Oracle alert ELSA-2024-12887 (kernel)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2024-12887 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update | |
| Date: | Thu, 19 Dec 2024 09:20:54 -0800 | |
| Message-ID: | <mailman.200.1734628864.246.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2024-12887 http://linux.oracle.com/errata/ELSA-2024-12887.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: aarch64: bpftool-5.15.0-303.171.5.2.el9uek.aarch64.rpm kernel-uek-5.15.0-303.171.5.2.el9uek.aarch64.rpm kernel-uek-container-5.15.0-303.171.5.2.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-303.171.5.2.el9uek.aarch64.rpm kernel-uek-core-5.15.0-303.171.5.2.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-303.171.5.2.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-303.171.5.2.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-303.171.5.2.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-303.171.5.2.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-303.171.5.2.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-303.171.5.2.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-303.171.5.2.el9uek.noarch.rpm kernel-uek-modules-5.15.0-303.171.5.2.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-303.171.5.2.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.... Related CVEs: CVE-2023-52904 CVE-2024-26921 CVE-2024-27017 CVE-2024-27072 CVE-2024-36893 CVE-2024-38384 CVE-2024-38545 CVE-2024-38632 CVE-2024-38663 CVE-2024-39463 CVE-2024-40953 CVE-2024-41016 CVE-2024-43816 CVE-2024-43845 CVE-2024-44931 CVE-2024-45001 CVE-2024-46695 CVE-2024-46849 CVE-2024-46852 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855 CVE-2024-46858 CVE-2024-46859 CVE-2024-46865 CVE-2024-47670 CVE-2024-47671 CVE-2024-47672 CVE-2024-47673 CVE-2024-47679 CVE-2024-47684 CVE-2024-47685 CVE-2024-47690 CVE-2024-47692 CVE-2024-47693 CVE-2024-47695 CVE-2024-47696 CVE-2024-47697 CVE-2024-47698 CVE-2024-47699 CVE-2024-47701 CVE-2024-47705 CVE-2024-47709 CVE-2024-47710 CVE-2024-47712 CVE-2024-47713 CVE-2024-47718 CVE-2024-47720 CVE-2024-47723 CVE-2024-47734 CVE-2024-47735 CVE-2024-47737 CVE-2024-47739 CVE-2024-47740 CVE-2024-47742 CVE-2024-47747 CVE-2024-47748 CVE-2024-47749 CVE-2024-47756 CVE-2024-47757 CVE-2024-49851 CVE-2024-49852 CVE-2024-49856 CVE-2024-49858 CVE-2024-49860 CVE-2024-49866 CVE-2024-49867 CVE-2024-49868 CVE-2024-49871 CVE-2024-49875 CVE-2024-49877 CVE-2024-49878 CVE-2024-49879 CVE-2024-49881 CVE-2024-49882 CVE-2024-49883 CVE-2024-49884 CVE-2024-49886 CVE-2024-49889 CVE-2024-49890 CVE-2024-49892 CVE-2024-49894 CVE-2024-49895 CVE-2024-49896 CVE-2024-49900 CVE-2024-49902 CVE-2024-49903 CVE-2024-49907 CVE-2024-49913 CVE-2024-49924 CVE-2024-49927 CVE-2024-49930 CVE-2024-49933 CVE-2024-49935 CVE-2024-49936 CVE-2024-49938 CVE-2024-49944 CVE-2024-49946 CVE-2024-49948 CVE-2024-49949 CVE-2024-49952 CVE-2024-49954 CVE-2024-49955 CVE-2024-49957 CVE-2024-49959 CVE-2024-49962 CVE-2024-49963 CVE-2024-49965 CVE-2024-49966 CVE-2024-49967 CVE-2024-49969 CVE-2024-49973 CVE-2024-49977 CVE-2024-49981 CVE-2024-49982 CVE-2024-49983 CVE-2024-49985 CVE-2024-49993 CVE-2024-49995 CVE-2024-49997 CVE-2024-50000 CVE-2024-50001 CVE-2024-50002 CVE-2024-50003 CVE-2024-50006 CVE-2024-50007 CVE-2024-50008 CVE-2024-50010 CVE-2024-50013 CVE-2024-50015 CVE-2024-50019 CVE-2024-50024 CVE-2024-50031 CVE-2024-50033 CVE-2024-50035 CVE-2024-50038 CVE-2024-50039 CVE-2024-50040 CVE-2024-50041 CVE-2024-50044 CVE-2024-50045 CVE-2024-50046 CVE-2024-50049 CVE-2024-50059 CVE-2024-50062 CVE-2024-50072 CVE-2024-50074 CVE-2024-50082 CVE-2024-50083 CVE-2024-50086 CVE-2024-50089 CVE-2024-50093 CVE-2024-50095 CVE-2024-50096 CVE-2024-50099 CVE-2024-50101 CVE-2024-50103 CVE-2024-50110 CVE-2024-50115 CVE-2024-50116 CVE-2024-50117 CVE-2024-50127 CVE-2024-50128 CVE-2024-50131 CVE-2024-50134 CVE-2024-50141 CVE-2024-50142 CVE-2024-50143 CVE-2024-50148 CVE-2024-50150 CVE-2024-50151 CVE-2024-50153 CVE-2024-50154 CVE-2024-50156 CVE-2024-50160 CVE-2024-50162 CVE-2024-50163 CVE-2024-50167 CVE-2024-50168 CVE-2024-50171 CVE-2024-50179 CVE-2024-50180 CVE-2024-50181 CVE-2024-50182 CVE-2024-50184 CVE-2024-50185 CVE-2024-50188 CVE-2024-50189 CVE-2024-50191 CVE-2024-50192 CVE-2024-50193 CVE-2024-50194 CVE-2024-50195 CVE-2024-50196 CVE-2024-50198 CVE-2024-50199 CVE-2024-50201 CVE-2024-50202 CVE-2024-50205 CVE-2024-50208 CVE-2024-50209 CVE-2024-50210 CVE-2024-50218 CVE-2024-50219 CVE-2024-50228 CVE-2024-50229 CVE-2024-50230 CVE-2024-50232 CVE-2024-50233 CVE-2024-50234 CVE-2024-50236 CVE-2024-50237 CVE-2024-50244 CVE-2024-50245 CVE-2024-50247 CVE-2024-50249 CVE-2024-50251 CVE-2024-50257 CVE-2024-50259 CVE-2024-50262 CVE-2024-53042 CVE-2024-53055 CVE-2024-53057 CVE-2024-53058 CVE-2024-53059 Description of changes: [5.15.0-303.171.5.2.el9uek] - build: populate modules_thick.builtin for dirs containing only modules (Nick Alcock) [Orabug: 37393454] - x86/pkeys: Ensure updated PKRU value is XRSTOR'd (Aruna Ramakrishna) [Orabug: 37384237] - x86/pkeys: Change caller of update_pkru_in_sigframe() (Aruna Ramakrishna) [Orabug: 37384237] - Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orabug: 37383283] [5.15.0-303.171.5.1.el9uek] - sunrpc: fix a NULL deref in svc_process() when ->sv_stats doesn't exist (Calum Mackay) [Orabug: 37346134] [5.15.0-303.171.5.el9uek] - intel_idle: fix ACPI _CST matching for newer Xeon platforms (Artem Bityutskiy) [Orabug: 37249457] - x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (Peter Zijlstra) [Orabug: 37249457] - perf/tests: Add AMX instructions to x86 instruction decoder test (Adrian Hunter) [Orabug: 37249457] - x86/insn: Add AMX instructions to the x86 instruction decoder (Adrian Hunter) [Orabug: 37249457] - intel_idle: add Granite Rapids Xeon support (Artem Bityutskiy) [Orabug: 37249457] - cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again* (Peter Zijlstra) [Orabug: 37249457] - intel_idle: Fix false positive RCU splats due to incorrect hardirqs state (Waiman Long) [Orabug: 37249457] - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (Peter Zijlstra) [Orabug: 37249457] - intel_idle: Add a new flag to initialize the AMX state (Chang S. Bae) [Orabug: 37249457] - x86/fpu: Add a helper to prepare AMX state for low-power CPU idle (Chang S. Bae) [Orabug: 37249457] - intel_idle: enable interrupts before C1 on Xeons (Artem Bityutskiy) [Orabug: 37249457] [5.15.0-303.171.4.el9uek] - rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 (William Kucharski) [Orabug: 37265126] - rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation (William Kucharski) [Orabug: 37265124] - rds: rds_message_alloc() needlessly zeroes m_used_sgs (William Kucharski) [Orabug: 37265122] - rds: tracepoint in rds_receive_csum_err() prints pointless information (William Kucharski) [Orabug: 37265120] - rds: rds_inc_init() should initialize the inc->i_conn_path field (William Kucharski) [Orabug: 37265116] - rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption (William Kucharski) [Orabug: 37265114] - Revert "net/mlx5: disable the 'fast unload' feature on Exadata systems" (Qing Huang) [Orabug: 37285222] - Revert "net/mlx5: pretend 'fast unload' succeeded on Exadata systems" (Qing Huang) [Orabug: 37285222] - RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688618] [Orabug: 37279176] - blk-mq: fix missing blk_account_io_done() in error path (Yu Kuai) [Orabug: 37228086] - rds: Add rds stuck shutdown timeout (Rohit Nair) [Orabug: 37214078] - KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD (Sean Christopherson) [Orabug: 37273739] - KVM: SVM: Create a stack frame in __svm_sev_es_vcpu_run() (Sean Christopherson) [Orabug: 37273739] - KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding (Sean Christopherson) [Orabug: 37273739] - mm/memory-failure: pass the folio and the page to collect_procs() (Matthew Wilcox (Oracle)) [Orabug: 37270260] - LTS version: v5.15.171 (Vijayendra Suman) - mac80211: always have ieee80211_sta_restart() (Johannes Berg) - vt: prevent kernel-infoleak in con_font_get() (Jeongjun Park) - drm/i915: Fix potential context UAFs (Rob Clark) - Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" (Jason-JH.Lin) - mm: shmem: fix data-race in shmem_getattr() (Jeongjun Park) [Orabug: 37268580] {CVE-2024-50228} - wifi: iwlwifi: mvm: fix 6 GHz scan construction (Johannes Berg) [Orabug: 37304734] {CVE-2024-53055} - nilfs2: fix kernel bug due to missing clearing of checked flag (Ryusuke Konishi) [Orabug: 37268588] {CVE-2024-50230} - x86/bugs: Use code segment selector for VERW operand (Pawan Gupta) [Orabug: 37227383] {CVE-2024-50072} - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (Edward Adam Davis) [Orabug: 37268563] {CVE-2024-50218} - mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves (Matt Fleming) [Orabug: 37268568] {CVE-2024-50219} - mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations accesses reserves (Mel Gorman) - mm/page_alloc: explicitly define what alloc flags deplete min reserves (Mel Gorman) - mm/page_alloc: explicitly record high-order atomic allocations in alloc_flags (Mel Gorman) - mm/page_alloc: treat RT tasks similar to __GFP_HIGH (Mel Gorman) - mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE (Mel Gorman) - mm/page_alloc: split out buddy removal code from rmqueue into separate helper (Mel Gorman) - mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked() (Wonhyuk Yang) - mm/page_alloc: call check_new_pages() while zone spinlock is not held (Eric Dumazet) - riscv: Remove duplicated GET_RM (Chunyan Zhang) - riscv: Remove unused GENERATING_ASM_OFFSETS (Chunyan Zhang) - riscv: Use '%u' to format the output of 'cpu' (WangYuli) - riscv: efi: Set NX compat flag in PE/COFF header (Heinrich Schuchardt) - riscv: vdso: Prevent the compiler from inserting calls to memset() (Alexandre Ghiti) - nilfs2: fix potential deadlock with newly created symlinks (Ryusuke Konishi) [Orabug: 37268584] {CVE-2024-50229} - iio: light: veml6030: fix microlux value calculation (Javier Carrasco) - iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (Zicheng Qu) [Orabug: 37268595] {CVE-2024-50232} - staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (Zicheng Qu) [Orabug: 37268597] {CVE-2024-50233} - wifi: iwlegacy: Clear stale interrupts before resuming device (Ville Syrjälä) [Orabug: 37268602] {CVE-2024-50234} - wifi: ath10k: Fix memory leak in management tx (Manikanta Pubbisetty) [Orabug: 37268610] {CVE-2024-50236} - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (Felix Fietkau) [Orabug: 37268613] {CVE-2024-50237} - xhci: Use pm_runtime_get to prevent RPM on unsupported systems (Basavaraj Natikar) - xhci: Fix Link TRB DMA in command ring stopped completion event (Faisal Hassan) - usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (Javier Carrasco) - usb: phy: Fix API devm_usb_put_phy() can not release the phy (Zijun Hu) - usbip: tools: Fix detach_port() invalid port error path (Zongmin Zhou) - misc: sgi-gru: Don't disable preemption in GRU driver (Dimitri Sivanich) - net: amd: mvme147: Fix probe banner message (Daniel Palmer) - scsi: scsi_transport_fc: Allow setting rport state to current state (Benjamin Marzinski) - fs/ntfs3: Additional check in ni_clear() (Konstantin Komarov) [Orabug: 37268638] {CVE-2024-50244} - fs/ntfs3: Fix possible deadlock in mi_read (Konstantin Komarov) [Orabug: 37268644] {CVE-2024-50245} - fs/ntfs3: Fix warning possible deadlock in ntfs_set_state (Konstantin Komarov) - fs/ntfs3: Check if more than chunk-size bytes are written (Andrew Ballance) [Orabug: 37268655] {CVE-2024-50247} - firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (Xiongfeng Wang) - netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (Pablo Neira Ayuso) [Orabug: 37268670] {CVE-2024-50251} - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (Benoît Monin) - netfilter: Fix use-after-free in get_info() (Dong Chenchen) [Orabug: 37268689] {CVE-2024-50257} - bpf: Fix out-of-bounds write in trie_get_next_key() (Byeonguk Jeong) [Orabug: 37268702] {CVE-2024-50262} - netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (Zichen Xie) [Orabug: 37268697] {CVE-2024-50259} - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (Pedro Tammela) [Orabug: 37304740] {CVE-2024-53057} - net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (Furong Xu) [Orabug: 37304745] {CVE-2024-53058} - ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (Christophe JAILLET) - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (Daniel Gabay) [Orabug: 37304749] {CVE-2024-53059} - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (Emmanuel Grumbach) - mac80211: Add support to trigger sta disconnect on hardware restart (Youghandhar Chintala) - mac80211: do drv_reconfig_complete() before restarting all (Johannes Berg) - RDMA/bnxt_re: synchronize the qp-handle table array (Selvin Xavier) - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (Patrisious Haddad) - RDMA/cxgb4: Dump vendor specific QP details (Leon Romanovsky) - wifi: brcm80211: BRCM_TRACING should depend on TRACING (Geert Uytterhoeven) - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (Felix Fietkau) - mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (Geert Uytterhoeven) - cgroup: Fix potential