogdanov) [Orabug: 38095136] {CVE-2025-38075}
• openvswitch: Fix unsafe attribute parsing in output_userspace() (Eelco Chaudron) [Orabug: 38015150] {CVE-2025-37998}
• Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (Aditya Garg)
• Input: synaptics - enable SMBus for HP Elitebook 850 G1 (Dmitry Torokhov)
• clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() (Sebastian Andrzej Siewior)
• phy: renesas: rcar-gen3-usb2: Set timing registers only once (Claudiu Beznea)
• phy: Fix error handling in tegra_xusb_port_init (Ma Ke)
• ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (Xu Wang)
• NFSv4/pnfs: Reset the layout state after a layoutreturn (Trond Myklebust)
• NFSv4/pnfs: pnfs_set_layout_stateid() should update the layout cred (Trond Myklebust)
• qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() (Abdun Nihaal)
• ALSA: sh: SND_AICA should depend on SH_DMA_API (Geert Uytterhoeven)
• net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING (Vladimir Oltean)
• spi: loopback-test: Do not split 1024-byte hexdumps (Geert Uytterhoeven)
• nfs: handle failure of nfs_get_lock_context in unlock path (Li Lingfeng) [Orabug: 38094820] {CVE-2025-38023}
• RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (Zhu Yanjun) [Orabug: 38094829] {CVE-2025-38024}
• iio: chemical: sps30: use aligned_s64 for timestamp (David Lechner)
• iio: adc: ad7768-1: Fix insufficient alignment of timestamp. (Jonathan Cameron)
• staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (Gabriel)
• staging: axis-fifo: avoid parsing ignored device tree properties (Quentin Deslandes)
• staging: axis-fifo: Remove hardware resets for user errors (Gabriel)
• staging: axis-fifo: replace spinlock with mutex (Quentin Deslandes)
• platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (Hans de Goede)
• do_umount(): add missing barrier before refcount checks in sync case (Al Viro)
• MIPS: Fix MAX_REG_OFFSET (Thorsten Blum)
• iio: adc: dln2: Use aligned_s64 for timestamp (Jonathan Cameron)
• types: Complement the aligned types with signed 64-bit one (Andy Shevchenko)
• usb: usbtmc: Fix erroneous generic_read ioctl return (Dave Penkler)
• usb: usbtmc: Fix erroneous wait_srq ioctl return (Dave Penkler)
• usb: usbtmc: Fix erroneous get_stb ioctl error returns (Dave Penkler)
• USB: usbtmc: use interruptible sleep in usbtmc_read (Oliver Neukum)
• usb: typec: ucsi: displayport: Fix NULL pointer access (Andrei Kuchynski) [Orabug: 38015128] {CVE-2025-37994}
• usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (Rd Babiera)
• ocfs2: stop quota recovery before disabling quotas (Jan Kara)
• ocfs2: implement handshaking with ocfs2 recovery thread (Jan Kara)
• ocfs2: switch osb->disable_recovery to enum (Jan Kara)
• module: ensure that kobject_put() is safe for module type kobjects (Dmitry Antipov) [Orabug: 38015133] {CVE-2025-37995}
• xenbus: Use kref to track req lifetime (Jason Andryuk) [Orabug: 37976936] {CVE-2025-37949}
• usb: uhci-platform: Make the clock really optional (Alexey Charkov)
• iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (Silvano Seva) [Orabug: 37977033] {CVE-2025-37969}
• iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (Silvano Seva) [Orabug: 37977039] {CVE-2025-37970}
• iio: adis16201: Correct inclinometer channel resolution (Gabriel)
• iio: adc: ad7606: fix serial register access (Angelo Dureghello)
• staging: iio: adc: ad7816: Correct conditional logic for store mode (Gabriel)
• Input: synaptics - enable InterTouch on Dell Precision M3800 (Aditya Garg)
• Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (Aditya Garg)
• Input: synaptics - enable InterTouch on Dynabook Portege X30-D (Manuel Fombuena)
• net: dsa: b53: fix learning on VLAN unaware bridges (Jonas Gorski)
• netfilter: ipset: fix region locking in hash types (Jozsef Kadlecsik) [Orabug: 38015143] {CVE-2025-37997}
• sch_htb: make htb_deactivate() idempotent (Cong Wang) [Orabug: 38186817] {CVE-2025-37953}
• dm: fix copying after src array boundaries (Tudor Ambarus)
• iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (Pavel Paklov) [Orabug: 37976839] {CVE-2025-37927}
• arm64: dts: rockchip: fix iface clock-name on px30 iommus (Heiko Stuebner)
• usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (Fedor Pchelkin)
• usb: chipidea: ci_hdrc_imx: use dev_err_probe() (Alexander Stein)
• usb: chipidea: imx: refine the error handling for hsic (Peter Chen)
• usb: chipidea: imx: change hsic power regulator as optional (Peter Chen)
• irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (Suzuki K Poulose) [Orabug: 37930014] {CVE-2025-37819}
• irqchip/gic-v2m: Mark a few functions __init (Thomas Gleixner)
• irqchip/gic-v2m: Add const to of_device_id (Xiang Wangx)
• sch_htb: make htb_qlen_notify() idempotent (Cong Wang) [Orabug: 37976860] {CVE-2025-37932}
• of: module: add buffer overflow check in of_modalias() (Sergey Shtylyov) [Orabug: 36753382] {CVE-2024-38541}
• PCI: imx6: Skip controller_id generation logic for i.MX7D (Richard Zhu)
• net: fec: ERR007885 Workaround for conventional TX (Mattias Barthel)
• net: lan743x: Fix memleak issue when GSO enabled (Thangaraj Samynathan) [Orabug: 37976767] {CVE-2025-37909}
• lan743x: fix endianness when accessing descriptors (Alexey Denisov)
• lan743x: remove redundant initialization of variable current_head_index (Colin Ian King)
• nvme-tcp: fix premature queue removal and I/O failover (Michael Liang)
• net: dlink: Correct endianness handling of led_mode (Simon Horman)
• net_sched: qfq: Fix double list add in class with netem as child qdisc (Victor Nogueira) [Orabug: 37976785] {CVE-2025-37913}
• net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (Victor Nogueira) [Orabug: 37967412] {CVE-2025-37890}
• net_sched: drr: Fix double list add in class with netem as child qdisc (Victor Nogueira) [Orabug: 37976794] {CVE-2025-37915}
• net/mlx5: E-Switch, Initialize MAC Address for Default GID (Maor Gottlieb)
• tracing: Fix oob write in trace_seq_to_buffer() (Jeongjun Park) [Orabug: 37976823] {CVE-2025-37923}
• dm: always update the array size in realloc_argv on success (Benjamin Marzinski)
• dm-integrity: fix a warning on invalid table line (Mikulas Patocka)
• wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (Xu Wang) [Orabug: 37977121] {CVE-2025-37990}
• amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload (Vishal Badole)
• parisc: Fix double SIGFPE crash (Helge Deller) [Orabug: 37977129] {CVE-2025-37991}
• i2c: imx-lpi2c: Fix clock count when probe defers (Clark Wang)
• EDAC/altera: Set DDR and SDMMC interrupt mask before registration (Niravkumar L Rabara)
• EDAC/altera: Test the correct error reg offset (Niravkumar L Rabara)

[5.4.17-2136.346.1]

• scsi: qedf: Wait for stag work during unload (Saurav Kashyap) [Orabug: 37296386]
• scsi: qedf: Don't process stag work during unload and recovery (Saurav Kashyap) [Orabug: 37296386]