Oracle Linux Security Advisory ELSA-2024-12780

http://linux.oracle.com/errata/ELSA-2024-12780.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.336.5.1.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.336.5.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.336.5.1.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.336.5.1.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.336.5.1.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.336.5.1.el7uek.x86_64.rpm

aarch64:
kernel-uek-5.4.17-2136.336.5.1.el7uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.336.5.1.el7uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.336.5.1.el7uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.336.5.1.el7uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.336.5.1.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.336.5.1.el7uek.aarch64.rpm
kernel-uek-tools-libs-5.4.17-2136.336.5.1.el7uek.aarch64.rpm
perf-5.4.17-2136.336.5.1.el7uek.aarch64.rpm
python-perf-5.4.17-2136.336.5.1.el7uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.336.5.1.el7uek.src.rpm

Related CVEs:

CVE-2024-27397
CVE-2024-41012
CVE-2024-41015
CVE-2024-41017
CVE-2024-41020
CVE-2024-41042
CVE-2024-41059
CVE-2024-41063
CVE-2024-41064
CVE-2024-41065
CVE-2024-41068
CVE-2024-41070
CVE-2024-41072
CVE-2024-41081
CVE-2024-41090
CVE-2024-41091
CVE-2024-42131
CVE-2024-42259
CVE-2024-42265
CVE-2024-42271
CVE-2024-42276
CVE-2024-42280
CVE-2024-42281
CVE-2024-42283
CVE-2024-42284
CVE-2024-42285
CVE-2024-42286
CVE-2024-42287
CVE-2024-42288
CVE-2024-42289
CVE-2024-42290
CVE-2024-42292
CVE-2024-42295
CVE-2024-42297
CVE-2024-42301
CVE-2024-42304
CVE-2024-42305
CVE-2024-42306
CVE-2024-42308
CVE-2024-42309
CVE-2024-42310
CVE-2024-42311
CVE-2024-42313
CVE-2024-43829
CVE-2024-43830
CVE-2024-43839
CVE-2024-43841
CVE-2024-43846
CVE-2024-43856
CVE-2024-43858
CVE-2024-43860
CVE-2024-43861
CVE-2024-43867
CVE-2024-43871
CVE-2024-43879
CVE-2024-43880
CVE-2024-43882
CVE-2024-43883
CVE-2024-43890
CVE-2024-43893
CVE-2024-43894
CVE-2024-43908
CVE-2024-43914
CVE-2024-44935
CVE-2024-44944
CVE-2024-44948
CVE-2024-44954
CVE-2024-44960
CVE-2024-44965
CVE-2024-44968
CVE-2024-44969
CVE-2024-46738




Description of changes:

[5.4.17-2136.336.5.1.el7uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang)  [Orabug: 37138988]

[5.4.17-2136.336.5.el7uek]
- uek-rpm: Add skx_edac_common.ko to nano_modules (Sherry Yang)  [Orabug: 37030127]
- EDAC, i10nm: make skx_common.o a separate module (Arnd Bergmann)  [Orabug: 37030127]
- uek-rpm: Integrating the container build in UEK6 (Jack Vogel)  [Orabug: 37021061]
- i40e: Change user notification of non-SFP module in i40e_get_module_info() (Andrii Staikov)  [Orabug: 36988197]
- xsigo: Use NAPI in UD/TX flows for xve (Alok Tiwari)  [Orabug: 35180168]
- xsigo: remove incorrect spin_unlock_irqrestore call in vhba_queuecommand (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Fix slab-out-of-bounds in vhba_create (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Fix memory free issue in dma mapping (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Fix use-after-free n xsvbha for srb *sp (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Fix mtu setting issue in xve netdev (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Add struct ib_mad_send_buf to recv_handler (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Remove tx_outstanding variable from xve xmit (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Add extack argument to dev_change_flags() (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Remove compare_data while calling ib_cm_listen() (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Ignore the return value of "ib_destroy_cq" (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Remove sif_verbs header (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Replace setup_timer with the timer_setup (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Use ib_ud_wr for xve_dev_priv instread of ib_send_wr (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Remove return from register event handler (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Add client_data for struct ib_client remove() (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Replace dev->trans_start update with helper netif_trans_update (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Remove usage of net_device last_rx member from xsigo (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Replace skb_frag page with bv_page in xve (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Use sg_next() to get the next sg instead of SG_NEXT (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Rename ib_init_ah_from_path to ib_init_ah_attr_from_path (Alok Tiwari)  [Orabug: 35180168]
