Unbreakable Enterprise kernel security update

[4.14.35-2025.401.4]

• KVM: x86: always expose VIRT_SSBD to guests (Paolo Bonzini) [Orabug: 31957046]
  [4.14.35-2025.401.3]
• iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931371]
• oracleasm: Access d_bdev before dropping inode (Stephen Brennan) [Orabug: 31901948]
• net: Correct warning: label ‘drop’ defined but not used. (John Donnelly) [Orabug: 31916130]
• KVM: Corrects build warnings for emulator_get_fpu/emulator_put_fpu (John Donnelly) [Orabug: 31907286]
• ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895330] {CVE-2020-14314}
• net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880143]
• bpf: Fix bpf_event_output re-entry issue (Allan Zhang) [Orabug: 31865842]
• bpf: fix nested bpf tracepoints with per-cpu data (Matt Mullins) [Orabug: 31865842]
• uek-rpm: Turn on module signing for embedded2 kernel (Dave Kleikamp) [Orabug: 31895264]
• uek-rpm: Clean up config-aarch64-embedded2 (Dave Kleikamp) [Orabug: 31895264]
  [4.14.35-2025.401.2]
• mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884238] {CVE-2020-25285}
• rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884165] {CVE-2020-25284}
• nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872904] {CVE-2020-25212}
• IB/mlx5: Fix MR registration flow to use UMR properly (Guy Levi) [Orabug: 31631231]
• IB/mlx5: Prevent concurrent MR updates during invalidation (Moni Shoua) [Orabug: 31631231]
• IB/mlx5: Replace kfree with kvfree (Chuhong Yuan) [Orabug: 31631231]
• RDMA/odp: Do not leak dma maps when working with huge pages (Jason Gunthorpe) [Orabug: 31631231]
• IB/mlx5: Respect new UMR capabilities (Majd Dibbiny) [Orabug: 31631231]
• RDMA/mlx5: Unify error flows in rereg MR failure paths (Leon Romanovsky) [Orabug: 31631231]
• IB/mlx5: Maintain a single emergency page (Ilya Lesokhin) [Orabug: 31631231]
• genirq/irqdomain: Make sure all irq domain flags are distinct (Zenghui Yu) [Orabug: 31885236]
• irq/msi: Direct update affinity if irq is for msix or, maskable (Joe Jin) [Orabug: 31885236]
• x86/apic/msi: Plug non-maskable MSI affinity race (Joe Jin) [Orabug: 31885236]
• mm: memcg: Optimize cgroup traversal in memory.stat read (Tom Hromatka) [Orabug: 31849182]
• SUNRPC: Fix disconnection races (Trond Myklebust) [Orabug: 31796863]
• SUNRPC: Add a helper to wake up a sleeping rpc_task and set its status (Trond Myklebust) [Orabug: 31796863]
• dmaengine: ioatdma: Add Snow Ridge ioatdma device id (Dave Jiang) [Orabug: 31669166]
  [4.14.35-2025.401.1]
• PCI: Probe bridge window attributes once at enumeration-time (Bjorn Helgaas) [Orabug: 31867576]
• net/packet: fix overflow in tpacket_rcv (Or Cohen) [Orabug: 31866489] {CVE-2020-14386} {CVE-2020-14386}
• scsi: qla2xxx: Fix login timeout (Quinn Tran) [Orabug: 31860034]
• block: better deal with the delayed not supported case in blk_cloned_rq_check_limits (Ritika Srivastava) [Orabug: 31850343]
• block: Return blk_status_t instead of errno codes (Ritika Srivastava) [Orabug: 31850343]
• block: print offending values when cloned rq limits are exceeded (John Pittman) [Orabug: 31850343]
• iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (Suravee Suthikulpanit) [Orabug: 31849532]
  [4.14.35-2025.401.0]
• Pensando: kernel config changes for kdump (Rob Gardner) [Orabug: 31821490]
• Pensando: Enable iScsi in kernel config (Rob Gardner) [Orabug: 31821490]
• sample-trace-array: Fix timer definition in samples/ftrace/sample-trace-array.c (Aruna Ramakrishna) [Orabug: 31845460]
• IB/mlx5: Expose RoCE accelerator counters (Avihai Horon) [Orabug: 31621816]
• net/mlx5: Add RoCE accelerator counters (Leon Romanovsky) [Orabug: 31621816]
• lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (Christophe Leroy) [Orabug: 29623005] {CVE-2018-20669}
• x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() (Will Deacon) [Orabug: 29623005] {CVE-2018-20669}
• arch/openrisc: Fix issues with access_ok() (Stafford Horne) [Orabug: 29623005] {CVE-2018-20669}
• Fix ‘acccess_ok()’ on alpha and SH (Linus Torvalds) [Orabug: 29623005] {CVE-2018-20669}
• make ‘user_access_begin()’ do ‘access_ok()’ (Linus Torvalds) [Orabug: 29623005] {CVE-2018-20669}
• kabi fix for reparent slab memory on cgroup removal patchset (Tom Hromatka) [Orabug: 31746022]
• mm/memcontrol.c: add missed css_put() (Muchun Song) [Orabug: 31746022]
• mm: memcg/slab: reparent memcg kmem_caches on cgroup removal (Roman Gushchin) [Orabug: 31746022]
• mm: memcg/slab: stop setting page->mem_cgroup pointer for slab pages (Roman Gushchin) [Orabug: 31746022]
• mm: memcg/slab: rework non-root kmem_cache lifecycle management (Roman Gushchin) [Orabug: 31746022]
• mm: memcg/slab: synchronize access to kmem_cache dying flag using a spinlock (Roman Gushchin) [Orabug: 31746022]
• mm: memcg/slab: don’t check the dying flag on kmem_cache creation (Roman Gushchin) [Orabug: 31746022]
• mm: memcg/slab: unify SLAB and SLUB page accounting (Roman Gushchin) [Orabug: 31746022]
• mm: memcg/slab: introduce __memcg_kmem_uncharge_memcg() (Roman Gushchin) [Orabug: 31746022]
• mm: memcg/slab: generalize postponed non-root kmem_cache deactivation (Roman Gushchin) [Orabug: 31746022]
• mm: memcg/slab: rename slab delayed deactivation functions and fields (Roman Gushchin) [Orabug: 31746022]
• mm: memcg/slab: postpone kmem_cache memcg pointer initialization to memcg_link_cache() (Roman Gushchin) [Orabug: 31746022]
• mm: introduce mem_cgroup_put() helper (Roman Gushchin) [Orabug: 31746022]
• mm/memcontrol.c: export mem_cgroup_is_root() (Kirill Tkhai) [Orabug: 31746022]
• memcg: localize memcg_kmem_enabled() check (Shakeel Butt) [Orabug: 31746022]
• mm: fix race between kmem_cache destroy, create and deactivate (Shakeel Butt) [Orabug: 31746022]
• uek-rpm: Sync up aarch64 config files with latest Marvell patches (Dave Kleikamp) [Orabug: 31838205]
• drivers: marvell: otx2-sdei-ghes: correct issues with crashdump kernel (Rick Farrington) [Orabug: 31838205]
• drivers: mtd: spi-nor: Add MX66L2G45GXRI00 macronix flash (Selvam Venkatachalam) [Orabug: 31838205]
• irqchip/gic-v3: Add workaround for interrupt loss on IPI (Linu Cherian) [Orabug: 31838205]
• octeontx2-af: fix Extended DSA and eDSA parsing (Satha Rao) [Orabug: 31838205]
• drivers: gicv3: Adds workaround for Marvell erratum 38545 (Bhaskara Budiredla) [Orabug: 31838205]
• octeontx2-af: reset HWS group mask during FLR (Michal Mazur) [Orabug: 31838205]
• drivers: marvell: otx2: sdei-ghes: add BERT support for RAS errors (Rick Farrington) [Orabug: 31838205]
• ACPI: APEI: BERT: support BERT in non-ACPI systems (Rick Farrington) [Orabug: 31838205]
• Documentation: dt: edac: update sdei-ghes/bed-bert settings (Rick Farrington) [Orabug: 31838205]
• btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31351744] {CVE-2019-18885}
• sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351958] {CVE-2019-3874}
• Revert ‘zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()’ (Wade Mealing) [Orabug: 31510723] {CVE-2020-10781}
• sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543030]
• sample-trace-array: Remove trace_array ‘sample-instance’ (Kefeng Wang) [Orabug: 31543030]
• tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543030]
• tracing: Adding new functions for kernel access to Ftrace instances (Aruna Ramakrishna) [Orabug: 31543030]
• tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543030]
• tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543030]
• tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543030]
• tracing: Kernel access to Ftrace instances (Divya Indi) [Orabug: 31543030]
• x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (Anthony Steinhauser) [Orabug: 31557803] {CVE-2020-10767}
• md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31682037]
• md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31682037]
• random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698082] {CVE-2020-16166}
• vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705119] {CVE-2020-14331} {CVE-2020-14331}
• KVM: x86: take as_id into account when checking PGD (Vitaly Kuznetsov) [Orabug: 31722725]
• KVM: X86: Fix MSR range of APIC registers in X2APIC mode (Xiaoyao Li) [Orabug: 31722725]
• KVM: nVMX: Report NMIs as allowed when in L2 and Exit-on-NMI is set (Sean Christopherson) [Orabug: 31722725]
• KVM: nVMX: Remove non-functional ‘support’ for CR3 target values (Sean Christopherson) [Orabug: 31722725]
• KVM: x86/mmu: Avoid an extra memslot lookup in try_async_pf() for L2 (Paolo Bonzini) [Orabug: 31722725]
• KVM: x86: Adjust counter sample period after a wrmsr (Eric Hankland) [Orabug: 31722725]
• KVM: nVMX: Handle pending #DB when injecting INIT VM-exit (Oliver Upton) [Orabug: 31722725]
• KVM: x86: Fix perfctr WRMSR for running counters (Eric Hankland) [Orabug: 31722725]
• KVM: nVMX: Check GUEST_DR7 on vmentry of nested guests (Krish Sadhukhan) [Orabug: 31722725]
• perf/core: Provide a kernel-internal interface to recalibrate event period (Like Xu) [Orabug: 31722725]
• KVM: VMX: Consume pending LAPIC INIT event when exit on INIT_SIGNAL (Liran Alon) [Orabug: 31722725]
• KVM: nVMX: cleanup and fix host 64-bit mode checks (Paolo Bonzini) [Orabug: 31722725]
• KVM: nVMX: Check Host Address Space Size on vmentry of nested guests (Krish Sadhukhan) [Orabug: 31722725]
• KVM: hyperv: Fix Direct Synthetic timers assert an interrupt w/o lapic_in_kernel (Wanpeng Li) [Orabug: 31722725]
• KVM: x86: Fix INIT signal handling in various CPU states (Liran Alon) [Orabug: 31722725]
• KVM: VMX: Introduce exit reason for receiving INIT signal on guest-mode (Liran Alon) [Orabug: 31722725]
• KVM: nVMX: add tracepoint for failed nested VM-Enter (Sean Christopherson) [Orabug: 31722725]
• KVM: nVMX: Ignore segment base for VMX memory operand when segment not FS or GS (Liran Alon) [Orabug: 31722725]
• kvm: LAPIC: write down valid APIC registers (Paolo Bonzini) [Orabug: 31722725]
• KVM: LAPIC: ARBPRI is a reserved register for x2APIC (Paolo Bonzini) [Orabug: 31722725]
• KVM nVMX: Check Host Segment Registers and Descriptor Tables on vmentry of nested guests (Krish Sadhukhan) [Orabug: 31722725]
• KVM/nVMX: Use kvm_vcpu_map for accessing the shadow VMCS (KarimAllah Ahmed) [Orabug: 31722725]
• KVM/nVMX: Use kvm_vcpu_map when mapping the virtual APIC page (KarimAllah Ahmed) [Orabug: 31722725]
• KVM: nVMX: Return -EINVAL when signaling failure in VM-Entry helpers (Sean Christopherson) [Orabug: 31722725]
• KVM: nVMX: Move guest non-reg state checks to VM-Exit path (Sean Christopherson) [Orabug: 31722725]
• kvm: nVMX: Check ‘load IA32_PAT’ VM-entry control on vmentry (Krish Sadhukhan) [Orabug: 31722725]
• kvm: nVMX: Check ‘load IA32_PAT’ VM-exit control on vmentry (Krish Sadhukhan) [Orabug: 31722725]
• KVM: x86: optimize check for valid PAT value (Paolo Bonzini) [Orabug: 31722725]
• KVM: nVMX: allow tests to use bad virtual-APIC page address (Paolo Bonzini) [Orabug: 31722725]
