Unbreakable Enterprise kernel security update

[4.14.35-2025.403.3]

• RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005117]
• lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005117]
• lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32005117]
• lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32005117]
• lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32005117]
• uek-rpm: Don’t build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176889]
• vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187748] {CVE-2020-28974}
• page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32201999]
• xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
• xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
• xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
• xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
• xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
• xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
• xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
• xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
• xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
• xen/events: add a new ‘late EOI’ evtchn framework (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
• xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
• xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
• xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177548]
  [4.14.35-2025.403.2]
• tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122729] {CVE-2020-25668}
• vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656} {CVE-2020-25656}
• vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656}
• perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin) [Orabug: 32131175] {CVE-2020-25704}
• perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131175] {CVE-2020-25704}
• IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136898]
• IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136898]
• IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136898]
• IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136898]
• IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136898]
• IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136898]
• xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139244]
  [4.14.35-2025.403.1]
• lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131561]
• Revert ‘iomap: Fix pipe page leakage during splicing’ (George Kennedy) [Orabug: 32136519]
• kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138016]
• Revert ‘pci: hardcode enumeration’ (Dave Aldridge) [Orabug: 32152249]
• hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152144]
• hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152144]
  [4.14.35-2025.403.0]
• powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32138487] {CVE-2020-8694} {CVE-2020-8695}
• Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864726]
• btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864726]
• btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864726] {CVE-2019-19816}
• x86/apic: Get rid of multi CPU affinity (Thomas Gleixner) [Orabug: 31975320]
• hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32132413]
• net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113843]
• perf symbols: Check if we read regular file in dso__load() (Jiri Olsa) [Orabug: 30696035]
• rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 31990095]
• rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32003081]
• dm cache: remove all obsolete writethrough-specific code (Mike Snitzer) [Orabug: 32010352]
• dm cache: pass cache structure to mode functions (Mike Snitzer) [Orabug: 32010352]
• dm rq: don’t call blk_mq_queue_stopped() in dm_stop_queue() (Ming Lei) [Orabug: 32010352]
• bcache: allocate meta data pages as compound pages (Coly Li) [Orabug: 32010352]
• md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (ChangSyun Peng) [Orabug: 32010352]
• bcache: fix super block seq numbers comparision in register_cache_set() (Coly Li) [Orabug: 32010352]
• md-cluster: fix wild pointer of unlock_all_bitmaps() (Zhao Heming) [Orabug: 32010352]
• dm: use noio when sending kobject event (Mikulas Patocka) [Orabug: 32010352]
• dm zoned: assign max_io_len correctly (Hou Tao) [Orabug: 32010352]
• md: add feature flag MD_FEATURE_RAID0_LAYOUT (NeilBrown) [Orabug: 32010352]
• dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone (Hannes Reinecke) [Orabug: 32010352]
• dm mpath: switch paths in dm_blk_ioctl() code path (Martin Wilck) [Orabug: 32010352]
• dm crypt: avoid truncating the logical block size (Eric Biggers) [Orabug: 32010352]
• md: don’t flush workqueue unconditionally in md_open (Guoqing Jiang) [Orabug: 32010352]
• x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32010658]
• x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32010658]
• x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32010658]
• x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32010658]
• x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32010658]
• jiffies: add utility function to calculate delta in ms (Matteo Croce) [Orabug: 32010658]
• rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
• rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
• rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
• Revert ‘RDS: Drop the connection as part of cancel to avoid hangs’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
• Revert ‘rds: fix warning in rds_send_drop_to()’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
• Revert ‘rds: Use correct conn when dropping connections due to cancel’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
• Revert ‘rds: prevent use-after-free of rds conn in rds_send_drop_to()’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
• Revert ‘rds: Use bitmap to designate dropped connections’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
• Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021288] {CVE-2020-12352}
• x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021855]
• arm64: Corrects warning: ISO C90 forbids mixed declarations and code (John Donnelly) [Orabug: 32040061]
• hwrng: cavium: Corrects warning: unused variable ‘dev_id’ (John Donnelly) [Orabug: 32040066]
• Lock down /proc/kcore (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127]
• lockdown: Lock down perf when in confidentiality mode (David Howells) [Orabug: 32053127]
• Lock down kprobes (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127]
• debugfs: whitelist spectre mitigation when locked down (Eric Snowberg) [Orabug: 32053127]
• debugfs: Return -EPERM when locked down (Eric Snowberg) [Orabug: 32053127]
• debugfs: Restrict debugfs when the kernel is locked down (David Howells) [Orabug: 32053127]
• lockdown: Add __kernel_is_confidentiality_mode to figure out whether … (Konrad Rzeszutek Wilk) [Orabug: 32053127]
• dtrace: Restrict access when the kernel is locked down in confidentiality mode (Konrad Rzeszutek Wilk) [Orabug: 32053127]
• bpf: Restrict bpf when kernel lockdown is in confidentiality mode (David Howells) [Orabug: 32053127]
• security: Add a static lockdown policy LSM [diet-version] (Matthew Garrett) [Orabug: 32053127]
• net/rds: Check for NULL rid_dev_rem_complete (Ka-Cheong Poon) [Orabug: 32058618]
• scsi: Corrects warning: passing argument 1 of ‘wwn_to_u64’ mismatch (John Donnelly) [Orabug: 32059622]
• ipvlan: Corrects warning: label ‘unregister_netdev’ defined but not used (John Donnelly) [Orabug: 32059740]
• mm, compaction: raise compaction priority after it withdrawns (Vlastimil Babka) [Orabug: 32065218]
• mm, reclaim: cleanup should_continue_reclaim() (Vlastimil Babka) [Orabug: 32065218]
• mm, reclaim: make should_continue_reclaim perform dryrun detection (Hillf Danton) [Orabug: 32065218]
• KVM: Drop ‘const’ attribute from old memslot in commit_memory_region() (Sean Christopherson) [Orabug: 32068898]
• octeontx2-pf: Return proper RSS indirection table size always (Sunil Goutham) [Orabug: 32095651]
• octeontx2-af: Free RVU REE irq properly (Smadar Fuks) [Orabug: 32095651]
• octeontx2-af: Free RVU NIX IRQs properly. (Rakesh Babu) [Orabug: 32095651]
• octeontx2-af: Fix the BPID mask (Subbaraya Sundeep) [Orabug: 32095651]
• octeontx2-pf: Fix receive buffer size calculation (Sunil Goutham) [Orabug: 32095651]
• octeontx2-af: Fix updating wrong multicast list index in NIX_RX_ACTION (Naveen Mamindlapalli) [Orabug: 32095651]
• octeontx2-af: Ratelimit prints from AF error interrupt handlers (Naveen Mamindlapalli) [Orabug: 32095651]
• octeontx2-pf: Avoid null pointer dereference (Subbaraya Sundeep) [Orabug: 32095651]
• octeontx2-af: Check the msix offset return value (Subbaraya Sundeep) [Orabug: 32095651]
• octeontx2-af: make tx nibble fixup is always apply (Stanislaw Kardach) [Orabug: 32095651]
• octeontx2-af: Stop kpu parsing at layer3 for ipv6 fragmented packets. (Abhijit Ayarekar) [Orabug: 32095651]
• octeontx2-pf: Call mbox_reset before incrementing ack (Hariprasad Kelam) [Orabug: 32095651]
• octeontx2-af: Simplify otx2_mbox_reset call (Hariprasad Kelam) [Orabug: 32095651]
• A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095768]
• net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095962]
• rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113532]
  [4.14.35-2025.402.2]
• ocfs2: fix remounting needed after setfacl command (Gang He)
• Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770]
• drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349]
• i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050]
• bnxt: Corrects warning: ‘struct tc_cls_flower_offload’ (John Donnelly) [Orabug: 32041757]
• SCSI: Corrects ‘ret’ not used warning (John Donnelly) [Orabug: 32041763]
• IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520]
• qed: Corrects warning: ‘qed_iwarp_ll2_slowpath’ defined but not used (John Donnelly) [Orabug: 32052276]
• ipv6: fix possible use-after-free in ip6_xmit() (Eric Dumazet)