- xsigo: remove pointer dereference for ib_fmr_pool_map_phys (Alok Tiwari)  [Orabug: 35180168]
- xsigo: ib_fmr_pool_map_phys does not need rargs (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Remove ib_sg_dma_address() and ib_sg_dma_len() (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Fix compiling error from xsvbha module (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Remove sg_copy_buffer from vhba_align (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Xve, replace .get_settings with ksettings() (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Remove LRO code from xve module (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Xsvnic, replace .get_settings with ksettings() (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Remove LRO code from xsvnic module (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Change port number from u8 to u32 (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Use frag->bv_offset in place of page_offset (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Rename skb_frag_t size to bv_len (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Fix compiling error due to Constify of ib_cm_event (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Add the $(srctree)/ prefix to xsigo Makefile (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Assign IB_MGMT_BASE_VERSION for ib_create_send_mad (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Assign rdma_ctxs and port_num for struct ib_qp_init_attr (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Use struct ib_cq_init_attr for ib_create_cq() (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Replace max_sge with max_send_sge for xscore_create_qp (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Remove ib_get_dma_mr and ib_dereg_mr (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Replace ib_query_device with callback "ops.query_device" (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Replace ib_query_gid with rdma_query_gid (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Replace ib_modify_cq with rdma_set_cq_moderation (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Assign path record type rec_type for sa_path_rec (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Rename ib_sa_path_rec to sa_path_rec (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Use struct ib_ud_wr ud_wr instead of ib_send_wr (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Replace struct ib_ah_attr with struct rdma_ah_attr (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Rename ib_create_ah and ib_destroy_ah (Alok Tiwari)  [Orabug: 35180168]
- xsigo: Assign const argument for ib_post_send/recv() (Alok Tiwari)  [Orabug: 35180168]
- uek-rpm: add xsigo module in ol7 and ol8 config file (Alok Tiwari)  [Orabug: 35180168]
- Revert "RDMA/core/sa_query: Remove unused function" (Alok Tiwari)  [Orabug: 35180168]
- xve: arm ud tx cq to generate completion interrupts (Ajaykumar Hotchandani)  [Orabug: 28267050] [Orabug: 35180168]
- xscore: add dma address check (Zhu Yanjun)  [Orabug: 27074085] [Orabug: 35180168]
- xsigo: PCA 2.3.1 Compute Node panics in xve_create_arp+430 (Pradeep Gopanapalli)  [Orabug: 26474000] [Orabug: 35180168]
- xsigo: UEK4-master:poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli)  [Orabug: 26199177] [Orabug: 35180168]
- xsigo: Compute node crash on FC failover (Pradeep Gopanapalli)  [Orabug: 25981973] [Orabug: 35180168]
- xsigo: Fix spinlock release in case of error (Pradeep Gopanapalli)  [Orabug: 25779803] [Orabug: 35180168]
- xsigo: Optimize xsvnic module parameters for UEK4 (Pradeep Gopanapalli)  [Orabug: 25779865] [Orabug: 35180168]
- xsigo: Fix crash in accessing xve proc l2 entries (Pradeep Gopanapalli)  [Orabug: 25165085] [Orabug: 35180168]
- xsigo: Fix race in freeing aged Forwarding table entry (Pradeep Gopanapalli)  [Orabug: 25129729] [Orabug: 35180168]
- xsigo: Schedule while uninterruptible (Pradeep Gopanapalli)  [Orabug: 25097469] [Orabug: 35180168]
- xsigo: supported SGE's for LSO QP (Pradeep Gopanapalli)  [Orabug: 25029868] [Orabug: 35180168]
- xsigo: Hardening driver in handling remote QP failures (Pradeep Gopanapalli)  [Orabug: 24929076] [Orabug: 35180168]
- xsigo: send nack codes (Pradeep Gopanapalli)  [Orabug: 24442792] [Orabug: 35180168]
- xsigo: xve driver has excessive messages (Pradeep Gopanapalli)  [Orabug: 24758335] [Orabug: 35180168]
- xsigo: hard LOCKUP in freeing paths (Pradeep Gopanapalli)  [Orabug: 24669507] [Orabug: 35180168]
- xsigo: Crash in xscore_port_num (Pradeep Gopanapalli)  [Orabug: 24760465] [Orabug: 35180168]
