Lucene search

OracleLinuxELSA-2024-12275

HistoryApr 08, 2024 - 12:00 a.m.

Unbreakable Enterprise kernel-container security update

2024-04-0800:00:00

linux.oracle.com

kernel

security

update

kvm

x86

bug fixes

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

[5.4.17-2136.330.7.1.el8]

KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201}
x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201}
x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201}
x86/bhi: Enumerate Branch History Injection (BHI) bug (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201}
x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201}
x86/bhi: Add support for clearing branch history at syscall entry (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201}
x86/cpufeature: Add missing leaf enumeration (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201}
KVM: x86: Use a switch statement and macros in __feature_translate() (Jim Mattson) [Orabug: 36384803] {CVE-2024-2201}
KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Jim Mattson) [Orabug: 36384803] {CVE-2024-2201}
KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Sean Christopherson) [Orabug: 36384803] {CVE-2024-2201}
x86/bugs: Use sysfs_emit() (Borislav Petkov) [Orabug: 36384803] {CVE-2024-2201}
x86/speculation: Reorder SRSO and GDS functions (Alexandre Chartre) [Orabug: 36384803] {CVE-2024-2201}
KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (Jim Mattson) [Orabug: 36384803] {CVE-2024-2201}
KVM: x86: Move reverse CPUID helpers to separate header file (Ricardo Koller) [Orabug: 36384803] {CVE-2024-2201}
KVM: x86: Fix implicit enum conversion goof in scattered reverse CPUID code (Sean Christopherson) [Orabug: 36384803] {CVE-2024-2201}
KVM: x86: Add support for reverse CPUID lookup of scattered features (Sean Christopherson) [Orabug: 36384803] {CVE-2024-2201}
x86/msr: Define new bits in TSX_FORCE_ABORT MSR (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201}
objtool: Add asm version of STACK_FRAME_NON_STANDARD (Josh Poimboeuf) [Orabug: 36384803] {CVE-2024-2201}
objtool: Only include valid definitions depending on source file type (Julien Thierry) [Orabug: 36384803] {CVE-2024-2201}
[5.4.17-2136.330.7.el8]
Revert ‘x86/mm/ident_map: Use gbpages only where full GB page should be mapped.’ (Sherry Yang) [Orabug: 36409910]
arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts (Johan Hovold)
arm64: dts: qcom: add PDC interrupt controller for SDM845 (Lina Iyer)
hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta)
hv_netvsc: use netif_is_bond_master() instead of open code (Juhee Kang)
netfilter: nft_ct: fix l3num expectations with inet pseudo family (Florian Westphal)
[5.4.17-2136.330.6.el8]
eVM: x86: Drop kvm SRCU lock in kvm_vcpu_update_apicv (Alejandro Jimenez) [Orabug: 36329600]
KVM: x86: Handle APICv updates for APIC ‘mode’ changes via request (Sean Christopherson) [Orabug: 36329600]
blk-mq: fix system hang while doing cpu offline on domU (Shminderjit Singh) [Orabug: 36366420]
[5.4.17-2136.330.5.el8]
afs: Fix endless loop in directory parsing (David Howells)
netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() (Ignat Korchagin)
netfilter: nf_tables: set dormant flag on hook register failure (Florian Westphal)
scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (Guixin Liu) [Orabug: 36345168]
[5.4.17-2136.330.4.el8]
Revert ‘crypto: api - Disallow identical driver names’ (Saeed Mirzamohammadi) [Orabug: 36361379]
Fix null ptr in rds_tcp_recv_path (Allison Henderson) [Orabug: 35587415]
net/rds: print PPID/COMM of process doing user reset on RDS connection (Juan Garcia) [Orabug: 36248461]
[5.4.17-2136.330.3.el8]
uek: kabi: Add two new exported kABI symbols for ACFS and EDV (Saeed Mirzamohammadi) [Orabug: 36251861]
mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334309]
[5.4.17-2136.330.2.el8]
LTS tag: v5.4.269 (Alok Tiwari)
bpf: Add map and need_defer parameters to .map_fd_put_ptr() (Hou Tao)
of: gpio unittest kfree() wrong object (Frank Rowand)
of: unittest: fix EXPECT text for gpio hog errors (Frank Rowand)
net: bcmgenet: Fix EEE implementation (Florian Fainelli)
Revert ‘Revert ‘mtd: rawnand: gpmi: Fix setting busy timeout setting’’ (Max Krummenacher)
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (Dan Carpenter)
lsm: new security_file_ioctl_compat() hook (Alfred Piccioni)
drm/msm/dsi: Enable runtime PM (Konrad Dybcio)
PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (Douglas Anderson)
PM: runtime: add devm_pm_runtime_enable helper (Dmitry Baryshkov)
nilfs2: fix potential bug in end_buffer_async_write (Ryusuke Konishi)
sched/membarrier: reduce the ability to hammer on sys_membarrier (Linus Torvalds)
net: prevent mss overflow in skb_segment() (Eric Dumazet)
netfilter: ipset: Missing gc cancellations fixed (Jozsef Kadlecsik)
netfilter: ipset: fix performance regression in swap operation (Jozsef Kadlecsik)
KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (Oliver Upton)
mips: Fix max_mapnr being uninitialized on early stages (Serge Semin)
arch, mm: remove stale mentions of DISCONIGMEM (Mike Rapoport)
bus: moxtet: Add spi device table (Sjoerd Simons)
tracing: Inform kmemleak of saved_cmdlines allocation (Steven Rostedt (Google))
pmdomain: core: Move the unused cleanup to a _sync initcall (Konrad Dybcio)
can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) (Oleksij Rempel)
irqchip/irq-brcmstb-l2: Add write memory barrier before exit (Doug Berger)
nfp: flower: prevent re-adding mac index for bonded port (Daniel de Villiers)
nfp: use correct macro for LengthSelect in BAR config (Daniel Basilio)
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi)
nilfs2: fix data corruption in dsync block recovery for small block sizes (Ryusuke Konishi)
ALSA: hda/conexant: Add quirk for SWS JS201D (bo liu)
mmc: slot-gpio: Allow non-sleeping GPIO ro (Alexander Stein)
x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Steve Wahl)
x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (Aleksander Mazur)
serial: max310x: improve crystal stable clock detection (Hugo Villeneuve)
serial: max310x: set default value when reading clock ready bit (Hugo Villeneuve)
ring-buffer: Clean ring_buffer_poll_wait() error return (Vincent Donnefort)
iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC (zhili.liu)
staging: iio: ad5933: fix type mismatch regression (David Schiller)
tracing: Fix wasted memory in saved_cmdlines logic (Steven Rostedt (Google))
ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li)
misc: fastrpc: Mark all sessions as invalid in cb_remove (Ekansh Gupta)
binder: signal epoll threads of self-work (Carlos Llamas)
ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL (Edson Juliano Drosdeck)
xen-netback: properly sync TX responses (Jan Beulich)
nfc: nci: free rx_data_reassembly skb on NCI device cleanup (Fedor Pchelkin)
kbuild: Fix changing ELF file type for output of gen_btf for big endian (Nathan Chancellor)
firewire: core: correct documentation of fw_csr_string() kernel API (Takashi Sakamoto)
scsi: Revert ‘scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock’ (Lee Duncan)
i2c: i801: Fix block process call transactions (Jean Delvare)
i2c: i801: Remove i801_set_block_buffer_mode (Heiner Kallweit)
usb: f_mass_storage: forbid async queue when shutdown happen (yuan linyu)
USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (Oliver Neukum)
HID: wacom: Do not register input devices until after hid_hw_start (Jason Gerecke)
HID: wacom: generic: Avoid reporting a serial of ‘0’ to userspace (Tatsunosuke Tobita)
