Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2021-3759) ELSA-2022-1988: kernel security, bug fix, and enhancement update

Back to Search

Oracle Linux: (CVE-2021-3759) ELSA-2022-1988: kernel security, bug fix, and enhancement update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
09/16/2021
Created
05/20/2022
Added
05/18/2022
Modified
05/18/2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2022-1988:

[4.18.0-372.9.1.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5 [4.18.0-372.9.1] - scsi: qedi: Fix failed disconnect handling (Chris Leech) [2071519] - scsi: iscsi: Fix unbound endpoint error handling (Chris Leech) [2071519] - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (Chris Leech) [2071519] - scsi: iscsi: Fix endpoint reuse regression (Chris Leech) [2071519] - scsi: iscsi: Release endpoint ID when its freed (Chris Leech) [2071519] - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2071519] - Revert 'scsi: iscsi: Fix offload conn cleanup when iscsid restarts' (Chris Leech) [2071519] - scsi: iscsi: Speed up session unblocking and removal (Chris Leech) [2071519] - scsi: iscsi: Fix recovery and unblocking race (Chris Leech) [2071519] - scsi: iscsi: Unblock session then wake up error handler (Chris Leech) [2071519] - bnxt_en: make hw-tc-offload default to off (Ken Cox) [2005101] - bnxt_en: reject indirect blk offload when hw-tc-offload is off (Ken Cox) [2005101] [4.18.0-372.8.1] - esp6: fix check on ipv6_skip_exthdrs return value (Sabrina Dubroca) [2054075] - scsi: iscsi: Fix nop handling during conn recovery (Chris Leech) [2069969] - scsi: iscsi: Merge suspend fields (Chris Leech) [2069969] - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2069969] - scsi: iscsi: Move iscsi_ep_disconnect (Chris Leech) [2069969] - CI: Remove deprecated option (Veronika Kabatova) [4.18.0-372.7.1] - netfilter: nf_tables_offload: incorrect flow offload action array size (Florian Westphal) [2056728] {CVE-2022-25636} - netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create (Florian Westphal) [2056728] - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (Bandan Das) [2033068] - PCI/ACPI: Fix acpi_pci_osc_control_set() kernel-doc comment (Mark Langsdorf) [2049209] - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (Mark Langsdorf) [2049209] - PCI/ACPI: Move _OSC query checks to separate function (Mark Langsdorf) [2049209] - PCI/ACPI: Move supported and control calculations to separate functions (Mark Langsdorf) [2049209] - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (Mark Langsdorf) [2049209] - kabi: Adding symbol blkdev_get_by_dev (fs/block_dev.c) (cestmir Kalina) [2010296] - kabi: Adding symbol thaw_bdev (fs/block_dev.c) (cestmir Kalina) [2010296] - kabi: Adding symbol freeze_bdev (fs/block_dev.c) (cestmir Kalina) [2010296] - s390/cio: make ccw_device_dma_* more robust (Thomas Huth) [2066709] - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Michael Petlan) [2069237] - redhat: switch secureboot kernel image signing to release keys (Augusto Caringi) - ice: xsk: Stop Rx processing when ntc catches ntu (Ivan Vecera) [2069082] - ice: xsk: Fix indexing in ice_tx_xsk_pool() (Ivan Vecera) [2069082] - ice: Fix kernel crash in XDP scenario (Ivan Vecera) [2069082] [4.18.0-372.6.1] - configs: enable CONFIG_RMI4_F3A (Benjamin Tissoires) [2067219] - Input: synaptics-rmi4 - add support for F3A (Benjamin Tissoires) [2067219] - RDMA/cma: Do not change route.addr.src_addr.ss_family (Kamal Heib) [2032074] {CVE-2021-4028} - drm/i915/adl_s: Remove require_force_probe protection (Michel Danzer) [2025896] - drm/i915/adl_s: Update ADL-S PCI IDs (Michel Danzer) [2025896] - drm/i915: Limit Wa_22010178259 to affected platforms (Michel Danzer) [2025896] - drm/i915/adl_s: Fix dma_mask_size to 39 bit (Michel Danzer) [2025896] - drm/i915/dmc: Update DMC to v2.14 on ADL-P (Michel Danzer) [2060051] - drm/i915: Update memory bandwidth formulae (Michel Danzer) [2060051] - drm/i915/fb: Fold modifier CCS type/tiling attribute to plane caps (Michel Danzer) [2060051] - drm/i915/fb: Dont store bitmasks in the intel_plane_caps enum (Michel Danzer) [2060051] - drm/i915/adl_p: Add ddc pin mapping (Michel Danzer) [2060051] - iommu/amd: Fix I/O page table memory leak (Jerry Snitselaar) [2053210] - iommu/amd: Recover from event log overflow (Jerry Snitselaar) [2053210] [4.18.0-372.5.1] - scsi: mpi3mr: Fix flushing !WQ_MEM_RECLAIM events warning (Tomas Henzl) [2052278] - scsi: mpi3mr: Fix memory leaks (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix reporting of actual data transfer size (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix cmnd getting marked as in use forever (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix hibernation issue (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix printing of pending I/O count (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix deadlock while canceling the fw event (Tomas Henzl) [2054814] - scsi: mpi3mr: Fixes around reply request queues (Tomas Henzl) [2054814] - scsi: mpi3mr: Enhanced Task Management Support Reply handling (Tomas Henzl) [2054814] - scsi: mpi3mr: Use TM response codes from MPI3 headers (Tomas Henzl) [2054814] - scsi: mpi3mr: Increase internal cmnds timeout to 60s (Tomas Henzl) [2054814] - scsi: mpi3mr: Do access status validation before adding devices (Tomas Henzl) [2054814] - scsi: mpi3mr: Update MPI3 headers - part2 (Tomas Henzl) [2054814] - scsi: mpi3mr: Update MPI3 headers - part1 (Tomas Henzl) [2054814] - scsi: mpi3mr: Dont reset IOC if cmnds flush with reset status (Tomas Henzl) [2054814] - scsi: mpi3mr: Replace spin_lock() with spin_lock_irqsave() (Tomas Henzl) [2054814] - scsi: mpi3mr: Add debug APIs based on logging_level bits (Tomas Henzl) [2054814] - scsi: mpt3sas: Remove scsi_dma_map() error messages (Tomas Henzl) [2057021] - net/mlx5: Fix wrong limitation of metadata match on ecpf (Amir Tzin) [2049094] - nfsd: fix use-after-free due to delegation race (Thiago Becker) [2053262] - dma-buf: cma_heap: Fix mutex locking section (Michel Danzer) [2044440] - drm/amdkfd: Check for null pointer after calling kmemdup (Michel Danzer) [2044440] - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (Michel Danzer) [2044440] - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (Michel Danzer) [2044440] - drm/i915/overlay: Prevent divide by zero bugs in scaling (Michel Danzer) [2044440] - dma-buf: heaps: Fix potential spectre v1 gadget (Michel Danzer) [2044440] - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15 Apple Retina panels (Michel Danzer) [2044440] - drm/amd/display: watermark latencies is not enough on DCN31 (Michel Danzer) [2044440] - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (Michel Danzer) [2044440] - drm/i915/adlp: Fix TypeC PHY-ready status readout (Michel Danzer) [2044440] - drm/nouveau: fix off by one in BIOS boundary checking (Michel Danzer) [2044440] - drm/i915: Disable DSB usage for now (Michel Danzer) [2044440] - Revert 'drm/ast: Support 1600x900 with 108MHz PCLK' (Michel Danzer) [2044440] - drm/amd/display: Fix FP start/end for dcn30_internal_validate_bw. (Michel Danzer) [2044440] - drm/atomic: Add the crtc to affected crtc only if uapi.enable = true (Michel Danzer) [2044440] - drm/amdgpu: Use correct VIEWPORT_DIMENSION for DCN2 (Michel Danzer) [2044440] - drm/amd/display: reset dcn31 SMU mailbox on failures (Michel Danzer) [2044440] - drm/vmwgfx: Remove explicit transparent hugepages support (Michel Danzer) [2044440] - drm/radeon: fix error handling in radeon_driver_open_kms (Michel Danzer) [2044440] - drm/i915/display/ehl: Update voltage swing table (Michel Danzer) [2044440] - drm/nouveau/kms/nv04: use vzalloc for nv04_display (Michel Danzer) [2044440] - drm/amd/display: Fix the uninitialized variable in enable_stream_features() (Michel Danzer) [2044440] - amdgpu/pm: Make sysfs pm attributes as read-only for VFs (Michel Danzer) [2044440] - drm/amdgpu: fixup bad vram size on gmc v8 (Michel Danzer) [2044440] - drm/amd/amdgpu: fix gmc bo pin count leak in SRIOV (Michel Danzer) [2044440] - drm/amd/amdgpu: fix psp tmr bo pin count leak in SRIOV (Michel Danzer) [2044440] - drm/amdkfd: Fix error handling in svm_range_add (Michel Danzer) [2044440] - drm/vmwgfx: Introduce a new placement for MOB page tables (Michel Danzer) [2044440] - drm/vmwgfx: Release ttm memory if probe fails (Michel Danzer) [2044440] - drm/amd/display: add else to avoid double destroy clk_mgr (Michel Danzer) [2044440] - drm/amdgpu/display: set vblank_disable_immediate for DC (Michel Danzer) [2044440] - drm/amd/display: check top_pipe_to_program pointer (Michel Danzer) [2044440] - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (Michel Danzer) [2044440] - drm/amd/display: Fix out of bounds access on DNC31 stream encoder regs (Michel Danzer) [2044440] - drm/amd/display: Fix bug in debugfs crc_win_update entry (Michel Danzer) [2044440] - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Michel Danzer) [2044440] - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Michel Danzer) [2044440] - drm/vmwgfx: Fail to initialize on broken configs (Michel Danzer) [2044440] - drm/vmwgfx: Remove the deprecated lower mem limit (Michel Danzer) [2044440] - drm/vboxvideo: fix a NULL vs IS_ERR() check (Michel Danzer) [2044440] - drm: fix null-ptr-deref in drm_dev_init_release() (Michel Danzer) [2044440] - drm/ttm: Put BO in its memory managers lru list (Michel Danzer) [2044440] - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (Michel Danzer) [2044440] - drm/amd/display: explicitly set is_dsc_supported to false before use (Michel