ELSA-2026-50134

Описание

[5.4.17-2136.352.5.1]

• xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca) [Orabug: 39016499]
• xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 39016499]
• Revert 'xfrm: destroy xfrm_state synchronously on net exit path' (Sabrina Dubroca) [Orabug: 39016499]
• xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 39016501] {CVE-2025-40215}

[5.4.17-2136.352.5]

• crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907] {CVE-2025-40022}

[5.4.17-2136.352.4]

• arm64: pensando: Must boot Ortano kernel with spin-table (Rob Gardner) [Orabug: 38821197]

[5.4.17-2136.352.3]

• net/sched: adjust device watchdog timer to detect stopped queue at right time (Praveen Kumar Kannoju) [Orabug: 38340278]
• net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change (Praveen Kumar Kannoju) [Orabug: 38252416]
• infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. (Siddh Raman Pant) [Orabug: 38418469]
• infiniband/xsigo: xsvnic_main: Remove unused functions (Siddh Raman Pant) [Orabug: 38418469]
• infiniband/xsigo: xve_cm: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
• infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' (Siddh Raman Pant) [Orabug: 38418469]
• infiniband/xsigo: xve_ib: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
• infiniband/xsigo: xve_ib: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
• infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' (Siddh Raman Pant) [Orabug: 38418469]
• infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' (Siddh Raman Pant) [Orabug: 38418469]
• infiniband/xsigo: xve_main: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
• infiniband/xsigo: xve_main: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
• inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' (Siddh Raman Pant) [Orabug: 38418469]
• infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' (Siddh Raman Pant) [Orabug: 38418469]
• rds: Fix jiffies type in struct rds_conn_path (Siddh Raman Pant) [Orabug: 38418727]
• kernel: sysctl: Remove unused variable 'zero' (Siddh Raman Pant) [Orabug: 38418727]
• crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537469] {CVE-2025-39964}
• RDMA/cm: Base cm_id destruction timeout on CMA values (Hakon Bugge) [Orabug: 38753622]
• x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756954]

[5.4.17-2136.352.2]