- xsigo: Resize uVNIC/PVI CQ size (Pradeep Gopanapalli)  [Orabug: 24765034] [Orabug: 35180168]
- xsigo: Optimizing Transmit completions (Pradeep Gopanapalli)  [Orabug: 24928865] [Orabug: 35180168]
- xsigo: Implementing Jumbo MTU support (Pradeep Gopanapalli)  [Orabug: 24928804] [Orabug: 35180168]
- xsigo: EoiB QP support (Pradeep Gopanapalli)  [Orabug: 24508359] [Orabug: 35180168]
- xsigo: Send Heart Beat Lost Operational state (Pradeep Gopanapalli)  [Orabug: 23032392] [Orabug: 35180168]
- xsigo: SKB Frag cleanup (Pradeep Gopanapalli)  [Orabug: 23514725] [Orabug: 35180168]
- xsigo: Tx_tail goes outof bound (Pradeep Gopanapalli)  [Orabug: 23514725] [Orabug: 35180168]
- xsigo: Fixed Path locking issues (Pradeep Gopanapalli)  [Orabug: 23514725] [Orabug: 35180168]
- Fixed vnic issue after saturn reset (Pradeep Gopanapalli)  [Orabug: 22862488] [Orabug: 35180168]
- uvnic issues (Pradeep Gopanapalli)  [Orabug: 22862488] [Orabug: 35180168]
- Fixed wrongly checked return type Added Debug print (Pradeep Gopanapalli)  [Orabug: 22862488] [Orabug: 35180168]
- Integrate Uvnic functionality into uek-4.1 Revision 8008 (Pradeep Gopanapalli)  [Orabug: 35180168]
- 1) S_IRWXU causing kernel soft crash changing to 0644 (Pradeep Gopanapalli)  [Orabug: 35180168]
- 1) Support vnic for EDR based platform(uVnic) 2) Supported Types now Type 0 (Pradeep Gopanapalli)  [Orabug: 35180168]
- Add Oracle virtual Networking Drivers for uek4 kernel (Pradeep Gopanapalli)  [Orabug: 35180168]

[5.4.17-2136.336.4.el7uek]
- igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li) 
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez)  [Orabug: 37037205] {CVE-2024-46738}
- x86/speculation: Basic IBRS is enabled with AMD Automatic IBRS (Alexandre Chartre)  [Orabug: 37044540]

[5.4.17-2136.336.3.el7uek]
- Compiler Attributes: Add __uninitialized macro (Heiko Carstens) 
- filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 (Long Li) 
- ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai) 
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (Parsa Poorshikhian) 
- LTS tag: v5.4.282 (Sherry Yang) 
- media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" (Sean Young) 
- ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode (Michael Walle) 
- nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli) 
- exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984017] {CVE-2024-43882}
- media: uvcvideo: Use entity get_cur in uvc_ctrl_set (Yunke Cao) 
- arm64: cpufeature: Fix the visibility of compat hwcaps (Amit Daniel Kachhap) 
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953969] {CVE-2024-42259}
- netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896846] {CVE-2024-41042}
- netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug: 36630432] {CVE-2024-27397}
- netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso) 
- kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor) 
- Fix gcc 4.9 build issue in 5.4.y (Jari Ruusu) 
- drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann) 
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach) 
- x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028936] {CVE-2024-44948}
- tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992998] {CVE-2024-43890}
- power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede) 
- power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede) 
- genirq/irqdesc: Honor caller provided affinity in alloc_desc() (Shay Drory) 
- serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993009] {CVE-2024-43893}
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal) 
- ntp: Safeguard against time_constant overflow (Justin Stitt) 
- ntp: Clamp maxerror and esterror to operating range (Justin Stitt) 
- tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37036032] {CVE-2024-44968}
- scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela) 
- usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028988] {CVE-2024-44960}
- USB: serial: debug: do not echo input by default (Marek Marczykowski-Górecki) 
- usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992971] {CVE-2024-43883}
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (Takashi Iwai) 
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (Steven 'Steve' Kendall) 
- ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028957] {CVE-2024-44954}
- drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993014] {CVE-2024-43894}
- spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren) 
- spi: fsl-lpspi: remove unneeded array (Oleksandr Suvorov) 
- bpf: kprobe: remove unused declaring of bpf_kprobe_override (Menglong Dong) 
- i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck) 
- i2c: smbus: Improve handling of stuck alerts (Guenter Roeck) 
- i2c: smbus: Don't filter out duplicate alerts (Corey Minyard) 
- arm64: errata: Expand speculative SSBS workaround (again) (Mark Rutland) 
- arm64: cputype: Add Cortex-A725 definitions (Mark Rutland) 
- arm64: cputype: Add Cortex-X1C definitions (Mark Rutland) 
- arm64: errata: Expand speculative SSBS workaround (Mark Rutland) 
- arm64: errata: Unify speculative SSBS errata logic (Mark Rutland) 
- arm64: cputype: Add Cortex-X925 definitions (Mark Rutland) 
- arm64: cputype: Add Cortex-A720 definitions (Mark Rutland) 
- arm64: cputype: Add Cortex-X3 definitions (Mark Rutland) 
- arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (Mark Rutland) 
- arm64: cputype: Add Neoverse-V3 definitions (Mark Rutland) 
- arm64: cputype: Add Cortex-X4 definitions (Mark Rutland) 
- arm64: Add Neoverse-V2 part (Besar Wicaksono) 
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space (James Morse) 
- ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi) 
- SUNRPC: Fix a race to wake a sync task (Benjamin Coddington) 
- s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029020] {CVE-2024-44969}
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi) 
- media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio) 
- media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda) 
- drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993084] {CVE-2024-43908}
- btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana) 
- wifi: nl80211: don't give key data to userspace (Johannes Berg) 
- udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov) 
- PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori) 
- selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT (Yonghong Song) 
- ACPI: SBS: manage alarm sysfs attribute through psy core (Thomas Weißschuh) 
- ACPI: battery: create alarm sysfs attribute atomically (Thomas Weißschuh) 
- clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Söderlund) 
- md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993127] {CVE-2024-43914}
- net: fec: Stop PPS on driver remove (Csókás, Bence) 
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov) 
- net: linkwatch: use system_unbound_wq (Eric Dumazet) 
- net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983959] {CVE-2024-43861}
- sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993147] {CVE-2024-44935}
- sctp: move hlist_node and hashent out of sctp_ep_common (Xin Long) 
- x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029012] {CVE-2024-44965}
- irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou) 
- genirq: Allow irq_chip registration functions to take a const irq_chip (Marc Zyngier) 
- netfilter: ipset: Add list flush to cancel_gc (Alexander Maltsev) 
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke) 
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai) 
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963808] {CVE-2024-42265}
- HID: wacom: Modify pen IDs (Tatsunosuke Tobita) 
- ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Żenczykowski) 
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (Shahar Shitrit) 
- net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964006] {CVE-2024-42271}
- drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes) 
- drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983979] {CVE-2024-43867}
- remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964537] {CVE-2024-43860}
- remoteproc: imx_rproc: Fix ignoring mapping vdev regions (Dong Aisheng) 
- remoteproc: imx_rproc: ignore mapping vdev regions (Peng Fan) 
- irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964085] {CVE-2024-42290}
- irqchip/imx-irqsteer: Add runtime PM support (Lucas Stach) 
- irqchip/imx-irqsteer: Constify irq_chip struct (Lucas Stach) 
- genirq: Allow the PM device to originate from irq domain (Marc Zyngier) 
- devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983991] {CVE-2024-43871}
- driver core: Cast to (void *) with __force for __percpu pointer (Andy Shevchenko) 
- dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964223] {CVE-2024-42301}
- parport: Standardize use of printmode (Joe Perches) 
to pr_( (Joe Perches) 
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam) 
- PCI: rockchip: Make 'ep-gpios' DT property optional (Chen-Yu Tsai) 
- mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897803] {CVE-2024-42131}
- nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964022] {CVE-2024-42276}
- ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (Pierre-Louis Bossart) 
- ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header (Hans de Goede) 
- ASoC: Intel: Convert to new X86 CPU match macros (Thomas Gleixner) 
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (Al Viro) 
- apparmor: Fix null pointer deref when receiving skb during sock creation (Xiao Liang) 
- mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964032] {CVE-2024-42280}
- bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964038] {CVE-2024-42281}
- net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964044] {CVE-2024-42283}
- tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964047] {CVE-2024-42284}
- net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg) 
- ipv4: Fix incorrect source address in Record Route option (Ido Schimmel) 
- MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT) 
- dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964523] {CVE-2024-43856}
- libbpf: Fix no-args func prototype BTF dumping syntax (Andrii Nakryiko) 
- um: time-travel: fix time-travel-start option (Johannes Berg) 
- jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964530] {CVE-2024-43858}
- kdb: address -Wformat-security warnings (Arnd Bergmann) 
- nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964203] {CVE-2024-42295}
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (WangYuli) 
- Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (Hilda Wu) 
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) 
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) 
- drm/panfrost: Mark simple_ondemand governor as softdep (Dragan Simic) 
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) 
- selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman) 
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964054] {CVE-2024-42285}
- platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang) 
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner) 
- rtc: isl1208: Fix return value of nvmem callbacks (Joy Chakraborty) 
- perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter) 
- perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati) 
- scsi: qla2xxx: validate nvme_local_port correctly (Nilesh Javali) [Orabug: 36964059] {CVE-2024-42286}
- scsi: qla2xxx: Complete command early within lock (Shreyas Deodhar) [Orabug: 36964065] {CVE-2024-42287}
- scsi: qla2xxx: Fix for possible memory corruption (Shreyas Deodhar) [Orabug: 36964070] {CVE-2024-42288}
- scsi: qla2xxx: During vport delete send async logout explicitly (Manish Rangankar) [Orabug: 36964080] {CVE-2024-42289}
- rtc: cmos: Fix return value of nvmem callbacks (Joy Chakraborty) 
- kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 36964092] {CVE-2024-42292}
- decompress_bunzip2: fix rare decompression failure (Ross Lagerwall) 
- ubi: eba: properly rollback inside self_check_eba (Fedor Pchelkin) 
- clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (Bastien Curutchet) 
- f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964213] {CVE-2024-42297}
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (Saurav Kashyap) 
- binder: fix hang of unregistered readers (Carlos Llamas) 
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu) 
- hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) 
- tools/memory-model: Fix bug in lock.cat (Alan Stern) 
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) 
- wifi: mwifiex: Fix interface type change (Rafael Beims) 
- ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964232] {CVE-2024-42304}
- ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964237] {CVE-2024-42305}
- m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati) 
- udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964242] {CVE-2024-42306}
- drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964247] {CVE-2024-42308}
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964253] {CVE-2024-42309}
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964260] {CVE-2024-42310}
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964265] {CVE-2024-42311}
- media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964275] {CVE-2024-42313}
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Joe Hattori) 
- ipv6: take care of scope when choosing the src addr (Nicolas Dichtel) 
- af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du) 
- net: netconsole: Disable target before netpoll cleanup (Breno Leitao) 
- tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao) 
- rtc: interface: Add RTC offset to alarm after fix-up (Csókás, Bence) 
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi) 
- fs/nilfs2: remove some unused macros to tame gcc (Alex Shi) 
- pinctrl: freescale: mxs: Fix refcount of child (Peng Fan) 
- netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013755] {CVE-2024-44944}
- bnxt_re: Fix imm_data endianness (Jack Wang) 
- macintosh/therm_windtunnel: fix module unload. (Nick Bowler) 
- powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman) 
- Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov) 
- RDMA/device: Return error earlier if port in not valid (Leon Romanovsky) 
- mtd: make mtd_test.c a separate module (Arnd Bergmann) 
- ASoC: max98088: Check for clk_prepare_enable() error (Chen Ni) 
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI) 
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky) 
- RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky) 
- Input: qt1050 - handle CHIP_ID reading error (Andrei Lalaev) 
- PCI: Fix resource double counting on remove & rescan (Ilpo Järvinen) 
- SUNRPC: Fixup gss_status tracepoint error output (Benjamin Coddington) 
- sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson) 
- ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara) 
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server. (NeilBrown) 
- mfd: omap-usb-tll: Use struct_size to allocate tll (Javier Carrasco) 
- drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964456] {CVE-2024-43829}
- drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach) 
- perf report: Fix condition in sort__sym_cmp() (Namhyung Kim) 
- leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug: 36964459] {CVE-2024-43830}
- media: renesas: vsp1: Store RPF partition configuration per RPF instance (Laurent Pinchart) 
- media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart) 
- media: uvcvideo: Override default flags (Daniel Schaefer) 
- media: uvcvideo: Allow entity-defined get_info and get_cur (Ricardo Ribalda) 
- saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov) 
- media: imon: Fix race getting ictx->lock (Ricardo Ribalda) 
- media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (Zheng Yejian) 
- USB: move snd_usb_pipe_sanity_check into the USB core (Greg Kroah-Hartman) 
- selftests: forwarding: devlink_lib: Wait for udev events after reloading (Amit Cohen) 
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964480] {CVE-2024-43839}
- wifi: virt_wifi: don't use strlen() in const context (Johannes Berg) 
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (Gaosheng Cui) 
- wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964487] {CVE-2024-43841}
- qed: Improve the stack space of filter_config() (Shai Malin) 
- perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter) 
- perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter) 
- perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (Adrian Hunter) 
- netfilter: nf_tables: rise cap on SELinux secmark context (Pablo Neira Ayuso) 
- net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csókás, Bence) 
- net: fec: Refactor: #define magic constants (Csókás Bence) 
- wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug: 36984010] {CVE-2024-43879}
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (Baochen Qiang) 
- mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984013] {CVE-2024-43880}
- lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964495] {CVE-2024-43846}
- selftests/bpf: Check length of recv in test_sockmap (Geliang Tang) 
- net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined (Guangguan Wang) 
- net/smc: Allow SMC-D 1MB DMB allocations (Stefan Raspl) 
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda) 
- firmware: turris-mox-rwtm: Initialize completion before mailbox (Marek Behún) 
- firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (Marek Behún) 
- m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum) 
- x86/xen: Convert comma to semicolon (Chen Ni) 
- m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen) 
- arm64: dts: amlogic: gx: correct hdmi clocks (Jerome Brunet) 
- arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux (Rafał Miłecki) 
- ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity (Michael Walle) 
- ARM: dts: imx6qdl-kontron-samx6i: fix board reset (Michael Walle) 
- ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset (Michael Walle) 
- ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node (Marco Felsch) 
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman) 
- arm64: dts: qcom: msm8996: specify UFS core_clk frequencies (Dmitry Baryshkov) 
- arm64: dts: qcom: sdm845: add power-domain to UFS PHY (Dmitry Baryshkov) 
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck) 
- hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck) 
- pwm: stm32: Always do lazy disabling (Uwe Kleine-König) 
- hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung) 
- x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) 
- x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Järvinen) 
- x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Järvinen) 
- x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Järvinen) 
- hfsplus: fix to avoid false alarm of circular locking (Chao Yu) 
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih) 
- LTS tag: v5.4.281 (Sherry Yang) 
- tap: add missing verification for short frame (Si-Wei Liu)   [Orabug: 36660755] {CVE-2024-41090}
- tun: add missing verification for short frame (Dongli Zhang)   [Orabug: 36660755] {CVE-2024-41091}
- filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36896789] {CVE-2024-41020} {CVE-2024-41012}
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (Edson Juliano Drosdeck) 
- jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891667] {CVE-2024-41017}
- ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891655] {CVE-2024-41015}
- ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu) 
- ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada) 
- hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896969] {CVE-2024-41059}
- selftests/vDSO: fix clang build errors and warnings (John Hubbard) 
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-König) 
- fs: better handle deep ancestor chains in is_subdir() (Christian Brauner) 
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896994] {CVE-2024-41063}
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (Xingui Yang) 
- powerpc/eeh: avoid possible crash when edev->pdev changes (Ganesh Goudar) [Orabug: 36897003] {CVE-2024-41064}
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897009] {CVE-2024-41065}
- net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang) 
- net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas) 
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang) 
- s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897032] {CVE-2024-41068}
- can: kvaser_usb: fix return value for hif_usb_send_regout (Chen Ni) 
- ASoC: ti: omap-hdmi: Fix too long driver name (Primoz Fiser) 
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config (Jai Luthra) 
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium (Thomas GENTY) 
- Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose) 
- mips: fix compat_sys_lseek syscall (Arnd Bergmann) 
- ALSA: hda/realtek: Add more codec ID to no shutup pins list (Kailang Yang) 
- KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug: 36897048] {CVE-2024-41070}
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897312] {CVE-2024-41072}
- mei: demote client disconnect warning on suspend to debug (Alexander Usyskin) 
- fs/file: fix the check in find_next_fd() (Yuntao Wang) 
- kconfig: remove wrong expr_trans_bool() (Masahiro Yamada) 
- kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada) 
- ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897360] {CVE-2024-41081}
- Input: silead - Always support 10 fingers (Hans de Goede) 
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov) 
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande) 
- ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf) 
- ACPI: EC: Abort address space access upon error (Armin Wolf) 
- scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap) 
- filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874758] {CVE-2024-41012} {CVE-2024-41020}
- gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook)

[5.4.17-2136.336.2.el7uek]
- mm: Only enable HVO under UEK6 for Exadata system (Jane Chu)  [Orabug: 36990830]
- mm: delete redundent old PageCompound() macro (Jane Chu)  [Orabug: 36990830]

[5.4.17-2136.336.1.el7uek]
- mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED (Naoya Horiguchi)  [Orabug: 36947110]
- mm/memory-failure: send SIGBUS in the event of thp split fail (Jane Chu)  [Orabug: 36947110]
- mm/memory-failure: move hwpoison_filter() higher up (Jane Chu)  [Orabug: 36947110]
- mm/memory-failure: improve memory failure action_result messages (Jane Chu)  [Orabug: 36947110]
- mm/madvise: add MF_ACTION_REQUIRED to madvise(MADV_HWPOISON) (Jane Chu)  [Orabug: 36947110]
- mm/memory-failure: try to send SIGBUS even if unmap failed (Jane Chu)  [Orabug: 36947110]
- mm: memory-failure: cleanup try_to_split_thp_page() (Kefeng Wang)  [Orabug: 36947110]
- mm,hwpoison: introduce MF_MSG_UNSPLIT_THP (Naoya Horiguchi)  [Orabug: 36947110]
- KVM/x86: Do not clear SIPI while in SMM (Boris Ostrovsky)  [Orabug: 36401960]


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata