Oracle Linux Security Advisory ELSA-2025-20552 http://linux.oracle.com/errata/ELSA-2025-20552.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.15.0-312.187.5.el9uek.aarch64.rpm bpftool-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-container-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-core-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-312.187.5.el9uek.noarch.rpm kernel-uek-modules-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek64k-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek64k-core-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek64k-devel-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek64k-modules-5.15.0-312.187.5.el9uek.aarch64.rpm kernel-uek64k-modules-extra-5.15.0-312.187.5.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-312.187.5.el9uek.src.rpm Related CVEs: CVE-2024-26726 CVE-2024-57883 CVE-2025-37948 CVE-2025-37958 CVE-2025-37963 CVE-2025-38000 CVE-2025-38001 CVE-2025-38003 CVE-2025-38004 CVE-2025-38034 CVE-2025-38035 CVE-2025-38037 CVE-2025-38043 CVE-2025-38044 CVE-2025-38048 CVE-2025-38051 CVE-2025-38052 CVE-2025-38058 CVE-2025-38061 CVE-2025-38065 CVE-2025-38066 CVE-2025-38068 CVE-2025-38072 CVE-2025-38075 CVE-2025-38077 CVE-2025-38078 CVE-2025-38079 CVE-2025-38083 CVE-2025-38084 CVE-2025-38085 CVE-2025-38086 CVE-2025-38088 CVE-2025-38090 CVE-2025-38094 CVE-2025-38100 CVE-2025-38102 CVE-2025-38103 CVE-2025-38107 CVE-2025-38108 CVE-2025-38111 CVE-2025-38112 CVE-2025-38115 CVE-2025-38119 CVE-2025-38120 CVE-2025-38122 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38143 CVE-2025-38145 CVE-2025-38146 CVE-2025-38147 CVE-2025-38153 CVE-2025-38154 CVE-2025-38157 CVE-2025-38159 CVE-2025-38160 CVE-2025-38161 CVE-2025-38163 CVE-2025-38167 CVE-2025-38173 CVE-2025-38174 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38193 CVE-2025-38194 CVE-2025-38197 CVE-2025-38200 CVE-2025-38203 CVE-2025-38204 CVE-2025-38206 CVE-2025-38211 CVE-2025-38212 CVE-2025-38214 CVE-2025-38218 CVE-2025-38219 CVE-2025-38222 CVE-2025-38226 CVE-2025-38227 CVE-2025-38229 CVE-2025-38230 CVE-2025-38231 CVE-2025-38237 CVE-2025-38245 CVE-2025-38249 CVE-2025-38251 CVE-2025-38257 CVE-2025-38262 CVE-2025-38263 CVE-2025-38273 CVE-2025-38280 CVE-2025-38285 CVE-2025-38286 CVE-2025-38293 CVE-2025-38298 CVE-2025-38305 CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38319 CVE-2025-38320 CVE-2025-38323 CVE-2025-38324 CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38336 CVE-2025-38337 CVE-2025-38342 CVE-2025-38344 CVE-2025-38345 CVE-2025-38346 CVE-2025-38348 CVE-2025-38350 CVE-2025-38352 CVE-2025-38362 CVE-2025-38363 CVE-2025-38371 CVE-2025-38377 CVE-2025-38380 CVE-2025-38384 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38391 CVE-2025-38393 CVE-2025-38395 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38403 CVE-2025-38404 CVE-2025-38406 CVE-2025-38410 CVE-2025-38412 CVE-2025-38415 CVE-2025-38416 CVE-2025-38418 CVE-2025-38419 CVE-2025-38420 CVE-2025-38424 CVE-2025-38428 CVE-2025-38430 CVE-2025-38498 Description of changes: [5.15.0-312.187.5.el9uek] - Revert "mm: hugetlb: independent PMD page table shared count" (Harshit Mogalapalli) [Orabug: 38327655] [5.15.0-312.187.4.el9uek] - rds: Fix NULL ptr deref in xas_start (Håkon Bugge) [Orabug: 38166374] - KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38319943] - hugetlb: arm64: add mte support (Dave Kleikamp) [Orabug: 38177800] [5.15.0-312.187.3.el9uek] - TIOCSTI: Document CAP_SYS_ADMIN behaviour in Kconfig (Günther Noack) [Orabug: 38255504] - TIOCSTI: always enable for CAP_SYS_ADMIN (Samuel Thibault) [Orabug: 38255504] - tty: Fix typo in LEGACY_TIOCSTI Kconfig description (Hanno Böck) [Orabug: 38255504] - tty: Move TIOCSTI toggle variable before kerndoc (Kees Cook) [Orabug: 38255504] - tty: Allow TIOCSTI to be disabled (Kees Cook) [Orabug: 38255504] - tty: Move sysctl setup into "core" tty logic (Kees Cook) [Orabug: 38255504] - tty: reformat kernel-doc in tty_io.c (Jiri Slaby) [Orabug: 38255504] - tty: reformat kernel-doc in tty_ldisc.c (Jiri Slaby) [Orabug: 38255504] - net/mlx5: E-Switch, Fix switching to switchdev mode in MPV (Patrisious Haddad) [Orabug: 38236297] - net/mlx5: E-Switch, Fix switching to switchdev mode with IB device disabled (Patrisious Haddad) [Orabug: 38236297] - net/mlx5: E-switch, refactor eswitch mode change (Patrisious Haddad) [Orabug: 38236297] - IB/mlx5: Support querying eswitch functions from DEVX (Bodong Wang) [Orabug: 38236297] - RDMA/mlx5: Fix HW counters query for non-representor devices (Patrisious Haddad) [Orabug: 38161800] - RDMA/mlx5: Fix CC counters query for MPV (Patrisious Haddad) [Orabug: 38161800] - Revert "RDMA/mlx5: Fix CC counters query for MPV" (Qing Huang) [Orabug: 38161800] - RDMA/mlx5: Fix vport loopback for MPV device (Patrisious Haddad) [Orabug: 38118599] [5.15.0-312.187.2.el9uek] - EDAC: Octeon: Fix compile error by replacing sdei_init() with acpi_sdei_init() (Vijayendra Suman) [Orabug: 38294908] - LTS version: v5.15.187 (Vijayendra Suman) - usb: typec: displayport: Fix potential deadlock (Andrei Kuchynski) [Orabug: 38309912] {CVE-2025-38404} - platform/x86: think-lmi: Create ksets consecutively (Kurt Borja) - Logitech C-270 even more broken (Oliver Neukum) - i2c/designware: Fix an initialization issue (Michael J. Ruhl) [Orabug: 38253850] {CVE-2025-38380} - usb: cdnsp: do not disable slot for disabled slot (Peter Chen) - xhci: dbc: Flush queued requests before stopping dbc (Mathias Nyman) - xhci: dbctty: disable ECHO flag by default (Łukasz Bartosik) - platform/x86: dell-wmi-sysman: Fix class device unregistration (Kurt Borja) - platform/x86: think-lmi: Fix class device unregistration (Kurt Borja) - dpaa2-eth: fix xdp_rxq_info leak (Wangfushuai) - net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats (Ioana Ciornei) - dpaa2-eth: Update SINGLE_STEP register access (Radu Bulie) - dpaa2-eth: Update dpni_get_single_step_cfg command (Radu Bulie) - ethernet: atl1: Add missing DMA mapping error checks and count errors (Thomas Fourier) - NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Trond