Oracle Linux: (CVE-2020-10742) ELSA-2020-4060: kernel security, bug fix, and enhancement update

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2020-4060:

[3.10.0-1160.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1160] - [kernel] modsign: Add nomokvarconfig kernel parameter (Lenny Szubowicz) [1867857] - [firmware] modsign: Add support for loading certs from the EFI MOK config table (Lenny Szubowicz) [1867857] - [kernel] modsign: Move import of MokListRT certs to separate routine (Lenny Szubowicz) [1867857] - [kernel] modsign: Avoid spurious error message after last MokListRTn (Lenny Szubowicz) [1867857] [3.10.0-1159] - [kernel] modsign: Import certificates from optional MokListRT (Lenny Szubowicz) [1862840] - [crypto] crypto/pefile: Support multiple signatures in verify_pefile_signature (Lenny Szubowicz) [1862840] - [crypto] crypto/pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1862840] [3.10.0-1158] - [redhat] switch secureboot kernel image signing to release keys (Jan Stancek) [] [3.10.0-1157] - [fs] signal: Dont send signals to tasks that dont exist (Vladis Dronov) [1856166] [3.10.0-1156] - [fs] gfs2: Fix regression due to unwanted gfs2_qa_put (Robert S Peterson) [1798713] - [include] signal: Unfairly acquire tasklist_lock in send_sigio() if irq disabled (Waiman Long) [1838799] - [fs] signal: Dont take tasklist_lock if PID type is PIDTYPE_PID (Waiman Long) [1838799] - [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1820632] {CVE-2020-12888} [3.10.0-1155] - [x86] Revert 'x86: respect memory size limiting via mem= parameter' (Joel Savitz) [1851576] - [mm] Revert 'mm/memory_hotplug.c: only respect mem= parameter during boot stage' (Joel Savitz) [1851576] - [fs] nfsd: only WARN once on unmapped errors ('J. Bruce Fields') [1850430] - [powerpc] pci/of: Fix OF flags parsing for 64bit BARs (Greg Kurz) [1840114] - [fs] cifs: fix NULL dereference in match_prepath (Leif Sahlberg) [1759852] [3.10.0-1154] - [fs] gfs2: move privileged user check to gfs2_quota_lock_check (Robert S Peterson) [1798713] - [fs] gfs2: Fix problems regarding gfs2_qa_get and _put (Robert S Peterson) [1798713] - [fs] gfs2: dont call quota_unhold if quotas are not locked (Robert S Peterson) [1798713] - [fs] gfs2: Remove unnecessary gfs2_qa_{get, put} pairs (Robert S Peterson) [1798713] - [fs] gfs2: Split gfs2_rsqa_delete into gfs2_rs_delete and gfs2_qa_put (Robert S Peterson) [1798713] - [fs] gfs2: Change inode qa_data to allow multiple users (Robert S Peterson) [1798713] - [fs] gfs2: eliminate gfs2_rsqa_alloc in favor of gfs2_qa_alloc (Robert S Peterson) [1798713] - [fs] gfs2: Switch to list_{first,last}_entry (Robert S Peterson) [1798713] - [fs] gfs2: Clean up inode initialization and teardown (Robert S Peterson) [1798713] - [fs] gfs2: Minor gfs2_alloc_inode cleanup (Robert S Peterson) [1798713] - [fs] gfs2: Fix busy-on-umount in gfs2_atomic_open() (Andrew Price) [1812558] [3.10.0-1153] - [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843437] {CVE-2020-10757} - [mm] mm, dax: check for pmd_none() after split_huge_pmd() (Rafael Aquini) [1843437] {CVE-2020-10757} - [mm] mm: mremap: streamline move_page_tables()s move_huge_pmd() corner case (Rafael Aquini) [1843437] {CVE-2020-10757} - [mm] mm: mremap: validate input before taking lock (Rafael Aquini) [1843437] {CVE-2020-10757} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844070] {CVE-2020-12654} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844026] {CVE-2020-12653} - [net] netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 (Florian Westphal) [1845428] [3.10.0-1152] - [nvmem] nvmem: properly handle returned value nvmem_reg_read (Vladis Dronov) [1844409] - [mailbox] PCC: fix dereference of ERR_PTR (Vladis Dronov) [1844409] - [kernel] futex: Unlock hb->lock in futex_wait_requeue_pi() error path (Vladis Dronov) [1844409] - [fs] aio: fix inconsistent ring state (Jeff Moyer) [1845326] - [vfio] vfio/mdev: make create attribute static (Vladis Dronov) [1837549] - [vfio] treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Synchronize device create/remove with parent removal (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid creating sysfs remove file on stale device removal (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Improve the create/remove sequence (Vladis Dronov) [1837549] - [vfio] treewide: Add SPDX license identifier - Makefile/Kconfig (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid inline get and put parent helpers (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Fix aborting mdev child device removal if one fails (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Follow correct remove sequence (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid masking error code to EBUSY (Vladis Dronov) [1837549] - [include] vfio/mdev: Drop redundant extern for exported symbols (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Removed unused kref (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid release parent reference during error path (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Add iommu related member in mdev_device (Vladis Dronov) [1837549] - [vfio] vfio/mdev: add static modifier to add_mdev_supported_type (Vladis Dronov) [1837549] - [vfio] vfio: mdev: make a couple of functions and structure vfio_mdev_driver static (Vladis Dronov) [1837549] - [char] tpm/tpm_tis: Free IRQ if probing fails (David Arcari) [1774698] - [kernel] audit: fix a memleak caused by auditing load module (Richard Guy Briggs) [1843370] - [kernel] audit: fix potential null dereference 'context->module.name' (Richard Guy Briggs) [1843370] - [nvme] nvme: limit number of IO queues on Dell/Samsung config (David Milburn) [1837617] [3.10.0-1151] - [netdrv] qede: Fix multicast mac configuration (Michal Schmidt) [1740064] - [scsi] sd_dif: avoid incorrect ref_tag errors on 4K devices larger than 2TB (Ewan Milne) [1833528] - [hid] HID: hiddev: do cleanup in failure of opening a device (Torez Smith) [1814257] {CVE-2019-19527} - [hid] HID: hiddev: avoid opening a disconnected device (Torez Smith) [1814257] {CVE-2019-19527} - [x86] x86: make mul_u64_u64_div_u64() 'static inline' (Oleg Nesterov) [1845864] - [mm] mm: page_isolation: fix potential warning from user (Rafael Aquini) [1845620] - [s390] s390/mm: correct return value of pmd_pfn (Claudio Imbrenda) [1841106] - [fs] fs/proc/vmcore.c:mmap_vmcore: skip non-ram pages reported by hypervisors (Lianbo Jiang) [1790799] - [kernel] kernel/sysctl.c: ignore out-of-range taint bits introduced via kernel.tainted (Rafael Aquini) [1845356] - [documentation] kernel: add panic_on_taint (Rafael Aquini) [1845356] - [fs] ext4: Remove unwanted ext4_bread() from ext4_quota_write() (Lukas Czerner) [1845379] - [scsi] scsi: sg: add sg_remove_request in sg_write ('Ewan D. Milne') [1840699] {CVE-2020-12770} - [fs] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Donghai Qiao) [1832062] {CVE-2020-10732} [3.10.0-1150] - [netdrv] net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (Alaa Hleihel) [1845020] - [mm] memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (Waiman Long) [1842715] - [mm] memcg: only free spare array when readers are done (Waiman Long) [1842715] - [powerpc] powerpc/crashkernel: Take 'mem=' option into account (Pingfan Liu) [1751555] - [infiniband] IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (Kamal Heib) [1597952] - [security] selinux: properly handle multiple messages in selinux_netlink_send() (Ondrej Mosnacek) [1839650] {CVE-2020-10751} - [netdrv] net: ena: Add PCI shutdown handler to allow safe kexec (Bhupesh Sharma) [1841578] - [x86] x86/speculation: Support old struct x86_cpu_id & x86_match_cpu() kABI (Waiman Long) [1827188] {CVE-2020-0543} - [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827188] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827188] {CVE-2020-0543} - [cpufreq] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827188] {CVE-2020-0543} header (Waiman Long) [1827188] {CVE-2020-0543} [3.10.0-1149] - [mm] mm/memory_hotplug.c: only respect mem= parameter during boot stage (Joel Savitz) [1838795] - [netdrv] qed: Reduce the severity of ptp debug message (Manish Chopra) [1703770] - [kernel] pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes (Jay Shin) [1836620] - [fs] gfs2: remove BUG_ON() from gfs2_log_alloc_bio() (Abhijith Das) [1828454] - [fs] gfs2: Even more gfs2_find_jhead fixes (Abhijith Das) [1828454] - [fs] quota: fix return value in dqget() (Eric Sandeen) [1842761] - [fs] proc_sysctl.c: fix potential page fault while unregistering sysctl table (Carlos Maiolino) [1843368] - [fs] ext4: fix error handling in ext4_ext_shift_extents (Lukas Czerner) [1843366] - [vhost] vhost: Check docket sk_family instead of call getname (Vladis Dronov) [1823302] {CVE-2020-10942} - [input] hyperv-keyboard - add module description (Mohammed Gamal) [1842689] - [hv] hv: Add a module description line to the hv_vmbus driver (Mohammed Gamal) [1842689] - [hid] hyperv: Add a module description line (Mohammed Gamal) [1842689] - [x86] sched/cputime: Improve cputime_adjust() (Oleg Nesterov) [1511040] - [acpi] ACPI: APEI: call into AER handling regardless of severity (Al Stone) [1737246] - [acpi] ACPI: APEI: handle PCIe AER errors in separate function (Al Stone) [1737246] - [acpi] ras: acpi/apei: cper: add support for generic data v3 structure (Al Stone) [1737246] - [acpi] ACPICA: ACPI 6.1: Updates for the HEST ACPI table (Al Stone) [1737246] - [acpi] ACPI / APEI: Switch to use new generic UUID API (Al Stone) [1737246] - [x86] x86/efi-bgrt: Quirk for BGRT when memory encryption active (Lenny Szubowicz) [1723477] - [scsi] scsi: megaraid_sas: Update driver version to 07.714.04.00-rc1 (Tomas Henzl) [1840550] - [scsi] scsi: megaraid_sas: TM command refire leads to controller firmware crash (Tomas Henzl) [1840550] - [scsi] scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (Tomas Henzl) [1840550] - [scsi] scsi: megaraid_sas: Limit device queue depth to controller queue depth (Tomas Henzl) [1840550] - [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1820632] {CVE-2020-12888} - [fs] signal: Extend exec_id to 64bits (Chris von Recklinghausen) [1834650] {CVE-2020-12826} [3.10.0-1148] - [x86] hyper-v: Report crash data in die() when panic_on_oops is set (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Report crash register data when sysctl_record_panic_msg is not set (Mohammed Gamal) [1828450] - [x86] hyper-v: Report crash register data or kmsg before running crash kernel (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Trigger crash enlightenment only once during system crash (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Free hv_panic_page when fail to register kmsg dump (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Unload vmbus channel in hv panic callback (Mohammed Gamal) [1828450] - [hv] vmbus: Fix the issue with freeing up hv_ctl_table_hdr (Mohammed Gamal) [1828450] - [hv] vmus: Fix the check for return value from kmsg get dump buffer (Mohammed Gamal) [1828450] - [hv] Send one page worth of kmsg dump over Hyper-V during panic (Mohammed Gamal) [1828450] - [x86] kvm: x86: Allow suppressing prints on RDMSR/WRMSR of unhandled MSRs (Vitaly Kuznetsov) [1837412] - [fs] ext4: Fix race when checking i_size on direct i/o read (Lukas Czerner) [1506437] - [fs] copy_file_range should return ENOSYS not EOPNOTSUPP ('J. Bruce Fields') [1783554] - [fs] NFSv4.1 fix incorrect return value in copy_file_range ('J. Bruce Fields') [1783554] - [x86] Remove the unsupported check for Intel IceLake (Steve Best) [1841237] - [md] md/raid1: release pending accounting for an I/O only after write-behind is also finished (Nigel Croxon) [1792520] - [net] gre: fix uninit-value in __iptunnel_pull_header (Guillaume Nault) [1840321] - [net] inet: protect against too small mtu values. (Guillaume Nault) [1840321] - [net] Fix one possible memleak in ip_setup_cork (Guillaume Nault) [1840321] - [net] fix a potential recursive NETDEV_FEAT_CHANGE (Guillaume Nault) [1839130] - [net] fix null de-reference of device refcount (Guillaume Nault) [1839130] - [net] sch_choke: avoid potential panic in choke_reset() (Davide Caratti) [1839118] - [net] net_sched: fix datalen for ematch (Davide Caratti) [1839118] - [net] netem: fix error path for corrupted GSO frames (Davide Caratti) [1839118] - [net] avoid potential infinite loop in tc_ctl_action() (Davide Caratti) [1839118] - [net] net_sched: let qdisc_put() accept NULL pointer (Davide Caratti) [1839118] - [net] ipv4: really enforce backoff for redirects (Paolo Abeni) [1832332] - [net] ipv4: avoid mixed n_redirects and rate_tokens usage (Paolo Abeni) [1832332] - [net] ipv4: use a dedicated counter for icmp_v4 redirect packets (Paolo Abeni) [1832332] - [net] ipset: Update byte and packet counters regardless of whether they match (Phil Sutter) [1801366] - [net] xfrm: skip rt6i_idev update in xfrm6_dst_ifdown if loopback_idev is gone (Sabrina Dubroca) [1390049] [3.10.0-1147] - [nvme] nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (Gopal Tiwari) [1839991] - [fs] pipe: actually allow root to exceed the pipe buffer limits (Jan Stancek) [1839629] - [scsi] Revert 'scsi: mpt3sas: Dont change the DMA coherent mask after allocations' (Tomas Henzl) [1839128] - [scsi] Revert 'scsi: mpt3sas: Rename function name is_MSB_are_same' (Tomas Henzl) [1839128] - [scsi] Revert 'scsi: mpt3sas: Separate out RDPQ allocation to new function' (Tomas Henzl) [1839128] - [scsi] Revert 'scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region' (Tomas Henzl) [1839128] - [netdrv] net/mlx5e: Avoid duplicating rule destinations (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Extend encap entry with reference counter (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Fix