overflow issue when checking max_depth (Xiu Jianfeng) - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (Koba Ko) [Orabug: 37264072] {CVE-2024-50141} - ACPI: PRM: Change handler_addr type to void pointer (Sudeep Holla) - ACPI: PRM: Remove unnecessary blank lines (Aubrey Li) - ksmbd: fix user-after-free from session log off (Namjae Jeon) [Orabug: 37227413] {CVE-2024-50086} - selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (Donet Tom) - LTS version: v5.15.170 (Vijayendra Suman) - xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [Orabug: 37264074] {CVE-2024-50142} - ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (Zichen Xie) [Orabug: 37252324] {CVE-2024-50103} - net: phy: dp83822: Fix reset pin definitions (Michel Alex) - serial: protect uart_port_dtr_rts() in uart_shutdown() too (Jiri Slaby (SUSE)) - selinux: improve error checking in sel_write_load() (Paul Moore) - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Haiyang Zhang) - xfrm: fix one more kernel-infoleak in algo dumping (Petr Vaganov) [Orabug: 37252349] {CVE-2024-50110} - ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (José Relvas) - KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (Sean Christopherson) [Orabug: 37252372] {CVE-2024-50115} - openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) (Aleksa Sarai) - nilfs2: fix kernel bug due to missing clearing of buffer delay flag (Ryusuke Konishi) [Orabug: 37252377] {CVE-2024-50116} - ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (Shubham Panwar) - ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (Christian Heusel) - drm/amd: Guard against bad data for ATIF ACPI method (Mario Limonciello) [Orabug: 37252383] {CVE-2024-50117} - btrfs: zoned: fix zone unusable accounting for freed reserved extent (Naohiro Aota) - ALSA: hda/realtek: Update default depop procedure (Kailang Yang) - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (Andrey Shumilin) [Orabug: 37264274] {CVE-2024-50205} - bpf,perf: Fix perf_event_detach_bpf_prog error handling (Jiri Olsa) - posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (Jinjie Ruan) [Orabug: 37320233] {CVE-2024-50210} - r8169: avoid unsolicited interrupts (Heiner Kallweit) - net: sched: fix use-after-free in taprio_change() (Dmitry Antipov) [Orabug: 37252407] {CVE-2024-50127} - net: wwan: fix global oob in wwan_rtnl_policy (Lin Ma) [Orabug: 37252410] {CVE-2024-50128} - net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x (Peter Rashleigh) - net: plip: fix break; causing plip to never transmit (Jakub Boehm) - be2net: fix potential memory leak in be_xmit() (Wang Hai) [Orabug: 37264143] {CVE-2024-50167} - net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() (Wang Hai) [Orabug: 37264149] {CVE-2024-50168} - xfrm: respect ip protocols rules criteria when performing dst lookups (Eyal Birger) - xfrm: extract dst lookup parameters into a struct (Eyal Birger) - tracing: Consider the NULL character when validating the event length (Leo Yan) [Orabug: 37252415] {CVE-2024-50131} - platform/x86: dell-sysman: add support for alienware products (Crag Wang) - ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (Alexey Klimov) - arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning (junhua huang) - platform/x86: dell-wmi: Ignore suspend notifications (Armin Wolf) - udf: fix uninit-value use in udf_get_fileshortad (Gianfranco Trad) [Orabug: 37264080] {CVE-2024-50143} - arm64: Force position-independent veneers (Mark Rutland) - ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (Shengjiu Wang) - ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (Alexey Klimov) - drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (Hans de Goede) [Orabug: 37252420] {CVE-2024-50134} - exec: don't WARN for racy path_noexec check (Mateusz Guzik) [Orabug: 37206344] {CVE-2024-50010} - XHCI: Separate PORT and CAPs macros into dedicated file (Frank Li) - usb: gadget: Add function wakeup support (Elson Roy Serrao) - KVM: s390: gaccess: Check if guest address is in memslot (Nico Boehr) - KVM: s390: gaccess: Cleanup access to guest pages (Janis Schoetterl-Glausch) - KVM: s390: gaccess: Refactor access address range check (Janis Schoetterl-Glausch) - KVM: s390: gaccess: Refactor gpa and length calculation (Janis Schoetterl-Glausch) - arm64: probes: Fix uprobes for big-endian kernels (Mark Rutland) [Orabug: 37264236] {CVE-2024-50194} - arm64:uprobe fix the uprobe SWBP_INSN in big-endian (junhua huang) - Bluetooth: bnep: fix wild-memory-access in proto_unregister (Ye Bin) [Orabug: 37264096] {CVE-2024-50148} - s390: Initialize psw mask in perf_arch_fetch_caller_regs() (Heiko Carstens) - usb: typec: altmode should keep reference to parent (Thadeu Lima de Souza Cascardo) [Orabug: 37264102] {CVE-2024-50150} - smb: client: fix OOBs when building SMB2_IOCTL request (Paulo Alcantara) [Orabug: 37264107] {CVE-2024-50151} - scsi: target: core: Fix null-ptr-deref in target_alloc_device() (Wang Hai) [Orabug: 37264112] {CVE-2024-50153} - genetlink: hold RCU in genlmsg_mcast() (Eric Dumazet) - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Kuniyuki Iwashima) [Orabug: 37264114] {CVE-2024-50154} - net: systemport: fix potential memory leak in bcm_sysport_xmit() (Wang Hai) [Orabug: 37264156] {CVE-2024-50171} - net: xilinx: axienet: fix potential memory leak in axienet_start_xmit() (Wang Hai) - net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid (Li RongQing) - net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() (Wang Hai) - macsec: don't increment counters for an unrelated SA (Sabrina Dubroca) - net: usb: usbnet: fix race in probe failure (Oliver Neukum) - drm/msm: Allocate memory for disp snapshot with kvzalloc() (Douglas Anderson) - drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (Douglas Anderson) [Orabug: 37264122] {CVE-2024-50156} - drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (Jonathan Marek) - RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (Bhargava Chenna Marreddy) [Orabug: 37264280] {CVE-2024-50208} - RDMA/bnxt_re: Return more meaningful error (Kalesh AP) - ipv4: give an IPv4 dev to blackhole_netdev (Xin Long) - RDMA/irdma: Fix misspelling of "accept*" (Alexander Zubkov) - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (Anumula Murali Mohan Reddy) - ALSA: hda/cs8409: Fix possible NULL dereference (Murad Masimov) [Orabug: 37264129] {CVE-2024-50160} - ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin (Florian Klink) - x86/resctrl: Avoid overflow in MB settings in bw_validate() (Martin Kletzander) - RDMA/bnxt_re: Add a check for memory allocation (Kalesh AP) [Orabug: 37264285] {CVE-2024-50209} - RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (Saravanan Vajravel) - bpf: devmap: provide rxq after redirect (Florian Kauer) [Orabug: 37264132] {CVE-2024-50162} - bpf: Make sure internal and UAPI bpf_redirect flags don't overlap (Toke Høiland-Jørgensen) [Orabug: 37264134] {CVE-2024-50163} - LTS version: v5.15.169 (Vijayendra Suman) - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (Vasiliy Kovalev) - powerpc/mm: Always update max/min_low_pfn in mem_topology_setup() (Aneesh Kumar K.V) - nilfs2: propagate directory read errors from nilfs_find_entry() (Ryusuke Konishi) [Orabug: 37264266] {CVE-2024-50202} - mptcp: prevent MPC handshake on port-based signal endpoints (Paolo Abeni) - mptcp: fallback when MPTCP opts are dropped after 1st data (Matthieu Baerts (NGI0)) - tcp: fix mptcp DSS corruption due to large pmtu xmit (Paolo Abeni) [Orabug: 37227408] {CVE-2024-50083} - mptcp: handle consistently DSS corruption (Paolo Abeni) [Orabug: 37264210] {CVE-2024-50185} - mptcp: track and update contiguous data status (Geliang Tang) - irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Marc Zyngier) [Orabug: 37264231] {CVE-2024-50192} - pinctrl: ocelot: fix system hang on level based interrupts (Sergey Matsievskiy) [Orabug: 37264246] {CVE-2024-50196} - x86/entry_32: Clear CPU buffers after register restore in NMI return (Pawan Gupta) [Orabug: 37264234] {CVE-2024-50193} - x86/entry_32: Do not clobber user EFLAGS.ZF (Pawan Gupta) - x86/apic: Always explicitly disarm TSC-deadline timer (Zhang Rui) - x86/resctrl: Annotate get_mem_config() functions as __init (Nathan Chancellor) - USB: serial: option: add Telit FN920C04 MBIM compositions (Daniele Palmas) - USB: serial: option: add support for Quectel EG916Q-GL (Benjamin B. Frost) - xhci: Mitigate failed set dequeue pointer commands (Mathias Nyman) - xhci: Fix incorrect stream context type macro (Mathias Nyman) - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (Luiz Augusto von Dentz) - Bluetooth: Remove debugfs directory on module init failure (Aaron Thompson) - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco) - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco) - iio: light: opt3001: add missing full-scale range value (Emil Gedenryd) - iio: light: veml6030: fix IIO device retrieval from embedded device (Javier Carrasco) [Orabug: 37264254] {CVE-2024-50198} - iio: light: veml6030: fix ALS sensor resolution (Javier Carrasco) - iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (Christophe JAILLET) - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (Javier Carrasco) - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (Javier Carrasco) - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (Javier Carrasco) - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (Javier Carrasco) - drm/vmwgfx: Handle surface check failure correctly (Nikolay Kuratov) - drm/radeon: Fix encoder->possible_clones (Ville Syrjälä) [Orabug: 37264263] {CVE-2024-50201} - io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) - blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Omar Sandoval) [Orabug: 37227403] {CVE-2024-50082} - x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (Johannes Wikner) - x86/bugs: Skip RSB fill at VMEXIT (Johannes Wikner) - x86/entry: Have entry_ibpb() invalidate return predictions (Johannes Wikner) - x86/cpufeatures: Add a IBPB_NO_RET BUG flag (Johannes Wikner) - x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (Jim Mattson) - KVM: s390: Change virtual to physical address access in diag 0x258 handler (Michael Mueller) - s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (Thomas Weißschuh) - iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (Lu Baolu) [Orabug: 37252321] {CVE-2024-50101} - io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) - io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) - io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) - drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (Wachowski, Karol) - KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (Breno Leitao) [Orabug: 36835836] {CVE-2024-40953} - dm-crypt, dm-verity: disable tasklets (Mikulas Patocka) - wifi: mac80211: fix potential key use-after-free (Johannes Berg) - secretmem: disable memfd_secret() if arch cannot set direct map (Patrick Roy) [Orabug: 37264195] {CVE-2024-50182} - mm/swapfile: skip HugeTLB pages for unuse_vma (Liu Shixin) [Orabug: 37264256] {CVE-2024-50199} - fat: fix uninitialized variable (OGAWA Hirofumi) - irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (Nianyao Tang) - net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY (Oleksij Rempel) - arm64: probes: Fix simulate_ldr*_literal() (Mark Rutland) - arm64: probes: Remove broken LDR (literal) uprobe support (Mark Rutland) [Orabug: 37252316] {CVE-2024-50099} - posix-clock: Fix missing timespec64 check in pc_clock_settime() (Jinjie Ruan) [Orabug: 37264241] {CVE-2024-50195} - net: enetc: add missing static descriptor and inline keyword (Wei Fang) - net: enetc: remove xdp_drops statistic from enetc_xdp_drop() (Wei Fang) - udf: Fix bogus checksum computation in udf_rename() (Jan Kara) [Orabug: 37320204] {CVE-2024-43845} - udf: Don't return bh from udf_expand_dir_adinicb() (Jan Kara) - udf: Handle error when expanding directory (Jan Kara) - udf: Remove old directory iteration code (Jan Kara) - udf: Convert udf_link() to new directory iteration code (Jan Kara) - udf: Convert udf_mkdir() to new directory iteration code (Jan Kara) - udf: Convert udf_add_nondir() to new directory iteration (Jan Kara) - udf: Implement adding of dir entries using new iteration code (Jan Kara) - udf: Convert udf_unlink() to new directory iteration code (Jan Kara) - udf: Convert udf_rmdir() to new directory iteration code (Jan Kara) - udf: Convert empty_dir() to new directory iteration code (Jan Kara) - udf: Convert udf_get_parent() to new directory iteration code (Jan Kara) - udf: Convert udf_lookup() to use new directory iteration code (Jan Kara) - udf: Convert udf_readdir() to new directory iteration (Jan Kara) - udf: Convert udf_rename() to new directory iteration code (Jan Kara) - udf: Provide function to mark entry as deleted using new directory iteration code (Jan Kara) - udf: Implement searching for directory entry using new iteration code (Jan Kara) - udf: Move udf_expand_dir_adinicb() to its callsite (Jan Kara) - udf: Convert udf_expand_dir_adinicb() to new directory iteration (Jan Kara) - udf: New directory iteration code (Jan Kara) - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (Vasiliy Kovalev) [5.15.0-303.168.3.el9uek] - ACPI: CPPC: Make rmw_lock a raw_spin_lock (Pierre Gondois) [Orabug: 37268714] {CVE-2024-50249} - net: usb: usbnet: fix name regression (Oliver Neukum) - mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (Matthieu Baerts (NGI0)) - parport: Proper fix for array out-of-bounds access (Takashi Iwai) [Orabug: 37227435] {CVE-2024-50074} - netfilter: xtables: fix typo causing some targets not to load on IPv6 (Pablo Neira Ayuso) - block, bfq: fix procress reference leakage for bfqq in merge chain (Yu Kuai) - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (Ido Schimmel) [Orabug: 37304697] {CVE-2024-53042} - usb: dwc3: core: Fix system suspend on TI AM62 platforms (Roger Quadros) - Revert "driver core: Fix uevent_show() vs driver detach race" (Greg Kroah-Hartman) - jfs: Fix sanity check in dbMount (Dave Kleikamp) - octeontx2-af: Fix potential integer overflows on integer shifts (Colin Ian King) - gtp: allow -1 to be specified as file description from userspace (Pablo Neira Ayuso) - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (Justin Tee) [Orabug: 37070103] {CVE-2024-43816} - blk-cgroup: Properly propagate the iostat update up the hierarchy (Waiman Long) [Orabug: 37264361] - blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (Ming Lei) [Orabug: 37264361] {CVE-2024-38384} - blk-cgroup: fix list corruption from resetting io stat (Ming Lei) [Orabug: 37264361] {CVE-2024-38663} - blk-cgroup: Flush stats before releasing blkcg_gq (Ming Lei) [Orabug: 37264361] - blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() (Waiman Long) [Orabug: 37264361] - blk-cgroup: don't update io stat for root cgroup (Ming Lei) [Orabug: 37264361] - blk-cgroup: Optimize blkcg_rstat_flush() (Waiman Long) [Orabug: 37264361] - blk-cgroup: Return -ENOMEM directly in blkcg_css_alloc() error path (Waiman Long) [Orabug: 37264361] - vfio/iommu_type1: replace kfree with kvfree (Jiacheng Shi) [Orabug: 37263362] - i2c: i801: Add support for Intel Birch Stream SoC (Jarkko Nikula) [Orabug: 37249533] - nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37244604] - virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (Dan Williams) [Orabug: 37070016] - virt: sevguest: Prep for kernel internal get_ext_report() (Dan Williams) [Orabug: 37070016] - configfs-tsm: Introduce a shared ABI for attestation reports (Dan Williams) [Orabug: 37070016] - virt: coco: Add a coco/Makefile and coco/Kconfig (Dan Williams) [Orabug: 37070016] - virt: sevguest: Fix passing a stack buffer as a scatterlist target (Dan Williams) [Orabug: 37070016] - x86/sev: Change snp_guest_issue_request()'s fw_err argument (Dionna Glaze) [Orabug: 37070016] - crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (Peter Gonda) [Orabug: 37070016] - virt/coco/sev-guest: Double-buffer messages (Dionna Glaze) [Orabug: 37070016] - virt/coco/sev-guest: Add throttling awareness (Dionna Glaze) [Orabug: 37070016] - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (Borislav Petkov (AMD)) [Orabug: 37070016] - virt/coco/sev-guest: Do some code style cleanups (Borislav Petkov (AMD)) [Orabug: 37070016] - virt/coco/sev-guest: Carve out the request issuing logic into a helper (Borislav Petkov (AMD)) [Orabug: 37070016] - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (Borislav Petkov (AMD)) [Orabug: 37070016] - virt/coco/sev-guest: Simplify extended guest request handling (Borislav Petkov (AMD)) [Orabug: 37070016] - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (Borislav Petkov (AMD)) [Orabug: 37070016] - x86/sev: Mark snp_abort() noreturn (Borislav Petkov) [Orabug: 37070016] - kbuild: Drop -Wdeclaration-after-statement (Peter Zijlstra) [Orabug: 37070016] - apparmor: Free up __cleanup() name (Peter Zijlstra) [Orabug: 37070016] - fwctl: Expand adaption of code for UEK7 (Liam Merwick) [Orabug: 37070016] - mm/slab: Add __free() support for kvfree (Dan Williams) [Orabug: 37070016] - mm: move kvmalloc-related functions to slab.h (Matthew Wilcox (Oracle)) [Orabug: 37070016] - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (Tom Lendacky) [Orabug: 37070016] - iommu/amd: Do not identity map v2 capable device when snp is enabled (Vasant Hegde) [Orabug: 37070016] - virt: sevguest: Add CONFIG_CRYPTO dependency (Arnd Bergmann) [Orabug: 37070016] - virt/sev-guest: Remove unnecessary free in init_crypto() (Rafael Mendonca) [Orabug: 37070016] - virt/sev-guest: Add a MODULE_ALIAS (Cole Robinson) [Orabug: 37070016] - virt/sev-guest: Return -EIO if certificate buffer is not large enough (Tom Lendacky) [Orabug: 37070016] - virt/sev-guest: Prevent IV reuse in the SNP guest driver (Peter Gonda) [Orabug: 37070016] - x86/compressed/64: Add identity mappings for setup_data entries (Michael Roth) [Orabug: 37070016] - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (Borislav Petkov (AMD)) [Orabug: 37070016] - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (Tom Lendacky) [Orabug: 37070016] - x86/boot: Fix the setup data types max limit (Borislav Petkov) [Orabug: 37070016] - x86/sev: Don't use cc_platform_has() for early SEV-SNP calls (Tom Lendacky) [Orabug: 37070016] - x86/sev: Fix calculation of end address based on number of pages (Tom Lendacky) [Orabug: 37070016] - x86/sev: Fix kernel crash due to late update to read-only ghcb_version (Ashwin Dayanand Kamat) [Orabug: 37070016] - x86/sev: Add SEV-SNP guest feature negotiation support (Nikunj A Dadhania) [Orabug: 37070016] - Revert "x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV" (Borislav Petkov) [Orabug: 37070016] - x86/boot: Don't propagate uninitialized boot_params->cc_blob_address (Michael Roth) [Orabug: 37070016] - KVM: SVM: Only dump VMSA to klog at KERN_DEBUG level (Peter Gonda) [Orabug: 37070016] - KVM: SVM: Dump Virtual Machine Save Area (VMSA) to klog (Jarkko Sakkinen) [Orabug: 37070016] - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (Sean Christopherson) [Orabug: 37070016] - iommu/amd: Add support for AVIC when SNP is enabled (Suravee Suthikulpanit) [Orabug: 37070016] - iommu/amd: Do not support IOMMUv2 APIs when SNP is enabled (Suravee Suthikulpanit) [Orabug: 37070016] - iommu/amd: Do not support IOMMU_DOMAIN_IDENTITY after SNP is enabled (Suravee Suthikulpanit) [Orabug: 37070016] - iommu/amd: Set translation valid bit only when IO page tables are in use (Suravee Suthikulpanit) [Orabug: 37070016] - iommu/amd: Introduce function to check and enable SNP (Brijesh Singh) [Orabug: 37070016] - iommu/amd: Globally detect SNP support (Suravee Suthikulpanit) [Orabug: 37070016] - iommu/amd: Process all IVHDs before enabling IOMMU features (Suravee Suthikulpanit) [Orabug: 37070016] - iommu/amd: Introduce global variable for storing common EFR and EFR2 (Suravee Suthikulpanit) [Orabug: 37070016] - iommu/amd: Introduce Support for Extended Feature 2 Register (Suravee Suthikulpanit) [Orabug: 37070016] - x86/sev: Remove duplicated assignment to variable info (Colin Ian King) [Orabug: 37070016] - x86/sev: Fix address space sparse warning (Borislav Petkov) [Orabug: 37070016] - x86/sev: Get the AP jump table address from secrets page (Brijesh Singh) [Orabug: 37070016] - x86/sev: Add missing __init annotations to SEV init routines (Michael Roth) [Orabug: 37070016] - crypto: ccp - Log when resetting PSP SEV state (Peter Gonda) [Orabug: 37070016] - virt: sev-guest: Pass the appropriate argument type to iounmap() (Tom Lendacky) [Orabug: 37070016] - virt: sevguest: Rename the sevguest dir and files to sev-guest (Tom Lendacky) [Orabug: 37070016] - virt: sevguest: Change driver name to reflect generic SEV support (Tom Lendacky) [Orabug: 37070016] - x86/boot: Put globals that are accessed early into the .data section (Michael Roth) [Orabug: 37070016] - virt: sevguest: Fix bool function returning negative value (Haowen Bai) [Orabug: 37070016] - virt: sevguest: Fix return value check in alloc_shared_pages() (Yang Yingliang) [Orabug: 37070016] - x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (Peter Gonda) [Orabug: 37070016] - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (Michael Roth) [Orabug: 37070016] - virt: sevguest: Add support to get extended report (Brijesh Singh) [Orabug: 37070016] - virt: sevguest: Add support to derive key (Brijesh Singh) [Orabug: 37070016] - virt: Add SEV-SNP guest driver (Brijesh Singh) [Orabug: 37070016] - x86/sev: Register SEV-SNP guest request platform device (Brijesh Singh) [Orabug: 37070016] - x86/sev: Provide support for SNP guest request NAEs (Brijesh Singh) [Orabug: 37070016] - x86/sev: Add a sev= cmdline option (Michael Roth) [Orabug: 37070016] - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (Michael Roth) [Orabug: 37070016] - x86/sev: Add SEV-SNP feature detection/setup (Michael Roth) [Orabug: 37070016] - x86/compressed/64: Add identity mapping for Confidential Computing blob (Michael Roth) [Orabug: 37070016] - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (Michael Roth) [Orabug: 37070016] - x86/compressed: Add SEV-SNP feature detection/setup (Michael Roth) [Orabug: 37070016] - x86/boot: Add a pointer to Confidential Computing blob in bootparams (Michael Roth) [Orabug: 37070016] - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (Michael Roth) [Orabug: 37070016] - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (Michael Roth) [Orabug: 37070016] - KVM: x86: Move lookup of indexed CPUID leafs to helper (Michael Roth) [Orabug: 37070016] - x86/boot: Add Confidential Computing type to setup_data (Brijesh Singh) [Orabug: 37070016] - x86/compressed/acpi: Move EFI kexec handling into common code (Michael Roth) [Orabug: 37070016] - x86/compressed/acpi: Move EFI vendor table lookup to helper (Michael Roth) [Orabug: 37070016] - x86/compressed/acpi: Move EFI config table lookup to helper (Michael Roth) [Orabug: 37070016] - x86/compressed/acpi: Move EFI system table lookup to helper (Michael Roth) [Orabug: 37070016] - x86/head/64: Re-enable stack protection (Michael Roth) [Orabug: 37070016] - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (Tom Lendacky) [Orabug: 37070016] - x86/sev: Remove do_early_exception() forward declarations (Borislav Petkov) [Orabug: 37070016] - x86/mm: Validate memory when changing the C-bit (Brijesh Singh) [Orabug: 37070016] - x86/mm/cpa: Generalize __set_memory_enc_pgtable() (Brijesh Singh) [Orabug: 37070016] - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (Brijesh Singh) [Orabug: 37070016] - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (Brijesh Singh) [Orabug: 37070016] - x86/head64: Add missing __head annotation to sme_postprocess_startup() (Marco Bonelli) [Orabug: 37070016] - x86/head64: Carve out the guest encryption postprocessing into a helper (Borislav Petkov) [Orabug: 37070016] - x86/sev: Add helper for validating pages in early enc attribute changes (Brijesh Singh) [Orabug: 37070016] - x86/sev: Register GHCB memory when SEV-SNP is active (Brijesh Singh) [Orabug: 37070016] - x86/compressed: Register GHCB memory when SEV-SNP is active (Brijesh Singh) [Orabug: 37070016] - x86/compressed: Add helper for validating pages in the decompression stage (Brijesh Singh) [Orabug: 37070016] - x86/sev: Check the VMPL level (Brijesh Singh) [Orabug: 37070016] - x86/sev: Add a helper for the PVALIDATE instruction (Brijesh Singh) [Orabug: 37070016] - x86/sev: Check SEV-SNP features support (Brijesh Singh) [Orabug: 37070016] - x86/sev: Save the negotiated GHCB version (Brijesh Singh) [Orabug: 37070016] - x86/sev: Define the Linux-specific guest termination reasons (Brijesh Singh) [Orabug: 37070016] - x86/mm: Extend cc_attr to include AMD SEV-SNP (Brijesh Singh) [Orabug: 37070016] - x86/sev: Detect/setup SEV/SME features earlier in boot (Michael Roth) [Orabug: 37070016] - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (Michael Roth) [Orabug: 37070016] - KVM: SVM: Update the SEV-ES save area mapping (Tom Lendacky) [Orabug: 37070016] - KVM: SVM: Create a separate mapping for the GHCB save area (Tom Lendacky) [Orabug: 37070016] [Orabug: 37070016] - KVM: SVM: Create a separate mapping for the SEV-ES save area (Tom Lendacky) [Orabug: 37070016] - KVM: SVM: Define sev_features and VMPL field in the VMSA (Brijesh Singh) [Orabug: 37070016] - x86/sev: Move common memory encryption code to mem_encrypt.c (Kirill A. Shutemov) [Orabug: 37070016] - x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c (Kuppuswamy Sathyanarayanan) [Orabug: 37070016] - x86/sev: Get rid of excessive use of defines (Borislav Petkov) [Orabug: 37070016] - x86/sev: Shorten GHCB terminate macro names (Brijesh Singh) [Orabug: 37070016] - x86/coco: Add API to handle encryption mask (Kirill A. Shutemov) [Orabug: 37070016] - x86/coco: Explicitly declare type of confidential computing platform (Kirill A. Shutemov) [Orabug: 37070016] - x86/hyperv: Initialize GHCB page in Isolation VM (Tianyu Lan) [Orabug: 37070016] - x86/cc: Move arch/x86/{kernel/cc_platform.c => coco/core.c} (Kirill A. Shutemov) [Orabug: 37070016] - x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has() (Tianyu Lan) [Orabug: 37070016] - crypto: ccp - Add SEV_INIT_EX support (David Rientjes) [Orabug: 37070016] - crypto: ccp - Add psp_init_on_probe module parameter (Peter Gonda) [Orabug: 37070016] - crypto: ccp - Add SEV_INIT rc error logging