• x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (Vitaly Kuznetsov) [Orabug: 31722725]
• kvm: nVMX: Add a vmentry check for HOST_SYSENTER_ESP and HOST_SYSENTER_EIP fields (Krish Sadhukhan) [Orabug: 31722725]
• KVM: nVMX: Apply addr size mask to effective address for VMX instructions (Sean Christopherson) [Orabug: 31722725]
• Reverts ‘rds: avoid unnecessary cong_update in loop transport’ (Iraimani Pavadai) [Orabug: 31741323]
• net/mlx5e: Poll event queue upon TX timeout before performing full channels recovery (Eran Ben Elisha) [Orabug: 31753101]
• net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31755754]
• nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31779886] {CVE-2020-24394}
• RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688621]
• uek-rpm: aarch64: build embedded kernel for Pensando (Dave Kleikamp) [Orabug: 31627078]
• Make low-speed APB bus accesses single threaded (Dave Kleikamp) [Orabug: 31627078]
• Add /dev/capmem driver for Pensando (David Clear) [Orabug: 31627078]
• Kconfig option to disable outer-cache-allocate for Pensando (David Clear) [Orabug: 31627078]
• Provide for precise control of pgprot for Pensando (David Clear) [Orabug: 31627078]
• Add Pensando Capri board .dts files and default configs (David Clear) [Orabug: 31627078]
• Add /proc/xmaps (David Clear) [Orabug: 31627078]
• mtd/spi-nor/cadence-quadspi.c: Speed up reads. (David Clear) [Orabug: 31627078]
• Add mnic nodes to the Pensando devicetree (David Clear) [Orabug: 31627078]
• Pensando Boot State Machine (BSM) integration. (David Clear) [Orabug: 31627078]
• Pensando crash dump driver (David Clear) [Orabug: 31627078]
• Pensando/Capri PCIE panic handler. (David Clear) [Orabug: 31627078]
• Add uio support for Capri PCIE and Link interrupts (David Clear) [Orabug: 31627078]
• Interrupt domain controllers for Capri ASIC. (David Clear) [Orabug: 31627078]
• Capri SPI driver (David Clear) [Orabug: 31627078]
• Add Capri EMMC phy and instantiate the driver in the dts (David Clear) [Orabug: 31627078]
• Initial Pensando Capri SoC declaration (David Clear) [Orabug: 31627078]
• New quirk for Pensando QSPI controller (David Clear) [Orabug: 31627078]
• Add pensando,cpld device tree compat entry (David Clear) [Orabug: 31627078]
• add support for NXP PCF85363/PCF85263 real-time clock (David Clear) [Orabug: 31627078]
• Support the reset pulse width from the device-tree. (David Clear) [Orabug: 31627078]
• Attempt to recover from a stuck SDA line (David Clear) [Orabug: 31627078]
• Add driver for the TI TPS53659 (David Clear) [Orabug: 31627078]
• support spi-rx-bus-width property on subnodes (David Clear) [Orabug: 31627078]
• Support for SPI_NOR_DUAL_READ on Micron (David Clear) [Orabug: 31627078]
• mtd: spi-nor: cadence-quadspi: fix spelling mistake: ‘Couldnt’t’ -> ‘Couldn’t’ (Colin Ian King) [Orabug: 31627078]
• mtd: spi-nor: cadence-quadspi: Add support for Octal SPI controller (Vignesh R) [Orabug: 31627078]
• mtd: spi-nor: Add Micron MT25QU02 support (Thor Thayer) [Orabug: 31627078]
• arm64: tlb: Ensure we execute an ISB following walk cache invalidation (Will Deacon) [Orabug: 31627078]
• arm64: mm: Add ISB instruction to set_pgd() (Will Deacon) [Orabug: 31627078]
• mtd: spi-nor: Allow Cadence QSPI support for ARM64 (Thor Thayer) [Orabug: 31627078]
• irqchip/gic-v3: Add workaround for Synquacer pre-ITS (Ard Biesheuvel) [Orabug: 31627078]
• irqchip/gic: Make quirks matching conditional on init return value (Ard Biesheuvel) [Orabug: 31627078]
• irqchip/gic-v3: Probe device ID space before quirks handling (Ard Biesheuvel) [Orabug: 31627078]
• rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783149]