Lucene search

K
oraclelinuxOracleLinuxELSA-2021-9452
HistorySep 21, 2021 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2021-09-2100:00:00
linux.oracle.com
71

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

64.9%

[4.14.35-2047.507.7.4]

  • KVM: x86: Check kvm_rebooting in kvm_spurious_fault() (Sean Christopherson) [Orabug: 33362693]
    [4.14.35-2047.507.7.3]
  • arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Dave Kleikamp) [Orabug: 33354710]
    [4.14.35-2047.507.7.2]
  • net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Phillip Potter) [Orabug: 33337449]
  • ip: Manual backport of pskb_inet_may_pull() (Hakon Bugge) [Orabug: 33337449]
  • Revert Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Hakon Bugge) [Orabug: 33337449]
    [4.14.35-2047.507.7.1]
  • RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33306519]
  • Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Somasundaram Krishnasamy) [Orabug: 33323390]
    [4.14.35-2047.507.7]
  • xen-acpi-processor: fix coordination type mismatch (Elena Ufimtseva) [Orabug: 33296813]
  • Revert mm: memcontrol: eliminate raw access to stat and event counters (Ritika Srivastava) [Orabug: 33254727]
  • Revert mm: memcontrol: implement lruvec stat functions on top of each other (Ritika Srivastava) [Orabug: 33254727]
  • KVM: do not allow mapping valid but non-reference-counted pages (Nicholas Piggin) [Orabug: 33054089] {CVE-2021-22543} {CVE-2021-22543}
  • ocfs2: issue zeroout to EOF blocks (Junxiao Bi) [Orabug: 32974988]
  • ocfs2: fix zero out valid data (Junxiao Bi) [Orabug: 32974988]
    [4.14.35-2047.507.6]
  • xen-netback: do not kfree_skb() when irq is disabled (Dongli Zhang) [Orabug: 33277336]
  • rds: ib: Set SEND_SIGNALED on the last WR posted (Hakon Bugge) [Orabug: 33253068]
  • uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33246581]
  • scsi: lpfc: Fix crash due to port reset racing vs adapter error handling (James Smart) [Orabug: 33213341]
  • xfs: dont drain buffer lru on freeze and read-only remount (Brian Foster) [Orabug: 33141334]
  • xfs: rename xfs_wait_buftarg() to xfs_buftarg_drain() (Brian Foster) [Orabug: 33141334]
  • Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (Alexander Larkin) [Orabug: 33114988] {CVE-2021-3612}
  • rds: fix statistics counters and check for memory leak (Hans Westgaard Ry) [Orabug: 31372381]
  • dsc-drivers: update for 1.15.9-C-32 (Shannon Nelson) [Orabug: 33281086]
  • dts/pensando: creating reserved dma memory pool for mnet devices (Neel Patel) [Orabug: 33281086]
  • pcie: rm pcie register access message (#256) (Brad Smith) [Orabug: 33281086]
  • drivers: updates for 1.15.9-C-28 (Shannon Nelson) [Orabug: 33281086]
    [4.14.35-2047.507.5]
  • rds_rdma: add missing rds_ib_cm_handle_connect tracepoint (Alan Maguire) [Orabug: 33243560]
  • KVM: SVM: use vmsave/vmload for saving/restoring additional host state (Michael Roth) [Orabug: 33225761]
  • KVM: SVM: Use asm goto to handle unexpected #UD on SVM instructions (Sean Christopherson) [Orabug: 33225761]
  • kvm: svm/avic: Do not send AVIC doorbell to self (Suthikulpanit, Suravee) [Orabug: 33225761]
  • svm/avic: Fix invalidate logical APIC id entry (Suthikulpanit, Suravee) [Orabug: 33225761]
  • svm: Fix improper check when deactivate AVIC (Suthikulpanit, Suravee) [Orabug: 33225761]
  • svm: Fix AVIC DFR and LDR handling (Suthikulpanit, Suravee) [Orabug: 33225761]
  • scsi: qla2xxx: Add heartbeat check (Quinn Tran) [Orabug: 33116624]
  • scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (Baokun Li) [Orabug: 33116624]
  • scsi: qla2xxx: Remove duplicate declarations (Shaokun Zhang) [Orabug: 33116624]
  • scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (Daniel Wagner) [Orabug: 33116624]
  • scsi: qla2xxx: Remove redundant assignment to rval (Jiapeng Chong) [Orabug: 33116624]
  • scsi: qla2xxx: Prevent PRLI in target mode (Anastasia Kovaleva) [Orabug: 33116624]
  • scsi: qla2xxx: Add marginal path handling support (Bikash Hazarika) [Orabug: 33116624]
  • scsi: qla2xxx: Reserve extra IRQ vectors (Roman Bolshakov) [Orabug: 33116624]
  • scsi: qla2xxx: Reuse existing error handling path (Christophe JAILLET) [Orabug: 33116624]
  • scsi: qla2xxx: Remove unneeded if-null-free check (Qiheng Lin) [Orabug: 33116624]
  • scsi: qla2xxx: Update version to 10.02.00.106-k (Nilesh Javali) [Orabug: 33116624]
  • scsi: qla2xxx: Update default AER debug mask (Quinn Tran) [Orabug: 33116624]
  • scsi: qla2xxx: Fix mailbox recovery during PCIe error (Quinn Tran) [Orabug: 33116624]
  • scsi: qla2xxx: Fix crash in PCIe error handling (Quinn Tran) [Orabug: 33116624]
  • scsi: qla2xxx: Fix RISC RESET completion polling (Quinn Tran) [Orabug: 33116624]
  • scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (Arun Easi) [Orabug: 33116624]
  • scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe (Quinn Tran) [Orabug: 33116624]
  • scsi: qla2xxx: Fix stuck session (Quinn Tran) [Orabug: 33116624]
  • scsi: qla2xxx: Add H:C:T info in the log message for fc ports (Arun Easi) [Orabug: 33116624]
  • scsi: qla2xxx: Fix IOPS drop seen in some adapters (Arun Easi) [Orabug: 33116624]
  • scsi: qla2xxx: Check kzalloc() return value (Bart Van Assche) [Orabug: 33116624]
  • scsi: qla2xxx: Simplify qla8044_minidump_process_control() (Bart Van Assche) [Orabug: 33116624]
  • scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (Bart Van Assche) [Orabug: 33116624]
  • scsi: qla2xxx: Fix endianness annotations (Bart Van Assche) [Orabug: 33116624]
  • scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (Bart Van Assche) [Orabug: 33116624]
  • scsi: qla2xxx: Use dma_pool_zalloc() (Wang Qing) [Orabug: 33116624]
  • scsi: qla2xxx: Fix a couple of misdocumented functions (Lee Jones) [Orabug: 33116624]
  • scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (Lee Jones) [Orabug: 33116624]
  • scsi: qla2xxx: Fix a couple of misnamed functions (Lee Jones) [Orabug: 33116624]
  • scsi: qla2xxx: Fix some incorrect formatting/spelling issues (Lee Jones) [Orabug: 33116624]
  • scsi: qla2xxx: Replace __qla2x00_marker()s missing underscores (Lee Jones) [Orabug: 33116624]
  • scsi: qla2xxx: Simplify if statement (Jiapeng Chong) [Orabug: 33116624]
  • scsi: qla2xxx: Simplify the calculation of variables (Jiapeng Zhong) [Orabug: 33116624]
  • scsi: qla2xxx: Fix some memory corruption (Dan Carpenter) [Orabug: 33116624]
  • scsi: qla2xxx: Remove redundant NULL check (Yang Li) [Orabug: 33116624]
  • scsi: qla2xxx: Remove unnecessary NULL check (Dan Carpenter) [Orabug: 33116624]
  • scsi: qla2xxx: Assign boolean values to a bool variable (Jiapeng Zhong) [Orabug: 33116624]
  • scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (Hannes Reinecke) [Orabug: 33116624]
  • scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (Enzo Matsumiya) [Orabug: 33116624]
  • scsi: qla2xxx: Update version to 10.02.00.105-k (Nilesh Javali) [Orabug: 33116624]
  • scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (Saurav Kashyap) [Orabug: 33116624]
  • scsi: qla2xxx: Fix mailbox Ch erroneous error (Quinn Tran) [Orabug: 33116624]
  • scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (Bikash Hazarika) [Orabug: 33116624]
  • scsi: qla2xxx: Move some messages from debug to normal log level (Saurav Kashyap) [Orabug: 33116624]
  • scsi: qla2xxx: Add error counters to debugfs node (Saurav Kashyap) [Orabug: 33116624]
  • scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (Saurav Kashyap) [Orabug: 33116624]
  • scsi: qla2xxx: Update version to 10.02.00.104-k (Nilesh Javali) [Orabug: 33116624]
  • scsi: qla2xxx: Fix device loss on 4G and older HBAs (Arun Easi) [Orabug: 33116624]
  • scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (Saurav Kashyap) [Orabug: 33116624]
  • scsi: qla2xxx: Fix the call trace for flush workqueue (Saurav Kashyap) [Orabug: 33116624]
  • scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (Arun Easi) [Orabug: 33116624]
  • scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (Saurav Kashyap) [Orabug: 33116624]
  • scsi: qla2xxx: Fix N2N and NVMe connect retry failure (Quinn Tran) [Orabug: 33116624]
  • scsi: qla2xxx: Fix FW initialization error on big endian machines (Arun Easi) [Orabug: 33116624]
