Oracle Linux Security Advisory ELSA-2024-12815

http://linux.oracle.com/errata/ELSA-2024-12815.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:


aarch64:
bpftool-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-302.167.6.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-302.167.6.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-302.167.6.el9uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-302.167.6.el9uek.src.rpm

Related CVEs:

CVE-2023-31083
CVE-2023-52450
CVE-2024-26585
CVE-2024-26987
CVE-2024-36028
CVE-2024-38538
CVE-2024-38577
CVE-2024-39472
CVE-2024-39483
CVE-2024-41009
CVE-2024-41011
CVE-2024-41012
CVE-2024-41015
CVE-2024-41017
CVE-2024-41019
CVE-2024-41020
CVE-2024-41042
CVE-2024-41059
CVE-2024-41060
CVE-2024-41063
CVE-2024-41064
CVE-2024-41065
CVE-2024-41068
CVE-2024-41070
CVE-2024-41072
CVE-2024-41073
CVE-2024-41077
CVE-2024-41078
CVE-2024-41081
CVE-2024-41090
CVE-2024-41091
CVE-2024-41098
CVE-2024-42114
CVE-2024-42126
CVE-2024-42228
CVE-2024-42259
CVE-2024-42265
CVE-2024-42267
CVE-2024-42271
CVE-2024-42276
CVE-2024-42277
CVE-2024-42280
CVE-2024-42281
CVE-2024-42283
CVE-2024-42284
CVE-2024-42285
CVE-2024-42290
CVE-2024-42291
CVE-2024-42292
CVE-2024-42295
CVE-2024-42296
CVE-2024-42297
CVE-2024-42299
CVE-2024-42301
CVE-2024-42302
CVE-2024-42304
CVE-2024-42305
CVE-2024-42306
CVE-2024-42308
CVE-2024-42309
CVE-2024-42310
CVE-2024-42311
CVE-2024-42312
CVE-2024-42313
CVE-2024-42318
CVE-2024-43817
CVE-2024-43821
CVE-2024-43829
CVE-2024-43830
CVE-2024-43834
CVE-2024-43835
CVE-2024-43839
CVE-2024-43841
CVE-2024-43846
CVE-2024-43849
CVE-2024-43853
CVE-2024-43854
CVE-2024-43856
CVE-2024-43858
CVE-2024-43860
CVE-2024-43861
CVE-2024-43863
CVE-2024-43867
CVE-2024-43870
CVE-2024-43871
CVE-2024-43873
CVE-2024-43875
CVE-2024-43879
CVE-2024-43880
CVE-2024-43882
CVE-2024-43883
CVE-2024-43884
CVE-2024-43885
CVE-2024-43889
CVE-2024-43890
CVE-2024-43892
CVE-2024-43893
CVE-2024-43894
CVE-2024-43897
CVE-2024-43902
CVE-2024-43905
CVE-2024-43907
CVE-2024-43908
CVE-2024-43909
CVE-2024-43914
CVE-2024-44934
CVE-2024-44935
CVE-2024-44944
CVE-2024-44946
CVE-2024-44947
CVE-2024-44948
CVE-2024-44954
CVE-2024-44958
CVE-2024-44960
CVE-2024-44965
CVE-2024-44966
CVE-2024-44968
CVE-2024-44969
CVE-2024-44971
CVE-2024-44982
CVE-2024-44983
CVE-2024-44985
CVE-2024-44986
CVE-2024-44987
CVE-2024-44988
CVE-2024-44989
CVE-2024-44990
CVE-2024-44995
CVE-2024-44998
CVE-2024-44999
CVE-2024-45003
CVE-2024-45006
CVE-2024-45007
CVE-2024-45008
CVE-2024-45011
CVE-2024-45016
CVE-2024-45018
CVE-2024-45021
CVE-2024-45025
CVE-2024-45026
CVE-2024-45028
CVE-2024-46673
CVE-2024-46674
CVE-2024-46675
CVE-2024-46676
CVE-2024-46677
CVE-2024-46679
CVE-2024-46685
CVE-2024-46702
CVE-2024-46707
CVE-2024-46713
CVE-2024-46714
CVE-2024-46719
CVE-2024-46721
CVE-2024-46722
CVE-2024-46723
CVE-2024-46724
CVE-2024-46725
CVE-2024-46731
CVE-2024-46732
CVE-2024-46734
CVE-2024-46737
CVE-2024-46739
CVE-2024-46740
CVE-2024-46743
CVE-2024-46744
CVE-2024-46745
CVE-2024-46746
CVE-2024-46747
CVE-2024-46750
CVE-2024-46752
CVE-2024-46755
CVE-2024-46756
CVE-2024-46757
CVE-2024-46758
CVE-2024-46759
CVE-2024-46761
CVE-2024-46763
CVE-2024-46771
CVE-2024-46777
CVE-2024-46780
CVE-2024-46781
CVE-2024-46782
CVE-2024-46783
CVE-2024-46791
CVE-2024-46795
CVE-2024-46798
CVE-2024-46800
CVE-2024-46804
CVE-2024-46805
CVE-2024-46807
CVE-2024-46810
CVE-2024-46814
CVE-2024-46815
CVE-2024-46817
CVE-2024-46818
CVE-2024-46819
CVE-2024-46822
CVE-2024-46828
CVE-2024-46829
CVE-2024-46832
CVE-2024-46839
CVE-2024-46840
CVE-2024-46844
CVE-2024-47663
CVE-2024-47665
CVE-2024-47667
CVE-2024-47668
CVE-2024-47669
CVE-2024-47674
CVE-2024-49863




Description of changes:

[5.15.0-302.167.6.el9uek]
- ice: Add a per-VF limit on number of FDIR filters (Ahmed Zaki)  [Orabug: 36964088]  {CVE-2024-42291}
- scsi: lpfc: Fix a possible null pointer dereference (Huai-Yuan Liu)  [Orabug: 36964437]  {CVE-2024-43821}
- power: reset: pwr-mlxbf: support graceful shutdown (Asmaa Mnebhi)  [Orabug: 37208029]
- gpio: mlxbf3: Support shutdown() function (Asmaa Mnebhi)  [Orabug: 37208029]
- sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() (Liming Sun)  [Orabug: 37208029]
- ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna)  [Orabug: 37199019]
- Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna)  [Orabug: 37199019]

[5.15.0-302.167.5.el9uek]
- mm/hugetlb: fix adjusting poison page flag in non-HVO scenario (Jane Chu)  [Orabug: 37182268]
- x86/bugs: Adjust SRSO mitigation to new features (Boris Ostrovsky)  [Orabug: 37145844]
- net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang)  [Orabug: 37093170]
- NFS: remove revoked delegation from server's delegation list (Dai Ngo)  [Orabug: 36990366]
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov)  [Orabug: 36882937]  {CVE-2023-52450}

[5.15.0-302.167.4.el9uek]
- LTS version: v5.15.167 (Vijayendra Suman) 
- udp: fix receiving fraglist GSO packets (Felix Fietkau) 
- memcg: protect concurrent access to mem_cgroup_idr (Shakeel Butt) [Orabug: 36993003] {CVE-2024-43892}
- btrfs: fix race between direct IO write and fsync when using same fd (Filipe Manana) [Orabug: 37195092] {CVE-2024-46734}
- net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Daniel Borkmann) 
- x86/mm: Fix PTI for i386 some more (Thomas Gleixner) 
- net: drop bad gso csum_start and offset in virtio_net_hdr (Willem de Bruijn) [Orabug: 37195028] {CVE-2024-43897}
- gso: fix dodgy bit handling for GSO_UDP_L4 (Yan Zhai) 
- net: change maximum number of UDP segments to 128 (Yuri Benditovich) 
- net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation (Willem de Bruijn) 
- gpio: rockchip: fix OF node leak in probe() (Krzysztof Kozlowski) 
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko) 
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (Andy Shevchenko) 
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (Matteo Martelli) 
- nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074464] {CVE-2024-46737}
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug: 37116411] {CVE-2024-46822}
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (James Morse) 
- ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron) 
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron) 
- workqueue: Improve scalability of workqueue watchdog touch (Nicholas Piggin) [Orabug: 37116487] {CVE-2024-46839}
- workqueue: wq_watchdog_touch is always called with valid CPU (Nicholas Piggin) 
- nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074676] {CVE-2024-46780}
- nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang) 
- ksmbd: Unlock on in ksmbd_tcp_set_interfaces() (Dan Carpenter) 
- ksmbd: unset the binding mark of a reused connection (Namjae Jeon) [Orabug: 37074716] {CVE-2024-46795}
- perf/aux: Fix AUX buffer serialization (Peter Zijlstra) [Orabug: 37070802] {CVE-2024-46713}
- uprobes: Use kzalloc to allocate xol area (Sven Schnelle) 
- clocksource/drivers/timer-of: Remove percpu irq related code (Daniel Lezcano) 
- clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai) 
- clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai) 
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (Naman Jain) 
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug: 37074472] {CVE-2024-46739}
- nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven) 
- binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074476] {CVE-2024-46740}
- usb: dwc3: core: update LC timer as per USB Spec V3.2 (Faisal Hassan) 
- iio: adc: ad7124: fix chip ID mismatch (Dumitru Ceclan) 
- iio: adc: ad7124: fix config comparison (Dumitru Ceclan) 
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (Matteo Martelli) 
- iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner) 
- staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug: 37159727] {CVE-2024-47663}
- cifs: Check the lease context if we actually got a lease (Ronnie Sahlberg) 
- NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (Trond Myklebust) 
- ata: pata_macio: Use WARN instead of BUG (Michael Ellerman) 
- MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed (Jiaxun Yang) [Orabug: 37116454] {CVE-2024-46832}
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159756] {CVE-2024-47668}
- of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074487] {CVE-2024-46743}
- Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074494] {CVE-2024-46744}
- usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum) 
- Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074502] {CVE-2024-46745}
- HID: amd_sfh: free driver_data after destroying hid device (Olivier Sobrie) [Orabug: 37074507] {CVE-2024-46746}
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074512] {CVE-2024-46747}
- s390/vmlinux.lds.S: Move ro_after_init section behind rodata section (Heiko Carstens) 
- btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba) 
- kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (Zenghui Yu) 
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (Jarkko Nikula) [Orabug: 37159737] {CVE-2024-47665}
- net: dpaa: avoid on-stack arrays of NR_CPUS elements (Vladimir Oltean) 
- PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074530] {CVE-2024-46750}
- riscv: set trap vector earlier (yang.zhang) 
- btrfs: replace BUG_ON() with error handling at update_ref_for_cow() (Filipe Manana) [Orabug: 37074542] {CVE-2024-46752}
- btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116493] {CVE-2024-46840}
- btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik) 
- fs/ntfs3: Check more cases when directory is corrupted (Konstantin Komarov) 
- smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang) 
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074560] {CVE-2024-46755}
- dma-mapping: benchmark: Don't starve others when doing the test (Yicong Yang) 
- ext4: fix possible tid_t sequence overflows (Luis Henriques (SUSE)) 
- drm/amdgpu: Set no_hw_access when VF request full GPU fails (Yifan Zha) 
- libbpf: Add NULL checks to bpf_object__{prev_map,next_map} (Andreas Ziegler) 
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074565] {CVE-2024-46756}
- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074570] {CVE-2024-46757}
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074578] {CVE-2024-46758}
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074583] {CVE-2024-46759}
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074594] {CVE-2024-46761}
- devres: Initialize an uninitialized struct member (Zijun Hu) 
- um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116517] {CVE-2024-46844}
- cgroup: Protect css->cgroup write under css_set_lock (Waiman Long) 
- iommu/vt-d: Handle volatile descriptor status read (Jacob Pan) 
- dm init: Handle minors larger than 255 (Benjamin Marzinski) 
- ASoC: topology: Properly initialize soc_enum values (Amadeusz Sławiński) 
- net: dsa: vsc73xx: fix possible subblocks range of CAPT block (Pawel Dembicki) 
- net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN (Jonas Gorski) 
- fou: Fix null-ptr-deref in GRO. (Kuniyuki Iwashima) [Orabug: 37074606] {CVE-2024-46763}
- gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers (Eric Dumazet) 
- gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers (Eric Dumazet) 
- bareudp: Fix device stats updates. (Guillaume Nault) 
- usbnet: modern method to get random MAC (Oliver Neukum) 
- net: usb: don't write directly to netdev->dev_addr (Jakub Kicinski) 
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (Larysa Zaremba) 
- igc: Unlock on error in igc_io_resume() (Dan Carpenter) 
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074692] {CVE-2024-46783}
- platform/x86: dell-smbios: Fix error path in dell_smbios_init() (Aleksandr Mishin) 
- igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li) 
- can: m_can: Release irq on error in m_can_open (Simon Horman) 
- can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074624] {CVE-2024-46771}
- drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (Marek Olšák) 
- pcmcia: Use resource_size function on resource object (Jules Irenge) 
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni) 
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (Kishon Vijay Abraham I) [Orabug: 37159749] {CVE-2024-47667}
- media: vivid: don't set HDMI TX controls if there are no HDMI outputs (Hans Verkuil) 
- drm/amd/display: Check HDCP returned status (Alex Hung) 
- usb: uas: set host status byte on data completion error (Shantanu Goel) 
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel) 
- leds: spi-byte: Call of_node_put() on error path (Andy Shevchenko) 
- media: vivid: fix wrong sizeimage value for mplane (Hans Verkuil) 
- udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074664] {CVE-2024-46777}
- netfilter: nf_conncount: fix wrong variable type (Yunjian Wang) 
- iommu: sun50i: clear bypass register (Jernej Skrabec) 
- af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima) 
- irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali Rohár) 
- smack: unix sockets: fix accept()ed socket label (Konstantin Andreev) 
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai) 
- mptcp: pm: send ACK on an active subflow (Matthieu Baerts (NGI0)) 
- mptcp: pr_debug: add missing
 at the end (Matthieu Baerts (NGI0)) 
- mptcp: pm: skip connecting to already established sf (Matthieu Baerts (NGI0)) 
- mptcp: pm: do not remove already closed subflows (Matthieu Baerts (NGI0)) 
- mptcp: pm: ADD_ADDR 0 is not a new address (Matthieu Baerts (NGI0)) 
- mptcp: close subflow when receiving TCP+FIN (Matthieu Baerts (NGI0)) 
- mptcp: avoid duplicated SUB_CLOSED events (Matthieu Baerts (NGI0)) 
- mptcp: pm: avoid possible UaF when selecting endp (Matthieu Baerts (NGI0)) 
- mptcp: constify a bunch of of helpers (Paolo Abeni) 
- mptcp: pm: fullmesh: select the right ID later (Matthieu Baerts (NGI0)) 
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (Matthieu Baerts (NGI0)) 
- mptcp: pm: only decrement add_addr_accepted for MPJ req (Matthieu Baerts (NGI0)) 
- mptcp: pm: re-using ID of unused flushed subflows (Matthieu Baerts (NGI0)) 
- nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159764] {CVE-2024-47669}
- nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074683] {CVE-2024-46781}
- sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke Høiland-Jørgensen) [Orabug: 37116442] {CVE-2024-46828}
- ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074688] {CVE-2024-46782}
- tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian) 
- can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (Simon Arlott) [Orabug: 37074711] {CVE-2024-46791}
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (Satya Priya Kakitapalli) 
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (Satya Priya Kakitapalli) 
- fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn) 
- fuse: update stats for pages in dropped aux writeback list (Joanne Koong) 
- mmc: cqhci: Fix checking of CQHCI_HALT state (Seunghwan Baek) 
- mmc: sdhci-of-aspeed: fix module autoloading (Liao Chen) 
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko) 
- Bluetooth: MGMT: Ignore keys being loaded with invalid type (Luiz Augusto von Dentz) 
- Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" (Luiz Augusto von Dentz) 
- nvme-pci: Add sleep quirk for Samsung 990 Evo (Georg Gottleuber) 
- rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116445] {CVE-2024-46829}
- irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() (Ma Ke) 
- ata: libata: Fix memory leak for error path in ata_host_alloc() (Zheng Qixing) 
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (Maximilien Perreault) 
- ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (Terry Cheong) 
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg) 
- KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing (Ravi Bangoria) 
- KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (Maxim Levitsky) 
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin) [Orabug: 37074721] {CVE-2024-46798}
- sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074725] {CVE-2024-46800}
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (Richard Fitzgerald) 
- ext4: handle redirtying in ext4_bio_write_page() (Jan Kara) 
- udf: Limit file size to 4TB (Jan Kara) 
- ext4: reject casefold inode flag without casefold feature (Eric Biggers) 
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (Nikita Kiryushin) [Orabug: 36753533] {CVE-2024-38577}
- virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964473] {CVE-2024-43835}
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (Bob Zhou) [Orabug: 36993065] {CVE-2024-43905}
- media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda) 
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073031] {CVE-2024-46714}
- block: remove the blk_flush_integrity call in blk_integrity_unregister (Christoph Hellwig) 
- wifi: cfg80211: make hash table duplicates more survivable (Johannes Berg) 
- drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (Marek Vasut) [Orabug: 37116336] {CVE-2024-46810}
- drm/meson: plane: Add error handling (Haoran Liu) 
- smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler) 
- usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073064] {CVE-2024-46719}
- usbip: Don't submit special requests twice (Simon Holesch) 
- rcu/nocb: Remove buggy bypass lock contention mitigation (Frederic Weisbecker) 
- ionic: fix potential irq name truncation (Shannon Nelson) 
- RDMA/efa: Properly handle unexpected AQ completions (Michael Margolin) 
- hwspinlock: Introduce hwspin_lock_bust() (Richard Maina) 
- PCI: al: Check IORESOURCE_BUS existence during probe (Aleksandr Mishin) 
- cpufreq: scmi: Avoid overflow of target_freq in fast switch (Jagadeesh Kona) 
- wifi: iwlwifi: remove fw_running op (Shahar S Matityahu) 
- drm/amdgpu: update type of buf size to u32 for eeprom functions (Tao Zhou) 
- drm/amd/pm: check negtive return for table entries (Jesse Zhang) 
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (Jesse Zhang) [Orabug: 37116393] {CVE-2024-46819}
- drm/amd/pm: check specific index for aldebaran (Jesse Zhang) 
- drm/amdgpu: fix the waring dereferencing hive (Jesse Zhang) [Orabug: 37116300] {CVE-2024-46805}
- drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (Ma Jun) 
- apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073077] {CVE-2024-46721}
- drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (Michael Chen) 
- drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073082] {CVE-2024-46722}
- drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073087] {CVE-2024-46723}
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (Ma Jun) [Orabug: 37073093] {CVE-2024-46724}
- drm/amdgpu: Fix out-of-bounds write warning (Ma Jun) [Orabug: 37073098] {CVE-2024-46725}
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (Ma Jun) 
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (Ma Jun) 
- drm/amd/amdgpu: Check tbo resource pointer (Asad Kamal) [Orabug: 37116315] {CVE-2024-46807}
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (Hersen Wu) 
- drm/amd/display: Check msg_id before processing transcation (Alex Hung) [Orabug: 37116360] {CVE-2024-46814}
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116365] {CVE-2024-46815}
- drm/amd/display: Add array index check for hdcp ddc access (Hersen Wu) [Orabug: 37116295] {CVE-2024-46804}
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug: 37116375] {CVE-2024-46817}
- drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116384] {CVE-2024-46818}
- drm/amdgpu: avoid reading vf2pf info size from FB (Zhigang Luo) 
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (Tim Huang) 
- drm/amdgpu: fix uninitialized scalar variable warning (Tim Huang) 
- drm/amd/pm: fix the Out-of-bounds read warning (Jesse Zhang) [Orabug: 37073129] {CVE-2024-46731}
- drm/amd/pm: fix warning using uninitialized value of max_vid_step (Jesse Zhang) 
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (Tim Huang) 
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (Ma Jun) 
- drm/amdgpu: fix overflowed array index read warning (Tim Huang) 
- drm/amd/display: Assign linear_pitch_alignment even for VM (Alvin Lee) [Orabug: 37073135] {CVE-2024-46732}
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun) 
- net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian) 
- dma-debug: avoid deadlock between dma debug vs printk and netconsole (Rik van Riel) 
- i2c: Fix conditional for substituting empty ACPI functions (Richard Fitzgerald) 
- ALSA: hda/conexant: Mute speakers at suspend / shutdown (Takashi Iwai) 
- ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (Takashi Iwai) 
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (Philip Mueller) 
- LTS version: v5.15.166 (Vijayendra Suman) 
- apparmor: fix policy_unpack_test on big endian systems (Guenter Roeck) 
- scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070699] {CVE-2024-46673}
- igc: Fix qbv tx latency by setting gtxoffset (Faizal Rahim) 
- igc: Fix reset adapter logics when tx mode change (Faizal Rahim) 
- phy: zynqmp: Enable reference clock correctly (Sean Anderson) 
- usb: cdnsp: fix for Link TRB with TC (Pawel Laszczak) 
- usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (Pawel Laszczak) 
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu) 
- usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski) 
- usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070704] {CVE-2024-46674}
- usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070709] {CVE-2024-46675}
- usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski) 
- USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian) 
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray) 
- soc: qcom: cmd-db: Map shared memory as WC, not WB (Volodymyr Babchuk) 
- nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070716] {CVE-2024-46676}
- net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet) 
- gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070721] {CVE-2024-46677}
- ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070727] {CVE-2024-46679}
- dmaengine: dw: Add memory bus width verification (Serge Semin) 
- dmaengine: dw: Add peripheral bus width verification (Serge Semin) 
- phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume (Piyush Mehta) 
- phy: xilinx: phy-zynqmp: dynamic clock support for power-save (Piyush Mehta) 
- phy: xilinx: add runtime PM support (Piyush Mehta) 
- PM: runtime: Add DEFINE_RUNTIME_DEV_PM_OPS() macro (Paul Cercueil) 
- PM: core: Add EXPORT[_GPL]_SIMPLE_DEV_PM_OPS macros (Paul Cercueil) 
- PM: core: Remove DEFINE_UNIVERSAL_DEV_PM_OPS() macro (Paul Cercueil) 
- soundwire: stream: fix programming slave ports for non-continous port maps (Krzysztof Kozlowski) 
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964509] {CVE-2024-43853}
- ata: libata-core: Fix null pointer dereference on error (Niklas Cassel) [Orabug: 36897456] {CVE-2024-41098}
- drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867630] {CVE-2024-41011}
- Revert "MIPS: Loongson64: reset: Prioritise firmware service" (Greg Kroah-Hartman) 
- mptcp: sched: check both backup in retrans (Matthieu Baerts (NGI0)) 
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (Haiyang Zhang) 
- wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer) 
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070743] {CVE-2024-46685}
- pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (Huang-Huang Bao) 
- btrfs: run delayed iputs when flushing delalloc (Josef Bacik) 
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898008] {CVE-2024-42228}
(Alexander Lobakin) 
- Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029136] {CVE-2024-45008}
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 35358656] {CVE-2023-31083}
- mm/numa: no task_numa_fault() call if PTE is changed (Zi Yan) 
- mm/numa: no task_numa_fault() call if PMD is changed (Zi Yan) 
- ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai) 
- hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (Javier Carrasco) 
- Revert "drm/amd/display: Validate hw_points_num before using it" (Alex Hung) 
- mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten) 
- KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (Marc Zyngier) [Orabug: 37070792] {CVE-2024-46707}
- cxgb4: add forgotten u64 ivlan cast before shift (Nikolay Kuratov) 
- HID: microsoft: Add rumble support to latest xbox controllers (Siarhei Vishniakou) 
- HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke) 
- MIPS: Loongson64: Set timer mode in cpu-probe (Jiaxun Yang) 
- scsi: core: Fix the return value of scsi_logical_block_count() (Chaotian Jing) 
- Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992975] {CVE-2024-43884}
- mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070690] {CVE-2024-45028}
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (Dmitry Baryshkov) [Orabug: 37029059] {CVE-2024-44982}
- drm/msm/dp: reset the link phy params before link training (Abhinav Kumar) 
- drm/msm/dpu: don't play tricks with debug macros (Dmitry Baryshkov) 
- net: xilinx: axienet: Fix dangling multicast addresses (Sean Anderson) 
- net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson) 
- netfilter: flowtable: validate vlan header (Pablo Neira Ayuso) [Orabug: 37029063] {CVE-2024-44983}
- ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet) [Orabug: 37029066] {CVE-2024-44985}
- ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029068] {CVE-2024-44986}
- ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029075] {CVE-2024-44987}
- netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070659] {CVE-2024-45016}
- net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029081] {CVE-2024-44988}
- net: dsa: mv88e6xxx: replace ATU violation prints with trace points (Vladimir Oltean) 
- net: dsa: mv88e6xxx: read FID when handling ATU violations (Hans J. Schultz) 
- dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp() (Dan Carpenter) 
- ice: fix ICE_LAST_OFFSET formula (Maciej Fijalkowski) 
- bonding: fix xfrm state handling when clearing active slave (Nikolay Aleksandrov) 
- bonding: fix xfrm real_dev null pointer dereference (Nikolay Aleksandrov) [Orabug: 37029084] {CVE-2024-44989}
- bonding: fix null pointer deref in bond_ipsec_offload_ok (Nikolay Aleksandrov) [Orabug: 37029087] {CVE-2024-44990}
- bonding: fix bond_ipsec_offload_ok return type (Nikolay Aleksandrov) 
- ip6_tunnel: Fix broken GRO (Thomas Bogendoerfer) 
- netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior) 
- netfilter: nft_counter: Disable BH in nft_counter_offload_stats(). (Sebastian Andrzej Siewior) 
- kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013760] {CVE-2024-44946}
- tc-testing: don't access non-existent variable on exception (Simon Horman) 
- Bluetooth: SMP: Fix assumption of Central always being Initiator (Luiz Augusto von Dentz) 
- Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz) 
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (Maximilian Luz) 
- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (Long Li) 
- dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka) 
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (Aurelien Jarno) 
- nfsd: make svc_stat per-network namespace instead of global (Josef Bacik) 
- nfsd: remove nfsd_stats, make th_cnt a global counter (Josef Bacik) 
- nfsd: make all of the nfsd stats per-network namespace (Josef Bacik) 
- nfsd: expose /proc/net/sunrpc/nfsd in net namespaces (Josef Bacik) 
- nfsd: rename NFSD_NET_* to NFSD_STATS_* (Josef Bacik) 
- sunrpc: use the struct net as the svc proc private (Josef Bacik) 
- sunrpc: remove ->pg_stats from svc_program (Josef Bacik) 
- sunrpc: pass in the sv_stats struct through svc_create_pooled (Josef Bacik) 
- nfsd: stop setting ->pg_stats for unused stats (Josef Bacik) 
- sunrpc: don't change ->sv_stats if it doesn't exist (Josef Bacik) 
- NFSD: Fix frame size warning in svc_export_parse() (Chuck Lever) 
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (Chuck Lever) 
- NFSD: Refactor the duplicate reply cache shrinker (Chuck Lever) 
- NFSD: Replace nfsd_prune_bucket() (Chuck Lever) 
- NFSD: Rename nfsd_reply_cache_alloc() (Chuck Lever) 
- NFSD: Refactor nfsd_reply_cache_free_locked() (Chuck Lever) 
- nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net (Jeff Layton) 
- nfsd: move reply cache initialization into nfsd startup (Jeff Layton) 
- block: use "unsigned long" for blk_validate_block_size(). (Tetsuo Handa) 
- gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029110] {CVE-2024-44999}
- hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang) 
- nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg) 
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li) 
- irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang) 
- usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati) 
- platform/x86: lg-laptop: fix %s null argument warning (Gergo Koteles) 
- clocksource: Make watchdog and suspend-timing multiplication overflow safe (Adrian Hunter) 
- s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev) 
- openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde) 
- NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown) 
- nvmet-tcp: do not continue for invalid icreq (Hannes Reinecke) 
- net: hns3: add checking for vf id of mailbox (Jian Shen) 
- Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz) 
- usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-König) 
- f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu) 
- btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba) 
- btrfs: change BUG_ON to assertion in tree_move_down() (David Sterba) 
- btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba) 
- btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba) 
- btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba) 
- powerpc/boot: Only free if realloc() succeeds (Michael Ellerman) 
- powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming) 
- parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller) 
- memory: stm32-fmc2-ebi: check regmap_read return value (Christophe Kerello) 
- x86: Increase brk randomness entropy for 64-bit systems (Kees Cook) 
- md: clean up invalid BUG_ON in md_ioctl (Li Nan) 
- netlink: hold nlk->cb_mutex longer in __netlink_dump_start() (Eric Dumazet) 
- clocksource/drivers/arm_global_timer: Guard against division by zero (Martin Blumenstingl) 
- virtiofs: forbid newlines in tags (Stefan Hajnoczi) 
- drm/lima: set gp bus_stop bit before hard reset (Erico Nunes) 
- net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook) 
- media: drivers/media/dvb-core: copy user arrays safely (Philipp Stanner) 
- fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov) 
- media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil) 
- quota: Remove BUG_ON from dqget() (Jan Kara) 
- fuse: fix UAF in rcu pathwalks (Al Viro) 
- afs: fix __afs_break_callback() / afs_drop_open_mmap() race (Al Viro) 
- ext4: do not trim the group with corrupted block bitmap (Baokun Li) 
- nvmet-trace: avoid dereferencing pointer too early (Daniel Wagner) 
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan) 
- memory: tegra: Skip SID programming if SID registers aren't set (Ashish Mhetre) 
- arm64: Fix KASAN random tag seed initialization (Samuel Holland) 
- hwmon: (ltc2992) Avoid division by zero (Antoniu Miclaus) 
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (Chengfeng Ye) 
- wifi: iwlwifi: fw: Fix debugfs command sending (Mukesh Sisodiya) 
- wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit) 
- gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher) 
- scsi: spi: Fix sshdr use (Mike Christie) 
- media: qcom: venus: fix incorrect return value (Hans Verkuil) 
- binfmt_misc: cleanup on filesystem umount (Christian Brauner) 
- staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye) 
- drm/amd/display: Validate hw_points_num before using it (Alex Hung) 
- staging: iio: resolver: ad2s1210: fix use before initialization (David Lechner) 
- media: radio-isa: use dev_name to fill in bus_info (Hans Verkuil) 
- i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (Jarkko Nikula) 
- i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (Jarkko Nikula) 
- s390/smp,mcck: fix early IPI handling (Heiko Carstens) 
- RDMA/rtrs: Fix the problem of variable not initialized fully (Zhu Yanjun) 
- i2c: riic: avoid potential division by zero (Wolfram Sang) 
- wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson) 
- wifi: mac80211: fix BA session teardown race (Johannes Berg) 
- wifi: cfg80211: check wiphy mutex is held for wdev mutex (Johannes Berg) 
- ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb) 
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (Parsa Poorshikhian) 
- net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029097] {CVE-2024-44995}
- net: hns3: fix wrong use of semaphore up (Jie Wang) 
- netfilter: nf_queue: drop packets with cloned unconfirmed conntracks (Florian Westphal) 
- netfilter: flowtable: initialise extack before use (Donald Hunter) [Orabug: 37070666] {CVE-2024-45018}
- netfilter: allow ipv6 fragments to arrive on different devices (Tom Hughes) 
- mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size (Eugene Syromiatnikov) 
- mlxbf_gige: disable RX filters until RX path initialized (David Thompson) 
- net: dsa: vsc73xx: check busy flag in MDIO operations (Pawel Dembicki) 
- net: dsa: vsc73xx: use read_poll_timeout instead delay loop (Pawel Dembicki) 
- net: dsa: vsc73xx: pass value in phy_write operation (Pawel Dembicki) 
- net: axienet: Fix register defines comment description (Radhey Shyam Pandey) 
- atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029103] {CVE-2024-44998}
- net/mlx5e: Correctly report errors for ethtool rx flows (Cosmin Ratiu) 
- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (Faizal Rahim) 
- igc: remove I226 Qbv BaseTime restriction (Muhammad Husaini Zulkifli) 
- igc: Correct the launchtime offset (Muhammad Husaini Zulkifli) 
- s390/uv: Panic for set and remove shared access UVC errors (Claudio Imbrenda) 
- drm/amdgpu/jpeg2: properly set atomics vmid field (Alex Deucher) 
- memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070671] {CVE-2024-45021}
- drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen) 
- btrfs: tree-checker: add dev extent item checks (Qu Wenruo) 
- selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei) 
- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070679] {CVE-2024-45025}
- bitmap: introduce generic optimized bitmap_size() (Alexander Lobakin) 
- btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin) 
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin) 
- fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (Alexander Lobakin) 
- vfs: Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029118] {CVE-2024-45003}
- dm persistent data: fix memory allocation failure (Mikulas Patocka) 
- dm resume: don't return EINVAL when signalled (Khazhismel Kumykov) 
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE (Haibo Xu) 
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug: 37070686] {CVE-2024-45026}
- thunderbolt: Mark XDomain as unplugged when router is removed (Mika Westerberg) [Orabug: 37070774] {CVE-2024-46702}
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug: 37029124] {CVE-2024-45006}
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan José Arboleda) 
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (Lianqin Hu) 
- char: xillybus: Check USB endpoints when probing device (Eli Billauer) [Orabug: 37070649] {CVE-2024-45011}
- char: xillybus: Refine workqueue handling (Eli Billauer) 
- char: xillybus: Don't destroy workqueue from work item running on it (Eli Billauer) [Orabug: 37029128] {CVE-2024-45007}
- fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017950] {CVE-2024-44947}
- LTS version: v5.15.165 (Vijayendra Suman) 
- Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel) 
- media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" (Sean Young) 
- ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode (Michael Walle) 
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Eric Dumazet) [Orabug: 36897690] {CVE-2024-42114}
- binfmt_flat: Fix corruption when not offsetting data start (Kees Cook) [Orabug: 37029015] {CVE-2024-44966}
- usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed. (Chris Wulff) 
- nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli) 
- exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984016] {CVE-2024-43882}
- arm64: cpufeature: Fix the visibility of compat hwcaps (Amit Daniel Kachhap) 
- arm64: dts: qcom: msm8996: correct #clock-cells for QMP PHY nodes (Dmitry Baryshkov) 
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. (Mahesh Salgaonkar) [Orabug: 36897773] {CVE-2024-42126}
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953968] {CVE-2024-42259}
- mptcp: fully established after ADD_ADDR echo on MPJ (Matthieu Baerts (NGI0)) 
- wifi: mac80211: check basic rates validity (Johannes Berg) 
- PCI: dwc: Restore MSI Receiver mask during resume (Jisheng Zhang) 
- net: stmmac: Enable mac_managed_pm phylink config (Shenwei Wang) 
- netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896845] {CVE-2024-41042}
- netfilter: nf_tables: allow clone callbacks to sleep (Florian Westphal) 
- netfilter: nf_tables: bail out if stateful expression provides no .clone (Pablo Neira Ayuso) 
- netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso) 
- tls: fix race between tx work scheduling and socket close (Jakub Kicinski) [Orabug: 36529710] {CVE-2024-26585}
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (Lukas Wunner) [Orabug: 36964228] {CVE-2024-42302}
- btrfs: fix double inode unlock for direct IO sync writes (Filipe Manana) [Orabug: 37195039] {CVE-2024-43885}
- xfs: fix log recovery buffer allocation for the legacy h_size fixup (Christoph Hellwig) [Orabug: 36809257] {CVE-2024-39472}
- btrfs: fix corruption after buffer fault in during direct IO append write (Filipe Manana) 
- selftests: mptcp: join: check backup support in signal endp (Matthieu Baerts (NGI0)) 
- selftests: mptcp: join: validate backup in MPJ (Matthieu Baerts (NGI0)) 
- mptcp: pm: fix backup support in signal endpoints (Matthieu Baerts (NGI0)) 
- mptcp: export local_address (Geliang Tang) 
- mptcp: pm: only set request_bkup flag when sending MP_PRIO (Matthieu Baerts (NGI0)) 
- mptcp: fix bad RCVPRUNED mib accounting (Paolo Abeni) 
- mptcp: mib: count MPJ with backup flag (Matthieu Baerts (NGI0)) 
- mptcp: fix NL PM announced address accounting (Paolo Abeni) 
- mptcp: distinguish rcv vs sent backup flag in requests (Matthieu Baerts (NGI0)) 
- mptcp: sched: check both directions for backup (Matthieu Baerts (NGI0)) 
- drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann) 
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach) 
- sched/smt: Fix unbalance sched_smt_present dec/inc (Yang Yingliang) [Orabug: 37028981] {CVE-2024-44958}
- sched/smt: Introduce sched_smt_present_inc/dec() helper (Yang Yingliang) 
- x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028935] {CVE-2024-44948}
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (Waiman Long) [Orabug: 36992992] {CVE-2024-43889}
- tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992997] {CVE-2024-43890}
- power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede) 
- power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede) 
- genirq/irqdesc: Honor caller provided affinity in alloc_desc() (Shay Drory) 
- irqchip/xilinx: Fix shift out of bounds (Radhey Shyam Pandey) 
- kcov: properly check for softirq context (Andrey Konovalov) 
- serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993008] {CVE-2024-43893}
- timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex() (Thomas Gleixner) 
- ntp: Safeguard against time_constant overflow (Justin Stitt) 
- irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t' (Arseniy Krasnov) 
- irqchip/meson-gpio: support more than 8 channels gpio irq (Qianggui Song) 
- clocksource: Fix brown-bag boolean thinko in cs_watchdog_read() (Paul E. McKenney) 
- clocksource: Scale the watchdog read retries automatically (Feng Tang) 
- torture: Enable clocksource watchdog with "tsc=watchdog" (Paul E. McKenney) 
- clocksource: Reduce the default clocksource_watchdog() retries to 2 (Waiman Long) 
- ntp: Clamp maxerror and esterror to operating range (Justin Stitt) 
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (Jason Wang) 
- tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37195086] {CVE-2024-44968}
- scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela) 
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal) 
- usb: gadget: u_serial: Set start_delayed during suspend (Prashanth K) 
- usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028987] {CVE-2024-44960}
- USB: serial: debug: do not echo input by default (Marek Marczykowski-Górecki) 
- usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992970] {CVE-2024-43883}
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (Takashi Iwai) 
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (Steven 'Steve' Kendall) 
- ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028956] {CVE-2024-44954}
- drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993013] {CVE-2024-43894}
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (Takashi Iwai) 
- spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren) 
- kprobes: Fix to check symbol prefixes correctly (Masami Hiramatsu (Google)) 
- bpf: kprobe: remove unused declaring of bpf_kprobe_override (Menglong Dong) 
- i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck) 
- spi: spidev: Add missing spi_device_id for bh2228fv (Geert Uytterhoeven) 
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (Krzysztof Kozlowski) 
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (Krzysztof Kozlowski) 
- i2c: smbus: Improve handling of stuck alerts (Guenter Roeck) 
- arm64: cputype: Add Cortex-A725 definitions (Mark Rutland) 
- arm64: cputype: Add Cortex-X1C definitions (Mark Rutland) 
- arm64: cputype: Add Cortex-X925 definitions (Mark Rutland) 
- arm64: cputype: Add Cortex-A720 definitions (Mark Rutland) 
- arm64: cputype: Add Cortex-X3 definitions (Mark Rutland) 
- arm64: cputype: Add Neoverse-V3 definitions (Mark Rutland) 
- arm64: cputype: Add Cortex-X4 definitions (Mark Rutland) 
- arm64: barrier: Restore spec_bar() macro (Mark Rutland) 
- arm64: Add Neoverse-V2 part (Besar Wicaksono) 
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space (James Morse) 
- ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi) 
- sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime (Zheng Zucheng) 
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal) 
- profiling: remove profile=sleep support (Tetsuo Handa) 
- SUNRPC: Fix a race to wake a sync task (Benjamin Coddington) 
- s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029019] {CVE-2024-44969}
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi) 
- ext4: fix uninitialized variable in ext4_inlinedir_to_tree (Xiaxi Shen) 
- media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio) 
- media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda) 
- drm/amd/display: Add null checker before passing variables (Alex Hung) [Orabug: 36993047] {CVE-2024-43902}
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (Ma Jun) [Orabug: 36993077] {CVE-2024-43907}
- drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993083] {CVE-2024-43908}
- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (Ma Jun) [Orabug: 36993089] {CVE-2024-43909}
- btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana) 
- wifi: nl80211: don't give key data to userspace (Johannes Berg) 
- udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov) 
- PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori) 
- selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT (Yonghong Song) 
- ACPI: SBS: manage alarm sysfs attribute through psy core (Thomas Weißschuh) 
- ACPI: battery: create alarm sysfs attribute atomically (Thomas Weißschuh) 
- clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Söderlund) 
- md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993126] {CVE-2024-43914}
- md: do not delete safemode_timer in mddev_suspend (Li Nan) 
- rcutorture: Fix rcu_torture_fwd_cb_cr() data race (Paul E. McKenney) 
- net: fec: Stop PPS on driver remove (Csókás, Bence) 
- l2tp: fix lockdep splat (James Chapman) 
- net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (Joe Hattori) [Orabug: 37029031] {CVE-2024-44971}
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov) 
- net: linkwatch: use system_unbound_wq (Eric Dumazet) 
- net: bridge: mcast: wait for previous gc cycles when removing port (Nikolay Aleksandrov) [Orabug: 36993143] {CVE-2024-44934}
- net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983958] {CVE-2024-43861}
- sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993146] {CVE-2024-44935}
- sctp: move hlist_node and hashent out of sctp_ep_common (Xin Long) 
- x86/mm: Fix pti_clone_entry_text() for i386 (Peter Zijlstra) 
- x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029011] {CVE-2024-44965}
- irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou) 
- netfilter: ipset: Add list flush to cancel_gc (Alexander Maltsev) 
- mptcp: fix duplicate data handling (Paolo Abeni) 
- r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY (Heiner Kallweit) 
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke) 
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (Zack Rusin) [Orabug: 36983964] {CVE-2024-43863}
- Revert "ALSA: firewire-lib: operate for period elapse event in process context" (Edmund Raile) 
- Revert "ALSA: firewire-lib: obsolete workqueue for period update" (Edmund Raile) 
- ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (Mavroudis Chatzilazaridis) 
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai) 
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963807] {CVE-2024-42265}
- HID: wacom: Modify pen IDs (Tatsunosuke Tobita) 
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (Patryk Duda) 
- power: supply: bq24190_charger: replace deprecated strncpy with strscpy (Justin Stitt) 
- riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() (Zhe Qiao) [Orabug: 36963814] {CVE-2024-42267}
- ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Żenczykowski) 
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (Shahar Shitrit) 
- net: mvpp2: Don't re-use loop iterator (Dan Carpenter) 
- net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964005] {CVE-2024-42271}
- rtnetlink: Don't ignore IFLA_TARGET_NETNSID when ifname is specified in rtnl_dellink(). (Kuniyuki Iwashima) 
- rtnetlink: enable alt_ifname for setlink/newlink (Florent Fourcot) 
- ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (songxiebing) 
- drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes) 
- drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983978] {CVE-2024-43867}
- MIPS: dts: loongson: Fix ls2k1000-rtc interrupt (Jiaxun Yang) 
- MIPS: dts: loongson: Fix liointc IRQ polarity (Jiaxun Yang) 
- MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a (Jiaxun Yang) 
- MIPS: Loongson64: DTS: Add RTC support to Loongson-2K1000 (Binbin Zhou) 
- remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (Aleksandr Mishin) 
- drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (Wayne Lin) 
- irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964084] {CVE-2024-42290}
- irqchip/imx-irqsteer: Add runtime PM support (Lucas Stach) 
- irqchip/imx-irqsteer: Constify irq_chip struct (Lucas Stach) 
- irqdomain: Fixed unbalanced fwnode get and put (Herve Codina) 
- leds: triggers: Flush pending brightness before activating trigger (Thomas Weißschuh) 
- leds: trigger: Call synchronize_rcu() before calling trig->activate() (Hans de Goede) 
- leds: trigger: Store brightness set by led_trigger_event() (Heiner Kallweit) 
- leds: trigger: Remove unused function led_trigger_rename_static() (Heiner Kallweit) 
- leds: trigger: use RCU to protect the led_cdevs list (Johannes Berg) 
- drivers: soc: xilinx: check return status of get_api_version() (Jay Buddhabhatti) 
- soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver (Michael Tretter) 
- ext4: check the extent status again before inserting delalloc block (Zhang Yi) 
- ext4: factor out a common helper to query extent map (Zhang Yi) 
- ext4: convert to exclusive lock while inserting delalloc extents (Zhang Yi) 
- ext4: refactor ext4_da_map_blocks() (Zhang Yi) 
- ext4: make ext4_es_insert_extent() return void (Baokun Li) 
- sysctl: always initialize i_uid/i_gid (Thomas Weißschuh) [Orabug: 36964269] {CVE-2024-42312}
- arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB (Krishna Kurapati) 
- arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB (Krishna Kurapati) 
- arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings (Dmitry Baryshkov) 
- arm64: dts: qcom: msm8998: drop USB PHY clock index (Johan Hovold) 
- arm64: dts: qcom: msm8996: Move '#clock-cells' to QMP PHY child node (Shawn Guo) 
- powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC (Esben Haabendal) 
- fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (Seth Forshee (DigitalOcean)) 
- nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964021] {CVE-2024-42276}
- nvme: separate command prep and issue (Jens Axboe) 
- nvme: split command copy into a helper (Jens Axboe) 
- iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (Artem Chernyshev) [Orabug: 36964025] {CVE-2024-42277}
- ceph: fix incorrect kmalloc size of pagevec mempool (ethanwu) 
- ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (Pierre-Louis Bossart) 
- spi: spidev: add correct compatible for Rohm BH2228FV (Conor Dooley) 
- spi: spidev: order compatibles alphabetically (Krzysztof Kozlowski) 
- spidev: Add Silicon Labs EM3581 device compatible (Vincent Tremblay) 
- spi: spidev: Replace OF specific code by device property API (Andy Shevchenko) 
- spi: spidev: Replace ACPI specific code by device_get_match_data() (Andy Shevchenko) 
- spi: spidev: Make probe to fail early if a spidev compatible is used (Javier Martinez Canillas) 
- lirc: rc_dev_get_from_fd(): fix file leak (Al Viro) 
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (Al Viro) 
- apparmor: Fix null pointer deref when receiving skb during sock creation (Xiao Liang) 
- mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964031] {CVE-2024-42280}
- bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964037] {CVE-2024-42281}
- net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964043] {CVE-2024-42283}
- net: stmmac: Correct byte order of perfect_match (Simon Horman) 
- tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964046] {CVE-2024-42284}
- netfilter: nft_set_pipapo_avx2: disable softinterrupts (Florian Westphal) 
- net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg) 
- ipv4: Fix incorrect source address in Record Route option (Ido Schimmel) 
- MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT) 
- bpf, events: Use prog to emit ksymbol event for main program (Hou Tao) 
- dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964522] {CVE-2024-43856}
- libbpf: Fix no-args func prototype BTF dumping syntax (Andrii Nakryiko) 
- um: time-travel: fix signal blocking race/hang (Johannes Berg) 
- um: time-travel: fix time-travel-start option (Johannes Berg) 
- phy: cadence-torrent: Check return value on register read (Ma Ke) 
- dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (Vignesh Raghavendra) 
- jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964529] {CVE-2024-43858}
- kdb: address -Wformat-security warnings (Arnd Bergmann) 
- kernel: rerun task_work while freezing in get_signal() (Pavel Begunkov) 
- io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) 
- nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964202] {CVE-2024-42295}
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (WangYuli) 
- Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (Hilda Wu) 
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) 
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) 
- drm/panfrost: Mark simple_ondemand governor as softdep (Dragan Simic) 
- MIPS: Loongson64: Test register availability before use (Jiaxun Yang) 
- MIPS: Loongson64: reset: Prioritise firmware service (Jiaxun Yang) 
- MIPS: Loongson64: Remove memory node for builtin-dtb (Jiaxun Yang) 
- MIPS: Loongson64: env: Hook up Loongsson-2K (Jiaxun Yang) 
- MIPS: dts: loongson: Fix GMAC phy node (Jiaxun Yang) 
- MIPS: ip30: ip30-console: Add missing include (Jiaxun Yang) 
- remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964536] {CVE-2024-43860}
- remoteproc: stm32_rproc: Fix mailbox interrupts queuing (Gwenael Treuveur) 
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) 
- selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman) 
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964053] {CVE-2024-42285}
- platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang) 
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner) 
- rtc: isl1208: Fix return value of nvmem callbacks (Joy Chakraborty) 
- drm/i915/dp: Reset intel_dp->link_trained before retraining the link (Imre Deak) 
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (Alex Deucher) 
- drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (Nitin Gote) 
- perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter) 
- perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati) 
- perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (Kan Liang) 
- perf: Fix event leak upon exit (Frederic Weisbecker) [Orabug: 36983986] {CVE-2024-43870}
- rtc: cmos: Fix return value of nvmem callbacks (Joy Chakraborty) 
- mm/numa_balancing: teach mpol_to_str about the balancing mode (Tvrtko Ursulin) 
- devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983990] {CVE-2024-43871}
- devres: Fix devm_krealloc() wasting memory (Zijun Hu) 
- gve: Fix an edge case for TSO skb validity check (Bailey Forrest) 
- kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 37203371] {CVE-2024-42292}
- kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor) 
- decompress_bunzip2: fix rare decompression failure (Ross Lagerwall) 
- ubi: eba: properly rollback inside self_check_eba (Fedor Pchelkin) 
- clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (Bastien Curutchet) 
- fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed (Huacai Chen) [Orabug: 36964218] {CVE-2024-42299}
- dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964222] {CVE-2024-42301}
- binder: fix hang of unregistered readers (Carlos Llamas) 
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam) 
- PCI: dw-rockchip: Fix initial PERST# GPIO value (Niklas Cassel) 
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu) 
- hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) 
- tools/memory-model: Fix bug in lock.cat (Alan Stern) 
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (wangdicheng) 
- ALSA: usb-audio: Move HD Webcam quirk to the right place (Takashi Iwai) 
- ALSA: usb-audio: Fix microphone sound on HD webcam. (wangdicheng) 
- KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (Sean Christopherson) 
- media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda) 
- jbd2: make jbd2_journal_get_max_txn_bufs() internal (Jan Kara) 
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) 
- wifi: mwifiex: Fix interface type change (Rafael Beims) 
- selftests/landlock: Add cred_transfer test (Mickaël Salaün) 
- io_uring: tighten task exit cancellations (Pavel Begunkov) 
- ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964231] {CVE-2024-42304}
- ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964236] {CVE-2024-42305}
- m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati) 
- udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964241] {CVE-2024-42306}
- task_work: Introduce task_work_cancel() again (Frederic Weisbecker) 
- task_work: s/task_work_cancel()/task_work_cancel_func()/ (Frederic Weisbecker) 
- apparmor: use kvfree_sensitive to free data->data (Fedor Pchelkin) 
- sched/fair: Use all little CPUs for CPU-bound workloads (Pierre Gondois) 
- drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964246] {CVE-2024-42308}
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964252] {CVE-2024-42309}
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964258] {CVE-2024-42310}
- ext2: Verify bitmap and itable block numbers before using them (Jan Kara) 
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964264] {CVE-2024-42311}
- ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (Igor Pylypiv) 
- media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964274] {CVE-2024-42313}
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Joe Hattori) 
- fuse: verify {g,u}id mount options correctly (Eric Sandeen) 
- sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks (Tejun Heo) 
- ipv6: take care of scope when choosing the src addr (Nicolas Dichtel) 
- af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du) 
- net: netconsole: Disable target before netpoll cleanup (Breno Leitao) 
- tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao) 
- dt-bindings: thermal: correct thermal zone node name limit (Krzysztof Kozlowski) 
- mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer (Tetsuo Handa) 
- mm/hugetlb: fix possible recursive locking detected warning (Miaohe Lin) 
- landlock: Don't lose track of restrictions on cred_transfer (Jann Horn) [Orabug: 36964283] {CVE-2024-42318}
- fs/ntfs3: Missed error return (Konstantin Komarov) 
- rtc: interface: Add RTC offset to alarm after fix-up (Csókás, Bence) 
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi) 
- fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP (David Hildenbrand) 
- fs/ntfs3: Fix field-spanning write in INDEX_HDR (Konstantin Komarov) 
- fs/ntfs3: Replace inode_trylock with inode_lock (Konstantin Komarov) 
- pinctrl: freescale: mxs: Fix refcount of child (Peng Fan) 
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) 
- pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-König) 
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) 
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) 
- pinctrl: rockchip: update rk3308 iomux routes (Dmitry Yashin) 
- fs/ntfs3: Fix getting file type (Konstantin Komarov) 
- fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting (Konstantin Komarov) 
- fs/ntfs3: Fix transform resident to nonresident for compressed files (Konstantin Komarov) 
- fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT (Konstantin Komarov) 
- fs/ntfs3: Use ALIGN kernel macro (Konstantin Komarov) 
- net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports (Martin Willi) 
- net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports (Martin Willi) 
- netfilter: nf_set_pipapo: fix initial map fill (Florian Westphal) 
- netfilter: nft_set_pipapo: constify lookup fn args where possible (Florian Westphal) 
- netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013754] {CVE-2024-44944}
- bnxt_re: Fix imm_data endianness (Jack Wang) 
- RDMA/hns: Fix insufficient extend DB for VFs. (Chengchang Tang) 
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (Chengchang Tang) 
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (Chengchang Tang) 
- macintosh/therm_windtunnel: fix module unload. (Nick Bowler) 
- powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman) 
- net: missing check virtio (Denis Arefev) [Orabug: 36964424] {CVE-2024-43817}
- vhost/vsock: always initialize seqpacket_allow (Michael S. Tsirkin) [Orabug: 36983999] {CVE-2024-43873}
- PCI: endpoint: Clean up error handling in vpci_scan_bus() (Dan Carpenter) [Orabug: 36984004] {CVE-2024-43875}
- Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov) 
- RDMA/device: Return error earlier if port in not valid (Leon Romanovsky) 
- mtd: make mtd_test.c a separate module (Arnd Bergmann) 
- ASoC: max98088: Check for clk_prepare_enable() error (Chen Ni) 
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI) 
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky) 
- RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky) 
- Input: qt1050 - handle CHIP_ID reading error (Andrei Lalaev) 
- RDMA/cache: Release GID table even if leak is detected (Leon Romanovsky) 
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (Chiara Meiohas) 
- coresight: Fix ref leak when of_coresight_parse_endpoint() fails (James Clark) 
- clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (Taniya Das) 
- clk: qcom: branch: Add helper functions for setting retain bits (Konrad Dybcio) 
- PCI: Fix resource double counting on remove & rescan (Ilpo Järvinen) 
- SUNRPC: Fixup gss_status tracepoint error output (Benjamin Coddington) 
- sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson) 
- ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara) 
- ext4: don't track ranges in fast_commit if inode has inlined data (Luis Henriques (SUSE)) 
- ext4: return early for non-eligible fast_commit track events (Ritesh Harjani) 
- NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (Olga Kornievskaia) 
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server. (NeilBrown) 
- xprtrdma: Fix rpcrdma_reqs_reset() (Chuck Lever) 
- mfd: omap-usb-tll: Use struct_size to allocate tll (Javier Carrasco) 
- mfd: rsmu: Split core code into separate module (Arnd Bergmann) 
- perf intel-pt: Fix exclude_guest setting (Adrian Hunter) 
- perf intel-pt: Fix aux_watermark calculation for 64-bit size (Adrian Hunter) 
- media: venus: flush all buffers in output plane streamoff (Dikshita Agarwal) 
- ext4: fix infinite loop when replaying fast_commit (Luis Henriques (SUSE)) 
- Revert "leds: led-core: Fix refcount leak in of_led_get()" (Luca Ceresoli) 
- drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964455] {CVE-2024-43829}
- drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach) 
- perf report: Fix condition in sort__sym_cmp() (Namhyung Kim) 
- leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug: 36964458] {CVE-2024-43830}
- drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (Hsiao Chien Sung) 
- drm/mediatek: Add missing plane settings when async update (Hsiao Chien Sung) 
- media: renesas: vsp1: Store RPF partition configuration per RPF instance (Laurent Pinchart) 
- media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart) 
- media: uvcvideo: Override default flags (Daniel Schaefer) 
- saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov) 
- media: i2c: Fix imx412 exposure control (Bryan O'Donoghue) 
- media: imon: Fix race getting ictx->lock (Ricardo Ribalda) 
- media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (Zheng Yejian) 
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (Douglas Anderson) 
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (Douglas Anderson) 
- drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (Friedrich Vock) 
- drm/amd/pm: Fix aldebaran pcie speed reporting (Lijo Lazar) 
- xdp: fix invalid wait context of page_pool_destroy() (Taehee Yoo) [Orabug: 36964469] {CVE-2024-43834}
- selftests: forwarding: devlink_lib: Wait for udev events after reloading (Amit Cohen) 
- bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o (Alan Maguire) 
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964479] {CVE-2024-43839}
- bpf: annotate BTF show functions with __printf (Alan Maguire) 
- selftests/bpf: Close fd in error path in drop_on_reuseport (Geliang Tang) 
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (John Stultz) 
- wifi: virt_wifi: don't use strlen() in const context (Johannes Berg) 
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (Gaosheng Cui) 
- wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964486] {CVE-2024-43841}
- perf: Fix default aux_watermark calculation (Adrian Hunter) 
- perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter) 
- perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter) 
- perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (Adrian Hunter) 
- netfilter: nf_tables: rise cap on SELinux secmark context (Pablo Neira Ayuso) 
- libbpf: Checking the btf_type kind when fixing variable offsets (Donglin Peng) 
- net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csókás, Bence) 
- net: fec: Refactor: #define magic constants (Csókás Bence) 
- wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug: 36984009] {CVE-2024-43879}
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (Baochen Qiang) 
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (Baochen Qiang) 
- mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors (Ido Schimmel) 
- mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984012] {CVE-2024-43880}
- lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964494] {CVE-2024-43846}
- selftests/bpf: Check length of recv in test_sockmap (Geliang Tang) 
- net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined (Guangguan Wang) 
- tcp: fix races in tcp_v[46]_err() (Eric Dumazet) 
- tcp: fix race in tcp_write_err() (Eric Dumazet) 
- tcp: add tcp_done_with_error() helper (Eric Dumazet) 
- tcp: annotate lockless access to sk->sk_err (Eric Dumazet) 
- tcp: annotate lockless accesses to sk->sk_err_soft (Eric Dumazet) 
- net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP (Hagar Hemdan) 
- selftests/bpf: Fix prog numbers in test_sockmap (Geliang Tang) 
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda) 
- firmware: turris-mox-rwtm: Initialize completion before mailbox (Marek Behún) 
- firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (Marek Behún) 
- firmware: turris-mox-rwtm: Do not complete if there are no waiters (Marek Behún) 
- vmlinux.lds.h: catch .bss..L* sections into BSS") (Christophe Leroy) 
- ARM: spitz: fix GPIO assignment for backlight (Dmitry Torokhov) 
- ARM: pxa: spitz: use gpio descriptors for audio (Arnd Bergmann) 
- m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum) 
- x86/xen: Convert comma to semicolon (Chen Ni) 
- m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen) 
- arm64: dts: amlogic: gx: correct hdmi clocks (Jerome Brunet) 
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 (Chen-Yu Tsai) 
- arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux (Rafał Miłecki) 
- arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property (Chen-Yu Tsai) 
- ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity (Michael Walle) 
- ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects (Michael Walle) 
- ARM: dts: imx6qdl-kontron-samx6i: fix board reset (Michael Walle) 
- ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset (Michael Walle) 
- ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node (Marco Felsch) 
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman) 
- soc: qcom: pdr: fix parsing of domains lists (Dmitry Baryshkov) 
- soc: qcom: pdr: protect locator_addr with the main mutex (Dmitry Baryshkov) [Orabug: 36964502] {CVE-2024-43849}
- memory: fsl_ifc: Make FSL_IFC config visible and selectable (Esben Haabendal) 
- arm64: dts: qcom: msm8996: specify UFS core_clk frequencies (Dmitry Baryshkov) 
- soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers (Stephen Boyd) 
- arm64: dts: qcom: sm8250: add power-domain to UFS PHY (Dmitry Baryshkov) 
- arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings (Dmitry Baryshkov) 
- arm64: dts: qcom: sdm845: add power-domain to UFS PHY (Dmitry Baryshkov) 
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck) 
- hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck) 
- drm/meson: fix canvas release in bind function (Yao Zi) 
- pwm: stm32: Always do lazy disabling (Uwe Kleine-König) 
- hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung) 
- x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen) 
- x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Järvinen) 
- x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Järvinen) 
- x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Järvinen) 
- hfsplus: fix to avoid false alarm of circular locking (Chao Yu) 
- block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964514] {CVE-2024-43854}
- block: cleanup bio_integrity_prep (Jinyoung Choi) 
- block: refactor to use helper (Nitesh Shetty) 
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih) 
- f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964212] {CVE-2024-42297}
- f2fs: fix return value of f2fs_convert_inline_inode() (Chao Yu) [Orabug: 36964207] {CVE-2024-42296}
- LTS version: v5.15.164 (Vijayendra Suman) 
- tap: add missing verification for short frame (Si-Wei Liu)   [Orabug: 36879156] {CVE-2024-41090}
- tun: add missing verification for short frame (Dongli Zhang)   [Orabug: 36879156] {CVE-2024-41091}
- wifi: rt2x00: use explicitly signed or unsigned types (Jason A. Donenfeld) 
- filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36874755] {CVE-2024-41012} {CVE-2024-41020}
- ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused (Shengjiu Wang) 
- arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB (Krishna Kurapati) 
- arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB (Krishna Kurapati) 
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (Seunghun Han) 
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (Edson Juliano Drosdeck) 
- fs/ntfs3: Validate ff offset (lei lu) [Orabug: 36891672] {CVE-2024-41019}
- jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891666] {CVE-2024-41017}
- ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891654] {CVE-2024-41015}
- Add gitignore file for samples/fanotify/ subdirectory (Linus Torvalds) 
- docs: Fix formatting of literal sections in fanotify docs (Gabriel Krisman Bertazi) 
- samples: Make fs-monitor depend on libc and headers (Gabriel Krisman Bertazi) 
- samples: Add fs error monitoring example (Gabriel Krisman Bertazi) 
- wifi: mac80211: disable softirqs for queued frame handling (Johannes Berg) 
- mm/damon/core: merge regions aggressively when max_nr_regions is unmet (SeongJae Park) 
- minmax: relax check to allow comparison between unsigned arguments and signed constants (David Laight) 
- minmax: allow comparisons of 'int' against 'unsigned char/short' (David Laight) 
- minmax: allow min()/max()/clamp() if the arguments have the same signedness. (David Laight) 
- minmax: fix header inclusions (Andy Shevchenko) 
- minmax: clamp more efficiently by avoiding extra comparison (Jason A. Donenfeld) 
- minmax: sanity check constant bounds when clamping (Jason A. Donenfeld) 
- tracing: Define the is_signed_type() macro once (Bart Van Assche) 
- spi: mux: set ctlr->bits_per_word_mask (David Lechner) 
- hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896968] {CVE-2024-41059}
- selftests/vDSO: fix clang build errors and warnings (John Hubbard) 
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-König) 
- riscv: stacktrace: fix usage of ftrace_graph_ret_addr() (Puranjay Mohan) 
- fs: better handle deep ancestor chains in is_subdir() (Christian Brauner) 
- drm/radeon: check bo_va->bo is non-NULL before using it (Pierre-Eric Pelloux-Prayer) [Orabug: 36896974] {CVE-2024-41060}
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896993] {CVE-2024-41063}
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (Xingui Yang) 
- powerpc/eeh: avoid possible crash when edev->pdev changes (Ganesh Goudar) [Orabug: 36897001] {CVE-2024-41064}
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897008] {CVE-2024-41065}
- net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang) 
- net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas) 
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang) 
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (Aivaz Latypov) 
- btrfs: qgroup: fix quota root leak after quota disable failure (Filipe Manana) [Orabug: 36897343] {CVE-2024-41078}
- platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (Armin Wolf) 
- platform/x86: lg-laptop: Change ACPI device id (Armin Wolf) 
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (Armin Wolf) 
- platform/x86: wireless-hotkey: Add support for LG Airplane Button (Armin Wolf) 
- s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897031] {CVE-2024-41068}
- can: kvaser_usb: fix return value for hif_usb_send_regout (Chen Ni) 
- ASoC: ti: omap-hdmi: Fix too long driver name (Primoz Fiser) 
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config (Jai Luthra) 
- ALSA: dmaengine: Synchronize dma channel after drop() (Jai Luthra) 
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium (Thomas GENTY) 
- Input: i8042 - add Ayaneo Kun to i8042 quirk table (Tobias Jakobi) 
- Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose) 
- mips: fix compat_sys_lseek syscall (Arnd Bergmann) 
- ALSA: hda/realtek: Add more codec ID to no shutup pins list (Kailang Yang) 
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (Alexey Makhalov) 
- KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug: 36897047] {CVE-2024-41070}
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897311] {CVE-2024-41072}
- nvme: avoid double free special payload (Chunguang Xu) [Orabug: 36897316] {CVE-2024-41073}
- mei: demote client disconnect warning on suspend to debug (Alexander Usyskin) 
- fs/file: fix the check in find_next_fd() (Yuntao Wang) 
- kconfig: remove wrong expr_trans_bool() (Masahiro Yamada) 
- kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada) 
- null_blk: fix validation of block size (Andreas Hindborg) [Orabug: 36897338] {CVE-2024-41077}
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (Wei Li) 
- ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897359] {CVE-2024-41081}
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (Eric Dumazet) 
- Input: silead - Always support 10 fingers (Hans de Goede) 
- selftests/openat2: Fix build warnings on ppc64 (Michael Ellerman) 
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov) 
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (Ayala Beker) 
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (Yedidya Benshimol) 
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (Yedidya Benshimol) 
- wifi: mac80211: handle tasklet frames before stopping (Johannes Berg) 
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande) 
- tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (Dhananjay Ugwekar) 
- ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf) 
- ACPI: EC: Abort address space access upon error (Armin Wolf) 
- scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap) 
- scsi: qedf: Wait for stag work during unload (Saurav Kashyap) 
- scsi: qedf: Don't process stag work during unload and recovery (Saurav Kashyap) 
- scsi: core: alua: I/O errors for ALUA state transitions (Martin Wilck) 
- scsi: core: Fix a use-after-free (Bart Van Assche) 
- bpf: Fix overrunning reservations in ringbuf (Daniel Borkmann) [Orabug: 36850238] {CVE-2024-41009}
- ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu) 
- ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada) 
- filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874755] {CVE-2024-41012} {CVE-2024-41020}
- gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook)

