Oracle Linux: (CVE-2022-22942) (Multiple Advisories): Unbreakable Enterprise kernel-container security update

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2022-9314:

[4.14.35-2047.512.6.el7] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774] [4.14.35-2047.512.5] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016} - rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923372] - btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149} - sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966} [4.14.35-2047.512.4] - Linux 4.14.265 (Greg Kroah-Hartman) - ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani) - EDAC/xgene: Fix deferred probing (Sergey Shtylyov) - EDAC/altera: Fix deferred probing (Sergey Shtylyov) - rtc: cmos: Evaluate century appropriate (Riwen Lu) - selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum) - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo) - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini) - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin) - drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter) - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson) - net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal) - net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal) - spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin) - spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard) - spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu) - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel) - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang) - RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky) - block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen) - drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez) - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown) - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown) - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown) - audit: improve audit queue handling when 'audit=1' on cmdline (Paul Moore) - af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet) - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet) - net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K) - net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju) - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov) - netfilter: nat: limit port clash resolution attempts (Florian Westphal) - netfilter: nat: remove l4 protocol port rovers (Florian Westphal) - bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann) - ipv4: raw: lock the socket in raw_bind() (Eric Dumazet) - yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua) - ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu) - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (Jose Exposito) - drm/msm: Fix wrong size calculation (Xianting Tian) - net-procfs: show net devices bound packet types (Jianguo Wu) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust) - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) - hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck) - ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long) - net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi) - ipv6_tunnel: Rate limit warning messages (Ido Schimmel) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini) - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke) - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar) - i40e: fix unsigned stat widths (Joe Damato) - i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski) - lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy) - powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy) - net: sfp: ignore disabled SFP node (Marek Behun) - usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern) - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti) - usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter) - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern) - tty: Add support for Brainboxes UC cards. (Cameron Williams) - tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com) - serial: stm32: fix software flow control transfer (Valentin Caron) - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso) - PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman) - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier) - s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik) - Bluetooth: refactor malicious adv data check (Brian Gix) - Linux 4.14.264 (Greg Kroah-Hartman) - can: bcm: fix UAF of bcm op (Ziyang Xuan) - Linux 4.14.263 (Greg Kroah-Hartman) - gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun) - gianfar: simplify FCS handling and fix memory leak (Andy Spencer) - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) - mips,s390,sh,sparc: gup: Work around the 'COW can break either way' issue (Ben Hutchings) - lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin) - scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer) - bcmgenet: add WOL IRQ check (Sergey Shtylyov) - net_sched: restore 'mpu xxx' handling (Kevin Bracey) - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus) - dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus) - dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus) - dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus) - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault) - netns: add schedule point in ops_exit_list() (Eric Dumazet) - net: axienet: fix number of TX ring slots for available check (Robert Hancock) - net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock) - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet) - parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin) - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz) - powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz) - powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell) - RDMA/rxe: Fix a typo in opcode name (Chengguang Xu) - RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu) - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn) - firmware: Update Kconfig help text for Google firmware (Ben Hutchings) - drm/radeon: fix error handling in radeon_driver_open_kms (Christian Konig) - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut) - ext4: don't use the orphan list when migrating an inode (Theodore Ts'o) - ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin) - ext4: set csum seed in tmp inode while migrating to extents (Luis Henriques) - ext4: make sure quota gets properly shutdown on error (Jan Kara) - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer) - cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin) - serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner) - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek) - power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy) - ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih) - scsi: sr: Don't use GFP_DMA (Christoph Hellwig) - MIPS: Octeon: Fix build errors using clang (Tianjia Zhang) - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D) - MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin) - ALSA: seq: Set upper limit of processed events (Takashi Iwai) - w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy) - i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund) - powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman) - i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit) - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin) - powerpc/btext: add missing of_node_put (Julia Lawall) - powerpc/cell: add missing of_node_put (Julia Lawall) - powerpc/powernv: add missing of_node_put (Julia Lawall) - powerpc/6xx: add missing of_node_put (Julia Lawall) - parisc: Avoid calling faulthandler_disabled() twice (John David Anglin) - serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner) - serial: pl010: Drop CR register reset on set_termios (Lukas Wunner) - net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle)) - dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber) - dm btree: add a defensive bounds check to insert_at() (Joe Thornber) - mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih) - net: mdio: Demote probed message to debug print (Florian Fainelli) - btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik) - btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik) - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov) - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki) - ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki) - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf) - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo) - um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap) - iwlwifi: remove module loading failure message (Johannes Berg) - iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg) - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen) - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng) - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding) - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson) - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) - media: igorplugusb: receiver overflow should be reported (Sean Young) - bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni) - net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar) - ath10k: Fix tx hanging (Sebastian Gottschall) - iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg) - media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab) - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard) - floppy: Add max size check for user space request (Xiongwei Song) - usb: uhci: add aspeed ast2600 uhci support (Neal Liu) - mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) - HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye) - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede) - drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch) - mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson) - media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma) - HID: apple: Do not reset quirks when the Fn key is not found (Jose Exposito) - usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti) - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs) - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen) - fs: dlm: filter user dlm messages for kernel locks (Alexander Aring) - Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun) - RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib) - mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap) - mips: lantiq: add support for clk_set_parent() (Randy Dunlap) - misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun) - ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang) - iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang) - dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann) - RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon) - scsi: ufs: Fix race conditions related to driver data (Bart Van Assche) - char/mwave: Adjust io port register size (Kees Cook) - ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui) - powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu) - RDMA/hns: Validate the pkey index (Kamal Heib) - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ext4: avoid trim error on fs with small groups (Jan Kara) - net: mcs7830: handle usb read errors properly (Pavel Skripkin) - pcmcia: fix setting of kthread task states (Dominik Brodowski) - can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang) - can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde) - tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun) - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin) - fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang) - ppp: ensure minimum packet size in ppp_write() (Eric Dumazet) - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang) - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang) - x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun) - usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun) - media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai) - media: dw2102: Fix use after free (Anton Vasilyev) - sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua) - media: si2157: Fix 'warm' tuner state detection (Robert Schlabbach) - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang) - media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang) - floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis) - serial: amba-pl011: do not request memory region twice (Lino Sanfilippo) - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang) - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang) - arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov) - netfilter: bridge: add support for pppoe filtering (Florian Westphal) - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld) - tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus) - tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus) - crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye) - media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai) - Bluetooth: stop proccessing malicious adv data (Pavel Skripkin) - media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu) - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue) - clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard) - clk: bcm-2835: Pick the closest clock rate (Maxime Ripard) - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai) - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li) - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li) - can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold) - media: stk1160: fix control-message timeouts (Johan Hovold) - media: pvrusb2: fix control-message timeouts (Johan Hovold) - media: redrat3: fix control-message timeouts (Johan Hovold) - media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron) - media: s2255: fix control-message timeouts (Johan Hovold) - media: cpia2: fix control-message timeouts (Johan Hovold) - media: em28xx: fix control-message timeouts (Johan Hovold) - media: mceusb: fix control-message timeouts (Johan Hovold) - media: flexcop-usb: fix control-message timeouts (Johan Hovold) - rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jonczyk) - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski) - HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke) - HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke) - HID: uhid: Fix worker destroying device without any protection (Jann Horn) - Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) - Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi) - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger) - media: uvcvideo: fix division by zero at stream start (Johan Hovold) - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET) - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor) - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor) - random: fix data race on crng init time (Eric Biggers) - random: fix data race on crng_node_pool (Eric Biggers) - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman) - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde) - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko) - USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (Alan Stern) - USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern) - Bluetooth: bfusb: fix division by zero in send path (Johan Hovold) - Linux 4.14.262 (Greg Kroah-Hartman) - mISDN: change function names to avoid conflicts (wolfgang huang) - net: udp: fix alignment problem in udp4_seq_show() (yangxingwu) - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao) - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng) - ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern) - ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern) - phonet: refcount leak in pep_sock_accep (Hangyu Hua) - rndis_host: support Hytera digital radios (Thomas Toye) - power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor) - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet) - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern) - ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern) - i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski) - i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu) - mac80211: initialize variable have_higher_than_11mbit (Tom Rix) - RDMA/core: Don't infoleak GRH fields (Leon Romanovsky) - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin) - virtio_pci: Support surprise removal of virtio pci device (Parav Pandit) - tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao) - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao) - Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai) [4.14.35-2047.512.3] - lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317} {CVE-2021-20317} - rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520] - uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655] - uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455] - sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297] - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448} - Linux 4.14.261 (Greg Kroah-Hartman) - sctp: use call_rcu to free endpoint (Xin Long) - net: fix use-after-free in tw_timer_handler (Muchun Song) - Input: spaceball - fix parsing of movement data packets (Leo L. Schwab) - Input: appletouch - initialize work before device registration (Pavel Skripkin) - binder: fix async_free_space accounting for empty parcels (Todd Kjos) - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier) - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman) - uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin) - nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski) - fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin) - NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun) - net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott) - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter) - selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix) - recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens) - platform/x86: apple-gmux: use resource_size() with res (Wang Qing) - HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede) - Linux 4.14.260 (Greg Kroah-Hartman) - phonet/pep: refuse to enable an unbound pipe (Remi Denis-Courmont) - hamradio: improve the incomplete fix to avoid NPD (Lin Ma) - hamradio: defer ax25 kfree after unregister_netdev (Lin Ma) - ax25: NPD bug when detaching AX25 device (Lin Ma) - hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck) - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson) - usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca) - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu) - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel) - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne) - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper) - Input: atmel_mxt_ts - fix double free in mxt_read_info_block (Jose Exposito) - ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King) - ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang) - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck) - sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang) - drivers: net: smc911x: Check for error irq (Jiasheng Jiang) - fjes: Check for error irq (Jiasheng Jiang) - bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera) - net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn) - qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang) - spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu) - HID: holtek: fix mouse probing (Benjamin Tissoires) - can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson) - net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski) - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Fix bug in retpoline mode on AMD with 'spectre_v2=none' (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502] - ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516} - ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516} - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847} - x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092] - udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617} - udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617} - scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182] - drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942} - drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330} - proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650] - rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767] - rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33819408] - Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698] - dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698] - dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698] - dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698] - dm: add dust target (Bryan Gurney) [Orabug: 33653698] - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002} - rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] - rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] - rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] - rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821341] - uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558] [4.14.35-2047.512.1] - Revert 'stable: clamp SUBLEVEL in 4.14' (Alan Maguire) [Orabug: 33861950] - tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435} {CVE-2022-0435} - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492} - blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945] - DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598] [4.14.35-2047.512.0] - bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734682] - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734682] - RDMA/rxe: Use correct sizing on buffers holding page DMA addresses (Shiraz Saleem) [Orabug: 33676942] - hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782835] - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33787546] - uek-rpm: Pensando: Enable Elba EDAC (Dave Kleikamp) [Orabug: 33831294] - dsc-drivers: update for 1.15.9-C-64 (Dave Kleikamp) [Orabug: 33831294] - drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 33831294] - drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 33831294] - arm64/configs: Remove CONFIG_PENSANDO_SOC_CAPMEM_HUGEPAGE (David Clear) [Orabug: 33831294] - drivers/soc/pensando: Add reset cause driver (David Clear) [Orabug: 33831294] - net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33811475] - x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33544127] - Linux 4.14.259 (Greg Kroah-Hartman) - xen/console: harden hvc_xen against event channel storms (Juergen Gross) - Input: touchscreen - avoid bitwise vs logical OR warning (Nathan Chancellor) - ARM: 8800/1: use choice for kernel unwinders (Stefan Agner) - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (Nathan Chancellor) - ARM: 8805/2: remove unneeded naked function usage (Nicolas Pitre) - net: lan78xx: Avoid unnecessary self assignment (Nathan Chancellor) - fuse: annotate lock in fuse_reverse_inval_entry() (Miklos Szeredi) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (Fabio Estevam) - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Sudeep Holla) - net: systemport: Add global locking for descriptor lifecycle (Florian Fainelli) - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (George Kennedy) - timekeeping: Really make sure wall_to_monotonic isn't positive (Yu Liao) - USB: serial: option: add Telit FN990 compositions (Daniele Palmas) - PCI/MSI: Mask MSI-X vectors only on success (Stefan Roese) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (Thomas Gleixner) - USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) - sit: do not call ipip6_dev_free() from sit_init_net() (Eric Dumazet) - net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) - ixgbe: set X550 MDIO speed before talking to PHY (Cyril Novikov) - igbvf: fix double free in 'igbvf_probe' (Letu Ren) - soc/tegra: fuse: Fix bitwise vs. logical OR warning (Nathan Chancellor) - dmaengine: st_fdma: fix MODULE_ALIAS (Alyssa Ross) - ARM: socfpga: dts: fix qspi node compatible (Dinh Nguyen) - x86/sme: Explicitly map new EFI memmap table as encrypted (Tom Lendacky) - nfsd: fix use-after-free due to delegation race (J. Bruce Fields) - audit: improve robustness of the audit queue handling (Paul Moore) - dm btree remove: fix use after free in rebalance_children() (Joe Thornber) - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (Jerome Marchand) - mac80211: send ADDBA requests using the tid/queue of the aggregation session (Felix Fietkau) - hwmon: (dell-smm) Fix warning on /proc/i8k creation error (Armin Wolf) - bpf: fix panic due to oob in bpf_prog_test_run_skb (Daniel Borkmann) - tracing: Fix a kmemleak false positive in tracing_map (Chen Jun) - net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Harshit Mogalapalli) - i2c: rk3x: Handle a spurious start completion interrupt flag (Ondrej Jirman) - parisc/agp: Annotate parisc agp init functions with __init (Helge Deller) - net/mlx4_en: Update reported link modes for 1/10G (Erik Ekman) - drm/msm/dsi: set default num_data_lanes (Philip Chen) - nfc: fix segfault in nfc_genl_dump_devices_done (Tadeusz Struk) - Linux 4.14.258 (Greg Kroah-Hartman) - irqchip: nvic: Fix offset for Interrupt Priority Offsets (Vladimir Murzin) - irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (Wudi Wang) - irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (Pali Rohar) - irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (Pali Rohar) - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (Yang Yingliang) - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (Evgeny Boger) - iio: dln2: Check return value of devm_iio_trigger_register() (Lars-Peter Clausen) - iio: dln2-adc: Fix lockdep complaint (Noralf Tronnes) - iio: itg3200: Call iio_trigger_notify_done() on error (Lars-Peter Clausen) - iio: kxsd9: Don't return error code in trigger handler (Lars-Peter Clausen) - iio: ltr501: Don't return error code in trigger handler (Lars-Peter Clausen) - iio: mma8452: Fix trigger reference couting (Lars-Peter Clausen) - iio: stk3310: Don't return error code in interrupt handler (Lars-Peter Clausen) - iio: trigger: stm32-timer: fix MODULE_ALIAS (Alyssa Ross) - iio: trigger: Fix reference counting (Lars-Peter Clausen) - usb: core: config: using bit mask instead of individual bits (Pavel Hofman) - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (Kai-Heng Feng) - usb: core: config: fix validation of wMaxPacketValue entries (Pavel Hofman) - USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) - USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) - net/qla3xxx: fix an error code in ql_adapter_up() (Dan Carpenter) - net, neigh: clear whole pneigh_entry at alloc time (Eric Dumazet) - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (Joakim Zhang) - net: altera: set a couple error code in probe() (Dan Carpenter) - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (Lee Jones) - qede: validate non LSO skb length (Manish Chopra) - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (Davidlohr Bueso) - tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware)) - signalfd: use wake_up_pollfree() (Eric Biggers) - binder: use wake_up_pollfree() (Eric Biggers) - wait: add wake_up_pollfree() (Eric Biggers) - libata: add horkage for ASMedia 1092 (Hannes Reinecke) - can: m_can: Disable and ignore ELO interrupt (Brian Silverman) - can: pch_can: pch_can_rx_normal: fix use after free (Vincent Mailhol) - tracefs: Have