on init (Peter Gonda) [Orabug: 37070016] - KVM: SVM: Hide SEV migration lockdep goo behind CONFIG_PROVE_LOCKING (Sean Christopherson) [Orabug: 37070016] - KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL (Sean Christopherson) [Orabug: 37070016] - KVM: SEV: Init target VMCBs in sev_migrate_from (Peter Gonda) [Orabug: 37070016] - KVM, SEV: Add KVM_EXIT_SHUTDOWN metadata for SEV-ES (Peter Gonda) [Orabug: 37070016] - KVM: SEV: Mark nested locking of vcpu->lock (Peter Gonda) [Orabug: 37070016] - KVM: SVM: Simplify and harden helper to flush SEV guest page(s) (Sean Christopherson) [Orabug: 37070016] - KVM: SEV: Add cond_resched() to loop in sev_clflush_pages() (Peter Gonda) [Orabug: 37070016] - KVM: SEV: Allow SEV intra-host migration of VM with mirrors (Peter Gonda) [Orabug: 37070016] - KVM: SVM: improve split between svm_prepare_guest_switch and sev_es_prepare_guest_switch (Paolo Bonzini) [Orabug: 37070016] - selftests: KVM: sev_migrate_tests: Add mirror command tests (Peter Gonda) [Orabug: 37070016] - selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (Peter Gonda) [Orabug: 37070016] - selftests: KVM: sev_migrate_tests: Fix test_sev_mirror() (Peter Gonda) [Orabug: 37070016] - KVM: SEV: Mark nested locking of kvm->lock (Wanpeng Li) [Orabug: 37070016] - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (Tom Lendacky) [Orabug: 37070016] - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (Sean Christopherson) [Orabug: 37070016] - KVM: SEV: accept signals in sev_lock_two_vms (Paolo Bonzini) [Orabug: 37070016] - KVM: SEV: do not take kvm->lock when destroying (Paolo Bonzini) [Orabug: 37070016] - KVM: SEV: Prohibit migration of a VM that has mirrors (Paolo Bonzini) [Orabug: 37070016] - KVM: SEV: Do COPY_ENC_CONTEXT_FROM with both VMs locked (Paolo Bonzini) [Orabug: 37070016] - selftests: sev_migrate_tests: add tests for KVM_CAP_VM_COPY_ENC_CONTEXT_FROM (Paolo Bonzini) [Orabug: 37070016] - KVM: SEV: move mirror status to destination of KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (Paolo Bonzini) [Orabug: 37070016] - KVM: SEV: cleanup locking for KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (Paolo Bonzini) [Orabug: 37070016] - KVM: SEV: do not use list_replace_init on an empty list (Paolo Bonzini) [Orabug: 37070016] - selftests: sev_migrate_tests: free all VMs (Paolo Bonzini) [Orabug: 37070016] - selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (Paolo Bonzini) [Orabug: 37070016] - KVM: SEV: Fix typo in and tweak name of cmd_allowed_from_miror() (Sean Christopherson) [Orabug: 37070016] - KVM: SEV: Drop a redundant setting of sev->asid during initialization (Sean Christopherson) [Orabug: 37070016] - KVM: SEV: Set sev_info.active after initial checks in sev_guest_init() (Sean Christopherson) [Orabug: 37070016] - KVM: SEV: unify cgroup cleanup code for svm_vm_migrate_from (Paolo Bonzini) [Orabug: 37070016] - selftest: KVM: Add intra host migration tests (Peter Gonda) [Orabug: 37070016] - KVM: selftests: Use pattern matching in .gitignore (Sean Christopherson) [Orabug: 37070016] - selftest: KVM: Add open sev dev helper (Peter Gonda) [Orabug: 37070016] - x86/kvm: Add guest support for detecting and enabling SEV Live Migration feature. (Ashish Kalra) [Orabug: 37070016] - EFI: Introduce the new AMD Memory Encryption GUID. (Ashish Kalra) [Orabug: 37070016] - mm: x86: Invoke hypercall when page encryption status is changed (Brijesh Singh) [Orabug: 37070016] - x86/kvm: Add AMD SEV specific Hypercall3 (Brijesh Singh) [Orabug: 37070016] - KVM: SEV: Add support for SEV-ES intra host migration (Peter Gonda) [Orabug: 37070016] - KVM: SEV: Add support for SEV intra host migration (Peter Gonda) [Orabug: 37070016] - KVM: SEV: provide helpers to charge/uncharge misc_cg (Paolo Bonzini) [Orabug: 37070016] - KVM: SEV: Refactor out sev_es_state struct (Peter Gonda) [Orabug: 37070016] - x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV (Tianyu Lan) [Orabug: 37070016] - x86/sev: Allow #VC exceptions on the VC2 stack (Joerg Roedel) [Orabug: 37070016] - KVM: generalize "bugged" VM to "dead" VM (Paolo Bonzini) [Orabug: 37070016] - x86/sev: Carve out HV call's return value verification (Borislav Petkov) [Orabug: 37070016] - KVM: Free new dirty bitmap if creating a new memslot fails (Sean Christopherson) [Orabug: 37070016] - KVM: Fix comments that refer to the non-existent install_new_memslots() (Jun Miao) [Orabug: 37070016] - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (Sean Christopherson) [Orabug: 37070016] - KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that hangs vCPUs (Sean Christopherson) [Orabug: 37070016] - KVM: Dynamically allocate "new" memslots from the get-go (Sean Christopherson) [Orabug: 37070016] - KVM: Wait 'til the bitter end to initialize the "new" memslot (Sean Christopherson) [Orabug: 37070016] - KVM: Optimize overlapping memslots check (Maciej S. Szmigiero) [Orabug: 37070016] - KVM: Optimize gfn lookup in kvm_zap_gfn_range() (Maciej S. Szmigiero) [Orabug: 37070016] - KVM: Call kvm_arch_flush_shadow_memslot() on the old slot in kvm_invalidate_memslot() (Maciej S. Szmigiero) [Orabug: 37070016] - KVM: Keep memslots in tree-based structures instead of array-based ones (Maciej S. Szmigiero) [Orabug: 37070016] - KVM: s390: Introduce kvm_s390_get_gfn_end() (Maciej S. Szmigiero) [Orabug: 37070016] - KVM: s390: Add a routine for setting userspace CPU state (Eric Farman) [Orabug: 37070016] - KVM: Use interval tree to do fast hva lookup in memslots (Maciej S. Szmigiero) [Orabug: 37070016] - KVM: Resolve memslot ID via a hash table instead of via a static array (Maciej S. Szmigiero) [Orabug: 37070016] - Revert "kvm: fix possible spectre gadgets in include/linux/kvm_host.h" (Liam Merwick) [Orabug: 37070016] - KVM: Move WARN on invalid memslot index to update_memslots() (Maciej S. Szmigiero) [Orabug: 37070016] - KVM: Integrate gfn_to_memslot_approx() into search_memslots() (Maciej S. Szmigiero) [Orabug: 37070016] - KVM: x86: Use nr_memslot_pages to avoid traversing the memslots array (Maciej S. Szmigiero) [Orabug: 37070016] - KVM: x86: Don't call kvm_mmu_change_mmu_pages() if the count hasn't changed (Maciej S. Szmigiero) [Orabug: 37070016] - KVM: Don't make a full copy of the old memslot in __kvm_set_memory_region() (Sean Christopherson) [Orabug: 37070016] - KVM: s390: Skip gfn/size sanity checks on memslot DELETE or FLAGS_ONLY (Sean Christopherson) [Orabug: 37070016] - KVM: x86: Don't assume old/new memslots are non-NULL at memslot commit (Sean Christopherson) [Orabug: 37070016] - KVM: Use prepare/commit hooks to handle generic memslot metadata updates (Sean Christopherson) [Orabug: 37070016] - KVM: Stop passing kvm_userspace_memory_region to arch memslot hooks (Sean Christopherson) [Orabug: 37070016] - KVM: x86: Use "new" memslot instead of userspace memory region (Sean Christopherson) [Orabug: 37070016] - KVM: s390: Use "new" memslot instead of userspace memory region (Sean Christopherson) [Orabug: 37070016] - KVM: PPC: Avoid referencing userspace memory region in memslot updates (Sean Christopherson) [Orabug: 37070016] - KVM: MIPS: Drop pr_debug from memslot commit to avoid using "mem" (Sean Christopherson) [Orabug: 37070016] - KVM: arm64: Use "new" memslot instead of userspace memory region (Sean Christopherson) [Orabug: 37070016] - KVM: Let/force architectures to deal with arch specific memslot data (Sean Christopherson) [Orabug: 37070016] - KVM: Use "new" memslot's address space ID instead of dedicated param (Sean Christopherson) [Orabug: 37070016] - KVM: Resync only arch fields when slots_arch_lock gets reacquired (Maciej S. Szmigiero) [Orabug: 37070016] - KVM: Open code kvm_delete_memslot() into its only caller (Sean Christopherson) [Orabug: 37070016] - KVM: Require total number of memslot pages to fit in an unsigned long (Sean Christopherson) [Orabug: 37070016] - KVM: x86/mmu: Extract zapping of rmaps for gfn range to separate helper (Sean Christopherson) [Orabug: 37070016] - KVM: x86/mmu: Drop a redundant remote TLB flush in kvm_zap_gfn_range() (Sean Christopherson) [Orabug: 37070016] - KVM: x86/mmu: Retry page fault if root is invalidated by memslot update (Sean Christopherson) [Orabug: 37070016] - KVM: x86/mmu: Properly dereference rcu-protected TDP MMU sptep iterator (Sean Christopherson) [Orabug: 37070016] - KVM: x86/mmu: Don't rebuild page when the page is synced and no tlb flushing is required (Hou Wenlong) [Orabug: 37070016] - KVM: x86/mmu: Avoid memslot lookup in rmap_add (David Matlack) [Orabug: 37070016] - KVM: MMU: pass struct kvm_page_fault to mmu_set_spte (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: pass kvm_mmu_page struct to make_spte (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: set ad_disabled in TDP MMU role (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: remove unnecessary argument to mmu_set_spte (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: clean up make_spte return value (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: inline set_spte in FNAME(sync_page) (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: inline set_spte in mmu_set_spte (Paolo Bonzini) [Orabug: 37070016] - KVM: x86/mmu: Avoid memslot lookup in page_fault_handle_page_track (David Matlack) [Orabug: 37070016] - KVM: x86/mmu: Pass the memslot around via struct kvm_page_fault (David Matlack) [Orabug: 37070016] [Orabug: 37070016] - KVM: MMU: unify tdp_mmu_map_set_spte_atomic and tdp_mmu_set_spte_atomic_no_dirty_log (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: mark page dirty in make_spte (Paolo Bonzini) [Orabug: 37070016] - KVM: x86/mmu: Verify shadow walk doesn't terminate early in page faults (Sean Christopherson) [Orabug: 37070016] - KVM: MMU: change tracepoints arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: change disallowed_hugepage_adjust() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: change kvm_mmu_hugepage_adjust() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: change fast_page_fault() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: change tdp_mmu_map_handle_target_level() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: change kvm_tdp_mmu_map() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: change FNAME(fetch)() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: change __direct_map() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: change handle_abnormal_pfn() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: change kvm_faultin_pfn() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: change page_fault_handle_page_track() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: change direct_page_fault() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: change mmu->page_fault() arguments to kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: Introduce struct kvm_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: MMU: pass unadulterated gpa to direct_page_fault (Paolo Bonzini) [Orabug: 37070016] - KVM: X86: Don't unsync pagetables when speculative (Lai Jiangshan) [Orabug: 37070016] - KVM: X86: Change kvm_sync_page() to return true when remote flush is needed (Lai Jiangshan) [Orabug: 37070016] - KVM: X86: Remove kvm_mmu_flush_or_zap() (Lai Jiangshan) [Orabug: 37070016] - KVM: X86: Don't flush current tlb on shadow page modification (Lai Jiangshan) [Orabug: 37070016] - net: mana: Fix RX buf alloc_size alignment and atomic op panic (Haiyang Zhang) [Orabug: 37029115] {CVE-2024-45001} - net/mlx5: pretend 'fast unload' succeeded on Exadata systems (Gerd Rausch) [Orabug: 37224000] - rds: Do not invoke the transport's recv_path() while in atomic context (Håkon Bugge) [Orabug: 36368605] [5.15.0-303.168.2.el9uek] - Revert "rds: ib: Make sure receives are posted before connection is up" (Gerd Rausch) [Orabug: 37244182] - uek-rpm/ol9/config-mips64: Align MIPS64 Crypto configs with x86_64 (Vijay Kumar) [Orabug: 37218693] - rds: ib: Avoid reuse of IB MRs when cleaning is in progress (Håkon Bugge) [Orabug: 37206836] - spec: Set CONFIG_CRYPTO_FIPS_NAME for standard & embedded kernels (Jonah Palmer) [Orabug: 37137136] - spec: Set CONFIG_CRYPTO_FIPS_NAME for container kernels (Jonah Palmer) [Orabug: 37137136] - spec: Add UEK release macros for UEK7 (Jonah Palmer) [Orabug: 37137136] - uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol9 Pensando embedded kernels (Jonah Palmer) [Orabug: 37137136] - uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol9 T93 embedded kernels (Jonah Palmer) [Orabug: 37137136] - uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol9 MIPS64 embedded kernels (Jonah Palmer) [Orabug: 37137136] - uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol8 Bluefield 3 smartnic embedded kernels (Jonah Palmer) [Orabug: 37137136] - uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol8/ol9 standard kernels (Jonah Palmer) [Orabug: 37137136] - uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME for ol8/ol9 container kernels (Jonah Palmer) [Orabug: 37137136] [5.15.0-303.168.1.el9uek] - LTS version: v5.15.168 (Vijayendra Suman) - net: xilinx: axienet: Schedule NAPI in two steps (Sean Anderson) - selftests: net: more strict check in net_helper (Paolo Abeni) - net: axienet: start napi before enabling Rx/Tx (Andy Chiu) - ext4: fix warning in ext4_dio_write_end_io() (Jan Kara) - netfilter: ip6t_rpfilter: Fix regression with VRF interfaces (Phil Sutter) - net: vrf: determine the dst using the original ifindex for multicast (Antoine Tenart) - net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev (Andrea Mayer) - xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup (David Ahern) - net: geneve: add missing netlink policy and size for IFLA_GENEVE_INNER_PROTO_INHERIT (Eyal Birger) - block, bfq: fix uaf for accessing waker_bfqq after splitting (Yu Kuai) - kthread: unpark only parked kthread (Frederic Weisbecker) [Orabug: 37206395] {CVE-2024-50019} - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (Yonatan Maman) [Orabug: 37252307] {CVE-2024-50096} - mptcp: pm: do not remove closing subflows (Matthieu Baerts (NGI0)) - net: dsa: lan9303: ensure chip reset and wait for READY status (Anatolij Gustschin) - net: Fix an unsafe loop on the list (Anastasia Kovaleva) [Orabug: 37206408] {CVE-2024-50024} - net: explicitly clear the sk pointer, when pf->create fails (Ignat Korchagin) - drm/v3d: Stop the active perfmon before being destroyed (Maíra Canal) [Orabug: 37206424] {CVE-2024-50031} - hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (SurajSonawane2415) - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (Icenowy Zheng) - usb: xhci: Fix problem with xhci resume from suspend (Jose Alberto Reguero) - usb: dwc3: core: Stop processing of pending events if controller is halted (Selvarasu Ganesan) - Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" (Oliver Neukum) - HID: plantronics: Workaround for an unexcepted opposite volume key (Wade Wang) - resource: fix region_intersects() vs add_memory_driver_managed() (Huang Ying) [Orabug: 37200930] {CVE-2024-49878} - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (Basavaraj Natikar) [Orabug: 37264222] {CVE-2024-50189} - hwmon: (adt7470) Add missing dependency on REGMAP_I2C (Javier Carrasco) - hwmon: (adm9240) Add missing dependency on REGMAP_I2C (Javier Carrasco) - hwmon: (tmp513) Add missing dependency on REGMAP_I2C (Guenter Roeck) - x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported (Mitchell Levy) - RDMA/hns: Fix UAF for cq async event (Chengchang Tang) [Orabug: 36753395] {CVE-2024-38545} - slip: make slhc_remember() more robust against malicious packets (Eric Dumazet) [Orabug: 37206428] {CVE-2024-50033} - ppp: fix ppp_async_encode() illegal access (Eric Dumazet) [Orabug: 37206434] {CVE-2024-50035} - mctp: Handle error of rtnl_register_module(). (Kuniyuki Iwashima) - rtnetlink: Add bulk registration helpers for rtnetlink message handlers. (Kuniyuki Iwashima) - net: rtnetlink: add msg kind names (Nikolay Aleksandrov) - netfilter: fib: check correct rtable in vrf setups (Florian Westphal) - netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces. (Guillaume Nault) - netfilter: rpfilter/fib: Populate flowic_l3mdev field (Phil Sutter) - netfilter: xtables: avoid NFPROTO_UNSPEC where needed (Florian Westphal) [Orabug: 37206449] {CVE-2024-50038} - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (Xin Long) - net: ibm: emac: mal: fix wrong goto (Rosen Penev) - net/sched: accept TCA_STAB only for root qdisc (Eric Dumazet) [Orabug: 37206456] {CVE-2024-50039} - igb: Do not bring the device up after non-fatal error (Mohamed Khalfella) [Orabug: 37206463] {CVE-2024-50040} - i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (Aleksandr Loktionov) [Orabug: 37206468] {CVE-2024-50041} - ice: Fix netif_is_ice() in Safe Mode (Marcin Szycik) - gpio: aspeed: Use devm_clk api to manage clock source (Billy Tsai) - gpio: aspeed: Add the flush write to ensure the write complete. (Billy Tsai) - net: dsa: b53: fix jumbo frames on 10/100 ports (Jonas Gorski) - net: dsa: b53: allow lower MTUs on BCM5325/5365 (Jonas Gorski) - net: dsa: b53: fix max MTU for BCM5325/BCM5365 (Jonas Gorski) - net: dsa: b53: fix max MTU for 1g switches (Jonas Gorski) - net: dsa: b53: fix jumbo frame mtu check (Jonas Gorski) - thermal: intel: int340x: processor: Fix warning during module unload (Zhang Rui) [Orabug: 37252297] {CVE-2024-50093} - thermal: int340x: processor_thermal: Set feature mask before proc_thermal_add (Srinivas Pandruvada) - net: phy: bcm84881: Fix some error handling paths (Christophe JAILLET) - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (Luiz Augusto von Dentz) [Orabug: 37206473] {CVE-2024-50044} - netfilter: br_netfilter: fix panic with metadata_dst skb (Andy Roulin) [Orabug: 37206481] {CVE-2024-50045} - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (Neal Cardwell) - tcp: fix to allow timestamp undo if no retransmits were sent (Neal Cardwell) - net: phy: dp83869: fix memory corruption when enabling fiber (Ingo van Lil) [Orabug: 37264220] {CVE-2024-50188} - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (Yanjun Zhang) [Orabug: 37206486] {CVE-2024-50046} - SUNRPC: Fix integer overflow in decode_rc_list() (Dan Carpenter) - ice: fix VLAN replay after reset (Dave Ertman) - NFSD: Mark filecache "down" if init fails (Chuck Lever) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (Bob Pearson) - fbdev: sisfb: Fix strbuf array overflow (Andrey Shumilin) [Orabug: 37264185] {CVE-2024-50180} - drm/amd/display: Check null pointer before dereferencing se (Alex Hung) [Orabug: 37206502] {CVE-2024-50049} - driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (Zijun Hu) - tools/iio: Add memory allocation failure check for trigger_name (Zhu Jun) - virtio_pmem: Check device status before requesting flush (Philip Chen) [Orabug: 37264203] {CVE-2024-50184} - comedi: ni_routing: tools: Check when the file could not be opened (Ruffalo Lavoisier) - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (Shawn Shao) - usb: chipidea: udc: enable suspend interrupt after usb reset (Xu Yang) - clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (Peng Fan) [Orabug: 37264190] {CVE-2024-50181} - remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table (Peng Fan) - media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (Yunke Cao) - ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (Kaixin Wang) [Orabug: 37206539] {CVE-2024-50059} - PCI: Mark Creative Labs EMU20k2 INTx masking as broken (Alex Williamson) - i2c: i801: Use a different adapter-name for IDF adapters (Hans de Goede) - PCI: Add ACS quirk for Qualcomm SA8775P (Subramanian Ananthanarayanan) - clk: bcm: bcm53573: fix OF node leak in init (Krzysztof Kozlowski) - RDMA/rtrs-srv: Avoid null pointer deref during path establishment (Md Haris Iqbal) [Orabug: 37206562] {CVE-2024-50062} - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (WangYuli) - RDMA/mad: Improve handling of timed out WRs of mad agent (Saravanan Vajravel) [Orabug: 37252300] {CVE-2024-50095} - ktest.pl: Avoid false positives with grub2 skip regex (Daniel Jordan) - s390/cpum_sf: Remove WARN_ON_ONCE statements (Thomas Richter) - ext4: nested locking for xattr inode (Wojciech Gładysz) - ext4: don't set SB_RDONLY after filesystem errors (Jan Kara) [Orabug: 37264225] {CVE-2024-50191} - bpf, x64: Fix a jit convergence issue (Yonghong Song) - s390/mm: Add cond_resched() to cmm_alloc/free_pages() (Gerald Schaefer) - s390/facility: Disable compile time optimization for decompressor code (Heiko Carstens) - bpf: Check percpu map value size first (Tao Chen) - Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (Mathias Krause) - virtio_console: fix misc probe bugs (Michael S. Tsirkin) - fs/ntfs3: Refactor enum_rstbl to suppress static checker (Konstantin Komarov) - selftests: net: Remove executable bits from library scripts (Benjamin Poirier) - selftests/net: synchronize udpgro tests' tx and rx connection (Lucas Karpinski) - selftests/net: give more time to udpgro bg processes to complete startup (Adrien Thierry) - tracing: Have saved_cmdlines arrays all in one allocation (Steven Rostedt (Google)) - drm/crtc: fix uninitialized variable use even harder (Rob Clark) - tracing: Remove precision vsnprintf() check from print event (Steven Rostedt (Google)) - net: ethernet: cortina: Drop TSO support (Linus Walleij) - unicode: Don't special case ignorable code points (Gabriel Krisman Bertazi) [Orabug: 37252273] {CVE-2024-50089} - ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() (Jaroslav Kysela) [Orabug: 36983951] {CVE-2023-52904} - perf report: Fix segfault when 'sym' sort key is not used (Namhyung Kim) - 9p: add missing locking around taking dentry fid list (Dominique Martinet) [Orabug: 36774627] {CVE-2024-39463} - ext4: fix inode tree inconsistency caused by ENOMEM (zhanchengbin) - Revert "arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings" (Sumit Semwal) - ACPI: battery: Fix possible crash when unregistering a battery hook (Armin Wolf) [Orabug: 37206091] {CVE-2024-49955} - ACPI: battery: Simplify battery hook locking (Armin Wolf) - clk: qcom: gcc-sc8180x: Add GPLL9 support (Satya Priya Kakitapalli) - r8169: add tally counter fields added with RTL8125 (Heiner Kallweit) [Orabug: 37206182] {CVE-2024-49973} - r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" (Colin Ian King) - dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x (Satya Priya Kakitapalli) - dt-bindings: clock: qcom: Add missing UFS QREF clocks (Manivannan Sadhasivam) - media: imx335: Fix reset-gpio handling (Umang Jain) - media: i2c: imx335: Enable regulator supplies (Kieran Bingham) - drm/rockchip: vop: clear DMA stop bit on RK3066 (Val Packett) - drm/rockchip: support gamma control on RK3399 (Hugh Cole-Baker) - drm/rockchip: define gamma registers for RK3399 (Hugh Cole-Baker) - lib/buildid: harden build ID parsing logic (Andrii Nakryiko) - build-id: require program headers to be right after ELF header (Alexey Dobriyan) - drm/amd/display: Allow backlight to go below AMDGPU_DM_DEFAULT_MIN_BACKLIGHT (Mario Limonciello) - uprobes: fix kernel info leak via "[uprobes]" vma (Oleg Nesterov) - arm64: cputype: Add Neoverse-N3 definitions (Mark Rutland) - arm64: Add Cortex-715 CPU part definition (Anshuman Khandual) - ext4: dax: fix overflowing extents beyond inode size when partially writing (Zhihao Cheng) [Orabug: 37206370] {CVE-2024-50015} - ext4: properly sync file size update after O_SYNC direct IO (Jan Kara) - spi: bcm63xx: Fix missing pm_runtime_disable() (Jinjie Ruan) - i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (Jinjie Ruan) - i2c: xiic: Use devm_clk_get_enabled() (Andi Shyti) - i2c: core: Lock address during client device instantiation (Heiner Kallweit) - i2c: create debugfs entry per adapter (Wolfram Sang) - kconfig: qconf: fix buffer overflow in debug links (Masahiro Yamada) - drm/amd/display: Fix system hang while resume with TBT monitor (Tom Chung) [Orabug: 37206307] {CVE-2024-50003} - drm/sched: Add locking to drm_sched_entity_modify_sched (Tvrtko Ursulin) - close_range(): fix the logics in descriptor table trimming (Al Viro) - tracing/timerlat: Fix a race during cpuhp processing (Wei Li) [Orabug: 37200894] {CVE-2024-49866} - tracing/hwlat: Fix a race during cpuhp processing (Wei Li) - gpio: davinci: fix lazy disable (Emanuele Ghidoli) - btrfs: wait for fixup workers before stopping cleaner kthread during umount (Filipe Manana) [Orabug: 37200896] {CVE-2024-49867} - btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (Qu Wenruo) [Orabug: 37200902] {CVE-2024-49868} - ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (Hans de Goede) - ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (Hans de Goede) - Input: adp5589-keys - fix adp5589_gpio_get_value() (Nuno Sa) - Input: adp5589-keys - fix NULL pointer dereference (Nuno Sa) [Orabug: 37200911] {CVE-2024-49871} - rtc: at91sam9: fix OF node leak in probe() error path (Krzysztof Kozlowski) - net: stmmac: Fix zero-division error when disabling tc cbs (KhaiWenTan) [Orabug: 37206640] {CVE-2024-49977} - tomoyo: fallback to realpath if symlink's pathname does not exist (Tetsuo Handa) - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (Barnabás Czémán) - clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table (Satya Priya Kakitapalli) - clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable() (Manivannan Sadhasivam) - media: venus: fix use after free bug in venus_remove due to race condition (Zheng Wang) [Orabug: 37206208] {CVE-2024-49981} - clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src (Satya Priya Kakitapalli) - clk: qcom: clk-rpmh: Fix overflow in BCM vote (Mike Tipton) - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (Hans Verkuil) - media: sun4i_csi: Implement link validate for sun4i_csi subdev (Laurent Pinchart) - clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks (Dmitry Baryshkov) - clk: rockchip: fix error for unknown clocks (Sebastian Reichel) - aoe: fix the potential use-after-free problem in more places (Chun-Yi Lee) [Orabug: 37206641] {CVE-2024-49982} - NFSD: Fix NFSv4's PUTPUBFH operation (Chuck Lever) - nfsd: map the EBADMSG to nfserr_io to avoid warning (Li Lingfeng) [Orabug: 37200917] {CVE-2024-49875} - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (NeilBrown) - perf hist: Update hist symbol when updating maps (Matt Fleming) - exfat: fix memory leak in exfat_load_bitmap() (Yuezhang