[5.15.0-302.163.3.el9uek]
- uek-rpm: T93: Enable CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER (Thomas Tai)  [Orabug: 37174880]
- mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds)  [Orabug: 37174198]  {CVE-2024-47674}
- rds/ib: Count memory consumed by rds_page_frag (Hans Westgaard Ry)  [Orabug: 37162157]
- uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME properly in embedded kernels (Dave Kleikamp)  [Orabug: 37160327]
- fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna)  [Orabug: 37156522]
- Revert "Documentation/admin-guide/acpi: Move information out of shell script comments" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "irqchip/gic-v3: Move partition_create_desc() work to a helper" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "irqchip/gic: Collect GIC_IRQ_TYPE definitions into one place" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "ACPI / irq: Allow a compile-time arg0 for acpi_register_gsi()'s fwspec" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "irqchip/gic, gic-v3: Translate fwspec for DT and ACPI systems in the same way" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "ACPI / PPTT: Provide a helper to walk processor containers" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "ACPI / PPTT: Add a helper to build a cpumask from a cpu_node" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "irqchip/gic-v3: Print DT partitions in the same way as APCI" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "irqchip/gic-v3: Build PPI partitions on ACPI systems" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "irqchip/gic-v3: select and translate the partition domain" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "ACPI / irq: Add acpi_register_partitioned_percpu_gsi()" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "ACPI / PPTT: Find PPTT cache level by ID" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "ACPI / PPTT: Add a helper to fill a cpumask from a processor container" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "ACPI / PPTT: Add a helper to fill a cpumask from a cache_id" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "drivers: base: cacheinfo: Check per_cpu_cacheinfo() is allocated" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "drivers: base: cacheinfo: Add helper to find the cache size from cpu+level" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "cacheinfo: Allow for >32-bit cache 'id'" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "cacheinfo: Set cache 'id' based on DT data" (Dave Kleikamp)  [Orabug: 37144820]
- Revert "cacheinfo: Expose the code to generate a cache-id from a device_node" (Dave Kleikamp)  [Orabug: 37144820]
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (Kim Phillips)  [Orabug: 37126702]
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (Kim Phillips)  [Orabug: 37126702]
- x86/cpu, kvm: Add the Null Selector Clears Base feature (Kim Phillips)  [Orabug: 37126702]
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (Kim Phillips)  [Orabug: 37126702]
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (Kim Phillips)  [Orabug: 37126702]
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (Kim Phillips)  [Orabug: 37126702]
- KVM: x86: Advertise that the SMM_CTL MSR is not supported (Jim Mattson)  [Orabug: 37126702]
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (Paolo Bonzini)  [Orabug: 37126702]
- KVM: x86: skip host CPUID call for hypervisor leaves (Paolo Bonzini)  [Orabug: 37126702]
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini)  [Orabug: 37126702]
- amd_hsmp: Update PwrEfficiencyModeSelection message (Suma Hegde)  [Orabug: 37123833]
- amd_hsmp: Add support for new error codes returned from firmware (Suma Hegde)  [Orabug: 37123833]
- amd_hsmp: Add new HSMP messages of protocol version 7 (Suma Hegde)  [Orabug: 37123833]
- IB/mlx5: Fix mlx5_ib_get_vector_irqn() after dynamic IRQ allocation change (Gerd Rausch)  [Orabug: 37069671]
- arm64: kdump: increase crashkernel reservation size for crashkernel=auto (Brian Maly)  [Orabug: 36949800]
- rds: Support rds-pings with payload (HÃ¥kon Bugge)  [Orabug: 36847470]
- mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin)  [Orabug: 36683092]  {CVE-2024-36028}
- mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled (Miaohe Lin)  [Orabug: 36597930]  {CVE-2024-26987}

[5.15.0-302.163.2.el9uek]
- uek: kabi: Introduce APIs to hide/fake inclusion of headers (Saeed Mirzamohammadi)  [Orabug: 37144803]
- uek-rpm: Enable config for Mediatek mt7915E wireless driver (Saeed Mirzamohammadi)  [Orabug: 37123534]
- uek-rpm: Update the x86 kABI files for new symbol (Yifei Liu)  [Orabug: 37108651]
- KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (Sean Christopherson)  [Orabug: 36809298]  {CVE-2024-39483}
- net: bridge: xmit: make sure we have at least eth header len bytes (Nikolay Aleksandrov)  [Orabug: 36753371]  {CVE-2024-38538}
- net: add pskb_may_pull_reason() helper (Eric Dumazet)  [Orabug: 36753371]  {CVE-2024-38538}

[5.15.0-302.163.1.el9uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang)  [Orabug: 37035557] {CVE-2024-49863}
- kpcimgr: Add dynamic memory region allocation feature (Joe Dobosenski)  [Orabug: 36983477]


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle9: ELSA-2024-12815: kernel Important Security Advisory Updates

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

[5.15.0-302.167.6.el9uek] - ice: Add a per-VF limit on number of FDIR filters (Ahmed Zaki) [Orabug: 36964088] {CVE-2024-42291} - scsi: lpfc: Fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36964437] {CVE-2024-43821} - power: reset: pwr-mlxbf: support graceful shutdown (Asmaa Mnebhi) [Orabug: 37208029] - gpio: mlxbf3: Support shutdown() function (Asmaa Mnebhi) [Orabug: 37208029] - sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() (Liming Sun) [Orabug: 37208029] - ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199019] - Revert "ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block" (Gautham Ananthakrishna) [Orabug: 37199019] [5.15.0-302.167.5.el9uek] - mm/hugetlb: fix adjusting poison page flag in non-HVO scenario (Jane Chu) [Orabug: 37182268] - x86/bugs: Adjust SRSO mitigation to new features (Boris Ostrovsky) [Orabug: 37145844] - net/mlx5: disable the 'fast unload' feature...

Read the Full Advisory

SRPMs

http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-302.167.6.el9uek.src.rpm

x86_64

aarch64

bpftool-5.15.0-302.167.6.el9uek.aarch64.rpm kernel-uek-5.15.0-302.167.6.el9uek.aarch64.rpm kernel-uek-container-5.15.0-302.167.6.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-302.167.6.el9uek.aarch64.rpm kernel-uek-core-5.15.0-302.167.6.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-302.167.6.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-302.167.6.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-302.167.6.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-302.167.6.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-302.167.6.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-302.167.6.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-302.167.6.el9uek.noarch.rpm kernel-uek-modules-5.15.0-302.167.6.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-302.167.6.el9uek.aarch64.rpm

i386

Severity
Related CVEs: CVE-2023-31083 CVE-2023-52450 CVE-2024-26585 CVE-2024-26987 CVE-2024-36028 CVE-2024-38538 CVE-2024-38577 CVE-2024-39472 CVE-2024-39483 CVE-2024-41009 CVE-2024-41011 CVE-2024-41012 CVE-2024-41015 CVE-2024-41017 CVE-2024-41019 CVE-2024-41020 CVE-2024-41042 CVE-2024-41059 CVE-2024-41060 CVE-2024-41063 CVE-2024-41064 CVE-2024-41065 CVE-2024-41068 CVE-2024-41070 CVE-2024-41072 CVE-2024-41073 CVE-2024-41077 CVE-2024-41078 CVE-2024-41081 CVE-2024-41090 CVE-2024-41091 CVE-2024-41098 CVE-2024-42114 CVE-2024-42126 CVE-2024-42228 CVE-2024-42259 CVE-2024-42265 CVE-2024-42267 CVE-2024-42271 CVE-2024-42276 CVE-2024-42277 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42290 CVE-2024-42291 CVE-2024-42292 CVE-2024-42295 CVE-2024-42296 CVE-2024-42297 CVE-2024-42299 CVE-2024-42301 CVE-2024-42302 CVE-2024-42304 CVE-2024-42305 CVE-2024-42306 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42318 CVE-2024-43817 CVE-2024-43821 CVE-2024-43829 CVE-2024-43830 CVE-2024-43834 CVE-2024-43835 CVE-2024-43839 CVE-2024-43841 CVE-2024-43846 CVE-2024-43849 CVE-2024-43853 CVE-2024-43854 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43867 CVE-2024-43870 CVE-2024-43871 CVE-2024-43873 CVE-2024-43875 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43885 CVE-2024-43889 CVE-2024-43890 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43897 CVE-2024-43902 CVE-2024-43905 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909 CVE-2024-43914 CVE-2024-44934 CVE-2024-44935 CVE-2024-44944 CVE-2024-44946 CVE-2024-44947 CVE-2024-44948 CVE-2024-44954 CVE-2024-44958 CVE-2024-44960 CVE-2024-44965 CVE-2024-44966 CVE-2024-44968 CVE-2024-44969 CVE-2024-44971 CVE-2024-44982 CVE-2024-44983 CVE-2024-44985 CVE-2024-44986 CVE-2024-44987 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44995 CVE-2024-44998 CVE-2024-44999 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007 CVE-2024-45008 CVE-2024-45011 CVE-2024-45016 CVE-2024-45018 CVE-2024-45021 CVE-2024-45025 CVE-2024-45026 CVE-2024-45028 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46702 CVE-2024-46707 CVE-2024-46713 CVE-2024-46714 CVE-2024-46719 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46731 CVE-2024-46732 CVE-2024-46734 CVE-2024-46737 CVE-2024-46739 CVE-2024-46740 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747 CVE-2024-46750 CVE-2024-46752 CVE-2024-46755 CVE-2024-46756 CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761 CVE-2024-46763 CVE-2024-46771 CVE-2024-46777 CVE-2024-46780 CVE-2024-46781 CVE-2024-46782 CVE-2024-46783 CVE-2024-46791 CVE-2024-46795 CVE-2024-46798 CVE-2024-46800 CVE-2024-46804 CVE-2024-46805 CVE-2024-46807 CVE-2024-46810 CVE-2024-46814 CVE-2024-46815 CVE-2024-46817 CVE-2024-46818 CVE-2024-46819 CVE-2024-46822 CVE-2024-46828 CVE-2024-46829 CVE-2024-46832 CVE-2024-46839 CVE-2024-46840 CVE-2024-46844 CVE-2024-47663 CVE-2024-47665 CVE-2024-47667 CVE-2024-47668 CVE-2024-47669 CVE-2024-47674 CVE-2024-49863

Related News