1. Home
  2. Security Advisories
  3. Oracle Linux
  4. ELSA-2022-9314

[ELSA-2022-9314] Unbreakable Enterprise kernel-container security update

Severity Important
Affected Packages 1
CVEs 14
Info Packages References Vulnerabilities

[4.14.35-2047.512.6.el7]
- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271]
- uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774]

[4.14.35-2047.512.5]
- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016}
- rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923372]
- btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149}
- sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966}

[4.14.35-2047.512.4]
- Linux 4.14.265 (Greg Kroah-Hartman)

- ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani)

- EDAC/xgene: Fix deferred probing (Sergey Shtylyov)

- EDAC/altera: Fix deferred probing (Sergey Shtylyov)

- rtc: cmos: Evaluate century appropriate (Riwen Lu)

- selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum)

- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo)

- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini)

- ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin)

- drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter)

- net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson)

- net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal)

- net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal)

- spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin)

- spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard)

- spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu)

- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel)

- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang)

- RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky)

- block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen)

- drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez)

- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown)

- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown)

- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown)

- audit: improve audit queue handling when 'audit=1' on cmdline (Paul Moore)

- af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet)

- rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet)

- net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K)

- net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju)

- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov)

- netfilter: nat: limit port clash resolution attempts (Florian Westphal)

- netfilter: nat: remove l4 protocol port rovers (Florian Westphal)

- bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann)

- ipv4: raw: lock the socket in raw_bind() (Eric Dumazet)

- yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua)

- ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu)

- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (Jose Exposito)

- drm/msm: Fix wrong size calculation (Xianting Tian)

- net-procfs: show net devices bound packet types (Jianguo Wu)

- NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust)

- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust)

- hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck)

- ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long)

- net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi)

- ipv6_tunnel: Rate limit warning messages (Ido Schimmel)

- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini)

- rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke)

- rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar)

- i40e: fix unsigned stat widths (Joe Damato)

- i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski)

- lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy)

- powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy)

- net: sfp: ignore disabled SFP node (Marek Behun)

- usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan)

- USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern)

- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti)

- usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter)

- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern)

- tty: Add support for Brainboxes UC cards. (Cameron Williams)

- tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com)

- serial: stm32: fix software flow control transfer (Valentin Caron)

- netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso)

- PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman)

- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier)

- s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik)

- Bluetooth: refactor malicious adv data check (Brian Gix)

- Linux 4.14.264 (Greg Kroah-Hartman)

- can: bcm: fix UAF of bcm op (Ziyang Xuan)

- Linux 4.14.263 (Greg Kroah-Hartman)

- gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun)

- gianfar: simplify FCS handling and fix memory leak (Andy Spencer)

- drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie)

- mips,s390,sh,sparc: gup: Work around the 'COW can break either way' issue (Ben Hutchings)

- lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin)

- scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer)

- bcmgenet: add WOL IRQ check (Sergey Shtylyov)

- net_sched: restore 'mpu xxx' handling (Kevin Bracey)

- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus)

- dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus)

- dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus)

- dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus)

- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault)

- netns: add schedule point in ops_exit_list() (Eric Dumazet)

- net: axienet: fix number of TX ring slots for available check (Robert Hancock)

- net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock)

- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet)

- parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin)

- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz)

- powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz)

- powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell)

- RDMA/rxe: Fix a typo in opcode name (Chengguang Xu)

- RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu)

- Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn)

- firmware: Update Kconfig help text for Google firmware (Ben Hutchings)

- drm/radeon: fix error handling in radeon_driver_open_kms (Christian Konig)

- crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut)

- ext4: don't use the orphan list when migrating an inode (Theodore Ts'o)

- ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin)

- ext4: set csum seed in tmp inode while migrating to extents (Luis Henriques)

- ext4: make sure quota gets properly shutdown on error (Jan Kara)

- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer)

- cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin)

- serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner)

- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek)

- power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy)

- ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih)

- scsi: sr: Don't use GFP_DMA (Christoph Hellwig)

- MIPS: Octeon: Fix build errors using clang (Tianjia Zhang)

- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D)

- MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin)

- ALSA: seq: Set upper limit of processed events (Takashi Iwai)

- w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy)

- i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund)

- powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman)

- i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit)

- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin)

- powerpc/btext: add missing of_node_put (Julia Lawall)

- powerpc/cell: add missing of_node_put (Julia Lawall)

- powerpc/powernv: add missing of_node_put (Julia Lawall)

- powerpc/6xx: add missing of_node_put (Julia Lawall)

- parisc: Avoid calling faulthandler_disabled() twice (John David Anglin)

- serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner)

- serial: pl010: Drop CR register reset on set_termios (Lukas Wunner)

- net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle))

- dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber)

- dm btree: add a defensive bounds check to insert_at() (Joe Thornber)

- mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih)

- net: mdio: Demote probed message to debug print (Florian Fainelli)

- btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik)

- btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik)

- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov)

- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki)

- ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki)

- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf)

- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo)

- um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap)

- iwlwifi: remove module loading failure message (Johannes Berg)

- iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg)

- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen)

- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng)

- arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding)

- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson)

- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang)

- media: igorplugusb: receiver overflow should be reported (Sean Young)

- bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni)

- net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar)

- ath10k: Fix tx hanging (Sebastian Gottschall)

- iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg)

- media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab)

- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang)

- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard)

- floppy: Add max size check for user space request (Xiongwei Song)

- usb: uhci: add aspeed ast2600 uhci support (Neal Liu)

- mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen)

- HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye)

- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede)

- drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch)

- mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson)

- media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma)

- HID: apple: Do not reset quirks when the Fn key is not found (Jose Exposito)

- usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti)

- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs)

- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen)

- fs: dlm: filter user dlm messages for kernel locks (Alexander Aring)

- Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun)

- RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib)

- mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap)

- mips: lantiq: add support for clk_set_parent() (Randy Dunlap)

- misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun)

- ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang)

- iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang)

- dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann)

- RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon)

- scsi: ufs: Fix race conditions related to driver data (Bart Van Assche)

- char/mwave: Adjust io port register size (Kees Cook)

- ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui)

- powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu)

- RDMA/hns: Validate the pkey index (Kamal Heib)

- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai)

- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai)

- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai)

- ext4: avoid trim error on fs with small groups (Jan Kara)

- net: mcs7830: handle usb read errors properly (Pavel Skripkin)

- pcmcia: fix setting of kthread task states (Dominik Brodowski)

- can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang)

- can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde)

- tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun)

- spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin)

- fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang)

- ppp: ensure minimum packet size in ppp_write() (Eric Dumazet)

- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang)

- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang)

- x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun)

- usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun)

- media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai)

- media: dw2102: Fix use after free (Anton Vasilyev)

- sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua)

- media: si2157: Fix 'warm' tuner state detection (Robert Schlabbach)

- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang)

- media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang)

- floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis)

- serial: amba-pl011: do not request memory region twice (Lino Sanfilippo)

- drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang)

- drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang)

- arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov)

- netfilter: bridge: add support for pppoe filtering (Florian Westphal)

- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld)

- tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus)

- tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus)

- crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye)

- media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai)

- Bluetooth: stop proccessing malicious adv data (Pavel Skripkin)

- media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu)

- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue)

- clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard)

- clk: bcm-2835: Pick the closest clock rate (Maxime Ripard)

- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai)

- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li)

- shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li)

- can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold)

- media: stk1160: fix control-message timeouts (Johan Hovold)

- media: pvrusb2: fix control-message timeouts (Johan Hovold)

- media: redrat3: fix control-message timeouts (Johan Hovold)

- media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron)

- media: s2255: fix control-message timeouts (Johan Hovold)

- media: cpia2: fix control-message timeouts (Johan Hovold)

- media: em28xx: fix control-message timeouts (Johan Hovold)

- media: mceusb: fix control-message timeouts (Johan Hovold)

- media: flexcop-usb: fix control-message timeouts (Johan Hovold)

- rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jonczyk)

- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski)

- HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke)

- HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke)