new files inherit the ownership of their parent (Steven Rostedt (VMware)) - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (Takashi Iwai) - ALSA: pcm: oss: Limit the period size to 16MB (Takashi Iwai) - ALSA: pcm: oss: Fix negative period/buffer sizes (Takashi Iwai) - ALSA: ctl: Fix copy of updated id with element read/write (Alan Young) - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (Manjong Lee) - IB/hfi1: Correct guard on eager buffer deallocation (Mike Marciniszyn) - seg6: fix the iif in the IPv6 socket control block (Andrea Mayer) - nfp: Fix memory leak in nfp_cpp_area_cache_add() (Jianglei Nie) - bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (Krzysztof Kozlowski) - can: sja1000: fix use after free in ems_pcmcia_add_card() (Dan Carpenter) - HID: check for valid USB device for many HID drivers (Greg Kroah-Hartman) - HID: wacom: fix problems when device is not a valid USB device (Greg Kroah-Hartman) - HID: add USB_HID dependancy on some USB HID drivers (Greg Kroah-Hartman) - HID: add USB_HID dependancy to hid-chicony (Greg Kroah-Hartman) - HID: add USB_HID dependancy to hid-prodikeys (Greg Kroah-Hartman) - HID: add hid_is_usb() function to make it simpler for USB detection (Greg Kroah-Hartman) - Linux 4.14.257 (Greg Kroah-Hartman) {CVE-2021-38199} - parisc: Mark cr16 CPU clocksource unstable on all SMP machines (Helge Deller) - serial: core: fix transmit-buffer reset and memleak (Johan Hovold) - serial: pl011: Add ACPI SBSA UART match id (Pierre Gondois) - tty: serial: msm_serial: Deactivate RX DMA for polling support (Sven Eckelmann) - x86/64/mm: Map all kernel memory into trampoline_pgd (Joerg Roedel) - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (Badhri Jagan Sridharan) - xhci: Fix commad ring abort, write all 64 bits to CRCR register. (Mathias Nyman) - vgacon: Propagate console boot parameters before calling 'vc_resize' (Maciej W. Rozycki) - parisc: Fix 'make install' on newer debian releases (Helge Deller) - parisc: Fix KBUILD_IMAGE for self-extracting kernel (Helge Deller) - net/smc: Keep smc_close_final rc during active close (Tony Lu) - net/rds: correct socket tunable error in rds_tcp_tune() (William Kucharski) - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (Sven Schuchmann) - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (Zhou Qingyang) - siphash: use _unaligned version by default (Arnd Bergmann) - net: mpls: Fix notifications when deleting a device (Benjamin Poirier) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (Zhou Qingyang) - natsemi: xtensa: fix section mismatch warnings (Randy Dunlap) - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (Baokun Li) - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (Baokun Li) - kprobes: Limit max data_size of the kretprobe instances (Masami Hiramatsu) - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (Stephen Suryaputra) - perf hist: Fix memory leak of a perf_hpp_fmt (Ian Rogers) - net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() (Teng Qi) - net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound (zhangyue) - ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Teng Qi) - scsi: iscsi: Unblock session then wake up error handler (Mike Christie) - thermal: core: Reset previous low and high trip during thermal zone init (Manaf Meethalavalappu Pallikunhi) - btrfs: check-integrity: fix a warning on write caching disabled disk (Wang Yugui) - s390/setup: avoid using memblock_enforce_memory_limit (Vasily Gorbik) - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (Slark Xiao) - net: return correct error code (liuguoqiang) - NFSv42: Fix pagecache invalidation after COPY/CLONE (Benjamin Coddington) - ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) - shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) - tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) - xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) - fuse: release pipe buf after last use (Miklos Szeredi) - NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) - arm64: dts: marvell: armada-37xx: declare PCIe reset pin (Miquel Raynal) - pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) - pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup (Gregory CLEMENT) - pinctrl: armada-37xx: Correct mpp definitions (Marek Behun) - PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) - PCI: aardvark: Fix link training (Pali Rohar) - PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) - PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) - PCI: aardvark: Remove PCIe outbound window configuration (Evan Wang) - PCI: aardvark: Update comment about disabling link training (Pali Rohar) - PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) - PCI: aardvark: Fix compilation on s390 (Pali Rohar) - PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) - PCI: aardvark: Introduce an advk_pcie_valid_device() helper (Thomas Petazzoni) - PCI: aardvark: Indicate error in 'val' when config read fails (Pali Rohar) - PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) - PCI: aardvark: Issue PERST via GPIO (Pali Rohar) - PCI: aardvark: Improve link training (Marek Behun) - PCI: aardvark: Train link immediately after enabling training (Pali Rohar) - PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) - PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (Wen Yang) - PCI: aardvark: Fix I/O space page leak (Sergei Shtylyov) - s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) - tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) - vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) - net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) - MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) - net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) - ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) - drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) - scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) - NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) - net: ieee802154: handle iftypes as u32 (Alexander Aring) - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) - ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) - netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) - tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) - xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) - xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) - fuse: fix page stealing (Miklos Szeredi) - staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) - HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) - media: cec: copy sequence field for the reply (Hans Verkuil) - ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) - usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) - usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) - USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) - USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas)