Scientific Linux Security Update : kernel on SL7.x x86_64 (2022:4642)

2022-05-20T00:00:00

Description

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:4642-1 advisory. - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

{"id": "SL_20220519_KERNEL_ON_SL7_X.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (2022:4642)", "description": "The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:4642-1 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2022-05-20T00:00:00", "modified": "2022-05-20T00:00:00", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/161409", "reporter": "This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.scientificlinux.org/category/sl-errata/slsa-20224642-1", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0492"], "cvelist": ["CVE-2022-0492"], "immutableFields": [], "lastseen": "2022-06-15T17:01:42", "viewCount": 5, "enchantments": {"vulnersScore": "PENDING"}, "_state": {}, "_internal": {}, "pluginID": "161409", "sourceData": "##\n# (C) Tenable, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161409);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\"CVE-2022-0492\");\n script_xref(name:\"RHSA\", value:\"RHSA-2022:4642\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (2022:4642)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nSLSA-2022:4642-1 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20224642-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.66.1.el7', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / bpftool-debuginfo / kernel / etc');\n}\n", "naslFamily": "Scientific Linux Local Security Checks", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo"], "solution": "Update the affected packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2022-0492", "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2022-05-19T00:00:00", "vulnerabilityPublicationDate": "2022-02-04T00:00:00", "exploitableWith": []}

{"thn": [{"lastseen": "2022-05-09T12:37:29", "description": "[![Linux Kernel Cgroups Vulnerability](https://thehackernews.com/new-images/img/a/AVvXsEj0aGdhsCm5TBDW0QHLEfeJM1Wr4-wqL_GBfXyv9ZsCLcsrN4JjnqJA_ZXSGng3ZpGvo5rebWY95rxNDDPEOxu1d7Ecx_mZ1yOqBVvBhCIAxryFw31eXcskdkqwPLg6mA4ubfWktug1Ky9eRcHdKfbdPAYTKbjcI-zc_Dfvbqsc1zDp2AJDbGZp8Yc1=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEj0aGdhsCm5TBDW0QHLEfeJM1Wr4-wqL_GBfXyv9ZsCLcsrN4JjnqJA_ZXSGng3ZpGvo5rebWY95rxNDDPEOxu1d7Ecx_mZ1yOqBVvBhCIAxryFw31eXcskdkqwPLg6mA4ubfWktug1Ky9eRcHdKfbdPAYTKbjcI-zc_Dfvbqsc1zDp2AJDbGZp8Yc1>)\n\nDetails have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host.\n\nThe shortcoming resides in a Linux kernel feature called [control groups](<https://en.wikipedia.org/wiki/Cgroups>), also referred to as cgroups version 1 (v1), which allows processes to be organized into hierarchical groups, thereby making it possible to limit and monitor the usage of resources such as CPU, memory, disk I/O, and network.\n\nTracked as [CVE-2022-0492](<https://nvd.nist.gov/vuln/detail/CVE-2022-0492>) (CVSS score: 7.0), the [issue](<https://access.redhat.com/security/cve/cve-2022-0492>) [concerns](<https://ubuntu.com/security/CVE-2022-0492>) a [case](<https://security-tracker.debian.org/tracker/CVE-2022-0492>) of [privilege escalation](<https://www.suse.com/security/cve/CVE-2022-0492.html>) in the cgroups v1 release_agent functionality, a script that's executed following the termination of any process in the cgroup.\n\n\"The issue stands out as one of the simplest Linux privilege escalations discovered in recent times: The Linux kernel mistakenly exposed a privileged operation to unprivileged users,\" Unit 42 researcher Yuval Avrahami [said](<https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/>) in a report published this week.\n\nThe [man page](<https://manpages.ubuntu.com/manpages/bionic/man7/cgroups.7.html>) for cgroups explains its function as follows \u2013\n\n_Whether or not the release_agent program is invoked when a particular cgroup becomes empty is determined by the value in the notify_on_release file in the corresponding cgroup directory. If this file contains the value 0, then the release_agent program is not invoked. If it contains the value 1, the release_agent program is invoked. The default value for this file in the root cgroup is 0._\n\nSpecifically, the Palo Alto Networks threat intelligence team noted that the bug is a consequence of a missing verification to check whether the process setting the release_agent file had administrative privileges, thereby making it ripe for potential exploitation.\n\nIn other words, should this release_agent file be overwritten by an attacker, the kernel can be forced into calling an arbitrary binary configured in the release agent with the highest possible permissions \u2013 a scenario that could effectively allow a complete takeover of the machine.\n\nIt's, however, worth noting that only processes with \"root\" privileges can write to the file, meaning that the vulnerability solely permits root processes to escalate privileges.\n\n\"At first glance, a privilege escalation vulnerability that can only be exploited by the root user may seem bizarre,\" Avrahami explained. \"Running as root doesn't necessarily mean full control over the machine: There's a gray area between the root user and full privileges that includes capabilities, namespaces, and containers. In these scenarios where a root process doesn't have full control over the machine, CVE-2022-0492 becomes a serious vulnerability.\"\n\nAlthough containers running with [AppArmor](<https://kubernetes.io/docs/tutorials/security/apparmor/>) or [SELinux](<https://www.redhat.com/en/topics/linux/what-is-selinux>) are protected from the flaw, users are recommended to [apply](<https://alas.aws.amazon.com/cve/html/CVE-2022-0492.html>) the [patches](<https://cloud.google.com/anthos/clusters/docs/security-bulletins>) in light of the fact that it could be abused by other malicious host processes to elevate privileges.\n\nThis is far from the first time release_agent has resurfaced as an attack vector. In July 2019, Google Project Zero researcher Felix Wilhelm [demonstrated](<https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/>) a \"quick and dirty\" proof-of-concept (PoC) exploit leveraging the feature to break out of privileged Kubernetes and Docker containers.\n\nThen in November 2021, cloud native security firm Aqua [disclosed](<https://blog.aquasec.com/threat-alert-container-escape>) details of a cryptocurrency mining campaign that used the exact same container escape technique to drop the XMRig coin miner on infected hosts, making it the first recorded instance of real-world exploitation.\n\n\"CVE-2022-0492 marks another Linux vulnerability that can be exploited for container escape,\" Avrahami concluded. \"Fortunately, environments that follow best practices are protected from this vulnerability. Environments with lax security controls hosting untrusted or publicly exposed containers are, unsurprisingly, at high risk.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-05T08:43:00", "type": "thn", "title": "New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-03-06T06:46:37", "id": "THN:B3B3DCC2A63D28F471BD0B6A3E2BD325", "href": "https://thehackernews.com/2022/03/new-linux-kernel-cgroups-vulnerability.html", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2022-03-15T15:28:55", "description": "[5.4.17-2136.302.7.2.3]\n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33832574] {CVE-2022-0492}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-02-09T00:00:00", "id": "ELSA-2022-9141", "href": "http://linux.oracle.com/errata/ELSA-2022-9141.html", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-19T21:31:37", "description": "[3.10.0-1160.66.1.OL7]\n- Update Oracle Linux certificates (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9\n- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)\n[3.10.0-1160.66.1]\n- net-sysfs: add check for netdevice being present to speed_show (William Zhao) [2055457]\n- CI: Drop baseline runs (Veronika Kabatova)\n- perf/x86/intel: Add more Icelake CPUIDs (Michael Petlan) [2072317]\n- perf vendor events intel: Add Icelake V1.00 event file (Michael Petlan) [2072317]\n- perf vendor events intel: Add core event list for Icelake Server (Michael Petlan) [2072317]\n[3.10.0-1160.65.1]\n- CI: Remove deprecated option (Veronika Kabatova)\n- RDMA/core: Fix panic when port_pkey_list isn't initialized (Kamal Heib) [2046571]\n[3.10.0-1160.64.1]\n- cgroup-v1: Require capabilities to set release_agent (Waiman Long) [2052162] {CVE-2022-0492}\n[3.10.0-1160.63.1]\n- NFSv4: Set the connection timeout to match the lease period (Benjamin Coddington) [2066699]\n- SUNRPC: Allow changing of the TCP timeout parameters on the fly (Benjamin Coddington) [2066699]\n- SUNRPC: Refactor TCP socket timeout code into a helper function (Benjamin Coddington) [2066699]\n- SUNRPC: Remove unused function rpc_get_timeout() (Benjamin Coddington) [2066699]\n- kernel/timer: Fix incorrect assertion in requeue_timers() (Waiman Long) [2048502]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-19T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-19T00:00:00", "id": "ELSA-2022-4642", "href": "http://linux.oracle.com/errata/ELSA-2022-4642.html", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-15T15:28:51", "description": "[5.4.17-2136.302.7.2.3]\n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman)\n [Orabug: 33832574] {CVE-2022-0492}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-02-09T00:00:00", "id": "ELSA-2022-9142", "href": "http://linux.oracle.com/errata/ELSA-2022-9142.html", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-15T15:28:49", "description": "[4.14.35-2047.511.5.2.el7]\n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33876756] {CVE-2022-0492}\n- scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33876755]\n[4.14.35-2047.511.5.1]\n- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33836770]\n[4.14.35-2047.511.5]\n- irq/msi: add extra step when both old and new affinity are not current cpu (Joe Jin) [Orabug: 33789982] \n- Revert rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33795472] \n- smp: always continue to process IRQ work (Stephen Brennan) [Orabug: 33775326] \n- scsi: libiscsi: Fix iscsi_task use after free() (Mike Christie) [Orabug: 33674803] \n- scsi: libiscsi: Drop taskqueuelock (Mike Christie) [Orabug: 33674803] \n- netfilter: fix regression in looped (broad|multi)casts MAC handling (Ignacy Gawedzki) \n- PM: hibernate: use correct mode for swsusp_close() (Thomas Zeitlhofer) \n- tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware)) \n- binder: fix test regression due to sender_euid change (Todd Kjos) \n- IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (Jose Exposito)\n[4.14.35-2047.511.4]\n- net/rds: Refactor rds_ib_recv_refill_one (Freddy Carrillo) [Orabug: 33811840] \n- net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33811824] \n- ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33811779] \n- rds: ib: Ack seq not always received in monotonic increasing order (Hakon Bugge) [Orabug: 33810922] \n- arm64: pcie: Intercept Pensando specific SError (Henry Willard) [Orabug: 33811771] \n- arm64: pcie: Change bad_mode hook to cap_pciep_access_in_progress() (Henry Willard) [Orabug: 33811771] \n- arm64: pcie: Remove Pensando SError trapping patch (Henry Willard) [Orabug: 33811771] \n- take care multiple extents in CoW extent converting (Wengang Wang) [Orabug: 33811755]\n[4.14.35-2047.511.3]\n- scsi: vmw_pvscsi: Set residual data length conditionally (Alexey Makhalov) [Orabug: 33761308] \n- xfs: force the log offline when log intent item recovery fails (Darrick J. Wong) [Orabug: 33757273] \n- xfs: cancel intents immediately if process_intents fails (Darrick J. Wong) [Orabug: 33757273] \n- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33749641] \n- irqchip/gic-v3-its: Allow use of LPI tables in reserved memory (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Register LPI tables with EFI config table (Marc Zyngier) [Orabug: 33749641] \n- efi: add API to reserve memory persistently across kexec reboot (Ard Biesheuvel) [Orabug: 33749641] \n- efi/arm: libstub: add a root memreserve config table (Ard Biesheuvel) [Orabug: 33749641] \n- efi: honour memory reservations passed via a linux specific config table (Ard Biesheuvel) [Orabug: 33749641] \n- irqchip/gic-v3-its: Check that all RDs have the same property table (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Use pre-programmed redistributor tables with kdump kernels (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Allow use of pre-programmed LPI tables (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Keep track of property tables PA and VA (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Move pending table allocation to init time (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Split property table clearing from allocation (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Simplify LPI_PENDBASE_SZ usage (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Change initialization ordering for LPIs (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Cap lpi_id_bits to reduce memory footprint (Jia He) [Orabug: 33749641] \n- irqchip/gic-v3-its: Make its_lock a raw_spin_lock_t (Sebastian Andrzej Siewior) [Orabug: 33749641] \n- irqchip/gic-v3-its: Honor hypervisor enforced LPI range (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3: Expose GICD_TYPER in the rdist structure (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Drop chunk allocation compatibility (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Move minimum LPI requirements to individual busses (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Use full range of LPIs (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Refactor LPI allocator (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Only emit VSYNC if targetting a valid collection (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Only emit SYNC if targetting a valid collection (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3: Ensure GICR_CTLR.EnableLPI=0 is observed before enabling (Shanker Donthineni) [Orabug: 33749641] \n- irqchip/gic-v3-its: Pass its_node pointer to each command builder (Marc Zyngier) [Orabug: 33749641] \n- tee: handle lookup of shm with reference count 0 (Jens Wiklander) [Orabug: 33739583] {CVE-2021-44733}\n- rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33660978] \n- net/mlx5: Fix eeprom support for SFP module (Eran Ben Elisha) [Orabug: 33541468] \n- x86/vector: search CPU vector starts from last successfully assigned (Joe Jin) [Orabug: 33290504]\n[4.14.35-2047.511.2]\n- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33756155] {CVE-2021-4155}\n- net/mlx5e: ethtool, Add support for EEPROM high pages query (Erez Alfasi) [Orabug: 33755527] \n- ethtool: Add SFF-8436 and SFF-8636 max EEPROM length definitions (Erez Alfasi) [Orabug: 33755527] \n- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (George Kennedy) [Orabug: 33731361] \n- uek-rpm: configs: disable CONFIG_USB_GADGET (aloktiw) [Orabug: 33730434] \n- rds: ib: Incorporate the stat counter ib_rdma_flush_mr_pool_avoided in the structure rds_ib_stat_names (Praveen Kumar Kannoju) [Orabug: 33720886] \n- panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33703438] \n- panic: disable optimistic spin after halting CPUs (Stephen Brennan) [Orabug: 33703438] \n- atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (Zekun Shen) [Orabug: 33594985] {CVE-2021-43975}\n- x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Yazen Ghannam) [Orabug: 33427596] \n- EDAC/mce_amd: Add new error descriptions for existing types (Yazen Ghannam) [Orabug: 33427596] \n- x86/mce, EDAC/mce_amd: Print PPIN in machine check records (Smita Koralahalli) [Orabug: 33427596] \n- x86/mce/amd, edac: Remove report_gart_errors (Borislav Petkov) [Orabug: 33427596] \n- x86/mce/amd: Add PPIN support for AMD MCE (Wei Huang) [Orabug: 33427596] \n- x86/mce: Take action on UCNA/Deferred errors again (Jan H. Schonherr) [Orabug: 33427596] \n- xen/mcelog: add PPIN to record when available (Jan Beulich) [Orabug: 33427596] \n- xen/mcelog: drop __MC_MSR_MCGCAP (Jan Beulich) [Orabug: 33427596] \n- x86/MCE/AMD: Dont report L1 BTB MCA errors on some family 17h models (Yazen Ghannam) [Orabug: 33427596] \n- x86/MCE: Add an MCE-record filtering function (Yazen Ghannam) [Orabug: 33427596] \n- EDAC, mce_amd: Print ExtErrorCode and description on a single line (Yazen Ghannam) [Orabug: 33427596] \n- mstflint_access: Update driver code to v4.18.0-1 from Github (Sharath Srinivasan) [Orabug: 33186485] \n- mstflint_access: Update driver code to v4.17.0-1 from Github (Sharath Srinivasan) [Orabug: 33186485] \n- mstflint_access: Add README.txt (Sharath Srinivasan) [Orabug: 33186485] \n- Revert Revert net/mlx4_core: Add masking for a few queries on HCA caps (Freddy Carrillo) [Orabug: 32603654]\n[4.14.35-2047.511.1]\n- uek-rpm: Update ol7 locklist with fnic symbols (Saeed Mirzamohammadi) [Orabug: 33590914] \n- mm, oom: dump stack of victim when reaping failed (David Rientjes) [Orabug: 33647102] \n- memcg: prohibit unconditional exceeding the limit of dying tasks (Vasily Averin) [Orabug: 33647102] \n- memcg: enable memcg oom-kill for __GFP_NOFAIL (Shakeel Butt) [Orabug: 33647102] \n- memcg, oom: no oom-kill for __GFP_RETRY_MAYFAIL (Shakeel Butt) [Orabug: 33647102] \n- memcg: killed threads should not invoke memcg OOM killer (Tetsuo Handa) [Orabug: 33647102] \n- memcg, oom: notify on oom killer invocation from the charge path (Michal Hocko) [Orabug: 33647102] \n- mm: memcontrol: print proper OOM header when no eligible victim left (Johannes Weiner) [Orabug: 33647102] \n- memcg, oom: move out_of_memory back to the charge path (Michal Hocko) [Orabug: 33647102] \n- rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33671340] \n- arm64: kexec: Suppress kexec on embedded systems (smartnics) (Henry Willard) [Orabug: 33699776] \n- fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679805] {CVE-2021-0920}\n- fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679805] \n- xfs: remove all COW fork extents when remounting readonly (Darrick J. Wong) [Orabug: 33676191] \n- RDS/IB: Fix error when trying to unallocate ring buffers (Hans Westgaard Ry) [Orabug: 33620350] \n- net: macsec: Severe performance regression in ...preserve ordering (Venkat Venkatsubra) [Orabug: 33557957] \n- Linux 4.14.256 (Greg Kroah-Hartman) \n- soc/tegra: pmc: Fix imbalanced clock disabling in error code path (Dmitry Osipenko) \n- usb: max-3421: Use driver data instead of maintaining a list of bound devices (Uwe Kleine-Konig) \n- RDMA/netlink: Add __maybe_unused to static inline in C file (Leon Romanovsky) \n- batman-adv: Dont always reallocate the fragmentation skb head (Sven Eckelmann) \n- batman-adv: Reserve needed_*room for fragments (Sven Eckelmann) \n- batman-adv: Consider fragmentation for needed_headroom (Sven Eckelmann) \n- batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (Linus Lussing) \n- batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (Linus Lussing) \n- perf/core: Avoid put_page() when GUP fails (Greg Thelen) \n- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (hongao) \n- drm/udl: fix control-message timeout (Johan Hovold) \n- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (Nguyen Dinh Phi) \n- parisc/sticon: fix reverse colors (Sven Schnelle) \n- btrfs: fix memory ordering between normal and ordered work functions (Nikolay Borisov) \n- mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag (Rustam Kovhaev) \n- hexagon: export raw I/O routines for modules (Nathan Chancellor) \n- tun: fix bonding active backup with arp monitoring (Nicolas Dichtel) \n- perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server (Alexander Antonov) \n- perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server (Alexander Antonov) \n- NFC: reorder the logic in nfc_{un,}register_device (Lin Ma) \n- NFC: reorganize the functions in nci_request (Lin Ma) \n- i40e: Fix NULL ptr dereference on VSI filter sync (Michal Maloszewski) \n- net: virtio_net_hdr_to_skb: count transport header in UFO (Jonathan Davies) \n- platform/x86: hp_accel: Fix an error handling path in lis3lv02d_probe() (Christophe JAILLET) \n- mips: lantiq: add support for clk_get_parent() (Randy Dunlap) \n- mips: bcm63xx: add support for clk_get_parent() (Randy Dunlap) \n- MIPS: generic/yamon-dt: fix uninitialized variable error (Colin Ian King) \n- iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Surabhi Boob) \n- net: bnx2x: fix variable dereferenced before check (Pavel Skripkin) \n- sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (Vincent Donnefort) \n- mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set (Randy Dunlap) \n- sh: define __BIG_ENDIAN for math-emu (Randy Dunlap) \n- sh: fix kconfig unmet dependency warning for FRAME_POINTER (Randy Dunlap) \n- maple: fix wrong return value of maple_bus_init(). (Lu Wei) \n- sh: check return code of request_irq (Nick Desaulniers) \n- powerpc/dcr: Use cmplwi instead of 3-argument cmpli (Michael Ellerman) \n- ALSA: gus: fix null pointer dereference on pointer block (Chengfeng Ye) \n- powerpc/5200: dts: fix memory node unit name (Anatolij Gustschin) \n- scsi: target: Fix alua_tg_pt_gps_count tracking (Mike Christie) \n- scsi: target: Fix ordered tag handling (Mike Christie) \n- MIPS: sni: Fix the build (Bart Van Assche) \n- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Guanghui Feng) \n- usb: host: ohci-tmio: check return value after calling platform_get_resource() (Yang Yingliang) \n- ARM: dts: omap: fix gpmc,mux-add-data type (Roger Quadros) \n- scsi: advansys: Fix kernel pointer leak (Guo Zhi) \n- usb: musb: tusb6010: check return value after calling platform_get_resource() (Yang Yingliang) \n- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (James Smart) \n- arm64: zynqmp: Fix serial compatible string (Michal Simek) \n- PCI/MSI: Destroy sysfs before freeing entries (Thomas Gleixner) \n- parisc/entry: fix trace test in syscall exit path (Sven Schnelle) \n- tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (Paul Burton) \n- ext4: fix lazy initialization next schedule time computation in more granular unit (Shaoying Xu) \n- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (Pali Rohar) \n- s390/cio: check the subchannel validity for dev_busid (Vineeth Vijayan) \n- mm, oom: do not trigger out_of_memory from the #PF (Michal Hocko) \n- mm, oom: pagefault_out_of_memory: dont force global OOM for dying tasks (Vasily Averin) \n- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (Naveen N. Rao) \n- powerpc/bpf: Validate branch ranges (Naveen N. Rao) \n- powerpc/lib: Add helper to check if offset is within conditional branch range (Naveen N. Rao) \n- ARM: 9156/1: drop cc-option fallbacks for architecture selection (Arnd Bergmann) \n- ARM: 9155/1: fix early early_iounmap() (Michal Miroslaw) \n- USB: chipidea: fix interrupt deadlock (Johan Hovold) \n- vsock: prevent unnecessary refcnt inc for nonblocking connect (Eiichi Tsukata) \n- nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (Chengfeng Ye) \n- llc: fix out-of-bound array index in llc_sk_dev_hash() (Eric Dumazet) \n- mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() (Miaohe Lin) \n- bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (Huang Guobin) \n- ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (Hans de Goede) \n- net: davinci_emac: Fix interrupt pacing disable (Maxim Kiselev) \n- xen-pciback: Fix return in pm_ctrl_init() (YueHaibing) \n- i2c: xlr: Fix a resource leak in the error handling path of xlr_i2c_probe() (Christophe JAILLET) \n- scsi: qla2xxx: Turn off target reset during issue_lip (Quinn Tran) \n- ar7: fix kernel builds for compiler test (Jackie Liu) \n- watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (Ahmad Fatoum) \n- m68k: set a default value for MEMORY_RESERVE (Randy Dunlap) \n- dmaengine: dmaengine_desc_callback_valid(): Check for (Lars-Peter Clausen) \n- netfilter: nfnetlink_queue: fix OOB when mac header was cleared (Florian Westphal) \n- auxdisplay: ht16k33: Fix frame buffer device blanking (Geert Uytterhoeven) \n- auxdisplay: ht16k33: Connect backlight to fbdev (Geert Uytterhoeven) \n- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (Geert Uytterhoeven) \n- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (Claudiu Beznea) \n- mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (Evgeny Novikov) \n- fs: orangefs: fix error return code of orangefs_revalidate_lookup() (Jia-Ju Bai) \n- NFS: Fix deadlocks in nfs_scan_commit_list() (Trond Myklebust) \n- PCI: aardvark: Dont spam about PIO Response Status (Marek Behun) \n- drm/plane-helper: fix uninitialized variable reference (Alex Xu (Hello71)) \n- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (Baptiste Lepers) \n- rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined (Arnaud Pouliquen) \n- apparmor: fix error check (Tom Rix) \n- power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (Hans de Goede) \n- mips: cm: Convert to bitfield API to fix out-of-bounds access (Geert Uytterhoeven) \n- serial: xilinx_uartps: Fix race condition causing stuck TX (Anssi Hannula) \n- ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (Richard Fitzgerald) \n- ASoC: cs42l42: Correct some register default values (Richard Fitzgerald) \n- RDMA/mlx4: Return missed an error if device doesnt support steering (Leon Romanovsky) \n- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Dan Carpenter) \n- power: supply: rt5033_battery: Change voltage values to uV (Jakob Hauser) \n- usb: gadget: hid: fix error code in do_config() (Dan Carpenter) \n- serial: 8250_dw: Drop wrong use of ACPI_PTR() (Andy Shevchenko) \n- video: fbdev: chipsfb: use memset_io() instead of memset() (Christophe Leroy) \n- memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (Dongliang Mu) \n- soc/tegra: Fix an error handling path in tegra_powergate_power_up() (Christophe JAILLET) \n- arm: dts: omap3-gta04a4: accelerometer irq fix (Andreas Kemnade) \n- ALSA: hda: Reduce udelay() at SKL+ position reporting (Takashi Iwai) \n- JFS: fix memleak in jfs_mount (Dongliang Mu) \n- MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT (Jackie Liu) \n- scsi: dc395: Fix error case unwinding (Tong Zhang) \n- ARM: dts: at91: tse850: the emac<->phy interface is rmii (Peter Rosin) \n- ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (Jackie Liu) \n- RDMA/rxe: Fix wrong port_cap_flags (Junji Wei) \n- ibmvnic: Process crqs after enabling interrupts (Sukadev Bhattiprolu) \n- crypto: pcrypt - Delay write to padata->info (Daniel Jordan) \n- net: phylink: avoid mvneta warning when setting pause parameters (Russell King (Oracle)) \n- net: amd-xgbe: Toggle PLL settings during rate change (Shyam Sundar S K) \n- libertas: Fix possible memory leak in probe and disconnect (Wang Hai) \n- libertas_tf: Fix possible memory leak in probe and disconnect (Wang Hai) \n- samples/kretprobes: Fix return value if register_kretprobe() failed (Tiezhu Yang) \n- irq: mips: avoid nested irq_enter() (Mark Rutland) \n- s390/gmap: dont unconditionally call pte_unmap_unlock() in __gmap_zap() (David Hildenbrand) \n- smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi (Tetsuo Handa) \n- PM: hibernate: fix sparse warnings (Anders Roxell) \n- phy: micrel: ksz8041nl: do not use power down mode (Stefan Agner) \n- mwifiex: Send DELBA requests according to spec (Jonas Drebler) \n- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (Nathan Chancellor) \n- mmc: mxs-mmc: disable regulator on error and in the remove function (Christophe JAILLET) \n- net: stream: dont purge sk_error_queue in sk_stream_kill_queues() (Jakub Kicinski) \n- drm/msm: uninitialized variable in msm_gem_import() (Dan Carpenter) \n- ath10k: fix max antenna gain unit (Sven Eckelmann) \n- hwmon: Fix possible memleak in __hwmon_device_register() (Yang Yingliang) \n- memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (Dan Carpenter) \n- memstick: avoid out-of-range warning (Arnd Bergmann) \n- b43: fix a lower bounds test (Dan Carpenter) \n- b43legacy: fix a lower bounds test (Dan Carpenter) \n- hwrng: mtk - Force runtime pm ops for sleep ops (Markus Schneider-Pargmann) \n- crypto: qat - disregard spurious PFVF interrupts (Giovanni Cabiddu) \n- crypto: qat - detect PFVF collision after ACK (Giovanni Cabiddu) \n- ath9k: Fix potential interrupt storm on queue reset (Linus Lussing) \n- cpuidle: Fix kobject memory leaks in error paths (Anel Orazgaliyeva) \n- media: cx23885: Fix snd_card_free call on null card pointer (Colin Ian King) \n- media: si470x: Avoid card name truncation (Kees Cook) \n- media: mtk-vpu: Fix a resource leak in the error handling path of mtk_vpu_probe() (Christophe JAILLET) \n- media: dvb-usb: fix ununit-value in az6027_rc_query (Pavel Skripkin) \n- cgroup: Make rebind_subsystems() disable v2 controllers all at once (Waiman Long) \n- parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling (Sven Schnelle) \n- task_stack: Fix end_of_stack() for architectures with upwards-growing stack (Helge Deller) \n- parisc: fix warning in flush_tlb_all (Sven Schnelle) \n- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (Yang Yingliang) \n- ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (Arnd Bergmann) \n- gre/sit: Dont generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE (Stephen Suryaputra) \n- ARM: clang: Do not rely on lr register for stacktrace (Masami Hiramatsu) \n- smackfs: use __GFP_NOFAIL for smk_cipso_doi() (Tetsuo Handa) \n- iwlwifi: mvm: disable RX-diversity in powersave (Johannes Berg) \n- PM: hibernate: Get block device exclusively in swsusp_check() (Ye Bin) \n- mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (Zheyu Ma) \n- tracing/cfi: Fix cmp_entries_* functions signature mismatch (Kalesh Singh) \n- lib/xz: Validate the value before assigning it to an enum variable (Lasse Collin) \n- lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (Lasse Collin) \n- memstick: r592: Fix a UAF bug when removing the driver (Zheyu Ma) \n- leaking_addresses: Always print a trailing newline (Kees Cook) \n- ACPI: battery: Accept charges over the design capacity as full (Andre Almeida) \n- ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (Tuo Li) \n- tracefs: Have tracefs directories not set OTH permission bits by default (Steven Rostedt (VMware)) \n- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (Anant Thazhemadam) \n- ACPICA: Avoid evaluating methods too early during system resume (Rafael J. Wysocki) \n- ia64: dont do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK (Randy Dunlap) \n- media: mceusb: return without resubmitting URB in case of -EPROTO error. (Rajat Asthana) \n- media: s5p-mfc: Add checking to s5p_mfc_probe(). (Nadezda Lutovinova) \n- media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (Tuo Li) \n- media: uvcvideo: Set capability in s_param (Ricardo Ribalda) \n- media: netup_unidvb: handle interrupt properly according to the firmware (Zheyu Ma) \n- media: mt9p031: Fix corrupted frame after restarting stream (Dirk Bender) \n- mwifiex: Properly initialize private structure on interface type changes (Jonas Drebler) \n- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (Jonas Drebler) \n- x86: Increase exception stack sizes (Peter Zijlstra) \n- smackfs: Fix use-after-free in netlbl_catmap_walk() (Pawan Gupta) \n- locking/lockdep: Avoid RCU-induced noinstr fail (Peter Zijlstra) \n- MIPS: lantiq: dma: reset correct number of channel (Aleksander Jan Bajkowski) \n- MIPS: lantiq: dma: add small delay after reset (Aleksander Jan Bajkowski) \n- platform/x86: wmi: do not fail if disabling fails (Barnabas Pocze) \n- Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo) \n- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (Takashi Iwai) {CVE-2021-3640}\n- USB: iowarrior: fix control-message timeouts (Johan Hovold) \n- USB: serial: keyspan: fix memleak on probe errors (Wang Hai) \n- iio: dac: ad5446: Fix ad5622_write() return value (Pekka Korpinen) \n- pinctrl: core: fix possible memory leak in pinctrl_enable() (Yang Yingliang) \n- quota: correct error number in free_dqentry() (Zhang Yi) \n- quota: check block number when reading the block in quota file (Zhang Yi) \n- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (Marek Behun) \n- PCI: aardvark: Fix return value of MSI domain .alloc() method (Marek Behun) \n- PCI: aardvark: Do not unmask unused interrupts (Pali Rohar) \n- PCI: aardvark: Do not clear status bits of masked interrupts (Pali Rohar) \n- xen/balloon: add late_initcall_sync() for initial ballooning done (Juergen Gross) \n- ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume (Pavel Skripkin) \n- ALSA: mixer: oss: Fix racy access to slots (Takashi Iwai) \n- serial: core: Fix initializing and restoring termios speed (Pali Rohar) \n- powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found (Xiaoming Ni) \n- power: supply: max17042_battery: use VFSOC for capacity when no rsns (Henrik Grimler) \n- power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (Sebastian Krzyszkowiak) \n- signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT (Eric W. Biederman) \n- signal: Remove the bogus sigkill_pending in ptrace_stop (Eric W. Biederman) \n- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (Alok Prasad) \n- wcn36xx: handle connection loss indication (Benjamin Li) \n- libata: fix checking of DMA state (Reimar Doffinger) \n- mwifiex: Read a PCI register after writing the TX ring write pointer (Jonas Drebler) \n- wcn36xx: Fix HT40 capability for 2Ghz band (Loic Poulain) \n- evm: mark evm_fixmode as __ro_after_init (Austin Kim) \n- rtl8187: fix control-message timeouts (Johan Hovold) \n- PCI: Mark Atheros QCA6174 to avoid bus reset (Ingmar Klein) \n- ath10k: fix division by zero in send path (Johan Hovold) \n- ath10k: fix control-message timeout (Johan Hovold) \n- ath6kl: fix control-message timeout (Johan Hovold) \n- ath6kl: fix division by zero in send path (Johan Hovold) \n- mwifiex: fix division by zero in fw download path (Johan Hovold) \n- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (Eric Badger) \n- regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (Krzysztof Kozlowski) \n- regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (Krzysztof Kozlowski) \n- hwmon: (pmbus/lm25066) Add offset coefficients (Zev Weiss) \n- btrfs: fix lost error handling when replaying directory deletes (Filipe Manana) \n- vmxnet3: do not stop tx queues after netif_device_detach() (Dongli Zhang) \n- watchdog: Fix OMAP watchdog early handling (Walter Stoll) \n- spi: spl022: fix Microwire full duplex mode (Thomas Perrot) \n- bpf: Prevent increasing bpf_jit_limit above max (Lorenz Bauer) \n- mmc: winbond: dont build on M68K (Randy Dunlap) \n- hyperv/vmbus: include linux/bitops.h (Arnd Bergmann) \n- sfc: Dont use netif_info before net_device setup (Erik Ekman) \n- cavium: Fix return values of the probe function (Zheyu Ma) \n- scsi: qla2xxx: Fix unmap of already freed sgl (Dmitry Bogdanov) \n- cavium: Return negative value when pci_alloc_irq_vectors() fails (Zheyu Ma) \n- x86/irq: Ensure PI wakeup handler is unregistered before module unload (Sean Christopherson) \n- ALSA: timer: Unconditionally unlink slave instances, too (Takashi Iwai) \n- ALSA: timer: Fix use-after-free problem (Wang Wensheng) \n- ALSA: synth: missing check for possible NULL after the call to kstrdup (Austin Kim) \n- ALSA: line6: fix control and interrupt message timeouts (Johan Hovold) \n- ALSA: 6fire: fix control and bulk message timeouts (Johan Hovold) \n- ALSA: ua101: fix division by zero at probe (Johan Hovold) \n- media: ite-cir: IR receiver stop working after receive overflow (Sean Young) \n- tpm: Check for integer overflow in tpm2_map_response_body() (Dan Carpenter) \n- parisc: Fix ptrace check on syscall return (Helge Deller) \n- mmc: dw_mmc: Dont wait for DRTO on Write RSP error (Christian Lohle) \n- ocfs2: fix data corruption on truncate (Jan Kara) \n- libata: fix read log timeout value (Damien Le Moal) \n- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (Takashi Iwai) \n- Input: elantench - fix misreporting trackpoint coordinates (Phoenix Huang) \n- binder: use cred instead of task for selinux checks (Todd Kjos) \n- binder: use euid from cred instead of using task (Todd Kjos) \n- xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (Mathias Nyman) \n- Linux 4.14.255 (Greg Kroah-Hartman) \n- rsi: fix control-message timeout (Johan Hovold) \n- staging: rtl8192u: fix control-message timeouts (Johan Hovold) \n- staging: r8712u: fix control-message timeout (Johan Hovold) \n- comedi: vmk80xx: fix bulk and interrupt message timeouts (Johan Hovold) \n- comedi: vmk80xx: fix bulk-buffer overflow (Johan Hovold) \n- comedi: vmk80xx: fix transfer-buffer overflows (Johan Hovold) \n- comedi: ni_usb6501: fix NULL-deref in command paths (Johan Hovold) \n- comedi: dt9812: fix DMA buffers on stack (Johan Hovold) \n- isofs: Fix out of bound access for corrupted isofs image (Jan Kara) \n- printk/console: Allow to disable console output by using console= or console=null (Petr Mladek) \n- usb-storage: Add compatibility quirk flags for iODD 2531/2541 (James Buren) \n- usb: musb: Balance list entry in musb_gadget_queue (Viraj Shah) \n- usb: gadget: Mark USB_FSL_QE broken on 64-bit (Geert Uytterhoeven) \n- Revert x86/kvm: fix vcpu-id indexed array sizes (Juergen Gross) \n- block: introduce multi-page bvec helpers (Ming Lei) \n- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (Mike Marciniszyn) \n- IB/qib: Use struct_size() helper (Gustavo A. R. Silva) \n- ARM: 9120/1: Revert amba: make use of -1 IRQs warn (Wang Kefeng) \n- arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed (Arnd Bergmann) \n- mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS (Kirill A. Shutemov) \n- media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Dan Carpenter) \n- scsi: core: Put LLD module refcnt after SCSI device is released (Ming Lei) \n- Linux 4.14.254 (Greg Kroah-Hartman) \n- sctp: add vtag check in sctp_sf_ootb (Xin Long) \n- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (Xin Long) \n- sctp: add vtag check in sctp_sf_violation (Xin Long) \n- sctp: fix the processing for COOKIE_ECHO chunk (Xin Long) \n- sctp: use init_tag from inithdr for ABORT chunk (Xin Long) \n- net: nxp: lpc_eth.c: avoid hang when bringing interface down (Trevor Woerner) \n- nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST (Guenter Roeck) \n- net: batman-adv: fix error handling (Pavel Skripkin) \n- regmap: Fix possible double-free in regcache_rbtree_exit() (Yang Yingliang) \n- net: lan78xx: fix division by zero in send path (Johan Hovold) \n- mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (Haibo Chen) \n- mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (Shawn Guo) \n- mmc: dw_mmc: exynos: fix the finding clock sample value (Jaehoon Chung) \n- mmc: vub300: fix control-message timeouts (Johan Hovold) \n- ipv4: use siphash instead of Jenkins in fnhe_hashfun() (Eric Dumazet) \n- Revert net: mdiobus: Fix memory leak in __mdiobus_register (Pavel Skripkin) \n- nfc: port100: fix using -ERRNO as command type mask (Krzysztof Kozlowski) \n- ata: sata_mv: Fix the error handling of mv_chip_id() (Zheyu Ma) \n- usbnet: fix error return code in usbnet_probe() (Wang Hai) \n- usbnet: sanity check for maxpacket (Oliver Neukum) \n- ARM: 8819/1: Remove -p from LDFLAGS (Nathan Chancellor) \n- powerpc/bpf: Fix BPF_MOD when imm == 1 (Naveen N. Rao) \n- ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (Arnd Bergmann) \n- ARM: 9134/1: remove duplicate memcpy() definition (Arnd Bergmann) \n- ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (Nick Desaulniers)\n[4.14.35-2047.511.0]\n- Linux 4.14.253 (Greg Kroah-Hartman) \n- ASoC: DAPM: Cover regression by kctl change notification fix (Takashi Iwai) \n- ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (Nick Desaulniers) \n- tracing: Have all levels of checks prevent recursion (Steven Rostedt (VMware)) \n- net: mdiobus: Fix memory leak in __mdiobus_register (Yanfei Xu) \n- ALSA: hda: avoid write to STATESTS if controller is in reset (Kai Vehmanen) \n- platform/x86: intel_scu_ipc: Update timeout value in comment (Prashant Malani) \n- isdn: mISDN: Fix sleeping function called from invalid context (Zheyu Ma) \n- ARM: dts: spear3xx: Fix gmac node (Herve Codina) \n- net: stmmac: add support for dwmac 3.40a (Herve Codina) \n- btrfs: deal with errors when checking if a dir entry exists during log replay (Filipe Manana) \n- netfilter: Kconfig: use default y instead of m for bool config option (Vegard Nossum) \n- isdn: cpai: check ctr->cnr to avoid array index out of bound (Xiaolong Huang) \n- nfc: nci: fix the UAF of rf_conn_info object (Lin Ma) \n- ASoC: DAPM: Fix missing kctl change notifications (Takashi Iwai) \n- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (Brendan Grieve) \n- vfs: check fd has read access in kernel_read_file_from_fd() (Matthew Wilcox (Oracle)) \n- elfcore: correct reference to CONFIG_UML (Lukas Bulwahn) \n- ocfs2: mount fails with buffer overflow in strlen (Valentin Vidic) \n- ocfs2: fix data corruption after conversion from inline format (Jan Kara) \n- can: peak_pci: peak_pci_remove(): fix UAF (Zheyu Ma) \n- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (Stephane Grosjean) \n- can: rcar_can: fix suspend/resume (Yoshihiro Shimoda) \n- NIOS2: irqflags: rename a redefined register name (Randy Dunlap) \n- netfilter: ipvs: make global sysctl readonly in non-init netns (Antoine Tenart) \n- NFSD: Keep existing listeners on portlist error (Benjamin Coddington) \n- xtensa: xtfpga: Try software restart before simulating CPU reset (Guenter Roeck) \n- xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF (Max Filippov) \n- ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default (Eugen Hristev) \n- uek-rpm: Add _raw_spin_trylock to KABI (John Donnelly) [Orabug: 33557961] \n- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33581183] \n- RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib) [Orabug: 33615343] \n- net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33615357] \n- rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33611440] \n- net/mlx5: Remove unnecessary prints from mlx5_enter_error_state. (Anand Khoje) [Orabug: 33175315] \n- net/rds: Dont pummel the subnet-manager (Gerd Rausch) [Orabug: 33589568] \n- x86/clear_page: add alternative for clear_page_clzero() (Ankur Arora) [Orabug: 33580825] \n- x86/asm: add clzero based page clearing (Ankur Arora) [Orabug: 33580825] \n- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on all AMD Zen models (Ankur Arora) [Orabug: 33580825] \n- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (Kim Phillips) [Orabug: 33580825] \n- uek-rpm: Add smartpqi driver module in ueknano kernel (Somasundaram Krishnasamy) [Orabug: 33590163]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-28T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-3640", "CVE-2021-4155", "CVE-2021-43975", "CVE-2021-44733", "CVE-2022-0492"], "modified": "2022-02-28T00:00:00", "id": "ELSA-2022-9180", "href": "http://linux.oracle.com/errata/ELSA-2022-9180.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-15T15:28:56", "description": "[4.14.35-2047.511.5.2]\n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33876756] {CVE-2022-0492}\n- scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33876755]\n[4.14.35-2047.511.5.1]\n- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33836770]\n[4.14.35-2047.511.5]\n- irq/msi: add extra step when both old and new affinity are not current cpu (Joe Jin) [Orabug: 33789982] \n- Revert rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33795472] \n- smp: always continue to process IRQ work (Stephen Brennan) [Orabug: 33775326] \n- scsi: libiscsi: Fix iscsi_task use after free() (Mike Christie) [Orabug: 33674803] \n- scsi: libiscsi: Drop taskqueuelock (Mike Christie) [Orabug: 33674803] \n- netfilter: fix regression in looped (broad|multi)casts MAC handling (Ignacy Gawedzki) \n- PM: hibernate: use correct mode for swsusp_close() (Thomas Zeitlhofer) \n- tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware)) \n- binder: fix test regression due to sender_euid change (Todd Kjos) \n- IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (Jose Exposito)\n[4.14.35-2047.511.4]\n- net/rds: Refactor rds_ib_recv_refill_one (Freddy Carrillo) [Orabug: 33811840] \n- net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33811824] \n- ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33811779] \n- rds: ib: Ack seq not always received in monotonic increasing order (Hakon Bugge) [Orabug: 33810922] \n- arm64: pcie: Intercept Pensando specific SError (Henry Willard) [Orabug: 33811771] \n- arm64: pcie: Change bad_mode hook to cap_pciep_access_in_progress() (Henry Willard) [Orabug: 33811771] \n- arm64: pcie: Remove Pensando SError trapping patch (Henry Willard) [Orabug: 33811771] \n- take care multiple extents in CoW extent converting (Wengang Wang) [Orabug: 33811755]\n[4.14.35-2047.511.3]\n- scsi: vmw_pvscsi: Set residual data length conditionally (Alexey Makhalov) [Orabug: 33761308] \n- xfs: force the log offline when log intent item recovery fails (Darrick J. Wong) [Orabug: 33757273] \n- xfs: cancel intents immediately if process_intents fails (Darrick J. Wong) [Orabug: 33757273] \n- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33749641] \n- irqchip/gic-v3-its: Allow use of LPI tables in reserved memory (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Register LPI tables with EFI config table (Marc Zyngier) [Orabug: 33749641] \n- efi: add API to reserve memory persistently across kexec reboot (Ard Biesheuvel) [Orabug: 33749641] \n- efi/arm: libstub: add a root memreserve config table (Ard Biesheuvel) [Orabug: 33749641] \n- efi: honour memory reservations passed via a linux specific config table (Ard Biesheuvel) [Orabug: 33749641] \n- irqchip/gic-v3-its: Check that all RDs have the same property table (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Use pre-programmed redistributor tables with kdump kernels (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Allow use of pre-programmed LPI tables (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Keep track of property tables PA and VA (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Move pending table allocation to init time (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Split property table clearing from allocation (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Simplify LPI_PENDBASE_SZ usage (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Change initialization ordering for LPIs (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Cap lpi_id_bits to reduce memory footprint (Jia He) [Orabug: 33749641] \n- irqchip/gic-v3-its: Make its_lock a raw_spin_lock_t (Sebastian Andrzej Siewior) [Orabug: 33749641] \n- irqchip/gic-v3-its: Honor hypervisor enforced LPI range (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3: Expose GICD_TYPER in the rdist structure (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Drop chunk allocation compatibility (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Move minimum LPI requirements to individual busses (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Use full range of LPIs (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Refactor LPI allocator (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Only emit VSYNC if targetting a valid collection (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3-its: Only emit SYNC if targetting a valid collection (Marc Zyngier) [Orabug: 33749641] \n- irqchip/gic-v3: Ensure GICR_CTLR.EnableLPI=0 is observed before enabling (Shanker Donthineni) [Orabug: 33749641] \n- irqchip/gic-v3-its: Pass its_node pointer to each command builder (Marc Zyngier) [Orabug: 33749641] \n- tee: handle lookup of shm with reference count 0 (Jens Wiklander) [Orabug: 33739583] {CVE-2021-44733}\n- rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33660978] \n- net/mlx5: Fix eeprom support for SFP module (Eran Ben Elisha) [Orabug: 33541468] \n- x86/vector: search CPU vector starts from last successfully assigned (Joe Jin) [Orabug: 33290504]\n[4.14.35-2047.511.2]\n- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33756155] {CVE-2021-4155}\n- net/mlx5e: ethtool, Add support for EEPROM high pages query (Erez Alfasi) [Orabug: 33755527] \n- ethtool: Add SFF-8436 and SFF-8636 max EEPROM length definitions (Erez Alfasi) [Orabug: 33755527] \n- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (George Kennedy) [Orabug: 33731361] \n- uek-rpm: configs: disable CONFIG_USB_GADGET (aloktiw) [Orabug: 33730434] \n- rds: ib: Incorporate the stat counter ib_rdma_flush_mr_pool_avoided in the structure rds_ib_stat_names (Praveen Kumar Kannoju) [Orabug: 33720886] \n- panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33703438] \n- panic: disable optimistic spin after halting CPUs (Stephen Brennan) [Orabug: 33703438] \n- atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (Zekun Shen) [Orabug: 33594985] {CVE-2021-43975}\n- x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Yazen Ghannam) [Orabug: 33427596] \n- EDAC/mce_amd: Add new error descriptions for existing types (Yazen Ghannam) [Orabug: 33427596] \n- x86/mce, EDAC/mce_amd: Print PPIN in machine check records (Smita Koralahalli) [Orabug: 33427596] \n- x86/mce/amd, edac: Remove report_gart_errors (Borislav Petkov) [Orabug: 33427596] \n- x86/mce/amd: Add PPIN support for AMD MCE (Wei Huang) [Orabug: 33427596] \n- x86/mce: Take action on UCNA/Deferred errors again (Jan H. Schonherr) [Orabug: 33427596] \n- xen/mcelog: add PPIN to record when available (Jan Beulich) [Orabug: 33427596] \n- xen/mcelog: drop __MC_MSR_MCGCAP (Jan Beulich) [Orabug: 33427596] \n- x86/MCE/AMD: Dont report L1 BTB MCA errors on some family 17h models (Yazen Ghannam) [Orabug: 33427596] \n- x86/MCE: Add an MCE-record filtering function (Yazen Ghannam) [Orabug: 33427596] \n- EDAC, mce_amd: Print ExtErrorCode and description on a single line (Yazen Ghannam) [Orabug: 33427596] \n- mstflint_access: Update driver code to v4.18.0-1 from Github (Sharath Srinivasan) [Orabug: 33186485] \n- mstflint_access: Update driver code to v4.17.0-1 from Github (Sharath Srinivasan) [Orabug: 33186485] \n- mstflint_access: Add README.txt (Sharath Srinivasan) [Orabug: 33186485] \n- Revert Revert net/mlx4_core: Add masking for a few queries on HCA caps (Freddy Carrillo) [Orabug: 32603654]\n[4.14.35-2047.511.1]\n- uek-rpm: Update ol7 locklist with fnic symbols (Saeed Mirzamohammadi) [Orabug: 33590914] \n- mm, oom: dump stack of victim when reaping failed (David Rientjes) [Orabug: 33647102] \n- memcg: prohibit unconditional exceeding the limit of dying tasks (Vasily Averin) [Orabug: 33647102] \n- memcg: enable memcg oom-kill for __GFP_NOFAIL (Shakeel Butt) [Orabug: 33647102] \n- memcg, oom: no oom-kill for __GFP_RETRY_MAYFAIL (Shakeel Butt) [Orabug: 33647102] \n- memcg: killed threads should not invoke memcg OOM killer (Tetsuo Handa) [Orabug: 33647102] \n- memcg, oom: notify on oom killer invocation from the charge path (Michal Hocko) [Orabug: 33647102] \n- mm: memcontrol: print proper OOM header when no eligible victim left (Johannes Weiner) [Orabug: 33647102] \n- memcg, oom: move out_of_memory back to the charge path (Michal Hocko) [Orabug: 33647102] \n- rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33671340] \n- arm64: kexec: Suppress kexec on embedded systems (smartnics) (Henry Willard) [Orabug: 33699776] \n- fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679805] {CVE-2021-0920}\n- fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679805] \n- xfs: remove all COW fork extents when remounting readonly (Darrick J. Wong) [Orabug: 33676191] \n- RDS/IB: Fix error when trying to unallocate ring buffers (Hans Westgaard Ry) [Orabug: 33620350] \n- net: macsec: Severe performance regression in ...preserve ordering (Venkat Venkatsubra) [Orabug: 33557957] \n- Linux 4.14.256 (Greg Kroah-Hartman) \n- soc/tegra: pmc: Fix imbalanced clock disabling in error code path (Dmitry Osipenko) \n- usb: max-3421: Use driver data instead of maintaining a list of bound devices (Uwe Kleine-Konig) \n- RDMA/netlink: Add __maybe_unused to static inline in C file (Leon Romanovsky) \n- batman-adv: Dont always reallocate the fragmentation skb head (Sven Eckelmann) \n- batman-adv: Reserve needed_*room for fragments (Sven Eckelmann) \n- batman-adv: Consider fragmentation for needed_headroom (Sven Eckelmann) \n- batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (Linus Lussing) \n- batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (Linus Lussing) \n- perf/core: Avoid put_page() when GUP fails (Greg Thelen) \n- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (hongao) \n- drm/udl: fix control-message timeout (Johan Hovold) \n- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (Nguyen Dinh Phi) \n- parisc/sticon: fix reverse colors (Sven Schnelle) \n- btrfs: fix memory ordering between normal and ordered work functions (Nikolay Borisov) \n- mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag (Rustam Kovhaev) \n- hexagon: export raw I/O routines for modules (Nathan Chancellor) \n- tun: fix bonding active backup with arp monitoring (Nicolas Dichtel) \n- perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server (Alexander Antonov) \n- perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server (Alexander Antonov) \n- NFC: reorder the logic in nfc_{un,}register_device (Lin Ma) \n- NFC: reorganize the functions in nci_request (Lin Ma) \n- i40e: Fix NULL ptr dereference on VSI filter sync (Michal Maloszewski) \n- net: virtio_net_hdr_to_skb: count transport header in UFO (Jonathan Davies) \n- platform/x86: hp_accel: Fix an error handling path in lis3lv02d_probe() (Christophe JAILLET) \n- mips: lantiq: add support for clk_get_parent() (Randy Dunlap) \n- mips: bcm63xx: add support for clk_get_parent() (Randy Dunlap) \n- MIPS: generic/yamon-dt: fix uninitialized variable error (Colin Ian King) \n- iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Surabhi Boob) \n- net: bnx2x: fix variable dereferenced before check (Pavel Skripkin) \n- sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (Vincent Donnefort) \n- mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set (Randy Dunlap) \n- sh: define __BIG_ENDIAN for math-emu (Randy Dunlap) \n- sh: fix kconfig unmet dependency warning for FRAME_POINTER (Randy Dunlap) \n- maple: fix wrong return value of maple_bus_init(). (Lu Wei) \n- sh: check return code of request_irq (Nick Desaulniers) \n- powerpc/dcr: Use cmplwi instead of 3-argument cmpli (Michael Ellerman) \n- ALSA: gus: fix null pointer dereference on pointer block (Chengfeng Ye) \n- powerpc/5200: dts: fix memory node unit name (Anatolij Gustschin) \n- scsi: target: Fix alua_tg_pt_gps_count tracking (Mike Christie) \n- scsi: target: Fix ordered tag handling (Mike Christie) \n- MIPS: sni: Fix the build (Bart Van Assche) \n- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Guanghui Feng) \n- usb: host: ohci-tmio: check return value after calling platform_get_resource() (Yang Yingliang) \n- ARM: dts: omap: fix gpmc,mux-add-data type (Roger Quadros) \n- scsi: advansys: Fix kernel pointer leak (Guo Zhi) \n- usb: musb: tusb6010: check return value after calling platform_get_resource() (Yang Yingliang) \n- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (James Smart) \n- arm64: zynqmp: Fix serial compatible string (Michal Simek) \n- PCI/MSI: Destroy sysfs before freeing entries (Thomas Gleixner) \n- parisc/entry: fix trace test in syscall exit path (Sven Schnelle) \n- tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (Paul Burton) \n- ext4: fix lazy initialization next schedule time computation in more granular unit (Shaoying Xu) \n- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (Pali Rohar) \n- s390/cio: check the subchannel validity for dev_busid (Vineeth Vijayan) \n- mm, oom: do not trigger out_of_memory from the #PF (Michal Hocko) \n- mm, oom: pagefault_out_of_memory: dont force global OOM for dying tasks (Vasily Averin) \n- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (Naveen N. Rao) \n- powerpc/bpf: Validate branch ranges (Naveen N. Rao) \n- powerpc/lib: Add helper to check if offset is within conditional branch range (Naveen N. Rao) \n- ARM: 9156/1: drop cc-option fallbacks for architecture selection (Arnd Bergmann) \n- ARM: 9155/1: fix early early_iounmap() (Michal Miroslaw) \n- USB: chipidea: fix interrupt deadlock (Johan Hovold) \n- vsock: prevent unnecessary refcnt inc for nonblocking connect (Eiichi Tsukata) \n- nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (Chengfeng Ye) \n- llc: fix out-of-bound array index in llc_sk_dev_hash() (Eric Dumazet) \n- mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() (Miaohe Lin) \n- bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (Huang Guobin) \n- ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (Hans de Goede) \n- net: davinci_emac: Fix interrupt pacing disable (Maxim Kiselev) \n- xen-pciback: Fix return in pm_ctrl_init() (YueHaibing) \n- i2c: xlr: Fix a resource leak in the error handling path of xlr_i2c_probe() (Christophe JAILLET) \n- scsi: qla2xxx: Turn off target reset during issue_lip (Quinn Tran) \n- ar7: fix kernel builds for compiler test (Jackie Liu) \n- watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (Ahmad Fatoum) \n- m68k: set a default value for MEMORY_RESERVE (Randy Dunlap) \n- dmaengine: dmaengine_desc_callback_valid(): Check for (Lars-Peter Clausen) \n- netfilter: nfnetlink_queue: fix OOB when mac header was cleared (Florian Westphal) \n- auxdisplay: ht16k33: Fix frame buffer device blanking (Geert Uytterhoeven) \n- auxdisplay: ht16k33: Connect backlight to fbdev (Geert Uytterhoeven) \n- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (Geert Uytterhoeven) \n- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (Claudiu Beznea) \n- mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (Evgeny Novikov) \n- fs: orangefs: fix error return code of orangefs_revalidate_lookup() (Jia-Ju Bai) \n- NFS: Fix deadlocks in nfs_scan_commit_list() (Trond Myklebust) \n- PCI: aardvark: Dont spam about PIO Response Status (Marek Behun) \n- drm/plane-helper: fix uninitialized variable reference (Alex Xu (Hello71)) \n- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (Baptiste Lepers) \n- rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined (Arnaud Pouliquen) \n- apparmor: fix error check (Tom Rix) \n- power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (Hans de Goede) \n- mips: cm: Convert to bitfield API to fix out-of-bounds access (Geert Uytterhoeven) \n- serial: xilinx_uartps: Fix race condition causing stuck TX (Anssi Hannula) \n- ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (Richard Fitzgerald) \n- ASoC: cs42l42: Correct some register default values (Richard Fitzgerald) \n- RDMA/mlx4: Return missed an error if device doesnt support steering (Leon Romanovsky) \n- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Dan Carpenter) \n- power: supply: rt5033_battery: Change voltage values to uV (Jakob Hauser) \n- usb: gadget: hid: fix error code in do_config() (Dan Carpenter) \n- serial: 8250_dw: Drop wrong use of ACPI_PTR() (Andy Shevchenko) \n- video: fbdev: chipsfb: use memset_io() instead of memset() (Christophe Leroy) \n- memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (Dongliang Mu) \n- soc/tegra: Fix an error handling path in tegra_powergate_power_up() (Christophe JAILLET) \n- arm: dts: omap3-gta04a4: accelerometer irq fix (Andreas Kemnade) \n- ALSA: hda: Reduce udelay() at SKL+ position reporting (Takashi Iwai) \n- JFS: fix memleak in jfs_mount (Dongliang Mu) \n- MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT (Jackie Liu) \n- scsi: dc395: Fix error case unwinding (Tong Zhang) \n- ARM: dts: at91: tse850: the emac<->phy interface is rmii (Peter Rosin) \n- ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (Jackie Liu) \n- RDMA/rxe: Fix wrong port_cap_flags (Junji Wei) \n- ibmvnic: Process crqs after enabling interrupts (Sukadev Bhattiprolu) \n- crypto: pcrypt - Delay write to padata->info (Daniel Jordan) \n- net: phylink: avoid mvneta warning when setting pause parameters (Russell King (Oracle)) \n- net: amd-xgbe: Toggle PLL settings during rate change (Shyam Sundar S K) \n- libertas: Fix possible memory leak in probe and disconnect (Wang Hai) \n- libertas_tf: Fix possible memory leak in probe and disconnect (Wang Hai) \n- samples/kretprobes: Fix return value if register_kretprobe() failed (Tiezhu Yang) \n- irq: mips: avoid nested irq_enter() (Mark Rutland) \n- s390/gmap: dont unconditionally call pte_unmap_unlock() in __gmap_zap() (David Hildenbrand) \n- smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi (Tetsuo Handa) \n- PM: hibernate: fix sparse warnings (Anders Roxell) \n- phy: micrel: ksz8041nl: do not use power down mode (Stefan Agner) \n- mwifiex: Send DELBA requests according to spec (Jonas Drebler) \n- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (Nathan Chancellor) \n- mmc: mxs-mmc: disable regulator on error and in the remove function (Christophe JAILLET) \n- net: stream: dont purge sk_error_queue in sk_stream_kill_queues() (Jakub Kicinski) \n- drm/msm: uninitialized variable in msm_gem_import() (Dan Carpenter) \n- ath10k: fix max antenna gain unit (Sven Eckelmann) \n- hwmon: Fix possible memleak in __hwmon_device_register() (Yang Yingliang) \n- memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (Dan Carpenter) \n- memstick: avoid out-of-range warning (Arnd Bergmann) \n- b43: fix a lower bounds test (Dan Carpenter) \n- b43legacy: fix a lower bounds test (Dan Carpenter) \n- hwrng: mtk - Force runtime pm ops for sleep ops (Markus Schneider-Pargmann) \n- crypto: qat - disregard spurious PFVF interrupts (Giovanni Cabiddu) \n- crypto: qat - detect PFVF collision after ACK (Giovanni Cabiddu) \n- ath9k: Fix potential interrupt storm on queue reset (Linus Lussing) \n- cpuidle: Fix kobject memory leaks in error paths (Anel Orazgaliyeva) \n- media: cx23885: Fix snd_card_free call on null card pointer (Colin Ian King) \n- media: si470x: Avoid card name truncation (Kees Cook) \n- media: mtk-vpu: Fix a resource leak in the error handling path of mtk_vpu_probe() (Christophe JAILLET) \n- media: dvb-usb: fix ununit-value in az6027_rc_query (Pavel Skripkin) \n- cgroup: Make rebind_subsystems() disable v2 controllers all at once (Waiman Long) \n- parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling (Sven Schnelle) \n- task_stack: Fix end_of_stack() for architectures with upwards-growing stack (Helge Deller) \n- parisc: fix warning in flush_tlb_all (Sven Schnelle) \n- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (Yang Yingliang) \n- ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (Arnd Bergmann) \n- gre/sit: Dont generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE (Stephen Suryaputra) \n- ARM: clang: Do not rely on lr register for stacktrace (Masami Hiramatsu) \n- smackfs: use __GFP_NOFAIL for smk_cipso_doi() (Tetsuo Handa) \n- iwlwifi: mvm: disable RX-diversity in powersave (Johannes Berg) \n- PM: hibernate: Get block device exclusively in swsusp_check() (Ye Bin) \n- mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (Zheyu Ma) \n- tracing/cfi: Fix cmp_entries_* functions signature mismatch (Kalesh Singh) \n- lib/xz: Validate the value before assigning it to an enum variable (Lasse Collin) \n- lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (Lasse Collin) \n- memstick: r592: Fix a UAF bug when removing the driver (Zheyu Ma) \n- leaking_addresses: Always print a trailing newline (Kees Cook) \n- ACPI: battery: Accept charges over the design capacity as full (Andre Almeida) \n- ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (Tuo Li) \n- tracefs: Have tracefs directories not set OTH permission bits by default (Steven Rostedt (VMware)) \n- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (Anant Thazhemadam) \n- ACPICA: Avoid evaluating methods too early during system resume (Rafael J. Wysocki) \n- ia64: dont do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK (Randy Dunlap) \n- media: mceusb: return without resubmitting URB in case of -EPROTO error. (Rajat Asthana) \n- media: s5p-mfc: Add checking to s5p_mfc_probe(). (Nadezda Lutovinova) \n- media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (Tuo Li) \n- media: uvcvideo: Set capability in s_param (Ricardo Ribalda) \n- media: netup_unidvb: handle interrupt properly according to the firmware (Zheyu Ma) \n- media: mt9p031: Fix corrupted frame after restarting stream (Dirk Bender) \n- mwifiex: Properly initialize private structure on interface type changes (Jonas Drebler) \n- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (Jonas