Lucene search

K
oraclelinux
OracleLinuxELSA-2021-4356
HistoryNov 16, 2021 - 12:00 a.m.

kernel security, bug fix, and enhancement update

2021-11-1600:00:00
linux.oracle.com
22

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

[4.18.0-348.OL8]

  • Update Oracle Linux certificates (Kevin Lyons)
  • Disable signing for aarch64 (Ilya Okomin)
  • Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  • Update x509.genkey [Orabug: 24817676]
  • Conflict with shim-ia32 and shim-x64 <= 15-11.0.5
    [4.18.0-348]
  • drm/nouveau/fifo/ga102: initialise chid on return from channel creation (Ben Skeggs) [1997878]
  • drm/nouveau/ga102-: support ttm buffer moves via copy engine (Ben Skeggs) [1997878]
  • drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (Ben Skeggs) [1997878]
  • drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (Ben Skeggs) [1997878]
  • drm/nouveau/disp: power down unused DP links during init (Ben Skeggs) [1997878]
  • drm/nouveau: recognise GA107 (Ben Skeggs) [1997878]
    [4.18.0-347]
  • PCI: Mark TI C667X to avoid bus reset (Alex Williamson) [1975768]
    [4.18.0-346]
  • redhat: switch secureboot kernel image signing to release keys (Bruno Meneguele)
  • CI: handle RT branches in a single config (Veronika Kabatova)
  • CI: Fix RT check branch name (Veronika Kabatova)
  • CI: Drop private CI config (Veronika Kabatova)
  • CI: extend template use (Veronika Kabatova)
  • Revert ‘Merge: mt7921e: enable new Mediatek wireless hardware’ (Bruno Meneguele) [2009501]
  • megaraid_sas: fix concurrent access to ISR between IRQ polling and real interrupt (Tomas Henzl) [2009022]
  • scsi: megaraid_sas: mq_poll support (Tomas Henzl) [2009022]
  • [PATCH v2] scsi: qla2xxx: Suppress unnecessary log messages during login (Nilesh Javali) [1982186]
  • scsi: qla2xxx: Fix excessive messages during device logout (Nilesh Javali) [1982186]
  • PCI: pciehp: Ignore Link Down/Up caused by DPC (Myron Stowe) [1981741]
  • arm64: kpti: Fix ‘kpti=off’ when KASLR is enabled (Mark Salter) [1979731]
  • arm64: Fix CONFIG_ARCH_RANDOM=n build (Mark Salter) [1979731]
  • redhat/configs: aarch64: add CONFIG_ARCH_RANDOM (Mark Salter) [1979731]
  • arm64: Implement archrandom.h for ARMv8.5-RNG (Mark Salter) [1979731]
  • arm64: kconfig: Fix alignment of E0PD help text (Mark Salter) [1979731]
  • arm64: Use register field helper in kaslr_requires_kpti() (Mark Salter) [1979731]
  • arm64: Simplify early check for broken TX1 when KASLR is enabled (Mark Salter) [1979731]
  • arm64: Use a variable to store non-global mappings decision (Mark Salter) [1979731]
  • arm64: Dont use KPTI where we have E0PD (Mark Salter) [1979731]
  • arm64: Factor out checks for KASLR in KPTI code into separate function (Mark Salter) [1979731]
  • redhat/configs: Add CONFIG_ARM64_E0PD (Mark Salter) [1979731]
  • arm64: Add initial support for E0PD (Mark Salter) [1979731]
  • arm64: cpufeature: Export matrix and other features to userspace (Mark Salter) [1980098]
  • arm64: docs: cpu-feature-registers: Document ID_AA64PFR1_EL1 (Mark Salter) [1980098]
  • docs/arm64: cpu-feature-registers: Rewrite bitfields that dont follow [e, s] (Mark Salter) [1980098]
  • docs/arm64: cpu-feature-registers: Documents missing visible fields (Mark Salter) [1980098]
  • arm64: Introduce system_capabilities_finalized() marker (Mark Salter) [1980098]
  • arm64: entry.S: Do not preempt from IRQ before all cpufeatures are enabled (Mark Salter) [1980098]
  • docs/arm64: elf_hwcaps: Document HWCAP_SB (Mark Salter) [1980098]
  • docs/arm64: elf_hwcaps: sort the HWCAP{, 2} documentation by ascending value (Mark Salter) [1980098]
  • arm64: cpufeature: Treat ID_AA64ZFR0_EL1 as RAZ when SVE is not enabled (Mark Salter) [1980098]
  • arm64: cpufeature: Effectively expose FRINT capability to userspace (Mark Salter) [1980098]
  • arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (Mark Salter) [1980098]
  • arm64: Expose FRINT capabilities to userspace (Mark Salter) [1980098]
  • arm64: Expose ARMv8.5 CondM capability to userspace (Mark Salter) [1980098]
  • docs: arm64: convert perf.txt to ReST format (Mark Salter) [1980098]
  • docs: arm64: convert docs to ReST and rename to .rst (Mark Salter) [1980098]
  • Documentation/arm64: HugeTLB page implementation (Mark Salter) [1980098]
  • Documentation/arm64/sve: Couple of improvements and typos (Mark Salter) [1980098]
  • arm64: cpufeature: Fix missing ZFR0 in __read_sysreg_by_encoding() (Mark Salter) [1980098]
  • arm64: Expose SVE2 features for userspace (Mark Salter) [1980098]
  • arm64: Advertise ARM64_HAS_DCPODP cpu feature (Mark Salter) [1980098]
  • arm64: add CVADP support to the cache maintenance helper (Mark Salter) [1980098]
  • arm64: Fix minor issues with the dcache_by_line_op macro (Mark Salter) [1980098]
  • arm64: Expose DC CVADP to userspace (Mark Salter) [1980098]
  • arm64: Handle trapped DC CVADP (Mark Salter) [1980098]
  • arm64: HWCAP: encapsulate elf_hwcap (Mark Salter) [1980098]
  • arm64: HWCAP: add support for AT_HWCAP2 (Mark Salter) [1980098]
  • x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Aristeu Rozanski) [1965331]
  • x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Aristeu Rozanski) [1965331]
  • EDAC, mce_amd: Print ExtErrorCode and description on a single line (Aristeu Rozanski) [1965331]
    [4.18.0-345]
  • e1000e: Do not take care about recovery NVM checksum (Ken Cox) [1984558]
  • qrtr: disable CONFIG_QRTR for non x86_64 archs (inigo Huguet) [1999642]
  • ceph: fix possible null-pointer dereference in ceph_mdsmap_decode() (Jeff Layton) [1989999]
  • ceph: fix dereference of null pointer cf (Jeff Layton) [1989999]
  • ceph: correctly handle releasing an embedded cap flush (Jeff Layton) [1989999]
  • ceph: take snap_empty_lock atomically with snaprealm refcount change (Jeff Layton) [1989999]
  • ceph: dont WARN if were still opening a session to an MDS (Jeff Layton) [1989999]
  • rbd: dont hold lock_rwsem while running_list is being drained (Jeff Layton) [1989999]
  • rbd: always kick acquire on ‘acquired’ and ‘released’ notifications (Jeff Layton) [1989999]
  • ceph: take reference to req->r_parent at point of assignment (Jeff Layton) [1989999]
  • ceph: eliminate ceph_async_iput() (Jeff Layton) [1989999]
  • ceph: dont take s_mutex in ceph_flush_snaps (Jeff Layton) [1989999]
  • ceph: dont take s_mutex in try_flush_caps (Jeff Layton) [1989999]
  • ceph: dont take s_mutex or snap_rwsem in ceph_check_caps (Jeff Layton) [1989999]
  • ceph: eliminate session->s_gen_ttl_lock (Jeff Layton) [1989999]
  • ceph: allow ceph_put_mds_session to take NULL or ERR_PTR (Jeff Layton) [1989999]
  • ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (Jeff Layton) [1989999]
  • ceph: add some lockdep assertions around snaprealm handling (Jeff Layton) [1989999]
  • ceph: decoding error in ceph_update_snap_realm should return -EIO (Jeff Layton) [1989999]
  • ceph: add IO size metrics support (Jeff Layton) [1989999]
  • ceph: update and rename __update_latency helper to __update_stdev (Jeff Layton) [1989999]
  • ceph: simplify the metrics struct (Jeff Layton) [1989999]
  • libceph: fix doc warnings in cls_lock_client.c (Jeff Layton) [1989999]
  • libceph: remove unnecessary ret variable in ceph_auth_init() (Jeff Layton) [1989999]
  • libceph: kill ceph_none_authorizer::reply_buf (Jeff Layton) [1989999]
  • ceph: make ceph_queue_cap_snap static (Jeff Layton) [1989999]
  • ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (Jeff Layton) [1989999]
  • libceph: set global_id as soon as we get an auth ticket (Jeff Layton) [1989999]
  • libceph: dont pass result into ac->ops->handle_reply() (Jeff Layton) [1989999]
  • ceph: fix error handling in ceph_atomic_open and ceph_lookup (Jeff Layton) [1989999]
  • ceph: must hold snap_rwsem when filling inode for async create (Jeff Layton) [1989999]
  • libceph: Fix spelling mistakes (Jeff Layton) [1989999]
  • libceph: dont set global_id until we get an auth ticket (Jeff Layton) [1989999]
  • libceph: bump CephXAuthenticate encoding version (Jeff Layton) [1989999]
  • ceph: dont allow access to MDS-private inodes (Jeff Layton) [1989999]
  • ceph: fix up some bare fetches of i_size (Jeff Layton) [1989999]
  • ceph: support getting ceph.dir.rsnaps vxattr (Jeff Layton) [1989999]
  • ceph: drop pinned_page parameter from ceph_get_caps (Jeff Layton) [1989999]
  • ceph: fix inode leak on getattr error in __fh_to_dentry (Jeff Layton) [1989999]
  • ceph: only check pool permissions for regular files (Jeff Layton) [1989999]
  • ceph: send opened files/pinned caps/opened inodes metrics to MDS daemon (Jeff Layton) [1989999]
  • ceph: avoid counting the same request twice or more (Jeff Layton) [1989999]
  • ceph: rename the metric helpers (Jeff Layton) [1989999]
  • ceph: fix kerneldoc copypasta over ceph_start_io_direct (Jeff Layton) [1989999]
  • ceph: dont use d_add in ceph_handle_snapdir (Jeff Layton) [1989999]
  • ceph: dont clobber i_snap_caps on non-I_NEW inode (Jeff Layton) [1989999]
  • ceph: fix fall-through warnings for Clang (Jeff Layton) [1989999]
  • net: ceph: Fix a typo in osdmap.c (Jeff Layton) [1989999]
  • ceph: dont allow type or device number to change on non-I_NEW inodes (Jeff Layton) [1989999]
  • ceph: defer flushing the capsnap if the Fb is used (Jeff Layton) [1989999]
  • ceph: allow queueing cap/snap handling after putting cap references (Jeff Layton) [1989999]
  • ceph: clean up inode work queueing (Jeff Layton) [1989999]
  • ceph: fix flush_snap logic after putting caps (Jeff Layton) [1989999]
  • libceph: fix ‘Boolean result is used in bitwise operation’ warning (Jeff Layton) [1989999]
  • new helper: inode_wrong_type() (Jeff Layton) [1989999]
  • kabi: Adding symbol single_release (fs/seq_file.c) (cestmir Kalina) [1945486]
  • kabi: Adding symbol single_open (fs/seq_file.c) (cestmir Kalina) [1945486]
  • kabi: Adding symbol seq_read (fs/seq_file.c) (cestmir Kalina) [1945486]
  • kabi: Adding symbol seq_printf (fs/seq_file.c) (cestmir Kalina) [1945486]
  • kabi: Adding symbol seq_lseek (fs/seq_file.c) (cestmir Kalina) [1945486]
  • kabi: Adding symbol unregister_chrdev_region (fs/char_dev.c) (cestmir Kalina) [1945486]
  • kabi: Adding symbol cdev_init (fs/char_dev.c) (cestmir Kalina) [1945486]
  • kabi: Adding symbol cdev_del (fs/char_dev.c) (cestmir Kalina) [1945486]
  • kabi: Adding symbol cdev_alloc (fs/char_dev.c) (cestmir Kalina) [1945486]
  • kabi: Adding symbol cdev_add (fs/char_dev.c) (cestmir Kalina) [1945486]
  • kabi: Adding symbol alloc_chrdev_region (fs/char_dev.c) (cestmir Kalina) [1945486]
  • kabi: Adding symbol pcie_capability_read_word (drivers/pci/access.c) (cestmir Kalina) [1945485]
  • kabi: Adding symbol pcie_capability_read_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]
  • kabi: Adding symbol pcie_capability_clear_and_set_word (drivers/pci/access.c) (cestmir Kalina) [1945485]
  • kabi: Adding symbol pci_write_config_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]
  • kabi: Adding symbol pci_write_config_byte (drivers/pci/access.c) (cestmir Kalina) [1945485]
  • kabi: Adding symbol pci_set_power_state (drivers/pci/pci.c) (cestmir Kalina) [1945485]
  • kabi: Adding symbol pci_read_config_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]
  • kabi: Adding symbol pci_read_config_byte (drivers/pci/access.c) (cestmir Kalina) [1945485]
  • kabi: Adding symbol pci_irq_vector (drivers/pci/msi.c) (cestmir Kalina) [1945485]
  • kabi: Adding symbol pci_get_device (drivers/pci/search.c) (cestmir Kalina) [1945485]
  • kabi: Adding symbol pci_free_irq_vectors (drivers/pci/msi.c) (cestmir Kalina) [1945485]
  • kabi: Adding symbol pci_alloc_irq_vectors_affinity (drivers/pci/msi.c) (cestmir Kalina) [1945485]
  • kabi: Adding symbol kexec_crash_loaded (kernel/kexec_core.c) (cestmir Kalina) [1945491]
    [4.18.0-344]
  • perf/x86/intel: Fix PEBS-via-PT reload base value for Extended PEBS (Michael Petlan) [1998051]
  • perf/x86/intel/uncore: Fix Add BW copypasta (Michael Petlan) [1998051]
  • perf/x86/intel/uncore: Add BW counters for GT, IA and IO breakdown (Michael Petlan) [1998051]
  • Revert ‘ice: Add initial support framework for LAG’ (Michal Schmidt) [1999016]
  • net: re-initialize slow_gro flag at gro_list_prepare time (Paolo Abeni) [2002367]
  • cxgb4: dont touch blocked freelist bitmap after free (Rahul Lakkireddy) [1998148]
  • cxgb4vf: configure ports accessible by the VF (Rahul Lakkireddy) [1961329]
  • scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (Dick Kennedy) [1976332]
  • scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (Dick Kennedy) [1976332]
  • scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (Dick Kennedy) [1976332]
    [4.18.0-343]
  • rcu: Avoid unneeded function call in rcu_read_unlock() (Waiman Long) [1997500]
  • mt76: connac: do not schedule mac_work if the device is not running (Inigo Huguet) [1956419 1972045]
  • mt7921e: enable module in config (Inigo Huguet) [1956419 1972045]
  • Revert tools/power/cpupower: Read energy_perf_bias from sysfs (Steve Best) [1999926]
  • libnvdimm/namespace: Differentiate between probe mapping and runtime mapping (Jeff Moyer) [1795719]
  • libnvdimm/pfn_dev: Dont clear device memmap area during generic namespace probe (Jeff Moyer) [1795719]
  • perf/x86/intel/uncore: Clean up error handling path of iio mapping (Michael Petlan) [1837330]
  • perf/x86/intel/uncore: Fix for iio mapping on Skylake Server (Michael Petlan) [1837330]
  • perf/x86/intel/uncore: Generic support for the MMIO type of uncore blocks (Michael Petlan) [1837330]
  • perf/x86/intel/uncore: Generic support for the PCI type of uncore blocks (Michael Petlan) [1837330]
  • perf/x86/intel/uncore: Rename uncore_notifier to uncore_pci_sub_notifier (Michael Petlan) [1837330]
  • perf/x86/intel/uncore: Generic support for the MSR type of uncore blocks (Michael Petlan) [1837330]
  • perf/x86/intel/uncore: Parse uncore discovery tables (Michael Petlan) [1837330]
  • perf/x86/intel/uncore: Expose an Uncore unit to IIO PMON mapping (Michael Petlan) [1837330]
  • perf/x86/intel/uncore: Wrap the max dies calculation into an accessor (Michael Petlan) [1837330]
  • perf/x86/intel/uncore: Expose an Uncore unit to PMON mapping (Michael Petlan) [1837330]
  • perf/x86/intel/uncore: Validate MMIO address before accessing (Michael Petlan) [1837330]
  • perf/x86/intel/uncore: Record the size of mapped area (Michael Petlan) [1837330]
  • perf/x86/intel/uncore: Fix oops when counting IMC uncore events on some TGL (Michael Petlan) [1837330]
  • crypto: qat - remove unused macro in FW loader (Vladis Dronov) [1920086]
  • crypto: qat - check return code of qat_hal_rd_rel_reg() (Vladis Dronov) [1920086]
  • crypto: qat - report an error if MMP file size is too large (Vladis Dronov) [1920086]
  • crypto: qat - check MMP size before writing to the SRAM (Vladis Dronov) [1920086]
  • crypto: qat - return error when failing to map FW (Vladis Dronov) [1920086]
  • crypto: qat - enable detection of accelerators hang (Vladis Dronov) [1920086]
  • crypto: qat - Fix a double free in adf_create_ring (Vladis Dronov) [1920086]
  • crypto: qat - fix error path in adf_isr_resource_alloc() (Vladis Dronov) [1920086]
  • crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (Vladis Dronov) [1920086]
  • crypto: qat - dont release uninitialized resources (Vladis Dronov) [1920086]
  • crypto: qat - fix use of ‘dma_map_single’ (Vladis Dronov) [1920086]
  • crypto: qat - fix unmap invalid dma address (Vladis Dronov) [1920086]
  • crypto: qat - fix spelling mistake: ‘messge’ -> ‘message’ (Vladis Dronov) [1920086]
  • crypto: qat - reduce size of mapped region (Vladis Dronov) [1920086]
  • crypto: qat - change format string and cast ring size (Vladis Dronov) [1920086]
  • crypto: qat - fix potential spectre issue (Vladis Dronov) [1920086]
  • crypto: qat - configure arbiter mapping based on engines enabled (Vladis Dronov) [1920086]
    [4.18.0-342]
  • selftest: netfilter: add test case for unreplied tcp connections (Florian Westphal) [1991523]
  • netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (Florian Westphal) [1991523]
  • net/sched: store the last executed chain also for clsact egress (Davide Caratti) [1980537]
  • ice: fix Tx queue iteration for Tx timestamp enablement (Ken Cox) [1999743]
  • perf evsel: Add missing cloning of evsel->use_config_name (Michael Petlan) [1838635]
  • perf Documentation: Document intel-hybrid support (Michael Petlan) [1838635]
  • perf tests: Skip ‘perf stat metrics (shadow stat) test’ for hybrid (Michael Petlan) [1838635]
  • perf tests: Support ‘Convert perf time to TSC’ test for hybrid (Michael Petlan) [1838635]
  • perf tests: Support ‘Session topology’ test for hybrid (Michael Petlan) [1838635]
  • perf tests: Support ‘Parse and process metrics’ test for hybrid (Michael Petlan) [1838635]
  • perf tests: Support ‘Track with sched_switch’ test for hybrid (Michael Petlan) [1838635]
  • perf tests: Skip ‘Setup struct perf_event_attr’ test for hybrid (Michael Petlan) [1838635]
  • perf tests: Add hybrid cases for ‘Roundtrip evsel->name’ test (Michael Petlan) [1838635]
  • perf tests: Add hybrid cases for ‘Parse event definition strings’ test (Michael Petlan) [1838635]
  • perf record: Uniquify hybrid event name (Michael Petlan) [1838635]
  • perf stat: Warn group events from different hybrid PMU (Michael Petlan) [1838635]
  • perf stat: Filter out unmatched aggregation for hybrid event (Michael Petlan) [1838635]
  • perf stat: Add default hybrid events (Michael Petlan) [1838635]
  • perf record: Create two hybrid ‘cycles’ events by default (Michael Petlan) [1838635]
  • perf parse-events: Support event inside hybrid pmu (Michael Petlan) [1838635]
  • perf parse-events: Compare with hybrid pmu name (Michael Petlan) [1838635]
  • perf parse-events: Create two hybrid raw events (Michael Petlan) [1838635]
  • perf parse-events: Create two hybrid cache events (Michael Petlan) [1838635]
  • perf parse-events: Create two hybrid hardware events (Michael Petlan) [1838635]
  • perf stat: Uniquify hybrid event name (Michael Petlan) [1838635]
  • perf pmu: Add hybrid helper functions (Michael Petlan) [1838635]
  • perf pmu: Save detected hybrid pmus to a global pmu list (Michael Petlan) [1838635]
  • perf pmu: Save pmu name (Michael Petlan) [1838635]
  • perf pmu: Simplify arguments of __perf_pmu__new_alias (Michael Petlan) [1838635]
  • perf jevents: Support unit value ‘cpu_core’ and ‘cpu_atom’ (Michael Petlan) [1838635]
  • tools headers uapi: Update toolss copy of linux/perf_event.h (Michael Petlan) [1838635]
    [4.18.0-341]
  • mptcp: Only send extra TCP acks in eligible socket states (Paolo Abeni) [1997178]
  • mptcp: fix possible divide by zero (Paolo Abeni) [1997178]
  • mptcp: drop tx skb cache (Paolo Abeni) [1997178]
  • mptcp: fix memory leak on address flush (Paolo Abeni) [1997178]
  • ice: Only lock to update netdev dev_addr (Michal Schmidt) [1995868]
  • ice: restart periodic outputs around time changes (Ken Cox) [1992750]
  • ice: Fix perout start time rounding (Ken Cox) [1992750]
  • net/sched: ets: fix crash when flipping from ‘strict’ to ‘quantum’ (Davide Caratti) [1981184]
  • ovl: prevent private clone if bind mount is not allowed (Miklos Szeredi) [1993131] {CVE-2021-3732}
  • gfs2: Dont call dlm after protocol is unmounted (Bob Peterson) [1997193]
  • gfs2: dont stop reads while withdraw in progress (Bob Peterson) [1997193]
  • gfs2: Mark journal inodes as ‘dont cache’ (Bob Peterson) [1997193]
  • bpf: bpftool: Add -fno-asynchronous-unwind-tables to BPF Clang invocation (Yauheni Kaliuta) [1997124]
  • perf/x86/intel: Apply mid ACK for small core (Michael Petlan) [1838573]
  • perf/x86/intel/lbr: Zero the xstate buffer on allocation (Michael Petlan) [1838573]
  • perf: Fix task context PMU for Hetero (Michael Petlan) [1838573]
  • perf/x86/intel: Fix fixed counter check warning for some Alder Lake (Michael Petlan) [1838573]
  • perf/x86/lbr: Remove cpuc->lbr_xsave allocation from atomic context (Michael Petlan) [1838573]
  • x86/fpu/xstate: Fix an xstate size check warning with architectural LBRs (Michael Petlan) [1838573]
  • perf/x86/rapl: Add support for Intel Alder Lake (Michael Petlan) [1838573]
  • perf/x86/cstate: Add Alder Lake CPU support (Michael Petlan) [1838573]
  • perf/x86/msr: Add Alder Lake CPU support (Michael Petlan) [1838573]
  • perf/x86/intel/uncore: Add Alder Lake support (Michael Petlan) [1838573]
  • perf: Extend PERF_TYPE_HARDWARE and PERF_TYPE_HW_CACHE (Michael Petlan) [1838573]
  • perf/x86/intel: Add Alder Lake Hybrid support (Michael Petlan) [1838573]
  • perf/x86: Support filter_match callback (Michael Petlan) [1838573]
  • perf/x86/intel: Add attr_update for Hybrid PMUs (Michael Petlan) [1838573]
  • perf/x86: Add structures for the attributes of Hybrid PMUs (Michael Petlan) [1838573]
  • perf/x86: Register hybrid PMUs (Michael Petlan) [1838573]
  • perf/x86: Factor out x86_pmu_show_pmu_cap (Michael Petlan) [1838573]
  • perf/x86: Remove temporary pmu assignment in event_init (Michael Petlan) [1838573]
  • perf/x86/intel: Factor out intel_pmu_check_extra_regs (Michael Petlan) [1838573]
  • perf/x86/intel: Factor out intel_pmu_check_event_constraints (Michael Petlan) [1838573]
  • perf/x86/intel: Factor out intel_pmu_check_num_counters (Michael Petlan) [1838573]
  • perf/x86: Hybrid PMU support for extra_regs (Michael Petlan) [1838573]
  • perf/x86: Hybrid PMU support for event constraints (Michael Petlan) [1838573]
  • perf/x86: Hybrid PMU support for hardware cache event (Michael Petlan) [1838573]
  • perf/x86: Hybrid PMU support for unconstrained (Michael Petlan) [1838573]
  • perf/x86: Hybrid PMU support for counters (Michael Petlan) [1838573]
  • perf/x86: Hybrid PMU support for intel_ctrl (Michael Petlan) [1838573]
  • perf/x86/intel: Hybrid PMU support for perf capabilities (Michael Petlan) [1838573]
  • perf/x86: Track pmu in per-CPU cpu_hw_events (Michael Petlan) [1838573]
  • perf/x86/intel/lbr: Support XSAVES for arch LBR read (Michael Petlan) [1838573]
  • perf/x86/intel/lbr: Support XSAVES/XRSTORS for LBR context switch (Michael Petlan) [1838573]
  • x86/fpu/xstate: Add helpers for LBR dynamic supervisor feature (Michael Petlan) [1838573]
  • x86/fpu/xstate: Support dynamic supervisor feature for LBR (Michael Petlan) [1838573]
  • x86/fpu: Use proper mask to replace full instruction mask (Michael Petlan) [1838573]
  • x86/cpu: Add helper function to get the type of the current hybrid CPU (Michael Petlan) [1838573]
  • x86/cpufeatures: Enumerate Intel Hybrid Technology feature bit (Michael Petlan) [1838573]
  • HID: make arrays usage and value to be the same (Benjamin Tissoires) [1974942]
  • ACPI: PM: s2idle: Invert Microsoft UUID entry and exit (David Arcari) [1960440]
  • platform/x86: amd-pmc: Fix undefined reference to __udivdi3 (David Arcari) [1960440]
  • platform/x86: amd-pmc: Fix missing unlock on error in amd_pmc_send_cmd() (David Arcari) [1960440]
  • platform/x86: amd-pmc: Use return code on suspend (David Arcari) [1960440]
  • platform/x86: amd-pmc: Add new acpi id for future PMC controllers (David Arcari) [1960440]
  • platform/x86: amd-pmc: Add support for ACPI ID AMDI0006 (David Arcari) [1960440]
  • platform/x86: amd-pmc: Add support for logging s0ix counters (David Arcari) [1960440]
  • platform/x86: amd-pmc: Add support for logging SMU metrics (David Arcari) [1960440]
  • platform/x86: amd-pmc: call dump registers only once (David Arcari) [1960440]
  • platform/x86: amd-pmc: Fix SMU firmware reporting mechanism (David Arcari) [1960440]
  • platform/x86: amd-pmc: Fix command completion code (David Arcari) [1960440]
  • usb: pci-quirks: disable D3cold on xhci suspend for s2idle on AMD Renoir (David Arcari) [1960440]
  • ACPI: PM: Only mark EC GPE for wakeup on Intel systems (David Arcari) [1960440]
  • ACPI: PM: Adjust behavior for field problems on AMD systems (David Arcari) [1960440]
  • ACPI: PM: s2idle: Add support for new Microsoft UUID (David Arcari) [1960440]
  • ACPI: PM: s2idle: Add support for multiple func mask (David Arcari) [1960440]
  • ACPI: PM: s2idle: Refactor common code (David Arcari) [1960440]
  • ACPI: PM: s2idle: Use correct revision id (David Arcari) [1960440]
  • ACPI: PM: s2idle: Add missing LPS0 functions for AMD (David Arcari) [1960440]
  • lockd: Fix invalid lockowner cast after vfs_test_lock (Benjamin Coddington) [1986138]
    [4.18.0-340]
  • blk-mq: fix is_flush_rq (Ming Lei) [1992700]
  • blk-mq: fix kernel panic during iterating over flush request (Ming Lei) [1992700]
    [4.18.0-339]
  • smb2: fix use-after-free in smb2_ioctl_query_info() (Ronnie Sahlberg) [1952781]
  • dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (Mike Snitzer) [1996854]
  • md/raid10: Remove rcu_dereference when it doesnt need rcu lock to protect (Nigel Croxon) [1978115]
  • scsi: csiostor: Mark known unused variable as __always_unused (Raju Rangoju) [1961333]
  • scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (Raju Rangoju) [1961333]
  • scsi: csiostor: Remove set but not used variable ‘rln’ (Raju Rangoju) [1961333]
  • scsi: csiostor: Return value not required for csio_dfs_destroy (Raju Rangoju) [1961333]
  • scsi: csiostor: Fix NULL check before debugfs_remove_recursive (Raju Rangoju) [1961333]
  • scsi: csiostor: Dont enable IRQs too early (Raju Rangoju) [1961333]
  • scsi: csiostor: Fix spelling typos (Raju Rangoju) [1961333]
  • scsi: csiostor: Prefer pcie_capability_read_word() (Raju Rangoju) [1961333]
  • scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd() (Raju Rangoju) [1961394]
  • net: Use skb_frag_off accessors (Raju Rangoju) [1961394]
  • net: Use skb accessors in network drivers (Raju Rangoju) [1961394]
  • cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (Raju Rangoju) [1961394]
  • scsi: libcxgbi: Fix a use after free in cxgbi_conn_xmit_pdu() (Raju Rangoju) [1961394]
  • scsi: libcxgbi: Use kvzalloc instead of opencoded kzalloc/vzalloc (Raju Rangoju) [1961394]
  • scsi: libcxgbi: Remove unnecessary NULL checks for ‘tdata’ pointer (Raju Rangoju) [1961394]
  • scsi: cxgb4i: Remove an unnecessary NULL check for ‘cconn’ pointer (Raju Rangoju) [1961394]
  • scsi: cxgb4i: Clean up a debug printk (Raju Rangoju) [1961394]
  • scsi: cxgb4i: Fix dereference of pointer tdata before it is null checked (Raju Rangoju) [1961394]
  • scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() (Raju Rangoju) [1961394]
  • scsi: libcxgbi: remove unused function to stop warning (Raju Rangoju) [1961394]
  • scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() (Raju Rangoju) [1961394]
  • net/chelsio: Delete drive and module versions (Raju Rangoju) [1961394]
  • chelsio: Replace zero-length array with flexible-array member (Raju Rangoju) [1961394]
  • [netdrv] treewide: prefix header search paths with / (Raju Rangoju) [1961394]
  • libcxgb: fix incorrect ppmax calculation (Raju Rangoju) [1961394]
  • scsi: cxgb4i: Fix TLS dependency (Raju Rangoju) [1961394]
  • [target] treewide: Use fallthrough pseudo-keyword (Raju Rangoju) [1961394]
  • scsi: cxgb4i: Add support for iSCSI segmentation offload (Raju Rangoju) [1961394]
  • [target] treewide: Use sizeof_field() macro (Raju Rangoju) [1961394]
  • [target] treewide: replace ‘—help—’ in Kconfig files with ‘help’ (Raju Rangoju) [1961394]
  • scsi: cxgb4i: Remove superfluous null check (Raju Rangoju) [1961394]
    [4.18.0-338]
  • KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) (Jon Maloy) [1985413] {CVE-2021-3653}
  • KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) (Jon Maloy) [1985430] {CVE-2021-3656}
  • drm/i915/rkl: Remove require_force_probe protection (Lyude Paul) [1985159]
  • drm/i915/display: support ddr5 mem types (Lyude Paul) [1992233]
  • drm/i915/adl_s: Update ddi buf translation tables (Lyude Paul) [1992233]
  • drm/i915/adl_s: Wa_14011765242 is also needed on A1 display stepping (Lyude Paul) [1992233]
  • drm/i915/adl_s: Extend Wa_1406941453 (Lyude Paul) [1992233]
  • drm/i915: Implement Wa_1508744258 (Lyude Paul) [1992233]
  • drm/i915/adl_s: Fix dma_mask_size to 39 bit (Lyude Paul) [1992233]
  • drm/i915: Add the missing adls vswing tables (Lyude Paul) [1992233]
  • drm/i915: Add Wa_14011060649 (Lyude Paul) [1992233]
  • drm/i915/adl_s: Add Interrupt Support (Lyude Paul) [1992233]
  • drm/amdgpu: add another Renoir DID (Lyude Paul) [1980900]
    [4.18.0-337]
  • net/mlx5: Fix flow table chaining (Amir Tzin) [1987139]
  • openvswitch: fix sparse warning incorrect type (Mark Gray) [1992773]
  • openvswitch: fix alignment issues (Mark Gray) [1992773]
  • openvswitch: update kdoc OVS_DP_ATTR_PER_CPU_PIDS (Mark Gray) [1992773]
  • openvswitch: Introduce per-cpu upcall dispatch (Mark Gray) [1992773]
  • KVM: X86: Expose bus lock debug exception to guest (Paul Lai) [1842322]
  • KVM: X86: Add support for the emulation of DR6_BUS_LOCK bit (Paul Lai) [1842322]
  • scsi: libfc: Fix array index out of bound exception (Chris Leech) [1972643]
  • scsi: libfc: FDMI enhancements (Chris Leech) [1972643]
  • scsi: libfc: Add FDMI-2 attributes (Chris Leech) [1972643]
  • scsi: qedf: Add vendor identifier attribute (Chris Leech) [1972643]
  • scsi: libfc: Initialisation of RHBA and RPA attributes (Chris Leech) [1972643]
  • scsi: libfc: Correct the condition check and invalid argument passed (Chris Leech) [1972643]
  • scsi: libfc: Work around -Warray-bounds warning (Chris Leech) [1972643]
  • scsi: fc: FDMI enhancement (Chris Leech) [1972643]
  • scsi: libfc: Move scsi/fc_encode.h to libfc (Chris Leech) [1972643]
  • scsi: fc: Correct RHBA attributes length (Chris Leech) [1972643]
  • block: return ELEVATOR_DISCARD_MERGE if possible (Ming Lei) [1991976]
  • x86/fpu: Prevent state corruption in __fpu__restore_sig() (Terry Bowman) [1970086]
  • x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer (Terry Bowman) [1970086]
  • x86/pkru: Write hardware init value to PKRU when xstate is init (Terry Bowman) [1970086]
  • x86/process: Check PF_KTHREAD and not current->mm for kernel threads (Terry Bowman) [1970086]
  • x86/fpu: Add address range checks to copy_user_to_xstate() (Terry Bowman) [1970086]
  • selftests/x86: Test signal frame XSTATE header corruption handling (Terry Bowman) [1970086]
  • Bump DRM backport version to 5.12.14 (Lyude Paul) [1944405]
  • drm/i915: Use the correct max source link rate for MST (Lyude Paul) [1944405 1966599]
  • drm/dp_mst: Use Extended Base Receiver Capability DPCD space (Lyude Paul) [1944405 1966599]
  • drm/i915/display: Defeature PSR2 for RKL and ADL-S (Lyude Paul) [1944405]
  • drm/i915/adl_s: ADL-S platform Update PCI ids for Mobile BGA (Lyude Paul) [1944405]
  • drm/amdgpu: wait for moving fence after pinning (Lyude Paul) [1944405]
  • drm/radeon: wait for moving fence after pinning (Lyude Paul) [1944405]
  • drm/nouveau: wait for moving fence after pinning v2 (Lyude Paul) [1944405]
  • radeon: use memcpy_to/fromio for UVD fw upload (Lyude Paul) [1944405]
  • drm/amd/amdgpu:save psp ring wptr to avoid attack (Lyude Paul) [1944405]
  • drm/amd/display: Fix potential memory leak in DMUB hw_init (Lyude Paul) [1944405]
  • drm/amdgpu: refine amdgpu_fru_get_product_info (Lyude Paul) [1944405]
  • drm/amd/display: Allow bandwidth validation for 0 streams. (Lyude Paul) [1944405]
  • drm: Lock pointer access in drm_master_release() (Lyude Paul) [1944405]
  • drm: Fix use-after-free read in drm_getunique() (Lyude Paul) [1944405]
  • drm/amdgpu: make sure we unpin the UVD BO (Lyude Paul) [1944405]
  • drm/amdgpu: Dont query CE and UE errors (Lyude Paul) [1944405]
  • drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
  • drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
  • drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
  • amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (Lyude Paul) [1944405]
  • drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (Lyude Paul) [1944405]
  • drm/amdgpu: stop touching sched.ready in the backend (Lyude Paul) [1944405]
  • drm/amd/amdgpu: fix a potential deadlock in gpu reset (Lyude Paul) [1944405]
  • drm/amdgpu: Fix a use-after-free (Lyude Paul) [1944405]
  • drm/amd/amdgpu: fix refcount leak (Lyude Paul) [1944405]
  • drm/amd/display: Disconnect non-DP with no EDID (Lyude Paul) [1944405]
  • drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
  • drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
  • drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
  • drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (Lyude Paul) [1944405]
  • drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]
  • drm/amd/pm: correct MGpuFanBoost setting (Lyude Paul) [1944405]
  • drm/i915: Reenable LTTPR non-transparent LT mode for DPCD_REV<1.4 (Lyude Paul) [1944405]
  • drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (Lyude Paul) [1944405]
  • dma-buf: fix unintended pin/unpin warnings (Lyude Paul) [1944405]
  • drm/amdgpu: update sdma golden setting for Navi12 (Lyude Paul) [1944405]
  • drm/amdgpu: update gc golden setting for Navi12 (Lyude Paul) [1944405]
  • drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (Lyude Paul) [1944405]
  • drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (Lyude Paul) [1944405]
  • drm/radeon: use the dummy page for GART if needed (Lyude Paul) [1944405]
  • drm/amd/display: Use the correct max downscaling value for DCN3.x family (Lyude Paul) [1944405]
  • drm/i915/gem: Pin the L-shape quirked object as unshrinkable (Lyude Paul) [1944405]
  • drm/ttm: Do not add non-system domain BO into swap list (Lyude Paul) [1944405]
  • drm/amd/display: Fix two cursor duplication when using overlay (Lyude Paul) [1944405]
  • amdgpu/pm: Prevent force of DCEFCLK on NAVI10 and SIENNA_CICHLID (Lyude Paul) [1944405]
  • drm/i915/display: fix compiler warning about array overrun (Lyude Paul) [1944405]
  • drm/i915: Fix crash in auto_retire (Lyude Paul) [1944405]
  • drm/i915/overlay: Fix active retire callback alignment (Lyude Paul) [1944405]
  • drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (Lyude Paul) [1944405]
  • drm/i915/gt: Fix a double free in gen8_preallocate_top_level_pdp (Lyude Paul) [1944405]
  • drm/i915/dp: Use slow and wide link training for everything (Lyude Paul) [1944405]
  • drm/i915: Avoid div-by-zero on gen2 (Lyude Paul) [1944405]
  • drm/amd/display: Initialize attribute for hdcp_srm sysfs file (Lyude Paul) [1944405]
  • drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (Lyude Paul) [1944405]
  • drm/radeon: Avoid power table parsing memory leaks (Lyude Paul) [1944405]
  • drm/radeon: Fix off-by-one power_state index heap overwrite (Lyude Paul) [1944405]
  • drm/amdgpu: Add mem sync flag for IB allocated by SA (Lyude Paul) [1944405]
  • drm/amd/display: add handling for hdcp2 rx id list validation (Lyude Paul) [1944405]
  • drm/amd/display: fixed divide by zero kernel crash during dsc enablement (Lyude Paul) [1944405]
  • drm/amd/display: Force vsync flip when reconfiguring MPCC (Lyude Paul) [1944405]
  • arm64: enable tlbi range instructions (Jeremy Linton) [1861872]
  • arm64: tlb: Use the TLBI RANGE feature in arm64 (Jeremy Linton) [1861872]
  • arm64: tlb: Detect the ARMv8.4 TLBI RANGE feature (Jeremy Linton) [1861872]
  • arm64/cpufeature: Add remaining feature bits in ID_AA64ISAR0 register (Jeremy Linton) [1861872]
