Oracle Linux Security Advisory ELSA-2025-20553 http://linux.oracle.com/errata/ELSA-2025-20553.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.347.6.el8uek.x86_64.rpm kernel-uek-container-5.4.17-2136.347.6.el8uek.x86_64.rpm kernel-uek-container-debug-5.4.17-2136.347.6.el8uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.347.6.el8uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.347.6.el8uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.347.6.el8uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.347.6.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.347.6.el8uek.src.rpm Related CVEs: CVE-2022-48773 CVE-2022-48828 CVE-2022-48829 CVE-2024-46855 CVE-2024-57996 CVE-2025-37752 CVE-2025-37958 CVE-2025-38083 CVE-2025-38086 CVE-2025-38090 CVE-2025-38103 CVE-2025-38108 CVE-2025-38115 CVE-2025-38135 CVE-2025-38136 CVE-2025-38145 CVE-2025-38147 CVE-2025-38153 CVE-2025-38157 CVE-2025-38163 CVE-2025-38173 CVE-2025-38174 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38194 CVE-2025-38200 CVE-2025-38203 CVE-2025-38204 CVE-2025-38212 CVE-2025-38214 CVE-2025-38219 CVE-2025-38222 CVE-2025-38237 CVE-2025-38285 CVE-2025-38286 CVE-2025-38298 CVE-2025-38312 CVE-2025-38313 CVE-2025-38320 CVE-2025-38323 CVE-2025-38324 CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38336 CVE-2025-38337 CVE-2025-38344 CVE-2025-38345 CVE-2025-38346 CVE-2025-38348 CVE-2025-38352 CVE-2025-38415 CVE-2025-38416 CVE-2025-38420 CVE-2025-38424 CVE-2025-38428 CVE-2025-38430 CVE-2025-38498 Description of changes: [5.4.17-2136.347.6.el8uek] - net_sched: sch_sfq: move the limit validation (Octavian Purdila) [Orabug: 38377926] {CVE-2025-37752} - net_sched: sch_sfq: use a temporary work area for validating configuration (Octavian Purdila) [Orabug: 38377926] - net_sched: sch_sfq: don't allow 1 packet limit (Octavian Purdila) [Orabug: 38377926] {CVE-2024-57996} - net_sched: sch_sfq: handle bigger packets (Eric Dumazet) [Orabug: 38377926] - net_sched: sch_sfq: annotate data-races around q->perturb_period (Eric Dumazet) [Orabug: 38377926] [5.4.17-2136.347.5.el8uek] - squashfs: fix memory leak in squashfs_fill_super (Phillip Lougher) - netfilter: nf_tables: adjust lockdep assertions handling (Fedor Pchelkin) - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (Helge Deller) - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (Arnd Bergmann) [5.4.17-2136.347.4.el8uek] - KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38319938] - KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi (Miaohe Lin) [Orabug: 38319938] - rds: Fix NULL ptr deref in xas_start (Håkon Bugge) [Orabug: 38169303] [5.4.17-2136.347.3.el8uek] - mm: make page_mapped_in_vma() hugetlb walk aware (Jane Chu) [Orabug: 38146326] - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk (Zhenwei Pi) [Orabug: 38146326] [5.4.17-2136.347.2.el8uek] - rds: tcp: block BH in TCP callbacks (Eric Dumazet) [Orabug: 38236847] - kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges (Lianbo Jiang) [Orabug: 38134902] - module: correctly exit module_kallsyms_on_each_symbol when fn() != 0 (Jon Mediero) [Orabug: 37820709] - module: potential uninitialized return in module_kallsyms_on_each_symbol() (Dan Carpenter) [Orabug: 37820709] - module: use RCU to synchronize find_module (Christoph Hellwig) [Orabug: 37820709] - kallsyms: refactor {,module_}kallsyms_on_each_symbol (Christoph Hellwig) [Orabug: 37820709] [5.4.17-2136.347.1.el8uek] - LTS tag: v5.4.295 (Alok Tiwari) - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (Kees Cook) - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() (Tengda Wu) [Orabug: 38180596] {CVE-2025-38320} - perf: Fix sample vs do_exit() (Peter Zijlstra) [Orabug: 38254030] {CVE-2025-38424} - s390/pci: Fix __pcilg_mio_inuser() inline assembly (Heiko Carstens) - rtc: test: Fix invalid format specifier. (David Gow) - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (Jeongjun Park) [Orabug: 38180707] {CVE-2025-38337} - mm/huge_memory: fix dereferencing invalid pmd migration entry (Gavin Guo) [Orabug: 37976985] {CVE-2025-37958} - rtc: Make rtc_time64_to_tm() support dates before 1970 (Alexandre Mergnat) - rtc: Improve performance of rtc_time64_to_tm(). Add tests. (Cassio Neri) - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (Dan Aloni) [Orabug: 37101886] {CVE-2022-48773} - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [Orabug: 38223087] {CVE-2025-38352} - ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms (Geert Uytterhoeven) - ARM: dts: am335x-bone-common: Increase MDIO reset deassert time (Colin Foster) - ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board (Shengyu Qu) - net: atm: fix /proc/net/atm/lec handling (Eric Dumazet) [Orabug: 38158407] {CVE-2025-38180} - net: atm: add lec_mutex (Eric Dumazet) [Orabug: 38180612] {CVE-2025-38323} - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (Kuniyuki Iwashima) [Orabug: 38158413] {CVE-2025-38181} - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (Haixia Qu) [Orabug: 38158425] {CVE-2025-38184} - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Neal Cardwell) - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). (Kuniyuki Iwashima) [Orabug: 38158434] {CVE-2025-38185} - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). (Kuniyuki Iwashima) [Orabug: 38180618] {CVE-2025-38324} - wifi: carl9170: do not ping device which has failed to load firmware (Dmitry Antipov) [Orabug: 38254011] {CVE-2025-38420} - aoe: clean device rq_list in aoedev_downdev() (Justin Sanders) [Orabug: 38180629] {CVE-2025-38326} - hwmon: (occ) fix unaligned accesses (Arnd Bergmann) - drm/nouveau/bl: increase buffer size to avoid truncate warning (Jacob Keller) - erofs: remove unused trace event erofs_destroy_inode (Gao Xiang) - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (Jonathan Lane) - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (Takashi Iwai) - Input: sparcspkr - avoid unannotated fall-through (Yuli Wang) - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (Terry Junge) [Orabug: 38152878] {CVE-2025-38103} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. (Kuniyuki Iwashima) [Orabug: 38158458] {CVE-2025-38190} - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (Stephen Smalley) - scsi: s390: zfcp: Ensure synchronous unit_add (Peter Oberparleiter) - scsi: storvsc: Increase the timeouts to storvsc_timeout (Dexuan Cui) - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (Fedor Pchelkin) [Orabug: 38180636] {CVE-2025-38328} - jffs2: check that raw node were preallocated before writing summary (Artem Sadovnikov) [Orabug: 38158484] {CVE-2025-38194} - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (Andrew Morton) [Orabug: 38137454] {CVE-2025-38090} - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (Narayana Murty N) - platform/x86: dell_rbu: Stop overwriting data buffer (Stuart Hayes) - platform: Add Surface platform directory (Maximilian Luz) - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" (Alexander Sverdlin) - tee: Prevent size calculation wraparound on 32-bit kernels (Jann Horn) - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY (Sukrut Bellary) - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (Laurentiu Tudor) - watchdog: da9052_wdt: respect TWDMIN (Marcus Folkesson) - i40e: fix MMIO write access to an invalid page in i40e_clear_hw (Kyungwook Boo) [Orabug: 38158518] {CVE-2025-38200} - sock: Correct error checking condition for (assign|release)_proto_idx() (Zijun Hu) - scsi: lpfc: Use memcpy() for BIOS version (Daniel Wagner) [Orabug: 38180668] {CVE-2025-38332} - vxlan: Do not treat dst cache initialization errors as fatal (Ido Schimmel) - clk: rockchip: rk3036: mark ddrphy as critical (Heiko Stuebner) - wifi: mac80211: do not offer a mesh path if forwarding is disabled (Benjamin Berg) - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info (Jason Xing) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (Gabor Juhos) - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (Gabor Juhos) - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT (Sebastian Andrzej Siewior) - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows (Eric Dumazet) - tcp: always seek for minimal rtt in tcp_rcv_rtt_update() (Eric Dumazet) - net: dlink: add synchronization for stats update (Moon Yeounsu) - sctp: Do not wake readers in __sctp_write_space() (Petr Malat) - emulex/benet: correct command version selection in be_cmd_get_stats() (Alok Tiwari) - i2c: designware: Invoke runtime suspend on quick slave re-registration (Tan En De) - net: macb: Check return value of dma_set_mask_and_coherent() (Sergio Perez Gonzalez) - cpufreq: Force sync policy boost with global boost on sysfs update (Viresh Kumar) - nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults (Simon Schuster) - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() (Xu Wang) [Orabug: 38175014] {CVE-2025-38237} - media: tc358743: ignore video while HPD is low (Hans Verkuil) - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB (Amber Lin) - jfs: Fix null-ptr-deref in jfs_ioc_trim (Dylan Wolff) [Orabug: 38158546] {CVE-2025-38203} - drm/amdgpu/gfx9: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx8: fix CSIB handling (Alex Deucher) - jfs: fix array-index-out-of-bounds read in add_missing_indices (Aditya Dutt) [Orabug: 38158553] {CVE-2025-38204} - drm/amdgpu/gfx7: fix CSIB handling (Alex Deucher) - drm/amdgpu/gfx10: fix CSIB handling (Alex Deucher) - drm/msm/a6xx: Increase HFI response timeout (Akhil P Oommen) - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() (Srinivasan Shanmugam) - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition (Nas Chung) - drm/msm/hdmi: add runtime PM calls to DDC transfer function (Dmitry Baryshkov) - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() (Damon Ding) - sunrpc: update nextcheck time when adding new cache entries (Long Li) - drm/amdgpu/gfx6: fix CSIB handling (Alex Deucher) - ACPI: battery: negate current when discharging (Peter Marheine) - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (Charan Teja Kalla) - power: supply: bq27xxx: Retrieve again when busy (Jerry Lv) - ACPICA: fix acpi parse and parseext cache leaks (Seunghun Han) [Orabug: 38180748] {CVE-2025-38344} - ACPICA: Avoid sequence overread in call to strncmp() (Ahmed Salem) - ACPICA: fix acpi operand cache leak in dswstate.c (Seunghun Han) [Orabug: 38180756] {CVE-2025-38345} - iio: adc: ad7606_spi: fix reg write value mask (David Lechner) - PCI: Fix lock symmetry in pci_slot_unlock() (Ilpo Järvinen) - PCI: Add ACS quirk for Loongson PCIe (Huacai Chen) - uio_hv_generic: Use correct size for interrupt and monitor pages (Long Li) - regulator: max14577: Add error check for max14577_read_reg() (Xu Wang) - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS (Khem Raj) - staging: iio: ad5933: Correct settling cycles encoding per datasheet (Gabriel) - net: ch9200: fix uninitialised access during mii_nway_restart (Qasim Ijaz) [Orabug: 38132189] {CVE-2025-38086} - ftrace: Fix UAF when lookup kallsym after ftrace disabled (Ye Bin) [Orabug: 38180768] {CVE-2025-38346} - dm-mirror: fix a tiny race condition (Mikulas Patocka) - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (Xu Wang) - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (Xu Wang) - mm: fix ratelimit_pages update error in dirty_ratio_handler() (Jinliang Zheng) - ipc: fix to protect IPCS lookups using RCU (Jeongjun Park) [Orabug: 38158598] {CVE-2025-38212} - parisc: fix building with gcc-15 (Arnd Bergmann) - vgacon: Add check for vc_origin address range in vgacon_scroll() (Gong, Ruiqi) - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (Murad Masimov) [Orabug: 38158615] {CVE-2025-38214} - EDAC/altera: Use correct write width with the INTTEST register (Niravkumar L Rabara) - NFC: nci: uart: Set tty->disc_data only in success path (Krzysztof Kozlowski) [Orabug: 38253992] {CVE-2025-38416} - f2fs: prevent kernel warning due to negative i_nlink from corrupted image (Jaegeuk Kim) [Orabug: 38158649] {CVE-2025-38219} - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (Dan Carpenter) [Orabug: 38254054] {CVE-2025-38428} - ext4: fix calculation of credits for extent tree modification (Jan Kara) - ext4: inline: fix len overflow in ext4_prepare_inline_data (Thadeu Lima de Souza Cascardo) [Orabug: 38158662] {CVE-2025-38222} - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (Ioana Ciornei) - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tasos Sahanidis) [Orabug: 38180697] {CVE-2025-38336} - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() (Ross Stutterheim) - media: v4l2-dev: fix error handling in __video_register_device() (Ma Ke) - media: gspca: Add error handling for stv06xx_read_sensor() (Xu Wang) - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (Mingcong Bai) - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (Neil Brown) [Orabug: 38254062] {CVE-2025-38430} - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (Christian Lamparter) [Orabug: 38180783] {CVE-2025-38348} - gfs2: move msleep to sleepable context (Alexander Aring) - configfs: Do not override creating attribute file failure in populate_attrs() (Zijun Hu) - net: usb: aqc111: debug info before sanitation (Oliver Neukum) - calipso: unlock rcu before returning -EAFNOSUPPORT (Eric Dumazet) - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (Stefano Stabellini) - usb: Flush altsetting 0 endpoints before reinitializating them after reset. (Mathias Nyman) - fs/filesystems: Fix potential unsigned integer underflow in fs_name() (Zijun Hu) - net/mdiobus: Fix potential out-of-bounds read/write access (Jakub Raczynski) - drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang (Nathan Chancellor) - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang (Nathan Chancellor) - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option (Nathan Chancellor) - x86/boot/compressed: prefer cc-option for CFLAGS additions (Nick Desaulniers) - net: mdio: C22 is now optional, EOPNOTSUPP if not provided (Andrew Lunn) - net_sched: tbf: fix a race in tbf_change() (Eric Dumazet) - net_sched: red: fix a race in __red_change() (Eric Dumazet) [Orabug: 38152899] {CVE-2025-38108} - net_sched: prio: fix a race in prio_tune() (Eric Dumazet) [Orabug: 38105335] {CVE-2025-38083} - net/mlx5: Fix return value when searching for existing flow group (Patrisious Haddad) - net/mlx5: Wait for inactive autogroups (Paul Blakey) - i40e: retry VFLR handling if there is ongoing VF reset (Robert Malz) - i40e: return false from i40e_reset_vf if reset is in progress (Robert Malz) - net_sched: sch_sfq: fix a potential crash on gso_skb handling (Eric Dumazet) [Orabug: 38152923] {CVE-2025-38115} - scsi: iscsi: Fix incorrect error path labels for flashnode operations (Alok Tiwari) - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (Chuck Lever) [Orabug: 36954169] {CVE-2022-48829} - NFSD: Fix ia_size underflow (Chuck Lever) [Orabug: 36954164] {CVE-2022-48828} - Input: synaptics-rmi - fix crash with unsupported versions of F34 (Dmitry Torokhov) - Input: synaptics-rmi4 - convert to use sysfs_emit() APIs (Zhang Songyi) - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() (Dan Carpenter) - do_change_type(): refuse to operate on unmounted/not ours mounts (Al Viro) [Orabug: 38256450] {CVE-2025-38498} - ice: create new Tx scheduler nodes for new queues only (Michal Kubiak) - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (Luiz Augusto von Dentz) - net/mlx4_en: Prevent potential integer overflow calculating Hz (Dan Carpenter) - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (Nicolas Pitre) - serial: Fix potential null-ptr-deref in mlb_usio_probe() (Henry Martin) [Orabug: 38153012] {CVE-2025-38135} - usb: renesas_usbhs: Reorder clock handling and power management in probe (Lad Prabhakar) [Orabug: 38153017] {CVE-2025-38136} - rtc: Fix offset calculation for .start_secs < 0 (Alexandre Mergnat) - rtc: sh: assign correct interrupts with DT (Wolfram Sang) - perf record: Fix incorrect --user-regs comments (Dapeng Mi) - perf tests switch-tracking: Fix timestamp comparison (Leo Yan) - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (Alexey Gladkov) - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (Christophe Jaillet) - rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() (Dan Carpenter) - perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 (Adrian Hunter) - perf ui browser hists: Set actions->thread before calling do_zoom_thread() (Arnaldo Carvalho de Melo) - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180566] {CVE-2025-38312} - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153060] {CVE-2025-38145} - soc: aspeed: lpc: Fix impossible judgment condition (Su Hui) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (Quentin Schulz) - ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device (Dmitry Baryshkov) - bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180573] {CVE-2025-38313} - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (Ryusuke Konishi) - nilfs2: add pointer check for nilfs_direct_propagate() (Xu Wang) - Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253985] {CVE-2025-38415} - ARM: dts: at91: at91sam9263: fix NAND chip selects (Wolfram Sang) - ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select (Wolfram Sang) - f2fs: fix to correct check conditions in f2fs_cross_rename (Zhiguo Niu) - f2fs: use d_inode(dentry) cleanup dentry->d_inode (Zhiguo Niu) - calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153070] {CVE-2025-38147} - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy (Thangaraj Samynathan) - net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153090] {CVE-2025-38153} - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (Florian Westphal) - wifi: ath9k_htc: Abort software beacon handling if disabled (Toke Høiland-Jørgensen) [Orabug: 38153110] {CVE-2025-38157} - bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180489] {CVE-2025-38285} - pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180495] {CVE-2025-38286} - ktls, sockmap: Fix missing uncharge operation (Jiayuan Chen) - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (Huajian Yang) - f2fs: clean up w/ fscrypt_is_bounce_page() (Chao Yu) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (Junxian Huang) - wifi: rtw88: do not ignore hardware read error during DPK (Dmitry Antipov) - net: ncsi: Fix GCPS 64-bit member variables (Hari Kalavakunta) - f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153150] {CVE-2025-38163} - drm/tegra: rgb: Fix the unbound reference count (Biju Das) - drm/vkms: Adjust vkms_state->active_planes allocation type (Kees Cook) - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (Biju Das) - selftests/seccomp: fix syscall_restart test for arm compat (Neill Kapron) - firmware: psci: Fix refcount leak in psci_dt_init (Miaoqian Lin) - m68k: mac: Fix macintosh_config for Mac II (Finn Thain) - drm/vmwgfx: Add seqno waiter for sync_files (Ian Forbes) - spi: sh-msiof: Fix maximum DMA transfer size (Geert Uytterhoeven) - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" (Armin Wolf) - x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (Jiaqing Zhao) - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (Zijun Hu) - EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180525] {CVE-2025-38298} - crypto: marvell/cesa - Avoid empty transfer descriptor (Herbert Xu) - crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153190] {CVE-2025-38173} - x86/cpu: Sanitize CPUID(0x80000000) output (Ahmed S. Darwish) - perf/core: Fix broken throttling when max_samples_per_tick=1 (Qing Wang) - gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher) - netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [Orabug: 37116555] {CVE-2024-46855} - thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158384] {CVE-2025-38174} - usb: usbtmc: Fix timeout value in get_stb (Dave Penkler) - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (Hongyu Xie) - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (Jiayi Li) - pinctrl: armada-37xx: set GPIO output value before setting direction (Gabor Juhos) - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (Gabor Juhos) _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