- HID: uhid: Fix worker destroying device without any protection (Jann Horn)

- Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi)

- Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi)

- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger)

- media: uvcvideo: fix division by zero at stream start (Johan Hovold)

- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET)

- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor)

- staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor)

- random: fix data race on crng init time (Eric Biggers)

- random: fix data race on crng_node_pool (Eric Biggers)

- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman)

- can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde)

- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko)

- USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (Alan Stern)

- USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern)

- Bluetooth: bfusb: fix division by zero in send path (Johan Hovold)

- Linux 4.14.262 (Greg Kroah-Hartman)

- mISDN: change function names to avoid conflicts (wolfgang huang)

- net: udp: fix alignment problem in udp4_seq_show() (yangxingwu)

- ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao)

- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng)

- ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern)

- ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern)

- phonet: refcount leak in pep_sock_accep (Hangyu Hua)

- rndis_host: support Hytera digital radios (Thomas Toye)

- power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor)

- sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet)

- ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern)

- ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern)

- i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski)

- i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu)

- mac80211: initialize variable have_higher_than_11mbit (Tom Rix)

- RDMA/core: Don't infoleak GRH fields (Leon Romanovsky)

- ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin)

- virtio_pci: Support surprise removal of virtio pci device (Parav Pandit)

- tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao)

- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao)

- Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai)

[4.14.35-2047.512.3]
- lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317} {CVE-2021-20317}
- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520]
- uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655]
- uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455]
- sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297]
- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448}
- Linux 4.14.261 (Greg Kroah-Hartman)

- sctp: use call_rcu to free endpoint (Xin Long)

- net: fix use-after-free in tw_timer_handler (Muchun Song)

- Input: spaceball - fix parsing of movement data packets (Leo L. Schwab)

- Input: appletouch - initialize work before device registration (Pavel Skripkin)

- binder: fix async_free_space accounting for empty parcels (Todd Kjos)

- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier)

- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman)

- uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin)

- nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski)

- fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin)

- NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun)

- net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott)

- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter)

- selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix)

- recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens)

- platform/x86: apple-gmux: use resource_size() with res (Wang Qing)

- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede)

- Linux 4.14.260 (Greg Kroah-Hartman)

- phonet/pep: refuse to enable an unbound pipe (Remi Denis-Courmont)

- hamradio: improve the incomplete fix to avoid NPD (Lin Ma)

- hamradio: defer ax25 kfree after unregister_netdev (Lin Ma)

- ax25: NPD bug when detaching AX25 device (Lin Ma)

- hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck)

- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson)

- usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca)

- f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu)

- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel)

- pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne)

- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper)

- Input: atmel_mxt_ts - fix double free in mxt_read_info_block (Jose Exposito)

- ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King)

- ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang)

- hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck)

- sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang)

- drivers: net: smc911x: Check for error irq (Jiasheng Jiang)

- fjes: Check for error irq (Jiasheng Jiang)

- bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera)

- net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn)

- qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang)

- spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu)

- HID: holtek: fix mouse probing (Benjamin Tissoires)

- can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson)

- net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski)

- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401}
- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}
- x86/speculation: Fix bug in retpoline mode on AMD with 'spectre_v2=none' (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}
- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502]
- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}
- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}
- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847}
- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092]
- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}
- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}
- scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182]
- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942}
- drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330}
- proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650]
- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767]
- rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33819408]
- Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698]
- dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698]
- dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698]
- dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698]
- dm: add dust target (Bryan Gurney) [Orabug: 33653698]
- hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002}
- rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747]
- rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747]
- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747]
- rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821341]
- uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558]

[4.14.35-2047.512.1]
- Revert 'stable: clamp SUBLEVEL in 4.14' (Alan Maguire) [Orabug: 33861950]
- tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435} {CVE-2022-0435}
- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492}
- blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945]
- DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598]

[4.14.35-2047.512.0]
- bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734682]
- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734682]
- RDMA/rxe: Use correct sizing on buffers holding page DMA addresses (Shiraz Saleem) [Orabug: 33676942]
- hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782835]
- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33787546]
- uek-rpm: Pensando: Enable Elba EDAC (Dave Kleikamp) [Orabug: 33831294]
- dsc-drivers: update for 1.15.9-C-64 (Dave Kleikamp) [Orabug: 33831294]
- drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 33831294]
- drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 33831294]
- arm64/configs: Remove CONFIG_PENSANDO_SOC_CAPMEM_HUGEPAGE (David Clear) [Orabug: 33831294]
- drivers/soc/pensando: Add reset cause driver (David Clear) [Orabug: 33831294]
- net/rds: Fix memory leak in rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33811475]
- x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33544127]
- Linux 4.14.259 (Greg Kroah-Hartman)

- xen/console: harden hvc_xen against event channel storms (Juergen Gross)

- Input: touchscreen - avoid bitwise vs logical OR warning (Nathan Chancellor)

- ARM: 8800/1: use choice for kernel unwinders (Stefan Agner)

- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (Nathan Chancellor)

- ARM: 8805/2: remove unneeded naked function usage (Nicolas Pitre)

- net: lan78xx: Avoid unnecessary self assignment (Nathan Chancellor)

- fuse: annotate lock in fuse_reverse_inval_entry() (Miklos Szeredi)

- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07ESAI_TX0 pad name (Fabio Estevam)

- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Sudeep Holla)

- net: systemport: Add global locking for descriptor lifecycle (Florian Fainelli)

- libata: if T_LENGTH is zero, dma direction should be DMA_NONE (George Kennedy)

- timekeeping: Really make sure wall_to_monotonic isn't positive (Yu Liao)

- USB: serial: option: add Telit FN990 compositions (Daniele Palmas)

- PCI/MSI: Mask MSI-X vectors only on success (Stefan Roese)

- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (Thomas Gleixner)

- USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman)

- sit: do not call ipip6_dev_free() from sit_init_net() (Eric Dumazet)

- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn)

- ixgbe: set X550 MDIO speed before talking to PHY (Cyril Novikov)

- igbvf: fix double free in 'igbvf_probe' (Letu Ren)

- soc/tegra: fuse: Fix bitwise vs. logical OR warning (Nathan Chancellor)

- dmaengine: st_fdma: fix MODULE_ALIAS (Alyssa Ross)

- ARM: socfpga: dts: fix qspi node compatible (Dinh Nguyen)

- x86/sme: Explicitly map new EFI memmap table as encrypted (Tom Lendacky)

- nfsd: fix use-after-free due to delegation race (J. Bruce Fields)

- audit: improve robustness of the audit queue handling (Paul Moore)

- dm btree remove: fix use after free in rebalance_children() (Joe Thornber)

- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (Jerome Marchand)

- mac80211: send ADDBA requests using the tid/queue of the aggregation session (Felix Fietkau)

- hwmon: (dell-smm) Fix warning on /proc/i8k creation error (Armin Wolf)

- bpf: fix panic due to oob in bpf_prog_test_run_skb (Daniel Borkmann)

- tracing: Fix a kmemleak false positive in tracing_map (Chen Jun)

- net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Harshit Mogalapalli)

- i2c: rk3x: Handle a spurious start completion interrupt flag (Ondrej Jirman)

- parisc/agp: Annotate parisc agp init functions with __init (Helge Deller)

- net/mlx4_en: Update reported link modes for 1/10G (Erik Ekman)

- drm/msm/dsi: set default num_data_lanes (Philip Chen)

- nfc: fix segfault in nfc_genl_dump_devices_done (Tadeusz Struk)

- Linux 4.14.258 (Greg Kroah-Hartman)

- irqchip: nvic: Fix offset for Interrupt Priority Offsets (Vladimir Murzin)

- irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (Wudi Wang)

- irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (Pali Rohar)

- irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (Pali Rohar)

- iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (Yang Yingliang)

- iio: adc: axp20x_adc: fix charging current reporting on AXP22x (Evgeny Boger)

- iio: dln2: Check return value of devm_iio_trigger_register() (Lars-Peter Clausen)

- iio: dln2-adc: Fix lockdep complaint (Noralf Tronnes)

- iio: itg3200: Call iio_trigger_notify_done() on error (Lars-Peter Clausen)

- iio: kxsd9: Don't return error code in trigger handler (Lars-Peter Clausen)

- iio: ltr501: Don't return error code in trigger handler (Lars-Peter Clausen)

- iio: mma8452: Fix trigger reference couting (Lars-Peter Clausen)

- iio: stk3310: Don't return error code in interrupt handler (Lars-Peter Clausen)

- iio: trigger: stm32-timer: fix MODULE_ALIAS (Alyssa Ross)

- iio: trigger: Fix reference counting (Lars-Peter Clausen)

- usb: core: config: using bit mask instead of individual bits (Pavel Hofman)

- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (Kai-Heng Feng)

- usb: core: config: fix validation of wMaxPacketValue entries (Pavel Hofman)

- USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman)

- USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman)

- net/qla3xxx: fix an error code in ql_adapter_up() (Dan Carpenter)

- net, neigh: clear whole pneigh_entry at alloc time (Eric Dumazet)

- net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (Joakim Zhang)

- net: altera: set a couple error code in probe() (Dan Carpenter)

- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (Lee Jones)

- qede: validate non LSO skb length (Manish Chopra)

- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (Davidlohr Bueso)

- tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware))

- signalfd: use wake_up_pollfree() (Eric Biggers)

- binder: use wake_up_pollfree() (Eric Biggers)

- wait: add wake_up_pollfree() (Eric Biggers)

- libata: add horkage for ASMedia 1092 (Hannes Reinecke)

- can: m_can: Disable and ignore ELO interrupt (Brian Silverman)

- can: pch_can: pch_can_rx_normal: fix use after free (Vincent Mailhol)

- tracefs: Have new files inherit the ownership of their parent (Steven Rostedt (VMware))

- ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (Takashi Iwai)

- ALSA: pcm: oss: Limit the period size to 16MB (Takashi Iwai)

- ALSA: pcm: oss: Fix negative period/buffer sizes (Takashi Iwai)

- ALSA: ctl: Fix copy of updated id with element read/write (Alan Young)

- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (Manjong Lee)

- IB/hfi1: Correct guard on eager buffer deallocation (Mike Marciniszyn)

- seg6: fix the iif in the IPv6 socket control block (Andrea Mayer)

- nfp: Fix memory leak in nfp_cpp_area_cache_add() (Jianglei Nie)

- bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy)

- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (Krzysztof Kozlowski)

- can: sja1000: fix use after free in ems_pcmcia_add_card() (Dan Carpenter)

- HID: check for valid USB device for many HID drivers (Greg Kroah-Hartman)

- HID: wacom: fix problems when device is not a valid USB device (Greg Kroah-Hartman)

- HID: add USB_HID dependancy on some USB HID drivers (Greg Kroah-Hartman)

- HID: add USB_HID dependancy to hid-chicony (Greg Kroah-Hartman)

- HID: add USB_HID dependancy to hid-prodikeys (Greg Kroah-Hartman)

- HID: add hid_is_usb() function to make it simpler for USB detection (Greg Kroah-Hartman)

- Linux 4.14.257 (Greg Kroah-Hartman) {CVE-2021-38199}
- parisc: Mark cr16 CPU clocksource unstable on all SMP machines (Helge Deller)

- serial: core: fix transmit-buffer reset and memleak (Johan Hovold)

- serial: pl011: Add ACPI SBSA UART match id (Pierre Gondois)

- tty: serial: msm_serial: Deactivate RX DMA for polling support (Sven Eckelmann)

- x86/64/mm: Map all kernel memory into trampoline_pgd (Joerg Roedel)

- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (Badhri Jagan Sridharan)

- xhci: Fix commad ring abort, write all 64 bits to CRCR register. (Mathias Nyman)

- vgacon: Propagate console boot parameters before calling 'vc_resize' (Maciej W. Rozycki)

- parisc: Fix 'make install' on newer debian releases (Helge Deller)

- parisc: Fix KBUILD_IMAGE for self-extracting kernel (Helge Deller)

- net/smc: Keep smc_close_final rc during active close (Tony Lu)

- net/rds: correct socket tunable error in rds_tcp_tune() (William Kucharski)

- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (Sven Schuchmann)

- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (Zhou Qingyang)

- siphash: use _unaligned version by default (Arnd Bergmann)

- net: mpls: Fix notifications when deleting a device (Benjamin Poirier)

- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (Zhou Qingyang)

- natsemi: xtensa: fix section mismatch warnings (Randy Dunlap)

- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (Baokun Li)

- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (Baokun Li)

- kprobes: Limit max data_size of the kretprobe instances (Masami Hiramatsu)

- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (Stephen Suryaputra)

- perf hist: Fix memory leak of a perf_hpp_fmt (Ian Rogers)

- net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() (Teng Qi)

- net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound (zhangyue)

- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Teng Qi)

- scsi: iscsi: Unblock session then wake up error handler (Mike Christie)

- thermal: core: Reset previous low and high trip during thermal zone init (Manaf Meethalavalappu Pallikunhi)

- btrfs: check-integrity: fix a warning on write caching disabled disk (Wang Yugui)

- s390/setup: avoid using memblock_enforce_memory_limit (Vasily Gorbik)

- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (Slark Xiao)

- net: return correct error code (liuguoqiang)

- NFSv42: Fix pagecache invalidation after COPY/CLONE (Benjamin Coddington)

- ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn)

- shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn)

- tty: hvc: replace BUG_ON() with negative return value (Juergen Gross)

- xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross)

- fuse: release pipe buf after last use (Miklos Szeredi)

- NFC: add NCI_UNREG flag to eliminate the race (Lin Ma)

- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun)

- arm64: dts: marvell: armada-37xx: declare PCIe reset pin (Miquel Raynal)

- pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun)

- pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup (Gregory CLEMENT)

- pinctrl: armada-37xx: Correct mpp definitions (Marek Behun)

- PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar)

- PCI: aardvark: Fix link training (Pali Rohar)

- PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar)

- PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar)

- PCI: aardvark: Remove PCIe outbound window configuration (Evan Wang)

- PCI: aardvark: Update comment about disabling link training (Pali Rohar)

- PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar)

- PCI: aardvark: Fix compilation on s390 (Pali Rohar)

- PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar)

- PCI: aardvark: Introduce an advk_pcie_valid_device() helper (Thomas Petazzoni)

- PCI: aardvark: Indicate error in 'val' when config read fails (Pali Rohar)

- PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar)

- PCI: aardvark: Issue PERST via GPIO (Pali Rohar)

- PCI: aardvark: Improve link training (Marek Behun)

- PCI: aardvark: Train link immediately after enabling training (Pali Rohar)

- PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel)

- PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (Wen Yang)

- PCI: aardvark: Fix I/O space page leak (Sergei Shtylyov)

- s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand)

- tracing: Check pid filtering when creating events (Steven Rostedt (VMware))

- vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella)

- net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu)

- MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei)

- tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet)

- net/smc: Ensure the active closing peer first closes clcsock (Tony Lu)

- ipv6: fix typos in __ip6_finish_output() (Eric Dumazet)

- drm/vc4: fix error code in vc4_create_object() (Dan Carpenter)

- scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy)

- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai)

- NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust)

- net: ieee802154: handle iftypes as u32 (Alexander Aring)

- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai)

- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli)

- ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli)

- netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu)

- tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware))

- xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini)

- xen: don't continue xenstore initialization in case of errors (Stefano Stabellini)

- fuse: fix page stealing (Miklos Szeredi)

- staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter)

- HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke)

- media: cec: copy sequence field for the reply (Hans Verkuil)

- ALSA: ctxfi: Fix out-of-range access (Takashi Iwai)

- usb: hub: Fix locking issues with address0_mutex (Mathias Nyman)

- usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman)

- USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang)

- USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas)

Package Affected Version
pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 < 4.14.35-2047.512.6.el7
ID
ELSA-2022-9314
Severity
important
URL
https://linux.oracle.com/errata/ELSA-2022-9314.html
Published
2022-04-25T00:00:00
(2 years ago)
Modified
2022-04-25T00:00:00
(2 years ago)
Rights
Copyright 2022 Oracle, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 oraclelinux kernel-uek-container < 4.14.35-2047.512.6.el7 oraclelinux-7
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date