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Zach O’Keefe)
tracing/trigger: Fix to return error if failed to alloc snapshot (Masami Hiramatsu (Google))
i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera)
MIPS: Add ‘memory’ clobber to csum_ipv6_magic() inline assembler (Guenter Roeck)
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (Alexey Khoroshilov)
spi: ppc4xx: Drop write-only variable (Uwe Kleine-Konig)
of: unittest: Fix compile in the non-dynamic case (Christian A. Ehrhardt)
of: unittest: add overlay gpio test to catch gpio hog problem (Frank Rowand)
btrfs: send: return EOPNOTSUPP on unknown flags (David Sterba)
btrfs: forbid deleting live subvol qgroup (Boris Burkov)
btrfs: forbid creating subvol qgroups (Boris Burkov)
netfilter: nft_set_rbtree: skip end interval element from gc (Pablo Neira Ayuso)
net: stmmac: xgmac: fix a typo of register name in DPP safety handling (Furong Xu)
net: stmmac: xgmac: use #define for string constants (Simon Horman)
vhost: use kzalloc() instead of kmalloc() followed by memset() (Prathu Baronia)
Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (Hans de Goede)
USB: serial: cp210x: add ID for IMST iM871A-USB (Leonard Dallmayr)
USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e (JackBB Wu)
net/af_iucv: clean up a try_then_request_module() (Julian Wiedmann)
netfilter: nft_ct: reject direction for ct id (Pablo Neira Ayuso)
netfilter: nft_compat: restrict match/target protocol to u16 (Pablo Neira Ayuso)
netfilter: nft_compat: reject unused compat flag (Pablo Neira Ayuso)
ppp_async: limit MRU to 64K (Eric Dumazet)
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (Shigeru Yoshida)
rxrpc: Fix response to PING RESPONSE ACKs to a dead call (David Howells)
inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet)
hwmon: (coretemp) Fix bogus core_id to attr name mapping (Zhang Rui)
hwmon: (coretemp) Fix out-of-bounds memory access (Zhang Rui)
hwmon: (aspeed-pwm-tacho) mutex for tach reading (Loic Prylli)
atm: idt77252: fix a memleak in open_card_ubr0 (Zhipeng Lu)
selftests: net: avoid just another constant wait (Paolo Abeni)
net: stmmac: xgmac: fix handling of DPP safety error for DMA channels (Furong Xu)
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Tony Lindgren)
dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (Frank Li)
phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (Yoshihiro Shimoda)
dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA (Christophe JAILLET)
dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA (Christophe JAILLET)
bonding: remove print in bond_verify_device_path (Zhengchao Shao)
HID: apple: Add 2021 magic keyboard FN key mapping (Benjamin Berg)
HID: apple: Swap the Fn and Left Control keys on Apple keyboards (free5lot)
HID: apple: Add support for the 2021 Magic Keyboard (Alex Henrie)
net: sysfs: Fix /sys/class/net/
path (Breno Leitao)
af_unix: fix lockdep positive in sk_diag_dump_icons() (Eric Dumazet)
net: ipv4: fix a memleak in ip_setup_cork (Zhipeng Lu)
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Pablo Neira Ayuso)
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger (Pablo Neira Ayuso)
llc: call sock_orphan() at release time (Eric Dumazet)
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (Helge Deller)
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() (Christophe JAILLET)
ixgbe: Refactor overtemp event handling (Jedrzej Jagielski)
ixgbe: Refactor returning internal error codes (Jedrzej Jagielski)
ixgbe: Remove non-inclusive language (Piotr Skajewski)
net: remove unneeded break (Tom Rix)
scsi: isci: Fix an error code problem in isci_io_request_build() (Su Hui)
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (Edward Adam Davis)
perf: Fix the nr_addr_filters fix (Peter Zijlstra)
drm/amdgpu: Release ‘adev->pm.fw’ before return in ‘amdgpu_device_need_post()’ (Srinivasan Shanmugam)
ceph: fix deadlock or deadcode of misusing dget() (Xiubo Li)
blk-mq: fix IO hang from sbitmap wakeup race (Ming Lei)
virtio_net: Fix ‘’%d’ directive writing between 1 and 11 bytes into a region of size 10’ warnings (Zhu Yanjun)
libsubcmd: Fix memory leak in uniq() (Ian Rogers)
PCI/AER: Decode Requester ID when no error info found (Bjorn Helgaas)
fs/kernfs/dir: obey S_ISGID (Max Kellermann)
usb: hub: Replace hardcoded quirk value with BIT() macro (Hardik Gajjar)
PCI: switchtec: Fix stdev_release() crash after surprise hot remove (Daniel Stodden)
PCI: Only override AMD USB controller if required (Guilherme G. Piccoli)
mfd: ti_am335x_tscadc: Fix TI SoC dependencies (Peter Robinson)
i3c: master: cdns: Update maximum prescaler value for i2c clock (Harshit Shah)
um: net: Fix return type of uml_net_start_xmit() (Nathan Chancellor)
um: Don’t use vfprintf() for os_info() (Benjamin Berg)
um: Fix naming clash between UML and scheduler (Anton Ivanov)
leds: trigger: panic: Don’t register panic notifier if creating the trigger failed (Heiner Kallweit)
drm/amdgpu: Drop ‘fence’ check in ‘to_amdgpu_amdkfd_fence()’ (Srinivasan Shanmugam)
drm/amdgpu: Let KFD sync with VM fences (Felix Kuehling)
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() (Kuan-Wei Chiu)
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() (Kuan-Wei Chiu)
drm/msm/dpu: Ratelimit framedone timeout msgs (Rob Clark)
media: ddbridge: fix an error code problem in ddb_probe (Su Hui)
IB/ipoib: Fix mcast list locking (Daniel Vacek)
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (Douglas Anderson)
ALSA: hda: Intel: add HDA_ARL PCI ID support (Pierre-Louis Bossart)
PCI: add INTEL_HDA_ARL to pci_ids.h (Pierre-Louis Bossart)
media: rockchip: rga: fix swizzling for RGB formats (Michael Tretter)
media: stk1160: Fixed high volume of stk1160_dbg messages (Ghanshyam Agrawal)
drm/mipi-dsi: Fix detach call without attach (Tomi Valkeinen)
drm/framebuffer: Fix use of uninitialized variable (Tomi Valkeinen)
drm/drm_file: fix use of uninitialized variable (Tomi Valkeinen)
RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Jack Wang)
fast_dput(): handle underflows gracefully (Al Viro)
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (Cristian Ciocaltea)
f2fs: fix to check return value of f2fs_reserve_new_block() (Chao Yu)
wifi: cfg80211: free beacon_ies when overridden from hidden BSS (Benjamin Berg)
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (Su Hui)
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (Zenm Chen)
arm64: dts: qcom: msm8998: Fix ‘out-ports’ is a required property (Mao Jinlong)
arm64: dts: qcom: msm8996: Fix ‘in-ports’ is a required property (Mao Jinlong)
md: Whenassemble the array, consult the superblock of the freshest device (Alex Lyakas)
block: prevent an integer overflow in bvec_try_merge_hw_page (Christoph Hellwig)
ARM: dts: imx23/28: Fix the DMA controller node name (Fabio Estevam)
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties (Fabio Estevam)
ARM: dts: imx27-apf27dev: Fix LED name (Fabio Estevam)
ARM: dts: imx25/27: Pass timing0 (Fabio Estevam)
ARM: dts: imx1: Fix sram node (Fabio Estevam)
ARM: dts: imx27: Fix sram node (Fabio Estevam)
ARM: dts: imx: Use flash@0,0 pattern (Fabio Estevam)
ARM: dts: imx25/27-eukrea: Fix RTC node name (Fabio Estevam)
ARM: dts: rockchip: fix rk3036 hdmi ports node (Johan Jonker)
scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (Hannes Reinecke)
scsi: libfc: Don’t schedule abort twice (Hannes Reinecke)
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang)
ARM: dts: imx7s: Fix nand-controller #size-cells (Alexander Stein)
ARM: dts: imx7s: Fix lcdif compatible (Alexander Stein)