Mo) [Orabug: 37206359] {CVE-2024-50013} - riscv: define ILLEGAL_POINTER_VALUE for 64bit (Jisheng Zhang) - ext4: mark fc as ineligible using an handle in ext4_xattr_set() (Luis Henriques (SUSE)) - ext4: use handle to mark fc as ineligible in __track_dentry_update() (Luis Henriques (SUSE)) - ext4: fix fast commit inode enqueueing during a full journal commit (Luis Henriques (SUSE)) - ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (Luis Henriques (SUSE)) - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (Luis Henriques (SUSE)) - ext4: update orig_path in ext4_find_extent() (Baokun Li) [Orabug: 37200941] {CVE-2024-49881} - ext4: fix double brelse() the buffer of the extents path (Baokun Li) [Orabug: 37200947] {CVE-2024-49882} - ext4: aovid use-after-free in ext4_ext_insert_extent() (Baokun Li) [Orabug: 37200953] {CVE-2024-49883} - ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (Baokun Li) [Orabug: 37206215] {CVE-2024-49983} - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (Luis Henriques (SUSE)) - ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (Baokun Li) - ext4: fix slab-use-after-free in ext4_split_extent_at() (Baokun Li) [Orabug: 37200959] {CVE-2024-49884} - ext4: correct encrypted dentry name hash when not casefolded (yao.ly) - ext4: no need to continue when the number of entries is 1 (Edward Adam Davis) [Orabug: 37206145] {CVE-2024-49967} - ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (Ai Chao) - ALSA: line6: add hw monitor volume control to POD HD500X (Hans P. Moller) - ALSA: usb-audio: Add native DSD support for Luxman D-08u (Jan Lalinsky) - ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (Lianqin Hu) - ALSA: core: add isascii() check to card ID generator (Jaroslav Kysela) - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (Thomas Zimmermann) - parisc: Fix itlb miss handler for 64-bit programs (Helge Deller) - perf/core: Fix small negative period being ignored (Luo Gengkun) - power: supply: hwmon: Fix missing temp1_max_alarm attribute (Hans de Goede) - spi: bcm63xx: Fix module autoloading (Jinjie Ruan) - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (Krzysztof Kozlowski) - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (Robert Hancock) - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (Marek Vasut) [Orabug: 37206219] {CVE-2024-49985} - platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (Zach Wade) [Orabug: 37200965] {CVE-2024-49886} - selftests: vDSO: fix vdso_config for s390 (Heiko Carstens) - selftests: vDSO: fix ELF hash table entry size for s390x (Jens Remus) - selftests/mm: fix charge_reserved_hugetlb.sh test (David Hildenbrand) - selftests: vDSO: fix vDSO symbols lookup for powerpc64 (Christophe Leroy) - selftests: vDSO: fix vdso_config for powerpc (Christophe Leroy) - selftests: vDSO: fix vDSO name for powerpc (Christophe Leroy) - selftests: breakpoints: use remaining time to check if suspend succeed (Yifei Liu) - spi: s3c64xx: fix timeout counters in flush_fifo (Ben Dooks) - spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (Jinjie Ruan) - usb: typec: tcpm: Check for port partner validity before consuming it (Badhri Jagan Sridharan) [Orabug: 36683242] {CVE-2024-36893} - blk-integrity: register sysfs attributes on struct device (Thomas Weißschuh) - blk-integrity: convert to struct device_attribute (Thomas Weißschuh) - blk-integrity: use sysfs_emit (Thomas Weißschuh) - ext4: fix i_data_sem unlock order in ext4_ind_migrate() (Artem Sadovnikov) [Orabug: 37206322] {CVE-2024-50006} - ext4: avoid use-after-free in ext4_ext_show_leaf() (Baokun Li) [Orabug: 37205705] {CVE-2024-49889} - ext4: ext4_search_dir should return a proper error (Thadeu Lima de Souza Cascardo) - of/irq: Refer to actual buffer size in of_irq_parse_one() (Geert Uytterhoeven) - drm/amd/pm: ensure the fw_info is not null before using it (Tim Huang) [Orabug: 37205712] {CVE-2024-49890} - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (Geert Uytterhoeven) - scsi: aacraid: Rearrange order of struct aac_srb_unit (Kees Cook) - drm/printer: Allow NULL data in devcoredump printer (Matthew Brost) - drm/amd/display: Initialize get_bytes_per_element's default to 1 (Alex Hung) [Orabug: 37205726] {CVE-2024-49892} - drm/amd/display: Fix index out of bounds in DCN30 color transformation (Srinivasan Shanmugam) [Orabug: 37206158] {CVE-2024-49969} {CVE-2024-49895} - drm/amd/display: Fix index out of bounds in degamma hardware format translation (Srinivasan Shanmugam) [Orabug: 37205739] {CVE-2024-49894} - drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (Srinivasan Shanmugam) [Orabug: 37205745] {CVE-2024-49895} {CVE-2024-49969} - drm/amd/display: Check stream before comparing them (Alex Hung) [Orabug: 37205751] {CVE-2024-49896} - platform/x86: touchscreen_dmi: add nanote-next quirk (Ckath) - HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (Vishnu Sankar) - drm/amdgpu: enable gfxoff quirk on HP 705G4 (Peng Liu) - drm/amdgpu: add raven1 gfxoff quirk (Peng Liu) - jfs: Fix uninit-value access of new_ea in ea_buffer (Zhao Mengmeng) [Orabug: 37205777] {CVE-2024-49900} - scsi: smartpqi: correct stream detection (Mahesh Rajashekhara) - jfs: check if leafidx greater than num leaves per dmap tree (Edward Adam Davis) [Orabug: 37205789] {CVE-2024-49902} - jfs: Fix uaf in dbFreeBits (Edward Adam Davis) [Orabug: 37205794] {CVE-2024-49903} - jfs: UBSAN: shift-out-of-bounds in dbFindBits (Remington Brasga) - drm/amd/display: Check null pointers before using dc->clk_mgr (Alex Hung) [Orabug: 37205820] {CVE-2024-49907} - ata: sata_sil: Rename sil_blacklist to sil_quirks (Damien Le Moal) - drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (Srinivasan Shanmugam) [Orabug: 37205857] {CVE-2024-49913} - iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (Sanjay K Kumar) [Orabug: 37206262] {CVE-2024-49993} - iommu/vt-d: Always reserve a domain ID for identity setup (Lu Baolu) - power: reset: brcmstb: Do not go into infinite loop if reset fails (Andrew Davis) - iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux (Marc Gonzalez) - rcuscale: Provide clear error when async specified without primitives (Paul E. McKenney) - fbdev: pxafb: Fix possible use after free in pxafb_task() (Kaixin Wang) [Orabug: 37205935] {CVE-2024-49924} - x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (Kees Cook) - ALSA: hdsp: Break infinite MIDI input flush loop (Takashi Iwai) - ALSA: asihpi: Fix potential OOB array access (Takashi Iwai) [Orabug: 37206327] {CVE-2024-50007} - tools/x86/kcpuid: Protect against faulty "max subleaf" values (Ahmed S. Darwish) - ALSA: usb-audio: Add logitech Audio profile quirk (Joshua Pius) - ALSA: usb-audio: Define macros for quirk table entries (Takashi Iwai) - x86/ioapic: Handle allocation failures gracefully (Thomas Gleixner) [Orabug: 37205954] {CVE-2024-49927} - ALSA: usb-audio: Add input value sanity checks for standard types (Takashi Iwai) - signal: Replace BUG_ON()s (Thomas Gleixner) - nfp: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (Gustavo A. R. Silva) [Orabug: 37206332] {CVE-2024-50008} - wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (Felix Fietkau) - proc: add config & param to block forcing mem writes (Adrian Ratiu) - ACPICA: iasl: handle empty connection_node (Aleksandrs Vinarskis) - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (Jason Xing) - net: atlantic: Avoid warning about potential string truncation (Simon Horman) - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (Ido Schimmel) - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). (Kuniyuki Iwashima) - net: mvpp2: Increase size of queue_name buffer (Simon Horman) - tipc: guard against string buffer overrun (Simon Horman) [Orabug: 37206276] {CVE-2024-49995} - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (Pei Xiao) [Orabug: 37206122] {CVE-2024-49962} - ACPI: EC: Do not release locks during operation region accesses (Rafael J. Wysocki) - wifi: rtw88: select WANT_DEV_COREDUMP (Zong-Zhe Yang) - wifi: ath11k: fix array out-of-bound access in SoC stats (Karthikeyan Periyasamy) [Orabug: 37205975] {CVE-2024-49930} - nvme-pci: qdepth 1 quirk (Keith Busch) - blk_iocost: fix more out of bound shifts (Konstantin Ovsepian) [Orabug: 37205994] {CVE-2024-49933} - net: sched: consistently use rcu_replace_pointer() in taprio_change() (Dmitry Antipov) - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (Armin Wolf) - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (Armin Wolf) - ACPI: PAD: fix crash in exit_round_robin() (Seiji Nishikawa) [Orabug: 37206005] {CVE-2024-49935} - net: hisilicon: hns_mdio: fix OF node leak in probe() (Krzysztof Kozlowski) - net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() (Krzysztof Kozlowski) - net: hisilicon: hip04: fix OF node leak in probe() (Krzysztof Kozlowski) - net/xen-netback: prevent UAF in xenvif_flush_hash() (Jeongjun Park) [Orabug: 37206011] {CVE-2024-49936} - ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() (Aleksandr Mishin) - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (Toke Høiland-Jørgensen) [Orabug: 37206028] {CVE-2024-49938} - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (Dmitry Kandybka) - f2fs: Require FMODE_WRITE for atomic write ioctls (Jann Horn) [Orabug: 37200793] {CVE-2024-47740} - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (Takashi Iwai) - ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (Hui Wang) - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (Takashi Iwai) - ALSA: hda/realtek: Fix the push button function for the ALC257 (Oder Chiou) - ALSA: mixer_oss: Remove some incorrect kfree_const() usages (Christophe JAILLET) - media: usbtv: Remove useless locks in usbtv_video_free() (Benjamin Gaignard) [Orabug: 36598250] {CVE-2024-27072} - i2c: xiic: Try re-initialization on bus busy timeout (Robert Hancock) - i2c: xiic: improve error message when transfer fails to start (Marc Ferland) - i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (Lars-Peter Clausen) - i2c: xiic: Fix RX IRQ busy check (Marek Vasut) - i2c: xiic: Switch from waitqueue to completion (Marek Vasut) - i2c: xiic: Fix broken locking on tx_msg (Marek Vasut) - sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (Xin Long) [Orabug: 37206050] {CVE-2024-49944} - ppp: do not assume bh is held in ppp_channel_bridge_input() (Eric Dumazet) [Orabug: 37206060] {CVE-2024-49946} - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (Anton Danilov) - net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check (Shenwei Wang) - net: stmmac: Disable automatic FCS/Pad stripping (Kurt Kanzenbach) - stmmac_pci: Fix underflow size in stmmac_rx (Zekun Shen) - net: add more sanity checks to qdisc_pkt_len_init() (Eric Dumazet) [Orabug: 37206063] {CVE-2024-49948} - net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Eric Dumazet) [Orabug: 37206069] {CVE-2024-49949} - net: ethernet: lantiq_etop: fix memory disclosure (Aleksander Jan Bajkowski) [Orabug: 37206288] {CVE-2024-49997} - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - netfilter: nf_tables: prevent nf_skb_duplicated corruption (Eric Dumazet) [Orabug: 37206080] {CVE-2024-49952} - net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED (Phil Sutter) - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (Elena Salomatkina) [Orabug: 37206298] {CVE-2024-50000} - net/mlx5: Added cond_resched() to crdump collection (Mohamed Khalfella) - net/mlx5: Fix error path in multi-packet WQE transmit (Gerd Bayer) [Orabug: 37206301] {CVE-2024-50001} - ieee802154: Fix build error (Jinjie Ruan) - ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [Orabug: 37264180] {CVE-2024-50179} - mailbox: bcm2835: Fix timeout during suspend mode (Stefan Wahren) [Orabug: 37206129] {CVE-2024-49963} - mailbox: rockchip: fix a typo in module autoloading (Liao Chen) - static_call: Replace pointless WARN_ON() in static_call_module_notify() (Thomas Gleixner) [Orabug: 37206089] {CVE-2024-49954} - static_call: Handle module init failure correctly in static_call_del_module() (Thomas Gleixner) [Orabug: 37206305] {CVE-2024-50002} - spi: lpspi: Simplify some error message (Christophe JAILLET) - usb: yurex: Fix inconsistent locking bug in yurex_read() (Harshit Mogalapalli) - i2c: isch: Add missed 'else' (Andy Shevchenko) - i2c: aspeed: Update the stop sw state when the bus recovery occurs (Tommy Huang) - mm: only enforce minimum stack gap size if it's sensible (David Gow) - lockdep: fix deadlock issue between lockdep and rcu (Zhiguo Niu) - bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 (Song Liu) - x86/entry: Remove unwanted instrumentation in common_interrupt() (Dmitry Vyukov) - x86/idtentry: Incorporate definitions/declarations of the FRED entries (Xin Li) - pps: add an error check in parport_attach (Ma Ke) - pps: remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) - usb: xhci: fix loss of data on Cadence xHC (Pawel Laszczak) - xhci: Add a quirk for writing ERST in high-low order (Daehwan Jung) - xhci: Preserve RsvdP bits in ERSTBA register correctly (Lukas Wunner) - xhci: Refactor interrupter code for initial multi interrupter support. (Mathias Nyman) - xhci: remove xhci_test_trb_in_td_math early development check (Mathias Nyman) - xhci: fix event ring segment table related masks and variables in header (Mathias Nyman) - USB: misc: yurex: fix race between read and write (Oliver Neukum) - usb: yurex: Replace snprintf() with the safer scnprintf() variant (Lee Jones) - soc: versatile: realview: fix soc_dev leak during device remove (Krzysztof Kozlowski) - soc: versatile: realview: fix memory leak during device remove (Krzysztof Kozlowski) - padata: use integer wrap around to prevent deadlock on seq_nr overflow (VanGiang Nguyen) [Orabug: 37200789] {CVE-2024-47739} - EDAC/igen6: Fix conversion of system address to physical memory address (Qiuxu Zhuo) - nfs: fix memory leak in error path of nfs4_do_reclaim (Li Lingfeng) - fs: Fix file_set_fowner LSM hook inconsistencies (Mickaël Salaün) - vfs: fix race between evice_inodes() and find_inode()&iput() (Julian Sun) [Orabug: 37200603] {CVE-2024-47679} - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (Dragan Simic) - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (Dragan Simic) - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (Gaosheng Cui) - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (Gaosheng Cui) - hwrng: mtk - Use devm_pm_runtime_enable (Guoqing Jiang) - f2fs: avoid potential int overflow in sanity_check_area_boundary() (Nikita Zhandarovich) - f2fs: prevent possible int overflow in dir_block_index() (Nikita Zhandarovich) - debugobjects: Fix conditions in fill_pool() (Zhen Lei) - wifi: mt76: mt7615: check devm_kasprintf() returned value (Ma Ke) - wifi: rtw88: 8822c: Fix reported RX band width (Bitterblue Smith) - perf/x86/intel/pt: Fix sampling synchronization (Adrian Hunter) - efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (Ard Biesheuvel) [Orabug: 37200864] {CVE-2024-49858} - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (Werner Sembach) - ACPI: sysfs: validate return type of _STR method (Thomas Weißschuh) [Orabug: 37200877] {CVE-2024-49860} - drbd: Add NULL check for net_conf to prevent dereference in state validation (Mikhail Lobanov) - drbd: Fix atomicity violation in drbd_uuid_set_bm() (Qiu-ji Chen) - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (Pavan Kumar Paluri) - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them. (Mathias Nyman) - tty: rp2: Fix reset with non forgiving PCIe host bridges (Florian Fainelli) - firmware_loader: Block path traversal (Jann Horn) [Orabug: 37200801] {CVE-2024-47742} - bus: integrator-lm: fix OF node leak in probe() (Krzysztof Kozlowski) - usb: dwc2: drd: fix clock gating on USB role switch (Tomas Marek) - usb: cdnsp: Fix incorrect usb_request status (Pawel Laszczak) - USB: class: CDC-ACM: fix race between get_serial and set_serial (Oliver Neukum) - USB: misc: cypress_cy7c63: check for short transfer (Oliver Neukum) - USB: appledisplay: close race between probe and completion handler (Oliver Neukum) - usbnet: fix cyclical race on disconnect with work queue (Oliver Neukum) - scsi: mac_scsi: Disallow bus errors during PDMA send (Finn Thain) - scsi: mac_scsi: Refactor polling loop (Finn Thain) - scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (Finn Thain) - drm/amd/display: Validate backlight caps are sane (Mario Limonciello) - drm/amd/display: Round calculated vtotal (Robin Chen) - Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (Werner Sembach) - Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (Werner Sembach) - Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (Werner Sembach) - Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" (Roman Smirnov) - soc: versatile: integrator: fix OF node leak in probe() error path (Krzysztof Kozlowski) - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (Ma Ke) - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (Sean Anderson) - Remove *.orig pattern from .gitignore (Laurent Pinchart) - selinux,smack: don't bypass permissions check in inode_setsecctx hook (Scott Mayhew) [Orabug: 37070761] {CVE-2024-46695} - vfio/pci: fix potential memory leak in vfio_intx_enable() (Ye Bin) [Orabug: 36765615] {CVE-2024-38632} - x86/mm: Switch to new Intel CPU model defines (Tony Luck) - Input: goodix - use the new soc_intel_is_byt() helper (Hans de Goede) - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (Fangzhi Zuo) - netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS (Simon Horman) - netfilter: nf_tables: Keep deleted flowtable hooks until after RCU (Phil Sutter) - bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() (Jiwon Kim) [Orabug: 37200774] {CVE-2024-47734} - net: qrtr: Update packets cloning when broadcasting (Youssef Samir) - tcp: check skb is non-NULL in tcp_rto_delta_us() (Josh Hunt) [Orabug: 37200622] {CVE-2024-47684} - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (Thomas Weißschuh) - net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (Kaixin Wang) [Orabug: 37200817] {CVE-2024-47747} - netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Eric Dumazet) [Orabug: 37200629] {CVE-2024-47685} - net: xilinx: axienet: Fix packet counting (Sean Anderson) - net: axienet: Switch to 64-bit RX/TX statistics (Robert Hancock) - net: axienet: Use NAPI for TX completion path (Robert Hancock) - net: axienet: Be more careful about updating tx_bd_tail (Robert Hancock) - net: axienet: add coalesce timer ethtool configuration (Robert Hancock) - net: axienet: reduce default RX interrupt threshold to 1 (Robert Hancock) - net: axienet: implement NAPI and GRO receive (Robert Hancock) - net: axienet: don't set IRQ timer when IRQ delay not used (Robert Hancock) - net: axienet: Clean up DMA start/stop and error handling (Robert Hancock) - net: axienet: Clean up device used for DMA calls (Robert Hancock) - Revert "dm: requeue IO if mapping table not yet available" (Mikulas Patocka) - vhost_vdpa: assign irq bypass producer token correctly (Jason Wang) [Orabug: 37200820] {CVE-2024-47748} - vdpa: Add eventfd for the vdpa callback (Xie Yongji) - interconnect: qcom: sm8250: Enable sync_state (Konrad Dybcio) - coresight: tmc: sg: Do not leak sg_table (Suzuki K Poulose) - iio: adc: ad7606: fix standby gpio state to match the documentation (Guillaume Stols) - iio: adc: ad7606: fix oversampling gpio array (Guillaume Stols) - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (Jinjie Ruan) - spi: lpspi: release requested DMA channels (Alexander Stein) - spi: lpspi: Silence error message upon deferred probe (Alexander Stein) - f2fs: get rid of online repaire on corrupted directory (Chao Yu) [Orabug: 37200641] {CVE-2024-47690} - f2fs: clean up w/ dotdot_name (Chao Yu) - f2fs: introduce F2FS_IPU_HONOR_OPU_WRITE ipu policy (Chao Yu) - f2fs: fix to wait page writeback before setting gcing flag (Chao Yu) - f2fs: optimize error handling in redirty_blocks (Jack Qiu) - f2fs: reduce expensive checkpoint trigger frequency (Chao Yu) - f2fs: remove unneeded check condition in __f2fs_setxattr() (Chao Yu) - f2fs: fix to update i_ctime in __f2fs_setxattr() (Chao Yu) - f2fs: fix typo (Yonggil Song) - nfsd: return -EINVAL when namelen is 0 (Li Lingfeng) [Orabug: 37200649] {CVE-2024-47692} - nfsd: call cache_put if xdr_reserve_space returns NULL (Guoqing Jiang) [Orabug: 37200782] {CVE-2024-47737} - ntb_perf: Fix printk format (Max Hawking) - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (Jinjie Ruan) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (Vitaliy Shevtsov) - RDMA/cxgb4: Added NULL check for lookup_atid (Mikhail Lobanov) [Orabug: 37200823] {CVE-2024-47749} - riscv: Fix fp alignment bug in perf_callchain_user() (Jinjie Ruan) - RDMA/hns: Optimize hem allocation performance (Junxian Huang) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (Junxian Huang) - RDMA/hns: Refactor the abnormal interrupt handler function (Haoyue Xu) - RDMA/hns: Fix the wrong type of return value of the interrupt handler (Haoyue Xu) - RDMA/hns: Remove unused abnormal interrupt of type RAS (Haoyue Xu) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (Chengchang Tang) [Orabug: 37200776] {CVE-2024-47735} - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (wenglianfa) - RDMA/hns: Don't modify rq next block addr in HIP09 QPC (Junxian Huang) - watchdog: imx_sc_wdt: Don't disable WDT in suspend (Jonas Blixt) - IB/core: Fix ib_cache_setup_one error flow cleanup (Patrisious Haddad) [Orabug: 37200653] {CVE-2024-47693} - pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function (Wang Jianzheng) - pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource() (Yangtao Li) - nfsd: fix refcount leak when file is unhashed after being found (Jeff Layton) - nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (Jeff Layton) - clk: ti: dra7-atl: Fix leak of of_nodes (David Lechner) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (Md Haris Iqbal) [Orabug: 37200658] {CVE-2024-47695} - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (Jack Wang) - pinctrl: single: fix missing error code in pcs_probe() (Yang Yingliang) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (Zhu Yanjun) [Orabug: 37205520] {CVE-2024-47696} - PCI: xilinx-nwl: Clean up clock on probe failure/removal (Sean Anderson) - PCI: xilinx-nwl: Fix register misspelling (Sean Anderson) - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (Dan Carpenter) [Orabug: 37205559] {CVE-2024-47756} - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (Junlin Li) [Orabug: 37200661] {CVE-2024-47697} - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (Junlin Li) [Orabug: 37200668] {CVE-2024-47698} - Input: ilitek_ts_i2c - add report id message validation (Emanuele Ghidoli) - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (Emanuele Ghidoli) - clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 (Jonas Karlman) - remoteproc: imx_rproc: Initialize workqueue earlier (Peng Fan) - remoteproc: imx_rproc: Correct ddr alias for i.MX8M (Peng Fan) - clk: imx: imx8qxp: Parent should be initialized earlier than the clock (Peng Fan) - clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk (Peng Fan) - clk: imx: imx8mp: fix clock tree update of TF-A managed clocks (Zhipeng Wang) - perf time-utils: Fix 32-bit nsec parsing (Ian Rogers) - perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time (Yang Jihong) - perf sched timehist: Fix missing free of session in perf_sched__timehist() (Yang Jihong) - perf mem: Free the allocated sort string, fixing a leak (Namhyung Kim) - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (Daniel Borkmann) - nilfs2: fix potential oob read in nilfs_btree_check_delete() (Ryusuke Konishi) [Orabug: 37200842] {CVE-2024-47757} - nilfs2: determine empty node blocks as corrupted (Ryusuke Konishi) - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (Ryusuke Konishi) [Orabug: 37200675] {CVE-2024-47699} - ext4: avoid OOB when system.data xattr changes underneath the filesystem (Thadeu Lima de Souza Cascardo) [Orabug: 37200681] {CVE-2024-47701} - ext4: return error on ext4_find_inline_entry (Thadeu Lima de Souza Cascardo) - ext4: avoid negative min_clusters in find_group_orlov() (Kemeng Shi) - ext4: avoid potential buffer_head leak in __ext4_new_inode() (Kemeng Shi) - ext4: avoid buffer_head leak in ext4_mark_inode_used() (Kemeng Shi) - smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso (Jiawei Ye) - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (yangerkun) - kthread: fix task state in kthread worker if being frozen (Chen Yu) - xz: cleanup CRC32 edits from 2018 (Lasse Collin) - selftests/bpf: Fix C++ compile error from missing _Bool type (Tony Ambardar) - selftests/bpf: Fix error compiling test_lru_map.c (Tony Ambardar) - selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (Tony Ambardar) - selftests/bpf: Fix compiling core_reloc.c with musl-libc (Tony Ambardar) - selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (Tony Ambardar) - selftests/bpf: Fix compiling flow_dissector.c with musl-libc (Tony Ambardar) - selftests/bpf: Fix compiling kfree_skb.c with musl-libc (Tony Ambardar) - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (Tony Ambardar) - selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (Tony Ambardar) - selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (Tony Ambardar) - tpm: Clean up TPM space after command failure (Jonathan McDowell) [Orabug: 37200850] {CVE-2024-49851} - xen/swiotlb: add alignment check for dma buffers (Juergen Gross) - xen: use correct end address of kernel for conflict checking (Juergen Gross) - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (Yuesong Li) - drm/msm: fix %s null argument error (Sherry Yang) - ipmi: docs: don't advertise deprecated sysfs entries (Wolfram Sang) - drm/msm/a5xx: workaround early ring-buffer emptiness check (Vladimir Lypak) - drm/msm: Drop priv->lastctx (Rob Clark) - drm/msm/a5xx: fix races in preemption evaluation stage (Vladimir Lypak) - drm/msm/a5xx: properly clear preemption records on resume (Vladimir Lypak) - drm/msm/a5xx: disable preemption in submits by default (Vladimir Lypak) - drm/msm: Fix incorrect file name output in adreno_request_fw() (Aleksandr Mishin) - powerpc/8xx: Fix kernel vs user address comparison (Christophe Leroy) - powerpc/8xx: Fix initial memory mapping (Christophe Leroy) - powerpc/32: Remove 'noltlbs' kernel parameter (Christophe Leroy) - powerpc/32: Remove the 'nobats' kernel parameter (Christophe Leroy) - drm/mediatek: Use spin_lock_irqsave() for CRTC event lock (Fei Shao) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (Jeongjun Park) [Orabug: 37200739] {CVE-2024-47723} - scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (Dan Carpenter) [Orabug: 37200855] {CVE-2024-49852} - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (Liu Ying) - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (Nikita Zhandarovich) - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (Jonas Karlman) - drm/rockchip: vop: Allow 4096px width scaling (Alex Bee) - scsi: NCR5380: Check for phase match during PDMA fixup (Finn Thain) - scsi: NCR5380: Add SCp members to struct NCR5380_cmd (Finn Thain) - drm/radeon: properly handle vbios fake edid sizing (Alex Deucher) - drm/radeon: Replace one-element array with flexible-array member (Paulo Miguel Almeida) - drm/amdgpu: properly handle vbios fake edid sizing (Alex Deucher) - drm/amdgpu: Replace one-element array with flexible-array member (Paulo Miguel Almeida) - drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (Srinivasan Shanmugam) [Orabug: 37200736] {CVE-2024-47720} - drm/stm: Fix an error handling path in stm_drm_platform_probe() (Christophe JAILLET) - pmdomain: core: Harden inter-column space in debug summary (Geert Uytterhoeven) - mtd: powernv: Add check devm_kasprintf() returned value (Charles Han) - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (Christophe JAILLET) - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (Artur Weber) - power: supply: axp20x_battery: Remove design from min and max voltage (Chris Morgan) - hwmon: (ntc_thermistor) fix module autoloading (Yuntao Liu) - mtd: slram: insert break after errors in parsing the map (Mirsad Todorovac) - hwmon: (max16065) Fix alarm attributes (Guenter Roeck) - hwmon: (max16065) Remove use of i2c_match_id() (Andrew Davis) - i2c: Add i2c_get_match_data() (Biju Das) - hwmon: (max16065) Fix overflows seen when writing limits (Guenter Roeck) - m68k: Fix kernel_clone_args.flags in m68k_clone() (Finn Thain) - clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (Ankit Agrawal) - reset: k210: fix OF node leak in probe() error path (Krzysztof Kozlowski) - reset: berlin: fix OF node leak in probe() error path (Krzysztof Kozlowski) - ARM: versatile: fix OF node leak in CPUs prepare (Krzysztof Kozlowski) - ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property (Krzysztof Kozlowski) - ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks (Alexander Dahl) - arm64: dts: renesas: r9a07g044: Correct GICD and GICR sizes (Lad Prabhakar) - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (Andy Shevchenko) - spi: ppc4xx: handle irq_of_parse_and_map() errors (Ma Ke) - block: fix potential invalid pointer dereference in blk_add_partition (Riyan Dhiman) [Orabug: 37200698] {CVE-2024-47705} - block: print symbolic error name instead of error code (Christian Heusel) - block, bfq: don't break merge chain in bfq_split_bfqq() (Yu Kuai) - block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (Yu Kuai) - block, bfq: fix possible UAF for bfqq->bic with merge chain (Yu Kuai) - net: tipc: avoid possible garbage value (Su Hui) - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (Justin Iurman) - r8169: disable ALDPS per default for RTL8125 (Heiner Kallweit) - net: enetc: Use IRQF_NO_AUTOEN flag in request_irq() (Jinjie Ruan) - bareudp: Pull inner IP header on xmit. (Guillaume Nault) - geneve: Fix incorrect inner network header offset when innerprotoinherit is set (Gal Pressman) - net: geneve: support IPv4/IPv6 as inner protocol (Eyal Birger) - bareudp: Pull inner IP header in bareudp_udp_encap_recv(). (Guillaume Nault) - Bluetooth: btusb: Fix not handling ZPL/short-transfer (Luiz Augusto von Dentz) - can: m_can: m_can_close(): stop clocks after device has been shut down (Marc Kleine-Budde) - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). (Kuniyuki Iwashima) [Orabug: 37205475] {CVE-2024-47709} - sock_map: Add a cond_resched() in sock_hash_free() (Eric Dumazet) [Orabug: 37200714] {CVE-2024-47710} - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (Jiawei Ye) [Orabug: 37205501] {CVE-2024-47712} - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (Dmitry Antipov) [Orabug: 37200719] {CVE-2024-47713} - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (Dmitry Antipov) - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (Howard Hsu) - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (Dmitry Antipov) - x86/sgx: Fix deadlock in SGX NUMA node search (Aaron Lu) [Orabug: 37200860] {CVE-2024-49856} - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (Nishanth Menon) - netfilter: nf_tables: remove annotation to access set timeout while holding lock (Pablo Neira Ayuso) - netfilter: nf_tables: reject expiration higher than timeout (Pablo Neira Ayuso) - netfilter: nf_tables: reject element expiration with no timeout (Pablo Neira Ayuso) - netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire (Pablo Neira Ayuso) - ACPI: CPPC: Fix MASK_VAL() usage (Clément Léger) - ACPI: bus: Avoid using CPPC if not supported by firmware (Rafael J. Wysocki) - can: j1939: use correct function name in comment (Zhang Changzhong) - padata: Honor the caller's alignment in case of chunk_size 0 (Kamlesh Gurudasani) - wifi: iwlwifi: mvm: increase the time between ranging measurements (Avraham Stern) - mount: handle OOM on mnt_warn_timestamp_expiry (Olaf Hering) - fs/namespace: fnic: Switch to use %ptTd (Andy Shevchenko) - mount: warn only once about timestamp range expiration (Anthony Iliopoulos) - fs: explicitly unregister per-superblock BDIs (Christoph Hellwig) - wifi: rtw88: remove CPT execution branch never used (Dmitry Kandybka) - net: stmmac: dwmac-loongson: Init ref and PTP clocks rate (Yanteng Si) - wifi: ath9k: Remove error checks when creating debugfs entries (Toke Høiland-Jørgensen) - wifi: ath9k: fix parameter check in ath9k_init_debug() (Minjie Du) - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (Aleksandr Mishin) - crypto: xor - fix template benchmarking (Helge Deller) - wifi: rtw88: always wait for both firmware loading attempts (Dmitry Antipov) [Orabug: 37200733] {CVE-2024-47718} - EDAC/synopsys: Fix error injection on Zynq UltraScale+ (Shubhrajyoti Datta) - EDAC/synopsys: Fix ECC status and IRQ control race condition (Serge Semin) - EDAC/synopsys: Re-enable the error interrupts on v3 hw (Sherry Sun) - EDAC/synopsys: Use the correct register to disable the error interrupt on v3 hw (Sherry Sun) - EDAC/synopsys: Add support for version 3 of the Synopsys EDAC DDR (Dinh Nguyen) - USB: usbtmc: prevent kernel-usb-infoleak (Edward Adam Davis) [Orabug: 37159777] {CVE-2024-47671} - USB: serial: pl2303: add device id for Macrosilicon MS3020 (Junhao Xie) - gpiolib: cdev: Ignore reconfiguration without direction (Kent Gibson) - inet: inet_defrag: prevent sk release while still in use (Florian Westphal) [Orabug: 36545059] {CVE-2024-26921} - gpio: prevent potential speculation leaks in gpio_device_get_desc() (Hagar Hemdan) [Orabug: 36993133] {CVE-2024-44931} - Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex" (Ping-Ke Shih) - netfilter: nf_tables: missing iterator type in lookup walk (Pablo Neira Ayuso) - netfilter: nft_set_pipapo: walk over current view on netlink dump (Pablo Neira Ayuso) [Orabug: 36598033] {CVE-2024-27017} - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (Ferry Meng) [Orabug: 36891660] {CVE-2024-41016} - ocfs2: add bounds checking to ocfs2_xattr_find_entry() (Ferry Meng) [Orabug: 37159772] {CVE-2024-47670} - spi: spidev: Add missing spi_device_id for jg10309-01 (Geert Uytterhoeven) - x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (Michael Kelley) - spi: bcm63xx: Enable module autoloading (Liao Chen) - drm: komeda: Fix an issue related to normalized zpos (hongchi.peng) - spi: spidev: Add an entry for elgin,jg10309-01 (Fabio Estevam) - ASoC: tda7419: fix module autoloading (Liao Chen) - ASoC: intel: fix module autoloading (Liao Chen) - wifi: iwlwifi: clear trans->state earlier upon error (Emmanuel Grumbach) - wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead (Emmanuel Grumbach) [Orabug: 37159780] {CVE-2024-47672} - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (Emmanuel Grumbach) [Orabug: 37159785] {CVE-2024-47673} - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (Daniel Gabay) - wifi: iwlwifi: lower message level for FW buffer destination (Benjamin Berg) - net: ftgmac100: Ensure tx descriptor updates are visible (Jacky Chou) - microblaze: don't treat zero reserved memory regions as error (Mike Rapoport) - pinctrl: at91: make it work with current gpiolib (Thomas Blocher) - scsi: lpfc: Fix overflow build issue (Sherry Yang) - ALSA: hda/realtek - FIxed ALC285 headphone no sound (Kailang Yang) - ALSA: hda/realtek - Fixed ALC256 headphone no sound (Kailang Yang) - ASoC: allow module autoloading for table db1200_pids (Hongbo Li) - ASoC: meson: axg-card: fix 'use-after-free' (Arseniy Krasnov) [Orabug: 37116539] {CVE-2024-46849} - dma-buf: heaps: Fix off-by-one in CMA heap fault handler (T.J. Mercier) [Orabug: 37116545] {CVE-2024-46852} - soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" (Krzysztof Kozlowski) - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (Han Xu) [Orabug: 37116547] {CVE-2024-46853} - net: dpaa: Pad packets to ETH_ZLEN (Sean Anderson) [Orabug: 37116550] {CVE-2024-46854} - netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [Orabug: 37116554] {CVE-2024-46855} - net: ftgmac100: Enable TX interrupt to avoid TX timeout (Jacky Chou) - fou: fix initialization of grc (Muhammad Usama Anjum) [Orabug: 37195062] {CVE-2024-46865} - net/mlx5: Add missing masks and QoS bit masks for scheduling elements (Carolina Jubran) - net/mlx5: Explicitly set scheduling element and TSAR type (Carolina Jubran) - net/mlx5e: Add missing link modes to ptys2ethtool_map (Shahar Shitrit) - igb: Always call igb_xdp_ring_update_tail() under Tx lock (Sriram Yagnaraman) - ice: fix accounting for filters shared by multiple VSIs (Jacob Keller) - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (Patryk Biel) - hwmon: (pmbus) Introduce and use write_byte_data callback (Mårten Lindahl) - selftests/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected() (Michal Luczaj) - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (Andy Shevchenko) - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (FUKAUMI Naoki) - fs/ntfs3: Use kvfree to free memory allocated by kvmalloc (Konstantin Komarov) - net: tighten bad gso csum offset check in virtio_net_hdr (Willem de Bruijn) - minmax: reduce min/max macro expansion in atomisp driver (Lorenzo Stoakes) - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (Quentin Schulz) - mptcp: pm: Fix uaf in __timer_delete_sync (Edward Adam Davis) [Orabug: 37116564] {CVE-2024-46858} - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (Hans de Goede) - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (Hans de Goede) [Orabug: 37116566] {CVE-2024-46859} - NFS: Avoid unnecessary rescanning of the per-server delegation list (Trond Myklebust) - NFSv4: Fix clearing of layout segments in layoutreturn (Trond Myklebust) - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (Takashi Iwai) - drm/msm/adreno: Fix error return if missing firmware-name (Rob Clark) - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (Maximilian Luz) - scripts: kconfig: merge_config: config files: add a trailing newline (Anders Roxell) - HID: multitouch: Add support for GT7868Q (Dmitry Savin) - Input: synaptics - enable SMBus for HP Elitebook 840 G2 (Jonathan Denose) - Input: ads7846 - ratelimit the spi_sync error message (Marek Vasut) - btrfs: update target inode's ctime on unlink (Jeff Layton) - powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (Christophe Leroy) - net: phy: vitesse: repair vsc73xx autonegotiation (Pawel Dembicki) - net: ethernet: use ip_hdrlen() instead of bit shift (Moon Yeounsu) - usbnet: ipheth: fix carrier detection in modes 1 and 4 (Foster Snowhill) - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (Lizhi Xu) [Orabug: 37200925] {CVE-2024-49877} - ocfs2: fix null-ptr-deref when journal load failed. (Julian Sun) [Orabug: 37206096] {CVE-2024-49957} - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (Lizhi Xu) [Orabug: 37206135] {CVE-2024-49965} - ocfs2: cancel dqi_sync_work before freeing oinfo (Joseph Qi) [Orabug: 37206140] {CVE-2024-49966} - ocfs2: fix uninit-value in ocfs2_get_block() (Joseph Qi) - ocfs2: fix the la space leak when unmounting an ocfs2 volume (Heming Zhao) - mm: krealloc: consider spare memory for __GFP_ZERO (Danilo Krummrich) - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (Kemeng Shi) - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (Baokun Li) [Orabug: 37206108] {CVE-2024-49959} - drm: omapdrm: Add missing check for alloc_ordered_workqueue (Ma Ke) [Orabug: 37200934] {CVE-2024-49879} in of_msi_get_domain (Andrew Jones) - parisc: Fix stack start for ADDR_NO_RANDOMIZE personality (Helge Deller) - parisc: Fix 64-bit userspace syscall path (Helge Deller) _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata