ELSA-2025-25755

Описание

[5.4.17-2136.349.3.1]

• i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38604171] {CVE-2025-39973}
• i40e: increase max descriptors for XL710 (Justin Bronder) [Orabug: 38604171] {CVE-2025-39973}

[5.4.17-2136.349.3]

• Revert 'net/mlx5e: Update and set Xon/Xoff upon MTU set' (Jakub Kicinski) [Orabug: 38545204]
• KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (Sean Christopherson) [Orabug: 38494247]
• rds: Free all frags when rds_ib_recv_cache_put() fails (Hans Westgaard Ry) [Orabug: 38492234]

[5.4.17-2136.349.2]

• bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags (Alan Maguire) [Orabug: 36699199]

[5.4.17-2136.349.1]

• NFSv4: Don't clear capabilities that won't be reset (Trond Myklebust)
• power: supply: bq27xxx: restrict no-battery detection to bq27000 (H. Nikolaus Schaller)
• power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (H. Nikolaus Schaller)
• usb: hub: Fix flushing of delayed work used for post resume purposes (Mathias Nyman)
• soc: qcom: mdt_loader: Deal with zero e_shentsize (Bjorn Andersson)
• Revert 'net/mlx5e: Update and set Xon/Xoff upon port speed set' (Tariq Toukan)
• LTS tag: v5.4.299 (Alok Tiwari)
• scsi: lpfc: Fix buffer free/clear order in deferred receive path (John Evans) [Orabug: 38456754] {CVE-2025-39841}
• dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
• cifs: fix integer overflow in match_server() (Roman Smirnov)
• spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (Larisa Grigore)
• spi: spi-fsl-lpspi: Set correct chip-select polarity bit (Larisa Grigore)
• spi: spi-fsl-lpspi: Fix transmissions when using CONT (Larisa Grigore)
• pcmcia: Add error handling for add_interval() in do_validate_mem() (Xu Wang)
• ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (Takashi Iwai)
• randstruct: gcc-plugin: Fix attribute addition (Kees Cook)
• randstruct: gcc-plugin: Remove bogus void member (Kees Cook)
• vmxnet3: update MTU after device quiesce (Ronak Doshi)
• net: dsa: microchip: linearize skb for tail-tagging switches (Jakob Unterwurzacher)
• net: dsa: microchip: update tag_ksz masks for KSZ9477 family (Pieter Van Trappen)
• dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (Qiu-Ji Chen)
• ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (Chris Chiu)
• gpio: pca953x: fix IRQ storm on system wake up (Emanuele Ghidoli)
• iio: light: opt3001: fix deadlock due to concurrent flag access (Luca Ceresoli) [Orabug: 37977028] {CVE-2025-37968}
• iio: chemical: pms7003: use aligned_s64 for timestamp (David Lechner)
• cpufreq/sched: Explicitly synchronize limits_changed flag handling (Rafael J. Wysocki)
• mm/slub: avoid accessing metadata when pointer is invalid in object_err() (Li Qiong) [Orabug: 38494761] {CVE-2025-39902}
• mm/khugepaged: fix ->anon_vma race (Jann Horn)
• e1000e: fix heap overflow in e1000_set_eeprom (Vitaly Lifshits) [Orabug: 38494740] {CVE-2025-39898}
• batman-adv: fix OOB read/write in network-coding decode (Stanislav Fort)
• drm/amdgpu: drop hw access in non-DC audio fini (Alex Deucher)
• wifi: mwifiex: Initialize the chan_stats array to zero (Rong Qianfeng) [Orabug: 38494723] {CVE-2025-39891}
• pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (Ma Ke)
• ALSA: usb-audio: Add mute TLV for playback volumes on some devices (Cryolitia Pukngae)
• ppp: fix memory leak in pad_compress_skb (Qingfang Deng) [Orabug: 38456781] {CVE-2025-39847}
• net: atm: fix memory leak in atm_register_sysfs when device_register fail (Wang Liang)
• ax25: properly unshare skbs in ax25_kiss_rcv() (Eric Dumazet)
• ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() (Dan Carpenter)
• net: thunder_bgx: add a missing of_node_put (Rosen Penev)
• wifi: libertas: cap SSID len in lbs_associate() (Dan Carpenter)
• wifi: cw1200: cap SSID length in cw1200_do_join() (Dan Carpenter)
• net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets (Felix Fietkau)
• i40e: Fix potential invalid access when MAC list is empty (Zhen Ni) [Orabug: 38456814] {CVE-2025-39853}
• icmp: fix icmp_ndo_send address translation for reply direction (Fabian Blase)
• mISDN: Fix memory leak in dsp_hwec_enable() (Miaoqian Lin)
• xirc2ps_cs: fix register access when enabling FullDuplex (Alok Tiwari)
• Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (Kuniyuki Iwashima) [Orabug: 38456834] {CVE-2025-39860}
• netfilter: conntrack: helper: Replace -EEXIST by -EBUSY (Phil Sutter)
• wifi: cfg80211: fix use-after-free in cmp_bss() (Dmitry Antipov) [Orabug: 38456860] {CVE-2025-39864}
• powerpc: boot: Remove leading zero in label in udelay() (Nathan Chancellor)