ARM: dts: imx7d: Fix coresight funnel ports (Alexander Stein)
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk (Zhengchao Shao)
PCI: Add no PM reset quirk for NVIDIA Spectrum devices (Ido Schimmel)
scsi: lpfc: Fix possible file string name overflow when updating firmware (Justin Tee)
selftests/bpf: Fix pyperf180 compilation failure with clang18 (Yonghong Song)
selftests/bpf: satisfy compiler by having explicit return in btf test (Andrii Nakryiko)
wifi: rt2x00: restart beacon queue when hardware reset (Shiji Yang)
ext4: avoid online resizing failures due to oversized flex bg (Baokun Li)
ext4: remove unnecessary check from alloc_flex_gd() (Baokun Li)
ext4: unify the type of flexbg_size to unsigned int (Baokun Li)
ext4: fix inconsistent between segment fstrim and full fstrim (Ye Bin)
ecryptfs: Reject casefold directory inodes (Gabriel Krisman Bertazi)
SUNRPC: Fix a suspicious RCU usage warning (Anna Schumaker)
KVM: s390: fix setting of fpc register (Heiko Carstens)
s390/ptrace: handle setting of fpc register correctly (Heiko Carstens)
jfs: fix array-index-out-of-bounds in diNewExt (Edward Adam Davis)
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (Oleg Nesterov)
afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (Oleg Nesterov)
crypto: stm32/crc32 - fix parsing list of devices (Thomas Bourgoin)
pstore/ram: Fix crash when setting number of cpus to an odd number (Weichen Chen)
jfs: fix uaf in jfs_evict_inode (Edward Adam Davis)
jfs: fix array-index-out-of-bounds in dbAdjTree (Manas Ghandat)
jfs: fix slab-out-of-bounds Read in dtSearch (Manas Ghandat)
UBSAN: array-index-out-of-bounds in dtSplitRoot (Osama Muhammad)
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (Osama Muhammad)
ACPI: extlog: fix NULL pointer dereference check (Prarit Bhargava)
PNP: ACPI: fix fortify warning (Dmitry Antipov)
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (Yuluo Qiu)
audit: Send netlink ACK before setting connection in auditd_set (Chris Riches)
regulator: core: Only increment use_count when enable_count changes (Rui Zhang)
perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file (Greg KH)
x86/mce: Mark fatal MCE’s page as poison to avoid panic in the kdump kernel (Zhiquan Li)
powerpc/lib: Validate size for vector operations (Naveen N Rao)
powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE (Stephen Rothwell)
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (Michael Ellerman)
powerpc: Fix build error due to is_valid_bugaddr() (Michael Ellerman)
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Kunwu Chan)
x86/entry/ia32: Ensure s32 is sign extended to s64 (Richard Palethorpe)
tick/sched: Preserve number of idle sleeps across CPU hotplug events (Tim Chen)
mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan (Xi Ruoyao)
spi: bcm-qspi: fix SFDP BFPT read by usig mspi read (Kamal Dasu)
gpio: eic-sprd: Clear interrupt after set the interrupt type (Wenhua Lin)
drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (Fedor Pchelkin)
drm/exynos: fix accidental on-stack copy of exynos_drm_plane (Arnd Bergmann)
drm/bridge: nxp-ptn3460: simplify some error checking (Dan Carpenter)
drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (Dan Carpenter)
drm: Don’t unref the same fb many times by mistake due to deadlock handling (Ville Syrjala)
gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (Mario Limonciello)
netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal)
rbd: don’t move requests to the running list on errors (Ilya Dryomov)
btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (Qu Wenruo)
btrfs: don’t warn if discard range is not aligned to sector (David Sterba)
btrfs: tree-checker: fix inline ref size in error messages (Chung-Chiang Cheng)
btrfs: ref-verify: free ref cache before clearing mount opt (Fedor Pchelkin)
net: fec: fix the unhandled context fault from smmu (Shenwei Wang)
fjes: fix memleaks in fjes_hw_setup (Zhipeng Lu)
netfilter: nf_tables: validate NFPROTO_* family (Pablo Neira Ayuso)
netfilter: nf_tables: restrict anonymous set and map names to 16 bytes (Florian Westphal)
net/mlx5e: fix a double-free in arfs_create_groups (Zhipeng Lu)
net/mlx5: Use kfree(ft->g) in arfs_create_groups() (Denis Efremov)
net/mlx5: DR, Use the right GVMI number for drop action (Yevgeny Kliteynik)
netlink: fix potential sleeping issue in mqueue_flush_file (Zhengchao Shao)
tcp: Add memory barrier to tcp_push() (Salvatore Dipietro)
afs: Hide silly-rename files from userspace (David Howells)
tracing: Ensure visibility when inserting an element into tracing_map (Petr Pavlu)
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (Sharath Srinivasan)
llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima)
llc: make llc_ui_sendmsg() more robust against bonding changes (Eric Dumazet)
vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING (Lin Ma)
net/smc: fix illegal rmb_desc access in SMC-D connection dump (Wen Gu)
x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum (Maciej S. Szmigiero)
powerpc: Use always instead of always-y in for crtsavres.o (Nathan Chancellor)
fs: move S_ISGID stripping into the vfs_*() helpers (Yang Xu)
fs: add mode_strip_sgid() helper (Yang Xu)
mtd: spinand: macronix: Fix MX35LFxGE4AD page size (JaimeLiao)
block: Remove special-casing of compound pages (Matthew Wilcox (Oracle))
rename(): fix the locking of subdirectories (Al Viro)
ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (Zhihao Cheng)
nouveau/vmm: don’t set addr on the fail path to avoid warning (Dave Airlie)
mmc: core: Use mrq.sbc in close-ended ffu (Avri Altman)
arm64: dts: qcom: sdm845: fix USB wakeup interrupt types (Johan Hovold)
parisc/firmware: Fix F-extend for PDC addresses (Helge Deller)
rpmsg: virtio: Free driver_override when rpmsg_remove() (Xiaolei Wang)
hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu)
PM: hibernate: Enforce ordering during image compression/decompression (Hongchen Zhang)
crypto: api - Disallow identical driver names (Herbert Xu)
ext4: allow for the last group to be marked as trimmed (Suraj Jitindar Singh)
serial: sc16is7xx: add check for unsupported SPI modes during probe (Hugo Villeneuve)
spi: introduce SPI_MODE_X_MASK macro (Oleksij Rempel)
serial: sc16is7xx: set safe default SPI clock frequency (Hugo Villeneuve)
units: add the HZ macros (Daniel Lezcano)
units: change from ‘L’ to ‘UL’ (Daniel Lezcano)
units: Add Watt units (Daniel Lezcano)
PCI: mediatek: Clear interrupt status before dispatching handler (qizhong cheng)
[5.4.17-2136.330.1.el8]
mm: hwpoison: handle non-anonymous THP correctly (Yang Shi) [Orabug: 36223690]
mm,hwpoison: unify THP handling for hard and soft offline (Oscar Salvador) [Orabug: 36223690]
mm: hwpoison: remove the unnecessary THP check (Yang Shi) [Orabug: 36223690]

OSVersionArchitecturePackageVersionFilename
oracle linux8srckernel-uek-container< 5.4.17-2136.330.7.1.el8kernel-uek-container-5.4.17-2136.330.7.1.el8.src.rpm
oracle linux8x86_64kernel-uek-container< 5.4.17-2136.330.7.1.el8kernel-uek-container-5.4.17-2136.330.7.1.el8.x86_64.rpm
oracle linux8x86_64kernel-uek-container-debug< 5.4.17-2136.330.7.1.el8kernel-uek-container-debug-5.4.17-2136.330.7.1.el8.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	8	src	kernel-uek-container	< 5.4.17-2136.330.7.1.el8	kernel-uek-container-5.4.17-2136.330.7.1.el8.src.rpm
oracle linux	8	x86_64	kernel-uek-container	< 5.4.17-2136.330.7.1.el8	kernel-uek-container-5.4.17-2136.330.7.1.el8.x86_64.rpm
oracle linux	8	x86_64	kernel-uek-container-debug	< 5.4.17-2136.330.7.1.el8	kernel-uek-container-debug-5.4.17-2136.330.7.1.el8.x86_64.rpm