Myklebust) - drm/v3d: Disable interrupts before resetting the GPU (Maíra Canal) [Orabug: 38253820] {CVE-2025-38371} - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (Manivannan Sadhasivam) [Orabug: 38253906] {CVE-2025-38395} - regulator: gpio: Add input_supply support in gpio_regulator_config (Jerome Neanne) - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (Avri Altman) - rcu: Return early if callback is not specified (Uladzislau Rezki) - mtd: spinand: fix memory leak of ECC engine conf (Pablo Martin-Gomez) [Orabug: 38253863] {CVE-2025-38384} - ACPICA: Refuse to evaluate a method if arguments are missing (Rafael J. Wysocki) [Orabug: 38253874] {CVE-2025-38386} - wifi: ath6kl: remove WARN on bad firmware input (Johannes Berg) [Orabug: 38253945] {CVE-2025-38406} - wifi: mac80211: drop invalid source address OCB frames (Johannes Berg) - scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (Maurizio Lombardi) [Orabug: 38253914] {CVE-2025-38399} - powerpc: Fix struct termio related ioctl macros (Madhavan Srinivasan) - ata: pata_cs5536: fix build on 32-bit UML (Johannes Berg) - ALSA: sb: Force to disable DMAs once when DMA mode is changed (Takashi Iwai) - ALSA: sb: Don't allow changing the DMA mode during operations (Takashi Iwai) - drm/msm: Fix a fence leak in submit error path (Rob Clark) [Orabug: 38253967] {CVE-2025-38410} - nui: Fix dma_mapping_error() check (Thomas Fourier) - rose: fix dangling neighbour pointers in rose_rt_device_down() (Kohei Enju) [Orabug: 38253841] {CVE-2025-38377} - enic: fix incorrect MTU comparison in enic_change_mtu() (Alok Tiwari) - amd-xgbe: align CL37 AN sequence as per databook (Raju Rangoju) - lib: test_objagg: Set error message in check_expect_hints_stats() (Dan Carpenter) - igc: disable L1.2 PCI-E link substate to avoid performance issue (Vitaly Lifshits) - drm/i915/gt: Fix timeline left held on VMA alloc error (Janusz Krzysztofik) [Orabug: 38253886] {CVE-2025-38389} - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (Kurt Borja) [Orabug: 38253976] {CVE-2025-38412} - drm/i915/selftests: Change mock_request() to return error pointers (Dan Carpenter) - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (James Clark) - drm/exynos: fimd: Guard display clock control with runtime PM calls (Marek Szyprowski) - btrfs: fix missing error handling when searching for inode refs during log replay (Filipe Manana) - scsi: ufs: core: Fix spelling of a sysfs attribute name (Bart Van Assche) - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Thomas Fourier) - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (Thomas Fourier) - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (Benjamin Coddington) [Orabug: 38253900] {CVE-2025-38393} - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (Kuniyuki Iwashima) [Orabug: 38253922] {CVE-2025-38400} - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (Mark Zhang) [Orabug: 38253880] {CVE-2025-38387} - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (David Thompson) - mtk-sd: reset host->mrq on prepare_data() error (Sergey Senozhatsky) - mtk-sd: Prevent memory corruption from DMA map failure (Masami Hiramatsu) [Orabug: 38253927] {CVE-2025-38401} - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (Masami Hiramatsu) - usb: typec: altmodes/displayport: do not index invalid pin_assignments (Rd Babiera) [Orabug: 38253893] {CVE-2025-38391} - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (Victor Shih) - vsock/vmci: Clear the vmci transport packet properly when initializing it (Harshavardhana S A) [Orabug: 38253936] {CVE-2025-38403} - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (Mateusz Jończyk) - ARM: 9354/1: ptrace: Use bitfield helpers (Geert Uytterhoeven) - btrfs: don't drop extent_map for free space inode on write error (Josef Bacik) [Orabug: 36530624] {CVE-2024-26726} - arm64: Restrict pagetable teardown to avoid false warning (Dev Jain) - s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS (Nathan Chancellor) - s390/entry: Fix last breaking event handling in case of stack corruption (Heiko Carstens) - media: uvcvideo: Rollback non processed entities on error (Ricardo Ribalda) - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (Dexuan Cui) - drm/amd/display: Add null pointer check for get_first_active_display() (Xu Wang) [Orabug: 38253794] {CVE-2025-38362} - drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready (Aradhya Bhatia) - drm/bridge: cdns-dsi: Check return value when getting default PHY config (Aradhya Bhatia) - drm/bridge: cdns-dsi: Fix connecting to next bridge (Aradhya Bhatia) - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (Aradhya Bhatia) - drm/amdkfd: Fix race in GWS queue scheduling (Jay Cornwall) - drm/udl: Unregister device before cleaning up on disconnect (Thomas Zimmermann) - drm/tegra: Fix a possible null pointer dereference (Qiu-Ji Chen) [Orabug: 38253800] {CVE-2025-38363} - drm/tegra: Assign plane type before registration (Thierry Reding) - HID: wacom: fix kobject reference count leak (Qasim Ijaz) - HID: wacom: fix memory leak on sysfs attribute creation failure (Qasim Ijaz) - HID: wacom: fix memory leak on kobject creation failure (Qasim Ijaz) - btrfs: update superblock's device bytes_used when dropping chunk (Mark Harmstone) - dm-raid: fix variable in journal device check (Heinz Mauelshagen) - Bluetooth: L2CAP: Fix L2CAP MTU negotiation (Frédéric Danis) - dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive (Yao Zi) - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (Nathan Chancellor) - net: selftests: fix TCP packet checksum (Jakub Kicinski) - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). (Kuniyuki Iwashima) [Orabug: 38175043] {CVE-2025-38245} - net: enetc: Correct endianness handling in _enetc_rd_reg64 (Simon Horman) - um: ubd: Add missing error check in start_io_thread() (Tiwei Bie) - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors (Stefano Garzarella) - af_unix: Don't set -ECONNRESET for consumed OOB skb. (Kuniyuki Iwashima) - wifi: mac80211: fix beacon interval calculation overflow (Lachlan Hodges) - libbpf: Fix null pointer dereference in btf_dump__free on allocation failure (Yuan Chen) - attach_recursive_mnt(): do not lock the covering tree when sliding something under it (Al Viro) - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (Youngjun Lee) [Orabug: 38175063] {CVE-2025-38249} - atm: clip: prevent NULL deref in clip_push() (Eric Dumazet) [Orabug: 38175077] {CVE-2025-38251} - s390/pkey: Prevent overflow in size calculation for memdup_user() (Fedor Pchelkin) [Orabug: 38175091] {CVE-2025-38257} - i2c: robotfuzz-osif: disable zero-length read messages (Wolfram Sang) - i2c: tiny-usb: disable zero-length read messages (Wolfram Sang) - platform/x86: ideapad-laptop: use usleep_range() for EC polling (Rongrong) - dummycon: Trigger redraw when switching consoles with deferred takeover (Thomas Zimmermann) - tty: vt: make consw::con_switch() return a bool (Jiri Slaby) - tty: vt: sanitize arguments of consw::con_clear() (Jiri Slaby) - tty: vt: make init parameter of consw::con_init() a bool (Jiri Slaby) - vgacon: remove unneeded forward declarations (Jiri Slaby) - vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen() (Jiri Slaby) - tty/vt: consolemap: rename and document struct uni_pagedir (Jiri Slaby) - fbcon: delete a few unneeded forward decl (Daniel Vetter) - uio_hv_generic: Align ring size to system page (Long Li) - uio_hv_generic: Query the ringbuffer size for device (Saurabh Singh Sengar) - Drivers: hv: vmbus: Add utility function for querying ring size (Saurabh Singh Sengar) - Drivers: hv: Rename 'alloced' to 'allocated' (Vitaly Kuznetsov) - f2fs: don't over-report free space or inodes in statvfs (Chao Yu) - media: imx-jpeg: Drop the first error frames (Ming Qian) - clk: ti: am43xx: Add clkctrl data for am43xx ADC1 (Miquel Raynal) - media: omap3isp: use sgtable-based scatterlist wrappers (Marek Szyprowski) - media: davinci: vpif: Fix memory leak in probe error path (Dmitry Nikiforov) - jfs: validate AG parameters in dbMount() to prevent crashes (Vasiliy Kovalev) [Orabug: 38158700] {CVE-2025-38230} - fs/jfs: consolidate sanity checking in dbMount (Dave Kleikamp) - ovl: Check for NULL d_inode() in ovl_dentry_upper() (Kees Cook) - ceph: fix possible integer overflow in ceph_zero_objects() (Dmitry Kandybka) - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (Mario Limonciello) - ALSA: hda: Add new pci id for AMD GPU display HD audio controller (Vijendar Mukunda) - ALSA: hda: Ignore unsol events for cards being shut down (Cezary Rojewski) - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (Jos Wang) - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (Robert Hodaszi) - usb: Add checks for snprintf() calls in usb_alloc_dev() (Andy Shevchenko) - usb: common: usb-conn-gpio: use a unique name for usb connector device (Chance Yang) - tty: serial: uartlite: register uart driver in init (Jakub Lewalski) [Orabug: 38175113] {CVE-2025-38262} - usb: potential integer overflow in usbg_make_tpg() (Chen Yufeng) - usb: dwc2: also exit clock_gating when stopping udc while suspended (Michael Grzeschik) - coresight: Only check bottom two claim bits (James Clark) - um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h (Sami Tolvanen) - iio: pressure: zpa2326: Use aligned_s64 for the timestamp (Jonathan Cameron) - bcache: fix NULL pointer in cache_set_flush() (Linggang Zeng) [Orabug: 38175119] {CVE-2025-38263} - md/md-bitmap: fix dm-raid max_write_behind setting (Yu Kuai) - dmaengine: xilinx_dma: Set dma_device directions (Thomas Gessler) - ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension (Namjae Jeon) - hwmon: (pmbus/max34440) Fix support for max34451 (Alexis Czezar Torreno) - leds: multicolor: Fix intensity setting while SW blinking (Sven Schwermer) - mfd: max14577: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski) - mailbox: Not protect module_put with spin_lock_irqsave (Peng Fan) - NFSv4.2: fix listxattr to return selinux security label (Olga Kornievskaia) - NFSv4: Always set NLINK even if the server doesn't support it (Han Young) - cifs: Fix cifs_query_path_info() for Windows NT servers (Pali Rohár) - LTS version: v5.15.186 (Vijayendra Suman) - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (Kees Cook) - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (Vitaliy Shevtsov) - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() (Tengda Wu) [Orabug: 38180595] {CVE-2025-38320} - perf: Fix sample vs do_exit() (Peter Zijlstra) [Orabug: 38254029] {CVE-2025-38424} - s390/pci: Fix __pcilg_mio_inuser() inline assembly (Heiko Carstens) - bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE (Paul Chaignon) - net: Fix checksum update for ILA adj-transport (Paul Chaignon) - ext4: avoid remount errors with 'abort' mount option (Jan Kara) - ext4: make 'abort' mount option handling standard (Jan Kara) - mm/huge_memory: fix dereferencing invalid pmd migration entry (Gavin Guo) [Orabug: 37976983] {CVE-2025-37958} - net_sched: sch_sfq: reject invalid perturb period (Eric Dumazet) [Orabug: 38158476] {CVE-2025-38193} - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (James Morse) - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (James Morse) [Orabug: 37977005] {CVE-2025-37963} - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (James Morse) [Orabug: 37976929] {CVE-2025-37948} - arm64: spectre: increase parameters that can be used to turn off bhb mitigation individually (Liu Song) - arm64: proton-pack: Expose whether the branchy loop k value (James Morse) - arm64: proton-pack: Expose whether the platform is mitigated by firmware (James Morse) - arm64: insn: Add support for encoding DSB (James Morse) - arm64: insn: add encoders for atomic operations (Hou Tao) - arm64: move AARCH64_BREAK_FAULT into insn-def.h (Hou Tao) - serial: sh-sci: Increment the runtime usage counter for the earlycon device (Claudiu Beznea) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms (Geert Uytterhoeven) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert time (Colin Foster) - ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board (Shengyu Qu) - net: atm: fix /proc/net/atm/lec handling (Eric Dumazet) [Orabug: 38158405] {CVE-2025-38180} - net: atm: add lec_mutex (Eric Dumazet) [Orabug: 38180611] {CVE-2025-38323} - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (Kuniyuki Iwashima) [Orabug: 38158412] {CVE-2025-38181} - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (Haixia Qu) [Orabug: 38158424] {CVE-2025-38184} - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Neal Cardwell) - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). (Kuniyuki Iwashima) [Orabug: 38158433] {CVE-2025-38185} - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). (Kuniyuki Iwashima) [Orabug: 38180617] {CVE-2025-38324} - wifi: carl9170: do not ping device which has failed to load firmware (Dmitry Antipov) [Orabug: 38254010] {CVE-2025-38420} - ptp: fix breakage after ptp_vclock_in_use() rework (Vladimir Oltean) - net: ice: Perform accurate aRFS flow match (Krishna Kumar) - aoe: clean device rq_list in aoedev_downdev() (Justin Sanders) [Orabug: 38180627] {CVE-2025-38326} - pldmfw: Select CRC32 when PLDMFW is selected (Simon Horman) - hwmon: (occ) fix unaligned accesses (Arnd Bergmann) - hwmon: (occ) Rework attribute registration for stack usage (Arnd Bergmann) - hwmon: (occ) Add soft minimum power cap attribute (Eddie James) - drm/nouveau/bl: increase buffer size to avoid truncate warning (Jacob Keller) - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (Krzysztof Kozlowski) - erofs: remove unused trace event erofs_destroy_inode (Gao Xiang) - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (Jann Horn) [Orabug: 38132180] {CVE-2025-38085} - mm: hugetlb: independent PMD page table shared count (Liu Shixin) [Orabug: 37484959] {CVE-2024-57883} - mm/hugetlb: unshare page tables during VMA split, not before (Jann Horn) [Orabug: 38132171] {CVE-2025-38084} - iio: accel: fxls8962af: Fix temperature calculation (Sean Nyekjaer) - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (Jonathan Lane) - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (Takashi Iwai) - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (Wangdicheng) - Input: sparcspkr - avoid unannotated fall-through (Yuli Wang) - block: default BLOCK_LEGACY_AUTOLOAD to y (Christoph Hellwig) - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (Terry Junge) [Orabug: 38152876] {CVE-2025-38103} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. (Kuniyuki Iwashima) [Orabug: 38158457] {CVE-2025-38190} - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (Stephen Smalley) - selftests/x86: Add a test to detect infinite SIGTRAP handler loop (Xin Li) - udmabuf: use sgtable-based scatterlist wrappers (Marek Szyprowski) - scsi: s390: zfcp: Ensure synchronous unit_add (Peter Oberparleiter) - scsi: storvsc: Increase the timeouts to storvsc_timeout (Dexuan Cui) - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (Fedor Pchelkin) [Orabug: 38180635] {CVE-2025-38328} - jffs2: check that raw node were preallocated before writing summary (Artem Sadovnikov) [Orabug: 38158483] {CVE-2025-38194} - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (Andrew Morton) [Orabug: 38137453] {CVE-2025-38090} - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (Narayana Murty N) - platform/x86: dell_rbu: Stop overwriting data buffer (Stuart Hayes) - platform/x86: dell_rbu: Fix list usage (Stuart Hayes) [Orabug: 38158494] {CVE-2025-38197} - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" (Alexander Sverdlin) - tee: Prevent size calculation wraparound on 32-bit kernels (Jann Horn) - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY (Sukrut Bellary) - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (Laurentiu Tudor) - watchdog: da9052_wdt: respect TWDMIN (Marcus Folkesson) - octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() (Xu Wang) - bpf, sockmap: Fix data lost during EAGAIN retries (Jiayuan Chen) - i40e: fix MMIO write access to an invalid page in i40e_clear_hw (Kyungwook Boo) [Orabug: 38158517] {CVE-2025-38200} - sock: Correct error checking condition for (assign|release)_proto_idx() (Zijun Hu) - scsi: lpfc: Use memcpy() for BIOS version (Daniel Wagner) [Orabug: 38180667] {CVE-2025-38332} - pinctrl: mcp23s08: Reset all pins to input at probe (Mike Looijmans) - software node: Correct a OOB check in software_node_get_reference_args() (Zijun Hu) [Orabug: 38180730] {CVE-2025-38342} - vxlan: Do not treat dst cache initialization errors as fatal (Ido Schimmel) - net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions (Yong Wang) - iommu/amd: Ensure GA log notifier callbacks finish running before module unload (Sean Christopherson) - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (Justin Tee) - libbpf: Add identical pointer detection to btf_dedup_is_equiv() (Alan Maguire) - clk: rockchip: rk3036: mark ddrphy as critical (Heiko Stuebner) - wifi: mac80211: do not offer a mesh path if forwarding is disabled (Benjamin Berg) - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info (Jason Xing) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (Gabor Juhos) - net: atlantic: generate software timestamp just before the doorbell (Jason Xing) - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT (Sebastian Andrzej Siewior) - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows (Eric Dumazet) - tcp: always seek for minimal rtt in tcp_rcv_rtt_update() (Eric Dumazet) - net: dlink: add synchronization for stats update (Moon Yeounsu) - i2c: npcm: Add clock toggle recovery (Tali Perry) - cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs (Mike Tipton) - sctp: Do not wake readers in __sctp_write_space() (Petr Malat) - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (Henk Vergonet) - emulex/benet: correct command version selection in be_cmd_get_stats() (Alok Tiwari) - i2c: designware: Invoke runtime suspend on quick slave re-registration (Tan En De) - tipc: use kfree_sensitive() for aead cleanup (Zilin