  • scsi: qla2xxx: Fix compilation issue in PPC systems (Arun Easi) [Orabug: 33116624]
  • scsi: qla2xxx: Dont check for fw_started while posting NVMe command (Saurav Kashyap) [Orabug: 33116624]
  • scsi: qla2xxx: Tear down session if FW say it is down (Quinn Tran) [Orabug: 33116624]
  • scsi: qla2xxx: Limit interrupt vectors to number of CPUs (Quinn Tran) [Orabug: 33116624]
  • scsi: qla2xxx: Change post del message from debug level to log level (Saurav Kashyap) [Orabug: 33116624]
  • scsi: qla2xxx: Remove trailing semicolon in macro definition (Tom Rix) [Orabug: 33116624]
  • scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (Ahmed S. Darwish) [Orabug: 33116624]
  • scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (Ahmed S. Darwish) [Orabug: 33116624]
  • scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (Ahmed S. Darwish) [Orabug: 33116624]
  • scsi: Remove unneeded break statements (Tom Rix) [Orabug: 33116624]
  • scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (Muneendra Kumar) [Orabug: 33116624]
  • scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (Muneendra Kumar) [Orabug: 33116624]
  • scsi: core: No retries on abort success (Muneendra Kumar) [Orabug: 33116624]
  • scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (Muneendra Kumar) [Orabug: 33116624]
    [4.14.35-2047.507.4]
  • drivers: updated for 1.15.9.26 (Shannon Nelson) [Orabug: 33235357]
  • XFS: code enhancement to help debug (Wengang Wang) [Orabug: 33186644]
  • KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (Maxim Levitsky) [Orabug: 33234941] {CVE-2021-3656} {CVE-2021-3656}
  • KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (Maxim Levitsky) [Orabug: 33234967] {CVE-2021-3653} {CVE-2021-3653}
    [4.14.35-2047.507.3]
  • drivers: updates for 1.15.9.21 (Shannon Nelson) [Orabug: 33220300]
  • Revert rds/ib: reap tx completions during connection shutdown (Manjunath Patil) [Orabug: 33220435]
  • Revert rds/ib: handle posted ACK during connection shutdown (Manjunath Patil) [Orabug: 33220435]
  • Revert rds/ib: recover rds connection from interrupt loss scenario (Manjunath Patil) [Orabug: 33220435]
  • Revert rds/ib: move rds_ib_clear_irq_miss() to .h file (Manjunath Patil) [Orabug: 33220435]
  • NFS: Dont call generic_error_remove_page() while holding locks (Trond Myklebust) [Orabug: 33213898]
  • ip6_gre: proper dev_{hold|put} in ndo_[un]init methods (aloktiw) [Orabug: 33179252]
  • ifb: fix packets checksum (Jon Maxwell) [Orabug: 33145562]
  • Linux 4.14.239 (Greg Kroah-Hartman)
  • xen/events: reset active flag for lateeoi events later (Juergen Gross)
  • kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (Petr Mladek)
  • kthread_worker: split code for canceling the delayed work timer (Petr Mladek)
  • kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit (Sean Young)
  • drm/nouveau: fix dma_address check for CPU/GPU sync (Christian Konig)
  • scsi: sr: Return appropriate error code when disk is ejected (ManYi Li)
  • mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() (Hugh Dickins)
  • mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes (Hugh Dickins)
  • mm: page_vma_mapped_walk(): get vma_address_end() earlier (Hugh Dickins)
  • mm: page_vma_mapped_walk(): use goto instead of while (1) (Hugh Dickins)
  • mm: page_vma_mapped_walk(): add a level of indentation (Hugh Dickins)
  • mm: page_vma_mapped_walk(): crossing page table boundary (Hugh Dickins)
  • mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block (Hugh Dickins)
  • mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd (Hugh Dickins)
  • mm: page_vma_mapped_walk(): settle PageHuge on entry (Hugh Dickins)
  • mm: page_vma_mapped_walk(): use page for pvmw->page (Hugh Dickins)
  • mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split (Yang Shi)
  • mm/thp: fix page_address_in_vma() on file THP tails (Jue Wang)
  • mm/thp: fix vma_address() if virtual address below file offset (Hugh Dickins)
  • mm/thp: try_to_unmap() use TTU_SYNC for safe splitting (Hugh Dickins)
  • mm/rmap: use page_not_mapped in try_to_unmap() (Miaohe Lin)
  • mm/rmap: remove unneeded semicolon in page_not_mapped() (Miaohe Lin)
  • mm: add VM_WARN_ON_ONCE_PAGE() macro (Alex Shi)
  • include/linux/mmdebug.h: make VM_WARN* non-rvals (Michal Hocko)
    [4.14.35-2047.507.2]
  • uek-rpm: mark /etc/ld.so.conf.d/ files as %config (Stephen Brennan) [Orabug: 33186981]
  • rds: Congestion tracepoints should be enabled by default (Greg Jumper) [Orabug: 33145670]
  • Linux 4.14.238 (Sasha Levin)
  • i2c: robotfuzz-osif: fix control-request directions (Johan Hovold)
  • nilfs2: fix memory leak in nilfs_sysfs_delete_device_group (Pavel Skripkin)
  • pinctrl: stm32: fix the reported number of GPIO lines per bank (Fabien Dessenne)
  • net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY (Esben Haabendal)
  • net: qed: Fix memcpy() overflow of qed_dcbx_params() (Kees Cook)
  • r8169: Avoid memcpy() over-reading of ETH_SS_STATS (Kees Cook)
  • sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS (Kees Cook)
  • r8152: Avoid memcpy() over-reading of ETH_SS_STATS (Kees Cook)
  • net/packet: annotate accesses to po->ifindex (Eric Dumazet)
  • net/packet: annotate accesses to po->bind (Eric Dumazet)
  • net: caif: fix memory leak in ldisc_open (Pavel Skripkin)
  • inet: annotate date races around sk->sk_txhash (Eric Dumazet)
  • ping: Check return value of function ping_queue_rcv_skb (Zheng Yongjun)
  • mac80211: drop multicast fragments (Johannes Berg)
  • cfg80211: call cfg80211_leave_ocb when switching away from OCB (Du Cheng)
  • mac80211: remove warning in ieee80211_get_sband() (Johannes Berg)
  • Revert PCI: PM: Do not read power state in pci_enable_device_flags() (Rafael J. Wysocki)
  • arm64: perf: Disable PMU while processing counter overflows (Suzuki K Poulose)
  • MIPS: generic: Update node names to avoid unit addresses (Nathan Chancellor)
  • Makefile: Move -Wno-unused-but-set-variable out of GCC only block (Nathan Chancellor)
  • ARM: 9081/1: fix gcc-10 thumb2-kernel regression (Arnd Bergmann)
  • drm/radeon: wait for moving fence after pinning (Christian Konig)
  • drm/nouveau: wait for moving fence after pinning v2 (Christian Konig)
  • x86/fpu: Reset state for all signal restore failures (Thomas Gleixner)
  • unfuck sysfs_mount() (Al Viro)
  • kernfs: deal with kernfs_fill_super() failures (Al Viro)
  • usb: dwc3: core: fix kernel panic when do reboot (Peter Chen)
  • inet: use bigger hash table for IP ID generation (Eric Dumazet)
  • can: bcm/raw/isotp: use per module netdevice notifier (Tetsuo Handa)
  • net: fec_ptp: add clock rate zero check (Fugang Duan)
  • mm/slub.c: include swab.h (Andrew Morton)
  • net: bridge: fix vlan tunnel dst refcnt when egressing (Nikolay Aleksandrov)
  • net: bridge: fix vlan tunnel dst null pointer dereference (Nikolay Aleksandrov)
  • dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (Bumyong Lee)
  • ARCv2: save ABI registers across signal handling (Vineet Gupta)
  • PCI: Work around Huawei Intelligent NIC VF FLR erratum (Chiqijun)
  • PCI: Add ACS quirk for Broadcom BCM57414 NIC (Sriharsha Basavapatna)
  • PCI: Mark some NVIDIA GPUs to avoid bus reset (Shanker Donthineni)
  • PCI: Mark TI C667X to avoid bus reset (Antti Jarvinen)
  • tracing: Do no increment trace_clock_global() by one (Steven Rostedt (VMware))
  • tracing: Do not stop recording comms if the trace file is being read (Steven Rostedt (VMware))
  • tracing: Do not stop recording cmdlines when tracing is off (Steven Rostedt (VMware))
  • usb: core: hub: Disable autosuspend for Cypress CY7C65632 (Andrew Lunn)
  • can: mcba_usb: fix memory leak in mcba_usb (Pavel Skripkin)
  • hwmon: (scpi-hwmon) shows the negative temperature properly (Riwen Lu)
  • radeon: use memcpy_to/fromio for UVD fw upload (Chen Li)
  • net: ethernet: fix potential use-after-free in ec_bhf_remove (Pavel Skripkin)
  • icmp: dont send out ICMP messages with a source address of 0.0.0.0 (Toke Hoiland-Jorgensen)
  • net: cdc_eem: fix tx fixup skb leak (Linyu Yuan)
  • net: hamradio: fix memory leak in mkiss_close (Pavel Skripkin)
  • be2net: Fix an error handling path in be_probe() (Christophe JAILLET)
  • net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (Eric Dumazet)
  • net: ipv4: fix memory leak in ip_mc_add1_src (Chengyang Fan)
  • net: usb: fix possible use-after-free in smsc75xx_bind (Dongliang Mu)
  • net: cdc_ncm: switch to eth%d interface naming (Maciej zenczykowski)
  • netxen_nic: Fix an error handling path in netxen_nic_probe() (Christophe JAILLET)
  • qlcnic: Fix an error handling path in qlcnic_probe() (Christophe JAILLET)
  • net: stmmac: dwmac1000: Fix extended MAC address registers definition (Jisheng Zhang)
  • alx: Fix an error handling path in alx_probe() (Christophe JAILLET)
  • netfilter: synproxy: Fix out of bounds when parsing TCP options (Maxim Mikityanskiy)
  • rtnetlink: Fix regression in bridge VLAN configuration (Ido Schimmel)
  • udp: fix race between close() and udp_abort() (Paolo Abeni)
  • net: rds: fix memory leak in rds_recvmsg (Pavel Skripkin)
  • net: ipv4: fix memory leak in netlbl_cipsov4_add_std (Nanyong Sun)
  • batman-adv: Avoid WARN_ON timing related checks (Sven Eckelmann)
  • mm/memory-failure: make sure wait for page writeback in memory_failure (yangerkun)
  • dmaengine: stedma40: add missing iounmap() on error in d40_probe() (Yang Yingliang)
  • dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (Randy Dunlap)
  • dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (Randy Dunlap)
  • fib: Return the correct errno code (Zheng Yongjun)
  • net: Return the correct errno code (Zheng Yongjun)
  • net/x25: Return the correct errno code (Zheng Yongjun)
  • rtnetlink: Fix missing error code in rtnl_bridge_notify() (Jiapeng Chong)
  • net: ipconfig: Dont override command-line hostnames or domains (Josh Triplett)
  • nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() (Hannes Reinecke)
  • nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails (Hannes Reinecke)
  • nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() (Hannes Reinecke)
  • ethernet: myri10ge: Fix missing error code in myri10ge_probe() (Jiapeng Chong)
  • scsi: target: core: Fix warning on realtime kernels (Maurizio Lombardi)
  • gfs2: Fix use-after-free in gfs2_glock_shrink_scan (Hillf Danton)
  • HID: gt683r: add missing MODULE_DEVICE_TABLE (Bixuan Cui)
  • ARM: OMAP2+: Fix build warning when mmc_omap is not built (Yongqiang Liu)
  • HID: usbhid: fix info leak in hid_submit_ctrl (Anirudh Rayabharam)
  • HID: Add BUS_VIRTUAL to hid_connect logging (Mark Bolhuis)
  • HID: hid-sensor-hub: Return error for hid_set_field() failure (Srinivas Pandruvada)
  • net: ieee802154: fix null deref in parse dev addr (Dan Robertson)
  • Linux 4.14.237 (Greg Kroah-Hartman)
  • proc: only require mm_struct for writing (Linus Torvalds)
  • tracing: Correct the length check which causes memory corruption (Liangyan)
  • ftrace: Do not blindly read the ip address in ftrace_bug() (Steven Rostedt (VMware))
  • scsi: core: Only put parent device if host state differs from SHOST_CREATED (Ming Lei)
  • scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (Ming Lei)
  • scsi: core: Fix error handling of scsi_host_alloc() (Ming Lei)
  • NFS: Fix use-after-free in nfs4_init_client() (Anna Schumaker)
  • kvm: fix previous commit for 32-bit builds (Paolo Bonzini)
  • perf session: Correct buffer copying when peeking events (Leo Yan)
  • NFS: Fix a potential NULL dereference in nfs_get_client() (Dan Carpenter)
  • perf: Fix data race between pin_count increment/decrement (Marco Elver)
  • regulator: max77620: Use device_set_of_node_from_dev() (Dmitry Osipenko)
  • regulator: core: resolve supply for boot-on/always-on regulators (Dmitry Baryshkov)
  • usb: fix various gadget panics on 10gbps cabling (Maciej zenczykowski)
  • usb: fix various gadgets null ptr deref on 10gbps cabling. (Maciej zenczykowski)
  • usb: gadget: eem: fix wrong eem header operation (Linyu Yuan)
  • USB: serial: quatech2: fix control-request directions (Johan Hovold)
  • USB: serial: omninet: add device id for Zyxel Omni 56K Plus (Alexandre GRIVEAUX)
  • USB: serial: ftdi_sio: add NovaTech OrionMX product ID (George McCollister)
  • usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (Wesley Cheng)
  • usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (Mayank Rana)
  • usb: dwc3: ep0: fix NULL pointer exception (Marian-Cristian Rotariu)
  • USB: f_ncm: ncm_bitrate (speed) is unsigned (Maciej zenczykowski)
  • cgroup1: dont allow
    in renaming (Alexander Kuznetsov)
  • btrfs: return value from btrfs_mark_extent_written() in case of error (Ritesh Harjani)
  • staging: rtl8723bs: Fix uninitialized variables (Wenli Looi)
  • kvm: avoid speculation-based attacks from out-of-range memslot accesses (Paolo Bonzini)
  • drm: Lock pointer access in drm_master_release() (Desmond Cheong Zhi Xi)
  • drm: Fix use-after-free read in drm_getunique() (Desmond Cheong Zhi Xi)
  • i2c: mpc: implement erratum A-004447 workaround (Chris Packham)
  • i2c: mpc: Make use of i2c_recover_bus() (Chris Packham)
  • powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers (Chris Packham)
  • powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers (Chris Packham)
  • bnx2x: Fix missing error code in bnx2x_iov_init_one() (Jiapeng Chong)
  • MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER (Tiezhu Yang)
  • net: appletalk: cops: Fix data race in cops_probe1 (Saubhik Mukherjee)
  • net: macb: ensure the device is available before accessing GEMGXL control registers (Zong Li)
  • scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (Dmitry Bogdanov)
  • scsi: vmw_pvscsi: Set correct residual data length (Matt Wang)
  • net/qla3xxx: fix schedule while atomic in ql_sem_spinlock (Zheyu Ma)
  • wq: handle VM suspension in stall detection (Sergey Senozhatsky)
  • cgroup: disable controllers at parse time (Shakeel Butt)
  • net: mdiobus: get rid of a BUG_ON() (Dan Carpenter)
  • netlink: disable IRQs for netlink_lock_table() (Johannes Berg)
  • bonding: init notify_work earlier to avoid uninitialized use (Johannes Berg)
  • isdn: mISDN: netjet: Fix crash in nj_probe: (Zheyu Ma)
  • ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (Zou Wei)
  • net/nfc/rawsock.c: fix a permission check bug (Jeimon)
  • proc: Track /proc//attr/ opener mm_struct (Kees Cook)
  • rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33150437]
  • rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug: 33150414]
  • rds/ib: update mr incarnation after forming inv wr (Manjunath Patil) [Orabug: 33177350]
  • can: bcm: delay release of struct bcm_op after synchronize_rcu() (Thadeu Lima de Souza Cascardo) [Orabug: 33114648] {CVE-2021-3609}
    [4.14.35-2047.507.1]
  • can: bcm: fix infoleak in struct bcm_msg_head (Norbert Slusarek) [Orabug: 33030700] {CVE-2021-34693}
  • Linux 4.14.236 (Greg Kroah-Hartman)
  • xen-pciback: redo VF placement in the virtual topology (Jan Beulich)
  • sched/fair: Optimize select_idle_cpu (Cheng Jian)
  • KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode (Sean Christopherson)
  • bnxt_en: Remove the setting of dev_port. (Michael Chan)
  • bpf: No need to simulate speculative domain for immediates (Daniel Borkmann)
  • bpf: Fix mask direction swap upon off reg sign change (Daniel Borkmann)
  • bpf: Wrap aux data inside bpf_sanitize_info container (Daniel Borkmann)
  • bpf: Fix leakage of uninitialized bpf stack under speculation (Daniel Borkmann)
  • selftests/bpf: make dubious pointer arithmetic test useful (Alexei Starovoitov)
  • selftests/bpf: fix test_align (Alexei Starovoitov)
  • bpf/verifier: disallow pointer subtraction (Alexei Starovoitov)
  • bpf: Update selftests to reflect new error states (Daniel Borkmann)
  • bpf: Tighten speculative pointer arithmetic mask (Daniel Borkmann)
  • bpf: Move sanitize_val_alu out of op switch (Daniel Borkmann)
  • bpf: Refactor and streamline bounds check into helper (Daniel Borkmann)
  • bpf: Improve verifier error messages for users (Daniel Borkmann)
  • bpf: Rework ptr_limit into alu_limit and add common error path (Daniel Borkmann)
  • bpf: Ensure off_reg has no mixed signed bounds for all types (Daniel Borkmann)
  • bpf: Move off_reg into sanitize_ptr_alu (Daniel Borkmann)
  • bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk)
  • mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY (Mina Almasry)
  • btrfs: fixup error handling in fixup_inode_link_counts (Josef Bacik)
  • btrfs: fix error handling in btrfs_del_csums (Josef Bacik)
  • nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (Krzysztof Kozlowski)
  • ocfs2: fix data corruption by fallocate (Junxiao Bi)
  • pid: take a reference when initializing (Mark Rutland)
  • ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (Ye Bin)
  • ALSA: timer: Fix master timer notification (Takashi Iwai)
  • net: caif: fix memory leak in cfusbl_device_notify (Pavel Skripkin)
  • net: caif: fix memory leak in caif_device_notify (Pavel Skripkin)
  • net: caif: add proper error handling (Pavel Skripkin)
  • net: caif: added cfserl_release function (Pavel Skripkin)
  • ieee802154: fix error return code in ieee802154_llsec_getparams() (Wei Yongjun)
  • ieee802154: fix error return code in ieee802154_add_iface() (Zhen Lei)
  • netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches (Pablo Neira Ayuso)
  • HID: i2c-hid: fix format string mismatch (Arnd Bergmann)
  • HID: pidff: fix error return code in hid_pidff_init() (Zhen Lei)
  • ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service (Julian Anastasov)
  • vfio/platform: fix module_put call in error flow (Max Gurtovoy)
  • vfio/pci: zap_vma_ptes() needs MMU (Randy Dunlap)
  • vfio/pci: Fix error return code in vfio_ecap_init() (Zhen Lei)
  • efi: cper: fix snprintf() use in cper_dimm_err_location() (Rasmus Villemoes)
  • efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (Heiner Kallweit)
  • net: usb: cdc_ncm: dont spew notifications (Grant Grundler)
  • Linux 4.14.235 (Greg Kroah-Hartman)
  • usb: core: reduce power-on-good delay time of root hub (Chunfeng Yun)
  • drivers/net/ethernet: clean up unused assignments (Jesse Brandeburg)
  • hugetlbfs: hugetlb_fault_mutex_hash() cleanup (Mike Kravetz)
  • MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c (Randy Dunlap)
  • MIPS: alchemy: xxs1500: add gpio-au1000.h header file (Randy Dunlap)
  • sch_dsmark: fix a NULL deref in qdisc_reset() (Taehee Yoo)
  • ipv6: record frag_max_size in atomic fragments in input path (Francesco Ruggeri)
  • scsi: libsas: Use _safe() loop in sas_resume_port() (Dan Carpenter)
  • ixgbe: fix large MTU request from VF (Jesse Brandeburg)
  • bpf: Set mac_len in bpf_skb_change_head (Jussi Maki)
  • ASoC: cs35l33: fix an error code in probe() (Dan Carpenter)
  • staging: emxx_udc: fix loop in _nbu2ss_nuke() (Dan Carpenter)
  • mld: fix panic in mld_newpack() (Taehee Yoo)
  • net: bnx2: Fix error return code in bnx2_init_board() (Zhen Lei)
  • net: mdio: octeon: Fix some double free issues (Christophe JAILLET)
  • net: mdio: thunder: Fix a double free issue in the .remove function (Christophe JAILLET)
  • net: netcp: Fix an error message (Christophe JAILLET)
  • drm/amdgpu: Fix a use-after-free (xinhui pan)
  • SMB3: incorrect file id in requests compounded with open (Steve French)
  • platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (Andy Shevchenko)
  • platform/x86: hp-wireless: add AMDs hardware id to the supported list (Shyam Sundar S K)
  • btrfs: do not BUG_ON in link_to_fixup_dir (Josef Bacik)
  • openrisc: Define memory barrier mb (Peter Zijlstra)
  • scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (Matt Wang)
  • media: gspca: properly check for errors in po1030_probe() (Greg Kroah-Hartman)
  • media: dvb: Add check on sp8870_readreg return (Alaa Emad)
  • libertas: register sysfs groups properly (Greg Kroah-Hartman)
  • dmaengine: qcom_hidma: comment platform_driver_register call (Phillip Potter)
  • isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (Phillip Potter)
  • char: hpet: add checks after calling ioremap (Tom Seewald)
  • net: caif: remove BUG_ON(dev == NULL) in caif_xmit (Du Cheng)
  • net: fujitsu: fix potential null-ptr-deref (Anirudh Rayabharam)
  • serial: max310x: unregister uart driver in case of failure and abort (Atul Gopinathan)
  • platform/x86: hp_accel: Avoid invoking _INI to speed up resume (Kai-Heng Feng)
  • perf jevents: Fix getting maximum number of fds (Felix Fietkau)
  • i2c: i801: Dont generate an interrupt on bus reset (Jean Delvare)
  • i2c: s3c2410: fix possible NULL pointer deref on read message after write (Krzysztof Kozlowski)
  • tipc: skb_linearize the head skb when reassembling msgs (Xin Long)
  • Revert net:tipc: Fix a double free in tipc_sk_mcast_rcv (Hoang Le)
  • drm/meson: fix shutdown crash when component not probed (Neil Armstrong)
  • NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (Zhang Xiaoxu)
  • NFS: Dont corrupt the value of pg_bytes_written in nfs_do_recoalesce() (Trond Myklebust)
  • NFS: fix an incorrect limit in filelayout_decode_layout() (Dan Carpenter)
  • Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails (Thadeu Lima de Souza Cascardo)
  • net: usb: fix memory leak in smsc75xx_bind (Pavel Skripkin)
  • usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (Yoshihiro Shimoda)
  • USB: serial: pl2303: add device id for ADLINK ND-6530 GC (Zolton Jheng)
  • USB: serial: ftdi_sio: add IDs for IDS GmbH Products (Dominik Andreas Schorpp)
  • USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (Daniele Palmas)
  • USB: serial: ti_usb_3410_5052: add startech.com device id (Sean MacLennan)
  • serial: rp2: use request_firmware instead of request_firmware_nowait (Zheyu Ma)
  • serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (Geert Uytterhoeven)
  • USB: trancevibrator: fix control-request direction (Johan Hovold)
  • iio: adc: ad7793: Add missing error code in ad7793_setup() (YueHaibing)
  • staging: iio: cdc: ad7746: avoid overwrite of num_channels (Lucas Stankus)
  • mei: request autosuspend after sending rx flow control (Alexander Usyskin)
  • thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (Mathias Nyman)
  • misc/uss720: fix memory leak in uss720_probe (Dongliang Mu)
  • kgdb: fix gcc-11 warnings harder (Greg Kroah-Hartman)
  • dm snapshot: properly fix a crash when an origin has no snapshots (Mikulas Patocka)
  • ath10k: Validate first subframe of A-MSDU before processing the list (Sriram R)
  • mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong) {CVE-2020-24586} {CVE-2020-24587}
  • mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg)
  • mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg)
  • mac80211: check defrag PN against current frame (Johannes Berg)
  • mac80211: add fragment cache to sta_info (Johannes Berg)
  • mac80211: drop A-MSDUs on old ciphers (Johannes Berg) {CVE-2020-24588}
  • cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef) {CVE-2020-24588}
  • mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef)
  • mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef) {CVE-2020-24587} {CVE-2020-24586}
  • mac80211: assure all fragments are encrypted (Mathy Vanhoef) {CVE-2020-26147}
  • net: hso: fix control-request directions (Johan Hovold)
  • proc: Check /proc//attr/ writes against file opener (Kees Cook)
  • perf intel-pt: Fix transaction abort handling (Adrian Hunter)
  • perf intel-pt: Fix sample instruction bytes (Adrian Hunter)
  • iommu/vt-d: Fix sysfs leak in alloc_iommu() (Rolf Eike Beer)
  • NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (Anna Schumaker)
  • NFC: nci: fix memory leak in nci_allocate_device (Dongliang Mu)
  • usb: dwc3: gadget: Enable suspend events (Jack Pham)
  • scripts: switch explicitly to Python 3 (Andy Shevchenko)
  • tweewide: Fix most Shebang lines (Finn Behrens)
  • A/A Bonding: dev_hold/put() the delayed GARP work handlers netdev in rdmaip (Sharath Srinivasan) [Orabug: 33161269]
  • capmem: Mark the pages as non-readonly+dirty. (David Clear) [Orabug: 33155665]
  • Revert capmem: Mark the pages as non-readonly+dirty. (Dave Kleikamp) [Orabug: 33155665]
  • ionic: clean interrupt before enabling queue to avoid credit race (Shannon Nelson) [Orabug: 33155665]
  • scsi: core: Retry I/O for Notify (Enable Spinup) Required error (Quat Le) [Orabug: 33165871]
  • Revert x86/reboot: Force all cpus to exit VMX root if VMX is supported (Somasundaram Krishnasamy) [Orabug: 33156450]

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

64.9%