Drebler) \n- x86: Increase exception stack sizes (Peter Zijlstra) \n- smackfs: Fix use-after-free in netlbl_catmap_walk() (Pawan Gupta) \n- locking/lockdep: Avoid RCU-induced noinstr fail (Peter Zijlstra) \n- MIPS: lantiq: dma: reset correct number of channel (Aleksander Jan Bajkowski) \n- MIPS: lantiq: dma: add small delay after reset (Aleksander Jan Bajkowski) \n- platform/x86: wmi: do not fail if disabling fails (Barnabas Pocze) \n- Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo) \n- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (Takashi Iwai) {CVE-2021-3640}\n- USB: iowarrior: fix control-message timeouts (Johan Hovold) \n- USB: serial: keyspan: fix memleak on probe errors (Wang Hai) \n- iio: dac: ad5446: Fix ad5622_write() return value (Pekka Korpinen) \n- pinctrl: core: fix possible memory leak in pinctrl_enable() (Yang Yingliang) \n- quota: correct error number in free_dqentry() (Zhang Yi) \n- quota: check block number when reading the block in quota file (Zhang Yi) \n- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (Marek Behun) \n- PCI: aardvark: Fix return value of MSI domain .alloc() method (Marek Behun) \n- PCI: aardvark: Do not unmask unused interrupts (Pali Rohar) \n- PCI: aardvark: Do not clear status bits of masked interrupts (Pali Rohar) \n- xen/balloon: add late_initcall_sync() for initial ballooning done (Juergen Gross) \n- ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume (Pavel Skripkin) \n- ALSA: mixer: oss: Fix racy access to slots (Takashi Iwai) \n- serial: core: Fix initializing and restoring termios speed (Pali Rohar) \n- powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found (Xiaoming Ni) \n- power: supply: max17042_battery: use VFSOC for capacity when no rsns (Henrik Grimler) \n- power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (Sebastian Krzyszkowiak) \n- signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT (Eric W. Biederman) \n- signal: Remove the bogus sigkill_pending in ptrace_stop (Eric W. Biederman) \n- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (Alok Prasad) \n- wcn36xx: handle connection loss indication (Benjamin Li) \n- libata: fix checking of DMA state (Reimar Doffinger) \n- mwifiex: Read a PCI register after writing the TX ring write pointer (Jonas Drebler) \n- wcn36xx: Fix HT40 capability for 2Ghz band (Loic Poulain) \n- evm: mark evm_fixmode as __ro_after_init (Austin Kim) \n- rtl8187: fix control-message timeouts (Johan Hovold) \n- PCI: Mark Atheros QCA6174 to avoid bus reset (Ingmar Klein) \n- ath10k: fix division by zero in send path (Johan Hovold) \n- ath10k: fix control-message timeout (Johan Hovold) \n- ath6kl: fix control-message timeout (Johan Hovold) \n- ath6kl: fix division by zero in send path (Johan Hovold) \n- mwifiex: fix division by zero in fw download path (Johan Hovold) \n- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (Eric Badger) \n- regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (Krzysztof Kozlowski) \n- regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (Krzysztof Kozlowski) \n- hwmon: (pmbus/lm25066) Add offset coefficients (Zev Weiss) \n- btrfs: fix lost error handling when replaying directory deletes (Filipe Manana) \n- vmxnet3: do not stop tx queues after netif_device_detach() (Dongli Zhang) \n- watchdog: Fix OMAP watchdog early handling (Walter Stoll) \n- spi: spl022: fix Microwire full duplex mode (Thomas Perrot) \n- bpf: Prevent increasing bpf_jit_limit above max (Lorenz Bauer) \n- mmc: winbond: dont build on M68K (Randy Dunlap) \n- hyperv/vmbus: include linux/bitops.h (Arnd Bergmann) \n- sfc: Dont use netif_info before net_device setup (Erik Ekman) \n- cavium: Fix return values of the probe function (Zheyu Ma) \n- scsi: qla2xxx: Fix unmap of already freed sgl (Dmitry Bogdanov) \n- cavium: Return negative value when pci_alloc_irq_vectors() fails (Zheyu Ma) \n- x86/irq: Ensure PI wakeup handler is unregistered before module unload (Sean Christopherson) \n- ALSA: timer: Unconditionally unlink slave instances, too (Takashi Iwai) \n- ALSA: timer: Fix use-after-free problem (Wang Wensheng) \n- ALSA: synth: missing check for possible NULL after the call to kstrdup (Austin Kim) \n- ALSA: line6: fix control and interrupt message timeouts (Johan Hovold) \n- ALSA: 6fire: fix control and bulk message timeouts (Johan Hovold) \n- ALSA: ua101: fix division by zero at probe (Johan Hovold) \n- media: ite-cir: IR receiver stop working after receive overflow (Sean Young) \n- tpm: Check for integer overflow in tpm2_map_response_body() (Dan Carpenter) \n- parisc: Fix ptrace check on syscall return (Helge Deller) \n- mmc: dw_mmc: Dont wait for DRTO on Write RSP error (Christian Lohle) \n- ocfs2: fix data corruption on truncate (Jan Kara) \n- libata: fix read log timeout value (Damien Le Moal) \n- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (Takashi Iwai) \n- Input: elantench - fix misreporting trackpoint coordinates (Phoenix Huang) \n- binder: use cred instead of task for selinux checks (Todd Kjos) \n- binder: use euid from cred instead of using task (Todd Kjos) \n- xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (Mathias Nyman) \n- Linux 4.14.255 (Greg Kroah-Hartman) \n- rsi: fix control-message timeout (Johan Hovold) \n- staging: rtl8192u: fix control-message timeouts (Johan Hovold) \n- staging: r8712u: fix control-message timeout (Johan Hovold) \n- comedi: vmk80xx: fix bulk and interrupt message timeouts (Johan Hovold) \n- comedi: vmk80xx: fix bulk-buffer overflow (Johan Hovold) \n- comedi: vmk80xx: fix transfer-buffer overflows (Johan Hovold) \n- comedi: ni_usb6501: fix NULL-deref in command paths (Johan Hovold) \n- comedi: dt9812: fix DMA buffers on stack (Johan Hovold) \n- isofs: Fix out of bound access for corrupted isofs image (Jan Kara) \n- printk/console: Allow to disable console output by using console= or console=null (Petr Mladek) \n- usb-storage: Add compatibility quirk flags for iODD 2531/2541 (James Buren) \n- usb: musb: Balance list entry in musb_gadget_queue (Viraj Shah) \n- usb: gadget: Mark USB_FSL_QE broken on 64-bit (Geert Uytterhoeven) \n- Revert x86/kvm: fix vcpu-id indexed array sizes (Juergen Gross) \n- block: introduce multi-page bvec helpers (Ming Lei) \n- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (Mike Marciniszyn) \n- IB/qib: Use struct_size() helper (Gustavo A. R. Silva) \n- ARM: 9120/1: Revert amba: make use of -1 IRQs warn (Wang Kefeng) \n- arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed (Arnd Bergmann) \n- mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS (Kirill A. Shutemov) \n- media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Dan Carpenter) \n- scsi: core: Put LLD module refcnt after SCSI device is released (Ming Lei) \n- Linux 4.14.254 (Greg Kroah-Hartman) \n- sctp: add vtag check in sctp_sf_ootb (Xin Long) \n- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (Xin Long) \n- sctp: add vtag check in sctp_sf_violation (Xin Long) \n- sctp: fix the processing for COOKIE_ECHO chunk (Xin Long) \n- sctp: use init_tag from inithdr for ABORT chunk (Xin Long) \n- net: nxp: lpc_eth.c: avoid hang when bringing interface down (Trevor Woerner) \n- nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST (Guenter Roeck) \n- net: batman-adv: fix error handling (Pavel Skripkin) \n- regmap: Fix possible double-free in regcache_rbtree_exit() (Yang Yingliang) \n- net: lan78xx: fix division by zero in send path (Johan Hovold) \n- mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (Haibo Chen) \n- mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (Shawn Guo) \n- mmc: dw_mmc: exynos: fix the finding clock sample value (Jaehoon Chung) \n- mmc: vub300: fix control-message timeouts (Johan Hovold) \n- ipv4: use siphash instead of Jenkins in fnhe_hashfun() (Eric Dumazet) \n- Revert net: mdiobus: Fix memory leak in __mdiobus_register (Pavel Skripkin) \n- nfc: port100: fix using -ERRNO as command type mask (Krzysztof Kozlowski) \n- ata: sata_mv: Fix the error handling of mv_chip_id() (Zheyu Ma) \n- usbnet: fix error return code in usbnet_probe() (Wang Hai) \n- usbnet: sanity check for maxpacket (Oliver Neukum) \n- ARM: 8819/1: Remove -p from LDFLAGS (Nathan Chancellor) \n- powerpc/bpf: Fix BPF_MOD when imm == 1 (Naveen N. Rao) \n- ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (Arnd Bergmann) \n- ARM: 9134/1: remove duplicate memcpy() definition (Arnd Bergmann) \n- ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (Nick Desaulniers)\n[4.14.35-2047.511.0]\n- Linux 4.14.253 (Greg Kroah-Hartman) \n- ASoC: DAPM: Cover regression by kctl change notification fix (Takashi Iwai) \n- ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (Nick Desaulniers) \n- tracing: Have all levels of checks prevent recursion (Steven Rostedt (VMware)) \n- net: mdiobus: Fix memory leak in __mdiobus_register (Yanfei Xu) \n- ALSA: hda: avoid write to STATESTS if controller is in reset (Kai Vehmanen) \n- platform/x86: intel_scu_ipc: Update timeout value in comment (Prashant Malani) \n- isdn: mISDN: Fix sleeping function called from invalid context (Zheyu Ma) \n- ARM: dts: spear3xx: Fix gmac node (Herve Codina) \n- net: stmmac: add support for dwmac 3.40a (Herve Codina) \n- btrfs: deal with errors when checking if a dir entry exists during log replay (Filipe Manana) \n- netfilter: Kconfig: use default y instead of m for bool config option (Vegard Nossum) \n- isdn: cpai: check ctr->cnr to avoid array index out of bound (Xiaolong Huang) \n- nfc: nci: fix the UAF of rf_conn_info object (Lin Ma) \n- ASoC: DAPM: Fix missing kctl change notifications (Takashi Iwai) \n- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (Brendan Grieve) \n- vfs: check fd has read access in kernel_read_file_from_fd() (Matthew Wilcox (Oracle)) \n- elfcore: correct reference to CONFIG_UML (Lukas Bulwahn) \n- ocfs2: mount fails with buffer overflow in strlen (Valentin Vidic) \n- ocfs2: fix data corruption after conversion from inline format (Jan Kara) \n- can: peak_pci: peak_pci_remove(): fix UAF (Zheyu Ma) \n- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (Stephane Grosjean) \n- can: rcar_can: fix suspend/resume (Yoshihiro Shimoda) \n- NIOS2: irqflags: rename a redefined register name (Randy Dunlap) \n- netfilter: ipvs: make global sysctl readonly in non-init netns (Antoine Tenart) \n- NFSD: Keep existing listeners on portlist error (Benjamin Coddington) \n- xtensa: xtfpga: Try software restart before simulating CPU reset (Guenter Roeck) \n- xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF (Max Filippov) \n- ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default (Eugen Hristev) \n- uek-rpm: Add _raw_spin_trylock to KABI (John Donnelly) [Orabug: 33557961] \n- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33581183] \n- RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib) [Orabug: 33615343] \n- net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33615357] \n- rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33611440] \n- net/mlx5: Remove unnecessary prints from mlx5_enter_error_state. (Anand Khoje) [Orabug: 33175315] \n- net/rds: Dont pummel the subnet-manager (Gerd Rausch) [Orabug: 33589568] \n- x86/clear_page: add alternative for clear_page_clzero() (Ankur Arora) [Orabug: 33580825] \n- x86/asm: add clzero based page clearing (Ankur Arora) [Orabug: 33580825] \n- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on all AMD Zen models (Ankur Arora) [Orabug: 33580825] \n- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (Kim Phillips) [Orabug: 33580825] \n- uek-rpm: Add smartpqi driver module in ueknano kernel (Somasundaram Krishnasamy) [Orabug: 33590163]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-28T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-3640", "CVE-2021-4155", "CVE-2021-43975", "CVE-2021-44733", "CVE-2022-0492"], "modified": "2022-02-28T00:00:00", "id": "ELSA-2022-9179", "href": "http://linux.oracle.com/errata/ELSA-2022-9179.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T23:31:35", "description": "[5.4.17-2136.304.4.1]\n- Revert rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info (Rohit Nair) [Orabug: 33832625] \n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33832582] {CVE-2022-0492}\n[5.4.17-2136.304.4]\n- scsi: libiscsi: Fix iscsi_task use after free() (Mike Christie) [Orabug: 33794250] \n- scsi: libiscsi: Drop taskqueuelock (Mike Christie) [Orabug: 33794250] \n- ib/core: add SET_DEVICE_OP call for clear_hw_stats() (Qing Huang) [Orabug: 33495339] \n- KVM: SVM: Dont intercept #GP for SEV guests (Sean Christopherson) [Orabug: 33446920] \n- Revert KVM: SVM: avoid infinite loop on NPF from bad address (Sean Christopherson) [Orabug: 33446920] \n- KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (Sean Christopherson) [Orabug: 33446920] \n- rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info (Rohit Nair) [Orabug: 33660929] \n- tee: handle lookup of shm with reference count 0 (Jens Wiklander) [Orabug: 33739582] {CVE-2021-44733}\n- smp: always continue to process IRQ work (Stephen Brennan) [Orabug: 33802464]\n[5.4.17-2136.304.3]\n- vfs: fs_context: fix up param length parsing in legacy_parse_param (Jamie Hill-Daniel) [Orabug: 33766454] {CVE-2022-0185}\n- LTS tag: v5.4.161 (Sherry Yang) \n- erofs: fix unsafe pagevec reuse of hooked pclusters (Gao Xiang) \n- erofs: remove the occupied parameter from z_erofs_pagevec_enqueue() (Yue Hu) \n- PCI: Add MSI masking quirk for Nvidia ION AHCI (Marc Zyngier) \n- PCI/MSI: Deal with devices lying about their MSI mask capability (Marc Zyngier) \n- PCI/MSI: Destroy sysfs before freeing entries (Thomas Gleixner) \n- parisc/entry: fix trace test in syscall exit path (Sven Schnelle) \n- fortify: Explicitly disable Clang support (Kees Cook) \n- scsi: ufs: Fix tm request when non-fatal error happens (Jaegeuk Kim) \n- ext4: fix lazy initialization next schedule time computation in more granular unit (Shaoying Xu) \n- MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL (Maciej W. Rozycki) \n- scsi: ufs: Fix interrupt error message for shared interrupts (Adrian Hunter) \n- soc/tegra: pmc: Fix imbalanced clock disabling in error code path (Dmitry Osipenko) \n- LTS tag: v5.4.160 (Sherry Yang) [Orabug: 33536399] \n- selftests/bpf: Fix also no-alu32 strobemeta selftest (Andrii Nakryiko) \n- ath10k: fix invalid dma_addr_t token assignment (Arnd Bergmann) \n- SUNRPC: Partial revert of commit 6f9f17287e78 (Trond Myklebust) \n- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (Pali Rohar) \n- powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload (Vasant Hegde) \n- s390/cio: make ccw_device_dma_* more robust (Halil Pasic) \n- s390/tape: fix timer initialization in tape_std_assign() (Sven Schnelle) \n- s390/cio: check the subchannel validity for dev_busid (Vineeth Vijayan) \n- video: backlight: Drop maximum brightness override for brightness zero (Marek Vasut) \n- mm, oom: do not trigger out_of_memory from the #PF (Michal Hocko) \n- mm, oom: pagefault_out_of_memory: dont force global OOM for dying tasks (Vasily Averin) \n- powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC (Naveen N. Rao) \n- powerpc/security: Add a helper to query stf_barrier type (Naveen N. Rao) \n- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (Naveen N. Rao) \n- powerpc/bpf: Validate branch ranges (Naveen N. Rao) \n- powerpc/lib: Add helper to check if offset is within conditional branch range (Naveen N. Rao) \n- ovl: fix deadlock in splice write (Miklos Szeredi) \n- 9p/net: fix missing error check in p9_check_errors (Dominique Martinet) \n- net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE (Daniel Borkmann) \n- f2fs: should use GFP_NOFS for directory inodes (Jaegeuk Kim) \n- irqchip/sifive-plic: Fixup EOI failed when masked (Guo Ren) \n- parisc: Fix set_fixmap() on PA1.x CPUs (Helge Deller) \n- parisc: Fix backtrace to always include init funtion names (Helge Deller) \n- ARM: 9156/1: drop cc-option fallbacks for architecture selection (Arnd Bergmann) \n- ARM: 9155/1: fix early early_iounmap() (Michal Miroslaw) \n- selftests/net: udpgso_bench_rx: fix port argument (Willem de Bruijn) \n- cxgb4: fix eeprom len when diagnostics not implemented (Rahul Lakkireddy) \n- net/smc: fix sk_refcnt underflow on linkdown and fallback (Dust Li) \n- vsock: prevent unnecessary refcnt inc for nonblocking connect (Eiichi Tsukata) \n- net: hns3: allow configure ETS bandwidth of all TCs (Guangbin Huang) \n- net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any (Eric Dumazet) \n- bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding (John Fastabend) \n- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (Arnd Bergmann) \n- nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (Chengfeng Ye) \n- llc: fix out-of-bound array index in llc_sk_dev_hash() (Eric Dumazet) \n- perf bpf: Add missing free to bpf_event__print_bpf_prog_info() (Ian Rogers) \n- zram: off by one in read_block_state() (Dan Carpenter) \n- mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() (Miaohe Lin) \n- bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (Huang Guobin) \n- ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (Hans de Goede) \n- net: vlan: fix a UAF in vlan_dev_real_dev() (Ziyang Xuan) \n- net: davinci_emac: Fix interrupt pacing disable (Maxim Kiselev) \n- xen-pciback: Fix return in pm_ctrl_init() (YueHaibing) \n- i2c: xlr: Fix a resource leak in the error handling path of xlr_i2c_probe() (Christophe JAILLET) \n- NFSv4: Fix a regression in nfs_set_open_stateid_locked() (Trond Myklebust) \n- scsi: qla2xxx: Turn off target reset during issue_lip (Quinn Tran) \n- scsi: qla2xxx: Fix gnl list corruption (Quinn Tran) \n- ar7: fix kernel builds for compiler test (Jackie Liu) \n- watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (Ahmad Fatoum) \n- m68k: set a default value for MEMORY_RESERVE (Randy Dunlap) \n- signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) (Eric W. Biederman) \n- dmaengine: dmaengine_desc_callback_valid(): Check for callback_result (Lars-Peter Clausen) \n- netfilter: nfnetlink_queue: fix OOB when mac header was cleared (Florian Westphal) \n- soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (Robert-Ionut Alexa) \n- auxdisplay: ht16k33: Fix frame buffer device blanking (Geert Uytterhoeven) \n- auxdisplay: ht16k33: Connect backlight to fbdev (Geert Uytterhoeven) \n- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (Geert Uytterhoeven) \n- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (Claudiu Beznea) \n- mtd: core: dont remove debugfs directory if device is in use (Zev Weiss) \n- mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (Evgeny Novikov) \n- fs: orangefs: fix error return code of orangefs_revalidate_lookup() (Jia-Ju Bai) \n- NFS: Fix deadlocks in nfs_scan_commit_list() (Trond Myklebust) \n- opp: Fix return in _opp_add_static_v2() (YueHaibing) \n- PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge (Pali Rohar) \n- PCI: aardvark: Dont spam about PIO Response Status (Marek Behun) \n- drm/plane-helper: fix uninitialized variable reference (Alex Xu (Hello71)) \n- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (Baptiste Lepers) \n- rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined (Arnaud Pouliquen) \n- apparmor: fix error check (Tom Rix) \n- power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (Hans de Goede) \n- mips: cm: Convert to bitfield API to fix out-of-bounds access (Geert Uytterhoeven) \n- powerpc/44x/fsp2: add missing of_node_put (Bixuan Cui) \n- HID: u2fzero: properly handle timeouts in usb_submit_urb (Andrej Shadura) \n- HID: u2fzero: clarify error check and length calculations (Andrej Shadura) \n- serial: xilinx_uartps: Fix race condition causing stuck TX (Anssi Hannula) \n- phy: qcom-qusb2: Fix a memory leak on probe (Vladimir Zapolskiy) \n- ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (Richard Fitzgerald) \n- ASoC: cs42l42: Correct some register default values (Richard Fitzgerald) \n- ARM: dts: stm32: fix SAI sub nodes register range (Olivier Moysan) \n- staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (Vegard Nossum) \n- RDMA/mlx4: Return missed an error if device doesnt support steering (Leon Romanovsky) \n- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Dan Carpenter) \n- power: supply: rt5033_battery: Change voltage values to uV (Jakob Hauser) \n- usb: gadget: hid: fix error code in do_config() (Dan Carpenter) \n- serial: 8250_dw: Drop wrong use of ACPI_PTR() (Andy Shevchenko) \n- video: fbdev: chipsfb: use memset_io() instead of memset() (Christophe Leroy) \n- clk: at91: check pmc node status before registering syscore ops (Clement Leger) \n- memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (Dongliang Mu) \n- soc/tegra: Fix an error handling path in tegra_powergate_power_up() (Christophe JAILLET) \n- arm: dts: omap3-gta04a4: accelerometer irq fix (Andreas Kemnade) \n- ALSA: hda: Reduce udelay() at SKL+ position reporting (Takashi Iwai) \n- JFS: fix memleak in jfs_mount (Dongliang Mu) \n- MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT (Jackie Liu) \n- scsi: dc395: Fix error case unwinding (Tong Zhang) \n- ARM: dts: at91: tse850: the emac<->phy interface is rmii (Peter Rosin) \n- arm64: dts: meson-g12a: Fix the pwm regulator supply properties (Anand Moon) \n- RDMA/bnxt_re: Fix query SRQ failure (Selvin Xavier) \n- ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (Marijn Suijten) \n- arm64: dts: rockchip: Fix GPU register width for RK3328 (Alex Bee) \n- ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (Jackie Liu) \n- clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths (Christophe JAILLET) \n- RDMA/rxe: Fix wrong port_cap_flags (Junji Wei) \n- ibmvnic: Process crqs after enabling interrupts (Sukadev Bhattiprolu) \n- ibmvnic: dont stop queue in xmit (Sukadev Bhattiprolu) \n- udp6: allow SO_MARK ctrl msg to affect routing (Jakub Kicinski) \n- selftests/bpf: Fix fclose/pclose mismatch in test_progs (Andrea Righi) \n- crypto: pcrypt - Delay write to padata->info (Daniel Jordan) \n- net: phylink: avoid mvneta warning when setting pause parameters (Russell King (Oracle)) \n- net: amd-xgbe: Toggle PLL settings during rate change (Shyam Sundar S K) \n- drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (Alex Deucher) \n- wcn36xx: add proper DMA memory barriers in rx path (Benjamin Li) \n- libertas: Fix possible memory leak in probe and disconnect (Wang Hai) \n- libertas_tf: Fix possible memory leak in probe and disconnect (Wang Hai) \n- KVM: s390: Fix handle_sske page fault handling (Janis Schoetterl-Glausch) \n- samples/kretprobes: Fix return value if register_kretprobe() failed (Tiezhu Yang) \n- tcp: dont free a FIN sk_buff in tcp_remove_empty_skb() (Jon Maxwell) \n- irq: mips: avoid nested irq_enter() (Mark Rutland) \n- s390/gmap: dont unconditionally call pte_unmap_unlock() in __gmap_zap() (David Hildenbrand) \n- libbpf: Fix BTF data layout checks and allow empty BTF (Andrii Nakryiko) \n- smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi (Tetsuo Handa) \n- drm/msm: Fix potential NULL dereference in DPU SSPP (Jessica Zhang) \n- clocksource/drivers/timer-ti-dm: Select TIMER_OF (Kees Cook) \n- PM: hibernate: fix sparse warnings (Anders Roxell) \n- nvme-rdma: fix error code in nvme_rdma_setup_ctrl (Max Gurtovoy) \n- phy: micrel: ksz8041nl: do not use power down mode (Stefan Agner) \n- mwifiex: Send DELBA requests according to spec (Jonas Drenler) \n- rsi: stop thread firstly in rsi_91x_init() error handling (Ziyang Xuan) \n- mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (Lorenzo Bianconi) \n- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (Nathan Chancellor) \n- block: ataflop: fix breakage introduced at blk-mq refactoring (Michael Schmitz) \n- mmc: mxs-mmc: disable regulator on error and in the remove function (Christophe JAILLET) \n- net: stream: dont purge sk_error_queue in sk_stream_kill_queues() (Jakub Kicinski) \n- drm/msm: uninitialized variable in msm_gem_import() (Dan Carpenter) \n- ath10k: fix max antenna gain unit (Sven Eckelmann) \n- hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (Zev Weiss) \n- hwmon: Fix possible memleak in __hwmon_device_register() (Yang Yingliang) \n- net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE (Daniel Borkmann) \n- memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (Dan Carpenter) \n- memstick: avoid out-of-range warning (Arnd Bergmann) \n- mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (Tony Lindgren) \n- b43: fix a lower bounds test (Dan Carpenter) \n- b43legacy: fix a lower bounds test (Dan Carpenter) \n- hwrng: mtk - Force runtime pm ops for sleep ops (Markus Schneider-Pargmann) \n- crypto: qat - disregard spurious PFVF interrupts (Giovanni Cabiddu) \n- crypto: qat - detect PFVF collision after ACK (Giovanni Cabiddu) \n- media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (Evgeny Novikov) \n- netfilter: nft_dynset: relax superfluous check on set updates (Pablo Neira Ayuso) \n- EDAC/amd64: Handle three rank interleaving mode (Yazen Ghannam) \n- ath9k: Fix potential interrupt storm on queue reset (Linus Lussing) \n- media: em28xx: Dont use ops->suspend if it is NULL (Colin Ian King) \n- cpuidle: Fix kobject memory leaks in error paths (Anel Orazgaliyeva) \n- crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (Arnd Bergmann) \n- kprobes: Do not use local variable when creating debugfs file (Punit Agrawal) \n- media: cx23885: Fix snd_card_free call on null card pointer (Colin Ian King) \n- media: tm6000: Avoid card name truncation (Kees Cook) \n- media: si470x: Avoid card name truncation (Kees Cook) \n- media: radio-wl1273: Avoid card name truncation (Kees Cook) \n- media: mtk-vpu: Fix a resource leak in the error handling path of mtk_vpu_probe() (Christophe JAILLET) \n- media: TDA1997x: handle short reads of hdmi info frame. (Tom Rix) \n- media: dvb-usb: fix ununit-value in az6027_rc_query (Pavel Skripkin) \n- media: cxd2880-spi: Fix a null pointer dereference on error handling path (Colin Ian King) \n- media: em28xx: add missing em28xx_close_extension (Pavel Skripkin) \n- drm/amdgpu: fix warning for overflow check (Arnd Bergmann) \n- ath10k: Fix missing frame timestamp for beacon/probe-resp (Loic Poulain) \n- net: dsa: rtl8366rb: Fix off-by-one bug (Linus Walleij) \n- rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies() (Jiasheng Jiang) \n- crypto: caam - disable pkc for non-E SoCs (Michael Walle) \n- Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (Dinghao Liu) \n- wilc1000: fix possible memory leak in cfg_scan_result() (Ajay Singh) \n- cgroup: Make rebind_subsystems() disable v2 controllers all at once (Waiman Long) \n- net: net_namespace: Fix undefined member in key_remove_domain() (Yajun Deng) \n- virtio-gpu: fix possible memory allocation failure (liuyuntao) \n- drm/v3d: fix wait for TMU write combiner flush (Iago Toral Quiroga) \n- rcu: Fix existing exp request check in sync_sched_exp_online_cleanup() (Neeraj Upadhyay) \n- Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) \n- selftests/bpf: Fix strobemeta selftest regression (Andrii Nakryiko) \n- netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state (Pablo Neira Ayuso) \n- parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling (Sven Schnelle) \n- parisc/unwind: fix unwinder when CONFIG_64BIT is enabled (Sven Schnelle) \n- task_stack: Fix end_of_stack() for architectures with upwards-growing stack (Helge Deller) \n- parisc: fix warning in flush_tlb_all (Sven Schnelle) \n- x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted (Vitaly Kuznetsov) \n- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (Yang Yingliang) \n- btrfs: do not take the uuid_mutex in btrfs_rm_device (Josef Bacik) \n- net: annotate data-race in neigh_output() (Eric Dumazet) \n- vrf: run conntrack only in context of lower/physdev for locally generated packets (Florian Westphal) \n- ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (Arnd Bergmann) \n- gre/sit: Dont generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE (Stephen Suryaputra) \n- ARM: clang: Do not rely on lr register for stacktrace (Masami Hiramatsu) \n- smackfs: use __GFP_NOFAIL for smk_cipso_doi() (Tetsuo Handa) \n- iwlwifi: mvm: disable RX-diversity in powersave (Johannes Berg) \n- selftests: kvm: fix mismatched fclose() after popen() (Shuah Khan) \n- PM: hibernate: Get block device exclusively in swsusp_check() (Ye Bin) \n- nvme: drop scan_lock and always kick requeue list when removing namespaces (Hannes Reinecke) \n- nvmet-tcp: fix use-after-free when a port is removed (Israel Rukshin) \n- nvmet: fix use-after-free when a port is removed (Israel Rukshin) \n- block: remove inaccurate requeue check (Jens Axboe) \n- mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (Zheyu Ma) \n- tracing/cfi: Fix cmp_entries_* functions signature mismatch (Kalesh Singh) \n- workqueue: make sysfs of unbound kworker cpumask more clever (Menglong Dong) \n- lib/xz: Validate the value before assigning it to an enum variable (Lasse Collin) \n- lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (Lasse Collin) \n- memstick: r592: Fix a UAF bug when removing the driver (Zheyu Ma) \n- leaking_addresses: Always print a trailing newline (Kees Cook) \n- ACPI: battery: Accept charges over the design capacity as full (Andre Almeida) \n- iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value (Andreas Gruenbacher) \n- ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (Tuo Li) \n- tracefs: Have tracefs directories not set OTH permission bits by default (Steven Rostedt (VMware)) \n- net-sysfs: try not to restart the syscall if it will fail eventually (Antoine Tenart) \n- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (Anant Thazhemadam) \n- media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (Ricardo Ribalda) \n- media: ipu3-imgu: imgu_fmt: Handle properly try (Ricardo Ribalda) \n- ACPICA: Avoid evaluating methods too early during system resume (Rafael J. Wysocki) \n- ipmi: Disable some operations during a panic (Corey Minyard) \n- media: rcar-csi2: Add checking to rcsi2_start_receiver() (Nadezda Lutovinova) \n- brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (Hans de Goede) \n- ia64: dont do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK (Randy Dunlap) \n- media: mceusb: return without resubmitting URB in case of -EPROTO error. (Rajat Asthana) \n- media: imx: set a media_device bus_info string (Martin Kepplinger) \n- media: s5p-mfc: Add checking to s5p_mfc_probe(). (Nadezda Lutovinova) \n- media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (Tuo Li) \n- media: uvcvideo: Set unique vdev name based in type (Ricardo Ribalda) \n- media: uvcvideo: Return -EIO for control errors (Ricardo Ribalda) \n- media: uvcvideo: Set capability in s_param (Ricardo Ribalda) \n- media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (Dmitriy Ulitin) \n- media: netup_unidvb: handle interrupt properly according to the firmware (Zheyu Ma) \n- media: mt9p031: Fix corrupted frame after restarting stream (Dirk Bender) \n- ath10k: high latency fixes for beacon buffer (Alagu Sankar) \n- mwifiex: Properly initialize private structure on interface type changes (Jonas Drebler) \n- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (Jonas Drebler) \n- x86: Increase exception stack sizes (Peter Zijlstra) \n- smackfs: Fix use-after-free in netlbl_catmap_walk() (Pawan Gupta) \n- locking/lockdep: Avoid RCU-induced noinstr fail (Peter Zijlstra) \n- MIPS: lantiq: dma: reset correct number of channel (Aleksander Jan Bajkowski) \n- MIPS: lantiq: dma: add small delay after reset (Aleksander Jan Bajkowski) \n- platform/x86: wmi: do not fail if disabling fails (Barnabas Pocze) \n- drm/panel-orientation-quirks: add Valve Steam Deck (Simon Ser) \n- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (Takashi Iwai) {CVE-2021-3640}\n- drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (Hans de Goede) \n- drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (Hans de Goede) \n- drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (Hans de Goede) \n- dma-buf: WARN on dmabuf release with pending attachments (Charan Teja Reddy) \n- USB: chipidea: fix interrupt deadlock (Johan Hovold) \n- USB: iowarrior: fix control-message timeouts (Johan Hovold) \n- USB: serial: keyspan: fix memleak on probe errors (Wang Hai) \n- iio: dac: ad5446: Fix ad5622_write() return value (Pekka Korpinen) \n- pinctrl: core: fix possible memory leak in pinctrl_enable() (Yang Yingliang) \n- quota: correct error number in free_dqentry() (Zhang Yi) \n- quota: check block number when reading the block in quota file (Zhang Yi) \n- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (Marek Behun) \n- PCI: aardvark: Fix return value of MSI domain .alloc() method (Marek Behun) \n- PCI: aardvark: Fix reporting Data Link Layer Link Active (Pali Rohar) \n- PCI: aardvark: Do not unmask unused interrupts (Pali Rohar) \n- PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) \n- PCI: aardvark: Do not clear status bits of masked interrupts (Pali Rohar) \n- PCI: pci-bridge-emul: Fix emulation of W1C bits (Marek Behun) \n- xen/balloon: add late_initcall_sync() for initial ballooning done (Juergen Gross) \n- ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume (Pavel Skripkin) \n- ALSA: mixer: oss: Fix racy access to slots (Takashi Iwai) \n- serial: core: Fix initializing and restoring termios speed (Pali Rohar) \n- powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found (Xiaoming Ni) \n- can: j1939: j1939_can_recv(): ignore messages with invalid source address (Zhang Changzhong) \n- can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport (Zhang Changzhong) \n- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (Sean Christopherson) \n- power: supply: max17042_battery: use VFSOC for capacity when no rsns (Henrik Grimler) \n- power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (Sebastian Krzyszkowiak) \n- signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT (Eric W. Biederman) \n- signal: Remove the bogus sigkill_pending in ptrace_stop (Eric W. Biederman) \n- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (Alok Prasad) \n- rsi: Fix module dev_oper_mode parameter description (Marek Vasut) \n- rsi: fix rate mask set leading to P2P failure (Martin Fuzzey) \n- rsi: fix key enabled check causing unwanted encryption for vap_id > 0 (Martin Fuzzey) \n- rsi: fix occasional initialisation failure with BT coex (Martin Fuzzey) \n- wcn36xx: handle connection loss indication (Benjamin Li) \n- libata: fix checking of DMA state (Reimar Doffinger) \n- mwifiex: Read a PCI register after writing the TX ring write pointer (Jonas Drebler) \n- wcn36xx: Fix HT40 capability for 2Ghz band (Loic Poulain) \n- evm: mark evm_fixmode as __ro_after_init (Austin Kim) \n- rtl8187: fix control-message timeouts (Johan Hovold) \n- PCI: Mark Atheros QCA6174 to avoid bus reset (Ingmar Klein) \n- ath10k: fix division by zero in send path (Johan Hovold) \n- ath10k: fix control-message timeout (Johan Hovold) \n- ath6kl: fix control-message timeout (Johan Hovold) \n- ath6kl: fix division by zero in send path (Johan Hovold) \n- mwifiex: fix division by zero in fw download path (Johan Hovold) \n- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (Eric Badger) \n- regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (Krzysztof Kozlowski) \n- regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (Krzysztof Kozlowski) \n- hwmon: (pmbus/lm25066) Add offset coefficients (Zev Weiss) \n- ia64: kprobes: Fix to pass correct trampoline address to the handler (Masami Hiramatsu) \n- btrfs: call btrfs_check_rw_degradable only if there is a missing device (Anand Jain) \n- btrfs: fix lost error handling when replaying directory deletes (Filipe Manana) \n- btrfs: clear MISSING device status bit in btrfs_close_one_device (Li Zhang) \n- net/smc: Correct spelling mistake to TCPF_SYN_RECV (Wen Gu) \n- nfp: bpf: relax prog rejection for mtu check through max_pkt_offset (Yu Xiao) \n- vmxnet3: do not stop tx queues after netif_device_detach() (Dongli Zhang) \n- r8169: Add device 10ec:8162 to driver r8169 (Janghyub Seo) \n- nvmet-tcp: fix header digest verification (Amit Engel) \n- drm: panel-orientation-quirks: Add quirk for GPD Win3 (Mario) \n- watchdog: Fix OMAP watchdog early handling (Walter Stoll) \n- net: multicast: calculate csum of looped-back and forwarded packets (Cyril Strejc) \n- spi: spl022: fix Microwire full duplex mode (Thomas Perrot) \n- nvmet-tcp: fix a memory leak when releasing a queue (Maurizio Lombardi) \n- bpf: Prevent increasing bpf_jit_limit above max (Lorenz Bauer) \n- drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (Bryant Mairs) \n- mmc: winbond: dont build on M68K (Randy Dunlap) \n- reset: socfpga: add empty driver allowing consumers to probe (Pawel Anikiel) \n- ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode (Bastien Roucaries) \n- hyperv/vmbus: include linux/bitops.h (Arnd Bergmann) \n- sfc: Dont use netif_info before net_device setup (Erik Ekman) \n- cavium: Fix return values of the probe function (Zheyu Ma) \n- scsi: qla2xxx: Fix unmap of already freed sgl (Dmitry Bogdanov) \n- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (Zheyu Ma) \n- cavium: Return negative value when pci_alloc_irq_vectors() fails (Zheyu Ma) \n- x86/irq: Ensure PI wakeup handler is unregistered before module unload (Sean Christopherson) \n- x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (Jane Malalane) \n- x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (Tom Lendacky) \n- fuse: fix page stealing (Miklos Szeredi) \n- ALSA: timer: Unconditionally unlink slave instances, too (Takashi Iwai) \n- ALSA: timer: Fix use-after-free problem (Wang Wensheng) \n- ALSA: synth: missing check for possible NULL after the call to kstrdup (Austin Kim) \n- ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (Alexander Tsoy) \n- ALSA: line6: fix control and interrupt message timeouts (Johan Hovold) \n- ALSA: 6fire: fix control and bulk message timeouts (Johan Hovold) \n- ALSA: ua101: fix division by zero at probe (Johan Hovold) \n- ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (Kai-Heng Feng) \n- ALSA: hda/realtek: Add quirk for ASUS UX550VE (Takashi Iwai) \n- ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (Jaroslav Kysela) \n- ALSA: hda/realtek: Add quirk for Clevo PC70HS (Tim Crawford) \n- media: v4l2-ioctl: Fix check_ext_ctrls (Ricardo Ribalda) \n- media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Sean Young) \n- media: ite-cir: IR receiver stop working after receive overflow (Sean Young) \n- crypto: s5p-sss - Add error handling in s5p_aes_probe() (Tang Bin) \n- firmware/psci: fix application of sizeof to pointer (jing yangyang) \n- tpm: Check for integer overflow in tpm2_map_response_body() (Dan Carpenter) \n- parisc: Fix ptrace check on syscall return (Helge Deller) \n- mmc: dw_mmc: Dont wait for DRTO on Write RSP error (Christian Lohle) \n- scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) \n- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (Arun Easi) \n- libata: fix read log timeout value (Damien Le Moal) \n- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (Takashi Iwai) \n- Input: elantench - fix misreporting trackpoint coordinates (Phoenix Huang) \n- Input: iforce - fix control-message timeout (Johan Hovold) \n- binder: use cred instead of task for getsecid (Todd Kjos) \n- binder: use cred instead of task for selinux checks (Todd Kjos) \n- binder: use euid from cred instead of using task (Todd Kjos) \n- usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (Nehal Bakulchandra Shah) \n- xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (Mathias Nyman) \n- LTS tag: v5.4.159 (Sherry Yang) \n- rsi: fix control-message timeout (Johan Hovold) \n- media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (Gustavo A. R. Silva) \n- staging: rtl8192u: fix control-message timeouts (Johan Hovold) \n- staging: r8712u: fix control-message timeout (Johan Hovold) \n- comedi: vmk80xx: fix bulk and interrupt message timeouts (Johan Hovold) \n- comedi: vmk80xx: fix bulk-buffer overflow (Johan Hovold) \n- comedi: vmk80xx: fix transfer-buffer overflows (Johan Hovold) \n- comedi: ni_usb6501: fix NULL-deref in command paths (Johan Hovold) \n- comedi: dt9812: fix DMA buffers on stack (Johan Hovold) \n- isofs: Fix out of bound access for corrupted isofs image (Jan Kara) \n- printk/console: Allow to disable console output by using console= or console=null (Petr Mladek) \n- binder: dont detect sender/target during buffer cleanup (Todd Kjos) \n- usb-storage: Add compatibility quirk flags for iODD 2531/2541 (James Buren) \n- usb: musb: Balance list entry in musb_gadget_queue (Viraj Shah) \n- usb: gadget: Mark USB_FSL_QE broken on 64-bit (Geert Uytterhoeven) \n- usb: ehci: handshake CMD_RUN instead of STS_HALT (Neal Liu) \n- Revert x86/kvm: fix vcpu-id indexed array sizes (Juergen Gross) \n- LTS tag: v5.4.158 (Sherry Yang) \n- ARM: 9120/1: Revert amba: make use of -1 IRQs warn (Wang Kefeng) \n- Revert drm/ttm: fix memleak in ttm_transfered_destroy (Greg Kroah-Hartman) \n- sfc: Fix reading non-legacy supported link modes (Erik Ekman) \n- Revert usb: core: hcd: Add support for deferring roothub registration (Greg Kroah-Hartman) \n- Revert xhci: Set HCD flag to defer primary roothub registration (Greg Kroah-Hartman) \n- media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Dan Carpenter) \n- net: ethernet: microchip: lan743x: Fix skb allocation failure (Yuiko Oshino) \n- vrf: Revert Reset skb conntrack connection... (Eugene Crosser) \n- scsi: core: Put LLD module refcnt after SCSI device is released (Ming Lei) \n- LTS tag: v5.4.157 (Sherry Yang) \n- perf script: Check session->header.env.arch before using it (Song Liu) \n- KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (Halil Pasic) \n- KVM: s390: clear kicked_mask before sleeping again (Halil Pasic) \n- cfg80211: correct bridge/4addr mode check (Janusz Dziedzic) \n- net: use netif_is_bridge_port() to check for IFF_BRIDGE_PORT (Julian Wiedmann) \n- sctp: add vtag check in sctp_sf_ootb (Xin Long) \n- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (Xin Long) \n- sctp: add vtag check in sctp_sf_violation (Xin Long) \n- sctp: fix the processing for COOKIE_ECHO chunk (Xin Long) \n- sctp: fix the processing for INIT_ACK chunk (Xin Long) \n- sctp: use init_tag from inithdr for ABORT chunk (Xin Long) \n- phy: phy_start_aneg: Add an unlocked version (Andrew Lunn) \n- phy: phy_ethtool_ksettings_get: Lock the phy for consistency (Andrew Lunn) \n- net/tls: Fix flipped sign in async_wait.err assignment (Daniel Jordan) \n- net: nxp: lpc_eth.c: avoid hang when bringing interface down (Trevor Woerner) \n- net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent (Yuiko Oshino) \n- net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails (Yuiko Oshino) \n- nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST (Guenter Roeck) \n- RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (Mark Zhang) \n- net: Prevent infinite while loop in skb_tx_hash() (Michael Chan) \n- net: batman-adv: fix error handling (Pavel Skripkin) \n- regmap: Fix possible double-free in regcache_rbtree_exit() (Yang Yingliang) \n- arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (Clement Besch) \n- RDMA/mlx5: Set user priority for DCT (Patrisious Haddad) \n- nvme-tcp: fix data digest pointer calculation (Varun Prakash) \n- nvmet-tcp: fix data digest pointer calculation (Varun Prakash) \n- IB/hfi1: Fix abba locking issue with sc_disable() (Mike Marciniszyn) \n- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (Mike Marciniszyn) \n- tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function (Liu Jian) \n- drm/ttm: fix memleak in ttm_transfered_destroy (Christian Konig) \n- net: lan78xx: fix division by zero in send path (Johan Hovold) \n- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (Johannes Berg) \n- mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (Haibo Chen) \n- mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (Shawn Guo) \n- mmc: dw_mmc: exynos: fix the finding clock sample value (Jaehoon Chung) \n- mmc: cqhci: clear HALT state after CQE enable (Wenbin Mei) \n- mmc: vub300: fix control-message timeouts (Johan Hovold) \n- net/tls: Fix flipped sign in tls_err_abort() calls (Daniel Jordan) \n- Revert net: mdiobus: Fix memory leak in __mdiobus_register (Pavel Skripkin) \n- nfc: port100: fix using -ERRNO as command type mask (Krzysztof Kozlowski) \n- ata: sata_mv: Fix the error handling of mv_chip_id() (Zheyu Ma) \n- Revert pinctrl: bcm: ns: support updated DT binding as syscon subnode (Rafal Milecki) \n- usbnet: fix error return code in usbnet_probe() (Wang Hai) \n- usbnet: sanity check for maxpacket (Oliver Neukum) \n- ipv4: use siphash instead of Jenkins in fnhe_hashfun() (Eric Dumazet) \n- ipv6: use siphash in rt6_exception_hash() (Eric Dumazet) \n- powerpc/bpf: Fix BPF_MOD when imm == 1 (Naveen N. Rao) \n- ARM: 9141/1: only warn about XIP address when not compile testing (Arnd Bergmann) \n- ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (Arnd Bergmann) \n- ARM: 9134/1: remove duplicate memcpy() definition (Arnd Bergmann) \n- ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (Nick Desaulniers)\n[5.4.17-2136.304.2]\n- xfs: only relog deferred intent items if free space in the log gets low (Darrick J. Wong) [Orabug: 33548995] \n- xfs: expose the log push threshold (Darrick J. Wong) [Orabug: 33548995] \n- xfs: periodically relog deferred intent items (Darrick J. Wong) [Orabug: 33548995] \n- xfs: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 33548995] \n- xfs: change the order in which child and parent defer ops are finished (Darrick J. Wong) [Orabug: 33548995] \n- hugetlb: remove unnecessary set_page_count in prep_compound_gigantic_page (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: add hugetlb demote page support (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: add demote bool to gigantic page routines (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: add demote hugetlb page sysfs interfaces (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: before freeing hugetlb page set dtor to appropriate value (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: drop ref count earlier after page allocation (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: simplify prep_compound_gigantic_page ref count racing code (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: address ref count racing in prep_compound_gigantic_page (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: remove prep_compound_huge_page cleanup (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: add lockdep_assert_held() calls for hugetlb_lock (Mike Kravetz) [Orabug: 33652181] \n- Revert Revert net/mlx4_core: Add masking for a few queries on HCA caps (Freddy Carrillo) [Orabug: 33666385] \n- uek-rpm: configs: disable CONFIG_USB_GADGET (aloktiw) [Orabug: 33730433] \n- rds: ib: Incorporate the stat counter ib_rdma_flush_mr_pool_avoided in the structure rds_ib_stat_names (Praveen Kumar Kannoju) [Orabug: 33742436] \n- memcg: fix use-after-free in uncharge_batch (Michal Hocko) [Orabug: 33752722] \n- xfs: force the log offline when log intent item recovery fails (Darrick J. Wong) [Orabug: 33757272] \n- xfs: cancel intents immediately if process_intents fails (Darrick J. Wong) [Orabug: 33757272]\n[5.4.17-2136.304.1]\n- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33745420] {CVE-2021-4155}\n- Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo) [Orabug: 33406414] {CVE-2021-3752}\n- x86/mce: Correct the detection of invalid notifier priorities (Zhen Lei) [Orabug: 33427594] \n- x86/mce/dev-mcelog: Do not update kflags on AMD systems (Smita Koralahalli) [Orabug: 33427594] \n- x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Yazen Ghannam) [Orabug: 33427594] \n- RAS/CEC: Fix cec_init() prototype (Luca Stefani) [Orabug: 33427594] \n- EDAC/mce_amd: Add new error descriptions for existing types (Yazen Ghannam) [Orabug: 33427594] \n- x86/mce, EDAC/mce_amd: Print PPIN in machine check records (Smita Koralahalli) [Orabug: 33427594] \n- x86/mce/dev-mcelog: Fix -Wstringop-truncation warning about strncpy() (Tony Luck) [Orabug: 33427594] \n- x86/mce: Drop bogus comment about mce.kflags (Tony Luck) [Orabug: 33427594] \n- EDAC: Drop the EDAC report status checks (Tony Luck) [Orabug: 33427594] \n- x86/mce: Add mce=print_all option (Tony Luck) [Orabug: 33427594] \n- x86/mce: Change default MCE logger to check mce->kflags (Tony Luck) [Orabug: 33427594] \n- x86/mce: Fix all mce notifiers to update the mce->kflags bitmask (Tony Luck) [Orabug: 33427594] \n- x86/mce: Add a struct mce.kflags field (Tony Luck) [Orabug: 33427594] \n- x86/mce: Convert the CEC to use the MCE notifier (Tony Luck) [Orabug: 33427594] \n- x86/mce: Rename first function as early (Tony Luck) [Orabug: 33427594] \n- x86/mce/amd, edac: Remove report_gart_errors (Borislav Petkov) [Orabug: 33427594] \n- x86/mce/dev-mcelog: Dynamically allocate space for machine check records (Tony Luck) [Orabug: 33427594] \n- EDAC/mc: Determine mci pointer from the error descriptor (Robert Richter) [Orabug: 33427594] \n- EDAC: Store error type in struct edac_raw_error_desc (Robert Richter) [Orabug: 33427594] \n- x86/mce: Take action on UCNA/Deferred errors again (Jan H. Schonherr) [Orabug: 33427594] \n- EDAC: Unify the mc_event tracepoint call (Robert Richter) [Orabug: 33427594] \n- EDAC/ghes: Remove intermediate buffer pvt->detail_location (Robert Richter) [Orabug: 33427594] \n- xfs: fix an incore inode UAF in xfs_bui_recover (Darrick J. Wong) [Orabug: 33541225] \n- xfs: clean up xfs_bui_item_recover iget/trans_alloc/ilock ordering (Darrick J. Wong) [Orabug: 33541225] \n- xfs: clean up bmap intent item recovery checking (Darrick J. Wong) [Orabug: 33541225] \n- x86/ioremap: Map EFI-reserved memory as encrypted for SEV (Tom Lendacky) [Orabug: 33547490] \n- efi/mokvar: Reserve the table only if it is in boot services data (Borislav Petkov) [Orabug: 33547490] \n- efi: mokvar: add missing include of asm/early_ioremap.h (Ard Biesheuvel) [Orabug: 33547490] \n- efi: mokvar-table: fix some issues in new code (Ard Biesheuvel) [Orabug: 33547490] \n- efi: Support for MOK variable config table (Lenny Szubowicz) [Orabug: 33547490] \n- efi: Rename arm-init to efi-init common for all arch (Atish Patra) [Orabug: 33547490] \n- uek-rpm: Update ol7 locklist with fnic symbols (John Donnelly) [Orabug: 33590906] \n- uek-rpm: Update ol8 locklist with fnic symbols (John Donnelly) [Orabug: 33590906] \n- rds_rdma: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] \n- net/mlx4: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] \n- net/mlx5: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] \n- IB/core: Introduce IB_CQ_FORCE_ZERO_CV (Hakon Bugge) [Orabug: 33616020] \n- Revert net/mlx{4,5}: Fix signed formal parameter (Hakon Bugge) [Orabug: 33616020] \n- Revert net/mlx{4,5},rds_rdma: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] \n- Revert rds: ib: Fix bug when comp_vector is IB_CQ_FORCE_ZERO_CV (Hakon Bugge) [Orabug: 33616020] \n- mstflint_access: Update driver code to v4.18.0-1 from Github (Sharath Srinivasan) [Orabug: 33646165] \n- mstflint_access: Update driver code to v4.17.0-1 from Github (Sharath Srinivasan) [Orabug: 33646165] \n- Revert io_uring: reinforce cancel on flush during exit (Lee Jones) [Orabug: 33687075] \n- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (George Kennedy) [Orabug: 33731040] \n- ocfs2: fix data corruption on truncate (Jan Kara) [Orabug: 33740343]\n[5.4.17-2136.303.3]\n- xfs: xfs_defer_capture should absorb remaining transaction reservation (Darrick J. Wong) [Orabug: 33520061] \n- xfs: xfs_defer_capture should absorb remaining block reservations (Darrick J. Wong) [Orabug: 33520061] \n- xfs: proper replay of deferred ops queued during log recovery (Darrick J. Wong) [Orabug: 33520061] \n- xfs: attach inode to dquot in xfs_bui_item_recover (Darrick J. Wong) [Orabug: 33520061] \n- xfs: log new intent items created as part of finishing recovered intent items (Darrick J. Wong) [Orabug: 33520061] \n- xfs: spell out the parameter name for ->cancel_item (Christoph Hellwig) [Orabug: 33520061] \n- xfs: use a xfs_btree_cur for the ->finish_cleanup state (Christoph Hellwig) [Orabug: 33520061] \n- xfs: turn dfp_done into a xfs_log_item (Christoph Hellwig) [Orabug: 33520061] \n- xfs: refactor xfs_defer_finish_noroll (Christoph Hellwig) [Orabug: 33520061] \n- xfs: turn dfp_intent into a xfs_log_item (Christoph Hellwig) [Orabug: 33520061] \n- xfs: merge the ->diff_items defer op into ->create_intent (Christoph Hellwig) [Orabug: 33520061] \n- xfs: merge the ->log_item defer op into ->create_intent (Christoph Hellwig) [Orabug: 33520061] \n- xfs: factor out a xfs_defer_create_intent helper (Christoph Hellwig) [Orabug: 33520061] \n- sched: Fix Core-wide rq->lock for uninitialized CPUs (Peter Zijlstra) [Orabug: 33568834] \n- admin-guide/hw-vuln: Rephrase a section of core-scheduling.rst (Fabio M. De Francesco) [Orabug: 33568834] \n- Documentation: Add usecases, design and interface for core scheduling (Joel Fernandes (Google)) [Orabug: 33568834] \n- kselftest: Add test for core sched prctl interface (Chris Hyser) [Orabug: 33568834] \n- sched: prctl() core-scheduling interface (Chris Hyser) [Orabug: 33568834] \n- sched: Inherit task cookie on fork() (Peter Zijlstra) [Orabug: 33568834] \n- sched: Trivial core scheduling cookie management (Peter Zijlstra) [Orabug: 33568834] \n- sched: Migration changes for core scheduling (Aubrey Li) [Orabug: 33568834] \n- sched: Trivial forced-newidle balancer (Peter Zijlstra) [Orabug: 33568834] \n- sched/fair: Snapshot the min_vruntime of CPUs on force idle (Joel Fernandes (Google)) [Orabug: 33568834] \n- sched: Fix priority inversion of cookied task with sibling (Joel Fernandes (Google)) [Orabug: 33568834] \n- sched/fair: Fix forced idle sibling starvation corner case (Vineeth Pillai) [Orabug: 33568834] \n- sched: Add core wide task selection and scheduling (Peter Zijlstra) [Orabug: 33568834] \n- sched: Basic tracking of matching tasks (Peter Zijlstra) [Orabug: 33568834] \n- sched: Introduce sched_class::pick_task() (Peter Zijlstra) [Orabug: 33568834] \n- sched: Allow sched_core_put() from atomic context (Peter Zijlstra) [Orabug: 33568834] \n- sched: Optimize rq_lockp() usage (Peter Zijlstra) [Orabug: 33568834] \n- sched: Core-wide rq->lock (Peter Zijlstra) [Orabug: 33568834] \n- sched: Prepare for Core-wide rq->lock (Peter Zijlstra) [Orabug: 33568834] \n- sched: Wrap rq::lock access (Peter Zijlstra) [Orabug: 33568834] \n- sched: Provide raw_spin_rq_*lock*() helpers (Peter Zijlstra) [Orabug: 33568834] \n- sched/fair: Add a few assertions (Peter Zijlstra) [Orabug: 33568834] \n- sched: Extract the task putting code from pick_next_task() (Chen Yu) [Orabug: 33568834] \n- rss_stat: add support to detect RSS updates of external mm (Joel Fernandes (Google)) [Orabug: 33568834] \n- Revert sched: Wrap rq::lock access (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Introduce sched_class::pick_task() (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Core-wide rq->lock (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched/fair: Add a few assertions (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Basic tracking of matching tasks (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Update core scheduler queue when taking cpu online/offline (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Add core wide task selection and scheduling. (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched/fair: wrapper for cfs_rq->min_vruntime (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched/fair: core wide vruntime comparison (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Trivial forced-newidle balancer (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: migration changes for core scheduling (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: cgroup tagging interface for core scheduling (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Cleanup kABI (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Enable disabling via CONFIG_SCHED_CORE (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched/core: remove undesired trace_printk from core scheduling backport (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched/core: cleanup kABI for struct rq (Kamalesh Babulal) [Orabug: 33568834] \n- RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib) [Orabug: 33615342] \n- xfs: remove all COW fork extents when remounting readonly (Darrick J. Wong) [Orabug: 33676190] \n- fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679803] {CVE-2021-0920}\n[5.4.17-2136.303.2]\n- atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (Zekun Shen) [Orabug: 33594983] {CVE-2021-43975}\n- RDS/IB: Fix error when trying to unallocate ring buffers (Hans Westgaard Ry) [Orabug: 33620311] \n- rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33652503] \n- sched: Mitigate increased latencies for sysctl_sched_wakeup_granularity. (chris hyser) [Orabug: 33107207] \n- net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33585475] \n- proc: allow pid_revalidate() during LOOKUP_RCU (Stephen Brennan) [Orabug: 33647511] \n- selinux: slow_avc_audit has become non-blocking (Al Viro) [Orabug: 33647511] \n- make dump_common_audit_data() safe to be called from RCU pathwalk (Al Viro) [Orabug: 33647511] \n- new helper: d_find_alias_rcu() (Al Viro) [Orabug: 33647511]\n[5.4.17-2136.303.1]\n- Revert fs: align IOCB_* flags with RWF_* flags (Prasad Singamsetty) [Orabug: 33642850] \n- ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33501676] \n- net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33520710] \n- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33542895] \n- uek-rpm: Add ktime_get_coarse_ts64 to KABI (John Donnelly) [Orabug: 33557973] \n- EDAC/i10nm: Add detection of memory levels for ICX/SPR servers (Qiuxu Zhuo) [Orabug: 33585319] \n- EDAC/skx_common: Add new ADXL components for 2-level memory (Qiuxu Zhuo) [Orabug: 33585319] \n- EDAC, skx_common: Refactor so that we initialize dev in result of adxl decode. (Tony Luck) [Orabug: 33585319] \n- net/rds: Dont pummel the subnet-manager (Gerd Rausch) [Orabug: 33589566] \n- rds: ib: Ack seq not always received in monotonic increasing order (Hakon Bugge) [Orabug: 33599862] \n- rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33619953]\n[5.4.17-2136.303.0]\n- LTS tag: v5.4.156 (Jack Vogel) \n- pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (Fabien Dessenne) \n- ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (Nick Desaulniers) \n- tracing: Have all levels of checks prevent recursion (Steven Rostedt (VMware)) \n- net: mdiobus: Fix memory leak in __mdiobus_register (Yanfei Xu) \n- Input: snvs_pwrkey - add clk handling (Uwe Kleine-Konig) \n- ALSA: hda: avoid write to STATESTS if controller is in reset (Kai Vehmanen) \n- platform/x86: intel_scu_ipc: Update timeout value in comment (Prashant Malani) \n- isdn: mISDN: Fix sleeping function called from invalid context (Zheyu Ma) \n- ARM: dts: spear3xx: Fix gmac node (Herve Codina) \n- net: stmmac: add support for dwmac 3.40a (Herve Codina) \n- btrfs: deal with errors when checking if a dir entry exists during log replay (Filipe Manana) \n- gcc-plugins/structleak: add makefile var for disabling structleak (Brendan Higgins) \n- selftests: netfilter: remove stray bash debug line (Florian Westphal) \n- netfilter: Kconfig: use default y instead of m for bool config option (Vegard Nossum) \n- isdn: cpai: check ctr->cnr to avoid array index out of bound (Xiaolong Huang) \n- nfc: nci: fix the UAF of rf_conn_info object (Lin Ma) \n- mm, slub: fix potential memoryleak in kmem_cache_open() (Miaohe Lin) \n- mm, slub: fix mismatch between reconstructed freelist depth and cnt (Miaohe Lin) \n- powerpc/idle: Dont corrupt back chain when going idle (Michael Ellerman) \n- KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest (Michael Ellerman) \n- KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() (Michael Ellerman) \n- powerpc64/idle: Fix SP offsets when saving GPRs (Christopher M. Riedl) \n- audit: fix possible null-pointer dereference in audit_filter_rules (Gaosheng Cui) \n- ASoC: DAPM: Fix missing kctl change notifications (Takashi Iwai) \n- ALSA: hda/realtek: Add quirk for Clevo PC50HS (Steven Clarkson) \n- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (Brendan Grieve) \n- vfs: check fd has read access in kernel_read_file_from_fd() (Matthew Wilcox (Oracle)) \n- elfcore: correct reference to CONFIG_UML (Lukas Bulwahn) \n- ocfs2: mount fails with buffer overflow in strlen (Valentin Vidic) \n- ocfs2: fix data corruption after conversion from inline format (Jan Kara) \n- ceph: fix handling of meta errors (Jeff Layton) \n- can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes (Zhang Changzhong) \n- can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length (Zhang Changzhong) \n- can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (Ziyang Xuan) \n- can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer (Ziyang Xuan) \n- can: peak_pci: peak_pci_remove(): fix UAF (Zheyu Ma) \n- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (Stephane Grosjean) \n- can: rcar_can: fix suspend/resume (Yoshihiro Shimoda) \n- net: enetc: fix ethtool counter name for PM0_TERR (Vladimir Oltean) \n- net: stmmac: Fix E2E delay mechanism (Kurt Kanzenbach) \n- net: hns3: disable sriov before unload hclge layer (Peng Li) \n- net: hns3: add limit ets dwrr bandwidth cannot be 0 (Guangbin Huang) \n- net: hns3: reset DWRR of unused tc to zero (Guangbin Huang) \n- NIOS2: irqflags: rename a redefined register name (Randy Dunlap) \n- net: dsa: lantiq_gswip: fix register definition (Aleksander Jan Bajkowski) \n- lan78xx: select CRC32 (Vegard Nossum) \n- netfilter: ipvs: make global sysctl readonly in non-init netns (Antoine Tenart) \n- ASoC: wm8960: Fix clock configuration on slave mode (Shengjiu Wang) \n- dma-debug: fix sg checks in debug_dma_map_sg() (Gerald Schaefer) \n- NFSD: Keep existing listeners on portlist error (Benjamin Coddington) \n- xtensa: xtfpga: Try software restart before simulating CPU reset (Guenter Roeck) \n- xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF (Max Filippov) \n- ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default (Eugen Hristev) \n- tee: optee: Fix missing devices unregister during optee_remove (Sumit Garg) \n- net: switchdev: do not propagate bridge updates across bridges (Russell King) \n- parisc: math-emu: Fix fall-through warnings (Helge Deller) \n- LTS tag: v5.4.155 (Jack Vogel) \n- ionic: dont remove netdev->dev_addr when syncing uc list (Shannon Nelson) \n- r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 (Vegard Nossum) \n- qed: Fix missing error code in qed_slowpath_start() (chongjiapeng) \n- mqprio: Correct stats in mqprio_dump_class_stats(). (Sebastian Andrzej Siewior) \n- acpi/arm64: fix next_platform_timer() section mismatch error (Jackie Liu) \n- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (Dan Carpenter) \n- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (Dan Carpenter) \n- drm/msm: Fix null pointer dereference on pointer edp (Colin Ian King) \n- drm/panel: olimex-lcd-olinuxino: select CRC32 (Vegard Nossum) \n- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (Vadim Pasternak) \n- mlxsw: thermal: Fix out-of-bounds memory accesses (Ido Schimmel) \n- ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (Wang Hai) \n- pata_legacy: fix a couple uninitialized variable bugs (Dan Carpenter) \n- NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (Ziyang Xuan) \n- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (Ziyang Xuan) \n- nfc: fix error handling of nfc_proto_register() (Ziyang Xuan) \n- ethernet: s2io: fix setting mac address during resume (Arnd Bergmann) \n- net: encx24j600: check error in devm_regmap_init_encx24j600 (Nanyong Sun) \n- net: stmmac: fix get_hw_feature() on old hardware (Herve Codina) \n- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (Aya Levin) \n- net: korina: select CRC32 (Vegard Nossum) \n- net: arc: select CRC32 (Vegard Nossum) \n- gpio: pca953x: Improve bias setting (Andy Shevchenko) \n- iio: dac: ti-dac5571: fix an error code in probe() (Dan Carpenter) \n- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (Dan Carpenter) \n- iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (Dan Carpenter) \n- iio: light: opt3001: Fixed timeout error when 0 lux (Jiri Valek - 2N) \n- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (Hui Liu) \n- iio: adc128s052: Fix the error handling path of adc128_probe() (Christophe JAILLET) \n- iio: adc: aspeed: set driver data when adc probe. (Billy Tsai) \n- powerpc/xive: Discard disabled interrupts in get_irqchip_state() (Cedric Le Goater) \n- x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically (Borislav Petkov) \n- nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells (Stephen Boyd) \n- EDAC/armada-xp: Fix output of uncorrectable error counter (Hans Potsch) \n- virtio: write back F_VERSION_1 before validate (Halil Pasic) \n- USB: serial: option: add prod. id for Quectel EG91 (Tomaz Solc) \n- USB: serial: option: add Telit LE910Cx composition 0x1204 (Daniele Palmas) \n- USB: serial: option: add Quectel EC200S-CN module support (Yu-Tung Chang) \n- USB: serial: qcserial: add EM9191 QDL support (Aleksander Morgado) \n- Input: xpad - add support for another USB ID of Nacon GC-100 (Michael Cullen) \n- usb: musb: dsps: Fix the probe error path (Miquel Raynal) \n- efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() (Zhang Jianhua) \n- efi/cper: use stack buffer for error record decoding (Ard Biesheuvel) \n- cb710: avoid NULL pointer subtraction (Arnd Bergmann) \n- xhci: Enable trust tx length quirk for Fresco FL11 USB controller (Nikolay Martynov) \n- xhci: Fix command ring pointer corruption while aborting a command (Pavankumar Kondeti) \n- xhci: guard accesses to ep_state in xhci_endpoint_reset() (Jonathan Bell) \n- mei: me: add Ice Lake-N device id. (Andy Shevchenko) \n- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (James Morse) \n- watchdog: orion: use 0 for unset heartbeat (Chris Packham) \n- btrfs: check for error when looking up inode during dir entry replay (Filipe Manana) \n- btrfs: deal with errors when adding inode reference during log replay (Filipe Manana) \n- btrfs: deal with errors when replaying dir entry during log replay (Filipe Manana) \n- btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) \n- csky: Fixup regs.sr broken in ptrace (Guo Ren) \n- csky: dont let sigreturn play with priveleged bits of status register (Al Viro) \n- s390: fix strrchr() implementation (Roberto Sassu) \n- nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for ^ (Steven Rostedt) \n- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (Hui Wang) \n- ALSA: hda/realtek - ALC236 headset MIC recording issue (Kailang Yang) \n- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (Werner Sembach) \n- ALSA: hda/realtek: Complete partial device name to avoid ambiguity (Werner Sembach) \n- ALSA: seq: Fix a potential UAF by wrong private_free call order (Takashi Iwai) \n- ALSA: usb-audio: Add quirk for VF0770 (Jonas Hahnfeld) \n- ovl: simplify file splice (Miklos Szeredi) \n- LTS tag: v5.4.154 (Jack Vogel) \n- sched: Always inline is_percpu_thread() (Peter Zijlstra) \n- scsi: virtio_scsi: Fix spelling mistake Unsupport -> Unsupported (Colin Ian King) \n- scsi: ses: Fix unsigned comparison with less than zero (Jiapeng Chong) \n- drm/amdgpu: fix gart.bo pin_count leak (Leslie Shi) \n- net: sun: SUNVNET_COMMON should depend on INET (Randy Dunlap) \n- mac80211: check return value of rhashtable_init (MichelleJin) \n- net: prevent user from passing illegal stab size \n- m68k: Handle arrivals of multiple signals correctly (Al Viro) \n- mac80211: Drop frames from invalid MAC address in ad-hoc mode (YueHaibing) \n- netfilter: nf_nat_masquerade: defer conntrack walk to work queue (Florian Westphal) \n- netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic (Florian Westphal) \n- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (Joshua-Dickens) \n- netfilter: ip6_tables: zero-initialize fragment offset (Jeremy Sowden) \n- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (Mizuho Mori) \n- ext4: correct the error path of ext4_write_inline_data_end() (Zhang Yi) \n- net: phy: bcm7xxx: Fixed indirect MMD operations (Florian Fainelli) \n- LTS tag: v5.4.153 (Jack Vogel) \n- x86/Kconfig: Correct reference to MWINCHIP3D (Lukas Bulwahn) \n- x86/hpet: Use another crystalball to evaluate HPET usability (Thomas Gleixner) \n- x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI (Lukas Bulwahn) \n- RISC-V: Include clone3() on rv32 (Palmer Dabbelt) \n- bpf, s390: Fix potential memory leak about jit_data (Tiezhu Yang) \n- i2c: acpi: fix resource leak in reconfiguration device addition (Jamie Iles) \n- net: prefer socket bound to interface when not in VRF (Mike Manning) \n- i40e: Fix freeing of uninitialized misc IRQ vector (Sylwester Dziedziuch) \n- i40e: fix endless loop under rtnl (Jiri Benc) \n- gve: fix gve_get_stats() (Eric Dumazet) \n- rtnetlink: fix if_nlmsg_stats_size() under estimation (Eric Dumazet) \n- gve: Correct available tx qpl check (Catherine Sullivan) \n- drm/nouveau/debugfs: fix file release memory leak (Yang Yingliang) \n- video: fbdev: gbefb: Only instantiate device when built for IP32 (Mark Brown) \n- bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893 (Tony Lindgren) \n- netlink: annotate data races around nlk->bound (Eric Dumazet) \n- net: sfp: Fix typo in state machine debug string (Sean Anderson) \n- net/sched: sch_taprio: properly cancel timer from taprio_destroy() (Eric Dumazet) \n- net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (Eric Dumazet) \n- ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence (Oleksij Rempel) \n- arm64: dts: ls1028a: add missing CAN nodes (Michael Walle) \n- arm64: dts: freescale: Fix SP805 clock-names (Andre Przywara) \n- ptp_pch: Load module automatically if ID matches (Andy Shevchenko) \n- powerpc/fsl/dts: Fix phy-connection-type for fm1mac3 (Pali Rohar) \n- net_sched: fix NULL deref in fifo_set_limit() (Eric Dumazet) \n- phy: mdio: fix memory leak (Pavel Skripkin) \n- bpf, arm: Fix register clobbering in div/mod implementation (Johan Almbladh) \n- xtensa: call irqchip_init only when CONFIG_USE_OF is selected (Max Filippov) \n- xtensa: use CONFIG_USE_OF instead of CONFIG_OF (Randy Dunlap) \n- xtensa: move XCHAL_KIO_* definitions to kmem_layout.h (Max Filippov) \n- arm64: dts: qcom: pm8150: use qcom,pm8998-pon binding (Dmitry Baryshkov) \n- ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (Marek Vasut) \n- ARM: dts: imx: Add missing pinctrl-names for panel on M53Menlo (Marek Vasut) \n- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (Shawn Guo) \n- ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (Marijn Suijten) \n- soc: qcom: socinfo: Fixed argument passed to platform_set_data() (Antonio Martorana) \n- bpf, mips: Validate conditional branch offsets (Piotr Krysiuk) \n- MIPS: BPF: Restore MIPS32 cBPF JIT (Paul Burton) \n- ARM: dts: qcom: apq8064: use compatible which contains chipid (David Heidelberg) \n- ARM: dts: omap3430-sdp: Fix NAND device node (Roger Quadros) \n- xen/balloon: fix cancelled balloon action (Juergen Gross) \n- nfsd4: Handle the NFSv4 READDIR dircount hint being zero (Trond Myklebust) \n- nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (Patrick Ho) \n- ovl: fix missing negative dentry check in ovl_rename() (Zheng Liang) \n- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (Neil Armstrong) \n- xen/privcmd: fix error handling in mmap-resource processing (Jan Beulich) \n- usb: typec: tcpm: handle SRC_STARTUP state if cc changes (Xu Yang) \n- USB: cdc-acm: fix break reporting (Johan Hovold) \n- USB: cdc-acm: fix racy tty buffer accesses (Johan Hovold) \n- Partially revert usb: Kconfig: using select for USB_COMMON dependency (Ben Hutchings)", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-14T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-3640", "CVE-2021-3752", "CVE-2021-4155", "CVE-2021-43975", "CVE-2021-44733", "CVE-2022-0185", "CVE-2022-0492"], "modified": "2022-02-14T00:00:00", "id": "ELSA-2022-9147", "href": "http://linux.oracle.com/errata/ELSA-2022-9147.html", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T23:31:32", "description": "[5.4.17-2136.304.4.1]\n- Revert rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info (Rohit Nair) [Orabug: 33832625] \n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33832582] {CVE-2022-0492}\n[5.4.17-2136.304.4]\n- scsi: libiscsi: Fix iscsi_task use after free() (Mike Christie) [Orabug: 33794250] \n- scsi: libiscsi: Drop taskqueuelock (Mike Christie) [Orabug: 33794250] \n- ib/core: add SET_DEVICE_OP call for clear_hw_stats() (Qing Huang) [Orabug: 33495339] \n- KVM: SVM: Dont intercept #GP for SEV guests (Sean Christopherson) [Orabug: 33446920] \n- Revert KVM: SVM: avoid infinite loop on NPF from bad address (Sean Christopherson) [Orabug: 33446920] \n- KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (Sean Christopherson) [Orabug: 33446920] \n- rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info (Rohit Nair) [Orabug: 33660929] \n- tee: handle lookup of shm with reference count 0 (Jens Wiklander) [Orabug: 33739582] {CVE-2021-44733}\n- smp: always continue to process IRQ work (Stephen Brennan) [Orabug: 33802464]\n[5.4.17-2136.304.3]\n- vfs: fs_context: fix up param length parsing in legacy_parse_param (Jamie Hill-Daniel) [Orabug: 33766454] {CVE-2022-0185}\n- LTS tag: v5.4.161 (Sherry Yang) \n- erofs: fix unsafe pagevec reuse of hooked pclusters (Gao Xiang) \n- erofs: remove the occupied parameter from z_erofs_pagevec_enqueue() (Yue Hu) \n- PCI: Add MSI masking quirk for Nvidia ION AHCI (Marc Zyngier) \n- PCI/MSI: Deal with devices lying about their MSI mask capability (Marc Zyngier) \n- PCI/MSI: Destroy sysfs before freeing entries (Thomas Gleixner) \n- parisc/entry: fix trace test in syscall exit path (Sven Schnelle) \n- fortify: Explicitly disable Clang support (Kees Cook) \n- scsi: ufs: Fix tm request when non-fatal error happens (Jaegeuk Kim) \n- ext4: fix lazy initialization next schedule time computation in more granular unit (Shaoying Xu) \n- MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL (Maciej W. Rozycki) \n- scsi: ufs: Fix interrupt error message for shared interrupts (Adrian Hunter) \n- soc/tegra: pmc: Fix imbalanced clock disabling in error code path (Dmitry Osipenko) \n- LTS tag: v5.4.160 (Sherry Yang) [Orabug: 33536399] \n- selftests/bpf: Fix also no-alu32 strobemeta selftest (Andrii Nakryiko) \n- ath10k: fix invalid dma_addr_t token assignment (Arnd Bergmann) \n- SUNRPC: Partial revert of commit 6f9f17287e78 (Trond Myklebust) \n- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (Pali Rohar) \n- powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload (Vasant Hegde) \n- s390/cio: make ccw_device_dma_* more robust (Halil Pasic) \n- s390/tape: fix timer initialization in tape_std_assign() (Sven Schnelle) \n- s390/cio: check the subchannel validity for dev_busid (Vineeth Vijayan) \n- video: backlight: Drop maximum brightness override for brightness zero (Marek Vasut) \n- mm, oom: do not trigger out_of_memory from the #PF (Michal Hocko) \n- mm, oom: pagefault_out_of_memory: dont force global OOM for dying tasks (Vasily Averin) \n- powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC (Naveen N. Rao) \n- powerpc/security: Add a helper to query stf_barrier type (Naveen N. Rao) \n- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (Naveen N. Rao) \n- powerpc/bpf: Validate branch ranges (Naveen N. Rao) \n- powerpc/lib: Add helper to check if offset is within conditional branch range (Naveen N. Rao) \n- ovl: fix deadlock in splice write (Miklos Szeredi) \n- 9p/net: fix missing error check in p9_check_errors (Dominique Martinet) \n- net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE (Daniel Borkmann) \n- f2fs: should use GFP_NOFS for directory inodes (Jaegeuk Kim) \n- irqchip/sifive-plic: Fixup EOI failed when masked (Guo Ren) \n- parisc: Fix set_fixmap() on PA1.x CPUs (Helge Deller) \n- parisc: Fix backtrace to always include init funtion names (Helge Deller) \n- ARM: 9156/1: drop cc-option fallbacks for architecture selection (Arnd Bergmann) \n- ARM: 9155/1: fix early early_iounmap() (Michal Miroslaw) \n- selftests/net: udpgso_bench_rx: fix port argument (Willem de Bruijn) \n- cxgb4: fix eeprom len when diagnostics not implemented (Rahul Lakkireddy) \n- net/smc: fix sk_refcnt underflow on linkdown and fallback (Dust Li) \n- vsock: prevent unnecessary refcnt inc for nonblocking connect (Eiichi Tsukata) \n- net: hns3: allow configure ETS bandwidth of all TCs (Guangbin Huang) \n- net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any (Eric Dumazet) \n- bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding (John Fastabend) \n- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (Arnd Bergmann) \n- nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (Chengfeng Ye) \n- llc: fix out-of-bound array index in llc_sk_dev_hash() (Eric Dumazet) \n- perf bpf: Add missing free to bpf_event__print_bpf_prog_info() (Ian Rogers) \n- zram: off by one in read_block_state() (Dan Carpenter) \n- mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() (Miaohe Lin) \n- bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (Huang Guobin) \n- ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (Hans de Goede) \n- net: vlan: fix a UAF in vlan_dev_real_dev() (Ziyang Xuan) \n- net: davinci_emac: Fix interrupt pacing disable (Maxim Kiselev) \n- xen-pciback: Fix return in pm_ctrl_init() (YueHaibing) \n- i2c: xlr: Fix a resource leak in the error handling path of xlr_i2c_probe() (Christophe JAILLET) \n- NFSv4: Fix a regression in nfs_set_open_stateid_locked() (Trond Myklebust) \n- scsi: qla2xxx: Turn off target reset during issue_lip (Quinn Tran) \n- scsi: qla2xxx: Fix gnl list corruption (Quinn Tran) \n- ar7: fix kernel builds for compiler test (Jackie Liu) \n- watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (Ahmad Fatoum) \n- m68k: set a default value for MEMORY_RESERVE (Randy Dunlap) \n- signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) (Eric W. Biederman) \n- dmaengine: dmaengine_desc_callback_valid(): Check for callback_result (Lars-Peter Clausen) \n- netfilter: nfnetlink_queue: fix OOB when mac header was cleared (Florian Westphal) \n- soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (Robert-Ionut Alexa) \n- auxdisplay: ht16k33: Fix frame buffer device blanking (Geert Uytterhoeven) \n- auxdisplay: ht16k33: Connect backlight to fbdev (Geert Uytterhoeven) \n- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (Geert Uytterhoeven) \n- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (Claudiu Beznea) \n- mtd: core: dont remove debugfs directory if device is in use (Zev Weiss) \n- mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (Evgeny Novikov) \n- fs: orangefs: fix error return code of orangefs_revalidate_lookup() (Jia-Ju Bai) \n- NFS: Fix deadlocks in nfs_scan_commit_list() (Trond Myklebust) \n- opp: Fix return in _opp_add_static_v2() (YueHaibing) \n- PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge (Pali Rohar) \n- PCI: aardvark: Dont spam about PIO Response Status (Marek Behun) \n- drm/plane-helper: fix uninitialized variable reference (Alex Xu (Hello71)) \n- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (Baptiste Lepers) \n- rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined (Arnaud Pouliquen) \n- apparmor: fix error check (Tom Rix) \n- power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (Hans de Goede) \n- mips: cm: Convert to bitfield API to fix out-of-bounds access (Geert Uytterhoeven) \n- powerpc/44x/fsp2: add missing of_node_put (Bixuan Cui) \n- HID: u2fzero: properly handle timeouts in usb_submit_urb (Andrej Shadura) \n- HID: u2fzero: clarify error check and length calculations (Andrej Shadura) \n- serial: xilinx_uartps: Fix race condition causing stuck TX (Anssi Hannula) \n- phy: qcom-qusb2: Fix a memory leak on probe (Vladimir Zapolskiy) \n- ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (Richard Fitzgerald) \n- ASoC: cs42l42: Correct some register default values (Richard Fitzgerald) \n- ARM: dts: stm32: fix SAI sub nodes register range (Olivier Moysan) \n- staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (Vegard Nossum) \n- RDMA/mlx4: Return missed an error if device doesnt support steering (Leon Romanovsky) \n- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Dan Carpenter) \n- power: supply: rt5033_battery: Change voltage values to uV (Jakob Hauser) \n- usb: gadget: hid: fix error code in do_config() (Dan Carpenter) \n- serial: 8250_dw: Drop wrong use of ACPI_PTR() (Andy Shevchenko) \n- video: fbdev: chipsfb: use memset_io() instead of memset() (Christophe Leroy) \n- clk: at91: check pmc node status before registering syscore ops (Clement Leger) \n- memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (Dongliang Mu) \n- soc/tegra: Fix an error handling path in tegra_powergate_power_up() (Christophe JAILLET) \n- arm: dts: omap3-gta04a4: accelerometer irq fix (Andreas Kemnade) \n- ALSA: hda: Reduce udelay() at SKL+ position reporting (Takashi Iwai) \n- JFS: fix memleak in jfs_mount (Dongliang Mu) \n- MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT (Jackie Liu) \n- scsi: dc395: Fix error case unwinding (Tong Zhang) \n- ARM: dts: at91: tse850: the emac<->phy interface is rmii (Peter Rosin) \n- arm64: dts: meson-g12a: Fix the pwm regulator supply properties (Anand Moon) \n- RDMA/bnxt_re: Fix query SRQ failure (Selvin Xavier) \n- ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (Marijn Suijten) \n- arm64: dts: rockchip: Fix GPU register width for RK3328 (Alex Bee) \n- ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (Jackie Liu) \n- clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths (Christophe JAILLET) \n- RDMA/rxe: Fix wrong port_cap_flags (Junji Wei) \n- ibmvnic: Process crqs after enabling interrupts (Sukadev Bhattiprolu) \n- ibmvnic: dont stop queue in xmit (Sukadev Bhattiprolu) \n- udp6: allow SO_MARK ctrl msg to affect routing (Jakub Kicinski) \n- selftests/bpf: Fix fclose/pclose mismatch in test_progs (Andrea Righi) \n- crypto: pcrypt - Delay write to padata->info (Daniel Jordan) \n- net: phylink: avoid mvneta warning when setting pause parameters (Russell King (Oracle)) \n- net: amd-xgbe: Toggle PLL settings during rate change (Shyam Sundar S K) \n- drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (Alex Deucher) \n- wcn36xx: add proper DMA memory barriers in rx path (Benjamin Li) \n- libertas: Fix possible memory leak in probe and disconnect (Wang Hai) \n- libertas_tf: Fix possible memory leak in probe and disconnect (Wang Hai) \n- KVM: s390: Fix handle_sske page fault handling (Janis Schoetterl-Glausch) \n- samples/kretprobes: Fix return value if register_kretprobe() failed (Tiezhu Yang) \n- tcp: dont free a FIN sk_buff in tcp_remove_empty_skb() (Jon Maxwell) \n- irq: mips: avoid nested irq_enter() (Mark Rutland) \n- s390/gmap: dont unconditionally call pte_unmap_unlock() in __gmap_zap() (David Hildenbrand) \n- libbpf: Fix BTF data layout checks and allow empty BTF (Andrii Nakryiko) \n- smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi (Tetsuo Handa) \n- drm/msm: Fix potential NULL dereference in DPU SSPP (Jessica Zhang) \n- clocksource/drivers/timer-ti-dm: Select TIMER_OF (Kees Cook) \n- PM: hibernate: fix sparse warnings (Anders Roxell) \n- nvme-rdma: fix error code in nvme_rdma_setup_ctrl (Max Gurtovoy) \n- phy: micrel: ksz8041nl: do not use power down mode (Stefan Agner) \n- mwifiex: Send DELBA requests according to spec (Jonas Drenler) \n- rsi: stop thread firstly in rsi_91x_init() error handling (Ziyang Xuan) \n- mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (Lorenzo Bianconi) \n- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (Nathan Chancellor) \n- block: ataflop: fix breakage introduced at blk-mq refactoring (Michael Schmitz) \n- mmc: mxs-mmc: disable regulator on error and in the remove function (Christophe JAILLET) \n- net: stream: dont purge sk_error_queue in sk_stream_kill_queues() (Jakub Kicinski) \n- drm/msm: uninitialized variable in msm_gem_import() (Dan Carpenter) \n- ath10k: fix max antenna gain unit (Sven Eckelmann) \n- hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (Zev Weiss) \n- hwmon: Fix possible memleak in __hwmon_device_register() (Yang Yingliang) \n- net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE (Daniel Borkmann) \n- memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (Dan Carpenter) \n- memstick: avoid out-of-range warning (Arnd Bergmann) \n- mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (Tony Lindgren) \n- b43: fix a lower bounds test (Dan Carpenter) \n- b43legacy: fix a lower bounds test (Dan Carpenter) \n- hwrng: mtk - Force runtime pm ops for sleep ops (Markus Schneider-Pargmann) \n- crypto: qat - disregard spurious PFVF interrupts (Giovanni Cabiddu) \n- crypto: qat - detect PFVF collision after ACK (Giovanni Cabiddu) \n- media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (Evgeny Novikov) \n- netfilter: nft_dynset: relax superfluous check on set updates (Pablo Neira Ayuso) \n- EDAC/amd64: Handle three rank interleaving mode (Yazen Ghannam) \n- ath9k: Fix potential interrupt storm on queue reset (Linus Lussing) \n- media: em28xx: Dont use ops->suspend if it is NULL (Colin Ian King) \n- cpuidle: Fix kobject memory leaks in error paths (Anel Orazgaliyeva) \n- crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (Arnd Bergmann) \n- kprobes: Do not use local variable when creating debugfs file (Punit Agrawal) \n- media: cx23885: Fix snd_card_free call on null card pointer (Colin Ian King) \n- media: tm6000: Avoid card name truncation (Kees Cook) \n- media: si470x: Avoid card name truncation (Kees Cook) \n- media: radio-wl1273: Avoid card name truncation (Kees Cook) \n- media: mtk-vpu: Fix a resource leak in the error handling path of mtk_vpu_probe() (Christophe JAILLET) \n- media: TDA1997x: handle short reads of hdmi info frame. (Tom Rix) \n- media: dvb-usb: fix ununit-value in az6027_rc_query (Pavel Skripkin) \n- media: cxd2880-spi: Fix a null pointer dereference on error handling path (Colin Ian King) \n- media: em28xx: add missing em28xx_close_extension (Pavel Skripkin) \n- drm/amdgpu: fix warning for overflow check (Arnd Bergmann) \n- ath10k: Fix missing frame timestamp for beacon/probe-resp (Loic Poulain) \n- net: dsa: rtl8366rb: Fix off-by-one bug (Linus Walleij) \n- rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies() (Jiasheng Jiang) \n- crypto: caam - disable pkc for non-E SoCs (Michael Walle) \n- Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (Dinghao Liu) \n- wilc1000: fix possible memory leak in cfg_scan_result() (Ajay Singh) \n- cgroup: Make rebind_subsystems() disable v2 controllers all at once (Waiman Long) \n- net: net_namespace: Fix undefined member in key_remove_domain() (Yajun Deng) \n- virtio-gpu: fix possible memory allocation failure (liuyuntao) \n- drm/v3d: fix wait for TMU write combiner flush (Iago Toral Quiroga) \n- rcu: Fix existing exp request check in sync_sched_exp_online_cleanup() (Neeraj Upadhyay) \n- Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) \n- selftests/bpf: Fix strobemeta selftest regression (Andrii Nakryiko) \n- netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state (Pablo Neira Ayuso) \n- parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling (Sven Schnelle) \n- parisc/unwind: fix unwinder when CONFIG_64BIT is enabled (Sven Schnelle) \n- task_stack: Fix end_of_stack() for architectures with upwards-growing stack (Helge Deller) \n- parisc: fix warning in flush_tlb_all (Sven Schnelle) \n- x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted (Vitaly Kuznetsov) \n- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (Yang Yingliang) \n- btrfs: do not take the uuid_mutex in btrfs_rm_device (Josef Bacik) \n- net: annotate data-race in neigh_output() (Eric Dumazet) \n- vrf: run conntrack only in context of lower/physdev for locally generated packets (Florian Westphal) \n- ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (Arnd Bergmann) \n- gre/sit: Dont generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE (Stephen Suryaputra) \n- ARM: clang: Do not rely on lr register for stacktrace (Masami Hiramatsu) \n- smackfs: use __GFP_NOFAIL for smk_cipso_doi() (Tetsuo Handa) \n- iwlwifi: mvm: disable RX-diversity in powersave (Johannes Berg) \n- selftests: kvm: fix mismatched fclose() after popen() (Shuah Khan) \n- PM: hibernate: Get block device exclusively in swsusp_check() (Ye Bin) \n- nvme: drop scan_lock and always kick requeue list when removing namespaces (Hannes Reinecke) \n- nvmet-tcp: fix use-after-free when a port is removed (Israel Rukshin) \n- nvmet: fix use-after-free when a port is removed (Israel Rukshin) \n- block: remove inaccurate requeue check (Jens Axboe) \n- mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (Zheyu Ma) \n- tracing/cfi: Fix cmp_entries_* functions signature mismatch (Kalesh Singh) \n- workqueue: make sysfs of unbound kworker cpumask more clever (Menglong Dong) \n- lib/xz: Validate the value before assigning it to an enum variable (Lasse Collin) \n- lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (Lasse Collin) \n- memstick: r592: Fix a UAF bug when removing the driver (Zheyu Ma) \n- leaking_addresses: Always print a trailing newline (Kees Cook) \n- ACPI: battery: Accept charges over the design capacity as full (Andre Almeida) \n- iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value (Andreas Gruenbacher) \n- ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (Tuo Li) \n- tracefs: Have tracefs directories not set OTH permission bits by default (Steven Rostedt (VMware)) \n- net-sysfs: try not to restart the syscall if it will fail eventually (Antoine Tenart) \n- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (Anant Thazhemadam) \n- media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (Ricardo Ribalda) \n- media: ipu3-imgu: imgu_fmt: Handle properly try (Ricardo Ribalda) \n- ACPICA: Avoid evaluating methods too early during system resume (Rafael J. Wysocki) \n- ipmi: Disable some operations during a panic (Corey Minyard) \n- media: rcar-csi2: Add checking to rcsi2_start_receiver() (Nadezda Lutovinova) \n- brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (Hans de Goede) \n- ia64: dont do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK (Randy Dunlap) \n- media: mceusb: return without resubmitting URB in case of -EPROTO error. (Rajat Asthana) \n- media: imx: set a media_device bus_info string (Martin Kepplinger) \n- media: s5p-mfc: Add checking to s5p_mfc_probe(). (Nadezda Lutovinova) \n- media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (Tuo Li) \n- media: uvcvideo: Set unique vdev name based in type (Ricardo Ribalda) \n- media: uvcvideo: Return -EIO for control errors (Ricardo Ribalda) \n- media: uvcvideo: Set capability in s_param (Ricardo Ribalda) \n- media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (Dmitriy Ulitin) \n- media: netup_unidvb: handle interrupt properly according to the firmware (Zheyu Ma) \n- media: mt9p031: Fix corrupted frame after restarting stream (Dirk Bender) \n- ath10k: high latency fixes for beacon buffer (Alagu Sankar) \n- mwifiex: Properly initialize private structure on interface type changes (Jonas Drebler) \n- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (Jonas Drebler) \n- x86: Increase exception stack sizes (Peter Zijlstra) \n- smackfs: Fix use-after-free in netlbl_catmap_walk() (Pawan Gupta) \n- locking/lockdep: Avoid RCU-induced noinstr fail (Peter Zijlstra) \n- MIPS: lantiq: dma: reset correct number of channel (Aleksander Jan Bajkowski) \n- MIPS: lantiq: dma: add small delay after reset (Aleksander Jan Bajkowski) \n- platform/x86: wmi: do not fail if disabling fails (Barnabas Pocze) \n- drm/panel-orientation-quirks: add Valve Steam Deck (Simon Ser) \n- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (Takashi Iwai) {CVE-2021-3640}\n- drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (Hans de Goede) \n- drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (Hans de Goede) \n- drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (Hans de Goede) \n- dma-buf: WARN on dmabuf release with pending attachments (Charan Teja Reddy) \n- USB: chipidea: fix interrupt deadlock (Johan Hovold) \n- USB: iowarrior: fix control-message timeouts (Johan Hovold) \n- USB: serial: keyspan: fix memleak on probe errors (Wang Hai) \n- iio: dac: ad5446: Fix ad5622_write() return value (Pekka Korpinen) \n- pinctrl: core: fix possible memory leak in pinctrl_enable() (Yang Yingliang) \n- quota: correct error number in free_dqentry() (Zhang Yi) \n- quota: check block number when reading the block in quota file (Zhang Yi) \n- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (Marek Behun) \n- PCI: aardvark: Fix return value of MSI domain .alloc() method (Marek Behun) \n- PCI: aardvark: Fix reporting Data Link Layer Link Active (Pali Rohar) \n- PCI: aardvark: Do not unmask unused interrupts (Pali Rohar) \n- PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) \n- PCI: aardvark: Do not clear status bits of masked interrupts (Pali Rohar) \n- PCI: pci-bridge-emul: Fix emulation of W1C bits (Marek Behun) \n- xen/balloon: add late_initcall_sync() for initial ballooning done (Juergen Gross) \n- ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume (Pavel Skripkin) \n- ALSA: mixer: oss: Fix racy access to slots (Takashi Iwai) \n- serial: core: Fix initializing and restoring termios speed (Pali Rohar) \n- powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found (Xiaoming Ni) \n- can: j1939: j1939_can_recv(): ignore messages with invalid source address (Zhang Changzhong) \n- can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport (Zhang Changzhong) \n- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (Sean Christopherson) \n- power: supply: max17042_battery: use VFSOC for capacity when no rsns (Henrik Grimler) \n- power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (Sebastian Krzyszkowiak) \n- signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT (Eric W. Biederman) \n- signal: Remove the bogus sigkill_pending in ptrace_stop (Eric W. Biederman) \n- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (Alok Prasad) \n- rsi: Fix module dev_oper_mode parameter description (Marek Vasut) \n- rsi: fix rate mask set leading to P2P failure (Martin Fuzzey) \n- rsi: fix key enabled check causing unwanted encryption for vap_id > 0 (Martin Fuzzey) \n- rsi: fix occasional initialisation failure with BT coex (Martin Fuzzey) \n- wcn36xx: handle connection loss indication (Benjamin Li) \n- libata: fix checking of DMA state (Reimar Doffinger) \n- mwifiex: Read a PCI register after writing the TX ring write pointer (Jonas Drebler) \n- wcn36xx: Fix HT40 capability for 2Ghz band (Loic Poulain) \n- evm: mark evm_fixmode as __ro_after_init (Austin Kim) \n- rtl8187: fix control-message timeouts (Johan Hovold) \n- PCI: Mark Atheros QCA6174 to avoid bus reset (Ingmar Klein) \n- ath10k: fix division by zero in send path (Johan Hovold) \n- ath10k: fix control-message timeout (Johan Hovold) \n- ath6kl: fix control-message timeout (Johan Hovold) \n- ath6kl: fix division by zero in send path (Johan Hovold) \n- mwifiex: fix division by zero in fw download path (Johan Hovold) \n- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (Eric Badger) \n- regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (Krzysztof Kozlowski) \n- regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (Krzysztof Kozlowski) \n- hwmon: (pmbus/lm25066) Add offset coefficients (Zev Weiss) \n- ia64: kprobes: Fix to pass correct trampoline address to the handler (Masami Hiramatsu) \n- btrfs: call btrfs_check_rw_degradable only if there is a missing device (Anand Jain) \n- btrfs: fix lost error handling when replaying directory deletes (Filipe Manana) \n- btrfs: clear MISSING device status bit in btrfs_close_one_device (Li Zhang) \n- net/smc: Correct spelling mistake to TCPF_SYN_RECV (Wen Gu) \n- nfp: bpf: relax prog rejection for mtu check through max_pkt_offset (Yu Xiao) \n- vmxnet3: do not stop tx queues after netif_device_detach() (Dongli Zhang) \n- r8169: Add device 10ec:8162 to driver r8169 (Janghyub Seo) \n- nvmet-tcp: fix header digest verification (Amit Engel) \n- drm: panel-orientation-quirks: Add quirk for GPD Win3 (Mario) \n- watchdog: Fix OMAP watchdog early handling (Walter Stoll) \n- net: multicast: calculate csum of looped-back and forwarded packets (Cyril Strejc) \n- spi: spl022: fix Microwire full duplex mode (Thomas Perrot) \n- nvmet-tcp: fix a memory leak when releasing a queue (Maurizio Lombardi) \n- bpf: Prevent increasing bpf_jit_limit above max (Lorenz Bauer) \n- drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (Bryant Mairs) \n- mmc: winbond: dont build on M68K (Randy Dunlap) \n- reset: socfpga: add empty driver allowing consumers to probe (Pawel Anikiel) \n- ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode (Bastien Roucaries) \n- hyperv/vmbus: include linux/bitops.h (Arnd Bergmann) \n- sfc: Dont use netif_info before net_device setup (Erik Ekman) \n- cavium: Fix return values of the probe function (Zheyu Ma) \n- scsi: qla2xxx: Fix unmap of already freed sgl (Dmitry Bogdanov) \n- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (Zheyu Ma) \n- cavium: Return negative value when pci_alloc_irq_vectors() fails (Zheyu Ma) \n- x86/irq: Ensure PI wakeup handler is unregistered before module unload (Sean Christopherson) \n- x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (Jane Malalane) \n- x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (Tom Lendacky) \n- fuse: fix page stealing (Miklos Szeredi) \n- ALSA: timer: Unconditionally unlink slave instances, too (Takashi Iwai) \n- ALSA: timer: Fix use-after-free problem (Wang Wensheng) \n- ALSA: synth: missing check for possible NULL after the call to kstrdup (Austin Kim) \n- ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (Alexander Tsoy) \n- ALSA: line6: fix control and interrupt message timeouts (Johan Hovold) \n- ALSA: 6fire: fix control and bulk message timeouts (Johan Hovold) \n- ALSA: ua101: fix division by zero at probe (Johan Hovold) \n- ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (Kai-Heng Feng) \n- ALSA: hda/realtek: Add quirk for ASUS UX550VE (Takashi Iwai) \n- ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (Jaroslav Kysela) \n- ALSA: hda/realtek: Add quirk for Clevo PC70HS (Tim Crawford) \n- media: v4l2-ioctl: Fix check_ext_ctrls (Ricardo Ribalda) \n- media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Sean Young) \n- media: ite-cir: IR receiver stop working after receive overflow (Sean Young) \n- crypto: s5p-sss - Add error handling in s5p_aes_probe() (Tang Bin) \n- firmware/psci: fix application of sizeof to pointer (jing yangyang) \n- tpm: Check for integer overflow in tpm2_map_response_body() (Dan Carpenter) \n- parisc: Fix ptrace check on syscall return (Helge Deller) \n- mmc: dw_mmc: Dont wait for DRTO on Write RSP error (Christian Lohle) \n- scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) \n- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (Arun Easi) \n- libata: fix read log timeout value (Damien Le Moal) \n- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (Takashi Iwai) \n- Input: elantench - fix misreporting trackpoint coordinates (Phoenix Huang) \n- Input: iforce - fix control-message timeout (Johan Hovold) \n- binder: use cred instead of task for getsecid (Todd Kjos) \n- binder: use cred instead of task for selinux checks (Todd Kjos) \n- binder: use euid from cred instead of using task (Todd Kjos) \n- usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (Nehal Bakulchandra Shah) \n- xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (Mathias Nyman) \n- LTS tag: v5.4.159 (Sherry Yang) \n- rsi: fix control-message timeout (Johan Hovold) \n- media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (Gustavo A. R. Silva) \n- staging: rtl8192u: fix control-message timeouts (Johan Hovold) \n- staging: r8712u: fix control-message timeout (Johan Hovold) \n- comedi: vmk80xx: fix bulk and interrupt message timeouts (Johan Hovold) \n- comedi: vmk80xx: fix bulk-buffer overflow (Johan Hovold) \n- comedi: vmk80xx: fix transfer-buffer overflows (Johan Hovold) \n- comedi: ni_usb6501: fix NULL-deref in command paths (Johan Hovold) \n- comedi: dt9812: fix DMA buffers on stack (Johan Hovold) \n- isofs: Fix out of bound access for corrupted isofs image (Jan Kara) \n- printk/console: Allow to disable console output by using console= or console=null (Petr Mladek) \n- binder: dont detect sender/target during buffer cleanup (Todd Kjos) \n- usb-storage: Add compatibility quirk flags for iODD 2531/2541 (James Buren) \n- usb: musb: Balance list entry in musb_gadget_queue (Viraj Shah) \n- usb: gadget: Mark USB_FSL_QE broken on 64-bit (Geert Uytterhoeven) \n- usb: ehci: handshake CMD_RUN instead of STS_HALT (Neal Liu) \n- Revert x86/kvm: fix vcpu-id indexed array sizes (Juergen Gross) \n- LTS tag: v5.4.158 (Sherry Yang) \n- ARM: 9120/1: Revert amba: make use of -1 IRQs warn (Wang Kefeng) \n- Revert drm/ttm: fix memleak in ttm_transfered_destroy (Greg Kroah-Hartman) \n- sfc: Fix reading non-legacy supported link modes (Erik Ekman) \n- Revert usb: core: hcd: Add support for deferring roothub registration (Greg Kroah-Hartman) \n- Revert xhci: Set HCD flag to defer primary roothub registration (Greg Kroah-Hartman) \n- media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Dan Carpenter) \n- net: ethernet: microchip: lan743x: Fix skb allocation failure (Yuiko Oshino) \n- vrf: Revert Reset skb conntrack connection... (Eugene Crosser) \n- scsi: core: Put LLD module refcnt after SCSI device is released (Ming Lei) \n- LTS tag: v5.4.157 (Sherry Yang) \n- perf script: Check session->header.env.arch before using it (Song Liu) \n- KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (Halil Pasic) \n- KVM: s390: clear kicked_mask before sleeping again (Halil Pasic) \n- cfg80211: correct bridge/4addr mode check (Janusz Dziedzic) \n- net: use netif_is_bridge_port() to check for IFF_BRIDGE_PORT (Julian Wiedmann) \n- sctp: add vtag check in sctp_sf_ootb (Xin Long) \n- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (Xin Long) \n- sctp: add vtag check in sctp_sf_violation (Xin Long) \n- sctp: fix the processing for COOKIE_ECHO chunk (Xin Long) \n- sctp: fix the processing for INIT_ACK chunk (Xin Long) \n- sctp: use init_tag from inithdr for ABORT chunk (Xin Long) \n- phy: phy_start_aneg: Add an unlocked version (Andrew Lunn) \n- phy: phy_ethtool_ksettings_get: Lock the phy for consistency (Andrew Lunn) \n- net/tls: Fix flipped sign in async_wait.err assignment (Daniel Jordan) \n- net: nxp: lpc_eth.c: avoid hang when bringing interface down (Trevor Woerner) \n- net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent (Yuiko Oshino) \n- net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails (Yuiko Oshino) \n- nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST (Guenter Roeck) \n- RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (Mark Zhang) \n- net: Prevent infinite while loop in skb_tx_hash() (Michael Chan) \n- net: batman-adv: fix error handling (Pavel Skripkin) \n- regmap: Fix possible double-free in regcache_rbtree_exit() (Yang Yingliang) \n- arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (Clement Besch) \n- RDMA/mlx5: Set user priority for DCT (Patrisious Haddad) \n- nvme-tcp: fix data digest pointer calculation (Varun Prakash) \n- nvmet-tcp: fix data digest pointer calculation (Varun Prakash) \n- IB/hfi1: Fix abba locking issue with sc_disable() (Mike Marciniszyn) \n- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (Mike Marciniszyn) \n- tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function (Liu Jian) \n- drm/ttm: fix memleak in ttm_transfered_destroy (Christian Konig) \n- net: lan78xx: fix division by zero in send path (Johan Hovold) \n- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (Johannes Berg) \n- mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (Haibo Chen) \n- mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (Shawn Guo) \n- mmc: dw_mmc: exynos: fix the finding clock sample value (Jaehoon Chung) \n- mmc: cqhci: clear HALT state after CQE enable (Wenbin Mei) \n- mmc: vub300: fix control-message timeouts (Johan Hovold) \n- net/tls: Fix flipped sign in tls_err_abort() calls (Daniel Jordan) \n- Revert net: mdiobus: Fix memory leak in __mdiobus_register (Pavel Skripkin) \n- nfc: port100: fix using -ERRNO as command type mask (Krzysztof Kozlowski) \n- ata: sata_mv: Fix the error handling of mv_chip_id() (Zheyu Ma) \n- Revert pinctrl: bcm: ns: support updated DT binding as syscon subnode (Rafal Milecki) \n- usbnet: fix error return code in usbnet_probe() (Wang Hai) \n- usbnet: sanity check for maxpacket (Oliver Neukum) \n- ipv4: use siphash instead of Jenkins in fnhe_hashfun() (Eric Dumazet) \n- ipv6: use siphash in rt6_exception_hash() (Eric Dumazet) \n- powerpc/bpf: Fix BPF_MOD when imm == 1 (Naveen N. Rao) \n- ARM: 9141/1: only warn about XIP address when not compile testing (Arnd Bergmann) \n- ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (Arnd Bergmann) \n- ARM: 9134/1: remove duplicate memcpy() definition (Arnd Bergmann) \n- ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (Nick Desaulniers)\n[5.4.17-2136.304.2]\n- xfs: only relog deferred intent items if free space in the log gets low (Darrick J. Wong) [Orabug: 33548995] \n- xfs: expose the log push threshold (Darrick J. Wong) [Orabug: 33548995] \n- xfs: periodically relog deferred intent items (Darrick J. Wong) [Orabug: 33548995] \n- xfs: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 33548995] \n- xfs: change the order in which child and parent defer ops are finished (Darrick J. Wong) [Orabug: 33548995] \n- hugetlb: remove unnecessary set_page_count in prep_compound_gigantic_page (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: add hugetlb demote page support (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: add demote bool to gigantic page routines (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: add demote hugetlb page sysfs interfaces (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: before freeing hugetlb page set dtor to appropriate value (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: drop ref count earlier after page allocation (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: simplify prep_compound_gigantic_page ref count racing code (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: address ref count racing in prep_compound_gigantic_page (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: remove prep_compound_huge_page cleanup (Mike Kravetz) [Orabug: 33652181] \n- hugetlb: add lockdep_assert_held() calls for hugetlb_lock (Mike Kravetz) [Orabug: 33652181] \n- Revert Revert net/mlx4_core: Add masking for a few queries on HCA caps (Freddy Carrillo) [Orabug: 33666385] \n- uek-rpm: configs: disable CONFIG_USB_GADGET (aloktiw) [Orabug: 33730433] \n- rds: ib: Incorporate the stat counter ib_rdma_flush_mr_pool_avoided in the structure rds_ib_stat_names (Praveen Kumar Kannoju) [Orabug: 33742436] \n- memcg: fix use-after-free in uncharge_batch (Michal Hocko) [Orabug: 33752722] \n- xfs: force the log offline when log intent item recovery fails (Darrick J. Wong) [Orabug: 33757272] \n- xfs: cancel intents immediately if process_intents fails (Darrick J. Wong) [Orabug: 33757272]\n[5.4.17-2136.304.1]\n- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33745420] {CVE-2021-4155}\n- Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo) [Orabug: 33406414] {CVE-2021-3752}\n- x86/mce: Correct the detection of invalid notifier priorities (Zhen Lei) [Orabug: 33427594] \n- x86/mce/dev-mcelog: Do not update kflags on AMD systems (Smita Koralahalli) [Orabug: 33427594] \n- x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Yazen Ghannam) [Orabug: 33427594] \n- RAS/CEC: Fix cec_init() prototype (Luca Stefani) [Orabug: 33427594] \n- EDAC/mce_amd: Add new error descriptions for existing types (Yazen Ghannam) [Orabug: 33427594] \n- x86/mce, EDAC/mce_amd: Print PPIN in machine check records (Smita Koralahalli) [Orabug: 33427594] \n- x86/mce/dev-mcelog: Fix -Wstringop-truncation warning about strncpy() (Tony Luck) [Orabug: 33427594] \n- x86/mce: Drop bogus comment about mce.kflags (Tony Luck) [Orabug: 33427594] \n- EDAC: Drop the EDAC report status checks (Tony Luck) [Orabug: 33427594] \n- x86/mce: Add mce=print_all option (Tony Luck) [Orabug: 33427594] \n- x86/mce: Change default MCE logger to check mce->kflags (Tony Luck) [Orabug: 33427594] \n- x86/mce: Fix all mce notifiers to update the mce->kflags bitmask (Tony Luck) [Orabug: 33427594] \n- x86/mce: Add a struct mce.kflags field (Tony Luck) [Orabug: 33427594] \n- x86/mce: Convert the CEC to use the MCE notifier (Tony Luck) [Orabug: 33427594] \n- x86/mce: Rename first function as early (Tony Luck) [Orabug: 33427594] \n- x86/mce/amd, edac: Remove report_gart_errors (Borislav Petkov) [Orabug: 33427594] \n- x86/mce/dev-mcelog: Dynamically allocate space for machine check records (Tony Luck) [Orabug: 33427594] \n- EDAC/mc: Determine mci pointer from the error descriptor (Robert Richter) [Orabug: 33427594] \n- EDAC: Store error type in struct edac_raw_error_desc (Robert Richter) [Orabug: 33427594] \n- x86/mce: Take action on UCNA/Deferred errors again (Jan H. Schonherr) [Orabug: 33427594] \n- EDAC: Unify the mc_event tracepoint call (Robert Richter) [Orabug: 33427594] \n- EDAC/ghes: Remove intermediate buffer pvt->detail_location (Robert Richter) [Orabug: 33427594] \n- xfs: fix an incore inode UAF in xfs_bui_recover (Darrick J. Wong) [Orabug: 33541225] \n- xfs: clean up xfs_bui_item_recover iget/trans_alloc/ilock ordering (Darrick J. Wong) [Orabug: 33541225] \n- xfs: clean up bmap intent item recovery checking (Darrick J. Wong) [Orabug: 33541225] \n- x86/ioremap: Map EFI-reserved memory as encrypted for SEV (Tom Lendacky) [Orabug: 33547490] \n- efi/mokvar: Reserve the table only if it is in boot services data (Borislav Petkov) [Orabug: 33547490] \n- efi: mokvar: add missing include of asm/early_ioremap.h (Ard Biesheuvel) [Orabug: 33547490] \n- efi: mokvar-table: fix some issues in new code (Ard Biesheuvel) [Orabug: 33547490] \n- efi: Support for MOK variable config table (Lenny Szubowicz) [Orabug: 33547490] \n- efi: Rename arm-init to efi-init common for all arch (Atish Patra) [Orabug: 33547490] \n- uek-rpm: Update ol7 locklist with fnic symbols (John Donnelly) [Orabug: 33590906] \n- uek-rpm: Update ol8 locklist with fnic symbols (John Donnelly) [Orabug: 33590906] \n- rds_rdma: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] \n- net/mlx4: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] \n- net/mlx5: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] \n- IB/core: Introduce IB_CQ_FORCE_ZERO_CV (Hakon Bugge) [Orabug: 33616020] \n- Revert net/mlx{4,5}: Fix signed formal parameter (Hakon Bugge) [Orabug: 33616020] \n- Revert net/mlx{4,5},rds_rdma: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] \n- Revert rds: ib: Fix bug when comp_vector is IB_CQ_FORCE_ZERO_CV (Hakon Bugge) [Orabug: 33616020] \n- mstflint_access: Update driver code to v4.18.0-1 from Github (Sharath Srinivasan) [Orabug: 33646165] \n- mstflint_access: Update driver code to v4.17.0-1 from Github (Sharath Srinivasan) [Orabug: 33646165] \n- Revert io_uring: reinforce cancel on flush during exit (Lee Jones) [Orabug: 33687075] \n- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (George Kennedy) [Orabug: 33731040] \n- ocfs2: fix data corruption on truncate (Jan Kara) [Orabug: 33740343]\n[5.4.17-2136.303.3]\n- xfs: xfs_defer_capture should absorb remaining transaction reservation (Darrick J. Wong) [Orabug: 33520061] \n- xfs: xfs_defer_capture should absorb remaining block reservations (Darrick J. Wong) [Orabug: 33520061] \n- xfs: proper replay of deferred ops queued during log recovery (Darrick J. Wong) [Orabug: 33520061] \n- xfs: attach inode to dquot in xfs_bui_item_recover (Darrick J. Wong) [Orabug: 33520061] \n- xfs: log new intent items created as part of finishing recovered intent items (Darrick J. Wong) [Orabug: 33520061] \n- xfs: spell out the parameter name for ->cancel_item (Christoph Hellwig) [Orabug: 33520061] \n- xfs: use a xfs_btree_cur for the ->finish_cleanup state (Christoph Hellwig) [Orabug: 33520061] \n- xfs: turn dfp_done into a xfs_log_item (Christoph Hellwig) [Orabug: 33520061] \n- xfs: refactor xfs_defer_finish_noroll (Christoph Hellwig) [Orabug: 33520061] \n- xfs: turn dfp_intent into a xfs_log_item (Christoph Hellwig) [Orabug: 33520061] \n- xfs: merge the ->diff_items defer op into ->create_intent (Christoph Hellwig) [Orabug: 33520061] \n- xfs: merge the ->log_item defer op into ->create_intent (Christoph Hellwig) [Orabug: 33520061] \n- xfs: factor out a xfs_defer_create_intent helper (Christoph Hellwig) [Orabug: 33520061] \n- sched: Fix Core-wide rq->lock for uninitialized CPUs (Peter Zijlstra) [Orabug: 33568834] \n- admin-guide/hw-vuln: Rephrase a section of core-scheduling.rst (Fabio M. De Francesco) [Orabug: 33568834] \n- Documentation: Add usecases, design and interface for core scheduling (Joel Fernandes (Google)) [Orabug: 33568834] \n- kselftest: Add test for core sched prctl interface (Chris Hyser) [Orabug: 33568834] \n- sched: prctl() core-scheduling interface (Chris Hyser) [Orabug: 33568834] \n- sched: Inherit task cookie on fork() (Peter Zijlstra) [Orabug: 33568834] \n- sched: Trivial core scheduling cookie management (Peter Zijlstra) [Orabug: 33568834] \n- sched: Migration changes for core scheduling (Aubrey Li) [Orabug: 33568834] \n- sched: Trivial forced-newidle balancer (Peter Zijlstra) [Orabug: 33568834] \n- sched/fair: Snapshot the min_vruntime of CPUs on force idle (Joel Fernandes (Google)) [Orabug: 33568834] \n- sched: Fix priority inversion of cookied task with sibling (Joel Fernandes (Google)) [Orabug: 33568834] \n- sched/fair: Fix forced idle sibling starvation corner case (Vineeth Pillai) [Orabug: 33568834] \n- sched: Add core wide task selection and scheduling (Peter Zijlstra) [Orabug: 33568834] \n- sched: Basic tracking of matching tasks (Peter Zijlstra) [Orabug: 33568834] \n- sched: Introduce sched_class::pick_task() (Peter Zijlstra) [Orabug: 33568834] \n- sched: Allow sched_core_put() from atomic context (Peter Zijlstra) [Orabug: 33568834] \n- sched: Optimize rq_lockp() usage (Peter Zijlstra) [Orabug: 33568834] \n- sched: Core-wide rq->lock (Peter Zijlstra) [Orabug: 33568834] \n- sched: Prepare for Core-wide rq->lock (Peter Zijlstra) [Orabug: 33568834] \n- sched: Wrap rq::lock access (Peter Zijlstra) [Orabug: 33568834] \n- sched: Provide raw_spin_rq_*lock*() helpers (Peter Zijlstra) [Orabug: 33568834] \n- sched/fair: Add a few assertions (Peter Zijlstra) [Orabug: 33568834] \n- sched: Extract the task putting code from pick_next_task() (Chen Yu) [Orabug: 33568834] \n- rss_stat: add support to detect RSS updates of external mm (Joel Fernandes (Google)) [Orabug: 33568834] \n- Revert sched: Wrap rq::lock access (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Introduce sched_class::pick_task() (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Core-wide rq->lock (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched/fair: Add a few assertions (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Basic tracking of matching tasks (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Update core scheduler queue when taking cpu online/offline (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Add core wide task selection and scheduling. (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched/fair: wrapper for cfs_rq->min_vruntime (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched/fair: core wide vruntime comparison (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Trivial forced-newidle balancer (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: migration changes for core scheduling (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: cgroup tagging interface for core scheduling (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Cleanup kABI (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched: Enable disabling via CONFIG_SCHED_CORE (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched/core: remove undesired trace_printk from core scheduling backport (Kamalesh Babulal) [Orabug: 33568834] \n- Revert sched/core: cleanup kABI for struct rq (Kamalesh Babulal) [Orabug: 33568834] \n- RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib) [Orabug: 33615342] \n- xfs: remove all COW fork extents when remounting readonly (Darrick J. Wong) [Orabug: 33676190] \n- fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679803] {CVE-2021-0920}\n[5.4.17-2136.303.2]\n- atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (Zekun Shen) [Orabug: 33594983] {CVE-2021-43975}\n- RDS/IB: Fix error when trying to unallocate ring buffers (Hans Westgaard Ry) [Orabug: 33620311] \n- rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33652503] \n- sched: Mitigate increased latencies for sysctl_sched_wakeup_granularity. (chris hyser) [Orabug: 33107207] \n- net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33585475] \n- proc: allow pid_revalidate() during LOOKUP_RCU (Stephen Brennan) [Orabug: 33647511] \n- selinux: slow_avc_audit has become non-blocking (Al Viro) [Orabug: 33647511] \n- make dump_common_audit_data() safe to be called from RCU pathwalk (Al Viro) [Orabug: 33647511] \n- new helper: d_find_alias_rcu() (Al Viro) [Orabug: 33647511]\n[5.4.17-2136.303.1]\n- Revert fs: align IOCB_* flags with RWF_* flags (Prasad Singamsetty) [Orabug: 33642850] \n- ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33501676] \n- net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33520710] \n- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33542895] \n- uek-rpm: Add ktime_get_coarse_ts64 to KABI (John Donnelly) [Orabug: 33557973] \n- EDAC/i10nm: Add detection of memory levels for ICX/SPR servers (Qiuxu Zhuo) [Orabug: 33585319] \n- EDAC/skx_common: Add new ADXL components for 2-level memory (Qiuxu Zhuo) [Orabug: 33585319] \n- EDAC, skx_common: Refactor so that we initialize dev in result of adxl decode. (Tony Luck) [Orabug: 33585319] \n- net/rds: Dont pummel the subnet-manager (Gerd Rausch) [Orabug: 33589566] \n- rds: ib: Ack seq not always received in monotonic increasing order (Hakon Bugge) [Orabug: 33599862] \n- rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33619953]\n[5.4.17-2136.303.0]\n- LTS tag: v5.4.156 (Jack Vogel) \n- pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (Fabien Dessenne) \n- ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (Nick Desaulniers) \n- tracing: Have all levels of checks prevent recursion (Steven Rostedt (VMware)) \n- net: mdiobus: Fix memory leak in __mdiobus_register (Yanfei Xu) \n- Input: snvs_pwrkey - add clk handling (Uwe Kleine-Konig) \n- ALSA: hda: avoid write to STATESTS if controller is in reset (Kai Vehmanen) \n- platform/x86: intel_scu_ipc: Update timeout value in comment (Prashant Malani) \n- isdn: mISDN: Fix sleeping function called from invalid context (Zheyu Ma) \n- ARM: dts: spear3xx: Fix gmac node (Herve Codina) \n- net: stmmac: add support for dwmac 3.40a (Herve Codina) \n- btrfs: deal with errors when checking if a dir entry exists during log replay (Filipe Manana) \n- gcc-plugins/structleak: add makefile var for disabling structleak (Brendan Higgins) \n- selftests: netfilter: remove stray bash debug line (Florian Westphal) \n- netfilter: Kconfig: use default y instead of m for bool config option (Vegard Nossum) \n- isdn: cpai: check ctr->cnr to avoid array index out of bound (Xiaolong Huang) \n- nfc: nci: fix the UAF of rf_conn_info object (Lin Ma) \n- mm, slub: fix potential memoryleak in kmem_cache_open() (Miaohe Lin) \n- mm, slub: fix mismatch between reconstructed freelist depth and cnt (Miaohe Lin) \n- powerpc/idle: Dont corrupt back chain when going idle (Michael Ellerman) \n- KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest (Michael Ellerman) \n- KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() (Michael Ellerman) \n- powerpc64/idle: Fix SP offsets when saving GPRs (Christopher M. Riedl) \n- audit: fix possible null-pointer dereference in audit_filter_rules (Gaosheng Cui) \n- ASoC: DAPM: Fix missing kctl change notifications (Takashi Iwai) \n- ALSA: hda/realtek: Add quirk for Clevo PC50HS (Steven Clarkson) \n- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (Brendan Grieve) \n- vfs: check fd has read access in kernel_read_file_from_fd() (Matthew Wilcox (Oracle)) \n- elfcore: correct reference to CONFIG_UML (Lukas Bulwahn) \n- ocfs2: mount fails with buffer overflow in strlen (Valentin Vidic) \n- ocfs2: fix data corruption after conversion from inline format (Jan Kara) \n- ceph: fix handling of meta errors (Jeff Layton) \n- can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes (Zhang Changzhong) \n- can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length (Zhang Changzhong) \n- can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (Ziyang Xuan) \n- can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer (Ziyang Xuan) \n- can: peak_pci: peak_pci_remove(): fix UAF (Zheyu Ma) \n- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (Stephane Grosjean) \n- can: rcar_can: fix suspend/resume (Yoshihiro Shimoda) \n- net: enetc: fix ethtool counter name for PM0_TERR (Vladimir Oltean) \n- net: stmmac: Fix E2E delay mechanism (Kurt Kanzenbach) \n- net: hns3: disable sriov before unload hclge layer (Peng Li) \n- net: hns3: add limit ets dwrr bandwidth cannot be 0 (Guangbin Huang) \n- net: hns3: reset DWRR of unused tc to zero (Guangbin Huang) \n- NIOS2: irqflags: rename a redefined register name (Randy Dunlap) \n- net: dsa: lantiq_gswip: fix register definition (Aleksander Jan Bajkowski) \n- lan78xx: select CRC32 (Vegard Nossum) \n- netfilter: ipvs: make global sysctl readonly in non-init netns (Antoine Tenart) \n- ASoC: wm8960: Fix clock configuration on slave mode (Shengjiu Wang) \n- dma-debug: fix sg checks in debug_dma_map_sg() (Gerald Schaefer) \n- NFSD: Keep existing listeners on portlist error (Benjamin Coddington) \n- xtensa: xtfpga: Try software restart before simulating CPU reset (Guenter Roeck) \n- xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF (Max Filippov) \n- ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default (Eugen Hristev) \n- tee: optee: Fix missing devices unregister during optee_remove (Sumit Garg) \n- net: switchdev: do not propagate bridge updates across bridges (Russell King) \n- parisc: math-emu: Fix fall-through warnings (Helge Deller) \n- LTS tag: v5.4.155 (Jack Vogel) \n- ionic: dont remove netdev->dev_addr when syncing uc list (Shannon Nelson) \n- r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 (Vegard Nossum) \n- qed: Fix missing error code in qed_slowpath_start() (chongjiapeng) \n- mqprio: Correct stats in mqprio_dump_class_stats(). (Sebastian Andrzej Siewior) \n- acpi/arm64: fix next_platform_timer() section mismatch error (Jackie Liu) \n- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (Dan Carpenter) \n- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (Dan Carpenter) \n- drm/msm: Fix null pointer dereference on pointer edp (Colin Ian King) \n- drm/panel: olimex-lcd-olinuxino: select CRC32 (Vegard Nossum) \n- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (Vadim Pasternak) \n- mlxsw: thermal: Fix out-of-bounds memory accesses (Ido Schimmel) \n- ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (Wang Hai) \n- pata_legacy: fix a couple uninitialized variable bugs (Dan Carpenter) \n- NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (Ziyang Xuan) \n- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (Ziyang Xuan) \n- nfc: fix error handling of nfc_proto_register() (Ziyang Xuan) \n- ethernet: s2io: fix setting mac address during resume (Arnd Bergmann) \n- net: encx24j600: check error in devm_regmap_init_encx24j600 (Nanyong Sun) \n- net: stmmac: fix get_hw_feature() on old hardware (Herve Codina) \n- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (Aya Levin) \n- net: korina: select CRC32 (Vegard Nossum) \n- net: arc: select CRC32 (Vegard Nossum) \n- gpio: pca953x: Improve bias setting (Andy Shevchenko) \n- iio: dac: ti-dac5571: fix an error code in probe() (Dan Carpenter) \n- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (Dan Carpenter) \n- iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (Dan Carpenter) \n- iio: light: opt3001: Fixed timeout error when 0 lux (Jiri Valek - 2N) \n- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (Hui Liu) \n- iio: adc128s052: Fix the error handling path of adc128_probe() (Christophe JAILLET) \n- iio: adc: aspeed: set driver data when adc probe. (Billy Tsai) \n- powerpc/xive: Discard disabled interrupts in get_irqchip_state() (Cedric Le Goater) \n- x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically (Borislav Petkov) \n- nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells (Stephen Boyd) \n- EDAC/armada-xp: Fix output of uncorrectable error counter (Hans Potsch) \n- virtio: write back F_VERSION_1 before validate (Halil Pasic) \n- USB: serial: option: add prod. id for Quectel EG91 (Tomaz Solc) \n- USB: serial: option: add Telit LE910Cx composition 0x1204 (Daniele Palmas) \n- USB: serial: option: add Quectel EC200S-CN module support (Yu-Tung Chang) \n- USB: serial: qcserial: add EM9191 QDL support (Aleksander Morgado) \n- Input: xpad - add support for another USB ID of Nacon GC-100 (Michael Cullen) \n- usb: musb: dsps: Fix the probe error path (Miquel Raynal) \n- efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() (Zhang Jianhua) \n- efi/cper: use stack buffer for error record decoding (Ard Biesheuvel) \n- cb710: avoid NULL pointer subtraction (Arnd Bergmann) \n- xhci: Enable trust tx length quirk for Fresco FL11 USB controller (Nikolay Martynov) \n- xhci: Fix command ring pointer corruption while aborting a command (Pavankumar Kondeti) \n- xhci: guard accesses to ep_state in xhci_endpoint_reset() (Jonathan Bell) \n- mei: me: add Ice Lake-N device id. (Andy Shevchenko) \n- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (James Morse) \n- watchdog: orion: use 0 for unset heartbeat (Chris Packham) \n- btrfs: check for error when looking up inode during dir entry replay (Filipe Manana) \n- btrfs: deal with errors when adding inode reference during log replay (Filipe Manana) \n- btrfs: deal with errors when replaying dir entry during log replay (Filipe Manana) \n- btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) \n- csky: Fixup regs.sr broken in ptrace (Guo Ren) \n- csky: dont let sigreturn play with priveleged bits of status register (Al Viro) \n- s390: fix strrchr() implementation (Roberto Sassu) \n- nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for ^ (Steven Rostedt) \n- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (Hui Wang) \n- ALSA: hda/realtek - ALC236 headset MIC recording issue (Kailang Yang) \n- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (Werner Sembach) \n- ALSA: hda/realtek: Complete partial device name to avoid ambiguity (Werner Sembach) \n- ALSA: seq: Fix a potential UAF by wrong private_free call order (Takashi Iwai) \n- ALSA: usb-audio: Add quirk for VF0770 (Jonas Hahnfeld) \n- ovl: simplify file splice (Miklos Szeredi) \n- LTS tag: v5.4.154 (Jack Vogel) \n- sched: Always inline is_percpu_thread() (Peter Zijlstra) \n- scsi: virtio_scsi: Fix spelling mistake Unsupport -> Unsupported (Colin Ian King) \n- scsi: ses: Fix unsigned comparison with less than zero (Jiapeng Chong) \n- drm/amdgpu: fix gart.bo pin_count leak (Leslie Shi) \n- net: sun: SUNVNET_COMMON should depend on INET (Randy Dunlap) \n- mac80211: check return value of rhashtable_init (MichelleJin) \n- net: prevent user from passing illegal stab size \n- m68k: Handle arrivals of multiple signals correctly (Al Viro) \n- mac80211: Drop frames from invalid MAC address in ad-hoc mode (YueHaibing) \n- netfilter: nf_nat_masquerade: defer conntrack walk to work queue (Florian Westphal) \n- netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic (Florian Westphal) \n- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (Joshua-Dickens) \n- netfilter: ip6_tables: zero-initialize fragment offset (Jeremy Sowden) \n- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (Mizuho Mori) \n- ext4: correct the error path of ext4_write_inline_data_end() (Zhang Yi) \n- net: phy: bcm7xxx: Fixed indirect MMD operations (Florian Fainelli) \n- LTS tag: v5.4.153 (Jack Vogel) \n- x86/Kconfig: Correct reference to MWINCHIP3D (Lukas Bulwahn) \n- x86/hpet: Use another crystalball to evaluate HPET usability (Thomas Gleixner) \n- x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI (Lukas Bulwahn) \n- RISC-V: Include clone3() on rv32 (Palmer Dabbelt) \n- bpf, s390: Fix potential memory leak about jit_data (Tiezhu Yang) \n- i2c: acpi: fix resource leak in reconfiguration device addition (Jamie Iles) \n- net: prefer socket bound to interface when not in VRF (Mike Manning) \n- i40e: Fix freeing of uninitialized misc IRQ vector (Sylwester Dziedziuch) \n- i40e: fix endless loop under rtnl (Jiri Benc) \n- gve: fix gve_get_stats() (Eric Dumazet) \n- rtnetlink: fix if_nlmsg_stats_size() under estimation (Eric Dumazet) \n- gve: Correct available tx qpl check (Catherine Sullivan) \n- drm/nouveau/debugfs: fix file release memory leak (Yang Yingliang) \n- video: fbdev: gbefb: Only instantiate device when built for IP32 (Mark Brown) \n- bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893 (Tony Lindgren) \n- netlink: annotate data races around nlk->bound (Eric Dumazet) \n- net: sfp: Fix typo in state machine debug string (Sean Anderson) \n- net/sched: sch_taprio: properly cancel timer from taprio_destroy() (Eric Dumazet) \n- net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (Eric Dumazet) \n- ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence (Oleksij Rempel) \n- arm64: dts: ls1028a: add missing CAN nodes (Michael Walle) \n- arm64: dts: freescale: Fix SP805 clock-names (Andre Przywara) \n- ptp_pch: Load module automatically if ID matches (Andy Shevchenko) \n- powerpc/fsl/dts: Fix phy-connection-type for fm1mac3 (Pali Rohar) \n- net_sched: fix NULL deref in fifo_set_limit() (Eric Dumazet) \n- phy: mdio: fix memory leak (Pavel Skripkin) \n- bpf, arm: Fix register clobbering in div/mod implementation (Johan Almbladh) \n- xtensa: call irqchip_init only when CONFIG_USE_OF is selected (Max Filippov) \n- xtensa: use CONFIG_USE_OF instead of CONFIG_OF (Randy Dunlap) \n- xtensa: move XCHAL_KIO_* definitions to kmem_layout.h (Max Filippov) \n- arm64: dts: qcom: pm8150: use qcom,pm8998-pon binding (Dmitry Baryshkov) \n- ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (Marek Vasut) \n- ARM: dts: imx: Add missing pinctrl-names for panel on M53Menlo (Marek Vasut) \n- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (Shawn Guo) \n- ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (Marijn Suijten) \n- soc: qcom: socinfo: Fixed argument passed to platform_set_data() (Antonio Martorana) \n- bpf, mips: Validate conditional branch offsets (Piotr Krysiuk) \n- MIPS: BPF: Restore MIPS32 cBPF JIT (Paul Burton) \n- ARM: dts: qcom: apq8064: use compatible which contains chipid (David Heidelberg) \n- ARM: dts: omap3430-sdp: Fix NAND device node (Roger Quadros) \n- xen/balloon: fix cancelled balloon action (Juergen Gross) \n- nfsd4: Handle the NFSv4 READDIR dircount hint being zero (Trond Myklebust) \n- nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (Patrick Ho) \n- ovl: fix missing negative dentry check in ovl_rename() (Zheng Liang) \n- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (Neil Armstrong) \n- xen/privcmd: fix error handling in mmap-resource processing (Jan Beulich) \n- usb: typec: tcpm: handle SRC_STARTUP state if cc changes (Xu Yang) \n- USB: cdc-acm: fix break reporting (Johan Hovold) \n- USB: cdc-acm: fix racy tty buffer accesses (Johan Hovold) \n- Partially revert 'usb: Kconfig: using select for USB_COMMON dependency' (Ben Hutchings)", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-14T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-3640", "CVE-2021-3752", "CVE-2021-4155", "CVE-2021-43975", "CVE-2021-44733", "CVE-2022-0185", "CVE-2022-0492"], "modified": "2022-02-14T00:00:00", "id": "ELSA-2022-9148", "href": "http://linux.oracle.com/errata/ELSA-2022-9148.html", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-07T21:33:44", "description": "[4.18.0-348.20.1_5.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\n[4.18.0-348.20.1_5]\n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Jan Stancek) [2060874 2060875] {CVE-2022-0847}\n[4.18.0-348.19.1_5]\n- tipc: improve size validations for received domain records (Xin Long) [2048970 2048971] {CVE-2022-0435}\n- smb3: do not error on fsync when readonly (Ronnie Sahlberg) [2055824 2037811]\n- security: implement sctp_assoc_established hook in selinux (Ondrej Mosnacek) [2054112 2054117 2015525 2048251]\n- security: add sctp_assoc_established hook (Ondrej Mosnacek) [2054112 2054117 2015525 2048251]\n- security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce (Ondrej Mosnacek) [2054112 2054117 2015525 2048251]\n- security: pass asoc to sctp_assoc_request and sctp_sk_clone (Bruno Meneguele) [2054112 2054117 2015525 2048251]\n- net: sctp: Fix some typos (Ondrej Mosnacek) [2054112 2054117 2015525 2048251]\n- RDMA/bnxt_re: Fix stats counters (Selvin Xavier) [2049684 2001893]\n- net: check skb sec_path when re-initializing slow_gro in gro_list_prepare (Xin Long) [2047427 2030476]\n- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (David Arcari) [2036888 2003695]\n[4.18.0-348.18.1_5]\n- selftests: kvm: Check whether SIDA memop fails for normal guests (Thomas Huth) [2050806 2050807] {CVE-2022-0516}\n- KVM: s390: Return error on SIDA memop on normal guest (Thomas Huth) [2050806 2050807] {CVE-2022-0516}\n- iommu/amd: Remove iommu_init_ga() (Jerry Snitselaar) [2030854 1998265]\n- iommu/amd: Relocate GAMSup check to early_enable_iommus (Jerry Snitselaar) [2030854 1998265]\n[4.18.0-348.17.1_5]\n- vfs: check dentry is still valid in get_link() (Ian Kent) [2052558 2014846]\n- xfs: don't expose internal symlink metadata buffers to the vfs (Brian Foster) [2052558 2014846]\n- CI: Use appropriate zstream builder (Veronika Kabatova)\n- CI: Enable baseline realtime checks (Veronika Kabatova)\n- CI: Rename pipelines to include release names (Veronika Kabatova)\n- cgroup-v1: Require capabilities to set release_agent (Waiman Long) [2052166 2052167] {CVE-2022-0492}\n- ice: Remove boolean vlan_promisc flag from function (Jonathan Toppins) [2051951 2030400]\n- ceph: put the requests/sessions when it fails to alloc memory (Jeffrey Layton) [2053725 2017796]\n- ceph: fix off by one bugs in unsafe_request_wait() (Jeffrey Layton) [2053725 2017796]\n- ceph: flush the mdlog before waiting on unsafe reqs (Jeffrey Layton) [2053725 2017796]\n- ceph: flush mdlog before umounting (Jeffrey Layton) [2053725 2017796]\n- ceph: make iterate_sessions a global symbol (Jeffrey Layton) [2053725 2017796]\n- ceph: make ceph_create_session_msg a global symbol (Jeffrey Layton) [2053725 2017796]\n- xfs: check sb_meta_uuid for dabuf buffer recovery (Bill O'Donnell) [2049292 2020764]\n- drm/i915: Flush TLBs before releasing backing store (Patrick Talbert) [2044328 2044329] {CVE-2022-0330}\n- hugetlb: fix hugetlb cgroup refcounting during vma split (Waiman Long) [2039015 2032811]\n- hugetlb_cgroup: fix imbalanced css_get and css_put pair for shared mappings (Waiman Long) [2039015 2032811]\n- mm/hugetlb: change hugetlb_reserve_pages() to type bool (Waiman Long) [2039015 2032811]\n- hugetlb: fix an error code in hugetlb_reserve_pages() (Waiman Long) [2039015 2032811]\n- hugetlb_cgroup: fix offline of hugetlb cgroup with reservations (Waiman Long) [2039015 2032811]\n- hugetlb_cgroup: fix reservation accounting (Waiman Long) [2039015 2032811]\n- mm/hugetlb: narrow the hugetlb_lock protection area during preparing huge page (Waiman Long) [2039015 2032811]\n- mm/hugetlb: a page from buddy is not on any list (Waiman Long) [2039015 2032811]\n- mm/hugetlb: not necessary to coalesce regions recursively (Waiman Long) [2039015 2032811]\n- selftests/vm/write_to_hugetlbfs.c: fix unused variable warning (Waiman Long) [2039015 2032811]\n- hugetlb_cgroup: add hugetlb_cgroup reservation tests (Waiman Long) [2039015 2032811]\n- hugetlb: support file_region coalescing again (Waiman Long) [2039015 2032811]\n- hugetlb_cgroup: support noreserve mappings (Waiman Long) [2039015 2032811]\n- hugetlb_cgroup: add accounting for shared mappings (Waiman Long) [2039015 2032811]\n- hugetlb: disable region_add file_region coalescing (Waiman Long) [2039015 2032811]\n- hugetlb_cgroup: add reservation accounting for private mappings (Waiman Long) [2039015 2032811]\n- mm/hugetlb_cgroup: fix hugetlb_cgroup migration (Waiman Long) [2039015 2032811]\n- hugetlb_cgroup: add interface for charge/uncharge hugetlb reservations (Waiman Long) [2039015 2032811]\n- hugetlb_cgroup: add hugetlb_cgroup reservation counter (Waiman Long) [2039015 2032811]\n- hugetlb: remove duplicated code (Waiman Long) [2039015 2032811]\n- hugetlb: region_chg provides only cache entry (Waiman Long) [2039015 2032811]\n- hugetlbfs: always use address space in inode for resv_map pointer (Waiman Long) [2039015 2032811]\n- hugetlbfs: fix potential over/underflow setting node specific nr_hugepages (Waiman Long) [2039015 2032811]\n- hugetlb: allow to free gigantic pages regardless of the configuration (Waiman Long) [2039015 2032811]\n- powerpc/pseries: Fix update of LPAR security flavor after LPM (Steve Best) [2027448 1997294]\n[4.18.0-348.16.1_5]\n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Dave Airlie) [2047601 2047602] {CVE-2022-22942}\n- net: openvswitch: Fix ct_state nat flags for conns arriving from tc (Marcelo Ricardo Leitner) [2043548 2040334]\n- net: openvswitch: Fix matching zone id for invalid conns arriving from tc (Marcelo Ricardo Leitner) [2043550 2040452]\n- net/sched: flow_dissector: Fix matching on zone id for invalid conns (Marcelo Ricardo Leitner) [2043550 2040452]\n- net/sched: Extend qdisc control block with tc control block (Marcelo Ricardo Leitner) [2043550 2040452]\n[4.18.0-348.15.1_5]\n- net/mlx5: DR, Use FW API when updating FW-owned flow table (Michal Schmidt) [2042663 2042651]\n- KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (Vitaly Kuznetsov) [2043237 1868572]\n- drm/mgag200: Select clock in PLL update functions (Bruno Meneguele) [2034949 1953926]\n- drm/i915: Fix HAS_LSPCON macro for platforms between GEN9 and GEN10 (Bruno Meneguele) [2027335 2005586]\n- crypto: qat - power up 4xxx device (Vladis Dronov) [2016437 1960307]\n- RDMA/core: Fix a double free in add_port error flow (Kamal Heib) [2038724 2008555]\n- powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (Steve Best) [2018928 2007425]\n- powerpc/dma: Fix dma_map_ops::get_required_mask (Steve Best) [2018928 2007425]\n[4.18.0-348.14.1_5]\n- tcp: fix page frag corruption on page fault (Paolo Abeni) [2041529 1996074]\n- net: fix sk_page_frag() recursion from memory reclaim (Paolo Abeni) [2041529 1996074]\n- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (Thomas Huth) [2040769 2026230]\n- redhat: set LC_ALL=C before sorting config content (Frantisek Hrbata)\n[4.18.0-348.13.1_5]\n- vfs: Out-of-bounds write of heap buffer in fs_context.c (Frantisek Hrbata) [2040585 2040586] {CVE-2022-0185}\n- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Bruno Meneguele) [2034864 2034865] {CVE-2021-4155}\n- af_unix: fix garbage collect vs MSG_PEEK (Patrick Talbert) [2031974 2031975] {CVE-2021-0920}\n- cgroup: verify that source is a string (Waiman Long) [2034608 2034609] {CVE-2021-4154}", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-11T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-4154", "CVE-2021-4155", "CVE-2022-0185", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0516", "CVE-2022-0847", "CVE-2022-22942"], "modified": "2022-03-11T00:00:00", "id": "ELSA-2022-0825", "href": "http://linux.oracle.com/errata/ELSA-2022-0825.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-04-07T21:33:45", "description": "[5.4.17-2136.305.5.3]\n- bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33973548] \n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33973543] \n- Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug: 33973491] \n- Revert 'btrfs: fix metadata reservation for fallocate that leads to transaction aborts' (Srikanth C S) [Orabug: 33973491]\n[5.4.17-2136.305.5.2]\n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33942325] {CVE-2022-0847}\n[5.4.17-2136.305.5.1]\n- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33937423] {CVE-2022-23960} \n- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937344] {CVE-2021-26401}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33937389] \n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401}\n[5.4.17-2136.305.5]\n- netfilter: nf_tables_offload: incorrect flow offload action array size (Pablo Neira Ayuso) [Orabug: 33900416] {CVE-2022-25636}\n[5.4.17-2136.305.4]\n- net/mlx5e: Fix page DMA map/unmap attributes (Aya Levin) [Orabug: 33382242] \n- DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676597] \n- uek-rpm: enable VIRTIO_PCI_LIB_LEGACY config (Si-Wei Liu) [Orabug: 33749636] \n- vdpa/mlx5: Fix tracking of current number of VQs (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Fix is_index_valid() to refer to features (Eli Cohen) [Orabug: 33749636] \n- vdpa: Protect vdpa reset with cf_mutex (Eli Cohen) [Orabug: 33749636] \n- vdpa: Avoid taking cf_mutex lock on get status (Eli Cohen) [Orabug: 33749636] \n- vdpa/vdpa_sim_net: Report max device capabilities (Eli Cohen) [Orabug: 33749636] \n- vdpa: Use BIT_ULL for bit operations (Eli Cohen) [Orabug: 33749636] \n- vdpa/vdpa_sim: Configure max supported virtqueues (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Report max device capabilities (Eli Cohen) [Orabug: 33749636] \n- vdpa: Support reporting max device capabilities (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Restore cur_num_vqs in case of failure in change_num_qps() (Eli Cohen) [Orabug: 33749636] \n- vdpa: Add support for returning device configuration information (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Support configuring max data virtqueue (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Fix config_attr_mask assignment (Eli Cohen) [Orabug: 33749636] \n- vdpa: Allow to configure max data virtqueues (Eli Cohen) [Orabug: 33749636] \n- vdpa: Read device configuration only if FEATURES_OK (Eli Cohen) [Orabug: 33749636] \n- vdpa: Sync calls set/get config/status with cf_mutex (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Distribute RX virtqueues in RQT object (Eli Cohen) [Orabug: 33749636] \n- vdpa: Provide interface to read driver features (Eli Cohen) [Orabug: 33749636] \n- vdpa: clean up get_config_size ret value handling (Laura Abbott) [Orabug: 33749636] \n- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (Eli Cohen) [Orabug: 33749636] \n- virtio/virtio_pci_legacy_dev: ensure the correct return value (Peng Hao) [Orabug: 33749636] \n- virtio: fix a typo in function 'vp_modern_remove' comments. (Dapeng Mi) [Orabug: 33749636] \n- virtio-pci: fix the confusing error message [Orabug: 33749636] \n- vdpa: Mark vdpa_config_ops.get_vq_notification as optional (Eugenio Perez) [Orabug: 33749636] \n- vdpa: Avoid duplicate call to vp_vdpa get_status (Eugenio Perez) [Orabug: 33749636] \n- net/mlx5_vdpa: Offer VIRTIO_NET_F_MTU when setting MTU (Eli Cohen) [Orabug: 33749636] \n- vdpa: add driver_override support (Stefano Garzarella) [Orabug: 33749636] \n- docs: document sysfs ABI for vDPA bus (Stefano Garzarella) [Orabug: 33749636] \n- vdpa: Consider device id larger than 31 (Parav Pandit) [Orabug: 33749636] \n- virtio: always enter drivers/virtio/ (Arnd Bergmann) [Orabug: 33749636] \n- vdpa: check that offsets are within bounds (Dan Carpenter) [Orabug: 33749636] \n- vdpa_sim: avoid putting an uninitialized iova_domain (Longpeng) [Orabug: 33749636] \n- vhost-vdpa: clean irqs before reseting vdpa device (Wu Zongyong) [Orabug: 33749636] \n- vdpa/mlx5: Forward only packets with allowed MAC address (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Support configuration of MAC (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit (Parav Pandit) [Orabug: 33749636] \n- vdpa_sim_net: Enable user to set mac address and mtu (Parav Pandit) [Orabug: 33749636] \n- vdpa: Enable user to set mac and mtu of vdpa device (Parav Pandit) [Orabug: 33749636] \n- vdpa: Use kernel coding style for structure comments (Parav Pandit) [Orabug: 33749636] \n- vdpa: Introduce query of device config layout (Parav Pandit) [Orabug: 33749636] \n- vdpa: Introduce and use vdpa device get, set config helpers (Parav Pandit) [Orabug: 33749636] \n- vdpa/mlx5: Propagate link status from device to vdpa driver (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Rename control VQ workqueue to vdpa wq (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Remove mtu field from vdpa net device (Eli Cohen) [Orabug: 33749636] \n- vdpa: add new attribute VDPA_ATTR_DEV_MIN_VQ_SIZE (Wu Zongyong) [Orabug: 33749636] \n- virtio_vdpa: setup correct vq size with callbacks get_vq_num_{max,min} (Wu Zongyong) [Orabug: 33749636] \n- vdpa: min vq num of vdpa device cannot be greater than max vq num (Wu Zongyong) [Orabug: 33749636] \n- vdpa: add new callback get_vq_num_min in vdpa_config_ops (Wu Zongyong) [Orabug: 33749636] \n- vp_vdpa: add vq irq offloading support (Wu Zongyong) [Orabug: 33749636] \n- vdpa: fix typo (Wu Zongyong) [Orabug: 33749636] \n- virtio-pci: introduce legacy device module (Wu Zongyong) [Orabug: 33749636] \n- vhost-vdpa: Fix the wrong input in config_cb (Cindy Lu) [Orabug: 33749636] \n- vhost_vdpa: unset vq irq before freeing irq (Wu Zongyong) [Orabug: 33749636] \n- vdpa: potential uninitialized return in vhost_vdpa_va_map() (Dan Carpenter) [Orabug: 33749636] \n- vdpa/mlx5: Avoid executing set_vq_ready() if device is reset (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Clear ready indication for control VQ (Eli Cohen) [Orabug: 33749636] \n- vdpa: Support transferring virtual addressing during DMA mapping (Xie Yongji) [Orabug: 33749636] \n- vdpa: factor out vhost_vdpa_pa_map() and vhost_vdpa_pa_unmap() (Xie Yongji) [Orabug: 33749636] \n- vdpa: Add an opaque pointer for vdpa_config_ops.dma_map() (Xie Yongji) [Orabug: 33749636] \n- vhost-iotlb: Add an opaque pointer for vhost IOTLB (Xie Yongji) [Orabug: 33749636] \n- vhost-vdpa: Handle the failure of vdpa_reset() (Xie Yongji) [Orabug: 33749636] \n- vdpa: Add reset callback in vdpa_config_ops (Xie Yongji) [Orabug: 33749636] \n- vdpa: Fix some coding style issues (Xie Yongji) [Orabug: 33749636] \n- vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro (Cai Huoqing) [Orabug: 33749636] \n- vdpa_sim: Use iova_shift() for the size passed to alloc_iova() (Xie Yongji) [Orabug: 33749636] \n- vdpa/mlx5: Add multiqueue support (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Add support for control VQ and MAC setting (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Ensure valid indices are provided (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Decouple virtqueue callback from struct mlx5_vdpa_virtqueue (Eli Cohen) [Orabug: 33749636] \n- Revert 'vdpa/mlx5: fix feature negotiation across device reset' (Si-Wei Liu) [Orabug: 33749636] \n- vdpa/mlx5: function prototype modifications in preparation to control VQ (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Remove redundant header file inclusion (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Fix queue type selection logic (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Avoid destroying MR on empty iotlb (Eli Cohen) [Orabug: 33749636] \n- virtio_vdpa: reject invalid vq indices (Vincent Whitchurch) [Orabug: 33749636] \n- vdpa: Add documentation for vdpa_alloc_device() macro (Xie Yongji) [Orabug: 33749636] \n- vp_vdpa: Fix return value check for vdpa_alloc_device() (Xie Yongji) [Orabug: 33749636] \n- vdpa_sim: Fix return value check for vdpa_alloc_device() (Xie Yongji) [Orabug: 33749636] \n- vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update() (Xie Yongji) [Orabug: 33749636] \n- xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) [Orabug: 33803847] \n- KVM: nVMX: Filter out all unsupported controls when eVMCS was activated (Vitaly Kuznetsov) [Orabug: 33805849] \n- crypto: ccp - Add support for new CCP/PSP device ID (John Allen) [Orabug: 33805849] \n- KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (Sean Christopherson) [Orabug: 33805849] \n- KVM: fix avic_set_running for preemptable kernels (Paolo Bonzini) [Orabug: 33805849] \n- KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (Vitaly Kuznetsov) [Orabug: 33805849] \n- KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (Vitaly Kuznetsov) [Orabug: 33805849] \n- KVM: x86: Swap order of CPUID entry 'index' vs. 'significant flag' checks (Sean Christopherson) [Orabug: 33805849] \n- KVM: x86: nSVM: don't copy virt_ext from vmcb12 (Maxim Levitsky) [Orabug: 33805849] {CVE-2021-3653} {CVE-2021-3656}\n- KVM: x86: nSVM: restore int_vector in svm_clear_vintr (Maxim Levitsky) [Orabug: 33805849] \n- KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() (Vitaly Kuznetsov) [Orabug: 33805849] \n- KVM: x86: Mark all registers as avail/dirty at vCPU creation (Sean Christopherson) [Orabug: 33805849] \n- KVM: nVMX: Sync all PGDs on nested transition with shadow paging (Sean Christopherson) [Orabug: 33805849] \n- KVM: SVM: Revert clearing of C-bit on GPA in #NPF handler (Sean Christopherson) [Orabug: 33805849] \n- KVM: SVM: Don't strip the C-bit from CR2 on #PF interception (Sean Christopherson) [Orabug: 33805849] \n- rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821340] \n- nvmet-tcp: fix a race condition between release_queue and io_work (Maurizio Lombardi) [Orabug: 33825776] \n- nvmet-tcp: add an helper to free the cmd buffers (Maurizio Lombardi) [Orabug: 33825776] \n- drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835810] {CVE-2022-0330}\n- rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33845918] \n- tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850801] {CVE-2022-0435} {CVE-2022-0435}\n- uek-rpm: Synchronize Module.kabi and lockedlist (Stephen Brennan) [Orabug: 33871538]\n[5.4.17-2136.305.3]\n- net/mlx5: Enable mlx5 IPsec build options on OL7/OL8 (Qing Huang) [Orabug: 32936614] \n- net/mlx5e: Fix SWP offsets when vlan inserted by driver (Moshe Shemesh) [Orabug: 32936614] \n- net/mlx5e: Fix missing IPsec statistics on uplink representor (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: Add IPsec support to uplink representor (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Fix checksum issue of VXLAN and IPsec crypto offload (Huy Nguyen) [Orabug: 32936614] \n- net/xfrm: Add inner_ipproto into sec_path (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5: Optimize mlx5e_feature_checks for non IPsec packet (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5e: IPsec/rep_tc: Fix rep_tc_update_skb drops IPsec packet (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5: Replace spaces with tab at the start of a line (Wenpeng Liang) [Orabug: 32936614] \n- net/mlx5e: Enable XDP for Connect-X IPsec capable devices (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: Enable striding RQ for Connect-X IPsec capable devices (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: Release skb in case of failure in tc update skb (Maor Dickman) [Orabug: 32936614] \n- net/mlx5e: Move set vxlan nic info to profile init (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: Fix IPSEC stats (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: IPsec, Remove unnecessary config flag usage (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: IPsec, Inline feature_check fast-path function (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: IPsec, Avoid unreachable return (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: IPsec, Enclose csum logic under ipsec config (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: Split between RX/TX tunnel FW support indication (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Allow RQ outside of channel context (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Allow CQ outside of channel context (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Free drop RQ in a dedicated function (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: kTLS, Enforce HW TX csum offload with kTLS (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5: Expose IP-in-IP TX and RX capability bits (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Fix IPsec packet drop by mlx5e_tc_update_skb (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5e: Set IPsec WAs only in IP's non checksum partial case. (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5e: IPsec: Add Connect-X IPsec Tx data path offload (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: IPsec: Add TX steering rule per IPsec state (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5: Add NIC TX domain namespace (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5e: Add tc chains offload support for nic flows (Ariel Levkovich) [Orabug: 32936614] \n- net/mlx5: Refactor tc flow attributes structure (Ariel Levkovich) [Orabug: 32936614] \n- net/mlx5e: Split nic tc flow allocation and creation (Ariel Levkovich) [Orabug: 32936614] \n- net/mlx5e: Tc nic flows to use mlx5_chains flow tables (Ariel Levkovich) [Orabug: 32936614] \n- net/mlx5: Refactor multi chains and prios support (Ariel Levkovich) [Orabug: 32936614] \n- net/mlx5e: Enhanced TX MPWQE for SKBs (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Move TX code into functions to be used by MPWQE (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Rename xmit-related structs to generalize them (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Generalize TX MPWQE checks for full session (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Support multiple SKBs in a TX WQE (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Move the TLS resync check out of the function (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Unify constants for WQE_EMPTY_DS_COUNT (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Small improvements for XDP TX MPWQE logic (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Refactor xmit functions (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Move mlx5e_tx_wqe_inline_mode to en_tx.c (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Use struct assignment to initialize mlx5e_tx_wqe_info (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Refactor inline header size calculation in the TX path (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Fix endianness when calculating pedit mask first bit (Maor Dickman) [Orabug: 32936614] \n- net/mlx5e: CT: Fix freeing ct_label mapping (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: Fix memory leak of tunnel info when rule under multipath not ready (Jianbo Liu) [Orabug: 32936614] \n- net/mlx5e: Use synchronize_rcu to sync with NAPI (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Use RCU to protect rq->xdp_prog (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: RX, Add a prefetch command for small L1_CACHE_BYTES (Tariq Toukan) [Orabug: 32936614] \n- net: Take common prefetch code structure into a function (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: Use indirect call wrappers for RX post WQEs functions (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: CT: Map 128 bits labels to 32 bit map ID (Eli Britstein) [Orabug: 32936614] \n- net/mlx5e: XDP, Avoid indirect call in TX flow (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: IPsec: Add Connect-X IPsec ESN update offload support (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: IPsec: Add IPsec steering in local NIC RX (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5: Add IPsec related Flow steering entry's fields (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5: IPsec: Add HW crypto offload support (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Accel, Add core IPsec support for the Connect-X family (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: Fix build break when CONFIG_XPS is not set (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: CT: Fix releasing ft entries (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: CT: Remove unused function param (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: CT: Return err_ptr from internal functions (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: CT: Use mapping for zone restore register (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: CT: Re-use tuple modify headers for identical modify actions (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: Export sharing of mod headers to a new file (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: CT: Restore ct state from lookup in zone instead of tupleid (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: CT: Don't offload tuple rewrites for established tuples (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: Use netdev_info instead of pr_info (Oz Shlomo) [Orabug: 32936614] \n- net/mlx5e: CT: Allow header rewrite of 5-tuple and ct clear action (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: CT: Save ct entries tuples in hashtables (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: Fix VXLAN configuration restore after function reload (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Enhance TX timeout recovery (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Enhance ICOSQ data on RX reporter's diagnose (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Add EQ info to TX/RX reporter's diagnose (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Rename reporter's helpers (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Add helper to get the RQ WQE counter (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Add helper to get RQ WQE's head (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Align RX/TX reporters diagnose output format (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Refactor build channel params (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: vxlan: Use RCU for vxlan table lookup (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: Move TC-specific function definitions into MLX5_CLS_ACT (Vlad Buslov) [Orabug: 32936614] \n- net/mlx5e: CT: Fix ipv6 nat header rewrite actions (Oz Shlomo) [Orabug: 32936614] \n- net/mlx5e: en_tc: Fix cast to restricted __be32 warning (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: Don't use err uninitialized in mlx5e_attach_decap (Nathan Chancellor) [Orabug: 32936614] \n- net/mlx5e: Optimize performance for IPv4/IPv6 ethertype (Eli Britstein) [Orabug: 32936614] \n- net/mlx5e: Helper function to set ethertype (Eli Britstein) [Orabug: 32936614] \n- net/mlx5e: CT: Correctly get flow rule (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: Support pedit on mpls over UDP decap (Eli Cohen) [Orabug: 32936614] \n- xsk: Fix xsk_umem_xdp_frame_sz() (Bjorn Topel) [Orabug: 32936614] \n- net/mlx5e: CT: Fix offload with CT action after CT NAT action (Roi Dayan) [Orabug: 32936614] \n- mlx5: Rx queue setup time determine frame_sz for XDP (Jesper Dangaard Brouer) [Orabug: 32936614] \n- xdp: For Intel AF_XDP drivers add XDP frame_sz (Jesper Dangaard Brouer) [Orabug: 32936614] \n- xdp: Add frame size to xdp_buff (Jesper Dangaard Brouer) [Orabug: 32936614] \n- net: remove newlines in NL_SET_ERR_MSG_MOD (Jacob Keller) [Orabug: 32936614] \n- net/mlx5: CT: Remove unused variables (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: CT: Avoid false warning about rule may be used uninitialized (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: Remove unneeded semicolon (Zheng Bin) [Orabug: 32936614] \n- net/mlx5: IPsec, Fix coverity issue (Raed Salem) [Orabug: 32936614] \n- net/mlx5: TX WQE Add trailer insertion field (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Introduce IPsec Connect-X offload hardware bits and structures (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Update vxlan.c new cmd interface (Leon Romanovsky) [Orabug: 32936614] \n- net/mlx5: Update cq.c to new cmd interface (Leon Romanovsky) [Orabug: 32936614] \n- net/mlx5: CT: Change idr to xarray to protect parallel tuple id allocation (Paul Blakey) [Orabug: 32936614] \n- net/mlx5: IPsec, Refactor SA handle creation and destruction (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: IPSec, Expose IPsec HW stat only for supporting HW (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Refactor mlx5_accel_esp_create_hw_context parameter list (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Use the correct IPsec capability function for FPGA ops (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: CT: Use rhashtable's ct entries instead of a separate list (Paul Blakey) [Orabug: 32936614] \n- net/mlx5: Add support for RDMA TX steering (Michael Guralnik) [Orabug: 32936614] \n- net/mlx5e: Fix actions_match_supported() return (Dan Carpenter) [Orabug: 32936614] \n- net/mlx5: Eswitch, enable forwarding back to uplink port (Eli Cohen) [Orabug: 32936614] \n- net/mlx5e: Add support for offloading traffic from uplink to uplink (Eli Cohen) [Orabug: 32936614] \n- net/mlx5e: Fix rejecting all egress rules not on vlan (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: CT: Fix stack usage compiler warning (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: CT: remove set but not used variable 'unnew' (YueHaibing) [Orabug: 32936614] \n- net/mlx5e: Fix an IS_ERR() vs NULL check (Dan Carpenter) [Orabug: 32936614] \n- net/mlx5: Introduce TLS and IPSec objects enums (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: Fix endianness handling in pedit mask (Sebastian Hense) [Orabug: 32936614] \n- net/mlx5e: Remove redundant comment about goto slow path (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: Reduce number of arguments in slow path handling (Eli Cohen) [Orabug: 32936614] \n- net/mlx5e: Use netdev_warn() instead of pr_err() for errors (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: Add devlink fdb_large_groups parameter (Jianbo Liu) [Orabug: 32936614] \n- net/mlx5: Change the name of steering mode param id (Jianbo Liu) [Orabug: 32936614] \n- net/mlx5: Eswitch, avoid redundant mask (Eli Cohen) [Orabug: 32936614] \n- net/mlx5: Fix header guard in rsc_dump.h (Nathan Chancellor) [Orabug: 32936614] \n- net/mlx5e: Add context to the preactivate hook (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Allow mlx5e_switch_priv_channels to fail and recover (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Remove unneeded netif_set_real_num_tx_queues (Maxim Mikityanskiy) [Orabug: 32936614] \n- ESP: Export esp_output_fill_trailer function (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Remove a useless 'drain_workqueue()' call in 'mlx5e_ipsec_cleanup()' (Christophe JAILLET) [Orabug: 32936614] \n- mlx5: Use proper logging and tracing line terminations (Joe Perches) [Orabug: 32936614] \n- net/mlx5e: Support dump callback in RX reporter (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Support dump callback in TX reporter (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Gather reporters APIs together (Aya Levin) [Orabug: 32936614] \n- net/mlx5: Add support for resource dump (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Create q counters on uplink representors (Vlad Buslov) [Orabug: 32936614] \n- net/mlx5: Expose resource dump register mapping (Aya Levin) [Orabug: 32936614] \n- net/mlx5: Add structures and defines for MIRC register (Eran Ben Elisha) [Orabug: 32936614] \n- net/mlx5: WQ, Move short getters into header file (Tariq Toukan) [Orabug: 32936614] \n- Revert 'net/mlx5e: Fix SWP offsets when vlan inserted by driver' (Mikhael Goikhman) [Orabug: 32936614] \n- uek-rpm: ensure BPF Type Format (BTF) section is retained in modules (Alan Maguire) [Orabug: 33774133] \n- kbuild: Skip module BTF generation for out-of-tree external modules (Andrii Nakryiko) [Orabug: 33774133] \n- bpf: Load and verify kernel module BTFs (Andrii Nakryiko) [Orabug: 33774133] \n- kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (Andrii Nakryiko) [Orabug: 33774133] \n- arm64: Add assembly annotations for weak-PI-alias madness (Robin Murphy) [Orabug: 33816089] \n- arm64: Import updated version of Cortex Strings' strlen (Sam Tebbs) [Orabug: 33816089] \n- arm64: Import latest memcpy()/memmove() implementation (Robin Murphy) [Orabug: 33816089] \n- arm64: Import latest version of Cortex Strings' memcmp (Sam Tebbs) [Orabug: 33816089] \n- arm64: Better optimised memchr() (Robin Murphy) [Orabug: 33816089] \n- net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33821540] \n- x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33825645] \n- uek-rpm/ol/config-aarch64: Enable CONFIG_ARM_RASPBERRYPI_CPUFREQ for RPi (Vijay Kumar) \n- KVM: x86: Initialize tdp_level during vCPU creation (Sean Christopherson) [Orabug: 33841857] \n- KVM: x86/mmu: Capture TDP level when updating CPUID (Sean Christopherson) [Orabug: 33841857] \n- xen/netback: don't queue unlimited number of packages (Juergen Gross) [Orabug: 33851834] \n- xen/netback: fix rx queue stall detection (Juergen Gross) [Orabug: 33851834] \n- Fix conflict of LTS commit 'PCI: aardvark: Configure PCIe resources from 'ranges' DT property' (Sherry Yang) [Orabug: 33862617]\n[5.4.17-2136.305.2]\n- LTS tag: v5.4.163 (Sherry Yang) \n- tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) \n- xen/netfront: don't trust the backend response data blindly (Juergen Gross) \n- xen/netfront: disentangle tx_skb_freelist (Juergen Gross) \n- xen/netfront: don't read data from request on the ring page (Juergen Gross) \n- xen/netfront: read response from backend only once (Juergen Gross) \n- xen/blkfront: don't trust the backend response data blindly (Juergen Gross) \n- xen/blkfront: don't take local copy of a request from the ring page (Juergen Gross) \n- xen/blkfront: read response from backend only once (Juergen Gross) \n- xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) \n- fuse: release pipe buf after last use (Miklos Szeredi) \n- NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) \n- shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) \n- s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) \n- tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) \n- vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) \n- smb3: do not error on fsync when readonly (Steve French) \n- f2fs: set SBI_NEED_FSCK flag when inconsistent node block found (Weichao Guo) \n- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (Vladimir Oltean) \n- net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP (Vladimir Oltean) \n- net: hns3: fix VF RSS failed problem after PF enable multi-TCs (Guangbin Huang) \n- net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) \n- net: vlan: fix underflow for the real_dev refcnt (Ziyang Xuan) \n- MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) \n- igb: fix netpoll exit with traffic (Jesse Brandeburg) \n- nvmet: use IOCB_NOWAIT only if the filesystem supports it (Maurizio Lombardi) \n- tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) \n- PM: hibernate: use correct mode for swsusp_close() (Thomas Zeitlhofer) \n- net/ncsi : Add payload to be 32-bit aligned to fix dropped packets (Kumar Thangavel) \n- nvmet-tcp: fix incomplete data digest send (Varun Prakash) \n- net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) \n- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Mike Christie) \n- net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group (Nikolay Aleksandrov) \n- net: ipv6: add fib6_nh_release_dsts stub (Nikolay Aleksandrov) \n- nfp: checking parameter process for rx-usecs/tx-usecs is invalid (Diana Wang) \n- ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) \n- iavf: Prevent changing static ITR values if adaptive moderation is on (Nitesh B Venkatesh) \n- drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) \n- scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) \n- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) \n- NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) \n- firmware: arm_scmi: pm: Propagate return value to caller (Peng Fan) \n- net: ieee802154: handle iftypes as u32 (Alexander Aring) \n- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (Srinivas Kandagatla) \n- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) \n- ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) \n- netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) \n- proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) \n- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) \n- pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) \n- PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (Pali Rohar) \n- PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge (Pali Rohar) \n- PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge (Pali Rohar) \n- PCI: aardvark: Fix link training (Pali Rohar) \n- PCI: aardvark: Simplify initialization of rootcap on virtual bridge (Pali Rohar) \n- PCI: aardvark: Implement re-issuing config requests on CRS response (Pali Rohar) \n- PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) \n- PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) \n- PCI: pci-bridge-emul: Fix array overruns, improve safety (Russell King) \n- PCI: aardvark: Update comment about disabling link training (Pali Rohar) \n- PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) \n- PCI: aardvark: Fix compilation on s390 (Pali Rohar) \n- PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) \n- PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) \n- PCI: aardvark: Issue PERST via GPIO (Pali Rohar) \n- PCI: aardvark: Improve link training (Marek Behun) \n- PCI: aardvark: Train link immediately after enabling training (Pali Rohar) \n- PCI: aardvark: Fix big endian support (Grzegorz Jaszczyk) \n- PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) \n- PCI: aardvark: Deduplicate code in advk_pcie_rd_conf() (Marek Behun) \n- mdio: aspeed: Fix 'Link is Down' issue (Dylan Hung) \n- mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB (Adrian Hunter) \n- tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) \n- tracing/uprobe: Fix uprobe_perf_open probes iteration (Jiri Olsa) \n- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (Nicholas Piggin) \n- xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) \n- xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) \n- staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) \n- staging/fbtft: Fix backlight (Noralf Tronnes) \n- HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) \n- Revert 'parisc: Fix backtrace to always include init funtion names' (Helge Deller) \n- media: cec: copy sequence field for the reply (Hans Verkuil) \n- ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) \n- binder: fix test regression due to sender_euid change (Todd Kjos) \n- usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) \n- usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) \n- usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (Ondrej Jirman) \n- net: nexthop: fix null pointer dereference when IPv6 is not enabled (Nikolay Aleksandrov) \n- usb: dwc2: hcd_queue: Fix use of floating point literal (Nathan Chancellor) \n- usb: dwc2: gadget: Fix ISOC flow for elapsed frames (Minas Harutyunyan) \n- USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) \n- USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas) \n- LTS tag: v5.4.162 (Sherry Yang) \n- ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (Pierre-Louis Bossart) \n- ALSA: hda: hdac_ext_stream: fix potential locking issues (Pierre-Louis Bossart) \n- hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) \n- tlb: mmu_gather: add tlb_flush_*_range APIs (Peter Zijlstra (Intel)) \n- ice: Delete always true check of PF pointer (Leon Romanovsky) \n- usb: max-3421: Use driver data instead of maintaining a list of bound devices (Uwe Kleine-Konig) \n- ASoC: DAPM: Cover regression by kctl change notification fix (Takashi Iwai) \n- batman-adv: Don't always reallocate the fragmentation skb head (Sven Eckelmann) \n- batman-adv: Reserve needed_*room for fragments (Sven Eckelmann) \n- batman-adv: Consider fragmentation for needed_headroom (Sven Eckelmann) \n- perf/core: Avoid put_page() when GUP fails (Greg Thelen) \n- Revert 'net: mvpp2: disable force link UP during port init procedure' (Greg Kroah-Hartman) \n- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (hongao) \n- drm/i915/dp: Ensure sink rate values are always valid (Imre Deak) \n- drm/nouveau: use drm_dev_unplug() during device removal (Jeremy Cline) \n- drm/udl: fix control-message timeout (Johan Hovold) \n- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (Nguyen Dinh Phi) \n- parisc/sticon: fix reverse colors (Sven Schnelle) \n- btrfs: fix memory ordering between normal and ordered work functions (Nikolay Borisov) \n- udf: Fix crash after seekdir (Jan Kara) \n- s390/kexec: fix memory leak of ipl report buffer (Baoquan He) \n- x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (Sean Christopherson) \n- mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag (Rustam Kovhaev) \n- ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) \n- hexagon: export raw I/O routines for modules (Nathan Chancellor) \n- tun: fix bonding active backup with arp monitoring (Nicolas Dichtel) \n- arm64: vdso32: suppress error message for 'make mrproper' (Nick Desaulniers) \n- s390/kexec: fix return code handling (Heiko Carstens) \n- perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server (Alexander Antonov) \n- perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server (Alexander Antonov) \n- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (Michael Ellerman) \n- NFC: reorder the logic in nfc_{un,}register_device (Lin Ma) \n- drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (Hans Verkuil) \n- NFC: reorganize the functions in nci_request (Lin Ma) \n- i40e: Fix display error code in dmesg (Grzegorz Szczurek) \n- i40e: Fix creation of first queue by omitting it if is not power of two (Jedrzej Jagielski) \n- i40e: Fix ping is lost after configuring ADq on VF (Eryk Rybak) \n- i40e: Fix changing previously set num_queue_pairs for PFs (Eryk Rybak) \n- i40e: Fix NULL ptr dereference on VSI filter sync (Michal Maloszewski) \n- i40e: Fix correct max_pkt_size on VF RX queue (Eryk Rybak) \n- net: virtio_net_hdr_to_skb: count transport header in UFO (Jonathan Davies) \n- net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (Pavel Skripkin) \n- net: sched: act_mirred: drop dst for the direction from egress to ingress (Xin Long) \n- scsi: core: sysfs: Fix hang when device state is set via sysfs (Mike Christie) \n- platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (Christophe JAILLET) \n- mips: lantiq: add support for clk_get_parent() (Randy Dunlap) \n- mips: bcm63xx: add support for clk_get_parent() (Randy Dunlap) \n- MIPS: generic/yamon-dt: fix uninitialized variable error (Colin Ian King) \n- iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Surabhi Boob) \n- iavf: validate pointers (Mitch Williams) \n- iavf: prevent accidental free of filter structure (Jacob Keller) \n- iavf: Fix failure to exit out from last all-multicast mode (Piotr Marczak) \n- iavf: free q_vectors before queues in iavf_disable_vf (Nicholas Nunley) \n- iavf: check for null in iavf_fix_features (Nicholas Nunley) \n- net: bnx2x: fix variable dereferenced before check (Pavel Skripkin) \n- perf tests: Remove bash construct from record+zstd_comp_decomp.sh (James Clark) \n- perf bench futex: Fix memory leak of perf_cpu_map__new() (Sohaib Mohamed) \n- perf bpf: Avoid memory leak from perf_env__insert_btf() (Ian Rogers) \n- RDMA/netlink: Add __maybe_unused to static inline in C file (Leon Romanovsky) \n- tracing/histogram: Do not copy the fixed-size char array field over the field size (Masami Hiramatsu) \n- tracing: Save normal string variables (Tom Zanussi) \n- sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (Vincent Donnefort) \n- mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set (Randy Dunlap) \n- clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (Dmitry Baryshkov) \n- clk/ast2600: Fix soc revision for AHB (Joel Stanley) \n- clk: ingenic: Fix bugs with divided dividers (Paul Cercueil) \n- sh: define __BIG_ENDIAN for math-emu (Randy Dunlap) \n- sh: math-emu: drop unused functions (Randy Dunlap) \n- sh: fix kconfig unmet dependency warning for FRAME_POINTER (Randy Dunlap) \n- f2fs: fix up f2fs_lookup tracepoints (Gao Xiang) \n- maple: fix wrong return value of maple_bus_init(). (Lu Wei) \n- sh: check return code of request_irq (Nick Desaulniers) \n- powerpc/dcr: Use cmplwi instead of 3-argument cmpli (Michael Ellerman) \n- ALSA: gus: fix null pointer dereference on pointer block (Chengfeng Ye) \n- powerpc/5200: dts: fix memory node unit name (Anatolij Gustschin) \n- iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (Teng Qi) \n- scsi: target: Fix alua_tg_pt_gps_count tracking (Mike Christie) \n- scsi: target: Fix ordered tag handling (Mike Christie) \n- MIPS: sni: Fix the build (Bart Van Assche) \n- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Guanghui Feng) \n- ALSA: ISA: not for M68K (Randy Dunlap) \n- ARM: dts: ls1021a-tsn: use generic 'jedec,spi-nor' compatible for flash (Li Yang) \n- ARM: dts: ls1021a: move thermal-zones node out of soc/ (Li Yang) \n- usb: host: ohci-tmio: check return value after calling platform_get_resource() (Yang Yingliang) \n- ARM: dts: omap: fix gpmc,mux-add-data type (Roger Quadros) \n- firmware_loader: fix pre-allocated buf built-in firmware use (Luis Chamberlain) \n- scsi: advansys: Fix kernel pointer leak (Guo Zhi) \n- ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (Hans de Goede) \n- clk: imx: imx6ul: Move csi_sel mux to correct base register (Stefan Riedmueller) \n- ASoC: SOF: Intel: hda-dai: fix potential locking issue (Pierre-Louis Bossart) \n- arm64: dts: freescale: fix arm,sp805 compatible string (Michael Walle) \n- arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency (AngeloGioacchino Del Regno) \n- usb: typec: tipd: Remove WARN_ON in tps6598x_block_read (Sven Peter) \n- usb: musb: tusb6010: check return value after calling platform_get_resource() (Yang Yingliang) \n- RDMA/bnxt_re: Check if the vlan is valid before reporting (Selvin Xavier) \n- arm64: dts: hisilicon: fix arm,sp805 compatible string (Michael Walle) \n- ARM: dts: NSP: Fix mpcore, mmc node names (Matthew Hagan) \n- arm64: zynqmp: Fix serial compatible string (Michal Simek) \n- arm64: zynqmp: Do not duplicate flash partition label property (Amit Kumar Mahapatra) \n- net/mlx5: Add back multicast stats for uplink representor (Huy Nguyen) [Orabug: 33519567] \n- net/mlx5: E-Switch, Protect changing mode while adding rules (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Do not reload ethernet ports when changing eswitch mode (Roi Dayan) [Orabug: 33519567] \n- net/mlx5: Move devlink port from mlx5e priv to mlx5e resources (Roi Dayan) [Orabug: 33519567] \n- net/mlx5: Move mlx5e hw resources into a sub object (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Move devlink port register and unregister calls (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Verify dev is present in some ndos (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Use nic mode netdev ndos and ethtool ops for uplink representor (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Add offload stats ndos to nic netdev ops (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Distinguish nic and esw offload in tc setup block cb (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Allow legacy vf ndos only if in legacy mode (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Same max num channels for both nic and uplink profiles (Saeed Mahameed) [Orabug: 33519567] \n- net: Change dev parameter to const in netif_device_present() (Roi Dayan) [Orabug: 33519567] \n- net/mlx5: Cleanup prototype warning (Saeed Mahameed) [Orabug: 33519567] \n- net/mxl5e: Add change profile method (Saeed Mahameed) [Orabug: 33519567] \n- net/mlx5e: Disable hw-tc-offload when MLX5_CLS_ACT config is disabled (Maor Dickman) [Orabug: 33519567] \n- net/tls: Fix wrong record sn in async mode of device resync (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Fix multicast counter not up-to-date in 'ip -s' (Ron Diskin) [Orabug: 33519567] \n- net/mlx5e: Add support for PCI relaxed ordering (Aya Levin) [Orabug: 33519567] \n- net/mlx5e: Move exposure of datapath function to txrx header (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: RX, Re-work initializaiton of RX function pointers (Tariq Toukan) [Orabug: 33519567] \n- RDMA/mlx5: ConnectX-7 new capabilities to set relaxed ordering by UMR (Meir Lichtinger) [Orabug: 33519567] \n- net/mlx5e: IPsec: Add Connect-X IPsec Rx data path offload (Raed Salem) [Orabug: 33519567] \n- net/mlx5e: Fix usage of rcu-protected pointer (Vlad Buslov) [Orabug: 33519567] \n- net/mlx5e: Move RQ helpers to txrx.h (Aya Levin) [Orabug: 33519567] \n- net/mlx5e: Remove redundant RQ state query (Aya Levin) [Orabug: 33519567] \n- net/mlx5e: Change reporters create functions to return void (Eran Ben Elisha) [Orabug: 33519567] \n- net/tls: fix sign extension issue when left shifting u16 value (Colin Ian King) [Orabug: 33519567] \n- net/mlx5e: kTLS, Improve rx handler function call (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: kTLS, Add kTLS RX stats (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: kTLS, Add kTLS RX resync support (Tariq Toukan) [Orabug: 33519567] \n- net/tls: Add asynchronous resync (Boris Pismenny) [Orabug: 33519567] \n- Revert 'net/tls: Add force_resync for driver resync' (Boris Pismenny) [Orabug: 33519567] \n- net/mlx5e: kTLS, Add kTLS RX HW offload support (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: kTLS, Improve TLS feature modularity (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Accel, Expose flow steering API for rules add/del (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Receive flow steering framework for accelerated TCP flows (Boris Pismenny) [Orabug: 33519567] \n- net/mlx5e: API to manipulate TTC rules destinations (Saeed Mahameed) [Orabug: 33519567] \n- net/mlx5e: Turn XSK ICOSQ into a general asynchronous one (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5: kTLS, Improve TLS params layout structures (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Support tc block sharing for representors (Vu Pham) [Orabug: 33519567] \n- net/tls: Add force_resync for driver resync (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Calculate SQ stop room in a robust way (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: IPoIB, Enable loopback packets for IPoIB interfaces (Erez Shitrit) [Orabug: 33519567] \n- net/mlx5e: Enhance ICOSQ WQE info fields (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Use struct assignment for WQE info updates (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Take TX WQE info structures out of general EN header (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: kTLS, Do not fill edge for the DUMP WQEs in TX flow (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: kTLS, Fill work queue edge separately in TX flow (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Split TX acceleration offloads into two phases (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Update UDP fields of the SKB for GSO first (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Make TLS offload independent of wqe and pi (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Pass only eseg to IPSEC offload (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Return void from mlx5e_sq_xmit and mlx5i_sq_xmit (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Unify checks of TLS offloads (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Return bool from TLS and IPSEC offloads (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Unify reserving space for WQEs (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Rename ICOSQ WQE info struct and field (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Fetch WQE: reuse code and enforce typing (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: TX, Generalise code and usage of error CQE dump (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5: Introduce TLS RX offload hardware bits (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5: Update transobj.c new cmd interface (Leon Romanovsky) [Orabug: 33519567] \n- net/mlx5e: en_accel, Add missing net/geneve.h include (Raed Salem) [Orabug: 33519567] \n- net/mlx5e: Show/set Rx network flow classification rules on ul rep (Vlad Buslov) [Orabug: 33519567] \n- net/mlx5e: Show/set Rx flow indir table and RSS hash key on ul rep (Vlad Buslov) [Orabug: 33519567] \n- mlx5: reject unsupported coalescing params (Jakub Kicinski) [Orabug: 33519567] \n- net/mlx5e: RX, Use indirect calls wrapper for posting descriptors (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Replace zero-length array with flexible-array member (Gustavo A. R. Silva) [Orabug: 33519567] \n- net/mlx5e: TX, Error completion is for last WQE in batch (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5: Expose relaxed ordering bits (Michael Guralnik) [Orabug: 33519567] \n- net/mlx5e: TX, Dump WQs wqe descriptors on CQE with error events (Saeed Mahameed) [Orabug: 33519567]\n[5.4.17-2136.305.1]\n- btrfs: fix metadata reservation for fallocate that leads to transaction aborts (Filipe Manana) [Orabug: 32675999] \n- btrfs: inode: refactor the parameters of insert_reserved_file_extent() (Qu Wenruo) [Orabug: 32675999] \n- uek-rpm: Enable QAT 4XXX device (Thomas Tai) [Orabug: 33440215] \n- crypto: qat - power up 4xxx device (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - fix naming of PF/VF enable functions (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - complete all the init steps before service notification (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - move IO virtualization functions (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - rename compatibility version definition (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - enable interrupts only after ISR allocation (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - simplify code and axe the use of a deprecated API (Christophe JAILLET) [Orabug: 33440215] \n- crypto: qat - enable detection of accelerators hang (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - configure arbiter mapping based on engines enabled (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - replace CRYPTO_AES with CRYPTO_LIB_AES in Kconfig (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - add CRYPTO_AES to Kconfig dependencies (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - add capability detection logic in qat_4xxx (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - add AES-XTS support for QAT GEN4 devices (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - add AES-CTR support for QAT GEN4 devices (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - add qat_4xxx driver (Thomas Tai) [Orabug: 33440215] \n- crypto: qat - add hook to initialize vector routing table (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - target fw images to specific AEs (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - add gen4 firmware loader (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add support for broadcasting mode (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add support for shared ustore (Jack Xu) [Orabug: 33440215] \n- crypto: qat - allow to target specific AEs (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add FCU CSRs to chip info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add CSS3K support (Jack Xu) [Orabug: 33440215] \n- crypto: qat - use ae_mask (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add misc control CSR to chip info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add wake up event to chip info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add clock enable CSR to chip info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add reset CSR and mask to chip info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add local memory size to chip info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add support for lm2 and lm3 (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add next neighbor to chip_info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - introduce chip info structure (Jack Xu) [Orabug: 33440215] \n- crypto: qat - refactor long expressions (Jack Xu) [Orabug: 33440215] \n- crypto: qat - refactor qat_uclo_set_ae_mode() (Jack Xu) [Orabug: 33440215] \n- crypto: qat - move defines to header files (Jack Xu) [Orabug: 33440215] \n- crypto: qat - remove global CSRs helpers (Jack Xu) [Orabug: 33440215] \n- crypto: qat - refactor AE start (Jack Xu) [Orabug: 33440215] \n- crypto: qat - rename qat_uclo_del_uof_obj() (Jack Xu) [Orabug: 33440215] \n- crypto: qat - remove unnecessary parenthesis (Jack Xu) [Orabug: 33440215] \n- crypto: qat - support for mof format in fw loader (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - allow for instances in different banks (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - refactor qat_crypto_dev_config() (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - refactor qat_crypto_create_instances() (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - remove unnecessary void* casts (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - call functions in adf_sriov if available (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - abstract writes to arbiter enable (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - use BIT_ULL() - 1 pattern for masks (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - replace constant masks with GENMASK (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - abstract build ring base (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - enable ring after pair is programmed (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - register crypto instances based on capability (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - add support for capability detection (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - abstract arbiter access (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - remove unused macros in arbiter module (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - remove writes into WQCFG (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - update constants table (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - use admin mask to send fw constants (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - change admin sequence (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - rename ME in AE (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - add packed to init admin structures (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - abstract admin interface (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - relocate GEN2 CSR access code (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - split transport CSR access logic (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - fix configuration of iov threads (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - num_rings_per_bank is device dependent (Ahsan Atta) [Orabug: 33440215] \n- crypto: qat - mask device capabilities with soft straps (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - update IV in software (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - drop input parameter from adf_enable_aer() (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - replace device ids defines (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - add delay before polling mailbox (Giovanni Cabiddu) [Orabug: 33440215] \n- PCI: Add Intel QuickAssist device IDs (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - fallback for xts with 192 bit keys (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - remove unused field in skcipher ctx (Thomas Tai) [Orabug: 33440215] \n- crypto: qat - validate xts key (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - allow xts requests not multiple of block (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - update timeout logic in put admin msg (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - send admin messages to set of AEs (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - update fw init admin msg (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - replace user types with kernel ABI __u types (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - replace user types with kernel u types (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - convert to SPDX License Identifiers (Giovanni Cabiddu) [Orabug: 33440215] \n- iopoll: introduce read_poll_timeout macro (Dejin Zheng) [Orabug: 33440215] \n- crypto: qat - simplify the qat_crypto function (Tianjia Zhang) [Orabug: 33440215] \n- crypto: qat - switch to skcipher API (Ard Biesheuvel) [Orabug: 33440215] \n- io_uring: fix false WARN_ONCE (Pavel Begunkov) [Orabug: 33731046] \n- scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix link down processing to address NULL pointer dereference (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Add support for optional PLDV handling (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix mailbox command failure during driver initialization (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Improve PBDE checks during SGL processing (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix rediscovery of tape device after LIP (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Don't release final kref on Fport node while ABTS outstanding (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (Ewan D. Milne) [Orabug: 33731165] \n- scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Revise Topology and RAS support checks for new adapters (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Copyright updates for 12.8.0.11 patches (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Update lpfc version to 12.8.0.11 (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Skip issuing ADISC when node is in NPR state (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Clear outstanding active mailbox during PCI function reset (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix target reset handler from falsely returning FAILURE (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Discovery state machine fixes for LOGO handling (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Remove use of kmalloc() in trace event logging (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix failure to transmit ABTS on FC link (James Smart) [Orabug: 33731165] \n- bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734681] \n- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734681] \n- USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) [Orabug: 33739525] {CVE-2021-39685}\n- USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) [Orabug: 33739525] {CVE-2021-39685}\n- USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) [Orabug: 33739525] {CVE-2021-39685}\n- scsi: vmw_pvscsi: Set residual data length conditionally (Alexey Makhalov) [Orabug: 33761343] \n- hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782833] \n- Revert 'rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info' (Rohit Nair) [Orabug: 33812555] \n- uek-rpm: Add missing dax modules to kernel-ueknano (Somasundaram Krishnasamy) [Orabug: 33821042] \n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825687] {CVE-2022-0492}", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-23T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26401", "CVE-2021-3653", "CVE-2021-3656", "CVE-2021-39685", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0847", "CVE-2022-23960", "CVE-2022-25636"], "modified": "2022-03-23T00:00:00", "id": "ELSA-2022-9244", "href": "http://linux.oracle.com/errata/ELSA-2022-9244.