Danzer) [2044440] - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Michel Danzer) [2044440] - drm/amd/pm: keep the BACO feature enabled for suspend (Michel Danzer) [2044440] - Revert 'drm/amdgpu: stop scheduler when calling hw_fini (v2)' (Michel Danzer) [2044440] - drm/amd/display: Added power down for DCN10 (Michel Danzer) [2044440] - drm/amd/display: fix B0 TMDS deepcolor no dislay issue (Michel Danzer) [2044440] - drm/amdgpu: put SMU into proper state on runpm suspending for BOCO capable platform (Michel Danzer) [2044440] - drm/amd/pm: skip setting gfx cgpg in the s0ix suspend-resume (Michel Danzer) [2044440] - drm/amd/pm: Fix xgmi link control on aldebaran (Michel Danzer) [2044440] - drm/amdgpu: fix dropped backing store handling in amdgpu_dma_buf_move_notify (Michel Danzer) [2044440] - drm/amd/display: Changed pipe split policy to allow for multi-display pipe split (Michel Danzer) [2044440] - drm/amdgpu: add support for IP discovery gc_info table v2 (Michel Danzer) [2044440] - drm/amdgpu: When the VCN(1.0) block is suspended, powergating is explicitly enabled (Michel Danzer) [2044440] - drm/nouveau: wait for the exclusive fence after the shared ones v2 (Michel Danzer) [2044440] - drm/nouveau: always wait for the exclusive fence (Michel Danzer) [2044440] - drm/amd/display: Set optimize_pwr_state for DCN31 (Michel Danzer) [2044440] - drm/amd/display: Send s0i2_rdy in stream_count == 0 optimization (Michel Danzer) [2044440] - drm/amd/pm: fix reading SMU FW version from amdgpu_firmware_info on YC (Michel Danzer) [2044440] - drm/amdgpu: dont override default ECO_BITs setting (Michel Danzer) [2044440] - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (Michel Danzer) [2044440] - drm/amd/pm: fix a potential gpu_metrics_table memory leak (Michel Danzer) [2044440] - drm/amd/display: Set exit_optimized_pwr_state for DCN31 (Michel Danzer) [2044440] - drm/i915/display: Fix an unsigned subtraction which can never be negative. (Michel Danzer) [2044440] - drm/ast: potential dereference of null pointer (Michel Danzer) [2044440] - drm: simpledrm: fix wrong unit with pixel clock (Michel Danzer) [2044440] - Revert 'drm/fb-helper: improve DRM fbdev emulation device names' (Michel Danzer) [2044440] - drm/i915/hdmi: Turn DP++ TMDS output buffers back on in encoder->shutdown() (Michel Danzer) [2044440] - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (Michel Danzer) [2044440] - drm/amdkfd: process_info lock not needed for svm (Michel Danzer) [2044440] - drm/amd/display: add connector type check for CRC source set (Michel Danzer) [2044440] - drm/amdkfd: fix double free mem structure (Michel Danzer) [2044440] - drm/amd/display: Fix for the no Audio bug with Tiled Displays (Michel Danzer) [2044440] - drm/amdgpu: check atomic flag to differeniate with legacy path (Michel Danzer) [2044440] - drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset (Michel Danzer) [2044440] - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence. (Michel Danzer) [2044440] - drm/i915/dp: Perform 30ms delay after source OUI write (Michel Danzer) [2044440] - drm/amd/display: Allow DSC on supported MST branch devices (Michel Danzer) [2044440] - dma-buf: system_heap: Use 'for_each_sgtable_sg' in pages free flow (Michel Danzer) [2044440] - drm/amd/amdgpu: fix potential memleak (Michel Danzer) [2044440] - drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again (Michel Danzer) [2044440] - drm/amd/pm: Remove artificial freq level on Navi1x (Michel Danzer) [2044440] - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (Michel Danzer) [2044440] - drm/amd/display: Set plane update flags for all planes in reset (Michel Danzer) [2044440] - drm/amd/display: Fix DPIA outbox timeout after GPU reset (Michel Danzer) [2044440] - drm/aspeed: Fix vga_pw sysfs output (Michel Danzer) [2044440] - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (Michel Danzer) [2044440] - drm/amd/display: Fix OLED brightness control on eDP (Michel Danzer) [2044440] - drm/amdgpu: IH process reset count when restart (Michel Danzer) [2044440] - drm/amd/pm: avoid duplicate powergate/ungate setting (Michel Danzer) [2044440] - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (Michel Danzer) [2044440] - drm/i915: Fix type1 DVI DP dual mode adapter heuristic for modern platforms (Michel Danzer) [2044440] - drm/i915/dp: Ensure max link params are always valid (Michel Danzer) [2044440] - drm/i915/dp: Ensure sink rate values are always valid (Michel Danzer) [2044440] - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (Michel Danzer) [2044440] - drm/udl: fix control-message timeout (Michel Danzer) [2044440] - drm/amd/display: Limit max DSC target bpp for specific monitors (Michel Danzer) [2044440] - drm/amd/display: Update swizzle mode enums (Michel Danzer) [2044440] - drm/cma-helper: Release non-coherent memory with dma_free_noncoherent() (Michel Danzer) [2044440] - Revert 'drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping' (Michel Danzer) [2044440] - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (Michel Danzer) [2044440] - x86/speculation: Check CPU capability before applying IBRS spectre v2 mitigation (Waiman Long) [2062156 2062166] {CVE-2022-0001 CVE-2022-0002 CVE-2021-26401} - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (Waiman Long) [2062156 2062166] {CVE-2022-0001 CVE-2022-0002 CVE-2021-26401} - x86/speculation: Warn about Spectre v2 LFENCE mitigation (Waiman Long) [2062156 2062166] {CVE-2022-0001 CVE-2022-0002 CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper (Waiman Long) [2062166] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD (Waiman Long) [2062166] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - Documentation/hw-vuln: Update spectre doc (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - x86/speculation: Add eIBRS + Retpoline options (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - x86: deduplicate the spectre_v2_user documentation (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2064863] {CVE-2022-1011} - ice: Do not enable VLAN pruning when spoofchk is enabled (Ivan Vecera) [2062343] - ice: dont allow to run ice_send_event_to_aux() in atomic ctx (Ivan Vecera) [2062343] - ice: fix 'scheduling while atomic' on aux critical err interrupt (Ivan Vecera) [2062343] - ice: Fix MAC address setting (Ivan Vecera) [2062343] - ice: Clear default forwarding VSI during release (Ivan Vecera) [2062343] - ice: Fix broken IFF_ALLMULTI handling (Ivan Vecera) [2062343] - iavf: Fix hang during reboot/shutdown (Ivan Vecera) [2062343] - iavf: Fix double free in iavf_reset_task (Ivan Vecera) [2062343] - ice: destroy flow director filter mutex after releasing VSIs (Ivan Vecera) [2062343] - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (Ivan Vecera) [2062343] - iavf: Fix adopting new combined setting (Ivan Vecera) [2062343] - iavf: Fix handling of vlan strip virtual channel messages (Ivan Vecera) [2062343] - iavf: Fix __IAVF_RESETTING state usage (Ivan Vecera) [2062343] - iavf: Fix missing check for running netdev (Ivan Vecera) [2062343] - iavf: Fix deadlock in iavf_reset_task (Ivan Vecera) [2062343] - iavf: Fix race in init state (Ivan Vecera) [2062343] - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (Ivan Vecera) [2062343] - iavf: Fix init state closure on remove (Ivan Vecera) [2062343] - iavf: Add waiting so the port is initialized in remove (Ivan Vecera) [2062343] - iavf: Rework mutexes for better synchronisation (Ivan Vecera) [2062343] - iavf: remove an unneeded variable (Ivan Vecera) [2062343] - iavf: Fix limit of total number of queues to active queues of VF (Ivan Vecera) [2062343] - iavf: Restrict maximum VLAN filters for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Ivan Vecera) [2062343] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 offload enable/disable (Ivan Vecera) [2062343] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 hotpath (Ivan Vecera) [2062343] - iavf: Add support VIRTCHNL_VF_OFFLOAD_VLAN_V2 during netdev config (Ivan Vecera) [2062343] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 negotiation (Ivan Vecera) [2062343] - virtchnl: Add support for new VLAN capabilities (Ivan Vecera) [2062343] - virtchnl: Use the BIT() macro for capability/offload flags (Ivan Vecera) [2062343] - virtchnl: Remove unused VIRTCHNL_VF_OFFLOAD_RSVD define (Ivan Vecera) [2062343] - virtchnl: Add missing padding to virtchnl_proto_hdrs (Ivan Vecera) [2062343] - ice: Fix race condition during interface enslave (Ivan Vecera) [2062343] - ice: Fix curr_link_speed advertised speed (Ivan Vecera) [2062343] - ice: Dont use GFP_KERNEL in atomic context (Ivan Vecera) [2062343] - ice: Fix error with handling of bonding MTU (Ivan Vecera) [2062343] - ice: stop disabling VFs due to PF error responses (Ivan Vecera) [2062343] - ice: initialize local variable 'tlv' (Ivan Vecera) [2062343] - ice: check the return of ice_ptp_gettimex64 (Ivan Vecera) [2062343] - ice: fix concurrent reset and removal of VFs (Ivan Vecera) [2062343] - ice: fix setting l4 port flag when adding filter (Ivan Vecera) [2062343] - ice: Match on all profiles in slow-path (Ivan Vecera) [2062343] - ice: enable parsing IPSEC SPI headers for RSS (Ivan Vecera) [2062343] - ice: Avoid RTNL lock when re-creating auxiliary device (Ivan Vecera) [2062343] - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (Ivan Vecera) [2062343] - ice: fix IPIP and SIT TSO offload (Ivan Vecera) [2062343] - ice: fix an error code in ice_cfg_phy_fec() (Ivan Vecera) [2062343] - ice: Use bitmap_free() to free bitmap (Ivan Vecera) [2062343] - ice: Optimize a few bitmap operations (Ivan Vecera) [2062343] - ice: Slightly simply ice_find_free_recp_res_idx (Ivan Vecera) [2062343] - ice: improve switchdevs slow-path (Ivan Vecera) [2062343] - ice: replay advanced rules after reset (Ivan Vecera) [2062343] - ice: Add flow director support for channel mode (Ivan Vecera) [2062343] - ice: trivial: fix odd indenting (Ivan Vecera) [2062343] - ice: support crosstimestamping on E822 devices if supported (Ivan Vecera) [2062343] - ice: exit bypass mode once hardware finishes timestamp calibration (Ivan Vecera) [2062343] - ice: ensure the hardware Clock Generation Unit is configured (Ivan Vecera) [2062343] - ice: implement basic E822 PTP support (Ivan Vecera) [2062343] - ice: convert clk_freq capability into time_ref (Ivan Vecera) [2062343] - ice: introduce ice_ptp_init_phc function (Ivan Vecera) [2062343] - ice: use 'int err' instead of 'int status' in ice_ptp_hw.c (Ivan Vecera) [2062343] - ice: PTP: move setting of tstamp_config (Ivan Vecera) [2062343] - ice: introduce ice_base_incval function (Ivan Vecera) [2062343] - ice: xsk: fix cleaned_count setting (Ivan Vecera) [2062343] - ice: xsk: allow empty Rx descriptors on XSK ZC data path (Ivan Vecera) [2062343] - ice: xsk: allocate separate memory for XDP SW ring (Ivan Vecera) [2062343] - ice: xsk: return xsk buffers back to pool when cleaning the ring (Ivan Vecera) [2062343] - ice: use modern kernel API for kick (Ivan Vecera) [2062343] - ice: tighter control over VSI_DOWN state (Ivan Vecera) [2062343] - ice: use prefetch methods (Ivan Vecera) [2062343] - ice: update to newer kernel API (Ivan Vecera) [2062343] - ice: support immediate firmware activation via devlink reload (Ivan Vecera) [2062343] - ice: reduce time to read Option ROM CIVD data (Ivan Vecera) [2062343] - ice: move ice_devlink_flash_update and merge with ice_flash_pldm_image (Ivan Vecera) [2062343] - ice: move and rename ice_check_for_pending_update (Ivan Vecera) [2062343] - ice: devlink: add shadow-ram region to snapshot Shadow RAM (Ivan Vecera) [2062343] - ice: Remove unused ICE_FLOW_SEG_HDRS_L2_MASK (Ivan Vecera) [2062343] - ice: Remove unnecessary casts (Ivan Vecera) [2062343] - ice: Propagate error codes (Ivan Vecera) [2062343] - ice: Remove excess error variables (Ivan Vecera) [2062343] - ice: Cleanup after ice_status removal (Ivan Vecera) [2062343] - ice: Remove enum ice_status (Ivan Vecera) [2062343] - ice: Use int for ice_status (Ivan Vecera) [2062343] - ice: Remove string printing for ice_status (Ivan Vecera) [2062343] - ice: Refactor status flow for DDP load (Ivan Vecera) [2062343] - ice: Refactor promiscuous functions (Ivan Vecera) [2062343] - ice: refactor PTYPE validating (Ivan Vecera) [2062343] - ice: Add package PTYPE enable information (Ivan Vecera) [2062343] - ice: safer stats processing (Ivan Vecera) [2062343] - ice: fix adding different tunnels (Ivan Vecera) [2062343] - ice: fix choosing UDP header type (Ivan Vecera) [2062343] - ice: ignore dropped packets during init (Ivan Vecera) [2062343] - ice: rearm other interrupt cause register after enabling VFs (Ivan Vecera) [2062343] - net/ice: Remove unused enum (Ivan Vecera) [2062343] - net/ice: Fix boolean assignment (Ivan Vecera) [2062343] - net/ice: Add support for enable_iwarp and enable_roce devlink param (Ivan Vecera) [2062343] - ice: avoid bpf_prog refcount underflow (Ivan Vecera) [2062343] - ice: fix vsi->txq_map sizing (Ivan Vecera) [2062343] - ice: Hide bus-info in ethtool for PRs in switchdev mode (Ivan Vecera) [2062343] - ice: Clear synchronized addrs when adding VFs in switchdev mode (Ivan Vecera) [2062343] - ice: fix error return code in ice_get_recp_frm_fw() (Ivan Vecera) [2062343] - ice: Fix clang -Wimplicit-fallthrough in ice_pull_qvec_from_rc() (Ivan Vecera) [2062343] - ice: Add support to print error on PHY FW load failure (Ivan Vecera) [2062343] - ice: Add support for changing MTU on PR in switchdev mode (Ivan Vecera) [2062343] - ice: send correct vc status in switchdev (Ivan Vecera) [2062343] - ice: support for GRE in eswitch (Ivan Vecera) [2062343] - ice: low level support for tunnels (Ivan Vecera) [2062343] - ice: VXLAN and Geneve TC support (Ivan Vecera) [2062343] - ice: support for indirect notification (Ivan Vecera) [2062343] - ice: Add tc-flower filter support for channel (Ivan Vecera) [2062343] - ice: enable ndo_setup_tc support for mqprio_qdisc (Ivan Vecera) [2062343] - ice: Add infrastructure for mqprio support via ndo_setup_tc (Ivan Vecera) [2062343] - ice: fix an error code in ice_ena_vfs() (Ivan Vecera) [2062343] - ice: use devm_kcalloc() instead of devm_kzalloc() (Ivan Vecera) [2062343] - ice: Make use of the helper function devm_add_action_or_reset() (Ivan Vecera) [2062343] - ice: Refactor PR ethtool ops (Ivan Vecera) [2062343] - ice: Forbid trusted VFs in switchdev mode (Ivan