• LTS tag: v5.4.302 (Sherry Yang)
• Input: pegasus-notetaker - fix potential out-of-bounds access (Seungjin Bae)
• Input: remove third argument of usb_maxpacket() (Vincent Mailhol)
• usb: deprecate the third argument of usb_maxpacket() (Vincent Mailhol)
• fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737034,38786776,38787139] {CVE-2025-40271}
• pmdomain: imx: Fix reference count leak in imx_gpc_remove (Miaoqian Lin)
• pmdomain: arm: scmi: Fix genpd leak on provider registration failure (Sudeep Holla)
• net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug: 38773510] {CVE-2025-68245}
• net: qede: Initialize qede_ll_ops with designated initializer (Nathan Chancellor)
• net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon)
• ALSA: usb-audio: fix uac2 clock source at terminal parser (Rene Rebe)
• mm/page_alloc: fix hash table order logging in alloc_large_system_hash() (Isaac J. Manjarres)
• kconfig/nconf: Initialize the default locale at startup (Jakub Horky)
• kconfig/mconf: Initialize the default locale at startup (Jakub Horky)
• vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730612] {CVE-2025-40248}
• s390/ctcm: Fix double-kfree (Aleksei Nikiforov)
• net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730650] {CVE-2025-40254}
• mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan)
• MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki)
• scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773441] {CVE-2025-68229}
• scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730664] {CVE-2025-40259}
• Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730681] {CVE-2025-40263}
• be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730691] {CVE-2025-40264}
• isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798908] {CVE-2025-68734}
• EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection (Niravkumar L Rabara)
• EDAC/altera: Handle OCRAM ECC enable after warm reset (Niravkumar L Rabara)
• spi: Try to get ACPI GPIO IRQ earlier (Hans de Goede)
• ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773496] {CVE-2025-68241}
• strparser: Fix signed/unsigned mismatch bug (Nate Karstens)
• gcov: add support for GCC 15 (Peter Oberparleiter)
• mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs)
• ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug: 38737052] {CVE-2025-40275}
• drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737061] {CVE-2025-40277}
• ASoC: cs4271: Fix regulator leak on probe failure (Xu Wang)
• regulator: fixed: fix GPIO descriptor leak on register failure (Xu Wang)
• regulator: fixed: use dev_err_probe for register (Chris Morgan)
• Bluetooth: L2CAP: export l2cap_chan_hold for modules (Pauli Virtanen)
• net_sched: limit try_bulk_dequeue_skb() batches (Eric Dumazet)
• net_sched: remove need_resched() from qdisc_run() (Eric Dumazet)
• net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps (Gal Pressman)
• net/mlx5e: Fix maxrate wraparound in threshold between units (Gal Pressman)
• net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (Ranganath V N)
• wifi: mac80211: skip rate verification for not captured PSDUs (Benjamin Berg)
• net: mdio: fix resource leak in mdiobus_register_device() (Csaba Buday)
• tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38737084] {CVE-2025-40280}
• tipc: simplify the finalize work queue (Xin Long)
• sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug: 38737091] {CVE-2025-40281}
• sctp: get netns from asoc and ep base (Xin Long)
• Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (Pauli Virtanen)
• Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (Pauli Virtanen)
• Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (Pauli Virtanen)
• Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737104] {CVE-2025-40283}
• net: fec: correct rx_bytes statistic for the case SHIFT16 is set (Wei Fang)
• ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (Sharique Mohammad)
• HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (Tristan Lobb)
• NFS4: Fix state renewals missing after boot (Joshua Watt)
• compiler_types: Move unused static inline functions warning to W=2 (Peter Zijlstra)
• extcon: adc-jack: Cleanup wakeup source only if it was enabled (Krzysztof Kozlowski)
• tracing: Fix memory leaks in create_field_var() (Zilin Guan)
• net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773283] {CVE-2025-68192}
• sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747447] {CVE-2025-40331}
• sctp: Hold RCU read lock while iterating over address list (Stefan Wiehler)
• net: dsa: b53: stop reading ARL entries if search is done (Jonas Gorski)
• net: dsa: b53: fix enabling ip multicast (Jonas Gorski)
• net: dsa: b53: fix resetting speed and pause on forced link (Jonas Gorski)
• net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 (Alvaro Fernandez Rojas)
• net: dsa/b53: change b53_force_port_config() pause argument (Russell King)
• net: vlan: sync VLAN features with lower device (Hangbin Liu)
• ceph: add checking of wait_for_completion_killable() return value (Viacheslav Dubeyko)
• fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug: 38737182] {CVE-2025-40304}
• ACPI: property: Return present device nodes only on fwnode interface (Sakari Ailus)
• 9p: sysfs_init: don't hardcode error to ENOMEM (Randall P. Embry)
• 9p: fix /sys/fs/9p/caches overwriting itself (Randall P. Embry)
• fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink (Yikang Yue)
• ACPICA: Update dsmethod.c to get rid of unused variable warning (Saket Dumbre)
• orangefs: fix xattr related buffer overflow... (Mike Marshall)
• page_pool: Clamp pool size to max 16K pages (Dragos Tatulea)
• Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737213] {CVE-2025-40308}
• Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737224] {CVE-2025-40309}
• net: macb: avoid dealing with endianness in macb_set_hwaddr() (Theo Lebrun)
• nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (Al Viro) [Orabug: 38773245] {CVE-2025-68185}
• NFSv4.1: fix mount hang after CREATE_SESSION failure (Anthony Iliopoulos)
• NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia)
• remoteproc: qcom: q6v5: Avoid handling handover twice (Stephan Gerhold)
• sparc/module: Add R_SPARC_UA64 relocation handling (Koakuma)
• net: intel: fm10k: Fix parameter idx set but not used (Brahmajit Das)
• jfs: fix uninitialized waitqueue in transaction manager (Shaurya Rane)
• jfs: Verify inode mode when loading from disk (Tetsuo Handa)
• ipv6: np->rxpmtu race annotation (Eric Dumazet)
• usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (Krishna Kurapati)
• usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (Forest Crossman)
• allow finish_no_open(file, ERR_PTR(-E...)) (Al Viro)
• scsi: lpfc: Define size of debugfs entry for xri rebalancing (Justin Tee)
• scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (Justin Tee)
• selftests/Makefile: include in clean target to clean net/lib dependency (Nai-Chen Cheng)
• net/cls_cgroup: Fix task_get_classid() during qdisc run (Yafang Shao)
• selftests: Replace sleep with slowwait (David Ahern)
• selftests: Disable dad for ipv6 in fcnal-test.sh (David Ahern)
• media: redrat3: use int type to store negative error codes (Rong Qianfeng)
• net: sh_eth: Disable WoL if system can not suspend (Niklas Soderlund)
• phy: cadence: cdns-dphy: Enable lower resolutions in dphy (Harikrishna Shenoy)
• usb: gadget: f_hid: Fix zero length packet transfer (William Wu)
• net: call cond_resched() less often in __release_sock() (Eric Dumazet)
• ALSA: usb-audio: apply quirk for MOONDROP Quark2 (Cryolitia Pukngae)
• net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (Juraj Sarinay)
• dmaengine: dw-edma: Set status for callback_result (Devendra K Verma)
• dmaengine: mv_xor: match alloc_wc and free_wc (Rosen Penev)
• dmaengine: sh: setup_xref error handling (Thomas Andreatta)
• scsi: pm8001: Use int instead of u32 to store error codes (Rong Qianfeng)
• mips: lantiq: xway: sysctrl: rename stp clock (Aleksander Jan Bajkowski)
• mips: lantiq: danube: add missing device_type in pci node (Aleksander Jan Bajkowski)
• mips: lantiq: danube: add missing properties to cpu node (Aleksander Jan Bajkowski)
• media: fix uninitialized symbol warnings (Chelsy Ratnawat)
• drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (Amber Lin)
• extcon: adc-jack: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
• PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (Sungho Kim)
• net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. (Kuniyuki Iwashima)
• net: When removing nexthops, don't call synchronize_net if it is not necessary (Christoph Paasch)
• char: misc: Does not request module for miscdevice with dynamic minor (Zijun Hu)
• usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (Raub Camaioni)
• iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (Rodrigo Gobbi)
• media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773298] {CVE-2025-68194}
• net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773141] {CVE-2025-40363}
• bridge: Redirect to backup port when port is administratively down (Ido Schimmel)
• powerpc/eeh: Use result of error_detected() in uevent (Niklas Schnelle)
• x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall (Kirill A. Shutemov)
• media: pci: ivtv: Don't create fake v4l2_fh (Laurent Pinchart)
• drm/amdkfd: return -ENOTTY for unsupported IOCTLs (Geoffrey Mcrae)
• selftests/net: Ensure assert() triggers in psock_tpacket.c (Wake Liu)
• selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 (Wake Liu)
• PCI: Disable MSI on RDC PCI to PCIe bridges (Marcos Del Sol Vives)
• drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (Seyediman Seyedarab)
• mfd: madera: Work around false-positive -Wininitialized warning (Arnd Bergmann)
• mfd: stmpe-i2c: Add missing MODULE_LICENSE (Alexander Stein)
• mfd: stmpe: Remove IRQ domain upon removal (Alexander Stein)
• tools/power x86_energy_perf_policy: Prefer driver HWP limits (Len Brown)
• tools/power x86_energy_perf_policy: Enhance HWP enable (Len Brown)
• tools/cpupower: Fix incorrect size in cpuidle_state_disable() (Kaushlendra Kumar)
• hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (Armin Wolf)
• uprobe: Do not emulate/sstep original instruction when ip is changed (Jiri Olsa)
• clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel (Daniel Lezcano)
• video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (Svyatoslav Ryhel)
• tee: allow a driver to allocate a tee_device without a pool (Amirreza Zarrabi)
• ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (Hans de Goede)
• mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (Sarthak Garg)
• irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment (Christian Bruel)
• arc: Fix __fls() const-foldability via __builtin_clzl() (Kees Cook)
• cpufreq/longhaul: handle NULL policy in longhaul_exit (Dennis Beier)
• selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 (Ricardo B. Marliere)
• ACPI: video: force native for Lenovo 82K8 (Mario Limonciello)
• memstick: Add timeout to prevent indefinite waiting (Jiayi Li)
• mmc: host: renesas_sdhi: Fix the actual clock (Biju Das)
• bpf: Don't use %pK through printk (Thomas Weissschuh)
• spi: loopback-test: Don't use %pK through printk (Thomas Weissschuh)
• soc: qcom: smem: Fix endian-unaware access of num_entries (Jens Reidel)
• usb: gadget: f_fs: Fix epfile null pointer access after ep enable. (Owen Gu)
• serial: 8250_dw: handle reset control deassert error (Artem Shimko)
• serial: 8250_dw: Use devm_add_action_or_reset() (Andy Shevchenko)
• serial: 8250_dw: Use devm_clk_get_optional() to get the input clock (Andy Shevchenko)
• can: gs_usb: increase max interface to U8_MAX (Celeste Liu)
• devcoredump: Fix circular locking dependency with devcd->mutex. (Maarten Lankhorst)
• net: ravb: Enforce descriptor type ordering (Lad Prabhakar)
• x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (Babu Moger)
• wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug: 38737292] {CVE-2025-40321}
• net: phy: dp83867: Disable EEE support as not implemented (Emanuele Ghidoli)
• regmap: slimbus: fix bus_context pointer in regmap init calls (Alexey Klimov)
• drm/etnaviv: fix flush sequence logic (Tomeu Vizoso)
• usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773784] {CVE-2025-68312}
• wifi: ath10k: Fix memory leak on unsupported WMI command (Loic Poulain)
• ASoC: qdsp6: q6asm: do not sleep while atomic (Srinivas Kandagatla)
• fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (Miaoqian Lin)
• fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (Florian Fuchs)
• fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737301] {CVE-2025-40322}
• ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687005] {CVE-2025-40211}
• fbdev: atyfb: Check if pll_ops->init_pll failed (Daniel Palmer)
• net: usb: asix_devices: Check return value of usbnet_get_endpoints (Miaoqian Lin)
• btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (Filipe Manana)
• x86/bugs: Fix reporting of LFENCE retpoline (David Kaplan)
• net/sched: sch_qfq: Fix null-deref in agg_dequeue (Xiang Mei) [Orabug: 38597085] {CVE-2025-40083}