  • arm64: tlbflush: Ensure start/end of address range are aligned to stride (Jeremy Linton) [1861872]
  • arm64: Detect the ARMv8.4 TTL feature (Jeremy Linton) [1861872]
  • arm64: tlbi: Set MAX_TLBI_OPS to PTRS_PER_PTE (Jeremy Linton) [1861872]
    [4.18.0-336]
  • bpf: Fix integer overflow involving bucket_size (Jiri Olsa) [1992588]
  • bpf: Fix leakage due to insufficient speculative store bypass mitigation (Jiri Olsa) [1992588]
  • bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (Jiri Olsa) [1992588]
  • bpf: Fix OOB read when printing XDP link fdinfo (Jiri Olsa) [1992588]
  • bpf, test: fix NULL pointer dereference on invalid expected_attach_type (Jiri Olsa) [1992588]
  • bpf: Fix tail_call_reachable rejection for interpreter when jit failed (Jiri Olsa) [1992588]
  • bpf: Track subprog poke descriptors correctly and fix use-after-free (Jiri Olsa) [1992588]
  • bpf: Fix null ptr deref with mixed tail calls and subprogs (Jiri Olsa) [1992588]
  • bpf: Fix leakage under speculation on mispredicted branches (Jiri Olsa) [1992588]
  • bpf: Set mac_len in bpf_skb_change_head (Jiri Olsa) [1992588]
  • bpf: Prevent writable memory-mapping of read-only ringbuf pages (Jiri Olsa) [1992588]
  • bpf: Fix alu32 const subreg bound tracking on bitwise operations (Jiri Olsa) [1992588]
  • xsk: Fix broken Tx ring validation (Jiri Olsa) [1992588]
  • xsk: Fix for xp_aligned_validate_desc() when len == chunk_size (Jiri Olsa) [1992588]
  • bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET (Jiri Olsa) [1992588]
  • bpf: Refcount task stack in bpf_get_task_stack (Jiri Olsa) [1992588]
  • bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for BPF_TRAMP_F_CALL_ORIG (Jiri Olsa) [1992588]
  • selftest/bpf: Add a test to check trampoline freeing logic. (Jiri Olsa) [1992588]
  • bpf: Fix fexit trampoline. (Jiri Olsa) [1992588]
  • ftrace: Fix modify_ftrace_direct. (Jiri Olsa) [1992588]
  • ftrace: Add a helper function to modify_ftrace_direct() to allow arch optimization (Jiri Olsa) [1992588]
  • ftrace: Add helper find_direct_entry() to consolidate code (Jiri Olsa) [1992588]
  • bpf: Fix truncation handling for mod32 dst reg wrt zero (Jiri Olsa) [1992588]
  • bpf: Fix an unitialized value in bpf_iter (Jiri Olsa) [1992588]
  • bpf_lru_list: Read double-checked variable once without lock (Jiri Olsa) [1992588]
  • mt76: validate rx A-MSDU subframes (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}
  • ath11k: Drop multicast fragments (Inigo Huguet) [1991459] {CVE-2020-26145}
  • ath11k: Clear the fragment cache during key install (Inigo Huguet) [1991459] {CVE-2020-24587}
  • ath10k: Validate first subframe of A-MSDU before processing the list (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}
  • ath10k: Fix TKIP Michael MIC verification for PCIe (Inigo Huguet) [1991459] {CVE-2020-26141}
  • ath10k: drop MPDU which has discard flag set by firmware for SDIO (Inigo Huguet) [1991459] {CVE-2020-24588}
  • ath10k: drop fragments with multicast DA for SDIO (Inigo Huguet) [1991459] {CVE-2020-26145}
  • ath10k: drop fragments with multicast DA for PCIe (Inigo Huguet) [1991459] {CVE-2020-26145}
  • ath10k: add CCMP PN replay protection for fragmented frames for PCIe (Inigo Huguet) [1991459]
  • mac80211: extend protection against mixed key and fragment cache attacks (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}
  • mac80211: do not accept/forward invalid EAPOL frames (Inigo Huguet) [1991459] {CVE-2020-26139}
  • mac80211: prevent attacks on TKIP/WEP as well (Inigo Huguet) [1991459] {CVE-2020-26141}
  • mac80211: check defrag PN against current frame (Inigo Huguet) [1991459]
  • mac80211: add fragment cache to sta_info (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}
  • mac80211: drop A-MSDUs on old ciphers (Inigo Huguet) [1991459] {CVE-2020-24588}
  • cfg80211: mitigate A-MSDU aggregation attacks (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}
  • mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Inigo Huguet) [1991459]
  • mac80211: prevent mixed key and fragment cache attacks (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}
  • mac80211: assure all fragments are encrypted (Inigo Huguet) [1991459] {CVE-2020-26147}
  • tipc: call tipc_wait_for_connect only when dlen is not 0 (Xin Long) [1989361]
  • mptcp: remove tech preview warning (Florian Westphal) [1985120]
  • tcp: consistently disable header prediction for mptcp (Florian Westphal) [1985120]
  • selftests: mptcp: fix case multiple subflows limited by server (Florian Westphal) [1985120]
  • selftests: mptcp: turn rp_filter off on each NIC (Florian Westphal) [1985120]
  • selftests: mptcp: display proper reason to abort tests (Florian Westphal) [1985120]
  • mptcp: properly account bulk freed memory (Florian Westphal) [1985120]
  • mptcp: fix ‘masking a bool’ warning (Florian Westphal) [1985120]
  • mptcp: refine mptcp_cleanup_rbuf (Florian Westphal) [1985120]
  • mptcp: use fast lock for subflows when possible (Florian Westphal) [1985120]
  • mptcp: avoid processing packet if a subflow reset (Florian Westphal) [1985120]
  • mptcp: add sk parameter for mptcp_get_options (Florian Westphal) [1985120]
  • mptcp: fix syncookie process if mptcp can not_accept new subflow (Florian Westphal) [1985120]
  • mptcp: fix warning in __skb_flow_dissect() when do syn cookie for subflow join (Florian Westphal) [1985120]
  • mptcp: avoid race on msk state changes (Florian Westphal) [1985120]
  • mptcp: fix 32 bit DSN expansion (Florian Westphal) [1985120]
  • mptcp: fix bad handling of 32 bit ack wrap-around (Florian Westphal) [1985120]
  • tcp: parse mptcp options contained in reset packets (Florian Westphal) [1985120]
  • ionic: count csum_none when offload enabled (Jonathan Toppins) [1991646]
  • ionic: fix up dim accounting for tx and rx (Jonathan Toppins) [1991646]
  • ionic: remove intr coalesce update from napi (Jonathan Toppins) [1991646]
  • ionic: catch no ptp support earlier (Jonathan Toppins) [1991646]
  • ionic: make all rx_mode work threadsafe (Jonathan Toppins) [1991646]
  • dmaengine: idxd: Fix missing error code in idxd_cdev_open() (Jerry Snitselaar) [1990637]
  • dmaengine: idxd: add missing dsa driver unregister (Jerry Snitselaar) [1990637]
  • dmaengine: idxd: add engine ‘struct device’ missing bus type assignment (Jerry Snitselaar) [1990637]
  • dmaengine: idxd: remove MSIX masking for interrupt handlers (Jerry Snitselaar) [1990637]
  • dmaengine: idxd: Use cpu_feature_enabled() (Jerry Snitselaar) [1990637]
  • dmaengine: idxd: enable SVA feature for IOMMU (Jerry Snitselaar) [1990637]
  • dmagenine: idxd: Dont add portal offset in idxd_submit_desc (Jerry Snitselaar) [1990637]
  • ethtool: strset: fix message length calculation (Balazs Nemeth) [1989003]
  • net: add strict checks in netdev_name_node_alt_destroy() (Andrea Claudi) [1859038]
  • net: rtnetlink: fix bugs in rtnl_alt_ifname() (Andrea Claudi) [1859038]
  • net: rtnetlink: add linkprop commands to add and delete alternative ifnames (Andrea Claudi) [1859038]
  • net: check all name nodes in __dev_alloc_name (Andrea Claudi) [1859038]
  • net: fix a leak in register_netdevice() (Andrea Claudi) [1859038]
  • tun: fix memory leak in error path (Andrea Claudi) [1859038]
  • net: propagate errors correctly in register_netdevice() (Andrea Claudi) [1859038]
  • net: introduce name_node struct to be used in hashlist (Andrea Claudi) [1859038]
  • net: procfs: use index hashlist instead of name hashlist (Andrea Claudi) [1859038]
  • configs: Enable CONFIG_CHELSIO_INLINE_CRYPTO (Raju Rangoju) [1961368]
  • cxgb4/ch_ktls: Clear resources when pf4 device is removed (Raju Rangoju) [1961374]
  • ch_ktls: Remove redundant variable result (Raju Rangoju) [1961374]
  • ch_ktls: do not send snd_una update to TCB in middle (Raju Rangoju) [1961374]
  • ch_ktls: tcb close causes tls connection failure (Raju Rangoju) [1961374]
  • ch_ktls: fix device connection close (Raju Rangoju) [1961374]
  • ch_ktls: Fix kernel panic (Raju Rangoju) [1961374]
  • ch_ktls: fix enum-conversion warning (Raju Rangoju) [1961374]
  • net: ethernet: chelsio: inline_crypto: Mundane typos fixed throughout the file chcr_ktls.c (Raju Rangoju) [1961374]
  • ch_ipsec: Remove initialization of rxq related data (Raju Rangoju) [1961388]
  • ch_ktls: fix build warning for ipv4-only config (Raju Rangoju) [1961374]
  • ch_ktls: lock is not freed (Raju Rangoju) [1961374]
  • ch_ktls: stop the txq if reaches threshold (Raju Rangoju) [1961374]
  • ch_ktls: tcb update fails sometimes (Raju Rangoju) [1961374]
  • ch_ktls/cxgb4: handle partial tag alone SKBs (Raju Rangoju) [1961374]
  • ch_ktls: dont free skb before sending FIN (Raju Rangoju) [1961374]
  • ch_ktls: packet handling prior to start marker (Raju Rangoju) [1961374]
  • ch_ktls: Correction in middle record handling (Raju Rangoju) [1961374]
  • ch_ktls: missing handling of header alone (Raju Rangoju) [1961374]
  • ch_ktls: Correction in trimmed_len calculation (Raju Rangoju) [1961374]
  • cxgb4/ch_ktls: creating skbs causes panic (Raju Rangoju) [1961374]
  • ch_ktls: Update cheksum information (Raju Rangoju) [1961374]
  • ch_ktls: Correction in finding correct length (Raju Rangoju) [1961374]
  • cxgb4/ch_ktls: decrypted bit is not enough (Raju Rangoju) [1961374]
  • cxgb4/ch_ipsec: Replace the module name to ch_ipsec from chcr (Raju Rangoju) [1961388]
  • cxgb4/ch_ktls: ktls stats are added at port level (Raju Rangoju) [1961374]
  • ch_ktls: Issue if connection offload fails (Raju Rangoju) [1961374]
  • chelsio/chtls: Re-add dependencies on CHELSIO_T4 to fix modular CHELSIO_T4 (Raju Rangoju) [1961388]
  • chelsio/chtls: CHELSIO_INLINE_CRYPTO should depend on CHELSIO_T4 (Raju Rangoju) [1961388]
  • crypto: chelsio - fix minor indentation issue (Raju Rangoju) [1961368]
  • crypto/chcr: move nic TLS functionality to drivers/net (Raju Rangoju) [1961368]
  • cxgb4/ch_ipsec: Registering xfrmdev_ops with cxgb4 (Raju Rangoju) [1961388]
  • crypto/chcr: Moving chelsios inline ipsec functionality to /drivers/net (Raju Rangoju) [1961368]
  • chelsio/chtls: separate chelsio tls driver from crypto driver (Raju Rangoju) [1961368]
  • crypto: chelsio - Fix some pr_xxx messages (Raju Rangoju) [1961368]
  • crypto: chelsio - Avoid some code duplication (Raju Rangoju) [1961368]
  • crypto: drivers - set the flag CRYPTO_ALG_ALLOCATES_MEMORY (Raju Rangoju) [1961368]
  • crypto: aead - remove useless setting of type flags (Raju Rangoju) [1961368]
  • crypto: Replace zero-length array with flexible-array (Raju Rangoju) [1961368]
  • [Crypto] treewide: replace ‘—help—’ in Kconfig files with ‘help’ (Raju Rangoju) [1961368]
  • Crypto/chcr: Checking cra_refcnt before unregistering the algorithms (Raju Rangoju) [1961368]
  • Crypto/chcr: Calculate src and dst sg lengths separately for dma map (Raju Rangoju) [1961368]
  • Crypto/chcr: Fixes a coccinile check error (Raju Rangoju) [1961368]
  • Crypto/chcr: Fixes compilations warnings (Raju Rangoju) [1961368]
  • crypto/chcr: IPV6 code needs to be in CONFIG_IPV6 (Raju Rangoju) [1961368]
  • crypto: lib/sha1 - remove unnecessary includes of linux/cryptohash.h (Raju Rangoju) [1961368]
  • Crypto/chcr: fix for hmac(sha) test fails (Raju Rangoju) [1961368]
  • Crypto/chcr: fix for ccm(aes) failed test (Raju Rangoju) [1961368]
  • Crypto/chcr: fix ctr, cbc, xts and rfc3686-ctr failed tests (Raju Rangoju) [1961368]
  • crypto: chelsio - remove redundant assignment to variable error (Raju Rangoju) [1961368]
  • chcr: Fix CPU hard lockup (Raju Rangoju) [1961368]
  • crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN (Raju Rangoju) [1961368]
  • crypto: chelsio - switch to skcipher API (Raju Rangoju) [1961368]
  • crypto: chelsio - Remove VLA usage of skcipher (Raju Rangoju) [1961368]
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Related for ELSA-2021-4356