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-04-07T21:33:36", "description": "[5.4.17-2136.305.5.3]\n- bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33973548] \n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33973543] \n- Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug: 33973491] \n- Revert 'btrfs: fix metadata reservation for fallocate that leads to transaction aborts' (Srikanth C S) [Orabug: 33973491]\n[5.4.17-2136.305.5.2]\n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33942325] {CVE-2022-0847}\n[5.4.17-2136.305.5.1]\n- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33937423] {CVE-2022-23960} \n- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33937423] {CVE-2022-23960} \n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937344] {CVE-2021-26401}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33937389] \n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401}\n- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401}\n[5.4.17-2136.305.5]\n- netfilter: nf_tables_offload: incorrect flow offload action array size (Pablo Neira Ayuso) [Orabug: 33900416] {CVE-2022-25636}\n[5.4.17-2136.305.4]\n- net/mlx5e: Fix page DMA map/unmap attributes (Aya Levin) [Orabug: 33382242] \n- DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676597] \n- uek-rpm: enable VIRTIO_PCI_LIB_LEGACY config (Si-Wei Liu) [Orabug: 33749636] \n- vdpa/mlx5: Fix tracking of current number of VQs (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Fix is_index_valid() to refer to features (Eli Cohen) [Orabug: 33749636] \n- vdpa: Protect vdpa reset with cf_mutex (Eli Cohen) [Orabug: 33749636] \n- vdpa: Avoid taking cf_mutex lock on get status (Eli Cohen) [Orabug: 33749636] \n- vdpa/vdpa_sim_net: Report max device capabilities (Eli Cohen) [Orabug: 33749636] \n- vdpa: Use BIT_ULL for bit operations (Eli Cohen) [Orabug: 33749636] \n- vdpa/vdpa_sim: Configure max supported virtqueues (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Report max device capabilities (Eli Cohen) [Orabug: 33749636] \n- vdpa: Support reporting max device capabilities (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Restore cur_num_vqs in case of failure in change_num_qps() (Eli Cohen) [Orabug: 33749636] \n- vdpa: Add support for returning device configuration information (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Support configuring max data virtqueue (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Fix config_attr_mask assignment (Eli Cohen) [Orabug: 33749636] \n- vdpa: Allow to configure max data virtqueues (Eli Cohen) [Orabug: 33749636] \n- vdpa: Read device configuration only if FEATURES_OK (Eli Cohen) [Orabug: 33749636] \n- vdpa: Sync calls set/get config/status with cf_mutex (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Distribute RX virtqueues in RQT object (Eli Cohen) [Orabug: 33749636] \n- vdpa: Provide interface to read driver features (Eli Cohen) [Orabug: 33749636] \n- vdpa: clean up get_config_size ret value handling (Laura Abbott) [Orabug: 33749636] \n- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (Eli Cohen) [Orabug: 33749636] \n- virtio/virtio_pci_legacy_dev: ensure the correct return value (Peng Hao) [Orabug: 33749636] \n- virtio: fix a typo in function 'vp_modern_remove' comments. (Dapeng Mi) [Orabug: 33749636] \n- virtio-pci: fix the confusing error message [Orabug: 33749636] \n- vdpa: Mark vdpa_config_ops.get_vq_notification as optional (Eugenio Perez) [Orabug: 33749636] \n- vdpa: Avoid duplicate call to vp_vdpa get_status (Eugenio Perez) [Orabug: 33749636] \n- net/mlx5_vdpa: Offer VIRTIO_NET_F_MTU when setting MTU (Eli Cohen) [Orabug: 33749636] \n- vdpa: add driver_override support (Stefano Garzarella) [Orabug: 33749636] \n- docs: document sysfs ABI for vDPA bus (Stefano Garzarella) [Orabug: 33749636] \n- vdpa: Consider device id larger than 31 (Parav Pandit) [Orabug: 33749636] \n- virtio: always enter drivers/virtio/ (Arnd Bergmann) [Orabug: 33749636] \n- vdpa: check that offsets are within bounds (Dan Carpenter) [Orabug: 33749636] \n- vdpa_sim: avoid putting an uninitialized iova_domain (Longpeng) [Orabug: 33749636] \n- vhost-vdpa: clean irqs before reseting vdpa device (Wu Zongyong) [Orabug: 33749636] \n- vdpa/mlx5: Forward only packets with allowed MAC address (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Support configuration of MAC (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit (Parav Pandit) [Orabug: 33749636] \n- vdpa_sim_net: Enable user to set mac address and mtu (Parav Pandit) [Orabug: 33749636] \n- vdpa: Enable user to set mac and mtu of vdpa device (Parav Pandit) [Orabug: 33749636] \n- vdpa: Use kernel coding style for structure comments (Parav Pandit) [Orabug: 33749636] \n- vdpa: Introduce query of device config layout (Parav Pandit) [Orabug: 33749636] \n- vdpa: Introduce and use vdpa device get, set config helpers (Parav Pandit) [Orabug: 33749636] \n- vdpa/mlx5: Propagate link status from device to vdpa driver (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Rename control VQ workqueue to vdpa wq (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Remove mtu field from vdpa net device (Eli Cohen) [Orabug: 33749636] \n- vdpa: add new attribute VDPA_ATTR_DEV_MIN_VQ_SIZE (Wu Zongyong) [Orabug: 33749636] \n- virtio_vdpa: setup correct vq size with callbacks get_vq_num_{max,min} (Wu Zongyong) [Orabug: 33749636] \n- vdpa: min vq num of vdpa device cannot be greater than max vq num (Wu Zongyong) [Orabug: 33749636] \n- vdpa: add new callback get_vq_num_min in vdpa_config_ops (Wu Zongyong) [Orabug: 33749636] \n- vp_vdpa: add vq irq offloading support (Wu Zongyong) [Orabug: 33749636] \n- vdpa: fix typo (Wu Zongyong) [Orabug: 33749636] \n- virtio-pci: introduce legacy device module (Wu Zongyong) [Orabug: 33749636] \n- vhost-vdpa: Fix the wrong input in config_cb (Cindy Lu) [Orabug: 33749636] \n- vhost_vdpa: unset vq irq before freeing irq (Wu Zongyong) [Orabug: 33749636] \n- vdpa: potential uninitialized return in vhost_vdpa_va_map() (Dan Carpenter) [Orabug: 33749636] \n- vdpa/mlx5: Avoid executing set_vq_ready() if device is reset (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Clear ready indication for control VQ (Eli Cohen) [Orabug: 33749636] \n- vdpa: Support transferring virtual addressing during DMA mapping (Xie Yongji) [Orabug: 33749636] \n- vdpa: factor out vhost_vdpa_pa_map() and vhost_vdpa_pa_unmap() (Xie Yongji) [Orabug: 33749636] \n- vdpa: Add an opaque pointer for vdpa_config_ops.dma_map() (Xie Yongji) [Orabug: 33749636] \n- vhost-iotlb: Add an opaque pointer for vhost IOTLB (Xie Yongji) [Orabug: 33749636] \n- vhost-vdpa: Handle the failure of vdpa_reset() (Xie Yongji) [Orabug: 33749636] \n- vdpa: Add reset callback in vdpa_config_ops (Xie Yongji) [Orabug: 33749636] \n- vdpa: Fix some coding style issues (Xie Yongji) [Orabug: 33749636] \n- vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro (Cai Huoqing) [Orabug: 33749636] \n- vdpa_sim: Use iova_shift() for the size passed to alloc_iova() (Xie Yongji) [Orabug: 33749636] \n- vdpa/mlx5: Add multiqueue support (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Add support for control VQ and MAC setting (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Ensure valid indices are provided (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Decouple virtqueue callback from struct mlx5_vdpa_virtqueue (Eli Cohen) [Orabug: 33749636] \n- Revert 'vdpa/mlx5: fix feature negotiation across device reset' (Si-Wei Liu) [Orabug: 33749636] \n- vdpa/mlx5: function prototype modifications in preparation to control VQ (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Remove redundant header file inclusion (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Fix queue type selection logic (Eli Cohen) [Orabug: 33749636] \n- vdpa/mlx5: Avoid destroying MR on empty iotlb (Eli Cohen) [Orabug: 33749636] \n- virtio_vdpa: reject invalid vq indices (Vincent Whitchurch) [Orabug: 33749636] \n- vdpa: Add documentation for vdpa_alloc_device() macro (Xie Yongji) [Orabug: 33749636] \n- vp_vdpa: Fix return value check for vdpa_alloc_device() (Xie Yongji) [Orabug: 33749636] \n- vdpa_sim: Fix return value check for vdpa_alloc_device() (Xie Yongji) [Orabug: 33749636] \n- vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update() (Xie Yongji) [Orabug: 33749636] \n- xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) [Orabug: 33803847] \n- KVM: nVMX: Filter out all unsupported controls when eVMCS was activated (Vitaly Kuznetsov) [Orabug: 33805849] \n- crypto: ccp - Add support for new CCP/PSP device ID (John Allen) [Orabug: 33805849] \n- KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (Sean Christopherson) [Orabug: 33805849] \n- KVM: fix avic_set_running for preemptable kernels (Paolo Bonzini) [Orabug: 33805849] \n- KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (Vitaly Kuznetsov) [Orabug: 33805849] \n- KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (Vitaly Kuznetsov) [Orabug: 33805849] \n- KVM: x86: Swap order of CPUID entry 'index' vs. 'significant flag' checks (Sean Christopherson) [Orabug: 33805849] \n- KVM: x86: nSVM: don't copy virt_ext from vmcb12 (Maxim Levitsky) [Orabug: 33805849] {CVE-2021-3653} {CVE-2021-3656}\n- KVM: x86: nSVM: restore int_vector in svm_clear_vintr (Maxim Levitsky) [Orabug: 33805849] \n- KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() (Vitaly Kuznetsov) [Orabug: 33805849] \n- KVM: x86: Mark all registers as avail/dirty at vCPU creation (Sean Christopherson) [Orabug: 33805849] \n- KVM: nVMX: Sync all PGDs on nested transition with shadow paging (Sean Christopherson) [Orabug: 33805849] \n- KVM: SVM: Revert clearing of C-bit on GPA in #NPF handler (Sean Christopherson) [Orabug: 33805849] \n- KVM: SVM: Don't strip the C-bit from CR2 on #PF interception (Sean Christopherson) [Orabug: 33805849] \n- rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821340] \n- nvmet-tcp: fix a race condition between release_queue and io_work (Maurizio Lombardi) [Orabug: 33825776] \n- nvmet-tcp: add an helper to free the cmd buffers (Maurizio Lombardi) [Orabug: 33825776] \n- drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835810] {CVE-2022-0330}\n- rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33845918] \n- tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850801] {CVE-2022-0435} {CVE-2022-0435}\n- uek-rpm: Synchronize Module.kabi and lockedlist (Stephen Brennan) [Orabug: 33871538]\n[5.4.17-2136.305.3]\n- net/mlx5: Enable mlx5 IPsec build options on OL7/OL8 (Qing Huang) [Orabug: 32936614] \n- net/mlx5e: Fix SWP offsets when vlan inserted by driver (Moshe Shemesh) [Orabug: 32936614] \n- net/mlx5e: Fix missing IPsec statistics on uplink representor (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: Add IPsec support to uplink representor (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Fix checksum issue of VXLAN and IPsec crypto offload (Huy Nguyen) [Orabug: 32936614] \n- net/xfrm: Add inner_ipproto into sec_path (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5: Optimize mlx5e_feature_checks for non IPsec packet (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5e: IPsec/rep_tc: Fix rep_tc_update_skb drops IPsec packet (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5: Replace spaces with tab at the start of a line (Wenpeng Liang) [Orabug: 32936614] \n- net/mlx5e: Enable XDP for Connect-X IPsec capable devices (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: Enable striding RQ for Connect-X IPsec capable devices (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: Release skb in case of failure in tc update skb (Maor Dickman) [Orabug: 32936614] \n- net/mlx5e: Move set vxlan nic info to profile init (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: Fix IPSEC stats (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: IPsec, Remove unnecessary config flag usage (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: IPsec, Inline feature_check fast-path function (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: IPsec, Avoid unreachable return (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: IPsec, Enclose csum logic under ipsec config (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: Split between RX/TX tunnel FW support indication (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Allow RQ outside of channel context (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Allow CQ outside of channel context (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Free drop RQ in a dedicated function (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: kTLS, Enforce HW TX csum offload with kTLS (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5: Expose IP-in-IP TX and RX capability bits (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Fix IPsec packet drop by mlx5e_tc_update_skb (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5e: Set IPsec WAs only in IP's non checksum partial case. (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5e: IPsec: Add Connect-X IPsec Tx data path offload (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: IPsec: Add TX steering rule per IPsec state (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5: Add NIC TX domain namespace (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5e: Add tc chains offload support for nic flows (Ariel Levkovich) [Orabug: 32936614] \n- net/mlx5: Refactor tc flow attributes structure (Ariel Levkovich) [Orabug: 32936614] \n- net/mlx5e: Split nic tc flow allocation and creation (Ariel Levkovich) [Orabug: 32936614] \n- net/mlx5e: Tc nic flows to use mlx5_chains flow tables (Ariel Levkovich) [Orabug: 32936614] \n- net/mlx5: Refactor multi chains and prios support (Ariel Levkovich) [Orabug: 32936614] \n- net/mlx5e: Enhanced TX MPWQE for SKBs (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Move TX code into functions to be used by MPWQE (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Rename xmit-related structs to generalize them (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Generalize TX MPWQE checks for full session (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Support multiple SKBs in a TX WQE (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Move the TLS resync check out of the function (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Unify constants for WQE_EMPTY_DS_COUNT (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Small improvements for XDP TX MPWQE logic (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Refactor xmit functions (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Move mlx5e_tx_wqe_inline_mode to en_tx.c (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Use struct assignment to initialize mlx5e_tx_wqe_info (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Refactor inline header size calculation in the TX path (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Fix endianness when calculating pedit mask first bit (Maor Dickman) [Orabug: 32936614] \n- net/mlx5e: CT: Fix freeing ct_label mapping (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: Fix memory leak of tunnel info when rule under multipath not ready (Jianbo Liu) [Orabug: 32936614] \n- net/mlx5e: Use synchronize_rcu to sync with NAPI (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Use RCU to protect rq->xdp_prog (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: RX, Add a prefetch command for small L1_CACHE_BYTES (Tariq Toukan) [Orabug: 32936614] \n- net: Take common prefetch code structure into a function (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: Use indirect call wrappers for RX post WQEs functions (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: CT: Map 128 bits labels to 32 bit map ID (Eli Britstein) [Orabug: 32936614] \n- net/mlx5e: XDP, Avoid indirect call in TX flow (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: IPsec: Add Connect-X IPsec ESN update offload support (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: IPsec: Add IPsec steering in local NIC RX (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5: Add IPsec related Flow steering entry's fields (Huy Nguyen) [Orabug: 32936614] \n- net/mlx5: IPsec: Add HW crypto offload support (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Accel, Add core IPsec support for the Connect-X family (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: Fix build break when CONFIG_XPS is not set (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: CT: Fix releasing ft entries (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: CT: Remove unused function param (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: CT: Return err_ptr from internal functions (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: CT: Use mapping for zone restore register (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: CT: Re-use tuple modify headers for identical modify actions (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: Export sharing of mod headers to a new file (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: CT: Restore ct state from lookup in zone instead of tupleid (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: CT: Don't offload tuple rewrites for established tuples (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: Use netdev_info instead of pr_info (Oz Shlomo) [Orabug: 32936614] \n- net/mlx5e: CT: Allow header rewrite of 5-tuple and ct clear action (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: CT: Save ct entries tuples in hashtables (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: Fix VXLAN configuration restore after function reload (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Enhance TX timeout recovery (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Enhance ICOSQ data on RX reporter's diagnose (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Add EQ info to TX/RX reporter's diagnose (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Rename reporter's helpers (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Add helper to get the RQ WQE counter (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Add helper to get RQ WQE's head (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Align RX/TX reporters diagnose output format (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Refactor build channel params (Tariq Toukan) [Orabug: 32936614] \n- net/mlx5e: vxlan: Use RCU for vxlan table lookup (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: Move TC-specific function definitions into MLX5_CLS_ACT (Vlad Buslov) [Orabug: 32936614] \n- net/mlx5e: CT: Fix ipv6 nat header rewrite actions (Oz Shlomo) [Orabug: 32936614] \n- net/mlx5e: en_tc: Fix cast to restricted __be32 warning (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: Don't use err uninitialized in mlx5e_attach_decap (Nathan Chancellor) [Orabug: 32936614] \n- net/mlx5e: Optimize performance for IPv4/IPv6 ethertype (Eli Britstein) [Orabug: 32936614] \n- net/mlx5e: Helper function to set ethertype (Eli Britstein) [Orabug: 32936614] \n- net/mlx5e: CT: Correctly get flow rule (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: Support pedit on mpls over UDP decap (Eli Cohen) [Orabug: 32936614] \n- xsk: Fix xsk_umem_xdp_frame_sz() (Bjorn Topel) [Orabug: 32936614] \n- net/mlx5e: CT: Fix offload with CT action after CT NAT action (Roi Dayan) [Orabug: 32936614] \n- mlx5: Rx queue setup time determine frame_sz for XDP (Jesper Dangaard Brouer) [Orabug: 32936614] \n- xdp: For Intel AF_XDP drivers add XDP frame_sz (Jesper Dangaard Brouer) [Orabug: 32936614] \n- xdp: Add frame size to xdp_buff (Jesper Dangaard Brouer) [Orabug: 32936614] \n- net: remove newlines in NL_SET_ERR_MSG_MOD (Jacob Keller) [Orabug: 32936614] \n- net/mlx5: CT: Remove unused variables (Paul Blakey) [Orabug: 32936614] \n- net/mlx5e: CT: Avoid false warning about rule may be used uninitialized (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: Remove unneeded semicolon (Zheng Bin) [Orabug: 32936614] \n- net/mlx5: IPsec, Fix coverity issue (Raed Salem) [Orabug: 32936614] \n- net/mlx5: TX WQE Add trailer insertion field (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Introduce IPsec Connect-X offload hardware bits and structures (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Update vxlan.c new cmd interface (Leon Romanovsky) [Orabug: 32936614] \n- net/mlx5: Update cq.c to new cmd interface (Leon Romanovsky) [Orabug: 32936614] \n- net/mlx5: CT: Change idr to xarray to protect parallel tuple id allocation (Paul Blakey) [Orabug: 32936614] \n- net/mlx5: IPsec, Refactor SA handle creation and destruction (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: IPSec, Expose IPsec HW stat only for supporting HW (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Refactor mlx5_accel_esp_create_hw_context parameter list (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Use the correct IPsec capability function for FPGA ops (Raed Salem) [Orabug: 32936614] \n- net/mlx5e: CT: Use rhashtable's ct entries instead of a separate list (Paul Blakey) [Orabug: 32936614] \n- net/mlx5: Add support for RDMA TX steering (Michael Guralnik) [Orabug: 32936614] \n- net/mlx5e: Fix actions_match_supported() return (Dan Carpenter) [Orabug: 32936614] \n- net/mlx5: Eswitch, enable forwarding back to uplink port (Eli Cohen) [Orabug: 32936614] \n- net/mlx5e: Add support for offloading traffic from uplink to uplink (Eli Cohen) [Orabug: 32936614] \n- net/mlx5e: Fix rejecting all egress rules not on vlan (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: CT: Fix stack usage compiler warning (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: CT: remove set but not used variable 'unnew' (YueHaibing) [Orabug: 32936614] \n- net/mlx5e: Fix an IS_ERR() vs NULL check (Dan Carpenter) [Orabug: 32936614] \n- net/mlx5: Introduce TLS and IPSec objects enums (Saeed Mahameed) [Orabug: 32936614] \n- net/mlx5e: Fix endianness handling in pedit mask (Sebastian Hense) [Orabug: 32936614] \n- net/mlx5e: Remove redundant comment about goto slow path (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: Reduce number of arguments in slow path handling (Eli Cohen) [Orabug: 32936614] \n- net/mlx5e: Use netdev_warn() instead of pr_err() for errors (Roi Dayan) [Orabug: 32936614] \n- net/mlx5e: Add devlink fdb_large_groups parameter (Jianbo Liu) [Orabug: 32936614] \n- net/mlx5: Change the name of steering mode param id (Jianbo Liu) [Orabug: 32936614] \n- net/mlx5: Eswitch, avoid redundant mask (Eli Cohen) [Orabug: 32936614] \n- net/mlx5: Fix header guard in rsc_dump.h (Nathan Chancellor) [Orabug: 32936614] \n- net/mlx5e: Add context to the preactivate hook (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Allow mlx5e_switch_priv_channels to fail and recover (Maxim Mikityanskiy) [Orabug: 32936614] \n- net/mlx5e: Remove unneeded netif_set_real_num_tx_queues (Maxim Mikityanskiy) [Orabug: 32936614] \n- ESP: Export esp_output_fill_trailer function (Raed Salem) [Orabug: 32936614] \n- net/mlx5: Remove a useless 'drain_workqueue()' call in 'mlx5e_ipsec_cleanup()' (Christophe JAILLET) [Orabug: 32936614] \n- mlx5: Use proper logging and tracing line terminations (Joe Perches) [Orabug: 32936614] \n- net/mlx5e: Support dump callback in RX reporter (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Support dump callback in TX reporter (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Gather reporters APIs together (Aya Levin) [Orabug: 32936614] \n- net/mlx5: Add support for resource dump (Aya Levin) [Orabug: 32936614] \n- net/mlx5e: Create q counters on uplink representors (Vlad Buslov) [Orabug: 32936614] \n- net/mlx5: Expose resource dump register mapping (Aya Levin) [Orabug: 32936614] \n- net/mlx5: Add structures and defines for MIRC register (Eran Ben Elisha) [Orabug: 32936614] \n- net/mlx5: WQ, Move short getters into header file (Tariq Toukan) [Orabug: 32936614] \n- Revert 'net/mlx5e: Fix SWP offsets when vlan inserted by driver' (Mikhael Goikhman) [Orabug: 32936614] \n- uek-rpm: ensure BPF Type Format (BTF) section is retained in modules (Alan Maguire) [Orabug: 33774133] \n- kbuild: Skip module BTF generation for out-of-tree external modules (Andrii Nakryiko) [Orabug: 33774133] \n- bpf: Load and verify kernel module BTFs (Andrii Nakryiko) [Orabug: 33774133] \n- kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (Andrii Nakryiko) [Orabug: 33774133] \n- arm64: Add assembly annotations for weak-PI-alias madness (Robin Murphy) [Orabug: 33816089] \n- arm64: Import updated version of Cortex Strings' strlen (Sam Tebbs) [Orabug: 33816089] \n- arm64: Import latest memcpy()/memmove() implementation (Robin Murphy) [Orabug: 33816089] \n- arm64: Import latest version of Cortex Strings' memcmp (Sam Tebbs) [Orabug: 33816089] \n- arm64: Better optimised memchr() (Robin Murphy) [Orabug: 33816089] \n- net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33821540] \n- x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33825645] \n- uek-rpm/ol/config-aarch64: Enable CONFIG_ARM_RASPBERRYPI_CPUFREQ for RPi (Vijay Kumar) \n- KVM: x86: Initialize tdp_level during vCPU creation (Sean Christopherson) [Orabug: 33841857] \n- KVM: x86/mmu: Capture TDP level when updating CPUID (Sean Christopherson) [Orabug: 33841857] \n- xen/netback: don't queue unlimited number of packages (Juergen Gross) [Orabug: 33851834] \n- xen/netback: fix rx queue stall detection (Juergen Gross) [Orabug: 33851834] \n- Fix conflict of LTS commit 'PCI: aardvark: Configure PCIe resources from 'ranges' DT property' (Sherry Yang) [Orabug: 33862617]\n[5.4.17-2136.305.2]\n- LTS tag: v5.4.163 (Sherry Yang) \n- tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) \n- xen/netfront: don't trust the backend response data blindly (Juergen Gross) \n- xen/netfront: disentangle tx_skb_freelist (Juergen Gross) \n- xen/netfront: don't read data from request on the ring page (Juergen Gross) \n- xen/netfront: read response from backend only once (Juergen Gross) \n- xen/blkfront: don't trust the backend response data blindly (Juergen Gross) \n- xen/blkfront: don't take local copy of a request from the ring page (Juergen Gross) \n- xen/blkfront: read response from backend only once (Juergen Gross) \n- xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) \n- fuse: release pipe buf after last use (Miklos Szeredi) \n- NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) \n- shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) \n- s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) \n- tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) \n- vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) \n- smb3: do not error on fsync when readonly (Steve French) \n- f2fs: set SBI_NEED_FSCK flag when inconsistent node block found (Weichao Guo) \n- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (Vladimir Oltean) \n- net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP (Vladimir Oltean) \n- net: hns3: fix VF RSS failed problem after PF enable multi-TCs (Guangbin Huang) \n- net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) \n- net: vlan: fix underflow for the real_dev refcnt (Ziyang Xuan) \n- MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) \n- igb: fix netpoll exit with traffic (Jesse Brandeburg) \n- nvmet: use IOCB_NOWAIT only if the filesystem supports it (Maurizio Lombardi) \n- tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) \n- PM: hibernate: use correct mode for swsusp_close() (Thomas Zeitlhofer) \n- net/ncsi : Add payload to be 32-bit aligned to fix dropped packets (Kumar Thangavel) \n- nvmet-tcp: fix incomplete data digest send (Varun Prakash) \n- net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) \n- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Mike Christie) \n- net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group (Nikolay Aleksandrov) \n- net: ipv6: add fib6_nh_release_dsts stub (Nikolay Aleksandrov) \n- nfp: checking parameter process for rx-usecs/tx-usecs is invalid (Diana Wang) \n- ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) \n- iavf: Prevent changing static ITR values if adaptive moderation is on (Nitesh B Venkatesh) \n- drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) \n- scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) \n- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) \n- NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) \n- firmware: arm_scmi: pm: Propagate return value to caller (Peng Fan) \n- net: ieee802154: handle iftypes as u32 (Alexander Aring) \n- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (Srinivas Kandagatla) \n- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) \n- ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) \n- netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) \n- proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) \n- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) \n- pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) \n- PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (Pali Rohar) \n- PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge (Pali Rohar) \n- PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge (Pali Rohar) \n- PCI: aardvark: Fix link training (Pali Rohar) \n- PCI: aardvark: Simplify initialization of rootcap on virtual bridge (Pali Rohar) \n- PCI: aardvark: Implement re-issuing config requests on CRS response (Pali Rohar) \n- PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) \n- PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) \n- PCI: pci-bridge-emul: Fix array overruns, improve safety (Russell King) \n- PCI: aardvark: Update comment about disabling link training (Pali Rohar) \n- PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) \n- PCI: aardvark: Fix compilation on s390 (Pali Rohar) \n- PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) \n- PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) \n- PCI: aardvark: Issue PERST via GPIO (Pali Rohar) \n- PCI: aardvark: Improve link training (Marek Behun) \n- PCI: aardvark: Train link immediately after enabling training (Pali Rohar) \n- PCI: aardvark: Fix big endian support (Grzegorz Jaszczyk) \n- PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) \n- PCI: aardvark: Deduplicate code in advk_pcie_rd_conf() (Marek Behun) \n- mdio: aspeed: Fix 'Link is Down' issue (Dylan Hung) \n- mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB (Adrian Hunter) \n- tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) \n- tracing/uprobe: Fix uprobe_perf_open probes iteration (Jiri Olsa) \n- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (Nicholas Piggin) \n- xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) \n- xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) \n- staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) \n- staging/fbtft: Fix backlight (Noralf Tronnes) \n- HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) \n- Revert 'parisc: Fix backtrace to always include init funtion names' (Helge Deller) \n- media: cec: copy sequence field for the reply (Hans Verkuil) \n- ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) \n- binder: fix test regression due to sender_euid change (Todd Kjos) \n- usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) \n- usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) \n- usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (Ondrej Jirman) \n- net: nexthop: fix null pointer dereference when IPv6 is not enabled (Nikolay Aleksandrov) \n- usb: dwc2: hcd_queue: Fix use of floating point literal (Nathan Chancellor) \n- usb: dwc2: gadget: Fix ISOC flow for elapsed frames (Minas Harutyunyan) \n- USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) \n- USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas) \n- LTS tag: v5.4.162 (Sherry Yang) \n- ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (Pierre-Louis Bossart) \n- ALSA: hda: hdac_ext_stream: fix potential locking issues (Pierre-Louis Bossart) \n- hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) \n- tlb: mmu_gather: add tlb_flush_*_range APIs (Peter Zijlstra (Intel)) \n- ice: Delete always true check of PF pointer (Leon Romanovsky) \n- usb: max-3421: Use driver data instead of maintaining a list of bound devices (Uwe Kleine-Konig) \n- ASoC: DAPM: Cover regression by kctl change notification fix (Takashi Iwai) \n- batman-adv: Don't always reallocate the fragmentation skb head (Sven Eckelmann) \n- batman-adv: Reserve needed_*room for fragments (Sven Eckelmann) \n- batman-adv: Consider fragmentation for needed_headroom (Sven Eckelmann) \n- perf/core: Avoid put_page() when GUP fails (Greg Thelen) \n- Revert 'net: mvpp2: disable force link UP during port init procedure' (Greg Kroah-Hartman) \n- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (hongao) \n- drm/i915/dp: Ensure sink rate values are always valid (Imre Deak) \n- drm/nouveau: use drm_dev_unplug() during device removal (Jeremy Cline) \n- drm/udl: fix control-message timeout (Johan Hovold) \n- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (Nguyen Dinh Phi) \n- parisc/sticon: fix reverse colors (Sven Schnelle) \n- btrfs: fix memory ordering between normal and ordered work functions (Nikolay Borisov) \n- udf: Fix crash after seekdir (Jan Kara) \n- s390/kexec: fix memory leak of ipl report buffer (Baoquan He) \n- x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (Sean Christopherson) \n- mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag (Rustam Kovhaev) \n- ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) \n- hexagon: export raw I/O routines for modules (Nathan Chancellor) \n- tun: fix bonding active backup with arp monitoring (Nicolas Dichtel) \n- arm64: vdso32: suppress error message for 'make mrproper' (Nick Desaulniers) \n- s390/kexec: fix return code handling (Heiko Carstens) \n- perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server (Alexander Antonov) \n- perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server (Alexander Antonov) \n- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (Michael Ellerman) \n- NFC: reorder the logic in nfc_{un,}register_device (Lin Ma) \n- drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (Hans Verkuil) \n- NFC: reorganize the functions in nci_request (Lin Ma) \n- i40e: Fix display error code in dmesg (Grzegorz Szczurek) \n- i40e: Fix creation of first queue by omitting it if is not power of two (Jedrzej Jagielski) \n- i40e: Fix ping is lost after configuring ADq on VF (Eryk Rybak) \n- i40e: Fix changing previously set num_queue_pairs for PFs (Eryk Rybak) \n- i40e: Fix NULL ptr dereference on VSI filter sync (Michal Maloszewski) \n- i40e: Fix correct max_pkt_size on VF RX queue (Eryk Rybak) \n- net: virtio_net_hdr_to_skb: count transport header in UFO (Jonathan Davies) \n- net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (Pavel Skripkin) \n- net: sched: act_mirred: drop dst for the direction from egress to ingress (Xin Long) \n- scsi: core: sysfs: Fix hang when device state is set via sysfs (Mike Christie) \n- platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (Christophe JAILLET) \n- mips: lantiq: add support for clk_get_parent() (Randy Dunlap) \n- mips: bcm63xx: add support for clk_get_parent() (Randy Dunlap) \n- MIPS: generic/yamon-dt: fix uninitialized variable error (Colin Ian King) \n- iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Surabhi Boob) \n- iavf: validate pointers (Mitch Williams) \n- iavf: prevent accidental free of filter structure (Jacob Keller) \n- iavf: Fix failure to exit out from last all-multicast mode (Piotr Marczak) \n- iavf: free q_vectors before queues in iavf_disable_vf (Nicholas Nunley) \n- iavf: check for null in iavf_fix_features (Nicholas Nunley) \n- net: bnx2x: fix variable dereferenced before check (Pavel Skripkin) \n- perf tests: Remove bash construct from record+zstd_comp_decomp.sh (James Clark) \n- perf bench futex: Fix memory leak of perf_cpu_map__new() (Sohaib Mohamed) \n- perf bpf: Avoid memory leak from perf_env__insert_btf() (Ian Rogers) \n- RDMA/netlink: Add __maybe_unused to static inline in C file (Leon Romanovsky) \n- tracing/histogram: Do not copy the fixed-size char array field over the field size (Masami Hiramatsu) \n- tracing: Save normal string variables (Tom Zanussi) \n- sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (Vincent Donnefort) \n- mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set (Randy Dunlap) \n- clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (Dmitry Baryshkov) \n- clk/ast2600: Fix soc revision for AHB (Joel Stanley) \n- clk: ingenic: Fix bugs with divided dividers (Paul Cercueil) \n- sh: define __BIG_ENDIAN for math-emu (Randy Dunlap) \n- sh: math-emu: drop unused functions (Randy Dunlap) \n- sh: fix kconfig unmet dependency warning for FRAME_POINTER (Randy Dunlap) \n- f2fs: fix up f2fs_lookup tracepoints (Gao Xiang) \n- maple: fix wrong return value of maple_bus_init(). (Lu Wei) \n- sh: check return code of request_irq (Nick Desaulniers) \n- powerpc/dcr: Use cmplwi instead of 3-argument cmpli (Michael Ellerman) \n- ALSA: gus: fix null pointer dereference on pointer block (Chengfeng Ye) \n- powerpc/5200: dts: fix memory node unit name (Anatolij Gustschin) \n- iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (Teng Qi) \n- scsi: target: Fix alua_tg_pt_gps_count tracking (Mike Christie) \n- scsi: target: Fix ordered tag handling (Mike Christie) \n- MIPS: sni: Fix the build (Bart Van Assche) \n- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Guanghui Feng) \n- ALSA: ISA: not for M68K (Randy Dunlap) \n- ARM: dts: ls1021a-tsn: use generic 'jedec,spi-nor' compatible for flash (Li Yang) \n- ARM: dts: ls1021a: move thermal-zones node out of soc/ (Li Yang) \n- usb: host: ohci-tmio: check return value after calling platform_get_resource() (Yang Yingliang) \n- ARM: dts: omap: fix gpmc,mux-add-data type (Roger Quadros) \n- firmware_loader: fix pre-allocated buf built-in firmware use (Luis Chamberlain) \n- scsi: advansys: Fix kernel pointer leak (Guo Zhi) \n- ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (Hans de Goede) \n- clk: imx: imx6ul: Move csi_sel mux to correct base register (Stefan Riedmueller) \n- ASoC: SOF: Intel: hda-dai: fix potential locking issue (Pierre-Louis Bossart) \n- arm64: dts: freescale: fix arm,sp805 compatible string (Michael Walle) \n- arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency (AngeloGioacchino Del Regno) \n- usb: typec: tipd: Remove WARN_ON in tps6598x_block_read (Sven Peter) \n- usb: musb: tusb6010: check return value after calling platform_get_resource() (Yang Yingliang) \n- RDMA/bnxt_re: Check if the vlan is valid before reporting (Selvin Xavier) \n- arm64: dts: hisilicon: fix arm,sp805 compatible string (Michael Walle) \n- ARM: dts: NSP: Fix mpcore, mmc node names (Matthew Hagan) \n- arm64: zynqmp: Fix serial compatible string (Michal Simek) \n- arm64: zynqmp: Do not duplicate flash partition label property (Amit Kumar Mahapatra) \n- net/mlx5: Add back multicast stats for uplink representor (Huy Nguyen) [Orabug: 33519567] \n- net/mlx5: E-Switch, Protect changing mode while adding rules (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Do not reload ethernet ports when changing eswitch mode (Roi Dayan) [Orabug: 33519567] \n- net/mlx5: Move devlink port from mlx5e priv to mlx5e resources (Roi Dayan) [Orabug: 33519567] \n- net/mlx5: Move mlx5e hw resources into a sub object (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Move devlink port register and unregister calls (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Verify dev is present in some ndos (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Use nic mode netdev ndos and ethtool ops for uplink representor (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Add offload stats ndos to nic netdev ops (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Distinguish nic and esw offload in tc setup block cb (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Allow legacy vf ndos only if in legacy mode (Roi Dayan) [Orabug: 33519567] \n- net/mlx5e: Same max num channels for both nic and uplink profiles (Saeed Mahameed) [Orabug: 33519567] \n- net: Change dev parameter to const in netif_device_present() (Roi Dayan) [Orabug: 33519567] \n- net/mlx5: Cleanup prototype warning (Saeed Mahameed) [Orabug: 33519567] \n- net/mxl5e: Add change profile method (Saeed Mahameed) [Orabug: 33519567] \n- net/mlx5e: Disable hw-tc-offload when MLX5_CLS_ACT config is disabled (Maor Dickman) [Orabug: 33519567] \n- net/tls: Fix wrong record sn in async mode of device resync (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Fix multicast counter not up-to-date in 'ip -s' (Ron Diskin) [Orabug: 33519567] \n- net/mlx5e: Add support for PCI relaxed ordering (Aya Levin) [Orabug: 33519567] \n- net/mlx5e: Move exposure of datapath function to txrx header (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: RX, Re-work initializaiton of RX function pointers (Tariq Toukan) [Orabug: 33519567] \n- RDMA/mlx5: ConnectX-7 new capabilities to set relaxed ordering by UMR (Meir Lichtinger) [Orabug: 33519567] \n- net/mlx5e: IPsec: Add Connect-X IPsec Rx data path offload (Raed Salem) [Orabug: 33519567] \n- net/mlx5e: Fix usage of rcu-protected pointer (Vlad Buslov) [Orabug: 33519567] \n- net/mlx5e: Move RQ helpers to txrx.h (Aya Levin) [Orabug: 33519567] \n- net/mlx5e: Remove redundant RQ state query (Aya Levin) [Orabug: 33519567] \n- net/mlx5e: Change reporters create functions to return void (Eran Ben Elisha) [Orabug: 33519567] \n- net/tls: fix sign extension issue when left shifting u16 value (Colin Ian King) [Orabug: 33519567] \n- net/mlx5e: kTLS, Improve rx handler function call (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: kTLS, Add kTLS RX stats (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: kTLS, Add kTLS RX resync support (Tariq Toukan) [Orabug: 33519567] \n- net/tls: Add asynchronous resync (Boris Pismenny) [Orabug: 33519567] \n- Revert 'net/tls: Add force_resync for driver resync' (Boris Pismenny) [Orabug: 33519567] \n- net/mlx5e: kTLS, Add kTLS RX HW offload support (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: kTLS, Improve TLS feature modularity (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Accel, Expose flow steering API for rules add/del (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Receive flow steering framework for accelerated TCP flows (Boris Pismenny) [Orabug: 33519567] \n- net/mlx5e: API to manipulate TTC rules destinations (Saeed Mahameed) [Orabug: 33519567] \n- net/mlx5e: Turn XSK ICOSQ into a general asynchronous one (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5: kTLS, Improve TLS params layout structures (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Support tc block sharing for representors (Vu Pham) [Orabug: 33519567] \n- net/tls: Add force_resync for driver resync (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Calculate SQ stop room in a robust way (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: IPoIB, Enable loopback packets for IPoIB interfaces (Erez Shitrit) [Orabug: 33519567] \n- net/mlx5e: Enhance ICOSQ WQE info fields (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Use struct assignment for WQE info updates (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Take TX WQE info structures out of general EN header (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: kTLS, Do not fill edge for the DUMP WQEs in TX flow (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: kTLS, Fill work queue edge separately in TX flow (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Split TX acceleration offloads into two phases (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Update UDP fields of the SKB for GSO first (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Make TLS offload independent of wqe and pi (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Pass only eseg to IPSEC offload (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Return void from mlx5e_sq_xmit and mlx5i_sq_xmit (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Unify checks of TLS offloads (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Return bool from TLS and IPSEC offloads (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Unify reserving space for WQEs (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Rename ICOSQ WQE info struct and field (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: Fetch WQE: reuse code and enforce typing (Maxim Mikityanskiy) [Orabug: 33519567] \n- net/mlx5e: TX, Generalise code and usage of error CQE dump (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5: Introduce TLS RX offload hardware bits (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5: Update transobj.c new cmd interface (Leon Romanovsky) [Orabug: 33519567] \n- net/mlx5e: en_accel, Add missing net/geneve.h include (Raed Salem) [Orabug: 33519567] \n- net/mlx5e: Show/set Rx network flow classification rules on ul rep (Vlad Buslov) [Orabug: 33519567] \n- net/mlx5e: Show/set Rx flow indir table and RSS hash key on ul rep (Vlad Buslov) [Orabug: 33519567] \n- mlx5: reject unsupported coalescing params (Jakub Kicinski) [Orabug: 33519567] \n- net/mlx5e: RX, Use indirect calls wrapper for posting descriptors (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5e: Replace zero-length array with flexible-array member (Gustavo A. R. Silva) [Orabug: 33519567] \n- net/mlx5e: TX, Error completion is for last WQE in batch (Tariq Toukan) [Orabug: 33519567] \n- net/mlx5: Expose relaxed ordering bits (Michael Guralnik) [Orabug: 33519567] \n- net/mlx5e: TX, Dump WQs wqe descriptors on CQE with error events (Saeed Mahameed) [Orabug: 33519567]\n[5.4.17-2136.305.1]\n- btrfs: fix metadata reservation for fallocate that leads to transaction aborts (Filipe Manana) [Orabug: 32675999] \n- btrfs: inode: refactor the parameters of insert_reserved_file_extent() (Qu Wenruo) [Orabug: 32675999] \n- uek-rpm: Enable QAT 4XXX device (Thomas Tai) [Orabug: 33440215] \n- crypto: qat - power up 4xxx device (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - fix naming of PF/VF enable functions (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - complete all the init steps before service notification (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - move IO virtualization functions (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - rename compatibility version definition (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - enable interrupts only after ISR allocation (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - simplify code and axe the use of a deprecated API (Christophe JAILLET) [Orabug: 33440215] \n- crypto: qat - enable detection of accelerators hang (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - configure arbiter mapping based on engines enabled (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - replace CRYPTO_AES with CRYPTO_LIB_AES in Kconfig (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - add CRYPTO_AES to Kconfig dependencies (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - add capability detection logic in qat_4xxx (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - add AES-XTS support for QAT GEN4 devices (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - add AES-CTR support for QAT GEN4 devices (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - add qat_4xxx driver (Thomas Tai) [Orabug: 33440215] \n- crypto: qat - add hook to initialize vector routing table (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - target fw images to specific AEs (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - add gen4 firmware loader (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add support for broadcasting mode (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add support for shared ustore (Jack Xu) [Orabug: 33440215] \n- crypto: qat - allow to target specific AEs (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add FCU CSRs to chip info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add CSS3K support (Jack Xu) [Orabug: 33440215] \n- crypto: qat - use ae_mask (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add misc control CSR to chip info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add wake up event to chip info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add clock enable CSR to chip info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add reset CSR and mask to chip info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add local memory size to chip info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add support for lm2 and lm3 (Jack Xu) [Orabug: 33440215] \n- crypto: qat - add next neighbor to chip_info (Jack Xu) [Orabug: 33440215] \n- crypto: qat - introduce chip info structure (Jack Xu) [Orabug: 33440215] \n- crypto: qat - refactor long expressions (Jack Xu) [Orabug: 33440215] \n- crypto: qat - refactor qat_uclo_set_ae_mode() (Jack Xu) [Orabug: 33440215] \n- crypto: qat - move defines to header files (Jack Xu) [Orabug: 33440215] \n- crypto: qat - remove global CSRs helpers (Jack Xu) [Orabug: 33440215] \n- crypto: qat - refactor AE start (Jack Xu) [Orabug: 33440215] \n- crypto: qat - rename qat_uclo_del_uof_obj() (Jack Xu) [Orabug: 33440215] \n- crypto: qat - remove unnecessary parenthesis (Jack Xu) [Orabug: 33440215] \n- crypto: qat - support for mof format in fw loader (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - allow for instances in different banks (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - refactor qat_crypto_dev_config() (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - refactor qat_crypto_create_instances() (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - remove unnecessary void* casts (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - call functions in adf_sriov if available (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - abstract writes to arbiter enable (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - use BIT_ULL() - 1 pattern for masks (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - replace constant masks with GENMASK (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - abstract build ring base (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - enable ring after pair is programmed (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - register crypto instances based on capability (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - add support for capability detection (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - abstract arbiter access (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - remove unused macros in arbiter module (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - remove writes into WQCFG (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - update constants table (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - use admin mask to send fw constants (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - change admin sequence (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - rename ME in AE (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - add packed to init admin structures (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - abstract admin interface (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - relocate GEN2 CSR access code (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - split transport CSR access logic (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - fix configuration of iov threads (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - num_rings_per_bank is device dependent (Ahsan Atta) [Orabug: 33440215] \n- crypto: qat - mask device capabilities with soft straps (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - update IV in software (Marco Chiappero) [Orabug: 33440215] \n- crypto: qat - drop input parameter from adf_enable_aer() (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - replace device ids defines (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - add delay before polling mailbox (Giovanni Cabiddu) [Orabug: 33440215] \n- PCI: Add Intel QuickAssist device IDs (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - fallback for xts with 192 bit keys (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - remove unused field in skcipher ctx (Thomas Tai) [Orabug: 33440215] \n- crypto: qat - validate xts key (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - allow xts requests not multiple of block (Giovanni Cabiddu) [Orabug: 33440215] \n- crypto: qat - update timeout logic in put admin msg (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - send admin messages to set of AEs (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - update fw init admin msg (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - replace user types with kernel ABI __u types (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - replace user types with kernel u types (Wojciech Ziemba) [Orabug: 33440215] \n- crypto: qat - convert to SPDX License Identifiers (Giovanni Cabiddu) [Orabug: 33440215] \n- iopoll: introduce read_poll_timeout macro (Dejin Zheng) [Orabug: 33440215] \n- crypto: qat - simplify the qat_crypto function (Tianjia Zhang) [Orabug: 33440215] \n- crypto: qat - switch to skcipher API (Ard Biesheuvel) [Orabug: 33440215] \n- io_uring: fix false WARN_ONCE (Pavel Begunkov) [Orabug: 33731046] \n- scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix link down processing to address NULL pointer dereference (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Add support for optional PLDV handling (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix mailbox command failure during driver initialization (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Improve PBDE checks during SGL processing (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix rediscovery of tape device after LIP (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Don't release final kref on Fport node while ABTS outstanding (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (Ewan D. Milne) [Orabug: 33731165] \n- scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Revise Topology and RAS support checks for new adapters (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Copyright updates for 12.8.0.11 patches (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Update lpfc version to 12.8.0.11 (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Skip issuing ADISC when node is in NPR state (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Clear outstanding active mailbox during PCI function reset (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix target reset handler from falsely returning FAILURE (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Discovery state machine fixes for LOGO handling (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Remove use of kmalloc() in trace event logging (James Smart) [Orabug: 33731165] \n- scsi: lpfc: Fix failure to transmit ABTS on FC link (James Smart) [Orabug: 33731165] \n- bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734681] \n- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734681] \n- USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) [Orabug: 33739525] {CVE-2021-39685}\n- USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) [Orabug: 33739525] {CVE-2021-39685}\n- USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) [Orabug: 33739525] {CVE-2021-39685}\n- scsi: vmw_pvscsi: Set residual data length conditionally (Alexey Makhalov) [Orabug: 33761343] \n- hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782833] \n- Revert 'rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info' (Rohit Nair) [Orabug: 33812555] \n- uek-rpm: Add missing dax modules to kernel-ueknano (Somasundaram Krishnasamy) [Orabug: 33821042] \n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825687] {CVE-2022-0492}", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-23T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26401", "CVE-2021-3653", "CVE-2021-3656", "CVE-2021-39685", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0847", "CVE-2022-23960", "CVE-2022-25636"], "modified": "2022-03-23T00:00:00", "id": "ELSA-2022-9245", "href": "http://linux.oracle.com/errata/ELSA-2022-9245.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-04-25T16:17:48", "description": "[4.14.35-2047.512.6.el7]\n- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] \n- uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774]\n[4.14.35-2047.512.5]\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016}\n- rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923372] \n- btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149}\n- sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966}\n[4.14.35-2047.512.4]\n- Linux 4.14.265 (Greg Kroah-Hartman) \n- ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani) \n- EDAC/xgene: Fix deferred probing (Sergey Shtylyov) \n- EDAC/altera: Fix deferred probing (Sergey Shtylyov) \n- rtc: cmos: Evaluate century appropriate (Riwen Lu) \n- selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum) \n- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo) \n- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini) \n- ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin) \n- drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter) \n- net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson) \n- net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal) \n- net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal) \n- spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin) \n- spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard) \n- spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu) \n- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel) \n- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang) \n- RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky) \n- block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen) \n- drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown) \n- audit: improve audit queue handling when 'audit=1' on cmdline (Paul Moore) \n- af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet) \n- rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet) \n- net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K) \n- net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju) \n- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov) \n- netfilter: nat: limit port clash resolution attempts (Florian Westphal) \n- netfilter: nat: remove l4 protocol port rovers (Florian Westphal) \n- bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann) \n- ipv4: raw: lock the socket in raw_bind() (Eric Dumazet) \n- yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua) \n- ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu) \n- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (Jose Exposito) \n- drm/msm: Fix wrong size calculation (Xianting Tian) \n- net-procfs: show net devices bound packet types (Jianguo Wu) \n- NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust) \n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) \n- hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck) \n- ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long) \n- net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi) \n- ipv6_tunnel: Rate limit warning messages (Ido Schimmel) \n- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini) \n- rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke) \n- rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar) \n- i40e: fix unsigned stat widths (Joe Damato) \n- i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski) \n- lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy) \n- powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy) \n- net: sfp: ignore disabled SFP node (Marek Behun) \n- usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan) \n- USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern) \n- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti) \n- usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter) \n- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern) \n- tty: Add support for Brainboxes UC cards. (Cameron Williams) \n- tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com) \n- serial: stm32: fix software flow control transfer (Valentin Caron) \n- netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso) \n- PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman) \n- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier) \n- s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik) \n- Bluetooth: refactor malicious adv data check (Brian Gix) \n- Linux 4.14.264 (Greg Kroah-Hartman) \n- can: bcm: fix UAF of bcm op (Ziyang Xuan) \n- Linux 4.14.263 (Greg Kroah-Hartman) \n- gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun) \n- gianfar: simplify FCS handling and fix memory leak (Andy Spencer) \n- drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) \n- mips,s390,sh,sparc: gup: Work around the 'COW can break either way' issue (Ben Hutchings) \n- lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin) \n- scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer) \n- bcmgenet: add WOL IRQ check (Sergey Shtylyov) \n- net_sched: restore 'mpu xxx' handling (Kevin Bracey) \n- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus) \n- dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus) \n- dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus) \n- dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus) \n- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault) \n- netns: add schedule point in ops_exit_list() (Eric Dumazet) \n- net: axienet: fix number of TX ring slots for available check (Robert Hancock) \n- net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock) \n- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet) \n- parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin) \n- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz) \n- powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz) \n- powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell) \n- RDMA/rxe: Fix a typo in opcode name (Chengguang Xu) \n- RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu) \n- Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn) \n- firmware: Update Kconfig help text for Google firmware (Ben Hutchings) \n- drm/radeon: fix error handling in radeon_driver_open_kms (Christian Konig) \n- crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut) \n- ext4: don't use the orphan list when migrating an inode (Theodore Ts'o) \n- ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin) \n- ext4: set csum seed in tmp inode while migrating to extents (Luis Henriques) \n- ext4: make sure quota gets properly shutdown on error (Jan Kara) \n- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer) \n- cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin) \n- serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner) \n- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek) \n- power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy) \n- ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih) \n- scsi: sr: Don't use GFP_DMA (Christoph Hellwig) \n- MIPS: Octeon: Fix build errors using clang (Tianjia Zhang) \n- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D) \n- MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin) \n- ALSA: seq: Set upper limit of processed events (Takashi Iwai) \n- w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy) \n- i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund) \n- powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman) \n- i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit) \n- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin) \n- powerpc/btext: add missing of_node_put (Julia Lawall) \n- powerpc/cell: add missing of_node_put (Julia Lawall) \n- powerpc/powernv: add missing of_node_put (Julia Lawall) \n- powerpc/6xx: add missing of_node_put (Julia Lawall) \n- parisc: Avoid calling faulthandler_disabled() twice (John David Anglin) \n- serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner) \n- serial: pl010: Drop CR register reset on set_termios (Lukas Wunner) \n- net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle)) \n- dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber) \n- dm btree: add a defensive bounds check to insert_at() (Joe Thornber) \n- mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih) \n- net: mdio: Demote probed message to debug print (Florian Fainelli) \n- btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik) \n- btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik) \n- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov) \n- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki) \n- ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki) \n- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf) \n- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo) \n- um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap) \n- iwlwifi: remove module loading failure message (Johannes Berg) \n- iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg) \n- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen) \n- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng) \n- arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding) \n- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson) \n- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) \n- media: igorplugusb: receiver overflow should be reported (Sean Young) \n- bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni) \n- net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar) \n- ath10k: Fix tx hanging (Sebastian Gottschall) \n- iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg) \n- media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab) \n- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) \n- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard) \n- floppy: Add max size check for user space request (Xiongwei Song) \n- usb: uhci: add aspeed ast2600 uhci support (Neal Liu) \n- mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) \n- HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye) \n- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede) \n- drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch) \n- mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson) \n- media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma) \n- HID: apple: Do not reset quirks when the Fn key is not found (Jose Exposito) \n- usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti) \n- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs) \n- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen) \n- fs: dlm: filter user dlm messages for kernel locks (Alexander Aring) \n- Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun) \n- RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib) \n- mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap) \n- mips: lantiq: add support for clk_set_parent() (Randy Dunlap) \n- misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun) \n- ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang) \n- iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang) \n- dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann) \n- RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon) \n- scsi: ufs: Fix race conditions related to driver data (Bart Van Assche) \n- char/mwave: Adjust io port register size (Kees Cook) \n- ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui) \n- powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu) \n- RDMA/hns: Validate the pkey index (Kamal Heib) \n- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ext4: avoid trim error on fs with small groups (Jan Kara) \n- net: mcs7830: handle usb read errors properly (Pavel Skripkin) \n- pcmcia: fix setting of kthread task states (Dominik Brodowski) \n- can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang) \n- can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde) \n- tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun) \n- spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin) \n- fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang) \n- ppp: ensure minimum packet size in ppp_write() (Eric Dumazet) \n- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang) \n- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang) \n- x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun) \n- usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun) \n- media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai) \n- media: dw2102: Fix use after free (Anton Vasilyev) \n- sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua) \n- media: si2157: Fix 'warm' tuner state detection (Robert Schlabbach) \n- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang) \n- media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang) \n- floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis) \n- serial: amba-pl011: do not request memory region twice (Lino Sanfilippo) \n- drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang) \n- drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang) \n- arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov) \n- netfilter: bridge: add support for pppoe filtering (Florian Westphal) \n- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld) \n- tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus) \n- tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus) \n- crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye) \n- media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai) \n- Bluetooth: stop proccessing malicious adv data (Pavel Skripkin) \n- media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu) \n- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue) \n- clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard) \n- clk: bcm-2835: Pick the closest clock rate (Maxime Ripard) \n- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai) \n- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li) \n- shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li) \n- can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold) \n- media: stk1160: fix control-message timeouts (Johan Hovold) \n- media: pvrusb2: fix control-message timeouts (Johan Hovold) \n- media: redrat3: fix control-message timeouts (Johan Hovold) \n- media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron) \n- media: s2255: fix control-message timeouts (Johan Hovold) \n- media: cpia2: fix control-message timeouts (Johan Hovold) \n- media: em28xx: fix control-message timeouts (Johan Hovold) \n- media: mceusb: fix control-message timeouts (Johan Hovold) \n- media: flexcop-usb: fix control-message timeouts (Johan Hovold) \n- rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jonczyk) \n- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski) \n- HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke) \n- HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke) \n- HID: uhid: Fix worker destroying device without any protection (Jann Horn) \n- Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) \n- Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi) \n- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger) \n- media: uvcvideo: fix division by zero at stream start (Johan Hovold) \n- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET) \n- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor) \n- staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor) \n- random: fix data race on crng init time (Eric Biggers) \n- random: fix data race on crng_node_pool (Eric Biggers) \n- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman) \n- can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde) \n- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko) \n- USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (Alan Stern) \n- USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern) \n- Bluetooth: bfusb: fix division by zero in send path (Johan Hovold) \n- Linux 4.14.262 (Greg Kroah-Hartman) \n- mISDN: change function names to avoid conflicts (wolfgang huang) \n- net: udp: fix alignment problem in udp4_seq_show() (yangxingwu) \n- ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao) \n- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng) \n- ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern) \n- ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern) \n- phonet: refcount leak in pep_sock_accep (Hangyu Hua) \n- rndis_host: support Hytera digital radios (Thomas Toye) \n- power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor) \n- sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet) \n- ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern) \n- ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern) \n- i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski) \n- i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu) \n- mac80211: initialize variable have_higher_than_11mbit (Tom Rix) \n- RDMA/core: Don't infoleak GRH fields (Leon Romanovsky) \n- ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin) \n- virtio_pci: Support surprise removal of virtio pci device (Parav Pandit) \n- tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao) \n- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao) \n- Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai)\n[4.14.35-2047.512.3]\n- lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317} {CVE-2021-20317}\n- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520] \n- uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655] \n- uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455] \n- sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297] \n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448}\n- Linux 4.14.261 (Greg Kroah-Hartman) \n- sctp: use call_rcu to free endpoint (Xin Long) \n- net: fix use-after-free in tw_timer_handler (Muchun Song) \n- Input: spaceball - fix parsing of movement data packets (Leo L. Schwab) \n- Input: appletouch - initialize work before device registration (Pavel Skripkin) \n- binder: fix async_free_space accounting for empty parcels (Todd Kjos) \n- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier) \n- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman) \n- uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin) \n- nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski) \n- fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin) \n- NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun) \n- net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott) \n- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter) \n- selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix) \n- recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens) \n- platform/x86: apple-gmux: use resource_size() with res (Wang Qing) \n- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede) \n- Linux 4.14.260 (Greg Kroah-Hartman) \n- phonet/pep: refuse to enable an unbound pipe (Remi Denis-Courmont) \n- hamradio: improve the incomplete fix to avoid NPD (Lin Ma) \n- hamradio: defer ax25 kfree after unregister_netdev (Lin Ma) \n- ax25: NPD bug when detaching AX25 device (Lin Ma) \n- hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck) \n- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson) \n- usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca) \n- f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu) \n- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel) \n- pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne) \n- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper) \n- Input: atmel_mxt_ts - fix double free in mxt_read_info_block (Jose Exposito) \n- ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King) \n- ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang) \n- hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck) \n- sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang) \n- drivers: net: smc911x: Check for error irq (Jiasheng Jiang) \n- fjes: Check for error irq (Jiasheng Jiang) \n- bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera) \n- net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn) \n- qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang) \n- spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu) \n- HID: holtek: fix mouse probing (Benjamin Tissoires) \n- can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson) \n- net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski) \n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Fix bug in retpoline mode on AMD with 'spectre_v2=none' (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502] \n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}\n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092] \n- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}\n- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}\n- scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182] \n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942}\n- drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330}\n- proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650] \n- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767] \n- rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33819408] \n- Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698] \n- dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698] \n- dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698] \n- dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698] \n- dm: add dust target (Bryan Gurney) [Orabug: 33653698] \n- hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002}\n- rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] \n- rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] \n- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] \n- rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821341] \n- uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558]\n[4.14.35-2047.512.1]\n- Revert 'stable: clamp SUBLEVEL in 4.14' (Alan Maguire) [Orabug: 33861950] \n- tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435} {CVE-2022-0435}\n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492}\n- blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945] \n- DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598]\n[4.14.35-2047.512.0]\n- bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734682] \n- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734682] \n- RDMA/rxe: Use correct sizing on buffers holding page DMA addresses (Shiraz Saleem) [Orabug: 33676942] \n- hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782835] \n- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33787546] \n- uek-rpm: Pensando: Enable Elba EDAC (Dave Kleikamp) [Orabug: 33831294] \n- dsc-drivers: update for 1.15.9-C-64 (Dave Kleikamp) [Orabug: 33831294] \n- drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 33831294] \n- drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 33831294] \n- arm64/configs: Remove CONFIG_PENSANDO_SOC_CAPMEM_HUGEPAGE (David Clear) [Orabug: 33831294] \n- drivers/soc/pensando: Add reset cause driver (David Clear) [Orabug: 33831294] \n- net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33811475] \n- x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33544127] \n- Linux 4.14.259 (Greg Kroah-Hartman) \n- xen/console: harden hvc_xen against event channel storms (Juergen Gross) \n- Input: touchscreen - avoid bitwise vs logical OR warning (Nathan Chancellor) \n- ARM: 8800/1: use choice for kernel unwinders (Stefan Agner) \n- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (Nathan Chancellor) \n- ARM: 8805/2: remove unneeded naked function usage (Nicolas Pitre) \n- net: lan78xx: Avoid unnecessary self assignment (Nathan Chancellor) \n- fuse: annotate lock in fuse_reverse_inval_entry() (Miklos Szeredi) \n- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (Fabio Estevam) \n- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Sudeep Holla) \n- net: systemport: Add global locking for descriptor lifecycle (Florian Fainelli) \n- libata: if T_LENGTH is zero, dma direction should be DMA_NONE (George Kennedy) \n- timekeeping: Really make sure wall_to_monotonic isn't positive (Yu Liao) \n- USB: serial: option: add Telit FN990 compositions (Daniele Palmas) \n- PCI/MSI: Mask MSI-X vectors only on success (Stefan Roese) \n- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (Thomas Gleixner) \n- USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) \n- sit: do not call ipip6_dev_free() from sit_init_net() (Eric Dumazet) \n- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) \n- ixgbe: set X550 MDIO speed before talking to PHY (Cyril Novikov) \n- igbvf: fix double free in 'igbvf_probe' (Letu Ren) \n- soc/tegra: fuse: Fix bitwise vs. logical OR warning (Nathan Chancellor) \n- dmaengine: st_fdma: fix MODULE_ALIAS (Alyssa Ross) \n- ARM: socfpga: dts: fix qspi node compatible (Dinh Nguyen) \n- x86/sme: Explicitly map new EFI memmap table as encrypted (Tom Lendacky) \n- nfsd: fix use-after-free due to delegation race (J. Bruce Fields) \n- audit: improve robustness of the audit queue handling (Paul Moore) \n- dm btree remove: fix use after free in rebalance_children() (Joe Thornber) \n- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (Jerome Marchand) \n- mac80211: send ADDBA requests using the tid/queue of the aggregation session (Felix Fietkau) \n- hwmon: (dell-smm) Fix warning on /proc/i8k creation error (Armin Wolf) \n- bpf: fix panic due to oob in bpf_prog_test_run_skb (Daniel Borkmann) \n- tracing: Fix a kmemleak false positive in tracing_map (Chen Jun) \n- net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Harshit Mogalapalli) \n- i2c: rk3x: Handle a spurious start completion interrupt flag (Ondrej Jirman) \n- parisc/agp: Annotate parisc agp init functions with __init (Helge Deller) \n- net/mlx4_en: Update reported link modes for 1/10G (Erik Ekman) \n- drm/msm/dsi: set default num_data_lanes (Philip Chen) \n- nfc: fix segfault in nfc_genl_dump_devices_done (Tadeusz Struk) \n- Linux 4.14.258 (Greg Kroah-Hartman) \n- irqchip: nvic: Fix offset for Interrupt Priority Offsets (Vladimir Murzin) \n- irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (Wudi Wang) \n- irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (Pali Rohar) \n- irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (Pali Rohar) \n- iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (Yang Yingliang) \n- iio: adc: axp20x_adc: fix charging current reporting on AXP22x (Evgeny Boger) \n- iio: dln2: Check return value of devm_iio_trigger_register() (Lars-Peter Clausen) \n- iio: dln2-adc: Fix lockdep complaint (Noralf Tronnes) \n- iio: itg3200: Call iio_trigger_notify_done() on error (Lars-Peter Clausen) \n- iio: kxsd9: Don't return error code in trigger handler (Lars-Peter Clausen) \n- iio: ltr501: Don't return error code in trigger handler (Lars-Peter Clausen) \n- iio: mma8452: Fix trigger reference couting (Lars-Peter Clausen) \n- iio: stk3310: Don't return error code in interrupt handler (Lars-Peter Clausen) \n- iio: trigger: stm32-timer: fix MODULE_ALIAS (Alyssa Ross) \n- iio: trigger: Fix reference counting (Lars-Peter Clausen) \n- usb: core: config: using bit mask instead of individual bits (Pavel Hofman) \n- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (Kai-Heng Feng) \n- usb: core: config: fix validation of wMaxPacketValue entries (Pavel Hofman) \n- USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) \n- USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) \n- net/qla3xxx: fix an error code in ql_adapter_up() (Dan Carpenter) \n- net, neigh: clear whole pneigh_entry at alloc time (Eric Dumazet) \n- net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (Joakim Zhang) \n- net: altera: set a couple error code in probe() (Dan Carpenter) \n- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (Lee Jones) \n- qede: validate non LSO skb length (Manish Chopra) \n- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (Davidlohr Bueso) \n- tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware)) \n- signalfd: use wake_up_pollfree() (Eric Biggers) \n- binder: use wake_up_pollfree() (Eric Biggers) \n- wait: add wake_up_pollfree() (Eric Biggers) \n- libata: add horkage for ASMedia 1092 (Hannes Reinecke) \n- can: m_can: Disable and ignore ELO interrupt (Brian Silverman) \n- can: pch_can: pch_can_rx_normal: fix use after free (Vincent Mailhol) \n- tracefs: Have new files inherit the ownership of their parent (Steven Rostedt (VMware)) \n- ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (Takashi Iwai) \n- ALSA: pcm: oss: Limit the period size to 16MB (Takashi Iwai) \n- ALSA: pcm: oss: Fix negative period/buffer sizes (Takashi Iwai) \n- ALSA: ctl: Fix copy of updated id with element read/write (Alan Young) \n- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (Manjong Lee) \n- IB/hfi1: Correct guard on eager buffer deallocation (Mike Marciniszyn) \n- seg6: fix the iif in the IPv6 socket control block (Andrea Mayer) \n- nfp: Fix memory leak in nfp_cpp_area_cache_add() (Jianglei Nie) \n- bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) \n- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (Krzysztof Kozlowski) \n- can: sja1000: fix use after free in ems_pcmcia_add_card() (Dan Carpenter) \n- HID: check for valid USB device for many HID drivers (Greg Kroah-Hartman) \n- HID: wacom: fix problems when device is not a valid USB device (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy on some USB HID drivers (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy to hid-chicony (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy to hid-prodikeys (Greg Kroah-Hartman) \n- HID: add hid_is_usb() function to make it simpler for USB detection (Greg Kroah-Hartman) \n- Linux 4.14.257 (Greg Kroah-Hartman) {CVE-2021-38199}\n- parisc: Mark cr16 CPU clocksource unstable on all SMP machines (Helge Deller) \n- serial: core: fix transmit-buffer reset and memleak (Johan Hovold) \n- serial: pl011: Add ACPI SBSA UART match id (Pierre Gondois) \n- tty: serial: msm_serial: Deactivate RX DMA for polling support (Sven Eckelmann) \n- x86/64/mm: Map all kernel memory into trampoline_pgd (Joerg Roedel) \n- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (Badhri Jagan Sridharan) \n- xhci: Fix commad ring abort, write all 64 bits to CRCR register. (Mathias Nyman) \n- vgacon: Propagate console boot parameters before calling 'vc_resize' (Maciej W. Rozycki) \n- parisc: Fix 'make install' on newer debian releases (Helge Deller) \n- parisc: Fix KBUILD_IMAGE for self-extracting kernel (Helge Deller) \n- net/smc: Keep smc_close_final rc during active close (Tony Lu) \n- net/rds: correct socket tunable error in rds_tcp_tune() (William Kucharski) \n- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (Sven Schuchmann) \n- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (Zhou Qingyang) \n- siphash: use _unaligned version by default (Arnd Bergmann) \n- net: mpls: Fix notifications when deleting a device (Benjamin Poirier) \n- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (Zhou Qingyang) \n- natsemi: xtensa: fix section mismatch warnings (Randy Dunlap) \n- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (Baokun Li) \n- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (Baokun Li) \n- kprobes: Limit max data_size of the kretprobe instances (Masami Hiramatsu) \n- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (Stephen Suryaputra) \n- perf hist: Fix memory leak of a perf_hpp_fmt (Ian Rogers) \n- net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() (Teng Qi) \n- net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound (zhangyue) \n- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Teng Qi) \n- scsi: iscsi: Unblock session then wake up error handler (Mike Christie) \n- thermal: core: Reset previous low and high trip during thermal zone init (Manaf Meethalavalappu Pallikunhi) \n- btrfs: check-integrity: fix a warning on write caching disabled disk (Wang Yugui) \n- s390/setup: avoid using memblock_enforce_memory_limit (Vasily Gorbik) \n- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (Slark Xiao) \n- net: return correct error code (liuguoqiang) \n- NFSv42: Fix pagecache invalidation after COPY/CLONE (Benjamin Coddington) \n- ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) \n- shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) \n- tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) \n- xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) \n- fuse: release pipe buf after last use (Miklos Szeredi) \n- NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) \n- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) \n- arm64: dts: marvell: armada-37xx: declare PCIe reset pin (Miquel Raynal) \n- pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) \n- pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup (Gregory CLEMENT) \n- pinctrl: armada-37xx: Correct mpp definitions (Marek Behun) \n- PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) \n- PCI: aardvark: Fix link training (Pali Rohar) \n- PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) \n- PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) \n- PCI: aardvark: Remove PCIe outbound window configuration (Evan Wang) \n- PCI: aardvark: Update comment about disabling link training (Pali Rohar) \n- PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) \n- PCI: aardvark: Fix compilation on s390 (Pali Rohar) \n- PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) \n- PCI: aardvark: Introduce an advk_pcie_valid_device() helper (Thomas Petazzoni) \n- PCI: aardvark: Indicate error in 'val' when config read fails (Pali Rohar) \n- PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) \n- PCI: aardvark: Issue PERST via GPIO (Pali Rohar) \n- PCI: aardvark: Improve link training (Marek Behun) \n- PCI: aardvark: Train link immediately after enabling training (Pali Rohar) \n- PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) \n- PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (Wen Yang) \n- PCI: aardvark: Fix I/O space page leak (Sergei Shtylyov) \n- s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) \n- tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) \n- vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) \n- net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) \n- MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) \n- tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) \n- net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) \n- ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) \n- drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) \n- scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) \n- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) \n- NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) \n- net: ieee802154: handle iftypes as u32 (Alexander Aring) \n- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) \n- ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) \n- netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) \n- tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) \n- xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) \n- xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) \n- fuse: fix page stealing (Miklos Szeredi) \n- staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) \n- HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) \n- media: cec: copy sequence field for the reply (Hans Verkuil) \n- ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) \n- usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) \n- usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) \n- USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) \n- USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-25T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-20317", "CVE-2021-26401", "CVE-2021-38199", "CVE-2021-4002", "CVE-2021-4149", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-1016", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-26966"], "modified": "2022-04-25T00:00:00", "id": "ELSA-2022-9314", "href": "http://linux.oracle.com/errata/ELSA-2022-9314.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-04-25T16:17:38", "description": "[4.14.35-2047.512.6]\n- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] \n- uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774]\n[4.14.35-2047.512.5]\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016}\n- rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923372] \n- btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149}\n- sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966}\n[4.14.35-2047.512.4]\n- Linux 4.14.265 (Greg Kroah-Hartman) \n- ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani) \n- EDAC/xgene: Fix deferred probing (Sergey Shtylyov) \n- EDAC/altera: Fix deferred probing (Sergey Shtylyov) \n- rtc: cmos: Evaluate century appropriate (Riwen Lu) \n- selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum) \n- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo) \n- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini) \n- ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin) \n- drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter) \n- net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson) \n- net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal) \n- net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal) \n- spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin) \n- spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard) \n- spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu) \n- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel) \n- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang) \n- RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky) \n- block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen) \n- drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown) \n- audit: improve audit queue handling when 'audit=1' on cmdline (Paul Moore) \n- af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet) \n- rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet) \n- net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K) \n- net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju) \n- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov) \n- netfilter: nat: limit port clash resolution attempts (Florian Westphal) \n- netfilter: nat: remove l4 protocol port rovers (Florian Westphal) \n- bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann) \n- ipv4: raw: lock the socket in raw_bind() (Eric Dumazet) \n- yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua) \n- ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu) \n- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (Jose Exposito) \n- drm/msm: Fix wrong size calculation (Xianting Tian) \n- net-procfs: show net devices bound packet types (Jianguo Wu) \n- NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust) \n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) \n- hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck) \n- ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long) \n- net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi) \n- ipv6_tunnel: Rate limit warning messages (Ido Schimmel) \n- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini) \n- rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke) \n- rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar) \n- i40e: fix unsigned stat widths (Joe Damato) \n- i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski) \n- lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy) \n- powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy) \n- net: sfp: ignore disabled SFP node (Marek Behun) \n- usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan) \n- USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern) \n- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti) \n- usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter) \n- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern) \n- tty: Add support for Brainboxes UC cards. (Cameron Williams) \n- tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com) \n- serial: stm32: fix software flow control transfer (Valentin Caron) \n- netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso) \n- PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman) \n- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier) \n- s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik) \n- Bluetooth: refactor malicious adv data check (Brian Gix) \n- Linux 4.14.264 (Greg Kroah-Hartman) \n- can: bcm: fix UAF of bcm op (Ziyang Xuan) \n- Linux 4.14.263 (Greg Kroah-Hartman) \n- gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun) \n- gianfar: simplify FCS handling and fix memory leak (Andy Spencer) \n- drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) \n- mips,s390,sh,sparc: gup: Work around the 'COW can break either way' issue (Ben Hutchings) \n- lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin) \n- scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer) \n- bcmgenet: add WOL IRQ check (Sergey Shtylyov) \n- net_sched: restore 'mpu xxx' handling (Kevin Bracey) \n- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus) \n- dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus) \n- dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus) \n- dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus) \n- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault) \n- netns: add schedule point in ops_exit_list() (Eric Dumazet) \n- net: axienet: fix number of TX ring slots for available check (Robert Hancock) \n- net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock) \n- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet) \n- parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin) \n- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz) \n- powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz) \n- powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell) \n- RDMA/rxe: Fix a typo in opcode name (Chengguang Xu) \n- RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu) \n- Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn) \n- firmware: Update Kconfig help text for Google firmware (Ben Hutchings) \n- drm/radeon: fix error handling in radeon_driver_open_kms (Christian Konig) \n- crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut) \n- ext4: don't use the orphan list when migrating an inode (Theodore Ts'o) \n- ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin) \n- ext4: set csum seed in tmp inode while migrating to extents (Luis Henriques) \n- ext4: make sure quota gets properly shutdown on error (Jan Kara) \n- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer) \n- cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin) \n- serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner) \n- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek) \n- power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy) \n- ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih) \n- scsi: sr: Don't use GFP_DMA (Christoph Hellwig) \n- MIPS: Octeon: Fix build errors using clang (Tianjia Zhang) \n- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D) \n- MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin) \n- ALSA: seq: Set upper limit of processed events (Takashi Iwai) \n- w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy) \n- i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund) \n- powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman) \n- i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit) \n- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin) \n- powerpc/btext: add missing of_node_put (Julia Lawall) \n- powerpc/cell: add missing of_node_put (Julia Lawall) \n- powerpc/powernv: add missing of_node_put (Julia Lawall) \n- powerpc/6xx: add missing of_node_put (Julia Lawall) \n- parisc: Avoid calling faulthandler_disabled() twice (John David Anglin) \n- serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner) \n- serial: pl010: Drop CR register reset on set_termios (Lukas Wunner) \n- net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle)) \n- dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber) \n- dm btree: add a defensive bounds check to insert_at() (Joe Thornber) \n- mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih) \n- net: mdio: Demote probed message to debug print (Florian Fainelli) \n- btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik) \n- btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik) \n- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov) \n- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki) \n- ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki) \n- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf) \n- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo) \n- um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap) \n- iwlwifi: remove module loading failure message (Johannes Berg) \n- iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg) \n- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen) \n- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng) \n- arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding) \n- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson) \n- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) \n- media: igorplugusb: receiver overflow should be reported (Sean Young) \n- bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni) \n- net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar) \n- ath10k: Fix tx hanging (Sebastian Gottschall) \n- iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg) \n- media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab) \n- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) \n- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard) \n- floppy: Add max size check for user space request (Xiongwei Song) \n- usb: uhci: add aspeed ast2600 uhci support (Neal Liu) \n- mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) \n- HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye) \n- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede) \n- drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch) \n- mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson) \n- media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma) \n- HID: apple: Do not reset quirks when the Fn key is not found (Jose Exposito) \n- usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti) \n- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs) \n- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen) \n- fs: dlm: filter user dlm messages for kernel locks (Alexander Aring) \n- Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun) \n- RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib) \n- mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap) \n- mips: lantiq: add support for clk_set_parent() (Randy Dunlap) \n- misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun) \n- ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang) \n- iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang) \n- dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann) \n- RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon) \n- scsi: ufs: Fix race conditions related to driver data (Bart Van Assche) \n- char/mwave: Adjust io port register size (Kees Cook) \n- ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui) \n- powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu) \n- RDMA/hns: Validate the pkey index (Kamal Heib) \n- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ext4: avoid trim error on fs with small groups (Jan Kara) \n- net: mcs7830: handle usb read errors properly (Pavel Skripkin) \n- pcmcia: fix setting of kthread task states (Dominik Brodowski) \n- can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang) \n- can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde) \n- tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun) \n- spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin) \n- fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang) \n- ppp: ensure minimum packet size in ppp_write() (Eric Dumazet) \n- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang) \n- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang) \n- x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun) \n- usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun) \n- media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai) \n- media: dw2102: Fix use after free (Anton Vasilyev) \n- sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua) \n- media: si2157: Fix 'warm' tuner state detection (Robert Schlabbach) \n- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang) \n- media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang) \n- floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis) \n- serial: amba-pl011: do not request memory region twice (Lino Sanfilippo) \n- drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang) \n- drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang) \n- arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov) \n- netfilter: bridge: add support for pppoe filtering (Florian Westphal) \n- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld) \n- tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus) \n- tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus) \n- crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye) \n- media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai) \n- Bluetooth: stop proccessing malicious adv data (Pavel Skripkin) \n- media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu) \n- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue) \n- clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard) \n- clk: bcm-2835: Pick the closest clock rate (Maxime Ripard) \n- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai) \n- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li) \n- shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li) \n- can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold) \n- media: stk1160: fix control-message timeouts (Johan Hovold) \n- media: pvrusb2: fix control-message timeouts (Johan Hovold) \n- media: redrat3: fix control-message timeouts (Johan Hovold) \n- media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron) \n- media: s2255: fix control-message timeouts (Johan Hovold) \n- media: cpia2: fix control-message timeouts (Johan Hovold) \n- media: em28xx: fix control-message timeouts (Johan Hovold) \n- media: mceusb: fix control-message timeouts (Johan Hovold) \n- media: flexcop-usb: fix control-message timeouts (Johan Hovold) \n- rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jonczyk) \n- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski) \n- HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke) \n- HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke) \n- HID: uhid: Fix worker destroying device without any protection (Jann Horn) \n- Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) \n- Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi) \n- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger) \n- media: uvcvideo: fix division by zero at stream start (Johan Hovold) \n- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET) \n- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor) \n- staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor) \n- random: fix data race on crng init time (Eric Biggers) \n- random: fix data race on crng_node_pool (Eric Biggers) \n- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman) \n- can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde) \n- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko) \n- USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (Alan Stern) \n- USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern) \n- Bluetooth: bfusb: fix division by zero in send path (Johan Hovold) \n- Linux 4.14.262 (Greg Kroah-Hartman) \n- mISDN: change function names to avoid conflicts (wolfgang huang) \n- net: udp: fix alignment problem in udp4_seq_show() (yangxingwu) \n- ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao) \n- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng) \n- ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern) \n- ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern) \n- phonet: refcount leak in pep_sock_accep (Hangyu Hua) \n- rndis_host: support Hytera digital radios (Thomas Toye) \n- power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor) \n- sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet) \n- ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern) \n- ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern) \n- i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski) \n- i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu) \n- mac80211: initialize variable have_higher_than_11mbit (Tom Rix) \n- RDMA/core: Don't infoleak GRH fields (Leon Romanovsky) \n- ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin) \n- virtio_pci: Support surprise removal of virtio pci device (Parav Pandit) \n- tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao) \n- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao) \n- Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai)\n[4.14.35-2047.512.3]\n- lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317} {CVE-2021-20317}\n- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520] \n- uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655] \n- uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455] \n- sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297] \n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448}\n- Linux 4.14.261 (Greg Kroah-Hartman) \n- sctp: use call_rcu to free endpoint (Xin Long) \n- net: fix use-after-free in tw_timer_handler (Muchun Song) \n- Input: spaceball - fix parsing of movement data packets (Leo L. Schwab) \n- Input: appletouch - initialize work before device registration (Pavel Skripkin) \n- binder: fix async_free_space accounting for empty parcels (Todd Kjos) \n- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier) \n- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman) \n- uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin) \n- nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski) \n- fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin) \n- NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun) \n- net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott) \n- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter) \n- selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix) \n- recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens) \n- platform/x86: apple-gmux: use resource_size() with res (Wang Qing) \n- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede) \n- Linux 4.14.260 (Greg Kroah-Hartman) \n- phonet/pep: refuse to enable an unbound pipe (Remi Denis-Courmont) \n- hamradio: improve the incomplete fix to avoid NPD (Lin Ma) \n- hamradio: defer ax25 kfree after unregister_netdev (Lin Ma) \n- ax25: NPD bug when detaching AX25 device (Lin Ma) \n- hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck) \n- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson) \n- usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca) \n- f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu) \n- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel) \n- pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne) \n- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper) \n- Input: atmel_mxt_ts - fix double free in mxt_read_info_block (Jose Exposito) \n- ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King) \n- ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang) \n- hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck) \n- sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang) \n- drivers: net: smc911x: Check for error irq (Jiasheng Jiang) \n- fjes: Check for error irq (Jiasheng Jiang) \n- bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera) \n- net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn) \n- qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang) \n- spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu) \n- HID: holtek: fix mouse probing (Benjamin Tissoires) \n- can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson) \n- net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski) \n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Fix bug in retpoline mode on AMD with 'spectre_v2=none' (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502] \n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}\n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092] \n- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}\n- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}\n- scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182] \n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942}\n- drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330}\n- proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650] \n- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767] \n- rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33819408] \n- Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698] \n- dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698] \n- dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698] \n- dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698] \n- dm: add dust target (Bryan Gurney) [Orabug: 33653698] \n- hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002}\n- rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] \n- rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] \n- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] \n- rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821341] \n- uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558]\n[4.14.35-2047.512.1]\n- Revert 'stable: clamp SUBLEVEL in 4.14' (Alan Maguire) [Orabug: 33861950] \n- tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435} {CVE-2022-0435}\n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492}\n- blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945] \n- DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598]\n[4.14.35-2047.512.0]\n- bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734682] \n- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734682] \n- RDMA/rxe: Use correct sizing on buffers holding page DMA addresses (Shiraz Saleem) [Orabug: 33676942] \n- hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782835] \n- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33787546] \n- uek-rpm: Pensando: Enable Elba EDAC (Dave Kleikamp) [Orabug: 33831294] \n- dsc-drivers: update for 1.15.9-C-64 (Dave Kleikamp) [Orabug: 33831294] \n- drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 33831294] \n- drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 33831294] \n- arm64/configs: Remove CONFIG_PENSANDO_SOC_CAPMEM_HUGEPAGE (David Clear) [Orabug: 33831294] \n- drivers/soc/pensando: Add reset cause driver (David Clear) [Orabug: 33831294] \n- net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33811475] \n- x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33544127] \n- Linux 4.14.259 (Greg Kroah-Hartman) \n- xen/console: harden hvc_xen against event channel storms (Juergen Gross) \n- Input: touchscreen - avoid bitwise vs logical OR warning (Nathan Chancellor) \n- ARM: 8800/1: use choice for kernel unwinders (Stefan Agner) \n- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (Nathan Chancellor) \n- ARM: 8805/2: remove unneeded naked function usage (Nicolas Pitre) \n- net: lan78xx: Avoid unnecessary self assignment (Nathan Chancellor) \n- fuse: annotate lock in fuse_reverse_inval_entry() (Miklos Szeredi) \n- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (Fabio Estevam) \n- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Sudeep Holla) \n- net: systemport: Add global locking for descriptor lifecycle (Florian Fainelli) \n- libata: if T_LENGTH is zero, dma direction should be DMA_NONE (George Kennedy) \n- timekeeping: Really make sure wall_to_monotonic isn't positive (Yu Liao) \n- USB: serial: option: add Telit FN990 compositions (Daniele Palmas) \n- PCI/MSI: Mask MSI-X vectors only on success (Stefan Roese) \n- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (Thomas Gleixner) \n- USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) \n- sit: do not call ipip6_dev_free() from sit_init_net() (Eric Dumazet) \n- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) \n- ixgbe: set X550 MDIO speed before talking to PHY (Cyril Novikov) \n- igbvf: fix double free in 'igbvf_probe' (Letu Ren) \n- soc/tegra: fuse: Fix bitwise vs. logical OR warning (Nathan Chancellor) \n- dmaengine: st_fdma: fix MODULE_ALIAS (Alyssa Ross) \n- ARM: socfpga: dts: fix qspi node compatible (Dinh Nguyen) \n- x86/sme: Explicitly map new EFI memmap table as encrypted (Tom Lendacky) \n- nfsd: fix use-after-free due to delegation race (J. Bruce Fields) \n- audit: improve robustness of the audit queue handling (Paul Moore) \n- dm btree remove: fix use after free in rebalance_children() (Joe Thornber) \n- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (Jerome Marchand) \n- mac80211: send ADDBA requests using the tid/queue of the aggregation session (Felix Fietkau) \n- hwmon: (dell-smm) Fix warning on /proc/i8k creation error (Armin Wolf) \n- bpf: fix panic due to oob in bpf_prog_test_run_skb (Daniel Borkmann) \n- tracing: Fix a kmemleak false positive in tracing_map (Chen Jun) \n- net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Harshit Mogalapalli) \n- i2c: rk3x: Handle a spurious start completion interrupt flag (Ondrej Jirman) \n- parisc/agp: Annotate parisc agp init functions with __init (Helge Deller) \n- net/mlx4_en: Update reported link modes for 1/10G (Erik Ekman) \n- drm/msm/dsi: set default num_data_lanes (Philip Chen) \n- nfc: fix segfault in nfc_genl_dump_devices_done (Tadeusz Struk) \n- Linux 4.14.258 (Greg Kroah-Hartman) \n- irqchip: nvic: Fix offset for Interrupt Priority Offsets (Vladimir Murzin) \n- irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (Wudi Wang) \n- irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (Pali Rohar) \n- irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (Pali Rohar) \n- iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (Yang Yingliang) \n- iio: adc: axp20x_adc: fix charging current reporting on AXP22x (Evgeny Boger) \n- iio: dln2: Check return value of devm_iio_trigger_register() (Lars-Peter Clausen) \n- iio: dln2-adc: Fix lockdep complaint (Noralf Tronnes) \n- iio: itg3200: Call iio_trigger_notify_done() on error (Lars-Peter Clausen) \n- iio: kxsd9: Don't return error code in trigger handler (Lars-Peter Clausen) \n- iio: ltr501: Don't return error code in trigger handler (Lars-Peter Clausen) \n- iio: mma8452: Fix trigger reference couting (Lars-Peter Clausen) \n- iio: stk3310: Don't return error code in interrupt handler (Lars-Peter Clausen) \n- iio: trigger: stm32-timer: fix MODULE_ALIAS (Alyssa Ross) \n- iio: trigger: Fix reference counting (Lars-Peter Clausen) \n- usb: core: config: using bit mask instead of individual bits (Pavel Hofman) \n- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (Kai-Heng Feng) \n- usb: core: config: fix validation of wMaxPacketValue entries (Pavel Hofman) \n- USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) \n- USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) \n- net/qla3xxx: fix an error code in ql_adapter_up() (Dan Carpenter) \n- net, neigh: clear whole pneigh_entry at alloc time (Eric Dumazet) \n- net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (Joakim Zhang) \n- net: altera: set a couple error code in probe() (Dan Carpenter) \n- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (Lee Jones) \n- qede: validate non LSO skb length (Manish Chopra) \n- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (Davidlohr Bueso) \n- tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware)) \n- signalfd: use wake_up_pollfree() (Eric Biggers) \n- binder: use wake_up_pollfree() (Eric Biggers) \n- wait: add wake_up_pollfree() (Eric Biggers) \n- libata: add horkage for ASMedia 1092 (Hannes Reinecke) \n- can: m_can: Disable and ignore ELO interrupt (Brian Silverman) \n- can: pch_can: pch_can_rx_normal: fix use after free (Vincent Mailhol) \n- tracefs: Have new files inherit the ownership of their parent (Steven Rostedt (VMware)) \n- ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (Takashi Iwai) \n- ALSA: pcm: oss: Limit the period size to 16MB (Takashi Iwai) \n- ALSA: pcm: oss: Fix negative period/buffer sizes (Takashi Iwai) \n- ALSA: ctl: Fix copy of updated id with element read/write (Alan Young) \n- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (Manjong Lee) \n- IB/hfi1: Correct guard on eager buffer deallocation (Mike Marciniszyn) \n- seg6: fix the iif in the IPv6 socket control block (Andrea Mayer) \n- nfp: Fix memory leak in nfp_cpp_area_cache_add() (Jianglei Nie) \n- bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) \n- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (Krzysztof Kozlowski) \n- can: sja1000: fix use after free in ems_pcmcia_add_card() (Dan Carpenter) \n- HID: check for valid USB device for many HID drivers (Greg Kroah-Hartman) \n- HID: wacom: fix problems when device is not a valid USB device (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy on some USB HID drivers (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy to hid-chicony (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy to hid-prodikeys (Greg Kroah-Hartman) \n- HID: add hid_is_usb() function to make it simpler for USB detection (Greg Kroah-Hartman) \n- Linux 4.14.257 (Greg Kroah-Hartman) {CVE-2021-38199}\n- parisc: Mark cr16 CPU clocksource unstable on all SMP machines (Helge Deller) \n- serial: core: fix transmit-buffer reset and memleak (Johan Hovold) \n- serial: pl011: Add ACPI SBSA UART match id (Pierre Gondois) \n- tty: serial: msm_serial: Deactivate RX DMA for polling support (Sven Eckelmann) \n- x86/64/mm: Map all kernel memory into trampoline_pgd (Joerg Roedel) \n- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (Badhri Jagan Sridharan) \n- xhci: Fix commad ring abort, write all 64 bits to CRCR register. (Mathias Nyman) \n- vgacon: Propagate console boot parameters before calling 'vc_resize' (Maciej W. Rozycki) \n- parisc: Fix 'make install' on newer debian releases (Helge Deller) \n- parisc: Fix KBUILD_IMAGE for self-extracting kernel (Helge Deller) \n- net/smc: Keep smc_close_final rc during active close (Tony Lu) \n- net/rds: correct socket tunable error in rds_tcp_tune() (William Kucharski) \n- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (Sven Schuchmann) \n- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (Zhou Qingyang) \n- siphash: use _unaligned version by default (Arnd Bergmann) \n- net: mpls: Fix notifications when deleting a device (Benjamin Poirier) \n- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (Zhou Qingyang) \n- natsemi: xtensa: fix section mismatch warnings (Randy Dunlap) \n- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (Baokun Li) \n- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (Baokun Li) \n- kprobes: Limit max data_size of the kretprobe instances (Masami Hiramatsu) \n- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (Stephen Suryaputra) \n- perf hist: Fix memory leak of a perf_hpp_fmt (Ian Rogers) \n- net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() (Teng Qi) \n- net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound (zhangyue) \n- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Teng Qi) \n- scsi: iscsi: Unblock session then wake up error handler (Mike Christie) \n- thermal: core: Reset previous low and high trip during thermal zone init (Manaf Meethalavalappu Pallikunhi) \n- btrfs: check-integrity: fix a warning on write caching disabled disk (Wang Yugui) \n- s390/setup: avoid using memblock_enforce_memory_limit (Vasily Gorbik) \n- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (Slark Xiao) \n- net: return correct error code (liuguoqiang) \n- NFSv42: Fix pagecache invalidation after COPY/CLONE (Benjamin Coddington) \n- ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) \n- shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) \n- tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) \n- xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) \n- fuse: release pipe buf after last use (Miklos Szeredi) \n- NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) \n- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) \n- arm64: dts: marvell: armada-37xx: declare PCIe reset pin (Miquel Raynal) \n- pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) \n- pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup (Gregory CLEMENT) \n- pinctrl: armada-37xx: Correct mpp definitions (Marek Behun) \n- PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) \n- PCI: aardvark: Fix link training (Pali Rohar) \n- PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) \n- PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) \n- PCI: aardvark: Remove PCIe outbound window configuration (Evan Wang) \n- PCI: aardvark: Update comment about disabling link training (Pali Rohar) \n- PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) \n- PCI: aardvark: Fix compilation on s390 (Pali Rohar) \n- PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) \n- PCI: aardvark: Introduce an advk_pcie_valid_device() helper (Thomas Petazzoni) \n- PCI: aardvark: Indicate error in 'val' when config read fails (Pali Rohar) \n- PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) \n- PCI: aardvark: Issue PERST via GPIO (Pali Rohar) \n- PCI: aardvark: Improve link training (Marek Behun) \n- PCI: aardvark: Train link immediately after enabling training (Pali Rohar) \n- PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) \n- PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (Wen Yang) \n- PCI: aardvark: Fix I/O space page leak (Sergei Shtylyov) \n- s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) \n- tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) \n- vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) \n- net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) \n- MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) \n- tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) \n- net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) \n- ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) \n- drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) \n- scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) \n- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) \n- NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) \n- net: ieee802154: handle iftypes as u32 (Alexander Aring) \n- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) \n- ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) \n- netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) \n- tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) \n- xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) \n- xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) \n- fuse: fix page stealing (Miklos Szeredi) \n- staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) \n- HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) \n- media: cec: copy sequence field for the reply (Hans Verkuil) \n- ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) \n- usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) \n- usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) \n- USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) \n- USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-25T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-20317", "CVE-2021-26401", "CVE-2021-38199", "CVE-2021-4002", "CVE-2021-4149", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-1016", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-26966"], "modified": "2022-04-25T00:00:00", "id": "ELSA-2022-9313", "href": "http://linux.oracle.com/errata/ELSA-2022-9313.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T19:14:35", "description": "[4.14.35-2047.513.2.el7]\n- Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy\n Palaniappan) [Orabug: 34124234]\n[4.14.35-2047.513.1.el7]\n- mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050]\n- esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) [Orabug: 33997301] {CVE-2022-27666}\n[4.14.35-2047.513.0.el7]\n- rds: ib: Initialize SG table properly (Hakon Bugge) [Orabug: 34031914]\n- rds: ib: Fix racy credit tracepoints (Hakon Bugge) [Orabug: 33980856]\n- net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33945366]\n- ice: Add E810-XXV pci device ids to UEK5 (John Donnelly) [Orabug: 33750110]\n[4.14.35-2047.512.6.el7]\n- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair)\n [Orabug: 34039271]\n[4.14.35-2047.512.5.el7]\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016}\n- rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923372]\n- btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149}\n- sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966}\n[4.14.35-2047.512.4.el7]\n- Linux 4.14.265 (Greg Kroah-Hartman) \n- ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani) \n- EDAC/xgene: Fix deferred probing (Sergey Shtylyov) \n- EDAC/altera: Fix deferred probing (Sergey Shtylyov) \n- rtc: cmos: Evaluate century appropriate (Riwen Lu) \n- selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum) \n- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo) \n- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini) \n- ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin) \n- drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter) \n- net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson) \n- net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal) \n- net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal) \n- spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin) \n- spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard) \n- spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu) \n- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel) \n- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang) \n- RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky) \n- block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen) \n- drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown) \n- audit: improve audit queue handling when 'audit=1' on cmdline (Paul Moore) \n- af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet) \n- rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet) \n- net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K) \n- net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju) \n- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov) \n- netfilter: nat: limit port clash resolution attempts (Florian Westphal) \n- netfilter: nat: remove l4 protocol port rovers (Florian Westphal) \n- bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann) \n- ipv4: raw: lock the socket in raw_bind() (Eric Dumazet) \n- yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua) \n- ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu) \n- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (Jose Exposito) \n- drm/msm: Fix wrong size calculation (Xianting Tian) \n- net-procfs: show net devices bound packet types (Jianguo Wu) \n- NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust) \n- hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck) \n- ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long) \n- net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi) \n- ipv6_tunnel: Rate limit warning messages (Ido Schimmel) \n- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini) \n- rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke) \n- rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar) \n- i40e: fix unsigned stat widths (Joe Damato) \n- i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski) \n- lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy) \n- powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy) \n- net: sfp: ignore disabled SFP node (Marek Behun) \n- usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan) \n- USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern) \n- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti) \n- usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter) \n- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern) \n- tty: Add support for Brainboxes UC cards. (Cameron Williams) \n- tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com) \n- serial: stm32: fix software flow control transfer (Valentin Caron) \n- netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso) \n- PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman) \n- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier) \n- s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik) \n- Bluetooth: refactor malicious adv data check (Brian Gix) \n- Linux 4.14.264 (Greg Kroah-Hartman) \n- can: bcm: fix UAF of bcm op (Ziyang Xuan) \n- Linux 4.14.263 (Greg Kroah-Hartman) \n- gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun) \n- gianfar: simplify FCS handling and fix memory leak (Andy Spencer) \n- drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) \n- mips,s390,sh,sparc: gup: Work around the 'COW can break either way' issue (Ben Hutchings) \n- lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin) \n- scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer) \n- bcmgenet: add WOL IRQ check (Sergey Shtylyov) \n- net_sched: restore 'mpu xxx' handling (Kevin Bracey) \n- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus) \n- dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus) \n- dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus) \n- dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus) \n- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault) \n- netns: add schedule point in ops_exit_list() (Eric Dumazet) \n- net: axienet: fix number of TX ring slots for available check (Robert Hancock) \n- net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock) \n- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet) \n- parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin) \n- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz) \n- powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz) \n- powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell) \n- RDMA/rxe: Fix a typo in opcode name (Chengguang Xu) \n- RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu) \n- Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn) \n- firmware: Update Kconfig help text for Google firmware (Ben Hutchings) \n- drm/radeon: fix error handling in radeon_driver_open_kms (Christian Konig) \n- crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut) \n- ext4: don't use the orphan list when migrating an inode (Theodore Ts'o) \n- ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin) \n- ext4: set csum seed in tmp inode while migrating to extents (Luis Henriques) \n- ext4: make sure quota gets properly shutdown on error (Jan Kara) \n- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer) \n- cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin) \n- serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner) \n- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek) \n- power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy) \n- ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih) \n- scsi: sr: Don't use GFP_DMA (Christoph Hellwig) \n- MIPS: Octeon: Fix build errors using clang (Tianjia Zhang) \n- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D) \n- MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin) \n- ALSA: seq: Set upper limit of processed events (Takashi Iwai) \n- w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy) \n- i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund) \n- powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman) \n- i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit) \n- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin) \n- powerpc/btext: add missing of_node_put (Julia Lawall) \n- powerpc/cell: add missing of_node_put (Julia Lawall) \n- powerpc/powernv: add missing of_node_put (Julia Lawall) \n- powerpc/6xx: add missing of_node_put (Julia Lawall) \n- parisc: Avoid calling faulthandler_disabled() twice (John David Anglin) \n- serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner) \n- serial: pl010: Drop CR register reset on set_termios (Lukas Wunner) \n- net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle)) \n- dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber) \n- dm btree: add a defensive bounds check to insert_at() (Joe Thornber) \n- mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih) \n- net: mdio: Demote probed message to debug print (Florian Fainelli) \n- btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik) \n- btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik) \n- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov) \n- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki) \n- ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki) \n- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf) \n- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo) \n- um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap) \n- iwlwifi: remove module loading failure message (Johannes Berg) \n- iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg) \n- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen) \n- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng) \n- arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding) \n- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson) \n- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) \n- media: igorplugusb: receiver overflow should be reported (Sean Young) \n- bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni) \n- net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar) \n- ath10k: Fix tx hanging (Sebastian Gottschall) \n- iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg) \n- media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab) \n- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) \n- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard) \n- floppy: Add max size check for user space request (Xiongwei Song) \n- usb: uhci: add aspeed ast2600 uhci support (Neal Liu) \n- mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) \n- HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye) \n- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede) \n- drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch) \n- mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson) \n- media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma) \n- HID: apple: Do not reset quirks when the Fn key is not found (Jose Exposito) \n- usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti) \n- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs) \n- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen) \n- fs: dlm: filter user dlm messages for kernel locks (Alexander Aring) \n- Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun) \n- RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib) \n- mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap) \n- mips: lantiq: add support for clk_set_parent() (Randy Dunlap) \n- misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun) \n- ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang) \n- iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang) \n- dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann) \n- RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon) \n- scsi: ufs: Fix race conditions related to driver data (Bart Van Assche) \n- char/mwave: Adjust io port register size (Kees Cook) \n- ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui) \n- powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu) \n- RDMA/hns: Validate the pkey index (Kamal Heib) \n- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ext4: avoid trim error on fs with small groups (Jan Kara) \n- net: mcs7830: handle usb read errors properly (Pavel Skripkin) \n- pcmcia: fix setting of kthread task states (Dominik Brodowski) \n- can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang) \n- can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde) \n- tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun) \n- spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin) \n- fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang) \n- ppp: ensure minimum packet size in ppp_write() (Eric Dumazet) \n- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang) \n- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang) \n- x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun) \n- usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun) \n- media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai) \n- media: dw2102: Fix use after free (Anton Vasilyev) \n- sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua) \n- media: si2157: Fix 'warm' tuner state detection (Robert Schlabbach) \n- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang) \n- media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang) \n- floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis) \n- serial: amba-pl011: do not request memory region twice (Lino Sanfilippo) \n- drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang) \n- drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang) \n- arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov) \n- netfilter: bridge: add support for pppoe filtering (Florian Westphal) \n- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld) \n- tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus) \n- tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus) \n- crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye) \n- media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai) \n- Bluetooth: stop proccessing malicious adv data (Pavel Skripkin) \n- media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu) \n- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue) \n- clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard) \n- clk: bcm-2835: Pick the closest clock rate (Maxime Ripard) \n- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai) \n- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li) \n- shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li) \n- can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold) \n- media: stk1160: fix control-message timeouts (Johan Hovold) \n- media: pvrusb2: fix control-message timeouts (Johan Hovold) \n- media: redrat3: fix control-message timeouts (Johan Hovold) \n- media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron) \n- media: s2255: fix control-message timeouts (Johan Hovold) \n- media: cpia2: fix control-message timeouts (Johan Hovold) \n- media: em28xx: fix control-message timeouts (Johan Hovold) \n- media: mceusb: fix control-message timeouts (Johan Hovold) \n- media: flexcop-usb: fix control-message timeouts (Johan Hovold) \n- rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jonczyk) \n- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski) \n- HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke) \n- HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke) \n- HID: uhid: Fix worker destroying device without any protection (Jann Horn) \n- Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) \n- Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi) \n- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger) \n- media: uvcvideo: fix division by zero at stream start (Johan Hovold) \n- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET) \n- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor) \n- staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor) \n- random: fix data race on crng init time (Eric Biggers) \n- random: fix data race on crng_node_pool (Eric Biggers) \n- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman) \n- can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde) \n- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko) \n- USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (Alan Stern) \n- USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern) \n- Bluetooth: bfusb: fix division by zero in send path (Johan Hovold) \n- Linux 4.14.262 (Greg Kroah-Hartman) \n- mISDN: change function names to avoid conflicts (wolfgang huang) \n- net: udp: fix alignment problem in udp4_seq_show() (yangxingwu) \n- ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao) \n- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng) \n- ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern) \n- ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern) \n- phonet: refcount leak in pep_sock_accep (Hangyu Hua) \n- rndis_host: support Hytera digital radios (Thomas Toye) \n- power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor) \n- sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet) \n- ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern) \n- ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern) \n- i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski) \n- i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu) \n- mac80211: initialize variable have_higher_than_11mbit (Tom Rix) \n- RDMA/core: Don't infoleak GRH fields (Leon Romanovsky) \n- ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin) \n- virtio_pci: Support surprise removal of virtio pci device (Parav Pandit) \n- tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao) \n- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao) \n- Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai)\n[4.14.35-2047.512.3.el7]\n- lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317}\n- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520]\n- uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655]\n- uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455]\n- sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297]\n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448}\n- Linux 4.14.261 (Greg Kroah-Hartman) \n- sctp: use call_rcu to free endpoint (Xin Long) \n- net: fix use-after-free in tw_timer_handler (Muchun Song) \n- Input: spaceball - fix parsing of movement data packets (Leo L. Schwab) \n- Input: appletouch - initialize work before device registration (Pavel Skripkin) \n- binder: fix async_free_space accounting for empty parcels (Todd Kjos) \n- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier) \n- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman) \n- uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin) \n- nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski) \n- fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin) \n- NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun) \n- net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott) \n- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter) \n- selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix) \n- recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens) \n- platform/x86: apple-gmux: use resource_size() with res (Wang Qing) \n- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede) \n- Linux 4.14.260 (Greg Kroah-Hartman) \n- phonet/pep: refuse to enable an unbound pipe (Remi Denis-Courmont) \n- hamradio: improve the incomplete fix to avoid NPD (Lin Ma) \n- hamradio: defer ax25 kfree after unregister_netdev (Lin Ma) \n- ax25: NPD bug when detaching AX25 device (Lin Ma) \n- hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck) \n- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson) \n- usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca) \n- f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu) \n- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel) \n- pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne) \n- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper) \n- Input: atmel_mxt_ts - fix double free in mxt_read_info_block (Jose Exposito) \n- ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King) \n- ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang) \n- hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck) \n- sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang) \n- drivers: net: smc911x: Check for error irq (Jiasheng Jiang) \n- fjes: Check for error irq (Jiasheng Jiang) \n- bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera) \n- net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn) \n- qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang) \n- spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu) \n- HID: holtek: fix mouse probing (Benjamin Tissoires) \n- can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson) \n- net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski) \n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Fix bug in retpoline mode on AMD with 'spectre_v2=none' (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502]\n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}\n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092]\n- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}\n- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}\n- scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182]\n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942}\n- drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330}\n- proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650]\n- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767]\n- rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33819408]\n- Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698]\n- dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698]\n- dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698]\n- dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698]\n- dm: add dust target (Bryan Gurney) [Orabug: 33653698]\n- hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002}\n- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747]\n- uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558]\n[4.14.35-2047.512.1.el7]\n- Revert 'stable: clamp SUBLEVEL in 4.14' (Alan Maguire) [Orabug: 33861950]\n- tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435}\n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492}\n- blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945]\n- DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598]\n[4.14.35-2047.512.0.el7]\n- bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734682]\n- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734682]\n- RDMA/rxe: Use correct sizing on buffers holding page DMA addresses (Shiraz Saleem) [Orabug: 33676942]\n- hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782835]\n- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33787546]\n- uek-rpm: Pensando: Enable Elba EDAC (Dave Kleikamp) [Orabug: 33831294]\n- dsc-drivers: update for 1.15.9-C-64 (Dave Kleikamp) [Orabug: 33831294]\n- drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 33831294]\n- drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 33831294]\n- arm64/configs: Remove CONFIG_PENSANDO_SOC_CAPMEM_HUGEPAGE (David Clear) [Orabug: 33831294]\n- drivers/soc/pensando: Add reset cause driver (David Clear) [Orabug: 33831294]\n- net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33811475]\n- x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33544127]\n- Linux 4.14.259 (Greg Kroah-Hartman) \n- xen/console: harden hvc_xen against event channel storms (Juergen Gross) \n- Input: touchscreen - avoid bitwise vs logical OR warning (Nathan Chancellor) \n- ARM: 8800/1: use choice for kernel unwinders (Stefan Agner) \n- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (Nathan Chancellor) \n- ARM: 8805/2: remove unneeded naked function usage (Nicolas Pitre) \n- net: lan78xx: Avoid unnecessary self assignment (Nathan Chancellor) \n- fuse: annotate lock in fuse_reverse_inval_entry() (Miklos Szeredi) \n- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (Fabio Estevam) \n- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Sudeep Holla) \n- net: systemport: Add global locking for descriptor lifecycle (Florian Fainelli) \n- libata: if T_LENGTH is zero, dma direction should be DMA_NONE (George Kennedy) \n- timekeeping: Really make sure wall_to_monotonic isn't positive (Yu Liao) \n- USB: serial: option: add Telit FN990 compositions (Daniele Palmas) \n- PCI/MSI: Mask MSI-X vectors only on success (Stefan Roese) \n- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (Thomas Gleixner) \n- USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) \n- sit: do not call ipip6_dev_free() from sit_init_net() (Eric Dumazet) \n- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) \n- ixgbe: set X550 MDIO speed before talking to PHY (Cyril Novikov) \n- igbvf: fix double free in 'igbvf_probe' (Letu Ren) \n- soc/tegra: fuse: Fix bitwise vs. logical OR warning (Nathan Chancellor) \n- dmaengine: st_fdma: fix MODULE_ALIAS (Alyssa Ross) \n- ARM: socfpga: dts: fix qspi node compatible (Dinh Nguyen) \n- x86/sme: Explicitly map new EFI memmap table as encrypted (Tom Lendacky) \n- nfsd: fix use-after-free due to delegation race (J. Bruce Fields) \n- audit: improve robustness of the audit queue handling (Paul Moore) \n- dm btree remove: fix use after free in rebalance_children() (Joe Thornber) \n- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (Jerome Marchand) \n- mac80211: send ADDBA requests using the tid/queue of the aggregation session (Felix Fietkau) \n- hwmon: (dell-smm) Fix warning on /proc/i8k creation error (Armin Wolf) \n- bpf: fix panic due to oob in bpf_prog_test_run_skb (Daniel Borkmann) \n- tracing: Fix a kmemleak false positive in tracing_map (Chen Jun) \n- net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Harshit Mogalapalli) \n- i2c: rk3x: Handle a spurious start completion interrupt flag (Ondrej Jirman) \n- parisc/agp: Annotate parisc agp init functions with __init (Helge Deller) \n- net/mlx4_en: Update reported link modes for 1/10G (Erik Ekman) \n- drm/msm/dsi: set default num_data_lanes (Philip Chen) \n- nfc: fix segfault in nfc_genl_dump_devices_done (Tadeusz Struk) \n- Linux 4.14.258 (Greg Kroah-Hartman) \n- irqchip: nvic: Fix offset for Interrupt Priority Offsets (Vladimir Murzin) \n- irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (Wudi Wang) \n- irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (Pali Rohar) \n- irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (Pali Rohar) \n- iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (Yang Yingliang) \n- iio: adc: axp20x_adc: fix charging current reporting on AXP22x (Evgeny Boger) \n- iio: dln2: Check return value of devm_iio_trigger_register() (Lars-Peter Clausen) \n- iio: dln2-adc: Fix lockdep complaint (Noralf Tronnes) \n- iio: itg3200: Call iio_trigger_notify_done() on error (Lars-Peter Clausen) \n- iio: kxsd9: Don't return error code in trigger handler (Lars-Peter Clausen) \n- iio: ltr501: Don't return error code in trigger handler (Lars-Peter Clausen) \n- iio: mma8452: Fix trigger reference couting (Lars-Peter Clausen) \n- iio: stk3310: Don't return error code in interrupt handler (Lars-Peter Clausen) \n- iio: trigger: stm32-timer: fix MODULE_ALIAS (Alyssa Ross) \n- iio: trigger: Fix reference counting (Lars-Peter Clausen) \n- usb: core: config: using bit mask instead of individual bits (Pavel Hofman) \n- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (Kai-Heng Feng) \n- usb: core: config: fix validation of wMaxPacketValue entries (Pavel Hofman) \n- USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) \n- USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) \n- net/qla3xxx: fix an error code in ql_adapter_up() (Dan Carpenter) \n- net, neigh: clear whole pneigh_entry at alloc time (Eric Dumazet) \n- net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (Joakim Zhang) \n- net: altera: set a couple error code in probe() (Dan Carpenter) \n- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (Lee Jones) \n- qede: validate non LSO skb length (Manish Chopra) \n- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (Davidlohr Bueso) \n- signalfd: use wake_up_pollfree() (Eric Biggers) \n- binder: use wake_up_pollfree() (Eric Biggers) \n- wait: add wake_up_pollfree() (Eric Biggers) \n- libata: add horkage for ASMedia 1092 (Hannes Reinecke) \n- can: m_can: Disable and ignore ELO interrupt (Brian Silverman) \n- can: pch_can: pch_can_rx_normal: fix use after free (Vincent Mailhol) \n- tracefs: Have new files inherit the ownership of their parent (Steven Rostedt (VMware)) \n- ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (Takashi Iwai) \n- ALSA: pcm: oss: Limit the period size to 16MB (Takashi Iwai) \n- ALSA: pcm: oss: Fix negative period/buffer sizes (Takashi Iwai) \n- ALSA: ctl: Fix copy of updated id with element read/write (Alan Young) \n- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (Manjong Lee) \n- IB/hfi1: Correct guard on eager buffer deallocation (Mike Marciniszyn) \n- seg6: fix the iif in the IPv6 socket control block (Andrea Mayer) \n- nfp: Fix memory leak in nfp_cpp_area_cache_add() (Jianglei Nie) \n- bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) \n- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (Krzysztof Kozlowski) \n- can: sja1000: fix use after free in ems_pcmcia_add_card() (Dan Carpenter) \n- HID: check for valid USB device for many HID drivers (Greg Kroah-Hartman) \n- HID: wacom: fix problems when device is not a valid USB device (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy on some USB HID drivers (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy to hid-chicony (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy to hid-prodikeys (Greg Kroah-Hartman) \n- HID: add hid_is_usb() function to make it simpler for USB detection (Greg Kroah-Hartman) \n- Linux 4.14.257 (Greg Kroah-Hartman) {CVE-2021-38199}\n- parisc: Mark cr16 CPU clocksource unstable on all SMP machines (Helge Deller) \n- serial: core: fix transmit-buffer reset and memleak (Johan Hovold) \n- serial: pl011: Add ACPI SBSA UART match id (Pierre Gondois) \n- tty: serial: msm_serial: Deactivate RX DMA for polling support (Sven Eckelmann) \n- x86/64/mm: Map all kernel memory into trampoline_pgd (Joerg Roedel) \n- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (Badhri Jagan Sridharan) \n- xhci: Fix commad ring abort, write all 64 bits to CRCR register. (Mathias Nyman) \n- vgacon: Propagate console boot parameters before calling 'vc_resize' (Maciej W. Rozycki) \n- parisc: Fix 'make install' on newer debian releases (Helge Deller) \n- parisc: Fix KBUILD_IMAGE for self-extracting kernel (Helge Deller) \n- net/smc: Keep smc_close_final rc during active close (Tony Lu) \n- net/rds: correct socket tunable error in rds_tcp_tune() (William Kucharski) \n- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (Sven Schuchmann) \n- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (Zhou Qingyang) \n- siphash: use _unaligned version by default (Arnd Bergmann) \n- net: mpls: Fix notifications when deleting a device (Benjamin Poirier) \n- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (Zhou Qingyang) \n- natsemi: xtensa: fix section mismatch warnings (Randy Dunlap) \n- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (Baokun Li) \n- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (Baokun Li) \n- kprobes: Limit max data_size of the kretprobe instances (Masami Hiramatsu) \n- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (Stephen Suryaputra) \n- perf hist: Fix memory leak of a perf_hpp_fmt (Ian Rogers) \n- net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() (Teng Qi) \n- net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound (zhangyue) \n- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Teng Qi) \n- scsi: iscsi: Unblock session then wake up error handler (Mike Christie) \n- thermal: core: Reset previous low and high trip during thermal zone init (Manaf Meethalavalappu Pallikunhi) \n- btrfs: check-integrity: fix a warning on write caching disabled disk (Wang Yugui) \n- s390/setup: avoid using memblock_enforce_memory_limit (Vasily Gorbik) \n- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (Slark Xiao) \n- net: return correct error code (liuguoqiang) \n- NFSv42: Fix pagecache invalidation after COPY/CLONE (Benjamin Coddington) \n- ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) \n- shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) \n- tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) \n- xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) \n- fuse: release pipe buf after last use (Miklos Szeredi) \n- NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) \n- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) \n- arm64: dts: marvell: armada-37xx: declare PCIe reset pin (Miquel Raynal) \n- pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) \n- pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup (Gregory CLEMENT) \n- pinctrl: armada-37xx: Correct mpp definitions (Marek Behun) \n- PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) \n- PCI: aardvark: Fix link training (Pali Rohar) \n- PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) \n- PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) \n- PCI: aardvark: Remove PCIe outbound window configuration (Evan Wang) \n- PCI: aardvark: Update comment about disabling link training (Pali Rohar) \n- PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) \n- PCI: aardvark: Fix compilation on s390 (Pali Rohar) \n- PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) \n- PCI: aardvark: Introduce an advk_pcie_valid_device() helper (Thomas Petazzoni) \n- PCI: aardvark: Indicate error in 'val' when config read fails (Pali Rohar) \n- PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) \n- PCI: aardvark: Issue PERST via GPIO (Pali Rohar) \n- PCI: aardvark: Improve link training (Marek Behun) \n- PCI: aardvark: Train link immediately after enabling training (Pali Rohar) \n- PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) \n- PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (Wen Yang) \n- PCI: aardvark: Fix I/O space page leak (Sergei Shtylyov) \n- s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) \n- tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) \n- vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) \n- net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) \n- MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) \n- tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) \n- net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) \n- ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) \n- drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) \n- scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) \n- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) \n- NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) \n- net: ieee802154: handle iftypes as u32 (Alexander Aring) \n- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) \n- ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) \n- netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) \n- tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) \n- xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) \n- xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) \n- fuse: fix page stealing (Miklos Szeredi) \n- staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) \n- HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) \n- media: cec: copy sequence field for the reply (Hans Verkuil) \n- ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) \n- usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) \n- usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) \n- USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) \n- USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-20317", "CVE-2021-26401", "CVE-2021-38199", "CVE-2021-4002", "CVE-2021-4149", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-1016", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-26966", "CVE-2022-27666"], "modified": "2022-05-10T00:00:00", "id": "ELSA-2022-9366", "href": "http://linux.oracle.com/errata/ELSA-2022-9366.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T19:14:29", "description": "[4.14.35-2047.513.2]\n- Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy\n Palaniappan) [Orabug: 34124234]\n[4.14.35-2047.513.1]\n- mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050]\n- esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) [Orabug: 33997301] {CVE-2022-27666}\n[4.14.35-2047.513.0]\n- rds: ib: Initialize SG table properly (Hakon Bugge) [Orabug: 34031914]\n- rds: ib: Fix racy credit tracepoints (Hakon Bugge) [Orabug: 33980856]\n- net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33945366]\n- ice: Add E810-XXV pci device ids to UEK5 (John Donnelly) [Orabug: 33750110]\n[4.14.35-2047.512.6]\n- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair)\n [Orabug: 34039271]\n[4.14.35-2047.512.5]\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016}\n- rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923372]\n- btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149}\n- sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966}\n[4.14.35-2047.512.4]\n- Linux 4.14.265 (Greg Kroah-Hartman) \n- ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani) \n- EDAC/xgene: Fix deferred probing (Sergey Shtylyov) \n- EDAC/altera: Fix deferred probing (Sergey Shtylyov) \n- rtc: cmos: Evaluate century appropriate (Riwen Lu) \n- selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum) \n- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo) \n- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini) \n- ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin) \n- drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter) \n- net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson) \n- net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal) \n- net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal) \n- spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin) \n- spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard) \n- spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu) \n- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel) \n- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang) \n- RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky) \n- block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen) \n- drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown) \n- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown) \n- audit: improve audit queue handling when 'audit=1' on cmdline (Paul Moore) \n- af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet) \n- rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet) \n- net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K) \n- net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju) \n- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov) \n- netfilter: nat: limit port clash resolution attempts (Florian Westphal) \n- netfilter: nat: remove l4 protocol port rovers (Florian Westphal) \n- bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann) \n- ipv4: raw: lock the socket in raw_bind() (Eric Dumazet) \n- yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua) \n- ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu) \n- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (Jose Exposito) \n- drm/msm: Fix wrong size calculation (Xianting Tian) \n- net-procfs: show net devices bound packet types (Jianguo Wu) \n- NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust) \n- hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck) \n- ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long) \n- net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi) \n- ipv6_tunnel: Rate limit warning messages (Ido Schimmel) \n- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini) \n- rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke) \n- rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar) \n- i40e: fix unsigned stat widths (Joe Damato) \n- i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski) \n- lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy) \n- powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy) \n- net: sfp: ignore disabled SFP node (Marek Behun) \n- usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan) \n- USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern) \n- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti) \n- usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter) \n- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern) \n- tty: Add support for Brainboxes UC cards. (Cameron Williams) \n- tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com) \n- serial: stm32: fix software flow control transfer (Valentin Caron) \n- netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso) \n- PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman) \n- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier) \n- s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik) \n- Bluetooth: refactor malicious adv data check (Brian Gix) \n- Linux 4.14.264 (Greg Kroah-Hartman) \n- can: bcm: fix UAF of bcm op (Ziyang Xuan) \n- Linux 4.14.263 (Greg Kroah-Hartman) \n- gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun) \n- gianfar: simplify FCS handling and fix memory leak (Andy Spencer) \n- drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) \n- mips,s390,sh,sparc: gup: Work around the 'COW can break either way' issue (Ben Hutchings) \n- lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin) \n- scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer) \n- bcmgenet: add WOL IRQ check (Sergey Shtylyov) \n- net_sched: restore 'mpu xxx' handling (Kevin Bracey) \n- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus) \n- dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus) \n- dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus) \n- dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus) \n- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault) \n- netns: add schedule point in ops_exit_list() (Eric Dumazet) \n- net: axienet: fix number of TX ring slots for available check (Robert Hancock) \n- net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock) \n- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet) \n- parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin) \n- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz) \n- powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz) \n- powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell) \n- RDMA/rxe: Fix a typo in opcode name (Chengguang Xu) \n- RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu) \n- Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn) \n- firmware: Update Kconfig help text for Google firmware (Ben Hutchings) \n- drm/radeon: fix error handling in radeon_driver_open_kms (Christian Konig) \n- crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut) \n- ext4: don't use the orphan list when migrating an inode (Theodore Ts'o) \n- ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin) \n- ext4: set csum seed in tmp inode while migrating to extents (Luis Henriques) \n- ext4: make sure quota gets properly shutdown on error (Jan Kara) \n- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer) \n- cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin) \n- serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner) \n- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek) \n- power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy) \n- ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih) \n- scsi: sr: Don't use GFP_DMA (Christoph Hellwig) \n- MIPS: Octeon: Fix build errors using clang (Tianjia Zhang) \n- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D) \n- MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin) \n- ALSA: seq: Set upper limit of processed events (Takashi Iwai) \n- w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy) \n- i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund) \n- powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman) \n- i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit) \n- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin) \n- powerpc/btext: add missing of_node_put (Julia Lawall) \n- powerpc/cell: add missing of_node_put (Julia Lawall) \n- powerpc/powernv: add missing of_node_put (Julia Lawall) \n- powerpc/6xx: add missing of_node_put (Julia Lawall) \n- parisc: Avoid calling faulthandler_disabled() twice (John David Anglin) \n- serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner) \n- serial: pl010: Drop CR register reset on set_termios (Lukas Wunner) \n- net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle)) \n- dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber) \n- dm btree: add a defensive bounds check to insert_at() (Joe Thornber) \n- mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih) \n- net: mdio: Demote probed message to debug print (Florian Fainelli) \n- btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik) \n- btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik) \n- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov) \n- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki) \n- ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki) \n- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf) \n- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo) \n- um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap) \n- iwlwifi: remove module loading failure message (Johannes Berg) \n- iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg) \n- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen) \n- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng) \n- arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding) \n- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson) \n- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) \n- media: igorplugusb: receiver overflow should be reported (Sean Young) \n- bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni) \n- net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar) \n- ath10k: Fix tx hanging (Sebastian Gottschall) \n- iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg) \n- media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab) \n- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) \n- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard) \n- floppy: Add max size check for user space request (Xiongwei Song) \n- usb: uhci: add aspeed ast2600 uhci support (Neal Liu) \n- mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) \n- HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye) \n- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede) \n- drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch) \n- mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson) \n- media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma) \n- HID: apple: Do not reset quirks when the Fn key is not found (Jose Exposito) \n- usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti) \n- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs) \n- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen) \n- fs: dlm: filter user dlm messages for kernel locks (Alexander Aring) \n- Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun) \n- RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib) \n- mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap) \n- mips: lantiq: add support for clk_set_parent() (Randy Dunlap) \n- misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun) \n- ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang) \n- iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang) \n- dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann) \n- RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon) \n- scsi: ufs: Fix race conditions related to driver data (Bart Van Assche) \n- char/mwave: Adjust io port register size (Kees Cook) \n- ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui) \n- powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu) \n- RDMA/hns: Validate the pkey index (Kamal Heib) \n- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ext4: avoid trim error on fs with small groups (Jan Kara) \n- net: mcs7830: handle usb read errors properly (Pavel Skripkin) \n- pcmcia: fix setting of kthread task states (Dominik Brodowski) \n- can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang) \n- can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde) \n- tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun) \n- spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin) \n- fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang) \n- ppp: ensure minimum packet size in ppp_write() (Eric Dumazet) \n- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang) \n- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang) \n- x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun) \n- usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun) \n- media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai) \n- media: dw2102: Fix use after free (Anton Vasilyev) \n- sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua) \n- media: si2157: Fix 'warm' tuner state detection (Robert Schlabbach) \n- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang) \n- media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang) \n- floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis) \n- serial: amba-pl011: do not request memory region twice (Lino Sanfilippo) \n- drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang) \n- drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang) \n- arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov) \n- netfilter: bridge: add support for pppoe filtering (Florian Westphal) \n- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld) \n- tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus) \n- tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus) \n- crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye) \n- media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai) \n- Bluetooth: stop proccessing malicious adv data (Pavel Skripkin) \n- media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu) \n- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue) \n- clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard) \n- clk: bcm-2835: Pick the closest clock rate (Maxime Ripard) \n- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai) \n- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li) \n- shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li) \n- can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold) \n- media: stk1160: fix control-message timeouts (Johan Hovold) \n- media: pvrusb2: fix control-message timeouts (Johan Hovold) \n- media: redrat3: fix control-message timeouts (Johan Hovold) \n- media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron) \n- media: s2255: fix control-message timeouts (Johan Hovold) \n- media: cpia2: fix control-message timeouts (Johan Hovold) \n- media: em28xx: fix control-message timeouts (Johan Hovold) \n- media: mceusb: fix control-message timeouts (Johan Hovold) \n- media: flexcop-usb: fix control-message timeouts (Johan Hovold) \n- rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jonczyk) \n- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski) \n- HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke) \n- HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke) \n- HID: uhid: Fix worker destroying device without any protection (Jann Horn) \n- Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) \n- Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi) \n- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger) \n- media: uvcvideo: fix division by zero at stream start (Johan Hovold) \n- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET) \n- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor) \n- staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor) \n- random: fix data race on crng init time (Eric Biggers) \n- random: fix data race on crng_node_pool (Eric Biggers) \n- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman) \n- can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde) \n- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko) \n- USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (Alan Stern) \n- USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern) \n- Bluetooth: bfusb: fix division by zero in send path (Johan Hovold) \n- Linux 4.14.262 (Greg Kroah-Hartman) \n- mISDN: change function names to avoid conflicts (wolfgang huang) \n- net: udp: fix alignment problem in udp4_seq_show() (yangxingwu) \n- ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao) \n- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng) \n- ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern) \n- ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern) \n- phonet: refcount leak in pep_sock_accep (Hangyu Hua) \n- rndis_host: support Hytera digital radios (Thomas Toye) \n- power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor) \n- sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet) \n- ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern) \n- ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern) \n- i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski) \n- i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu) \n- mac80211: initialize variable have_higher_than_11mbit (Tom Rix) \n- RDMA/core: Don't infoleak GRH fields (Leon Romanovsky) \n- ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin) \n- virtio_pci: Support surprise removal of virtio pci device (Parav Pandit) \n- tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao) \n- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao) \n- Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai)\n[4.14.35-2047.512.3]\n- lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317}\n- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520]\n- uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655]\n- uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455]\n- sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297]\n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448}\n- Linux 4.14.261 (Greg Kroah-Hartman) \n- sctp: use call_rcu to free endpoint (Xin Long) \n- net: fix use-after-free in tw_timer_handler (Muchun Song) \n- Input: spaceball - fix parsing of movement data packets (Leo L. Schwab) \n- Input: appletouch - initialize work before device registration (Pavel Skripkin) \n- binder: fix async_free_space accounting for empty parcels (Todd Kjos) \n- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier) \n- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman) \n- uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin) \n- nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski) \n- fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin) \n- NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun) \n- net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott) \n- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter) \n- selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix) \n- recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens) \n- platform/x86: apple-gmux: use resource_size() with res (Wang Qing) \n- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede) \n- Linux 4.14.260 (Greg Kroah-Hartman) \n- phonet/pep: refuse to enable an unbound pipe (Remi Denis-Courmont) \n- hamradio: improve the incomplete fix to avoid NPD (Lin Ma) \n- hamradio: defer ax25 kfree after unregister_netdev (Lin Ma) \n- ax25: NPD bug when detaching AX25 device (Lin Ma) \n- hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck) \n- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson) \n- usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca) \n- f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu) \n- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel) \n- pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne) \n- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper) \n- Input: atmel_mxt_ts - fix double free in mxt_read_info_block (Jose Exposito) \n- ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King) \n- ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang) \n- hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck) \n- sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang) \n- drivers: net: smc911x: Check for error irq (Jiasheng Jiang) \n- fjes: Check for error irq (Jiasheng Jiang) \n- bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera) \n- net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn) \n- qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang) \n- spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu) \n- HID: holtek: fix mouse probing (Benjamin Tissoires) \n- can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson) \n- net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski) \n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- x86/speculation: Fix bug in retpoline mode on AMD with 'spectre_v2=none' (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401}\n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502]\n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516}\n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092]\n- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}\n- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617}\n- scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182]\n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942}\n- drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330}\n- proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650]\n- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767]\n- rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33819408]\n- Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698]\n- dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698]\n- dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698]\n- dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698]\n- dm: add dust target (Bryan Gurney) [Orabug: 33653698]\n- hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002}\n- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747]\n- uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558]\n[4.14.35-2047.512.1]\n- Revert 'stable: clamp SUBLEVEL in 4.14' (Alan Maguire) [Orabug: 33861950]\n- tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435}\n- cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492}\n- blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945]\n- DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598]\n[4.14.35-2047.512.0]\n- bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734682]\n- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734682]\n- RDMA/rxe: Use correct sizing on buffers holding page DMA addresses (Shiraz Saleem) [Orabug: 33676942]\n- hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782835]\n- arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33787546]\n- uek-rpm: Pensando: Enable Elba EDAC (Dave Kleikamp) [Orabug: 33831294]\n- dsc-drivers: update for 1.15.9-C-64 (Dave Kleikamp) [Orabug: 33831294]\n- drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 33831294]\n- drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 33831294]\n- arm64/configs: Remove CONFIG_PENSANDO_SOC_CAPMEM_HUGEPAGE (David Clear) [Orabug: 33831294]\n- drivers/soc/pensando: Add reset cause driver (David Clear) [Orabug: 33831294]\n- net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33811475]\n- x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33544127]\n- Linux 4.14.259 (Greg Kroah-Hartman) \n- xen/console: harden hvc_xen against event channel storms (Juergen Gross) \n- Input: touchscreen - avoid bitwise vs logical OR warning (Nathan Chancellor) \n- ARM: 8800/1: use choice for kernel unwinders (Stefan Agner) \n- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (Nathan Chancellor) \n- ARM: 8805/2: remove unneeded naked function usage (Nicolas Pitre) \n- net: lan78xx: Avoid unnecessary self assignment (Nathan Chancellor) \n- fuse: annotate lock in fuse_reverse_inval_entry() (Miklos Szeredi) \n- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (Fabio Estevam) \n- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Sudeep Holla) \n- net: systemport: Add global locking for descriptor lifecycle (Florian Fainelli) \n- libata: if T_LENGTH is zero, dma direction should be DMA_NONE (George Kennedy) \n- timekeeping: Really make sure wall_to_monotonic isn't positive (Yu Liao) \n- USB: serial: option: add Telit FN990 compositions (Daniele Palmas) \n- PCI/MSI: Mask MSI-X vectors only on success (Stefan Roese) \n- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (Thomas Gleixner) \n- USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) \n- sit: do not call ipip6_dev_free() from sit_init_net() (Eric Dumazet) \n- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) \n- ixgbe: set X550 MDIO speed before talking to PHY (Cyril Novikov) \n- igbvf: fix double free in 'igbvf_probe' (Letu Ren) \n- soc/tegra: fuse: Fix bitwise vs. logical OR warning (Nathan Chancellor) \n- dmaengine: st_fdma: fix MODULE_ALIAS (Alyssa Ross) \n- ARM: socfpga: dts: fix qspi node compatible (Dinh Nguyen) \n- x86/sme: Explicitly map new EFI memmap table as encrypted (Tom Lendacky) \n- nfsd: fix use-after-free due to delegation race (J. Bruce Fields) \n- audit: improve robustness of the audit queue handling (Paul Moore) \n- dm btree remove: fix use after free in rebalance_children() (Joe Thornber) \n- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (Jerome Marchand) \n- mac80211: send ADDBA requests using the tid/queue of the aggregation session (Felix Fietkau) \n- hwmon: (dell-smm) Fix warning on /proc/i8k creation error (Armin Wolf) \n- bpf: fix panic due to oob in bpf_prog_test_run_skb (Daniel Borkmann) \n- tracing: Fix a kmemleak false positive in tracing_map (Chen Jun) \n- net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Harshit Mogalapalli) \n- i2c: rk3x: Handle a spurious start completion interrupt flag (Ondrej Jirman) \n- parisc/agp: Annotate parisc agp init functions with __init (Helge Deller) \n- net/mlx4_en: Update reported link modes for 1/10G (Erik Ekman) \n- drm/msm/dsi: set default num_data_lanes (Philip Chen) \n- nfc: fix segfault in nfc_genl_dump_devices_done (Tadeusz Struk) \n- Linux 4.14.258 (Greg Kroah-Hartman) \n- irqchip: nvic: Fix offset for Interrupt Priority Offsets (Vladimir Murzin) \n- irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (Wudi Wang) \n- irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (Pali Rohar) \n- irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (Pali Rohar) \n- iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (Yang Yingliang) \n- iio: adc: axp20x_adc: fix charging current reporting on AXP22x (Evgeny Boger) \n- iio: dln2: Check return value of devm_iio_trigger_register() (Lars-Peter Clausen) \n- iio: dln2-adc: Fix lockdep complaint (Noralf Tronnes) \n- iio: itg3200: Call iio_trigger_notify_done() on error (Lars-Peter Clausen) \n- iio: kxsd9: Don't return error code in trigger handler (Lars-Peter Clausen) \n- iio: ltr501: Don't return error code in trigger handler (Lars-Peter Clausen) \n- iio: mma8452: Fix trigger reference couting (Lars-Peter Clausen) \n- iio: stk3310: Don't return error code in interrupt handler (Lars-Peter Clausen) \n- iio: trigger: stm32-timer: fix MODULE_ALIAS (Alyssa Ross) \n- iio: trigger: Fix reference counting (Lars-Peter Clausen) \n- usb: core: config: using bit mask instead of individual bits (Pavel Hofman) \n- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (Kai-Heng Feng) \n- usb: core: config: fix validation of wMaxPacketValue entries (Pavel Hofman) \n- USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) \n- USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) \n- net/qla3xxx: fix an error code in ql_adapter_up() (Dan Carpenter) \n- net, neigh: clear whole pneigh_entry at alloc time (Eric Dumazet) \n- net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (Joakim Zhang) \n- net: altera: set a couple error code in probe() (Dan Carpenter) \n- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (Lee Jones) \n- qede: validate non LSO skb length (Manish Chopra) \n- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (Davidlohr Bueso) \n- signalfd: use wake_up_pollfree() (Eric Biggers) \n- binder: use wake_up_pollfree() (Eric Biggers) \n- wait: add wake_up_pollfree() (Eric Biggers) \n- libata: add horkage for ASMedia 1092 (Hannes Reinecke) \n- can: m_can: Disable and ignore ELO interrupt (Brian Silverman) \n- can: pch_can: pch_can_rx_normal: fix use after free (Vincent Mailhol) \n- tracefs: Have new files inherit the ownership of their parent (Steven Rostedt (VMware)) \n- ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (Takashi Iwai) \n- ALSA: pcm: oss: Limit the period size to 16MB (Takashi Iwai) \n- ALSA: pcm: oss: Fix negative period/buffer sizes (Takashi Iwai) \n- ALSA: ctl: Fix copy of updated id with element read/write (Alan Young) \n- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (Manjong Lee) \n- IB/hfi1: Correct guard on eager buffer deallocation (Mike Marciniszyn) \n- seg6: fix the iif in the IPv6 socket control block (Andrea Mayer) \n- nfp: Fix memory leak in nfp_cpp_area_cache_add() (Jianglei Nie) \n- bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) \n- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (Krzysztof Kozlowski) \n- can: sja1000: fix use after free in ems_pcmcia_add_card() (Dan Carpenter) \n- HID: check for valid USB device for many HID drivers (Greg Kroah-Hartman) \n- HID: wacom: fix problems when device is not a valid USB device (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy on some USB HID drivers (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy to hid-chicony (Greg Kroah-Hartman) \n- HID: add USB_HID dependancy to hid-prodikeys (Greg Kroah-Hartman) \n- HID: add hid_is_usb() function to make it simpler for USB detection (Greg Kroah-Hartman) \n- Linux 4.14.257 (Greg Kroah-Hartman) {CVE-2021-38199}\n- parisc: Mark cr16 CPU clocksource unstable on all SMP machines (Helge Deller) \n- serial: core: fix transmit-buffer reset and memleak (Johan Hovold) \n- serial: pl011: Add ACPI SBSA UART match id (Pierre Gondois) \n- tty: serial: msm_serial: Deactivate RX DMA for polling support (Sven Eckelmann) \n- x86/64/mm: Map all kernel memory into trampoline_pgd (Joerg Roedel) \n- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (Badhri Jagan Sridharan) \n- xhci: Fix commad ring abort, write all 64 bits to CRCR register. (Mathias Nyman) \n- vgacon: Propagate console boot parameters before calling 'vc_resize' (Maciej W. Rozycki) \n- parisc: Fix 'make install' on newer debian releases (Helge Deller) \n- parisc: Fix KBUILD_IMAGE for self-extracting kernel (Helge Deller) \n- net/smc: Keep smc_close_final rc during active close (Tony Lu) \n- net/rds: correct socket tunable error in rds_tcp_tune() (William Kucharski) \n- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (Sven Schuchmann) \n- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (Zhou Qingyang) \n- siphash: use _unaligned version by default (Arnd Bergmann) \n- net: mpls: Fix notifications when deleting a device (Benjamin Poirier) \n- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (Zhou Qingyang) \n- natsemi: xtensa: fix section mismatch warnings (Randy Dunlap) \n- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (Baokun Li) \n- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (Baokun Li) \n- kprobes: Limit max data_size of the kretprobe instances (Masami Hiramatsu) \n- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (Stephen Suryaputra) \n- perf hist: Fix memory leak of a perf_hpp_fmt (Ian Rogers) \n- net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() (Teng Qi) \n- net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound (zhangyue) \n- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Teng Qi) \n- scsi: iscsi: Unblock session then wake up error handler (Mike Christie) \n- thermal: core: Reset previous low and high trip during thermal zone init (Manaf Meethalavalappu Pallikunhi) \n- btrfs: check-integrity: fix a warning on write caching disabled disk (Wang Yugui) \n- s390/setup: avoid using memblock_enforce_memory_limit (Vasily Gorbik) \n- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (Slark Xiao) \n- net: return correct error code (liuguoqiang) \n- NFSv42: Fix pagecache invalidation after COPY/CLONE (Benjamin Coddington) \n- ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) \n- shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) \n- tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) \n- xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) \n- fuse: release pipe buf after last use (Miklos Szeredi) \n- NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) \n- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) \n- arm64: dts: marvell: armada-37xx: declare PCIe reset pin (Miquel Raynal) \n- pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) \n- pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup (Gregory CLEMENT) \n- pinctrl: armada-37xx: Correct mpp definitions (Marek Behun) \n- PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) \n- PCI: aardvark: Fix link training (Pali Rohar) \n- PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) \n- PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) \n- PCI: aardvark: Remove PCIe outbound window configuration (Evan Wang) \n- PCI: aardvark: Update comment about disabling link training (Pali Rohar) \n- PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) \n- PCI: aardvark: Fix compilation on s390 (Pali Rohar) \n- PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) \n- PCI: aardvark: Introduce an advk_pcie_valid_device() helper (Thomas Petazzoni) \n- PCI: aardvark: Indicate error in 'val' when config read fails (Pali Rohar) \n- PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) \n- PCI: aardvark: Issue PERST via GPIO (Pali Rohar) \n- PCI: aardvark: Improve link training (Marek Behun) \n- PCI: aardvark: Train link immediately after enabling training (Pali Rohar) \n- PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) \n- PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (Wen Yang) \n- PCI: aardvark: Fix I/O space page leak (Sergei Shtylyov) \n- s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) \n- tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) \n- vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) \n- net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) \n- MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) \n- tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) \n- net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) \n- ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) \n- drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) \n- scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) \n- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) \n- NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) \n- net: ieee802154: handle iftypes as u32 (Alexander Aring) \n- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) \n- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) \n- ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) \n- netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) \n- tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) \n- xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) \n- xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) \n- fuse: fix page stealing (Miklos Szeredi) \n- staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) \n- HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) \n- media: cec: copy sequence field for the reply (Hans Verkuil) \n- ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) \n- usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) \n- usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) \n- USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) \n- USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-20317", "CVE-2021-26401", "CVE-2021-38199", "CVE-2021-4002", "CVE-2021-4149", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-1016", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-26966", "CVE-2022-27666"], "modified": "2022-05-10T00:00:00", "id": "ELSA-2022-9367", "href": "http://linux.oracle.com/errata/ELSA-2022-9367.