Guan) - net: macb: Check return value of dma_set_mask_and_coherent() (Sergio Perez Gonzalez) - cpufreq: Force sync policy boost with global boost on sysfs update (Viresh Kumar) - thermal/drivers/qcom/tsens: Update conditions to strictly evaluate for IP v2+ (George Moussalem) - pmdomain: ti: Fix STANDBY handling of PER power domain (Sukrut Bellary) - nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults (Simon Schuster) - media: i2c: imx334: update mode_3840x2160_regs array (Shravan Chippa) - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() (Xu Wang) [Orabug: 38175013] {CVE-2025-38237} - media: tc358743: ignore video while HPD is low (Hans Verkuil) - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB (Amber Lin) - drm/msm/dpu: don't select single flush for active CTL blocks (Dmitry Baryshkov) - jfs: Fix null-ptr-deref in jfs_ioc_trim (Dylan Wolff) [Orabug: 38158545] {CVE-2025-38203} - drm/amdgpu/gfx9: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx8: fix CSIB handling (Alex Deucher) - ext4: prevent stale extent cache entries caused by concurrent get es_cache (Zhang Yi) - sunrpc: fix race in cache cleanup causing stale nextcheck time (Long Li) - media: rkvdec: Initialize the m2m context before the controls (Nicolas Dufresne) - media: ti: cal: Fix wrong goto on error path (Tomi Valkeinen) - jfs: fix array-index-out-of-bounds read in add_missing_indices (Aditya Dutt) [Orabug: 38158552] {CVE-2025-38204} - ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in ext4_ext_remove_space() (Zhang Yi) - drm/amdgpu/gfx7: fix CSIB handling (Alex Deucher) - media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition (Nas Chung) - media: ccs-pll: Better validate VT PLL branch (Sakari Ailus) - drm/amdgpu/gfx10: fix CSIB handling (Alex Deucher) - media: i2c: imx334: Fix runtime PM handling in remove function (Tarang Raval) - drm/msm/a6xx: Increase HFI response timeout (Akhil P Oommen) - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() (Srinivasan Shanmugam) - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition (Nas Chung) - drm/msm/hdmi: add runtime PM calls to DDC transfer function (Dmitry Baryshkov) - media: i2c: imx334: Enable runtime PM before sub-device registration (Tarang Raval) - drm/bridge: anx7625: change the gpiod_set_value API (Ayushi Makhija) - exfat: fix double free in delayed_free (Namjae Jeon) [Orabug: 38158566] {CVE-2025-38206} - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() (Damon Ding) - sunrpc: update nextcheck time when adding new cache entries (Long Li) - drm/amdgpu/gfx6: fix CSIB handling (Alex Deucher) - ACPI: battery: negate current when discharging (Peter Marheine) - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (Charan Teja Kalla) - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (Yuanjun Gong) - ACPICA: utilities: Fix overflow check in vsnprintf() (Philip Redkin) - power: supply: bq27xxx: Retrieve again when busy (Jerry Lv) - ACPICA: fix acpi parse and parseext cache leaks (Seunghun Han) [Orabug: 38180747] {CVE-2025-38344} - ACPI: bus: Bail out if acpi_kobj registration fails (Armin Wolf) - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (Hector Martin) - ACPICA: Avoid sequence overread in call to strncmp() (Ahmed Salem) - clocksource: Fix the CPUs' choice in the watchdog per CPU verification (Guilherme G. Piccoli) - ACPICA: fix acpi operand cache leak in dswstate.c (Seunghun Han) [Orabug: 38180755] {CVE-2025-38345} - iio: adc: ad7606_spi: fix reg write value mask (David Lechner) - iio: imu: inv_icm42600: Fix temperature calculation (Sean Nyekjaer) - iio: accel: fxls8962af: Fix temperature scan element sign (Sean Nyekjaer) - PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() (Diederik de Haas) - PCI: Fix lock symmetry in pci_slot_unlock() (Ilpo Järvinen) - PCI: Add ACS quirk for Loongson PCIe (Huacai Chen) - PCI: cadence-ep: Correct PBA offset in .set_msix() callback (Niklas Cassel) - uio_hv_generic: Use correct size for interrupt and monitor pages (Long Li) - remoteproc: core: Release rproc->clean_table after rproc_attach() fails (Xiaolei Wang) [Orabug: 38254002] {CVE-2025-38418} - remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (Xiaolei Wang) [Orabug: 38254006] {CVE-2025-38419} - regulator: max14577: Add error check for max14577_read_reg() (Xu Wang) - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS (Khem Raj) - staging: iio: ad5933: Correct settling cycles encoding per datasheet (Gabriel) - net: ch9200: fix uninitialised access during mii_nway_restart (Qasim Ijaz) [Orabug: 38132188] {CVE-2025-38086} - ftrace: Fix UAF when lookup kallsym after ftrace disabled (Ye Bin) [Orabug: 38180767] {CVE-2025-38346} - dm-mirror: fix a tiny race condition (Mikulas Patocka) - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (Xu Wang) - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (Xu Wang) - mm: fix ratelimit_pages update error in dirty_ratio_handler() (Jinliang Zheng) - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (Shin'Ichiro Kawasaki) [Orabug: 38158591] {CVE-2025-38211} - ipc: fix to protect IPCS lookups using RCU (Jeongjun Park) [Orabug: 38158597] {CVE-2025-38212} - clk: meson-g12a: add missing fclk_div2 to spicc (Da Xue) - parisc: fix building with gcc-15 (Arnd Bergmann) - vgacon: Add check for vc_origin address range in vgacon_scroll() (Gong, Ruiqi) - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (Murad Masimov) [Orabug: 38158614] {CVE-2025-38214} - EDAC/altera: Use correct write width with the INTTEST register (Niravkumar L Rabara) - NFC: nci: uart: Set tty->disc_data only in success path (Krzysztof Kozlowski) [Orabug: 38253991] {CVE-2025-38416} - f2fs: fix to do sanity check on sit_bitmap_size (Chao Yu) [Orabug: 38158639] {CVE-2025-38218} - f2fs: prevent kernel warning due to negative i_nlink from corrupted image (Jaegeuk Kim) [Orabug: 38158647] {CVE-2025-38219} - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (Dan Carpenter) [Orabug: 38254053] {CVE-2025-38428} - ext4: ensure i_size is smaller than maxbytes (Zhang Yi) - ext4: factor out ext4_get_maxbytes() (Zhang Yi) - ext4: fix calculation of credits for extent tree modification (Jan Kara) - ext4: inline: fix len overflow in ext4_prepare_inline_data (Thadeu Lima de Souza Cascardo) [Orabug: 38158661] {CVE-2025-38222} - bus: fsl-mc: fix GET/SET_TAILDROP command ids (Wan Junjie) - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (Ioana Ciornei) - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tasos Sahanidis) [Orabug: 38180696] {CVE-2025-38336} - can: tcan4x5x: fix power regulator retrieval during probe (Brett Werling) - bus: mhi: host: Fix conflict between power_up and SYSERR (Jeffrey Hugo) - ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 (Andreas Kemnade) - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() (Ross Stutterheim) - media: uvcvideo: Fix deferred probing error (Ricardo Ribalda) - media: uvcvideo: Send control events for partial succeeds (Ricardo Ribalda) - media: uvcvideo: Return the number of processed controls (Ricardo Ribalda) - media: vivid: Change the siize of the composing (Denis Arefev) [Orabug: 38158680] {CVE-2025-38226} - media: vidtv: Terminating the subsequent process of initialization failure (Edward Adam Davis) [Orabug: 38158685] {CVE-2025-38227} - media: videobuf2: use sgtable-based scatterlist wrappers (Marek Szyprowski) - media: venus: Fix probe error handling (Loic Poulain) - media: v4l2-dev: fix error handling in __video_register_device() (Ma Ke) - media: gspca: Add error handling for stv06xx_read_sensor() (Xu Wang) - media: cxusb: no longer judge rbuf when the write fails (Edward Adam Davis) [Orabug: 38158691] {CVE-2025-38229} - media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case (Sakari Ailus) - media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div (Sakari Ailus) - media: ccs-pll: Start OP pre-PLL multiplier search from correct value (Sakari Ailus) - media: ccs-pll: Start VT pre-PLL multiplier search from correct value (Sakari Ailus) - media: ov8856: suppress probe deferral errors (Johan Hovold) - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (Mingcong Bai) - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (Jeongjun Park) [Orabug: 38180706] {CVE-2025-38337} - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (Li Lingfeng) [Orabug: 38158706] {CVE-2025-38231} - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (Neil Brown) [Orabug: 38254061] {CVE-2025-38430} - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (Christian Lamparter) [Orabug: 38180782] {CVE-2025-38348} - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (Xu Wang) - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (Xu Wang) - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (Gautam Menghani) - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (Martin Blumenstingl) - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (Xu Wang) - gfs2: move msleep to sleepable context (Alexander Aring) - crypto: marvell/cesa - Do not chain submitted requests (Herbert Xu) - configfs: Do not override creating attribute file failure in populate_attrs() (Zijun Hu) - xfs: allow inode inactivation during a ro mount log recovery (Darrick J. Wong) - kbuild: hdrcheck: fix cross build with clang (Arnd Bergmann) - kbuild: userprogs: fix bitsize and target detection on clang (Thomas Weißschuh) - drm/meson: Use 1000ULL when operating with mode->clock (I Hsin Cheng) - net: usb: aqc111: debug info before sanitation (Oliver Neukum) - calipso: unlock rcu before returning -EAFNOSUPPORT (Eric Dumazet) - x86/iopl: Cure TIF_IO_BITMAP inconsistencies (Thomas Gleixner) [Orabug: 38152863] {CVE-2025-38100} - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (Stefano Stabellini) - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() (Amit Sunil Dhamne) - usb: Flush altsetting 0 endpoints before reinitializating them after reset. (Mathias Nyman) - usb: cdnsp: Fix issue with detecting USB 3.2 speed (Pawel Laszczak) - usb: cdnsp: Fix issue with detecting command completion event (Pawel Laszczak) - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (Ma Wupeng) [Orabug: 38152868] {CVE-2025-38102} - drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang (Nathan Chancellor) - kbuild: Add KBUILD_CPPFLAGS to as-option invocation (Nathan Chancellor) - kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS (Masahiro Yamada) - kbuild: Add CLANG_FLAGS to as-instr (Nathan Chancellor) - mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation (Nathan Chancellor) - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang (Nathan Chancellor) - kbuild: Update assembler calls to use proper flags and language target (Nick Desaulniers) - MIPS: Prefer cc-option for additions to cflags (Nathan Chancellor) - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option (Nathan Chancellor) - x86/boot/compressed: prefer cc-option for CFLAGS additions (Nick Desaulniers) - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [Orabug: 38223086] {CVE-2025-38352} - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (David Heimann) - perf: Ensure bpf_perf_link path is properly serialized (Peter Zijlstra) - nvmet-fcloop: access fcpreq only when holding reqlock (Daniel Wagner) - fs/filesystems: Fix potential unsigned integer underflow in fs_name() (Zijun Hu) - net_sched: ets: fix a race in ets_qdisc_change() (Eric Dumazet) [Orabug: 38152893] {CVE-2025-38107} - sch_ets: make est_qlen_notify() idempotent (Cong Wang) - net_sched: tbf: fix a race in tbf_change() (Eric Dumazet) - net_sched: red: fix a race in __red_change() (Eric Dumazet) [Orabug: 38152898] {CVE-2025-38108} - net_sched: prio: fix a race in prio_tune() (Eric Dumazet) [Orabug: 38105333] {CVE-2025-38083} - net/mlx5: Fix return value when searching for existing flow group (Patrisious Haddad) - net/mlx5: Ensure fw pages are always allocated on same NUMA (Moshe Shemesh) - net/mdiobus: Fix potential out-of-bounds read/write access (Jakub Raczynski) [Orabug: 38152911] {CVE-2025-38111} - net: mdio: C22 is now optional, EOPNOTSUPP if not provided (Andrew Lunn) - macsec: MACsec SCI assignment for ES = 0 (Carlos Fernandez) - net: Fix TOCTOU issue in sk_is_readable() (Michal Luczaj) [Orabug: 38152915] {CVE-2025-38112} - i40e: retry VFLR handling if there is ongoing VF reset (Robert Malz) - i40e: return false from i40e_reset_vf if reset is in progress (Robert Malz) - drm/meson: fix more rounding issues with 59.94Hz modes (Martin Blumenstingl) - drm/meson: use vclk_freq instead of pixel_freq in debug print (Martin Blumenstingl) - drm/meson: fix debug log statement when setting the HDMI clocks (Martin Blumenstingl) - drm/meson: use unsigned long long / Hz for frequency types (Martin Blumenstingl) - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (Haren Myneni) - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (Ritesh Harjani) [Orabug: 38137444] {CVE-2025-38088} - net_sched: sch_sfq: fix a potential crash on gso_skb handling (Eric Dumazet) [Orabug: 38152922] {CVE-2025-38115} - scsi: iscsi: Fix incorrect error path labels for flashnode operations (Alok Tiwari) - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (Caleb Connolly) - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (Jeongjun Park) [Orabug: 38180545] {CVE-2025-38305} - scsi: core: ufs: Fix a hang in the error handler (Sanjeev Yadav) [Orabug: 38152945] {CVE-2025-38119} - serial: sh-sci: Clean sci_ports[0] after at earlycon exit (Claudiu Beznea) - serial: sh-sci: Move runtime PM enable to sci_probe_single() (Claudiu Beznea) - serial: sh-sci: Check if TX data was written to device in .tx_empty() (Claudiu Beznea) - arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 (Judith Mendez) - arm64: dts: ti: k3-am65-main: Fix sdhci node properties (Judith Mendez) - arm64: dts: ti: k3-am65-main: Drop deprecated ti,otap-del-sel property (Nishanth Menon) - Input: synaptics-rmi - fix crash with unsupported versions of F34 (Dmitry Torokhov) - Input: synaptics-rmi4 - convert to use sysfs_emit() APIs (Zhang Songyi) - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() (Dan Carpenter) - do_change_type(): refuse to operate on unmounted/not ours mounts (Al Viro) [Orabug: 38256449] {CVE-2025-38498} - fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) (Al Viro) - seg6: Fix validation of nexthop addresses (Ido Schimmel) [Orabug: 38180555] {CVE-2025-38310} - wireguard: device: enable threaded NAPI (Mirco Barone) - netfilter: nf_set_pipapo_avx2: fix initial map fill (Florian Westphal) [Orabug: 38152957] {CVE-2025-38120} - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (Alok Tiwari) [Orabug: 38152965] {CVE-2025-38122} - vmxnet3: correctly report gso type for UDP tunnels (Ronak Doshi) - net: dsa: tag_brcm: legacy: fix pskb_may_pull length (Álvaro Fernández Rojas) - ice: create new Tx scheduler nodes for new queues only (Michal Kubiak) - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (Luiz Augusto von Dentz) - spi: bcm63xx-hsspi: fix shared reset (Álvaro Fernández Rojas) - spi: bcm63xx-spi: fix shared reset (Álvaro Fernández Rojas) - net/mlx4_en: Prevent potential integer overflow calculating Hz (Dan Carpenter) - driver: net: ethernet: mtk_star_emac: fix suspend/resume issue (Yanqing Wang) - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (Alok Tiwari) - net: stmmac: platform: guarantee uniqueness of bus_id (Quentin Schulz) - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (Nicolas Pitre) - MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a (Yuli Wang) - iio: adc: ad7124: Fix 3dB filter frequency reading (Uwe Kleine-König) - serial: Fix potential null-ptr-deref in mlb_usio_probe() (Henry Martin) [Orabug: 38153011] {CVE-2025-38135} - usb: renesas_usbhs: Reorder clock handling and power management in probe (Lad Prabhakar) [Orabug: 38153016] {CVE-2025-38136} - PCI/DPC: Initialize aer_err_info before using it (Bjorn Helgaas) - dmaengine: ti: Add NULL check in udma_probe() (Henry Martin) [Orabug: 38153029] {CVE-2025-38138} - PCI: cadence: Fix runtime atomic count underflow (Hans Zhang) - rtc: sh: assign correct interrupts with DT (Wolfram Sang) - perf record: Fix incorrect --user-regs comments (Dapeng Mi) - perf tests switch-tracking: Fix timestamp comparison (Leo Yan) - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (Alexey Gladkov) - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (Christophe Jaillet) - rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() (Dan Carpenter) - remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe (Dan Carpenter) - perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 (Adrian Hunter) - backlight: pm8941: Add NULL check in wled_configure() (Henry Martin) [Orabug: 38153050] {CVE-2025-38143} - perf ui browser hists: Set actions->thread before calling do_zoom_thread() (Arnaldo Carvalho de Melo) - perf build: Warn when libdebuginfod devel files are not available (Arnaldo Carvalho de Melo) - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180565] {CVE-2025-38312} - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153059] {CVE-2025-38145} - soc: aspeed: lpc: Fix impossible judgment condition (Su Hui) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (Quentin Schulz) - ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device (Dmitry Baryshkov) - bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180572] {CVE-2025-38313} - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (Ryusuke Konishi) - nilfs2: add pointer check for nilfs_direct_propagate() (Xu Wang) - ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery (Murad Masimov) - Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253984] {CVE-2025-38415} - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (Adam Ford) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (Adam Ford) - ARM: dts: at91: at91sam9263: fix NAND chip selects (Wolfram Sang) - ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select (Wolfram Sang) - f2fs: fix to correct check conditions in f2fs_cross_rename (Zhiguo Niu) - f2fs: use d_inode(dentry) cleanup dentry->d_inode (Zhiguo Niu) - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames (Horatiu Vultur) - net: openvswitch: Fix the dead loop of MPLS parse (Faicker Mo) [Orabug: 38153064] {CVE-2025-38146} - calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153069] {CVE-2025-38147} - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy (Thangaraj Samynathan) - bpf: Avoid __bpf_prog_ret0_warn when jit fails (Kafai Wan) [Orabug: 38180470] {CVE-2025-38280} - net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153088] {CVE-2025-38153} - netfilter: nft_tunnel: fix geneve_opt dump (Fernando Fernandez Mancera) - bpf, sockmap: Avoid using sk_socket after free when sending (Jiayuan Chen) [Orabug: 38153094] {CVE-2025-38154} - vfio/type1: Fix error unwind in migration dirty bitmap allocation (Li Rongqing) - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (Florian Westphal) - wifi: ath9k_htc: Abort software beacon handling if disabled (Toke Høiland-Jørgensen) [Orabug: 38153109] {CVE-2025-38157} - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (Alexey Kodanev) [Orabug: 38153121] {CVE-2025-38159} - s390/bpf: Store backchain even for leaf progs (Ilya Leoshkevich) - clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz (Vincent Knecht) - bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180488] {CVE-2025-38285} - pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180494] {CVE-2025-38286} - libbpf: Use proper errno value in nlattr (Anton Protopopov) - ktls, sockmap: Fix missing uncharge operation (Jiayuan Chen) - clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (Henry Martin) [Orabug: 38153131] {CVE-2025-38160} - clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs (Luca Weiss) - bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (Anton Protopopov) - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (Patrisious Haddad) [Orabug: 38153138] {CVE-2025-38161} - netfilter: nft_quota: match correctly when the quota just depleted (Zhongqiu Duan) - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (Huajian Yang) - libbpf: Use proper errno value in linker (Anton Protopopov) - f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() (Chao Yu) - f2fs: clean up w/ fscrypt_is_bounce_page() (Chao Yu) - iommu: Protect against overflow in iommu_pgsize() (Jason Gunthorpe) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (Junxian Huang) - wifi: rtw88: do not ignore hardware read error during DPK (Dmitry Antipov) - libbpf: Fix buffer overflow in bpf_object__init_prog (Viktor Malik) - net: ncsi: Fix GCPS 64-bit member variables (Hari Kalavakunta) - f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153149] {CVE-2025-38163} - bpf, sockmap: fix duplicated data transmission (Jiayuan Chen) - IB/cm: use rwlock for MAD agent lock (Jacob Moroni) - wifi: ath11k: fix node corruption in ar->arvifs list (Stone Zhang) [Orabug: 38180515] {CVE-2025-38293} - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (Huang Yiwei) - drm/tegra: rgb: Fix the unbound reference count (Biju Das) - drm/vkms: Adjust vkms_state->active_planes allocation type (Kees Cook) - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (Biju Das) - selftests/seccomp: fix syscall_restart test for arm compat (Neill Kapron) - firmware: psci: Fix refcount leak in psci_dt_init (Miaoqian Lin) - m68k: mac: Fix macintosh_config for Mac II (Finn Thain) - fs/ntfs3: handle hdr_first_de() return value (Andrey Vatoropin) [Orabug: 38153172] {CVE-2025-38167} - media: rkvdec: Fix frame size enumeration (Jonas Karlman) - drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (Charles Han) [Orabug: 38180589] {CVE-2025-38319} - spi: sh-msiof: Fix maximum DMA transfer size (Geert Uytterhoeven) - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" (Armin Wolf) - x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (Jiaqing Zhao) - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (Zijun Hu) - power: reset: at91-reset: Optimize at91_reset() (Alexander Shiyan) - EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180524] {CVE-2025-38298} - crypto: sun8i-ce - move fallback ahash_request to the end of the struct (Ovidiu Panait) - crypto: xts - Only add ecb if it is not already there (Herbert Xu) - crypto: lrw - Only add ecb if it is not already there (Herbert Xu) - crypto: marvell/cesa - Avoid empty transfer descriptor (Herbert Xu) - crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153188] {CVE-2025-38173} - x86/cpu: Sanitize CPUID(0x80000000) output (Ahmed S. Darwish) - crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions (Corentin Labbe) - perf/core: Fix broken throttling when max_samples_per_tick=1 (Qing Wang) - gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher) - thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158383] {CVE-2025-38174} - usb: usbtmc: Fix timeout value in get_stb (Dave Penkler) - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (Charles Yeh) - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (Hongyu Xie) - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (Jiayi Li) - rtc: Fix offset calculation for .start_secs < 0 (Alexandre Mergnat) - rtc: Make rtc_time64_to_tm() support dates before 1970 (Alexandre Mergnat) - pinctrl: armada-37xx: set GPIO output value before setting direction (Gabor Juhos) - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (Gabor Juhos) [5.15.0-312.185.1.el9uek] - uek-rpm: mips: Disable CONFIG_TRANSPARENT_HUGEPAGE (Dave Kleikamp) [Orabug: 38280961] - KVM: x86/MMU: Allow faulting at hugepages during dirty tracking (Joao Martins) [Orabug: 36409415] - KVM: x86/MMU: Dirty tracking without write-protection for shadow paging (Joao Martins) [Orabug: 36409415] - KVM: x86/MMU: Track rmap present pages (Joao Martins) [Orabug: 36409415] - nvme: check for valid nvme_identify_ns() before using it (Ewan D. Milne) [Orabug: 38207640] - nvme: bring back auto-removal of deleted namespaces during sequential scan (Christoph Hellwig) [Orabug: 38207640] - rds: tcp: block BH in TCP callbacks (Eric Dumazet) [Orabug: 38236843] _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