[5.4.17-2136.352.1]

• RDMA/cm: Rate limit destroy CM ID timeout error message (Hakon Bugge) [Orabug: 38753401]
• soc/pensando: giglio: hack dts to make things right (Rob Gardner) [Orabug: 38688154]
• soc/pensando: Add AMD Pensando Giglio SoC support (Brad Larson) [Orabug: 38688154]
• soc/pensando: psci support (David Clear) [Orabug: 38688154]
• soc/pensando: Giglio SoC eMMC interrupt driver (Brad Larson) [Orabug: 38688154]

[5.4.17-2136.351.3]

• Reapply 'cpuidle: menu: Avoid discarding useful information' (Harshvardhan Jha) [Orabug: 38715366]
• fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38702507]
• uek-rpm: Replace check-kabi tool with kabi (Yifei Liu) [Orabug: 38673382]
• uek-rpm: Introduce check function for uek-rpm/tools/kabi (Yifei Liu) [Orabug: 38673382]

[5.4.17-2136.351.2]

• uek-rpm: kabi: Remove the kabi protection for debug kernels (Yifei Liu) [Orabug: 38609548]
• rds: Add smp_rmb before reading c_destroy_in_prog (Hakon Bugge) [Orabug: 38352486]
• uio_hv_generic: Set event for all channels on the device (Long Li)
• ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel)
• HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng)

[5.4.17-2136.351.1]

• scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (Sumit Saxena) [Orabug: 38630482]

[5.4.17-2136.350.3]

• net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506370]