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2022-05-24T09:32:41", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-24T07:31:01", "type": "redhat", "title": "(RHSA-2022:4721) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-24T07:34:35", "id": "RHSA-2022:4721", "href": "https://access.redhat.com/errata/RHSA-2022:4721", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-18T15:11:07", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update to the latest RHEL7.9.z14 source tree (BZ#2071179)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-18T12:14:46", "type": "redhat", "title": "(RHSA-2022:4644) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-18T14:39:27", "id": "RHSA-2022:4644", "href": "https://access.redhat.com/errata/RHSA-2022:4644", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-18T15:10:49", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-18T12:33:06", "type": "redhat", "title": "(RHSA-2022:4655) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-18T12:35:40", "id": "RHSA-2022:4655", "href": "https://access.redhat.com/errata/RHSA-2022:4655", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-24T09:31:32", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-24T07:28:56", "type": "redhat", "title": "(RHSA-2022:4717) Important: kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-24T08:12:31", "id": "RHSA-2022:4717", "href": "https://access.redhat.com/errata/RHSA-2022:4717", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-18T15:11:20", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel panic in mlx5_ib driver RHEL/CentOS 7.9 VM (BZ#2046571)\n\n* [RHEL-7.9] Get Call Trace about \"kernel/timer.c:1270 requeue_timers+0x15e/0x170\" on specified AMD x86_64 system (BZ#2048502)\n\n* kernel NULL pointer dereference while calling dma_pool_alloc from the mlx5_core module (BZ#2055457)\n\n* Rhel 7.9 NFS Clients takes very long time to resume operations in an NFS Server failover scenario (BZ#2066699)\n\n* perf stat shows unsupported counters for Intel IceLake cpu (BZ#2072317)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-18T12:14:40", "type": "redhat", "title": "(RHSA-2022:4642) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-18T14:39:29", "id": "RHSA-2022:4642", "href": "https://access.redhat.com/errata/RHSA-2022:4642", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-11T15:03:39", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: use-after-free in RDMA listen() (CVE-2021-4028)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Extend /sys/devices/system/cpu/smt/* interface to all architectures [7.6.z] (BZ#2060991)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T12:41:19", "type": "redhat", "title": "(RHSA-2022:2186) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4028", "CVE-2022-0492"], "modified": "2022-05-11T14:11:56", "id": "RHSA-2022:2186", "href": "https://access.redhat.com/errata/RHSA-2022:2186", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-22T10:03:18", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Hitting BUG_ON() in kernel/hrtimer.c:1236 (BZ#2070209)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-22T08:05:17", "type": "redhat", "title": "(RHSA-2022:5157) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492", "CVE-2022-1729"], "modified": "2022-06-22T08:23:52", "id": "RHSA-2022:5157", "href": "https://access.redhat.com/errata/RHSA-2022:5157", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-11T17:32:45", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: use-after-free in RDMA listen() (CVE-2021-4028)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T15:21:14", "type": "redhat", "title": "(RHSA-2022:2211) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4028", "CVE-2022-0492"], "modified": "2022-05-11T16:58:07", "id": "RHSA-2022:2211", "href": "https://access.redhat.com/errata/RHSA-2022:2211", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-19T15:50:33", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-19T14:43:44", "type": "redhat", "title": "(RHSA-2022:1418) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4083", "CVE-2022-0492", "CVE-2022-25636"], "modified": "2022-04-19T15:25:55", "id": "RHSA-2022:1418", "href": "https://access.redhat.com/errata/RHSA-2022:1418", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-11T13:14:03", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: use-after-free in RDMA listen() (CVE-2021-4028)\n\n* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T12:43:45", "type": "redhat", "title": "(RHSA-2022:2189) Important: kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4028", "CVE-2021-4083", "CVE-2022-0492"], "modified": "2022-05-11T12:54:42", "id": "RHSA-2022:2189", "href": "https://access.redhat.com/errata/RHSA-2022:2189", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-19T15:49:58", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the RHEL-8.4.z8 source tree (BZ#2059334)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-19T13:47:38", "type": "redhat", "title": "(RHSA-2022:1413) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4083", "CVE-2022-0492", "CVE-2022-25636"], "modified": "2022-04-19T14:18:53", "id": "RHSA-2022:1413", "href": "https://access.redhat.com/errata/RHSA-2022:1413", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-28T18:02:18", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fixes:\n\n* Power10 PMU fix for PM_CYC/PM_INST_CMPL ( kernel/perf) (BZ#2040665)\n\n* call traces and packet drops seen after changing mtu of ibmvnic interface. (ibmvnic/ P10/ Everglade) (BZ#2050679)\n\n* zfcp: fix failed recovery on gone remote port, non-NPIV FCP dev (BZ#2050739)\n\n* overlay mount fails with ELOOP (Too many levels of symbolic links) (BZ#2053030)\n\n* Host unable to automatically add namespaces belonging to a new ANA group (BZ#2055466)\n\n* scheduler updates and fixes [None8.4.0.z] (BZ#2056834)\n\n* nf_reinject calls nf_queue_entry_free on an already freed entry->state (BZ#2061445)\n\n* First Packet Latency impacted by mlx5 warning msg (BZ#2067992)\n\n* openvswitch connection tracking sends incorrect flow key for some upcalls (BZ#2068477)\n\n* Backport upstream rcu commits up to v5.10 (BZ#2069819)\n\n* Packages have been upgraded to a later upstream version: kernel (4.18.0) (BZ#2036932)\n\nEnhancement:\n\n* zcrypt DD: Toleration for new IBM Z Crypto Hardware (BZ#2054097)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-20T12:51:21", "type": "redhat", "title": "(RHSA-2022:1455) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4083", "CVE-2022-0492", "CVE-2022-25636"], "modified": "2022-04-20T14:39:16", "id": "RHSA-2022:1455", "href": "https://access.redhat.com/errata/RHSA-2022:1455", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-17T19:30:10", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-15T12:48:47", "type": "redhat", "title": "(RHSA-2022:0925) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4083", "CVE-2022-0330", "CVE-2022-0492", "CVE-2022-22942"], "modified": "2022-03-15T12:51:56", "id": "RHSA-2022:0925", "href": "https://access.redhat.com/errata/RHSA-2022:0925", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-19T15:50:59", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)\n\n* kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)\n\n* kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-19T13:57:18", "type": "redhat", "title": "(RHSA-2022:1417) Important: kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0466", "CVE-2021-0920", "CVE-2021-4155", "CVE-2022-0492"], "modified": "2022-04-19T14:57:48", "id": "RHSA-2022:1417", "href": "https://access.redhat.com/errata/RHSA-2022:1417", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-10T23:50:44", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThe following packages have been upgraded to a later upstream version: kernel (4.18.0). (BZ#2036933)\n\nSecurity Fix(es):\n\n* kernel: improper initialization of the \"flags\" member of the new pipe_buffer (CVE-2022-0847)\n\n* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [Intel 8.3 Bug] ICX Whitley: PCIe - kernel panic with AER-INJECT (BZ#2040309)\n\n* [ESXi][RHEL8] A task is stuck waiting for the completion of the vmci_resouce releasing upon the balloon reset. [None8.2.0.z] (BZ#2052200)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-10T14:39:03", "type": "redhat", "title": "(RHSA-2022:0820) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4083", "CVE-2022-0330", "CVE-2022-0492", "CVE-2022-0847", "CVE-2022-22942"], "modified": "2022-03-10T15:01:27", "id": "RHSA-2022:0820", "href": "https://access.redhat.com/errata/RHSA-2022:0820", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-10T23:47:20", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: improper initialization of the \"flags\" member of the new pipe_buffer (CVE-2022-0847)\n\n* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the latest RHEL-8.2.z16 Batch (BZ#2057698)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-10T14:39:50", "type": "redhat", "title": "(RHSA-2022:0821) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4083", "CVE-2022-0330", "CVE-2022-0492", "CVE-2022-0847", "CVE-2022-22942"], "modified": "2022-03-10T14:42:28", "id": "RHSA-2022:0821", "href": "https://access.redhat.com/errata/RHSA-2022:0821", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-07T22:22:22", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)\n\n* kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154)\n\n* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)\n\n* kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-14T09:49:54", "type": "redhat", "title": "(RHSA-2022:0849) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-4154", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-22942"], "modified": "2022-03-14T09:52:52", "id": "RHSA-2022:0849", "href": "https://access.redhat.com/errata/RHSA-2022:0849", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-03-15T15:30:09", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)\n\n* kernel: use-after-free in RDMA listen() (CVE-2021-4028)\n\n* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T09:57:42", "type": "redhat", "title": "(RHSA-2022:0851) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-4028", "CVE-2021-4083", "CVE-2022-0330", "CVE-2022-0492", "CVE-2022-22942"], "modified": "2022-03-14T10:03:08", "id": "RHSA-2022:0851", "href": "https://access.redhat.com/errata/RHSA-2022:0851", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-10T23:49:58", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: improper initialization of the \"flags\" member of the new pipe_buffer (CVE-2022-0847)\n\n* kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)\n\n* kernel: use-after-free in RDMA listen() (CVE-2021-4028)\n\n* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-10T14:41:26", "type": "redhat", "title": "(RHSA-2022:0823) Important: kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-4028", "CVE-2021-4083", "CVE-2022-0330", "CVE-2022-0492", "CVE-2022-0847", "CVE-2022-22942"], "modified": "2022-03-10T14:52:26", "id": "RHSA-2022:0823", "href": "https://access.redhat.com/errata/RHSA-2022:0823", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-07T22:21:26", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: improper initialization of the \"flags\" member of the new pipe_buffer (CVE-2022-0847)\n\n* kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)\n\n* kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154)\n\n* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)\n\n* kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel symbol '__rt_mutex_init' is exported GPL-only in kernel 4.18.0-348.2.1.rt7.132.el8_5 (BZ#2038423)\n\n* kernel-rt: update RT source tree to the RHEL-8.5.z3 source tree (BZ#2045589)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-10T14:37:54", "type": "redhat", "title": "(RHSA-2022:0819) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-4154", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0847", "CVE-2022-22942"], "modified": "2022-03-10T14:39:34", "id": "RHSA-2022:0819", "href": "https://access.redhat.com/errata/RHSA-2022:0819", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-03-17T17:29:54", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)\n\n* kernel: use-after-free in RDMA listen() (CVE-2021-4028)\n\n* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n* kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)\n\n* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Several kpatch CVEs needed for kernel-4.18.0-147.58.1.el8_1 (BZ#2064297)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-17T16:08:02", "type": "redhat", "title": "(RHSA-2022:0958) Important: kpatch-patch-4_18_0-147_58_1 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-4028", "CVE-2021-4083", "CVE-2021-4155", "CVE-2022-0330", "CVE-2022-0492", "CVE-2022-22942"], "modified": "2022-03-17T16:17:06", "id": "RHSA-2022:0958", "href": "https://access.redhat.com/errata/RHSA-2022:0958", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-07T22:20:13", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThe following packages have been upgraded to a later upstream version: kernel (4.18.0). (BZ#2036888)\n\nSecurity Fix(es):\n\n* kernel: improper initialization of the \"flags\" member of the new pipe_buffer (CVE-2022-0847)\n\n* kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)\n\n* kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154)\n\n* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)\n\n* kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\n* kernel: missing check in ioctl allows kernel memory read/write (CVE-2022-0516)\n\n* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Intel QAT Kernel power up fix (BZ#2016437)\n\n* RHEL8.4 seeing scsi_dma_map failed with mpt3sas driver and affecting performance (BZ#2018928)\n\n* [Lenovo 8.4 bug] audio_HDMI certification failed on RHEL 8.4GA (No hdmi out) (BZ#2027335)\n\n* [RHEL-8.5][4.18.0-323.el8.ppc64le][POWER8/9/10] security_flavor mode is not set back to zero post online migration (BZ#2027448)\n\n* iommu/amd: Fix unable to handle page fault due to AVIC (BZ#2030854)\n\n* [Lenovo 8.4 bug]The VGA display shows no signal (black screen) when install RHEL8.4(beta or rc1) in the legacy BIOS mode. (BZ#2034949)\n\n* Double free of kmalloc-64 cache struct ib_port->pkey_group from module ib_core . (BZ#2038724)\n\n* Bus error with huge pages enabled (BZ#2039015)\n\n* RHEL8 - kvm: floating interrupts may get stuck (BZ#2040769)\n\n* Data corruption on small files served by httpd, which is backed by cifs-mount (BZ#2041529)\n\n* Add a net/mlx5 patch for Hardware Offload Fix (BZ#2042663)\n\n* Windows guest random Bsod when 'hv-tlbflush' enlightenment is enabled (BZ#2043237)\n\n* DNS lookup failures when run two times in a row (BZ#2043548)\n\n* net/sched: Fix ct zone matching for invalid conntrack state (BZ#2043550)\n\n* Kernel 4.18.0-348.2.1 secpath_cache memory leak involving strongswan tunnel (BZ#2047427)\n\n* OCP node XFS metadata corruption after numerous reboots (BZ#2049292)\n\n* Broadcom bnxt_re: RDMA stats are not incrementing (BZ#2049684)\n\n* ice: bug fix series for 8.6 (BZ#2051951)\n\n* panic while looking up a symlink due to NULL i_op->get_link (BZ#2052558)\n\n* ceph omnibus backport for RHEL-8.6.0 (BZ#2053725)\n\n* SCTP peel-off with SELinux and containers in OCP (BZ#2054112)\n\n* Selinux is not allowing SCTP connection setup between inter pod communication in enforcing mode (BZ#2054117)\n\n* dnf fails with fsync() over local repository present on CIFS mount point (BZ#2055824)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-10T14:43:03", "type": "redhat", "title": "(RHSA-2022:0825) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-4154", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0516", "CVE-2022-0847", "CVE-2022-22942"], "modified": "2022-03-10T15:02:35", "id": "RHSA-2022:0825", "href": "https://access.redhat.com/errata/RHSA-2022:0825", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:08:38", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.50. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:1698\n\nSecurity Fix(es):\n\n* moby: Default inheritable capabilities for linux container should be\nempty (CVE-2022-24769)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-12T17:58:21", "type": "redhat", "title": "(RHSA-2022:1699) Moderate: OpenShift Container Platform 4.7.50 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4083", "CVE-2022-0492", "CVE-2022-21426", "CVE-2022-21434", "CVE-2022-21443", "CVE-2022-21476", "CVE-2022-21496", "CVE-2022-24769", "CVE-2022-25636"], "modified": "2022-05-12T17:58:56", "id": "RHSA-2022:1699", "href": "https://access.redhat.com/errata/RHSA-2022:1699", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-26T21:29:50", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-28T16:31:56", "type": "redhat", "title": "(RHSA-2022:1083) Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-23177", "CVE-2021-23518", "CVE-2021-23566", "CVE-2021-31566", "CVE-2021-3999", "CVE-2021-4154", "CVE-2021-45960", "CVE-2021-46143", "CVE-2022-0144", "CVE-2022-0155", "CVE-2022-0235", "CVE-2022-0261", "CVE-2022-0318", "CVE-2022-0330", "CVE-2022-0359", "CVE-2022-0361", "CVE-2022-0392", "CVE-2022-0413", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0516", "CVE-2022-0536", "CVE-2022-0847", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-22826", "CVE-2022-22827", "CVE-2022-22942", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23308", "CVE-2022-23852", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25315"], "modified": "2022-04-26T20:03:02", "id": "RHSA-2022:1083", "href": "https://access.redhat.com/errata/RHSA-2022:1083", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-04-26T21:28:42", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)\n\n* imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nRelated bugs:\n\n* RHACM 2.4.3 image files (BZ #2057249)\n\n* Observability - dashboard name contains `/` would cause error when generating dashboard cm (BZ #2032128)\n\n* ACM application placement fails after renaming the application name (BZ #2033051)\n\n* Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197)\n\n* Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820)\n\n* The value of name label changed from clusterclaim name to cluster name (BZ #2042223)\n\n* VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ #2048500)\n\n* clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211)\n\n* Application cluster status is not updated in UI after restoring (BZ #2053279)\n\n* OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610)\n\n* The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039)\n\n* Subscriptions stop reconciling after channel secrets are recreated (BZ #2059954)\n\n* Placementrule is not reconciling on a new fresh environment (BZ #2074156)\n\n* The cluster claimed from clusterpool cannot auto imported (BZ #2074543)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-20T19:16:13", "type": "redhat", "title": "(RHSA-2022:1476) Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0920", "CVE-2021-23177", "CVE-2021-23518", "CVE-2021-23566", "CVE-2021-31566", "CVE-2021-3999", "CVE-2021-41190", "CVE-2021-4154", "CVE-2021-43565", "CVE-2021-45960", "CVE-2021-46143", "CVE-2022-0144", "CVE-2022-0155", "CVE-2022-0235", "CVE-2022-0261", "CVE-2022-0318", "CVE-2022-0330", "CVE-2022-0359", "CVE-2022-0361", "CVE-2022-0392", "CVE-2022-0413", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0516", "CVE-2022-0536", "CVE-2022-0778", "CVE-2022-0811", "CVE-2022-0847", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-22826", "CVE-2022-22827", "CVE-2022-22942", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23308", "CVE-2022-23852", "CVE-2022-24450", "CVE-2022-24778", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25315", "CVE-2022-27191"], "modified": "2022-04-26T19:52:32", "id": "RHSA-2022:1476", "href": "https://access.redhat.com/errata/RHSA-2022:1476", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T16:51:38", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which resolve security issues and fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fixes: \n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\n* nconf: Prototype pollution in memory store (CVE-2022-21803)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n(CVE-2022-23806)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* go-getter: writes SSH credentials into logfile, exposing sensitive\ncredentials to local uses (CVE-2022-29810)\n\nBug fixes:\n\n* RHACM 2.3.11 images (BZ# 2082087)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-28T15:09:33", "type": "redhat", "title": "(RHSA-2022:5392) Moderate: Red Hat Advanced Cluster Management 2.3.11 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2020-0404", "CVE-2020-13974", "CVE-2020-27820", "CVE-2020-4788", "CVE-2021-0941", "CVE-2021-20322", "CVE-2021-21781", "CVE-2021-25219", "CVE-2021-26401", "CVE-2021-29154", "CVE-2021-3612", "CVE-2021-3634", "CVE-2021-3669", "CVE-2021-3695", "CVE-2021-3696", "CVE-2021-3697", "CVE-2021-37159", "CVE-2021-3737", "CVE-2021-3743", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3759", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-3773", "CVE-2021-38185", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4157", "CVE-2021-41617", "CVE-2021-41864", "CVE-2021-4189", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0235", "CVE-2022-0286", "CVE-2022-0322", "CVE-2022-0492", "CVE-2022-0536", "CVE-2022-1011", "CVE-2022-1271", "CVE-2022-1708", "CVE-2022-21803", "CVE-2022-23806", "CVE-2022-24785", "CVE-2022-28733", "CVE-2022-28734", "CVE-2022-28735", "CVE-2022-28736", "CVE-2022-28737", "CVE-2022-29526", "CVE-2022-29810"], "modified": "2022-06-28T15:29:45", "id": "RHSA-2022:5392", "href": "https://access.redhat.com/errata/RHSA-2022:5392", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-19T13:55:14", "description": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-19T10:16:29", "type": "redhat", "title": "(RHSA-2022:1396) Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3577", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2020-25709", "CVE-2020-25710", "CVE-2021-0920", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-21684", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23177", "CVE-2021-28153", "CVE-2021-31566", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3521", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-36221", "CVE-2021-3800", "CVE-2021-3999", "CVE-2021-41190", "CVE-2021-4122", "CVE-2021-4154", "CVE-2021-42574", "CVE-2021-44716", "CVE-2021-44717", "CVE-2021-45960", "CVE-2021-46143", "CVE-2022-0261", "CVE-2022-0318", "CVE-2022-0330", "CVE-2022-0359", "CVE-2022-0361", "CVE-2022-0392", "CVE-2022-0413", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0516", "CVE-2022-0532", "CVE-2022-0778", "CVE-2022-0847", "CVE-2022-22816", "CVE-2022-22817", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-22826", "CVE-2022-22827", "CVE-2022-22942", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23308", "CVE-2022-23852", "CVE-2022-24407", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25315"], "modified": "2022-04-19T10:16:51", "id": "RHSA-2022:1396", "href": "https://access.redhat.com/errata/RHSA-2022:1396", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "githubexploit": [{"lastseen": "2022-05-09T16:09:11", "description": "Linux kernel\n============\n\nThere are several guides for kernel d...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-09T13:20:03", "type": "githubexploit", "title": "Exploit for Improper Authentication in Linux Linux Kernel", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-09T13:26:52", "id": "9840D3EA-61BB-54B6-904A-09DAD15F24DC", "href": "", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-06-26T20:31:55", "description": "# CVE-2022-0492-Checker\nA script to check if a container environ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-07T10:03:17", "type": "githubexploit", "title": "Exploit for Improper Authentication in Linux Linux Kernel", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-06-26T19:31:20", "id": "768F8F97-383F-5D15-BBA5-81FFC7138CD5", "href": "", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-05-03T18:00:55", "description": "A container image that tests whether a container enviroment is v...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-28T01:25:26", "type": "githubexploit", "title": "Exploit for Improper Authentication in Linux Linux Kernel", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-03T00:31:53", "id": "8F8D2F72-BC08-5672-91A1-523A5EF7D1AA", "href": "", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-03-19T11:55:00", "description": "# CVE-2022-0492-Checker\nA script to check if a container environ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-06T10:57:09", "type": "githubexploit", "title": "Exploit for Improper Authentication in Linux Linux Kernel", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-03-19T07:13:50", "id": "9FDDDA87-06DB-51EC-ADC5-5009B1A6F124", "href": "", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-06-26T23:23:21", "description": "# CVE-2022-0492 \u5bb9\u5668\u9003\u9038\u5206\u6790\n\n[toc]\n\n## \u6f0f\u6d1e\u7b80\u4ecb\n\n\u6f0f\u6d1e\u7f16\u53f7: CVE-2022-0492\n\n\u6f0f\u6d1e\u4ea7...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-11T08:02:46", "type": "githubexploit", "title": "Exploit for Improper Authentication in Linux Linux Kernel", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0492"], "modified": "2022-06-26T21:07:26", "id": "926D289B-3E6E-5186-8511-1F7D832A8CAD", "href": "", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}], "nessus": [{"lastseen": "2022-06-15T17:02:27", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4717 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-24T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2022:4717)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2022-4717.NASL", "href": "https://www.tenable.com/plugins/nessus/161475", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4717. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161475);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\"CVE-2022-0492\");\n script_xref(name:\"RHSA\", value:\"2022:4717\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2022:4717)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4717 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051505\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_aus_7_7_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-aus-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_e4s_7_7_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_e4s_7_7': [\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_hana_e4s_7_7': [\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_tus_7_7_server': [\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-7-server-tus-source-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms__7_DOT_7__x86_64'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0492');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:4717');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1062.67.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-3.10.0-1062.67.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.67.1.el7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-debug-3.10.0-1062.67.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-debug-devel-3.10.0-1062.67.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-devel-3.10.0-1062.67.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-tools-3.10.0-1062.67.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-tools-libs-3.10.0-1062.67.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.67.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'perf-3.10.0-1062.67.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'python-perf-3.10.0-1062.67.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T20:34:27", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0991-1 advisory.\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-30T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 19 for SLE 15 SP2) (SUSE-SU-2022:0991-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0492"], "modified": "2022-03-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_83-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_105-default", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_83-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_110-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_88-default", "cpe:/o:novell:suse_linux:12", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0991-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159344", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0991-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159344);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/30\");\n\n script_cve_id(\"CVE-2022-0492\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0991-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 19 for SLE 15 SP2) (SUSE-SU-2022:0991-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in\nthe SUSE-SU-2022:0991-1 advisory.\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195908\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010554.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?352cd935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_83-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_105-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_83-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_110-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_88-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-livepatch-4_12_14-150_83-default-2-150000.2.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-livepatch-4_12_14-197_105-default-2-150100.2.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-livepatch-5_3_18-24_83-default-7-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.2'},\n {'reference':'kernel-livepatch-4_12_14-150_83-default-2-150000.2.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15'},\n {'reference':'kernel-livepatch-4_12_14-197_105-default-2-150100.2.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15.1'},\n {'reference':'kernel-livepatch-5_3_18-24_83-default-7-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15.2'},\n {'reference':'kgraft-patch-4_12_14-95_88-default-2-2.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-live-patching-release-12.4'},\n {'reference':'kgraft-patch-4_12_14-122_110-default-2-2.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-live-patching-release-12.5'},\n {'reference':'kernel-livepatch-4_12_14-150_83-default-2-150000.2.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-live-patching-release-15'},\n {'reference':'kernel-livepatch-4_12_14-197_105-default-2-150100.2.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-live-patching-release-15.1'},\n {'reference':'kernel-livepatch-5_3_18-24_83-default-7-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-live-patching-release-15.2'},\n {'reference':'kernel-livepatch-4_12_14-150_83-default-2-150000.2.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15'},\n {'reference':'kernel-livepatch-4_12_14-197_105-default-2-150100.2.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'kernel-livepatch-5_3_18-24_83-default-7-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.2'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150_83-default / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T17:02:48", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:4642 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-19T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2022:4642)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2022-4642.NASL", "href": "https://www.tenable.com/plugins/nessus/161374", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4642 and\n# CentOS Errata and Security Advisory 2022:4642 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161374);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\"CVE-2022-0492\");\n script_xref(name:\"RHSA\", value:\"2022:4642\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2022:4642)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2022:4642 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2022-May/073587.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cbe41c13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.66.1.el7', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T17:02:49", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4642 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-19T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2022:4642)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2022-4642.NASL", "href": "https://www.tenable.com/plugins/nessus/161354", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4642. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161354);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\"CVE-2022-0492\");\n script_xref(name:\"RHSA\", value:\"2022:4642\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2022:4642)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4642 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051505\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0492');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:4642');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.66.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bpftool-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-3.10.0-1160.66.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.66.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-debug-3.10.0-1160.66.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-debug-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-debug-devel-3.10.0-1160.66.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-debug-devel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-devel-3.10.0-1160.66.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-devel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-kdump-3.10.0-1160.66.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-kdump-devel-3.10.0-1160.66.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-tools-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-tools-libs-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'perf-3.10.0-1160.66.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'perf-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'python-perf-3.10.0-1160.66.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'python-perf-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T17:02:26", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-4642 advisory.\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2022-4642)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-4642.NASL", "href": "https://www.tenable.com/plugins/nessus/161385", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-4642.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161385);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\"CVE-2022-0492\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2022-4642)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-4642 advisory.\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-4642.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1160.66.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-4642');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.66.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.66.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T17:02:47", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4721 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-24T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2022:4721)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:7.7", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_51_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_52_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_56_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_59_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_60_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_61_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_63_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_66_1"], "id": "REDHAT-RHSA-2022-4721.NASL", "href": "https://www.tenable.com/plugins/nessus/161471", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4721. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161471);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\"CVE-2022-0492\");\n script_xref(name:\"RHSA\", value:\"2022:4721\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2022:4721)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4721 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051505\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_51_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_52_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_56_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_59_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_60_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_61_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_63_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_66_1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar repositories = {\n 'rhel_e4s_7_7_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_e4s_7_7': [\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_hana_e4s_7_7': [\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar kernel_live_checks = {\n '3.10.0-1062.51.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1062_51_1-1-7.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7']},\n '3.10.0-1062.52.2.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1062_52_2-1-6.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7']},\n '3.10.0-1062.56.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1062_56_1-1-5.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7']},\n '3.10.0-1062.59.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1062_59_1-1-3.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7']},\n '3.10.0-1062.60.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1062_60_1-1-3.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7']},\n '3.10.0-1062.61.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1062_61_1-1-3.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7']},\n '3.10.0-1062.63.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1062_63_1-1-2.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7']},\n '3.10.0-1062.66.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1062_66_1-1-1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7']}\n};\n\nvar kpatch_details = kernel_live_checks[uname_r];\nif (empty_or_null(kpatch_details)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nvar flag = 0;\nvar reference = NULL;\nvar release = NULL;\nvar sp = NULL;\nvar cpu = NULL;\nvar el_string = NULL;\nvar rpm_spec_vers_cmp = NULL;\nvar epoch = NULL;\nvar allowmaj = NULL;\nvar exists_check = NULL;\nvar repo_list = NULL;\nif (!empty_or_null(kpatch_details['repo_list'])) repo_list = kpatch_details['repo_list'];\nif (!empty_or_null(kpatch_details['reference'])) reference = kpatch_details['reference'];\nif (!empty_or_null(kpatch_details['release'])) release = 'RHEL' + kpatch_details['release'];\nif (!empty_or_null(kpatch_details['sp'])) sp = kpatch_details['sp'];\nif (!empty_or_null(kpatch_details['cpu'])) cpu = kpatch_details['cpu'];\nif (!empty_or_null(kpatch_details['el_string'])) el_string = kpatch_details['el_string'];\nif (!empty_or_null(kpatch_details['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = kpatch_details['rpm_spec_vers_cmp'];\nif (!empty_or_null(kpatch_details['epoch'])) epoch = kpatch_details['epoch'];\nif (!empty_or_null(kpatch_details['allowmaj'])) allowmaj = kpatch_details['allowmaj'];\nif (!empty_or_null(kpatch_details['exists_check'])) exists_check = kpatch_details['exists_check'];\nif (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-3_10_0-1062_51_1 / kpatch-patch-3_10_0-1062_52_2 / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T17:02:00", "description": "The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K54724312 advisory.\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-25T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K54724312)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL54724312.NASL", "href": "https://www.tenable.com/plugins/nessus/161504", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K54724312.\n#\n# @NOAGENT@\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161504);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2022-0492\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K54724312)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by\na vulnerability as referenced in the K54724312 advisory.\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.f5.com/csp/article/K54724312\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K54724312.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/25\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude('f5_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar version = get_kb_item('Host/BIG-IP/version');\nif ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');\nif ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');\nif ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nvar sol = 'K54724312';\nvar vmatrix = {\n 'AFM': {\n 'affected': [\n '17.0.0','16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.5'\n ],\n },\n 'APM': {\n 'affected': [\n '17.0.0','16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.5'\n ],\n },\n 'ASM': {\n 'affected': [\n '17.0.0','16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.5'\n ],\n },\n 'GTM': {\n 'affected': [\n '17.0.0','16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.5'\n ],\n },\n 'LTM': {\n 'affected': [\n '17.0.0','16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.5'\n ],\n },\n 'PEM': {\n 'affected': [\n '17.0.0','16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.5'\n ],\n },\n 'PSM': {\n 'affected': [\n '17.0.0','16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.5'\n ],\n },\n 'WOM': {\n 'affected': [\n '17.0.0','16.1.0-16.1.2','15.1.0-15.1.5','14.1.0-14.1.4','13.1.0-13.1.5'\n ],\n }\n};\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n var extra = NULL;\n if (report_verbosity > 0) extra = bigip_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n}\nelse\n{\n var tested = bigip_get_tested_modules();\n var audit_extra = 'For BIG-IP module(s) ' + tested + ',';\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, 'running any of the affected modules');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T16:59:22", "description": "The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2022:1036-1 advisory.\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-31T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (Live Patch 42 for SLE 12 SP3) (SUSE-SU-2022:1036-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0492"], "modified": "2022-03-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_153-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-1036-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159369", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1036-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159369);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/31\");\n\n script_cve_id(\"CVE-2022-0492\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1036-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (Live Patch 42 for SLE 12 SP3) (SUSE-SU-2022:1036-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-\nSU-2022:1036-1 advisory.\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195908\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010569.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3f90cb94\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kgraft-patch-4_4_180-94_153-default package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_153-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kgraft-patch-4_4_180-94_153-default-3-2.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kgraft-patch-4_4_180-94_153-default-3-2.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kgraft-patch-4_4_180-94_153-default');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T17:00:32", "description": "The remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by a vulnerability:\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 5.04 : kernel Vulnerability (NS-SA-2022-0024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:kernel", "p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_main:kernel-debug", "p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debug-devel", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_main:kernel-devel", "p-cpe:/a:zte:cgsl_main:kernel-headers", "p-cpe:/a:zte:cgsl_main:kernel-sign-keys", "p-cpe:/a:zte:cgsl_main:kernel-tools", "p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_main:perf", "p-cpe:/a:zte:cgsl_main:perf-debuginfo", "p-cpe:/a:zte:cgsl_main:python-perf", "p-cpe:/a:zte:cgsl_main:python-perf-debuginfo", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2022-0024_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/160867", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0024. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160867);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2022-0492\");\n\n script_name(english:\"NewStart CGSL MAIN 5.04 : kernel Vulnerability (NS-SA-2022-0024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by a\nvulnerability:\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0024\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2022-0492\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-sign-keys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1119.1.gb946884'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T17:00:35", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by a vulnerability:\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : kernel Vulnerability (NS-SA-2022-0004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:kernel", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_main:kernel-devel", "p-cpe:/a:zte:cgsl_main:kernel-headers", "p-cpe:/a:zte:cgsl_main:perf", "p-cpe:/a:zte:cgsl_main:perf-debuginfo", "p-cpe:/a:zte:cgsl_main:python-perf", "p-cpe:/a:zte:cgsl_main:python-perf-debuginfo", "cpe:/o:zte:cgsl_main:4"], "id": "NEWSTART_CGSL_NS-SA-2022-0004_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/160733", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0004. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160733);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2022-0492\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : kernel Vulnerability (NS-SA-2022-0004)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by a\nvulnerability:\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0004\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2022-0492\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 4.05': [\n 'kernel-2.6.32-642.13.1.el6.cgslv4_5.0.181.gd10df9b',\n 'kernel-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.181.gd10df9b',\n 'kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.cgslv4_5.0.181.gd10df9b',\n 'kernel-devel-2.6.32-642.13.1.el6.cgslv4_5.0.181.gd10df9b',\n 'kernel-headers-2.6.32-642.13.1.el6.cgslv4_5.0.181.gd10df9b',\n 'perf-2.6.32-642.13.1.el6.cgslv4_5.0.181.gd10df9b',\n 'perf-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.181.gd10df9b',\n 'python-perf-2.6.32-642.13.1.el6.cgslv4_5.0.181.gd10df9b',\n 'python-perf-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.181.gd10df9b'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T17:01:59", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4644 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-19T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2022:4644)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm"], "id": "REDHAT-RHSA-2022-4644.NASL", "href": "https://www.tenable.com/plugins/nessus/161358", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4644. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161358);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\"CVE-2022-0492\");\n script_xref(name:\"RHSA\", value:\"2022:4644\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2022:4644)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4644 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051505\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0492');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:4644');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'kernel-rt-3.10.0-1160.66.1.rt56.1207.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-debug-3.10.0-1160.66.1.rt56.1207.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-debug-devel-3.10.0-1160.66.1.rt56.1207.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1160.66.1.rt56.1207.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-devel-3.10.0-1160.66.1.rt56.1207.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-doc-3.10.0-1160.66.1.rt56.1207.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-kvm-3.10.0-1160.66.1.rt56.1207.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-trace-3.10.0-1160.66.1.rt56.1207.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-trace-devel-3.10.0-1160.66.1.rt56.1207.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1160.66.1.rt56.1207.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T18:22:38", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4655 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-19T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2022:4655)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0492"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_31_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_36_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_41_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_42_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_45_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_49_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_53_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_59_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_62_1"], "id": "REDHAT-RHSA-2022-4655.NASL", "href": "https://www.tenable.com/plugins/nessus/161368", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:4655. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161368);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\"CVE-2022-0492\");\n script_xref(name:\"RHSA\", value:\"2022:4655\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2022:4655)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:4655 advisory.\n\n - kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:4655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051505\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_31_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_36_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_41_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_42_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_45_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_49_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_53_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_59_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_62_1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar kernel_live_checks = {\n '3.10.0-1160.31.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1160_31_1-1-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n '3.10.0-1160.36.2.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1160_36_2-1-7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n '3.10.0-1160.41.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1160_41_1-1-6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n '3.10.0-1160.42.2.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1160_42_2-1-5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n '3.10.0-1160.45.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1160_45_1-1-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n '3.10.0-1160.49.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1160_49_1-1-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n '3.10.0-1160.53.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1160_53_1-1-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n '3.10.0-1160.59.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1160_59_1-1-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n '3.10.0-1160.62.1.el7.x86_64': {'reference':'kpatch-patch-3_10_0-1160_62_1-1-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n};\n\nvar kpatch_details = kernel_live_checks[uname_r];\nif (empty_or_null(kpatch_details)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nvar flag = 0;\nvar reference = NULL;\nvar release = NULL;\nvar sp = NULL;\nvar cpu = NULL;\nvar el_string = NULL;\nvar rpm_spec_vers_cmp = NULL;\nvar epoch = NULL;\nvar allowmaj = NULL;\nvar exists_check = NULL;\nvar repo_list = NULL;\nif (!empty_or_null(kpatch_details['repo_list'])) repo_list = kpatch_details['repo_list'];\nif (!empty_or_null(kpatch_details['reference'])) reference = kpatch_details['reference'];\nif (!empty_or_null(kpatch_details['release'])) release = 'RHEL' + kpatch_details['release'];\nif (!empty_or_null(kpatch_details['sp'])) sp = kpatch_details['sp'];\nif (!empty_or_null(kpatch_details['cpu'])) cpu = kpatch_details['cpu'];\nif (!empty_or_null(kpatch_details['el_string'])) el_string = kpatch_details['el_string'];\nif (!empty_or_null(kpatch_details['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = kpatch_details['rpm_spec_vers_cmp'];\nif (!empty_or_null(kpatch_details['epoch'])) epoch = kpatch_details['epoch'];\nif (!empty_or_null(kpatch_details['allowmaj'])) allowmaj = kpatch_details['allowmaj'];\nif (!empty_or_null(kpatch_details['exists_check'])) exists_check = kpatch_details['exists_check'];\nif (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-3_10_0-1160_31_1 / kpatch-patch-3_10_0-1160_36_2 / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T18:17:51", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9142 advisory.\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330) (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-02-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9142)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0330", "CVE-2022-0492"], "modified": "2022-03-16T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9142.NASL", "href": "https://www.tenable.com/plugins/nessus/158102", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9142.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158102);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/16\");\n\n script_cve_id(\"CVE-2022-0492\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9142)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9142 advisory.\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330) (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9142.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.302.7.2.3.el7', '5.4.17-2136.302.7.2.3.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9142');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2136.302.7.2.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.302.7.2.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2136.302.7.2.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.302.7.2.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T18:17:20", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9179 advisory.\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330) (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-01T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0330", "CVE-2022-0492"], "modified": "2022-03-16T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9179.NASL", "href": "https://www.tenable.com/plugins/nessus/158474", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9179.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158474);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/16\");\n\n script_cve_id(\"CVE-2022-0492\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9179)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9179 advisory.\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330) (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9179.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(