free peer_flow when refcount is 0 (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Extend tc flow struct with reference counter (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Dont make internal use of errno to denote missing neigh (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Fix freeing flow with kfree() and not kvfree() (Alaa Hleihel) [1727593] - [drm] drm/nouveau/gr/gp107, gp108: implement workaround for HW hanging during init (Karol Herbst) [1834360 1834356 1833485] - [drm] drm/nouveau: workaround runpm fail by disabling PCI power management on certain intel bridges (Karol Herbst) [1834360 1834356 1833485] [3.10.0-1146] - [net] revert 'rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()' (Jiri Benc) [1839608] - [net] ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (Davide Caratti) [1838936] - [net] ipv6: Handle missing host route in __ipv6_ifa_notify (Davide Caratti) [1838936] - [net] ipv6: drop incoming packets having a v4mapped source address (Davide Caratti) [1838936] - [net] l2tp: fix infoleak in l2tp_ip6_recvmsg() (Andrea Claudi) [1837546] - [net] vti6: Fix memory leak of skb if input policy check fails (Patrick Talbert) [1836160] - [net] tcp: prevent bogus FRTO undos with non-SACK flows (Guillaume Nault) [1694860] - [scsi] scsi: smartpqi: fix controller lockup observed during force reboot (Don Brace) [1775369] - [fs] ext4: fix setting of referenced bit in ext4_es_lookup_extent() (Lukas Czerner) [1663720] - [fs] ext4: introduce aging to extent status tree (Lukas Czerner) [1663720] - [fs] ext4: cleanup flag definitions for extent status tree (Lukas Czerner) [1663720] - [fs] ext4: limit number of scanned extents in status tree shrinker (Lukas Czerner) [1663720] - [fs] ext4: move handling of list of shrinkable inodes into extent status code (Lukas Czerner) [1663720] - [fs] ext4: change LRU to round-robin in extent status tree shrinker (Lukas Czerner) [1663720] - [fs] ext4, jbd2: ensure panic when aborting with zero errno (Lukas Czerner) [1834783] - [fs] jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (Lukas Czerner) [1834783] - [fs] jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (Lukas Czerner) [1834783] - [fs] ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (Lukas Czerner) [1834783] - [fs] ext4: fix missing return values checks in ext4_cross_rename (Lukas Czerner) [1836819] - [fs] ext4: Fix POSIX ACL leak in ext4_xattr_set_acl (Lukas Czerner) [1543020] - [vfio] vfio-pci: Mask cap zero (Alex Williamson) [1838717] - [x86] Mark Intel Cooper Lake (CPX) supported (Steve Best) [1773681] - [fs] fs/bio-integrity: dont enable integrity for data-less bio (Ming Lei) [1835943] - [char] ipmi_si: Only schedule continuously in the thread in maintenance mode (Alexey Klimov) [1837127] - [kernel] wait/ptrace: assume __WALL if the child is traced (Oleg Nesterov) [1497808] - [mm] mm, hugetlb, soft_offline: save compound page order before page migration (Artem Savkov) [1751589] - [fs] fs/hugetlbfs/inode.c: fix hwpoison reserve accounting (Artem Savkov) [1751589] - [fs] mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (Artem Savkov) [1751589] - [mm] mm: soft-offline: dissolve free hugepage if soft-offlined (Artem Savkov) [1751589] - [mm] mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (Artem Savkov) [1751589] - [mm] mm: hwpoison: change PageHWPoison behavior on hugetlb pages (Artem Savkov) [1751589] - [mm] mm: hugetlb: prevent reuse of hwpoisoned free hugepages (Artem Savkov) [1751589] - [netdrv] net/mlx5: Tidy up and fix reverse christmas ordring (Alaa Hleihel) [1831134] - [netdrv] net/mlx5: Expose port speed when possible (Alaa Hleihel) [1831134] - [include] net/mlx5: Expose link speed directly (Alaa Hleihel) [1831134] - [usb] USB: core: Fix races in character device registration and deregistraion (Torez Smith) [1785065] {CVE-2019-19537} - [usb] usb: cdc-acm: make sure a refcount is taken early enough (Torez Smith) [1802548] {CVE-2019-19530} - [usb] USB: adutux: fix use-after-free on disconnect (Torez Smith) [1798822] {CVE-2019-19523} - [media] media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Torez Smith) [1795597] {CVE-2019-15217} [3.10.0-1145] - [scsi] scsi: qla2xxx: Do not log message when reading port speed via sysfs (Ewan Milne) [1837543] - [mm] mm: dmapool: add/remove sysfs file outside of the pool lock lock (Waiman Long) [1836837] - [mm] Fix unbalanced mutex in dma_pool_create() (Waiman Long) [1836837] - [mm] mm/dmapool.c: remove redundant NULL check for dev in dma_pool_create() (Waiman Long) [1836837] - [x86] x86/speculation: Prevent deadlock on ssb_state::lock (Waiman Long) [1836322] - [netdrv] can, slip: Protect tty->disc_data in write_wakeup and close with RCU (John Linville) [1805590] - [netdrv] slcan: Port write_wakeup deadlock fix from slip (John Linville) [1805590] - [fs] ext4: fix support for inode sizes > 1024 bytes (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] ext4: add more paranoia checking in ext4_expand_extra_isize handling (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] ext4: forbid i_extra_isize not divisible by 4 (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] ext4: validate the debug_want_extra_isize mount option at parse time (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] cachefiles: Fix race between read_waiter and read_copier involving op->to_do (Dave Wysochanski) [1829662] - [fs] jbd2: Fix possible overflow in jbd2_log_space_left() (Lukas Czerner) [1626092] - [media] media: v4l: event: Add subscription to list before calling 'add' operation (Jarod Wilson) [1828802] {CVE-2019-9458} - [media] media: v4l: event: Prevent freeing event subscriptions while accessed (Jarod Wilson) [1828802] {CVE-2019-9458} - [fs] block: Prevent hung_check firing during long sync IO (Ming Lei) [1724345] [3.10.0-1144] - [crypto] crypto: user - fix memory leak in crypto_report (Vladis Dronov) [1825132] {CVE-2019-18808 CVE-2019-19062} - [crypto] crypto: ccp - Release all allocated memory if sha type is invalid (Vladis Dronov) [1825132] {CVE-2019-18808} - [net] xfrm: policy: Fix doulbe free in xfrm_policy_timer (Xin Long) [1836813] - [net] xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire (Xin Long) [1836813] - [net] xfrm: fix uctx len check in verify_sec_ctx_len (Xin Long) [1836813] - [net] rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (Jiri Benc) [1835352] - [net] rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (Jiri Benc) [1835352] - [net] netlink: fix uninit-value in netlink_sendmsg (Jiri Benc) [1835352] - [net] netlink: make sure nladdr has correct size in netlink_connect() (Jiri Benc) [1835352] - [net] rtnetlink: fix info leak in RTM_GETSTATS call (Jiri Benc) [1835352] - [net] rtnetlink: release net refcnt on error in do_setlink() (Jiri Benc) [1835352] - [net] bridge: deny dev_set_mac_address() when unregistering (Hangbin Liu) [1834203] - [net] bridge/mdb: remove wrong use of NLM_F_MULTI (Hangbin Liu) [1834203] - [net] udp: disable inner UDP checksum offloads in IPsec case (Sabrina Dubroca) [1826244] - [net] sctp: Fix SHUTDOWN CTSN Ack in the peer restart case (Xin Long) [1833869] - [net] sctp: Fix bundling of SHUTDOWN with COOKIE-ACK (Xin Long) [1833869] - [net] sctp: fix possibly using a bad saddr with a given dst (Xin Long) [1833869] - [net] sctp: fix refcount bug in sctp_wfree (Xin Long) [1833869] - [net] sctp: move the format error check out of __sctp_sf_do_9_1_abort (Xin Long) [1833869] - [net] sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (Xin Long) [1833869] - [net] sctp: fully initialize v4 addr in some functions (Xin Long) [1833869] - [net] sctp: simplify addr copy (Xin Long) [1833869] - [net] sctp: cache netns in sctp_ep_common (Xin Long) [1833869] - [net] sctp: destroy bucket if failed to bind addr (Xin Long) [1833869] - [net] sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (Xin Long) [1833869] - [net] netfilter: nat: never update the UDP checksum when its 0 (Guillaume Nault) [1834278] - [net] esp4: add length check for UDP encapsulation (Sabrina Dubroca) [1825155] - [net] sit: fix memory leak in sit_init_net() (Andrea Claudi) [1830011] {CVE-2019-16994} - [net] sched: cbs: fix NULL dereference in case cbs_init() fails (Davide Caratti) [1830245] - [net] netfilter: nf_tables: use-after-free in dynamic operations (Phil Sutter) [1819087] - [net] tcp: tcp_v4_err() should be more careful (Marcelo Leitner) [1749964] - [net] tcp: remove BUG_ON from tcp_v4_err (Marcelo Leitner) [1749964] - [net] tcp: clear icsk_backoff in tcp_write_queue_purge() (Marcelo Leitner) [1749964] - [net] psample: fix skb_over_panic (Sabrina Dubroca) [1823251] - [net] sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key (Patrick Talbert) [1823691] - [netdrv] fjes: Handle workqueue allocation failure (Masayoshi Mizuma) [1830563] {CVE-2019-16231} [3.10.0-1143] - [mm] mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (Rafael Aquini) [1834434] {CVE-2020-11565} - [fs] fs: avoid softlockups in s_inodes iterators (Jay Shin) [1760145] - [scsi] scsi: core: Add DID_ALLOC_FAILURE and DID_MEDIUM_ERROR to hostbyte_table (Maurizio Lombardi) [1832019] - [fs] locks: allow filesystems to request that ->setlease be called without i_lock (Jeff Layton) [1830606] - [fs] locks: move fasync setup into generic_add_lease (Jeff Layton) [1830606] - [fs] revert '[fs] xfs: catch bad stripe alignment configurations' (Carlos Maiolino) [1836292] - [scsi] scsi: scsi_debug: num_tgts must be >= 0 (Ewan Milne) [1834998] - [scsi] scsi: scsi_debug: Avoid PI being disabled when TPGS is enabled (Ewan Milne) [1834998] - [scsi] scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded (Ewan Milne) [1834998] - [scsi] scsi_debug: check for bigger value first (Ewan Milne) [1834998] - [scsi] scsi_debug: vfree is null safe so drop the check (Ewan Milne) [1834998] - [scsi] scsi_debug: error message should say scsi_host_alloc not scsi_register (Ewan Milne) [1834998] - [fs] xfs: Fix tail rounding in xfs_alloc_file_space() (Bill ODonnell) [1833223] - [fs] ceph: dont drop message if it contains more data than expected (Jeff Layton) [1828340] - [fs] ceph: dont error out on larger-than-expected session messages (Jeff Layton) [1828340] - [acpi] ACPI: disable BERT by default, add parameter to enable it (Aristeu Rozanski) [1525298] - [acpi] ACPI: APEI: Fix possible out-of-bounds access to BERT region (Aristeu Rozanski) [1525298] - [acpi] ACPI / sysfs: Extend ACPI sysfs to provide access to boot error region (Aristeu Rozanski) [1525298] - [acpi] ACPI: APEI: Fix BERT resources conflict with ACPI NVS area (Aristeu Rozanski) [1525298] - [acpi] ACPI / APEI: Add Boot Error Record Table (BERT) support (Aristeu Rozanski) [1525298] - [acpi] ACPICA: Restore error table definitions to reduce code differences between Linux and ACPICA upstream (Aristeu Rozanski) [1525298] [3.10.0-1142] - [fs] gfs2: Another gfs2_walk_metadata fix (Andreas Grunbacher) [1822230] - [fs] ext4: prevent ext4_quota_write() from failing due to ENOSPC (Lukas Czerner) [1068952] - [fs] ext4: do not zeroout extents beyond i_disksize (Lukas Czerner) [1834320] - [fs] pnfs: Ensure we layoutcommit before revalidating attributes (Benjamin Coddington) [1827647] - [fs] nfs: flush data when locking a file to ensure cache coherence for mmap (Scott Mayhew) [1813811] - [fs] call fsnotify_sb_delete after evict_inodes (Jay Shin) [1760145] - [fs] inode: dont softlockup when evicting inodes (Jay Shin) [1760145] - [fs] drop_caches.c: avoid softlockups in drop_pagecache_sb() (Jay Shin) [1760145] - [fs] gfs2: More gfs2_find_jhead fixes (Abhijith Das) [1828454] - [fs] gfs2: Another gfs2_find_jhead fix (Abhijith Das) [1828454] - [fs] nfs: fix mount/umount race in nlmclnt (Jay Shin) [1771205] - [fs] nlm_shutdown_hosts_net() cleanup (Jay Shin) [1771205] - [scsi] scsi: megaraid: Use true, false for bool variables (Tomas Henzl) [1827037] - [scsi] scsi: megaraid: make two symbols static in megaraid_sas_base.c (Tomas Henzl) [1827037] - [scsi] scsi: megaraid: make some symbols static in megaraid_sas_fusion.c (Tomas Henzl) [1827037] - [scsi] scsi: megaraid: make some symbols static in megaraid_sas_fp.c (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Use scnprintf() for avoiding potential buffer overflow (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: silence a warning (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: fix indentation issue (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Limit the number of retries for the IOCTLs causing firmware fault (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Re-Define enum DCMD_RETURN_STATUS (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not set HBA Operational if FW is not in operational state (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not kill HBA if JBOD Seqence map or RAID map is disabled (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not kill host bus adapter, if adapter is already dead (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Update optimal queue depth for SAS and NVMe devices (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Reset adapter if FW is not in READY state after device resume (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Make poll_aen_lock static (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Fix a compilation warning (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Make a bunch of functions static (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Make some functions static (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: remove unused variables 'debugBlk', 'fusion' (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Unique names for MSI-X vectors (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: fix panic on loading firmware crashdump (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: fix spelling mistake 'megarid_sas' -> 'megaraid_sas' (Tomas Henzl) [1827037] - [scsi] scsi: mpt3sas: Disable DIF when prot_mask set to zero (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Separate out RDPQ allocation to new function (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Rename function name is_MSB_are_same (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Dont change the DMA coherent mask after allocations (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Fix double free in attach error handling (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Use Component img header to get Package ver (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Fix module parameter max_msix_vectors (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA (Tomas Henzl) [1832868] - [netdrv] hv_netvsc: Fix error handling in netvsc_set_features() (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Sync offloading features to VF NIC (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Fix IP header checksum for coalesced packets (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Fix rndis_per_packet_info internal field initialization (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Add handler for LRO setting change (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Add support for LRO/RSC in the vSwitch (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Add handlers for ethtool get/set msg level (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (Mohammed Gamal) [1821814] - [fs] fix mntput/mntput race (Miklos Szeredi) [1828320] - [wireless] rtlwifi: prevent memory leak in rtl_usb_probe (Jarod Wilson) [1829847] {CVE-2019-19063} - [wireless] iwlwifi: dbg_ini: fix memory leak in alloc_sgtable (Jarod Wilson) [1829375] {CVE-2019-19058} - [net] nl80211: fix memory leak in nl80211_get_ftm_responder_stats (Jarod Wilson) [1829289] {CVE-2019-19055} - [wireless] iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init (Jarod Wilson) [1829393] {CVE-2019-19059} [3.10.0-1141] - [kernel] sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision (Artem Savkov) [1752067] - [edac] EDAC: skx_common: downgrade message importance on missing PCI device (Aristeu Rozanski) [1832683] - [s390] s390/qdio: consider ERROR buffers for inbound-full condition (Philipp Rudo) [1831791] - [s390] s390/ftrace: fix potential crashes when switching tracers (Philipp Rudo) [1813124] - [netdrv] ibmvnic: Skip fatal error reset after passive init (Steve Best) [1830992] - [scsi] smartpqi: bump driver version (Don Brace) [1822762] - [scsi] scsi: smartpqi: add bay identifier (Don Brace) [1822762] - [scsi] scsi: smartpqi: add module param to hide vsep (Don Brace) [1822762] - [scsi] scsi: bnx2fc: Update the driver version to 2.12.13 (Nilesh Javali) [1709542] - [scsi] scsi: bnx2fc: fix boolreturn.cocci warnings (Nilesh Javali) [1709542] - [scsi] scsi: bnx2fc: Fix SCSI command completion after cleanup is posted (Nilesh Javali) [1709542] - [scsi] scsi: bnx2fc: Process the RQE with CQE in interrupt context (Nilesh Javali) [1709542] - [scsi] scsi: qla2xxx: Fix a recently introduced kernel warning (Nilesh Javali) [1828875] - [scsi] Fix abort timeouts in CQ Full conditions (Dick Kennedy) [1802654] - [input] Input: add safety guards to input_set_keycode() (Chris von Recklinghausen) [1828222] {CVE-2019-20636} - [scsi] scsi: libsas: delete sas port if expander discover failed (Tomas Henzl) [1829965] {CVE-2019-15807} - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827240] {CVE-2020-10711} [3.10.0-1140] - [netdrv] mlx5: Remove unsupported tag for ConnectX-6 Dx device (Alaa Hleihel) [1829777] - [fs] xfs: clear PF_MEMALLOC before exiting xfsaild thread (Brian Foster) [1827910] - [fs] gfs2: fix O_EXCL|O_CREAT handling on cold dcache (Andrew Price) [1812558] - [fs] nfs: Correct an nfs page array calculation error (Jay Shin) [1824270] - [infiniband] RDMA/bnxt_re: Fix stat push into dma buffer on gen p5 devices (Jonathan Toppins) [1828475 1824438] - [netdrv] bnxt_en: Fix allocation of zero statistics block size regression (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Allocate the larger per-ring statistics block for 57500 chips (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Expand bnxt_tpa_info struct to support 57500 chips (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Refactor TPA logic (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Add TPA structure definitions for BCM57500 chips (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Update firmware interface spec. to 1.10.0.89 (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Update firmware interface to 1.10.0.69 (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Update firmware interface spec. to 1.10.0.47 (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Refactor ethtool ring statistics logic (Jonathan Toppins) [1824438] - [block] blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (Ming Lei) [1825431] - [scsi] scsi: fnic: do not queue commands during fwreset (Govindarajulu Varadarajan) [1794150] - [scsi] scsi: fnic: fix invalid stack access (Govindarajulu Varadarajan) [1794150] - [scsi] scsi: fnic: fix use after free (Govindarajulu Varadarajan) [1794150] - [netdrv] enic: prevent waking up stopped tx queues over watchdog reset (Govindarajulu Varadarajan) [1794148] - [fs] ceph: use ceph_evict_inode to cleanup inodes resource (Jeff Layton) [1784016] - [fs] ceph: fix use-after-free in __ceph_remove_cap() (Jeff Layton) [1784016] - [fs] ceph: hold i_ceph_lock when removing caps for freeing inode (Jeff Layton) [1784016] - [input] Input: ff-memless - kill timer in destroy() (Chris von Recklinghausen) [1815021] {CVE-2019-19524} - [scsi] scsi: qla2xxx: fix a potential NULL pointer dereference ('Ewan D. Milne') [1829246] {CVE-2019-16233} [3.10.0-1139] - [fs] nfsd: Fix races between nfsd4_cb_release() and nfsd4_shutdown_callback() ('J. Bruce Fields') [1448750] - [fs] nfsd: minor 4.1 callback cleanup ('J. Bruce Fields') [1448750] - [fs] nfsd: Dont release the callback slot unless it was actually held (Benjamin Coddington) [1448750] - [lib] kobject: dont use WARN for registration failures (Ewan Milne) [1756495] - [lib] lib/kobject: Join string literals back (Ewan Milne) [1756495] - [scsi] scsi: ibmvfc: Dont send implicit logouts prior to NPIV login (Steve Best) [1828726] - [fs] nfs: Serialize O_DIRECT reads and writes (Benjamin Coddington) [1826571] - [mm] mm/page_owner: convert page_owner_inited to static key (Rafael Aquini) [1781726] - [mm] mm/page_owner: set correct gfp_mask on page_owner (Rafael Aquini) [1781726] - [mm] mm/page_owner: fix possible access violation (Rafael Aquini) [1781726] - [mm] mm/page_owner: use late_initcall to hook in enabling (Rafael Aquini) [1781726] - [mm] mm/page_owner: remove unnecessary stack_trace field (Rafael Aquini) [1781726] - [mm] mm/page_owner: correct owner information for early allocated pages (Rafael Aquini) [1781726] - [mm] mm/page_owner: keep track of page owners (Rafael Aquini) [1781726] - [documentation] Documentation: add new page_owner document (Rafael Aquini) [1781726] - [kernel] stacktrace: introduce snprint_stack_trace for buffer output (Rafael Aquini) [1781726] [3.10.0-1138] - [infiniband] RDMA/bnxt_re: Fix chip number validation Broadcoms Gen P5 series (Jonathan Toppins) [1823679] - [scsi] scsi: qla2xxx: Silence fwdump template message (Ewan Milne) [1783191] - [scsi] scsi: hpsa: Update driver version (Joseph Szczypek) [1808403] - [scsi] scsi: hpsa: correct race condition in offload enabled (Joseph Szczypek) [1808403] - [netdrv] bonding: fix active-backup transition after link failure (Jarod Wilson) [1712235] - [netdrv] bonding: fix state transition issue in link monitoring (Jarod Wilson) [1712235] - [netdrv] bonding: fix potential NULL deref in bond_update_slave_arr (Jarod Wilson) [1712235] - [netdrv] bonding: Force slave speed check after link state recovery for 802.3ad (Jarod Wilson) [1712235] - [i2c] i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (Vladis Dronov) [1822641] {CVE-2017-18551} - [acpi] ACPI / EC: Ensure lock is acquired before accessing ec struct (Al Stone) [1811132] - [x86] x86/mce: Do not log spurious corrected mce errors (Prarit Bhargava) [1797205] - [wireless] mwifiex: Fix mem leak in mwifiex_tm_cmd (Jarod Wilson) [1804971] {CVE-2019-20095} - [kernel] kernel/module.c: wakeup processes in module_wq on module unload (Prarit Bhargava) [1771939] - [acpi] ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Prarit Bhargava) [1790782] [3.10.0-1137] - [tty] tty/hvc: Use IRQF_SHARED for OPAL hvc consoles (Gustavo Duarte) [1600213] - [mm] mm/swap_slots.c: fix race conditions in swap_slots cache init (Rafael Aquini) - [block] loop: set PF_MEMALLOC_NOIO for the worker thread (Ming Lei) [1825950] - [tty] serial: 8250: drop the printk from serial8250_interrupt() (Prarit Bhargava) [1825049] - [net] net: linkwatch: add check for netdevice being present to linkwatch_do_dev (Alaa Hleihel) [1595302] [3.10.0-1136] - [fs] sunrpc: expiry_time should be seconds not timeval (Benjamin Coddington) [1794055] - [nvdimm] Revert 'driver boilerplate changes to properly manage device_rh' (Christoph von Recklinghausen) [1823750] - [base] call device_rh_free in device_release before driver/class/type release is called (Christoph von Recklinghausen) [1822888] - [md] md:md-faulty kernel panic is caused by QUEUE_FLAG_NO_SG_MERGE (Nigel Croxon) [1822462] - [firmware] efi: cper: print AER info of PCIe fatal error (Vladis Dronov) [1820646] - [scsi] qla2xxx: Update driver version to 10.01.00.22.07.9-k (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix message indicating vectors used by driver (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Move free of fcport out of interrupt context (Nilesh Javali) [1808129] - [scsi] qla2xxx: delete all sessions before unregister local nvme port (Nilesh Javali) [1808129] - [scsi] qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix a NULL pointer dereference in an error path (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix mtcp dump collection failure (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix RIDA Format-2 (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix stuck login session using prli_pend_timer (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Use common routine to free fcport struct (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix update_fcport for current_topology (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix fabric scan hang (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Complain if sp->done() is not called from the completion path (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Change discovery state before PLOGI (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Initialize free_work before flushing it (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Retry fabric Scan on IOCB queue full (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: initialize fc4_type_priority (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix a dma_pool_free() call (Nilesh Javali) [1808129] - [security] selinux: ensure we cleanup the internal AVC counters on error in avc_insert() (Artem Savkov) [1808675] - [acpi] ACPICA: Mark acpi_ut_create_internal_object_dbg() memory allocations as non-leaks (Artem Savkov) [1808675] - [x86] x86/microcode/AMD: Free unneeded patch before exit from update_cache() (Artem Savkov) [1808675] - [mm] memcg: ensure mem_cgroup_idr is updated in a coordinated manner (Aaron Tomlin) [1822405] - [mm] mm/page_alloc: increase default min_free_kbytes bound (Joel Savitz) [1704326] - [scsi] scsi: lpfc: Fix unexpected error messages during RSCN handling (Dick Kennedy) [1743667] - [scsi] scsi: lpfc: Fix discovery failures when target device connectivity bounces (Dick Kennedy) [1743667] - [scsi] scsi: lpfc: Fix devices that dont return after devloss followed by rediscovery (Dick Kennedy) [1743667] - [scsi] scsi: lpfc: Fix port relogin failure due to GID_FT interaction (Dick Kennedy) [1743667] - [video] vgacon: Fix a UAF in vgacon_invert_region (Vladis Dronov) [1818730] {CVE-2020-8647 CVE-2020-8649} - [x86] uprobes/x86: Fix detection of 32-bit user mode (Oleg Nesterov) [1804959] - [powerpc] module: Handle R_PPC64_ENTRY relocations (Yauheni Kaliuta) [1657540] - [scripts] recordmcount.pl: support data in text section on powerpc (Yauheni Kaliuta) [1657540] - [powerpc] boot: Request no dynamic linker for boot wrapper (Yauheni Kaliuta) [1657540] [3.10.0-1135] - [fs] fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Dave Wysochanski) [1683490] - [fs] fscache: Pass the correct cancelled indications to fscache_op_complete() (Dave Wysochanski) [1683490] - [char] tpm: ibmvtpm: Wait for buffer to be set before proceeding (Jerry Snitselaar) [1815536] - [fs] NFS: Fix a race between mmap() and O_DIRECT (Benjamin Coddington) [1813803] - [fs] NFS: Remove a redundant call to unmap_mapping_range() (Benjamin Coddington) [1813803] - [fs] NFS: Remove redundant waits for O_DIRECT in fsync() and write_begin() (Benjamin Coddington) [1813803] - [fs] NFS: Cleanup nfs_direct_complete() (Benjamin Coddington) [1813803] - [fs] NFS: Do not serialise O_DIRECT reads and writes (Benjamin Coddington) [1813803] - [fs] NFS: Move buffered I/O locking into nfs_file_write() (Benjamin Coddington) [1813803] - [fs] bdi: make inode_to_bdi() inline (Benjamin Coddington) [1813803] - [fs] NFS: Remove racy size manipulations in O_DIRECT (Benjamin Coddington) [1813803] - [fs] NFS: Dont hold the inode lock across fsync() (Benjamin Coddington) [1813803] - [fs] nfs: remove nfs_inode_dio_wait (Benjamin Coddington) [1813803] - [fs] nfs: remove nfs4_file_fsync (Benjamin Coddington) [1813803] - [fs] NFS: Kill NFS_INO_NFS_INO_FLUSHING: it is a performance killer (Benjamin Coddington) [1813803] - [fs] filesystem-dax: Fix dax_layout_busy_page() livelock (Carlos Maiolino) [1817866] - [block] blk-mq: fix hang caused by freeze/unfreeze sequence (Ming Lei) [1821718] - [fs] ceph: dont NULL terminate virtual xattrs (Jeff Layton) [1717454] - [fs] ceph: return -ERANGE if virtual xattr value didnt fit in buffer (Jeff Layton) [1717454] - [fs] ceph: make getxattr_cb return ssize_t (Jeff Layton) [1717454] - [fs] ceph: use bit flags to define vxattr attributes (Jeff Layton) [1717454] - [tty] tty: Prevent ldisc drivers from re-using stale tty fields (Vladis Dronov) [1820031] - [powerpc] powerpc64/kexec: Hard disable ftrace before switching to the new kernel (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Delay enabling ftrace on secondary cpus (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Add helpers to hard disable ftrace (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Rearrange #ifdef sections in ftrace.h (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Add a field in paca to disable ftrace in unsafe code paths (Jerome Marchand) [1731578] - [powerpc] powerpc/ftrace: Pass the correct stack pointer for DYNAMIC_FTRACE_WITH_REGS (Jerome Marchand) [1731578] - [isdn] mISDN: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779474] {CVE-2019-17055} - [virtio] virtio-balloon: fix managed page counts when migrating pages between zones (David Hildenbrand) [1780330] [3.10.0-1134] - [net] netfilter: nf_log: fix uninit read in nf_log_proc_dostring (Phil Sutter) [1770232] - [net] netfilter: nf_log: fix error on write NONE to logger choice sysctl (Phil Sutter) [1770232] - [net] ethtool: convert large order kmalloc allocations to vzalloc (Davide Caratti) [1786448] - [net] l2tp: Allow duplicate session creation with UDP (Guillaume Nault) [1808928] - [net] sched: flower: insert new filter to idr after setting its mask (Davide Caratti) [1785141] - [net] ipv6: remove printk (Hangbin Liu) [1779533] - [net] netfilter: ctnetlink: netns exit must wait for callbacks (Florian Westphal) [1766816] - [net] raw: do not report ICMP redirects to user space (Hangbin Liu) [1758386] [3.10.0-1133] - [powerpc] powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() (Steve Best) [1806629] {CVE-2019-12614} - [s390] s390/pci: Recover handle in clp_set_pci_fn() (Philipp Rudo) [1816662] - [fs] xfs: fix attr leaf header freemap.size underflow (Bill ODonnell) [1808671] - [block] floppy: check FDC index for errors before assigning it (Ming Lei) [1815403] {CVE-2020-9383} - [block] virtio-blk: improve virtqueue error to BLK_STS (Philipp Rudo) [1818001] - [block] virtio-blk: fix hw_queue stopped on arbitrary error (Philipp Rudo) [1818001] - [s390] dasd: fix endless loop after read unit address configuration (Philipp Rudo) [1816661] - [fs] CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (Leif Sahlberg) [1504193] - [fs] cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (Leif Sahlberg) [1504193] - [char] ipmi: Fix memory leak in __ipmi_bmc_register (Tony Camuso) [1812836] {CVE-2019-19046} - [net] ipvs: Remove noisy debug print from ip_vs_del_service (Alexey Klimov) [1769816] [3.10.0-1132] - [tools] tools/power turbostat: Support Ice Lake server (Steve Best) [1776508] - [nvme] nvme-fc: ensure association_id is cleared regardless of a Disconnect LS (Ewan Milne) [1816752] - [nvme] nvme-fc: clarify error messages (Ewan Milne) [1816752] - [nvme] nvme-fc: fix module unloads while lports still pending (Ewan Milne) [1816752] - [scsi] scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (Ewan Milne) [1816307] - [scsi] scsi: core: Fix a compiler warning triggered by the SCSI logging code (Ewan Milne) [1816307] - [scsi] scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (Ewan Milne) [1816307] - [scsi] scsi: core: scsi_trace: Use get_unaligned_be*() (Ewan Milne) [1816307] - [scsi] scsi: core: try to get module before removing device (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions (Ewan Milne) [1816307] - [scsi] scsi: device_handler: remove VLAs (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh: Document alua_rtpg_queue() arguments (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh_emc: return success in clariion_std_inquiry() (Ewan Milne) [1816307] - [target] scsi: target: iscsi: rename some variables to avoid confusion (Maurizio Lombardi) [1806966] - [target] scsi: target: iscsi: tie the challenge length to the hash digest size (Maurizio Lombardi) [1806966] - [target] scsi: target: iscsi: CHAP: add support for SHA1, SHA256 and SHA3-256 (Maurizio Lombardi) [1806966] - [target] scsi: target: compare full CHAP_A Algorithm strings (Maurizio Lombardi) [1806966] - [base] device_release() can call device_rh_free() too (Christoph von Recklinghausen) [1793248] - [nvdimm] driver boilerplate changes to properly manage device_rh (Christoph von Recklinghausen) [1793248] - [base] Add an interface for certain drivers who manage their own struct devices to disassociate their device_rhs (Christoph von Recklinghausen) [1793248] - [base] kfree(dev->device_rh) in device_create_release() (Christoph von Recklinghausen) [1793248] - [base] kfree and zero device_rh in device_release() (Christoph von Recklinghausen) [1793248] - [input] Revert 'Fix device_rh memory leak' (Christoph von Recklinghausen) [1793248] - [scsi] Revert 'Fix device_rh leak in scsi_alloc_target()' (Christoph von Recklinghausen) [1793248] - [scsi] Revert 'Fix memory leaks in scsi_alloc_sdev()' (Christoph von Recklinghausen) [1793248] - [nvdimm] libnvdimm/security: Consolidate 'security' operations (Jeff Moyer) [1735364] - [nvdimm] libnvdimm/security: Tighten scope of nvdimm->busy vs security operations (Jeff Moyer) [1735364] - [nvdimm] libnvdimm/security: Introduce a 'frozen' attribute (Jeff Moyer) [1735364] - [acpi] libnvdimm/security, acpi/nfit: unify zero-key for all security commands (Jeff Moyer) [1735364] - [nvdimm] libnvdimm/security: provide fix for secure-erase to use zero-key (Jeff Moyer) [1735364] - [block] block: fix checking return value of blk_mq_init_queue (Maxim Levitsky) [1795777] - [bluetooth] Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (Aristeu Rozanski) [1808803] {CVE-2019-15917} [3.10.0-1131] - [x86] kvm: x86: clear stale x86_emulate_ctxt->intercept value (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: vmx: check descriptor table exits on instruction emulation (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: nvmx: Check IO instruction VM-exit conditions (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: nvmx: Refactor IO bitmap checks into helper function (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: nvmx: Dont emulate instructions in guest mode (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: x86: Fix kvm_bitmap_or_dest_vcpus() to use irq shorthand (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect (Nitesh Narayan Lal) [1772082] - [virt] kvm: x86: remove set but not used variable 'called' (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: Zero the IOAPIC scan request dest vCPUs bitmap (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: deliver KVM IOAPIC scan request to target vCPUs (Nitesh Narayan Lal) [1772082] - [kernel] kvm: remember position in kvm->vcpus array (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: Drop KVM_APIC_SHORT_MASK and KVM_APIC_DEST_MASK (Nitesh Narayan Lal) [1772082] - [virt] kvm: introduce kvm_make_vcpus_request_mask() API (Nitesh Narayan Lal) [1772082] - [virt] kvm: avoid unused variable warning for UP builds (Nitesh Narayan Lal) [1772082] - [kernel] smp, cpumask: Use non-atomic cpumask_{set, clear}_cpu() (Nitesh Narayan Lal) [1772082] - [fs] nfs: change sign of nfs_fh length ('J. Bruce Fields') [1813326] - [netdrv] ibmvnic: Do not process device remove during device reset (Steve Best) [1813903] - [x86] x86/debug: Extend the lower bound of crash kernel low reservations (Pingfan Liu) [1811511] - [net] tcp: make tcp_space() aware of socket backlog (Guillaume Nault) [1790840] - [net] ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (Sabrina Dubroca) [1774447] {CVE-2020-1749} - [net] ipv6: add net argument to ip6_dst_lookup_flow (Sabrina Dubroca) [1774447] {CVE-2020-1749} - [net] ipv6: constify ip6_dst_lookup_{flow|tail}() sock arguments (Sabrina Dubroca) [1774447] {CVE-2020-1749} - [net] macvlan: return correct error value (Matteo Croce) [1654878] - [net] ieee802154: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779494] {CVE-2019-17053} - [net] ipv4: fix fnhe usage by non-cached routes (Hangbin Liu) [1788435] - [net] route: do not cache fib route info on local routes with oif (Hangbin Liu) [1788435] - [net] ip6_tunnel: fix potential NULL pointer dereference (Hangbin Liu) [1767045] - [net] net_sched: remove a bogus warning in hfsc (Davide Caratti) [1781323] - [netdrv] net/mlx5e: allow TSO on VXLAN over VLAN topologies (Davide Caratti) [1780646] [3.10.0-1130] - [scsi] scsi: avoid repetitive logging of device offline messages (Nilesh Javali) [1798042] - [scsi] qla2xxx: Fix I/Os being passed down when FC device is being deleted (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Fix unbound sleep in fcport delete path (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Fix hang in fcport delete path (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Fix stuck session in GNL (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Correct fcport flags handling (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (Nilesh Javali) [1798042] - [scsi] iscsi: Avoid potential deadlock in iscsi_if_rx func (Oleksandr Natalenko) [1715986] - [netdrv] hv/netvsc: Fix NULL dereference at single queue mode fallback (Mohammed Gamal) [1806488] - [netdrv] hv/netvsc: fix handling of fallback to single queue mode (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix unwanted rx_table reset (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix tx_table init in rndis_set_subchannel() (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: fix typos in code comments (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix hash key value reset after other ops (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Refactor assignments of struct netvsc_device_info (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: split sub-channel setup into async and sync (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix send_table offset in case of a host bug (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix offset usage in netvsc_send_table() (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: simplify receive side calling arguments (Mohammed Gamal) [1806488] - [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1810643] - [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1810643] - [s390] s390/vdso: add vdso support for coarse clocks (Philipp Rudo) [1791822] - [s390] s390/vdso: remove NULL pointer check from clock_gettime (Philipp Rudo) [1791822] - [s390] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (Philipp Rudo) [1804807] [3.10.0-1129] - [tools] perf header: Use last modification time for timestamp (Michael Petlan) [1789947] - [tools] perf header: Fix up argument to ctime() (Michael Petlan) [1789947] - [hid] HID: multitouch: Add pointstick support for ALPS Touchpad (Benjamin Tissoires) [1672425] - [kernel] blktrace: fix dereference after null check (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: Protect q->blk_trace with RCU (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: fix trace mutex deadlock (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: fix unlocked registration of tracepoints (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: fix unlocked access to init/start-stop/teardown (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] tracing: Handle NULL formats in hold_module_trace_bprintk_format() (Oleksandr Natalenko) [1811565] - [kernel] tracing: Fix trace_printk() to print when not using bprintk() (Oleksandr Natalenko) [1811565] - [sound] ALSA: timer: Fix incorrectly assigned timer instance (Jaroslav Kysela) [1798457] {CVE-2019-19807} - [x86] kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332) (Philippe Mathieu-Daud) [1783455] {CVE-2019-19332} - [x86] kvm: x86: do not reset microcode version on INIT or RESET (Paolo Bonzini) [1801852] - [x86] kvm: x86: list MSR_IA32_UCODE_REV as an emulated MSR (Paolo Bonzini) [1801852] - [x86] kvm: x86: Allow userspace to define the microcode version (Paolo Bonzini) [1801852] [3.10.0-1128] - [fs] ceph: only use d_name directly when parent is locked (Jeff Layton) [1699402] - [fs] ext4: work around deleting a file with i_nlink == 0 safely (Carlos Maiolino) [1801046] - [fs] xfs: attach dquots and reserve quota blocks during unwritten conversion (Carlos Maiolino) [1786005] - [fs] Revert 'xfs: attach dquots and reserve quota blocks during unwritten conversion' (Carlos Maiolino) [1786005] - [md] dm mpath: call clear_request_fn_mpio() in multipath_release_clone() (Mike Snitzer) [1806400] - [scsi] scsi: implement .cleanup_rq callback (Mike Snitzer) [1806400] - [md] blk-mq: add callback of .cleanup_rq (Mike Snitzer) [1806400] - [target] target: call init_timer_on_stack() to initialize login_timer (Maurizio Lombardi) [1810037] - [scsi] scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Tomas Henzl) [1807077] - [tools] selftests/livepatch: Test interaction with ftrace_enabled (Yannick Cote) [1806653] - [tools] selftests/livepatch: Make dynamic debug setup and restore generic (Yannick Cote) [1806653] - [kernel] ftrace: Introduce PERMANENT ftrace_ops flag (Yannick Cote) [1806653] - [tools] selftests/livepatch: push and pop dynamic debug config (Yannick Cote) [1806653]