Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2021-3759) ELSA-2022-1988: kernel security, bug fix, and enhancement update

Back to Search

Oracle Linux: (CVE-2021-3759) ELSA-2022-1988: kernel security, bug fix, and enhancement update



Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2022-1988:

[4.18.0-372.9.1.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5 [4.18.0-372.9.1] - scsi: qedi: Fix failed disconnect handling (Chris Leech) [2071519] - scsi: iscsi: Fix unbound endpoint error handling (Chris Leech) [2071519] - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (Chris Leech) [2071519] - scsi: iscsi: Fix endpoint reuse regression (Chris Leech) [2071519] - scsi: iscsi: Release endpoint ID when its freed (Chris Leech) [2071519] - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2071519] - Revert 'scsi: iscsi: Fix offload conn cleanup when iscsid restarts' (Chris Leech) [2071519] - scsi: iscsi: Speed up session unblocking and removal (Chris Leech) [2071519] - scsi: iscsi: Fix recovery and unblocking race (Chris Leech) [2071519] - scsi: iscsi: Unblock session then wake up error handler (Chris Leech) [2071519] - bnxt_en: make hw-tc-offload default to off (Ken Cox) [2005101] - bnxt_en: reject indirect blk offload when hw-tc-offload is off (Ken Cox) [2005101] [4.18.0-372.8.1] - esp6: fix check on ipv6_skip_exthdrs return value (Sabrina Dubroca) [2054075] - scsi: iscsi: Fix nop handling during conn recovery (Chris Leech) [2069969] - scsi: iscsi: Merge suspend fields (Chris Leech) [2069969] - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2069969] - scsi: iscsi: Move iscsi_ep_disconnect (Chris Leech) [2069969] - CI: Remove deprecated option (Veronika Kabatova) [4.18.0-372.7.1] - netfilter: nf_tables_offload: incorrect flow offload action array size (Florian Westphal) [2056728] {CVE-2022-25636} - netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create (Florian Westphal) [2056728] - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (Bandan Das) [2033068] - PCI/ACPI: Fix acpi_pci_osc_control_set() kernel-doc comment (Mark Langsdorf) [2049209] - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (Mark Langsdorf) [2049209] - PCI/ACPI: Move _OSC query checks to separate function (Mark Langsdorf) [2049209] - PCI/ACPI: Move supported and control calculations to separate functions (Mark Langsdorf) [2049209] - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (Mark Langsdorf) [2049209] - kabi: Adding symbol blkdev_get_by_dev (fs/block_dev.c) (cestmir Kalina) [2010296] - kabi: Adding symbol thaw_bdev (fs/block_dev.c) (cestmir Kalina) [2010296] - kabi: Adding symbol freeze_bdev (fs/block_dev.c) (cestmir Kalina) [2010296] - s390/cio: make ccw_device_dma_* more robust (Thomas Huth) [2066709] - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Michael Petlan) [2069237] - redhat: switch secureboot kernel image signing to release keys (Augusto Caringi) - ice: xsk: Stop Rx processing when ntc catches ntu (Ivan Vecera) [2069082] - ice: xsk: Fix indexing in ice_tx_xsk_pool() (Ivan Vecera) [2069082] - ice: Fix kernel crash in XDP scenario (Ivan Vecera) [2069082] [4.18.0-372.6.1] - configs: enable CONFIG_RMI4_F3A (Benjamin Tissoires) [2067219] - Input: synaptics-rmi4 - add support for F3A (Benjamin Tissoires) [2067219] - RDMA/cma: Do not change route.addr.src_addr.ss_family (Kamal Heib) [2032074] {CVE-2021-4028} - drm/i915/adl_s: Remove require_force_probe protection (Michel Danzer) [2025896] - drm/i915/adl_s: Update ADL-S PCI IDs (Michel Danzer) [2025896] - drm/i915: Limit Wa_22010178259 to affected platforms (Michel Danzer) [2025896] - drm/i915/adl_s: Fix dma_mask_size to 39 bit (Michel Danzer) [2025896] - drm/i915/dmc: Update DMC to v2.14 on ADL-P (Michel Danzer) [2060051] - drm/i915: Update memory bandwidth formulae (Michel Danzer) [2060051] - drm/i915/fb: Fold modifier CCS type/tiling attribute to plane caps (Michel Danzer) [2060051] - drm/i915/fb: Dont store bitmasks in the intel_plane_caps enum (Michel Danzer) [2060051] - drm/i915/adl_p: Add ddc pin mapping (Michel Danzer) [2060051] - iommu/amd: Fix I/O page table memory leak (Jerry Snitselaar) [2053210] - iommu/amd: Recover from event log overflow (Jerry Snitselaar) [2053210] [4.18.0-372.5.1] - scsi: mpi3mr: Fix flushing !WQ_MEM_RECLAIM events warning (Tomas Henzl) [2052278] - scsi: mpi3mr: Fix memory leaks (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix reporting of actual data transfer size (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix cmnd getting marked as in use forever (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix hibernation issue (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix printing of pending I/O count (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix deadlock while canceling the fw event (Tomas Henzl) [2054814] - scsi: mpi3mr: Fixes around reply request queues (Tomas Henzl) [2054814] - scsi: mpi3mr: Enhanced Task Management Support Reply handling (Tomas Henzl) [2054814] - scsi: mpi3mr: Use TM response codes from MPI3 headers (Tomas Henzl) [2054814] - scsi: mpi3mr: Increase internal cmnds timeout to 60s (Tomas Henzl) [2054814] - scsi: mpi3mr: Do access status validation before adding devices (Tomas Henzl) [2054814] - scsi: mpi3mr: Update MPI3 headers - part2 (Tomas Henzl) [2054814] - scsi: mpi3mr: Update MPI3 headers - part1 (Tomas Henzl) [2054814] - scsi: mpi3mr: Dont reset IOC if cmnds flush with reset status (Tomas Henzl) [2054814] - scsi: mpi3mr: Replace spin_lock() with spin_lock_irqsave() (Tomas Henzl) [2054814] - scsi: mpi3mr: Add debug APIs based on logging_level bits (Tomas Henzl) [2054814] - scsi: mpt3sas: Remove scsi_dma_map() error messages (Tomas Henzl) [2057021] - net/mlx5: Fix wrong limitation of metadata match on ecpf (Amir Tzin) [2049094] - nfsd: fix use-after-free due to delegation race (Thiago Becker) [2053262] - dma-buf: cma_heap: Fix mutex locking section (Michel Danzer) [2044440] - drm/amdkfd: Check for null pointer after calling kmemdup (Michel Danzer) [2044440] - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (Michel Danzer) [2044440] - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (Michel Danzer) [2044440] - drm/i915/overlay: Prevent divide by zero bugs in scaling (Michel Danzer) [2044440] - dma-buf: heaps: Fix potential spectre v1 gadget (Michel Danzer) [2044440] - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15 Apple Retina panels (Michel Danzer) [2044440] - drm/amd/display: watermark latencies is not enough on DCN31 (Michel Danzer) [2044440] - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (Michel Danzer) [2044440] - drm/i915/adlp: Fix TypeC PHY-ready status readout (Michel Danzer) [2044440] - drm/nouveau: fix off by one in BIOS boundary checking (Michel Danzer) [2044440] - drm/i915: Disable DSB usage for now (Michel Danzer) [2044440] - Revert 'drm/ast: Support 1600x900 with 108MHz PCLK' (Michel Danzer) [2044440] - drm/amd/display: Fix FP start/end for dcn30_internal_validate_bw. (Michel Danzer) [2044440] - drm/atomic: Add the crtc to affected crtc only if uapi.enable = true (Michel Danzer) [2044440] - drm/amdgpu: Use correct VIEWPORT_DIMENSION for DCN2 (Michel Danzer) [2044440] - drm/amd/display: reset dcn31 SMU mailbox on failures (Michel Danzer) [2044440] - drm/vmwgfx: Remove explicit transparent hugepages support (Michel Danzer) [2044440] - drm/radeon: fix error handling in radeon_driver_open_kms (Michel Danzer) [2044440] - drm/i915/display/ehl: Update voltage swing table (Michel Danzer) [2044440] - drm/nouveau/kms/nv04: use vzalloc for nv04_display (Michel Danzer) [2044440] - drm/amd/display: Fix the uninitialized variable in enable_stream_features() (Michel Danzer) [2044440] - amdgpu/pm: Make sysfs pm attributes as read-only for VFs (Michel Danzer) [2044440] - drm/amdgpu: fixup bad vram size on gmc v8 (Michel Danzer) [2044440] - drm/amd/amdgpu: fix gmc bo pin count leak in SRIOV (Michel Danzer) [2044440] - drm/amd/amdgpu: fix psp tmr bo pin count leak in SRIOV (Michel Danzer) [2044440] - drm/amdkfd: Fix error handling in svm_range_add (Michel Danzer) [2044440] - drm/vmwgfx: Introduce a new placement for MOB page tables (Michel Danzer) [2044440] - drm/vmwgfx: Release ttm memory if probe fails (Michel Danzer) [2044440] - drm/amd/display: add else to avoid double destroy clk_mgr (Michel Danzer) [2044440] - drm/amdgpu/display: set vblank_disable_immediate for DC (Michel Danzer) [2044440] - drm/amd/display: check top_pipe_to_program pointer (Michel Danzer) [2044440] - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (Michel Danzer) [2044440] - drm/amd/display: Fix out of bounds access on DNC31 stream encoder regs (Michel Danzer) [2044440] - drm/amd/display: Fix bug in debugfs crc_win_update entry (Michel Danzer) [2044440] - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Michel Danzer) [2044440] - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Michel Danzer) [2044440] - drm/vmwgfx: Fail to initialize on broken configs (Michel Danzer) [2044440] - drm/vmwgfx: Remove the deprecated lower mem limit (Michel Danzer) [2044440] - drm/vboxvideo: fix a NULL vs IS_ERR() check (Michel Danzer) [2044440] - drm: fix null-ptr-deref in drm_dev_init_release() (Michel Danzer) [2044440] - drm/ttm: Put BO in its memory managers lru list (Michel Danzer) [2044440] - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (Michel Danzer) [2044440] - drm/amd/display: explicitly set is_dsc_supported to false before use (Michel Danzer) [2044440] - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Michel Danzer) [2044440] - drm/amd/pm: keep the BACO feature enabled for suspend (Michel Danzer) [2044440] - Revert 'drm/amdgpu: stop scheduler when calling hw_fini (v2)' (Michel Danzer) [2044440] - drm/amd/display: Added power down for DCN10 (Michel Danzer) [2044440] - drm/amd/display: fix B0 TMDS deepcolor no dislay issue (Michel Danzer) [2044440] - drm/amdgpu: put SMU into proper state on runpm suspending for BOCO capable platform (Michel Danzer) [2044440] - drm/amd/pm: skip setting gfx cgpg in the s0ix suspend-resume (Michel Danzer) [2044440] - drm/amd/pm: Fix xgmi link control on aldebaran (Michel Danzer) [2044440] - drm/amdgpu: fix dropped backing store handling in amdgpu_dma_buf_move_notify (Michel Danzer) [2044440] - drm/amd/display: Changed pipe split policy to allow for multi-display pipe split (Michel Danzer) [2044440] - drm/amdgpu: add support for IP discovery gc_info table v2 (Michel Danzer) [2044440] - drm/amdgpu: When the VCN(1.0) block is suspended, powergating is explicitly enabled (Michel Danzer) [2044440] - drm/nouveau: wait for the exclusive fence after the shared ones v2 (Michel Danzer) [2044440] - drm/nouveau: always wait for the exclusive fence (Michel Danzer) [2044440] - drm/amd/display: Set optimize_pwr_state for DCN31 (Michel Danzer) [2044440] - drm/amd/display: Send s0i2_rdy in stream_count == 0 optimization (Michel Danzer) [2044440] - drm/amd/pm: fix reading SMU FW version from amdgpu_firmware_info on YC (Michel Danzer) [2044440] - drm/amdgpu: dont override default ECO_BITs setting (Michel Danzer) [2044440] - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (Michel Danzer) [2044440] - drm/amd/pm: fix a potential gpu_metrics_table memory leak (Michel Danzer) [2044440] - drm/amd/display: Set exit_optimized_pwr_state for DCN31 (Michel Danzer) [2044440] - drm/i915/display: Fix an unsigned subtraction which can never be negative. (Michel Danzer) [2044440] - drm/ast: potential dereference of null pointer (Michel Danzer) [2044440] - drm: simpledrm: fix wrong unit with pixel clock (Michel Danzer) [2044440] - Revert 'drm/fb-helper: improve DRM fbdev emulation device names' (Michel Danzer) [2044440] - drm/i915/hdmi: Turn DP++ TMDS output buffers back on in encoder->shutdown() (Michel Danzer) [2044440] - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (Michel Danzer) [2044440] - drm/amdkfd: process_info lock not needed for svm (Michel Danzer) [2044440] - drm/amd/display: add connector type check for CRC source set (Michel Danzer) [2044440] - drm/amdkfd: fix double free mem structure (Michel Danzer) [2044440] - drm/amd/display: Fix for the no Audio bug with Tiled Displays (Michel Danzer) [2044440] - drm/amdgpu: check atomic flag to differeniate with legacy path (Michel Danzer) [2044440] - drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset (Michel Danzer) [2044440] - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence. (Michel Danzer) [2044440] - drm/i915/dp: Perform 30ms delay after source OUI write (Michel Danzer) [2044440] - drm/amd/display: Allow DSC on supported MST branch devices (Michel Danzer) [2044440] - dma-buf: system_heap: Use 'for_each_sgtable_sg' in pages free flow (Michel Danzer) [2044440] - drm/amd/amdgpu: fix potential memleak (Michel Danzer) [2044440] - drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again (Michel Danzer) [2044440] - drm/amd/pm: Remove artificial freq level on Navi1x (Michel Danzer) [2044440] - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (Michel Danzer) [2044440] - drm/amd/display: Set plane update flags for all planes in reset (Michel Danzer) [2044440] - drm/amd/display: Fix DPIA outbox timeout after GPU reset (Michel Danzer) [2044440] - drm/aspeed: Fix vga_pw sysfs output (Michel Danzer) [2044440] - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (Michel Danzer) [2044440] - drm/amd/display: Fix OLED brightness control on eDP (Michel Danzer) [2044440] - drm/amdgpu: IH process reset count when restart (Michel Danzer) [2044440] - drm/amd/pm: avoid duplicate powergate/ungate setting (Michel Danzer) [2044440] - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (Michel Danzer) [2044440] - drm/i915: Fix type1 DVI DP dual mode adapter heuristic for modern platforms (Michel Danzer) [2044440] - drm/i915/dp: Ensure max link params are always valid (Michel Danzer) [2044440] - drm/i915/dp: Ensure sink rate values are always valid (Michel Danzer) [2044440] - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (Michel Danzer) [2044440] - drm/udl: fix control-message timeout (Michel Danzer) [2044440] - drm/amd/display: Limit max DSC target bpp for specific monitors (Michel Danzer) [2044440] - drm/amd/display: Update swizzle mode enums (Michel Danzer) [2044440] - drm/cma-helper: Release non-coherent memory with dma_free_noncoherent() (Michel Danzer) [2044440] - Revert 'drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping' (Michel Danzer) [2044440] - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (Michel Danzer) [2044440] - x86/speculation: Check CPU capability before applying IBRS spectre v2 mitigation (Waiman Long) [2062156 2062166] {CVE-2022-0001 CVE-2022-0002 CVE-2021-26401} - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (Waiman Long) [2062156 2062166] {CVE-2022-0001 CVE-2022-0002 CVE-2021-26401} - x86/speculation: Warn about Spectre v2 LFENCE mitigation (Waiman Long) [2062156 2062166] {CVE-2022-0001 CVE-2022-0002 CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper (Waiman Long) [2062166] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD (Waiman Long) [2062166] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - Documentation/hw-vuln: Update spectre doc (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - x86/speculation: Add eIBRS + Retpoline options (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - x86: deduplicate the spectre_v2_user documentation (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2064863] {CVE-2022-1011} - ice: Do not enable VLAN pruning when spoofchk is enabled (Ivan Vecera) [2062343] - ice: dont allow to run ice_send_event_to_aux() in atomic ctx (Ivan Vecera) [2062343] - ice: fix 'scheduling while atomic' on aux critical err interrupt (Ivan Vecera) [2062343] - ice: Fix MAC address setting (Ivan Vecera) [2062343] - ice: Clear default forwarding VSI during release (Ivan Vecera) [2062343] - ice: Fix broken IFF_ALLMULTI handling (Ivan Vecera) [2062343] - iavf: Fix hang during reboot/shutdown (Ivan Vecera) [2062343] - iavf: Fix double free in iavf_reset_task (Ivan Vecera) [2062343] - ice: destroy flow director filter mutex after releasing VSIs (Ivan Vecera) [2062343] - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (Ivan Vecera) [2062343] - iavf: Fix adopting new combined setting (Ivan Vecera) [2062343] - iavf: Fix handling of vlan strip virtual channel messages (Ivan Vecera) [2062343] - iavf: Fix __IAVF_RESETTING state usage (Ivan Vecera) [2062343] - iavf: Fix missing check for running netdev (Ivan Vecera) [2062343] - iavf: Fix deadlock in iavf_reset_task (Ivan Vecera) [2062343] - iavf: Fix race in init state (Ivan Vecera) [2062343] - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (Ivan Vecera) [2062343] - iavf: Fix init state closure on remove (Ivan Vecera) [2062343] - iavf: Add waiting so the port is initialized in remove (Ivan Vecera) [2062343] - iavf: Rework mutexes for better synchronisation (Ivan Vecera) [2062343] - iavf: remove an unneeded variable (Ivan Vecera) [2062343] - iavf: Fix limit of total number of queues to active queues of VF (Ivan Vecera) [2062343] - iavf: Restrict maximum VLAN filters for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Ivan Vecera) [2062343] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 offload enable/disable (Ivan Vecera) [2062343] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 hotpath (Ivan Vecera) [2062343] - iavf: Add support VIRTCHNL_VF_OFFLOAD_VLAN_V2 during netdev config (Ivan Vecera) [2062343] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 negotiation (Ivan Vecera) [2062343] - virtchnl: Add support for new VLAN capabilities (Ivan Vecera) [2062343] - virtchnl: Use the BIT() macro for capability/offload flags (Ivan Vecera) [2062343] - virtchnl: Remove unused VIRTCHNL_VF_OFFLOAD_RSVD define (Ivan Vecera) [2062343] - virtchnl: Add missing padding to virtchnl_proto_hdrs (Ivan Vecera) [2062343] - ice: Fix race condition during interface enslave (Ivan Vecera) [2062343] - ice: Fix curr_link_speed advertised speed (Ivan Vecera) [2062343] - ice: Dont use GFP_KERNEL in atomic context (Ivan Vecera) [2062343] - ice: Fix error with handling of bonding MTU (Ivan Vecera) [2062343] - ice: stop disabling VFs due to PF error responses (Ivan Vecera) [2062343] - ice: initialize local variable 'tlv' (Ivan Vecera) [2062343] - ice: check the return of ice_ptp_gettimex64 (Ivan Vecera) [2062343] - ice: fix concurrent reset and removal of VFs (Ivan Vecera) [2062343] - ice: fix setting l4 port flag when adding filter (Ivan Vecera) [2062343] - ice: Match on all profiles in slow-path (Ivan Vecera) [2062343] - ice: enable parsing IPSEC SPI headers for RSS (Ivan Vecera) [2062343] - ice: Avoid RTNL lock when re-creating auxiliary device (Ivan Vecera) [2062343] - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (Ivan Vecera) [2062343] - ice: fix IPIP and SIT TSO offload (Ivan Vecera) [2062343] - ice: fix an error code in ice_cfg_phy_fec() (Ivan Vecera) [2062343] - ice: Use bitmap_free() to free bitmap (Ivan Vecera) [2062343] - ice: Optimize a few bitmap operations (Ivan Vecera) [2062343] - ice: Slightly simply ice_find_free_recp_res_idx (Ivan Vecera) [2062343] - ice: improve switchdevs slow-path (Ivan Vecera) [2062343] - ice: replay advanced rules after reset (Ivan Vecera) [2062343] - ice: Add flow director support for channel mode (Ivan Vecera) [2062343] - ice: trivial: fix odd indenting (Ivan Vecera) [2062343] - ice: support crosstimestamping on E822 devices if supported (Ivan Vecera) [2062343] - ice: exit bypass mode once hardware finishes timestamp calibration (Ivan Vecera) [2062343] - ice: ensure the hardware Clock Generation Unit is configured (Ivan Vecera) [2062343] - ice: implement basic E822 PTP support (Ivan Vecera) [2062343] - ice: convert clk_freq capability into time_ref (Ivan Vecera) [2062343] - ice: introduce ice_ptp_init_phc function (Ivan Vecera) [2062343] - ice: use 'int err' instead of 'int status' in ice_ptp_hw.c (Ivan Vecera) [2062343] - ice: PTP: move setting of tstamp_config (Ivan Vecera) [2062343] - ice: introduce ice_base_incval function (Ivan Vecera) [2062343] - ice: xsk: fix cleaned_count setting (Ivan Vecera) [2062343] - ice: xsk: allow empty Rx descriptors on XSK ZC data path (Ivan Vecera) [2062343] - ice: xsk: allocate separate memory for XDP SW ring (Ivan Vecera) [2062343] - ice: xsk: return xsk buffers back to pool when cleaning the ring (Ivan Vecera) [2062343] - ice: use modern kernel API for kick (Ivan Vecera) [2062343] - ice: tighter control over VSI_DOWN state (Ivan Vecera) [2062343] - ice: use prefetch methods (Ivan Vecera) [2062343] - ice: update to newer kernel API (Ivan Vecera) [2062343] - ice: support immediate firmware activation via devlink reload (Ivan Vecera) [2062343] - ice: reduce time to read Option ROM CIVD data (Ivan Vecera) [2062343] - ice: move ice_devlink_flash_update and merge with ice_flash_pldm_image (Ivan Vecera) [2062343] - ice: move and rename ice_check_for_pending_update (Ivan Vecera) [2062343] - ice: devlink: add shadow-ram region to snapshot Shadow RAM (Ivan Vecera) [2062343] - ice: Remove unused ICE_FLOW_SEG_HDRS_L2_MASK (Ivan Vecera) [2062343] - ice: Remove unnecessary casts (Ivan Vecera) [2062343] - ice: Propagate error codes (Ivan Vecera) [2062343] - ice: Remove excess error variables (Ivan Vecera) [2062343] - ice: Cleanup after ice_status removal (Ivan Vecera) [2062343] - ice: Remove enum ice_status (Ivan Vecera) [2062343] - ice: Use int for ice_status (Ivan Vecera) [2062343] - ice: Remove string printing for ice_status (Ivan Vecera) [2062343] - ice: Refactor status flow for DDP load (Ivan Vecera) [2062343] - ice: Refactor promiscuous functions (Ivan Vecera) [2062343] - ice: refactor PTYPE validating (Ivan Vecera) [2062343] - ice: Add package PTYPE enable information (Ivan Vecera) [2062343] - ice: safer stats processing (Ivan Vecera) [2062343] - ice: fix adding different tunnels (Ivan Vecera) [2062343] - ice: fix choosing UDP header type (Ivan Vecera) [2062343] - ice: ignore dropped packets during init (Ivan Vecera) [2062343] - ice: rearm other interrupt cause register after enabling VFs (Ivan Vecera) [2062343] - net/ice: Remove unused enum (Ivan Vecera) [2062343] - net/ice: Fix boolean assignment (Ivan Vecera) [2062343] - net/ice: Add support for enable_iwarp and enable_roce devlink param (Ivan Vecera) [2062343] - ice: avoid bpf_prog refcount underflow (Ivan Vecera) [2062343] - ice: fix vsi->txq_map sizing (Ivan Vecera) [2062343] - ice: Hide bus-info in ethtool for PRs in switchdev mode (Ivan Vecera) [2062343] - ice: Clear synchronized addrs when adding VFs in switchdev mode (Ivan Vecera) [2062343] - ice: fix error return code in ice_get_recp_frm_fw() (Ivan Vecera) [2062343] - ice: Fix clang -Wimplicit-fallthrough in ice_pull_qvec_from_rc() (Ivan Vecera) [2062343] - ice: Add support to print error on PHY FW load failure (Ivan Vecera) [2062343] - ice: Add support for changing MTU on PR in switchdev mode (Ivan Vecera) [2062343] - ice: send correct vc status in switchdev (Ivan Vecera) [2062343] - ice: support for GRE in eswitch (Ivan Vecera) [2062343] - ice: low level support for tunnels (Ivan Vecera) [2062343] - ice: VXLAN and Geneve TC support (Ivan Vecera) [2062343] - ice: support for indirect notification (Ivan Vecera) [2062343] - ice: Add tc-flower filter support for channel (Ivan Vecera) [2062343] - ice: enable ndo_setup_tc support for mqprio_qdisc (Ivan Vecera) [2062343] - ice: Add infrastructure for mqprio support via ndo_setup_tc (Ivan Vecera) [2062343] - ice: fix an error code in ice_ena_vfs() (Ivan Vecera) [2062343] - ice: use devm_kcalloc() instead of devm_kzalloc() (Ivan Vecera) [2062343] - ice: Make use of the helper function devm_add_action_or_reset() (Ivan Vecera) [2062343] - ice: Refactor PR ethtool ops (Ivan Vecera) [2062343] - ice: Forbid trusted VFs in switchdev mode (Ivan Vecera) [2062343] - ice: Manage act flags for switchdev offloads (Ivan Vecera) [2062343] - ice: introduce XDP_TX fallback path (Ivan Vecera) [2062343] - ice: optimize XDP_TX workloads (Ivan Vecera) [2062343] - ice: propagate xdp_ring onto rx_ring (Ivan Vecera) [2062343] - ice: do not create xdp_frame on XDP_TX (Ivan Vecera) [2062343] - ice: unify xdp_rings accesses (Ivan Vecera) [2062343] - ice: ndo_setup_tc implementation for PR (Ivan Vecera) [2062343] - ice: ndo_setup_tc implementation for PF (Ivan Vecera) [2062343] - ice: Allow changing lan_en and lb_en on all kinds of filters (Ivan Vecera) [2062343] - ice: cleanup rules info (Ivan Vecera) [2062343] - ice: allow deleting advanced rules (Ivan Vecera) [2062343] - ice: allow adding advanced rules (Ivan Vecera) [2062343] - ice: create advanced switch recipe (Ivan Vecera) [2062343] - ice: manage profiles and field vectors (Ivan Vecera) [2062343] - ice: implement low level recipes functions (Ivan Vecera) [2062343] - ice: add port representor ethtool ops and stats (Ivan Vecera) [2062343] - ice: switchdev slow path (Ivan Vecera) [2062343] - ice: rebuild switchdev when resetting all VFs (Ivan Vecera) [2062343] - ice: enable/disable switchdev when managing VFs (Ivan Vecera) [2062343] - ice: introduce new type of VSI for switchdev (Ivan Vecera) [2062343] - ice: set and release switchdev environment (Ivan Vecera) [2062343] - net: export metadata_dst_free() (Ivan Vecera) [2062343] - ice: allow changing lan_en and lb_en on dflt rules (Ivan Vecera) [2062343] - ice: manage VSI antispoof and destination override (Ivan Vecera) [2062343] - ice: allow process VF opcodes in different ways (Ivan Vecera) [2062343] - ice: introduce VF port representor (Ivan Vecera) [2062343] - ice: Move devlink port to PF/VF struct (Ivan Vecera) [2062343] - ice: support basic E-Switch mode control (Ivan Vecera) [2062343] - ethernet: use eth_hw_addr_set() for dev->addr_len cases (Ivan Vecera) [2062343] - ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (Ivan Vecera) [2062343] - ice: Use xdp_buf instead of rx_buf for xsk zero-copy (Ivan Vecera) [2062343] - ice: fix FDIR init missing when reset VF (Ivan Vecera) [2062343] - intel: Remove rcu_read_lock() around XDP program invocation (Ivan Vecera) [2062343] - intel: Update drivers to use ethtool_sprintf (Ivan Vecera) [2062343] - ice: fix conversion to new udp_tunnel infrastructure (Ivan Vecera) [2062343] - intel-ethernet: clean up W=1 warnings in kdoc (Ivan Vecera) [2062343] - PCI: Use 'pci_channel_state_t' instead of 'enum pci_channel_state' (Ivan Vecera) [2062343] - treewide: Use sizeof_field() macro (Ivan Vecera) [2062343] - devlink: Add 'enable_iwarp' generic device param (Ivan Vecera) [2062343] - devlink: Add new 'enable_vnet' generic device param (Ivan Vecera) [2062343] - devlink: Add new 'enable_rdma' generic device param (Ivan Vecera) [2062343] - devlink: Add new 'enable_eth' generic device param (Ivan Vecera) [2062343] - gfs2: dequeue iopen holder in gfs2_inode_lookup error (Bob Peterson) [2061665] [4.18.0-372.4.1] - igb: refactor XDP registration (Corinna Vinschen) [2040171] - igc: avoid kernel warning when changing RX ring parameters (Corinna Vinschen) [2040171] - scsi: qedi: Fix cmd_cleanup_cmpl counter mismatch issue (Nilesh Javali) [2054565] - EDAC/amd64: Save max number of controllers for F19 M70 (Aristeu Rozanski) [2064285] - CI: Use 8.6-rt branch for r realtime_check (Chris White) - blk-mq: avoid extending delays of active hctx from blk_mq_delay_run_hw_queues (Ming Lei) [2046525] - tipc: fix incorrect order of state message data sanity check (Xin Long) [2048971] - tipc: improve size validations for received domain records (Xin Long) [2048971] {CVE-2022-0435} - efi/x86: Call efi_parse_options() from efi_main() (Lenny Szubowicz) [2049233] [4.18.0-372.3.1] - net/mlx5e: TC, Remove redundant error logging (Amir Tzin) [2023907] - net/mlx5: DR, Warn on failure to destroy objects due to refcount (Amir Tzin) [2022325] - net/mlx5: DR, Add support for dumping steering info (Amir Tzin) [2022325] - net/mlx5: DR, Add missing reserved fields to dr_match_param (Amir Tzin) [2022325] - net/mlx5: DR, Add check for flex parser ID value (Amir Tzin) [2022325] - net/mlx5: DR, Rename list field in matcher struct to list_node (Amir Tzin) [2022325] - net/mlx5: DR, Remove unused struct member in matcher (Amir Tzin) [2022325] - net/mlx5: DR, Fix error flow in creating matcher (Amir Tzin) [2022325] - net/mlx5e: Avoid implicit modify hdr for decap drop rule (Amir Tzin) [2015434] - net/mlx5e: TC, Fix memory leak with rules with internal port (Amir Tzin) [2015434] - net/mlx5e: Fix skb memory leak when TC classifier action offloads are disabled (Amir Tzin) [2015434] - net/mlx5: Fix some error handling paths in 'mlx5e_tc_add_fdb_flow()' (Amir Tzin) [2015434] - net/mlx5: E-Switch, Check group pointer before reading bw_share value (Amir Tzin) [2015434] - net/mlx5: E-Switch, fix single FDB creation on BlueField (Amir Tzin) [2015434] - net/mlx5: E-switch, Respect BW share of the new group (Amir Tzin) [2015434] - net/mlx5: DR, Fix check for unsupported fields in match param (Amir Tzin) [2015434] - net/mlx5: E-Switch, rebuild lag only when needed (Amir Tzin) [2015434] - net/mlx5e: Delete forward rule for ct or sample action (Amir Tzin) [2015434] - net/mlx5: E-Switch, Use indirect table only if all destinations support it (Amir Tzin) [2015434] - net/mlx5: Support internal port as decap route device (Amir Tzin) [2015434] - net/mlx5e: Term table handling of internal port rules (Amir Tzin) [2015434] - net/mlx5e: Add indirect tc offload of ovs internal port (Amir Tzin) [2015434] - net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert (Amir Tzin) [2015434] - net/mlx5e: Offload internal port as encap route device (Amir Tzin) [2015434] - net/mlx5e: Offload tc rules that redirect to ovs internal port (Amir Tzin) [2015434] - net/mlx5e: Accept action skbedit in the tc actions list (Amir Tzin) [2015434] - net/mlx5: E-Switch, Add ovs internal port mapping to metadata support (Amir Tzin) [2015434] - net/mlx5e: Use generic name for the forwarding dev pointer (Amir Tzin) [2015434] - net/mlx5e: Refactor rx handler of represetor device (Amir Tzin) [2015434] - net/mlx5: DR, Add check for unsupported fields in match param (Amir Tzin) [2015434] - net/mlx5: Allow skipping counter refresh on creation (Amir Tzin) [2015434] - net/mlx5e: IPsec: Refactor checksum code in tx data path (Amir Tzin) [2015434] - net/mlx5: CT: Remove warning of ignore_flow_level support for VFs (Amir Tzin) [2015434] - net/mlx5: Add esw assignment back in mlx5e_tc_sample_unoffload() (Amir Tzin) [2015434] - net/mlx5: Bridge, fix uninitialized variable usage (Amir Tzin) [2015434] - net/mlx5: Lag, dont update lag if lag isnt supported (Amir Tzin) [2015434] - net/mlx5: E-switch, Return correct error code on group creation failure (Amir Tzin) [2015434] - net/mlx5: Bridge, support LAG (Amir Tzin) [2015434] - net/mlx5: Bridge, allow merged eswitch connectivity (Amir Tzin) [2015434] - net/mlx5: Bridge, extract FDB delete notification to function (Amir Tzin) [2015434] - net/mlx5: Bridge, identify port by vport_num+esw_owner_vhca_id pair (Amir Tzin) [2015434] - net/mlx5: Bridge, obtain core device from eswitch instead of priv (Amir Tzin) [2015434] - net/mlx5: Bridge, release bridge in same function where it is taken (Amir Tzin) [2015434] - net/mlx5: Lag, Create shared FDB when in switchdev mode (Amir Tzin) [2015434] - net/mlx5: E-Switch, add logic to enable shared FDB (Amir Tzin) [2015434] - net/mlx5: Lag, properly lock eswitch if needed (Amir Tzin) [2015434] - net/mlx5: Add send to vport rules on paired device (Amir Tzin) [2015434] - net/mlx5: E-Switch, Add event callback for representors (Amir Tzin) [2015434] - net/mlx5e: Use shared mappings for restoring from metadata (Amir Tzin) [2015434] - net/mlx5e: Add an option to create a shared mapping (Amir Tzin) [2015434] - net/mlx5: E-Switch, set flow source for send to uplink rule (Amir Tzin) [2015434] - RDMA/mlx5: Add shared FDB support (Amir Tzin) [2015434] - {net, RDMA}/mlx5: Extend send to vport rules (Amir Tzin) [2015434] - RDMA/mlx5: Fill port info based on the relevant eswitch (Amir Tzin) [2015434] - net/mlx5: Lag, add initial logic for shared FDB (Amir Tzin) [2015434] - net/mlx5: Return mdev from eswitch (Amir Tzin) [2015434] - net/mlx5: E-switch, Add QoS tracepoints (Amir Tzin) [2015434] - net/mlx5: E-switch, Allow to add vports to rate groups (Amir Tzin) [2015434] - net/mlx5: E-switch, Allow setting share/max tx rate limits of rate groups (Amir Tzin) [2015434] - net/mlx5: E-switch, Introduce rate limiting groups API (Amir Tzin) [2015434] - net/mlx5: E-switch, Enable devlink port tx_{share|max} rate control (Amir Tzin) [2015434] - net/mlx5: E-switch, Move QoS related code to dedicated file (Amir Tzin) [2015434] - net/mlx5e: TC, Support sample offload action for tunneled traffic (Amir Tzin) [2015434] - net/mlx5e: TC, Restore tunnel info for sample offload (Amir Tzin) [2015434] - net/mlx5e: TC, Remove CONFIG_NET_TC_SKB_EXT dependency when restoring tunnel (Amir Tzin) [2015434] - net/mlx5e: Refactor ct to use post action infrastructure (Amir Tzin) [2015434] - net/mlx5e: Introduce post action infrastructure (Amir Tzin) [2015434] - net/mlx5e: CT, Use xarray to manage fte ids (Amir Tzin) [2015434] - net/mlx5e: Move sample attribute to flow attribute (Amir Tzin) [2015434] - net/mlx5e: Move esw/sample to en/tc/sample (Amir Tzin) [2015434] - net/mlx5e: Remove mlx5e dependency from E-Switch sample (Amir Tzin) [2015434] - net/mlx5: DR, Fix querying eswitch manager vport for ECPF (Amir Tzin) [2018097] - net/mlx5: DR, Handle eswitch manager and uplink vports separately (Amir Tzin) [2018097] - net/mlx5: DR, Add missing string for action type SAMPLER (Amir Tzin) [2018097] - net/mlx5: DR, init_next_match only if needed (Amir Tzin) [2018097] - net/mlx5: DR, Increase supported num of actions to 32 (Amir Tzin) [2018097] - net/mlx5: DR, Add support for SF vports (Amir Tzin) [2018097] - net/mlx5: DR, Support csum recalculation flow table on SFs (Amir Tzin) [2018097] - net/mlx5: DR, Align error messages for failure to obtain vport caps (Amir Tzin) [2018097] - net/mlx5: DR, Add missing query for vport 0 (Amir Tzin) [2018097] - net/mlx5: DR, Replace local WIRE_PORT macro with the existing MLX5_VPORT_UPLINK (Amir Tzin) [2018097] - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (Dick Kennedy) [1943202] - nvme-tcp: change target from tech-preview to unmaintained (John Meneghini) [2061577] - drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Karol Herbst) [2059680] - tcp: Add snd_wnd to TCP_INFO (Davide Caratti) [2056608] - tcp: Add TCP_INFO counter for packets received out-of-order (Davide Caratti) [2056608] - net/mlx5: Move MODIFY_RQT command to ignore list in internal error state (Amir Tzin) [1982236] - net/mlx5e: Add TX max rate support for MQPRIO channel mode (Amir Tzin) [1982236] - net/mlx5e: Specify SQ stats struct for mlx5e_open_txqsq() (Amir Tzin) [1982236] - net/mlx5e: Allow only complete TXQs partition in MQPRIO channel mode (Amir Tzin) [1982236] - net/mlx5e: Mutually exclude setting of TX-port-TS and MQPRIO in channel mode (Amir Tzin) [1982236] - net/mlx5e: Fix condition when retrieving PTP-rqn (Amir Tzin) [1982236] - net/mlx5: Fix inner TTC table creation (Amir Tzin) [1982236] - net/mlx5e: Fix division by 0 in mlx5e_select_queue for representors (Amir Tzin) [1982236] - net/mlx5e: Improve MQPRIO resiliency (Amir Tzin) [1982236] - net/mlx5e: Support MQPRIO channel mode (Amir Tzin) [1982236] - net/mlx5e: Handle errors of netdev_set_num_tc() (Amir Tzin) [1982236] - net/mlx5e: Maintain MQPRIO mode parameter (Amir Tzin) [1982236] - net/mlx5e: Abstract MQPRIO params (Amir Tzin) [1982236] - net/mlx5e: Support flow classification into RSS contexts (Amir Tzin) [1982236] - net/mlx5e: Support multiple RSS contexts (Amir Tzin) [1982236] - net/mlx5e: Dynamically allocate TIRs in RSS contexts (Amir Tzin) [1982236] - net/mlx5e: Convert RSS to a dedicated object (Amir Tzin) [1982236] - net/mlx5e: Introduce abstraction of RSS context (Amir Tzin) [1982236] - net/mlx5e: Introduce TIR create/destroy API in rx_res (Amir Tzin) [1982236] - net/mlx5e: Do not try enable RSS when resetting indir table (Amir Tzin) [1982236] - net/mlx5: Embed mlx5_ttc_table (Amir Tzin) [1982236] - net/mlx5: Move TTC logic to fs_ttc (Amir Tzin) [1982236] - net/mlx5e: Decouple TTC logic from mlx5e (Amir Tzin) [1982236] - net/mlx5e: Rename some related TTC args and functions (Amir Tzin) [1982236] - net/mlx5e: Rename traffic type enums (Amir Tzin) [1982236] - net/mlx5e: Allocate the array of channels according to the real max_nch (Amir Tzin) [1982236] - net/mlx5e: Hide all implementation details of mlx5e_rx_res (Amir Tzin) [1982236] - net/mlx5e: Introduce mlx5e_channels API to get RQNs (Amir Tzin) [1982236] - net/mlx5e: Use a new initializer to build uniform indir table (Amir Tzin) [1982236] - net/mlx5e: Use the new TIR API for kTLS (Amir Tzin) [1982236] - net/mlx5e: Move management of indir traffic types to rx_res (Amir Tzin) [1982236] - net/mlx5e: Convert TIR to a dedicated object (Amir Tzin) [1982236] - net/mlx5e: Create struct mlx5e_rss_params_hash (Amir Tzin) [1982236] - net/mlx5e: Remove mdev from mlx5e_build_indir_tir_ctx_common() (Amir Tzin) [1982236] - net/mlx5e: Remove lro_param from mlx5e_build_indir_tir_ctx_common() (Amir Tzin) [1982236] - net/mlx5e: Remove mlx5e_priv usage from mlx5e_build_*tir_ctx*() (Amir Tzin) [1982236] - net/mlx5e: Use mlx5e_rqt_get_rqtn to access RQT hardware id (Amir Tzin) [1982236] - net/mlx5e: Take RQT out of TIR and group RX resources (Amir Tzin) [1982236] - net/mlx5e: Move RX resources to a separate struct (Amir Tzin) [1982236] - net/mlx5e: Move mlx5e_build_rss_params() call to init_rx (Amir Tzin) [1982236] - net/mlx5e: Convert RQT to a dedicated object (Amir Tzin) [1982236] - net/mlx5e: Check if inner FT is supported outside of create/destroy functions (Amir Tzin) [1982236] - net/mlx5: Take TIR destruction out of the TIR list lock (Amir Tzin) [1982236] - PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset (Myron Stowe) [2060122] - PCI/portdrv: Rename pm_iter() to pcie_port_device_iter() (Myron Stowe) [2060122] - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (Jerry Snitselaar) [2062094]


  • oracle-linux-upgrade-kernel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center