Vecera) [2062343] - ice: Manage act flags for switchdev offloads (Ivan Vecera) [2062343] - ice: introduce XDP_TX fallback path (Ivan Vecera) [2062343] - ice: optimize XDP_TX workloads (Ivan Vecera) [2062343] - ice: propagate xdp_ring onto rx_ring (Ivan Vecera) [2062343] - ice: do not create xdp_frame on XDP_TX (Ivan Vecera) [2062343] - ice: unify xdp_rings accesses (Ivan Vecera) [2062343] - ice: ndo_setup_tc implementation for PR (Ivan Vecera) [2062343] - ice: ndo_setup_tc implementation for PF (Ivan Vecera) [2062343] - ice: Allow changing lan_en and lb_en on all kinds of filters (Ivan Vecera) [2062343] - ice: cleanup rules info (Ivan Vecera) [2062343] - ice: allow deleting advanced rules (Ivan Vecera) [2062343] - ice: allow adding advanced rules (Ivan Vecera) [2062343] - ice: create advanced switch recipe (Ivan Vecera) [2062343] - ice: manage profiles and field vectors (Ivan Vecera) [2062343] - ice: implement low level recipes functions (Ivan Vecera) [2062343] - ice: add port representor ethtool ops and stats (Ivan Vecera) [2062343] - ice: switchdev slow path (Ivan Vecera) [2062343] - ice: rebuild switchdev when resetting all VFs (Ivan Vecera) [2062343] - ice: enable/disable switchdev when managing VFs (Ivan Vecera) [2062343] - ice: introduce new type of VSI for switchdev (Ivan Vecera) [2062343] - ice: set and release switchdev environment (Ivan Vecera) [2062343] - net: export metadata_dst_free() (Ivan Vecera) [2062343] - ice: allow changing lan_en and lb_en on dflt rules (Ivan Vecera) [2062343] - ice: manage VSI antispoof and destination override (Ivan Vecera) [2062343] - ice: allow process VF opcodes in different ways (Ivan Vecera) [2062343] - ice: introduce VF port representor (Ivan Vecera) [2062343] - ice: Move devlink port to PF/VF struct (Ivan Vecera) [2062343] - ice: support basic E-Switch mode control (Ivan Vecera) [2062343] - ethernet: use eth_hw_addr_set() for dev->addr_len cases (Ivan Vecera) [2062343] - ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (Ivan Vecera) [2062343] - ice: Use xdp_buf instead of rx_buf for xsk zero-copy (Ivan Vecera) [2062343] - ice: fix FDIR init missing when reset VF (Ivan Vecera) [2062343] - intel: Remove rcu_read_lock() around XDP program invocation (Ivan Vecera) [2062343] - intel: Update drivers to use ethtool_sprintf (Ivan Vecera) [2062343] - ice: fix conversion to new udp_tunnel infrastructure (Ivan Vecera) [2062343] - intel-ethernet: clean up W=1 warnings in kdoc (Ivan Vecera) [2062343] - PCI: Use 'pci_channel_state_t' instead of 'enum pci_channel_state' (Ivan Vecera) [2062343] - treewide: Use sizeof_field() macro (Ivan Vecera) [2062343] - devlink: Add 'enable_iwarp' generic device param (Ivan Vecera) [2062343] - devlink: Add new 'enable_vnet' generic device param (Ivan Vecera) [2062343] - devlink: Add new 'enable_rdma' generic device param (Ivan Vecera) [2062343] - devlink: Add new 'enable_eth' generic device param (Ivan Vecera) [2062343] - gfs2: dequeue iopen holder in gfs2_inode_lookup error (Bob Peterson) [2061665] [4.18.0-372.4.1] - igb: refactor XDP registration (Corinna Vinschen) [2040171] - igc: avoid kernel warning when changing RX ring parameters (Corinna Vinschen) [2040171] - scsi: qedi: Fix cmd_cleanup_cmpl counter mismatch issue (Nilesh Javali) [2054565] - EDAC/amd64: Save max number of controllers for F19 M70 (Aristeu Rozanski) [2064285] - CI: Use 8.6-rt branch for r realtime_check (Chris White) - blk-mq: avoid extending delays of active hctx from blk_mq_delay_run_hw_queues (Ming Lei) [2046525] - tipc: fix incorrect order of state message data sanity check (Xin Long) [2048971] - tipc: improve size validations for received domain records (Xin Long) [2048971] {CVE-2022-0435} - efi/x86: Call efi_parse_options() from efi_main() (Lenny Szubowicz) [2049233] [4.18.0-372.3.1] - net/mlx5e: TC, Remove redundant error logging (Amir Tzin) [2023907] - net/mlx5: DR, Warn on failure to destroy objects due to refcount (Amir Tzin) [2022325] - net/mlx5: DR, Add support for dumping steering info (Amir Tzin) [2022325] - net/mlx5: DR, Add missing reserved fields to dr_match_param (Amir Tzin) [2022325] - net/mlx5: DR, Add check for flex parser ID value (Amir Tzin) [2022325] - net/mlx5: DR, Rename list field in matcher struct to list_node (Amir Tzin) [2022325] - net/mlx5: DR, Remove unused struct member in matcher (Amir Tzin) [2022325] - net/mlx5: DR, Fix error flow in creating matcher (Amir Tzin) [2022325] - net/mlx5e: Avoid implicit modify hdr for decap drop rule (Amir Tzin) [2015434] - net/mlx5e: TC, Fix memory leak with rules with internal port (Amir Tzin) [2015434] - net/mlx5e: Fix skb memory leak when TC classifier action offloads are disabled (Amir Tzin) [2015434] - net/mlx5: Fix some error handling paths in 'mlx5e_tc_add_fdb_flow()' (Amir Tzin) [2015434] - net/mlx5: E-Switch, Check group pointer before reading bw_share value (Amir Tzin) [2015434] - net/mlx5: E-Switch, fix single FDB creation on BlueField (Amir Tzin) [2015434] - net/mlx5: E-switch, Respect BW share of the new group (Amir Tzin) [2015434] - net/mlx5: DR, Fix check for unsupported fields in match param (Amir Tzin) [2015434] - net/mlx5: E-Switch, rebuild lag only when needed (Amir Tzin) [2015434] - net/mlx5e: Delete forward rule for ct or sample action (Amir Tzin) [2015434] - net/mlx5: E-Switch, Use indirect table only if all destinations support it (Amir Tzin) [2015434] - net/mlx5: Support internal port as decap route device (Amir Tzin) [2015434] - net/mlx5e: Term table handling of internal port rules (Amir Tzin) [2015434] - net/mlx5e: Add indirect tc offload of ovs internal port (Amir Tzin) [2015434] - net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert (Amir Tzin) [2015434] - net/mlx5e: Offload internal port as encap route device (Amir Tzin) [2015434] - net/mlx5e: Offload tc rules that redirect to ovs internal port (Amir Tzin) [2015434] - net/mlx5e: Accept action skbedit in the tc actions list (Amir Tzin) [2015434] - net/mlx5: E-Switch, Add ovs internal port mapping to metadata support (Amir Tzin) [2015434] - net/mlx5e: Use generic name for the forwarding dev pointer (Amir Tzin) [2015434] - net/mlx5e: Refactor rx handler of represetor device (Amir Tzin) [2015434] - net/mlx5: DR, Add check for unsupported fields in match param (Amir Tzin) [2015434] - net/mlx5: Allow skipping counter refresh on creation (Amir Tzin) [2015434] - net/mlx5e: IPsec: Refactor checksum code in tx data path (Amir Tzin) [2015434] - net/mlx5: CT: Remove warning of ignore_flow_level support for VFs (Amir Tzin) [2015434] - net/mlx5: Add esw assignment back in mlx5e_tc_sample_unoffload() (Amir Tzin) [2015434] - net/mlx5: Bridge, fix uninitialized variable usage (Amir Tzin) [2015434] - net/mlx5: Lag, dont update lag if lag isnt supported (Amir Tzin) [2015434] - net/mlx5: E-switch, Return correct error code on group creation failure (Amir Tzin) [2015434] - net/mlx5: Bridge, support LAG (Amir Tzin) [2015434] - net/mlx5: Bridge, allow merged eswitch connectivity (Amir Tzin) [2015434] - net/mlx5: Bridge, extract FDB delete notification to function (Amir Tzin) [2015434] - net/mlx5: Bridge, identify port by vport_num+esw_owner_vhca_id pair (Amir Tzin) [2015434] - net/mlx5: Bridge, obtain core device from eswitch instead of priv (Amir Tzin) [2015434] - net/mlx5: Bridge, release bridge in same function where it is taken (Amir Tzin) [2015434] - net/mlx5: Lag, Create shared FDB when in switchdev mode (Amir Tzin) [2015434] - net/mlx5: E-Switch, add logic to enable shared FDB (Amir Tzin) [2015434] - net/mlx5: Lag, properly lock eswitch if needed (Amir Tzin) [2015434] - net/mlx5: Add send to vport rules on paired device (Amir Tzin) [2015434] - net/mlx5: E-Switch, Add event callback for representors (Amir Tzin) [2015434] - net/mlx5e: Use shared mappings for restoring from metadata (Amir Tzin) [2015434] - net/mlx5e: Add an option to create a shared mapping (Amir Tzin) [2015434] - net/mlx5: E-Switch, set flow source for send to uplink rule (Amir Tzin) [2015434] - RDMA/mlx5: Add shared FDB support (Amir Tzin) [2015434] - {net, RDMA}/mlx5: Extend send to vport rules (Amir Tzin) [2015434] - RDMA/mlx5: Fill port info based on the relevant eswitch (Amir Tzin) [2015434] - net/mlx5: Lag, add initial logic for shared FDB (Amir Tzin) [2015434] - net/mlx5: Return mdev from eswitch (Amir Tzin) [2015434] - net/mlx5: E-switch, Add QoS tracepoints (Amir Tzin) [2015434] - net/mlx5: E-switch, Allow to add vports to rate groups (Amir Tzin) [2015434] - net/mlx5: E-switch, Allow setting share/max tx rate limits of rate groups (Amir Tzin) [2015434] - net/mlx5: E-switch, Introduce rate limiting groups API (Amir Tzin) [2015434] - net/mlx5: E-switch, Enable devlink port tx_{share|max} rate control (Amir Tzin) [2015434] - net/mlx5: E-switch, Move QoS related code to dedicated file (Amir Tzin) [2015434] - net/mlx5e: TC, Support sample offload action for tunneled traffic (Amir Tzin) [2015434] - net/mlx5e: TC, Restore tunnel info for sample offload (Amir Tzin) [2015434] - net/mlx5e: TC, Remove CONFIG_NET_TC_SKB_EXT dependency when restoring tunnel (Amir Tzin) [2015434] - net/mlx5e: Refactor ct to use post action infrastructure (Amir Tzin) [2015434] - net/mlx5e: Introduce post action infrastructure (Amir Tzin) [2015434] - net/mlx5e: CT, Use xarray to manage fte ids (Amir Tzin) [2015434] - net/mlx5e: Move sample attribute to flow attribute (Amir Tzin) [2015434] - net/mlx5e: Move esw/sample to en/tc/sample (Amir Tzin) [2015434] - net/mlx5e: Remove mlx5e dependency from E-Switch sample (Amir Tzin) [2015434] - net/mlx5: DR, Fix querying eswitch manager vport for ECPF (Amir Tzin) [2018097] - net/mlx5: DR, Handle eswitch manager and uplink vports separately (Amir Tzin) [2018097] - net/mlx5: DR, Add missing string for action type SAMPLER (Amir Tzin) [2018097] - net/mlx5: DR, init_next_match only if needed (Amir Tzin) [2018097] - net/mlx5: DR, Increase supported num of actions to 32 (Amir Tzin) [2018097] - net/mlx5: DR, Add support for SF vports (Amir Tzin) [2018097] - net/mlx5: DR, Support csum recalculation flow table on SFs (Amir Tzin) [2018097] - net/mlx5: DR, Align error messages for failure to obtain vport caps (Amir Tzin) [2018097] - net/mlx5: DR, Add missing query for vport 0 (Amir Tzin) [2018097] - net/mlx5: DR, Replace local WIRE_PORT macro with the existing MLX5_VPORT_UPLINK (Amir Tzin) [2018097] - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (Dick Kennedy) [1943202] - nvme-tcp: change target from tech-preview to unmaintained (John Meneghini) [2061577] - drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Karol Herbst) [2059680] - tcp: Add snd_wnd to TCP_INFO (Davide Caratti) [2056608] - tcp: Add TCP_INFO counter for packets received out-of-order (Davide Caratti) [2056608] - net/mlx5: Move MODIFY_RQT command to ignore list in internal error state (Amir Tzin) [1982236] - net/mlx5e: Add TX max rate support for MQPRIO channel mode (Amir Tzin) [1982236] - net/mlx5e: Specify SQ stats struct for mlx5e_open_txqsq() (Amir Tzin) [1982236] - net/mlx5e: Allow only complete TXQs partition in MQPRIO channel mode (Amir Tzin) [1982236] - net/mlx5e: Mutually exclude setting of TX-port-TS and MQPRIO in channel mode (Amir Tzin) [1982236] - net/mlx5e: Fix condition when retrieving PTP-rqn (Amir Tzin) [1982236] - net/mlx5: Fix inner TTC table creation (Amir Tzin) [1982236] - net/mlx5e: Fix division by 0 in mlx5e_select_queue for representors (Amir Tzin) [1982236] - net/mlx5e: Improve MQPRIO resiliency (Amir Tzin) [1982236] - net/mlx5e: Support MQPRIO channel mode (Amir Tzin) [1982236] - net/mlx5e: Handle errors of netdev_set_num_tc() (Amir Tzin) [1982236] - net/mlx5e: Maintain MQPRIO mode parameter (Amir Tzin) [1982236] - net/mlx5e: Abstract MQPRIO params (Amir Tzin) [1982236] - net/mlx5e: Support flow classification into RSS contexts (Amir Tzin) [1982236] - net/mlx5e: Support multiple RSS contexts (Amir Tzin) [1982236] - net/mlx5e: Dynamically allocate TIRs in RSS contexts (Amir Tzin) [1982236] - net/mlx5e: Convert RSS to a dedicated object (Amir Tzin) [1982236] - net/mlx5e: Introduce abstraction of RSS context (Amir Tzin) [1982236] - net/mlx5e: Introduce TIR create/destroy API in rx_res (Amir Tzin) [1982236] - net/mlx5e: Do not try enable RSS when resetting indir table (Amir Tzin) [1982236] - net/mlx5: Embed mlx5_ttc_table (Amir Tzin) [1982236] - net/mlx5: Move TTC logic to fs_ttc (Amir Tzin) [1982236] - net/mlx5e: Decouple TTC logic from mlx5e (Amir Tzin) [1982236] - net/mlx5e: Rename some related TTC args and functions (Amir Tzin) [1982236] - net/mlx5e: Rename traffic type enums (Amir Tzin) [1982236] - net/mlx5e: Allocate the array of channels according to the real max_nch (Amir Tzin) [1982236] - net/mlx5e: Hide all implementation details of mlx5e_rx_res (Amir Tzin) [1982236] - net/mlx5e: Introduce mlx5e_channels API to get RQNs (Amir Tzin) [1982236] - net/mlx5e: Use a new initializer to build uniform indir table (Amir Tzin) [1982236] - net/mlx5e: Use the new TIR API for kTLS (Amir Tzin) [1982236] - net/mlx5e: Move management of indir traffic types to rx_res (Amir Tzin) [1982236] - net/mlx5e: Convert TIR to a dedicated object (Amir Tzin) [1982236] - net/mlx5e: Create struct mlx5e_rss_params_hash (Amir Tzin) [1982236] - net/mlx5e: Remove mdev from mlx5e_build_indir_tir_ctx_common() (Amir Tzin) [1982236] - net/mlx5e: Remove lro_param from mlx5e_build_indir_tir_ctx_common() (Amir Tzin) [1982236] - net/mlx5e: Remove mlx5e_priv usage from mlx5e_build_*tir_ctx*() (Amir Tzin) [1982236] - net/mlx5e: Use mlx5e_rqt_get_rqtn to access RQT hardware id (Amir Tzin) [1982236] - net/mlx5e: Take RQT out of TIR and group RX resources (Amir Tzin) [1982236] - net/mlx5e: Move RX resources to a separate struct (Amir Tzin) [1982236] - net/mlx5e: Move mlx5e_build_rss_params() call to init_rx (Amir Tzin) [1982236] - net/mlx5e: Convert RQT to a dedicated object (Amir Tzin) [1982236] - net/mlx5e: Check if inner FT is supported outside of create/destroy functions (Amir Tzin) [1982236] - net/mlx5: Take TIR destruction out of the TIR list lock (Amir Tzin) [1982236] - PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset (Myron Stowe) [2060122] - PCI/portdrv: Rename pm_iter() to pcie_port_device_iter() (Myron Stowe) [2060122] - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (Jerry Snitselaar) [2062094]

Solution(s)

  • oracle-linux-upgrade-kernel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;