Unbreakable Enterprise kernel security update

[4.14.35-2047.533.3]

• net: rfkill: gpio: set GPIO direction (Rouven Czerwinski)
• sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185208]
• IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229]
• sched/rt: pick_next_rt_entity(): check list_entry (Pietro Borrello) [Orabug: 35181559] {CVE-2023-1077}
  [4.14.35-2047.533.2]
• LTS version: 4.14.334 (Yifei Liu)
• powerpc/ftrace: Fix stack teardown in ftrace_no_trace (Naveen N Rao)
• powerpc/ftrace: Create a dummy stackframe to fix stack unwind (Naveen N Rao)
• ring-buffer: Fix memory leak of free page (Steven Rostedt (Google))
• team: Fix use-after-free when an option instance allocation fails (Florent Revest)
• ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS (Baokun Li)
• HID: hid-asus: add const to read-only outgoing usb buffer (Denis Benato)
• net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (Lech Perczak)
• asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation (Linus Torvalds)
• HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad (Aoba K)
• HID: hid-asus: reset the backlight brightness level on resume (Denis Benato)
• platform/x86: intel_telemetry: Fix kernel doc descriptions (Andy Shevchenko)
• bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (Coly Li)
• blk-throttle: fix lockdep warning of ‘cgroup_mutex or RCU read lock required!’ (Ming Lei)
• appletalk: Fix Use-After-Free in atalk_ioctl (Hyunwoo Kim)
• vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (Nikolay Kuratov)
• sign-file: Fix incorrect return values check (Yusong Gao)
• net: Remove acked SYN flag from packet in the transmit queue correctly (Dong Chenchen)
• qed: Fix a potential use-after-free in qed_cxt_tables_alloc (Dinghao Liu)
• net/rose: Fix Use-After-Free in rose_ioctl (Hyunwoo Kim)
• atm: Fix Use-After-Free in do_vcc_ioctl (Hyunwoo Kim)
• atm: solos-pci: Fix potential deadlock on &tx_queue_lock (Chengfeng Ye)
• atm: solos-pci: Fix potential deadlock on &cli_queue_lock (Chengfeng Ye)
• qca_spi: Fix reset behavior (Stefan Wahren)
• qca_debug: Fix ethtool -G iface tx behavior (Stefan Wahren)
• qca_debug: Prevent crash on TX ring changes (Stefan Wahren)
• LTS version: 4.14.333 (Yifei Liu)
• drop_monitor: Require ‘CAP_SYS_ADMIN’ when joining ‘events’ group (Ido Schimmel)
• psample: Require ‘CAP_NET_ADMIN’ when joining ‘packets’ group (Ido Schimmel)
• genetlink: add CAP_NET_ADMIN test for multicast bind (Ido Schimmel)
• netlink: don’t call ->netlink_bind with table lock held (Ido Schimmel)
• nilfs2: fix missing error check for sb_set_blocksize call (Ryusuke Konishi)
• KVM: s390/mm: Properly reset no-dat (Claudio Imbrenda)
• serial: 8250_omap: Add earlycon support for the AM654 UART controller (Ronald Wahl)
• serial: sc16is7xx: address RX timeout interrupt errata (Daniel Mack)
• parport: Add support for Brainboxes IX/UC/PX parallel cards (Cameron Williams)
• packet: Move reference count in packet_sock to atomic_long_t (Daniel Borkmann)
• tracing: Fix a possible race when disabling buffered events (Petr Pavlu)
• tracing: Fix incomplete locking when disabling buffered events (Petr Pavlu)
• tracing: Always update snapshot buffer size (Steven Rostedt (Google))
• nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (Ryusuke Konishi)
• ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (Jason Zhang)
• scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (Dinghao Liu)
• tracing: Fix a warning when allocating buffered events fails (Petr Pavlu)
• hwmon: (acpi_power_meter) Fix 4.29 MW bug (Armin Wolf)
• RDMA/bnxt_re: Correct module description string (Kalesh AP)
• tcp: do not accept ACK of bytes we never sent (Eric Dumazet)
• net: hns: fix fake link up on xge port (Yonglong Liu)
• drm/amdgpu: correct chunk_ptr to a pointer to chunk. (YuanShang)
• tg3: Increment tx_dropped in tg3_tso_bug() (Alex Pakhunov)
• tg3: Move the [rt]x_dropped counters to tg3_napi (Alex Pakhunov)
• LTS version: 4.14.332 (Yifei Liu)
• driver core: Release all resources during unbind before updating device links (Saravana Kannan)
• net: ravb: Start TX queues after HW initialization succeeded (Claudiu Beznea)
• ravb: Fix races between ravb_tx_timeout_work() and net related ops (Yoshihiro Shimoda)
• ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Zhengchao Shao)
• btrfs: send: ensure send_fd is writable (Jann Horn)
• btrfs: fix off-by-one when checking chunk map includes logical address (Filipe Manana)
• powerpc: Don’t clobber f0/vs0 during fp|altivec register save (Timothy Pearson)
• dm verity: don’t perform FEC for failed readahead IO (Wu Bo)
• dm-verity: align struct dm_verity_fec_io properly (Mikulas Patocka)
• firewire: core: fix possible memory leak in create_units() (Yang Yingliang)
• pinctrl: avoid reload of p state in list iteration (Maria Yu)
• usb: dwc3: set the dma max_seg_size (Ricardo Ribalda)
• USB: serial: option: don’t claim interface 4 for ZTE MF290 (Lech Perczak)
• USB: serial: option: fix FM101R-GL defines (Puliang Lu)
• USB: serial: option: add Fibocom L7xx modules (Victor Fragoso)
• bcache: prevent potential division by zero error (Rand Deeb)
• bcache: check return value from btree_node_alloc_replacement() (Coly Li)
• USB: serial: option: add Luat Air72*U series products (Asuna Yang)
• s390/dasd: protect device queue against concurrent access (Jan Hoppner)
• mtd: rawnand: brcmnand: Fix ecc chunk calculation for erased page bitfips (Claire Lin)
• net: axienet: Fix check for partial TX checksum (Samuel Holland)
• amd-xgbe: propagate the correct speed and duplex status (Raju Rangoju)
• amd-xgbe: handle corner-case during sfp hotplug (Raju Rangoju)
• arm/xen: fix xen_vcpu_info allocation alignment (Stefano Stabellini)
• net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez)
• ipv4: Correct/silence an endian warning in __ip_do_redirect (Kunwu Chan)
• drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (Jonas Karlman)
• ata: pata_isapnp: Add missing error check for devm_ioport_map() (Chen Ni)
• drm/panel: simple: Fix Innolux G101ICE-L01 timings (Marek Vasut)
• RDMA/irdma: Prevent zero-length STAG registration (Christopher Bednarz)
• LTS version: 4.14.331 (Yifei Liu)
• net: sched: fix race condition in qdisc_graft() (Eric Dumazet)
• scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids (Dongli Zhang)
• ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (Kemeng Shi)
• ext4: correct return value of ext4_convert_meta_bg (Kemeng Shi)
• ext4: correct offset of gdb backup in non meta_bg group to update_backups (Kemeng Shi)
• ext4: apply umask if ACL support is disabled (Max Kellermann)
• media: venus: hfi: fix the check to handle session buffer requirement (Vikash Garodia)
• media: sharp: fix sharp encoding (Sean Young)
• i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (Heiner Kallweit)
• net: dsa: lan9303: consequently nested-lock physical MDIO (Alexander Sverdlin)
• ALSA: info: Fix potential deadlock at disconnection (Takashi Iwai)
• parisc/pgtable: Do not drop upper 5 address bits of physical address (Helge Deller)
• parisc: Prevent booting 64-bit kernels on PA1.x machines (Helge Deller)
• mcb: fix error handling for different scenarios when parsing (Sanjuan Garcia, Jorge)
• jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (Zhihao Cheng)
• genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (Herve Codina)
• mmc: meson-gx: Remove setting of CMD_CFG_ERROR (Rong Chen)
• PM: hibernate: Clean up sync_read handling in snapshot_write_next() (Brian Geffon)
• PM: hibernate: Use __get_safe_page() rather than touching the list (Brian Geffon)
• mmc: vub300: fix an error code (Dan Carpenter)
• PCI/sysfs: Protect driver’s D3cold preference from user space (Lukas Wunner)
• hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (David Woodhouse)
• audit: don’t WARN_ON_ONCE(!current->mm) in audit_exe_compare() (Paul Moore)
• audit: don’t take task_lock() in audit_exe_compare() code path (Paul Moore)
• KVM: x86: Ignore MSR_AMD64_TW_CFG access (Maciej S. Szmigiero)
• randstruct: Fix gcc-plugin performance mode to stay in group (Kees Cook)
• media: venus: hfi: add checks to perform sanity on queue pointers (Vikash Garodia)
• pwm: Fix double shift bug (Dan Carpenter)
• gfs2: ignore negated quota changes (Bob Peterson)
• media: vivid: avoid integer overflow (Hans Verkuil)
• media: gspca: cpia1: shift-out-of-bounds in set_flicker (Rajeshwar R Shinde)
• i2c: sun6i-p2wi: Prevent potential division by zero (Axel Lin)
• tty: vcc: Add check for kstrdup() in vcc_probe() (Yi Yang)
• scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (Wenchao Hao)
• atm: iphase: Do PCI error checks on own line (Ilpo Jarvinen)
• ALSA: hda: Fix possible null-ptr-deref when assigning a stream (Cezary Rojewski)
• jfs: fix array-index-out-of-bounds in diAlloc (Manas Ghandat)
• jfs: fix array-index-out-of-bounds in dbFindLeaf (Manas Ghandat)
• fs/jfs: Add validity check for db_maxag and db_agpref (Juntong Deng)
• fs/jfs: Add check for negative db_l2nbperpage (Juntong Deng)
• RDMA/hfi1: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen)
• crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin)
• selftests/efivarfs: create-read: fix a resource leak (zhujun2)
• drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (Mario Limonciello)
• drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (Mario Limonciello)
• net: annotate data-races around sk->sk_dst_pending_confirm (Eric Dumazet)
• wifi: ath10k: fix clang-specific fortify warning (Dmitry Antipov)
• wifi: ath9k: fix clang-specific fortify warnings (Dmitry Antipov)
• wifi: mac80211: don’t return unset power in ieee80211_get_tx_power() (Ping-Ke Shih)
• x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size (Mike Rapoport (IBM))
• clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (Ronald Wahl)
• clocksource/drivers/timer-imx-gpt: Fix potential memory leak (Jacky Bai)
• locking/ww_mutex/test: Fix potential workqueue corruption (John Stultz)
• LTS version: 4.14.330 (Yifei Liu)
• btrfs: use u64 for buffer sizes in the tree search ioctls (Filipe Manana)
• fbdev: fsl-diu-fb: mark wr_reg_wa() static (Arnd Bergmann)
• netfilter: xt_recent: fix (increase) ipv6 literal buffer length (Maciej Zenczykowski)
• tg3: power down device only on SYSTEM_POWER_OFF (George Shuklin)
• dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. (Kuniyuki Iwashima)
• dccp: Call security_inet_conn_request() after setting IPv4 addresses. (Kuniyuki Iwashima)
• tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Shigeru Yoshida)
• llc: verify mac len before reading mac header (Willem de Bruijn)
• pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (Florian Fainelli)
• media: s3c-camif: Avoid inappropriate kfree() (Katya Orlova)
• pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (Yang Yingliang)
• pcmcia: ds: fix refcount leak in pcmcia_device_add() (Yang Yingliang)
• pcmcia: cs: fix possible hung task and memory leak pccardd() (Yang Yingliang)
• dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (Christophe JAILLET)
• USB: usbip: fix stub_dev hub disconnect (Jonas Blixt)
• misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() (Jinjie Ruan)
• dmaengine: ti: edma: handle irq_of_parse_and_map() errors (Dan Carpenter)
• usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (Jia-Ju Bai)
• tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (Yi Yang)
• mfd: dln2: Fix double put in dln2_probe (Dinghao Liu)
• ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (Cezary Rojewski)
• sh: bios: Revive earlyprintk support (Geert Uytterhoeven)
• RDMA/hfi1: Workaround truncation compilation error (Leon Romanovsky)
• ext4: move ‘ix’ sanity check to corrent position (Gou Hao)
• ARM: 9321/1: memset: cast the constant byte to unsigned char (Kursad Oney)
• hwrng: geode - fix accessing registers (Jonas Gorski)
• firmware: ti_sci: Mark driver as non removable (Dhruva Gole)
• ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator (Krzysztof Kozlowski)
• drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (Christophe JAILLET)
• drm/radeon: possible buffer overflow (Konstantin Meskhidze)
• drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (Jonas Karlman)
• platform/x86: wmi: Fix probe failure when failing to register WMI devices (Armin Wolf)
• clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (Jiasheng Jiang)
• clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (Jiasheng Jiang)
• clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (Dan Carpenter)
• clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (Devi Priya)
• ipv6: avoid atomic fragment on GSO packets (Yan Zhai)
• ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (Christophe JAILLET)
• thermal: core: prevent potential string overflow (Dan Carpenter)
• wifi: rtlwifi: fix EDCA limit set by BT coexistence (Dmitry Antipov)
• tcp_metrics: do not create an entry from tcp_init_metrics() (Eric Dumazet)
• tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() (Eric Dumazet)
• i40e: fix potential memory leaks in i40e_remove() (Andrii Staikov)
• LTS version: 4.14.329 (Yifei Liu)
• tty: 8250: Add support for Intashield IS-100 (Cameron Williams)
• tty: 8250: Add support for Brainboxes UP cards (Cameron Williams)
• tty: 8250: Add support for additional Brainboxes UC cards (Cameron Williams)
• tty: 8250: Remove UC-257 and UC-431 (Cameron Williams)
• usb: storage: set 1.50 as the lower bcdDevice for older ‘Super Top’ compatibility (LihaSika)
• PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (Vicki Pfau)
• remove the sx8 block driver (Christoph Hellwig)
• ata: ahci: fix enum constants for gcc-13 (Arnd Bergmann)
• net: chelsio: cxgb4: add an error code check in t4_load_phy_fw (Su Hui)
• platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (Hans de Goede)
• scsi: mpt3sas: Fix in error path (Tomas Henzl)
• fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (Jorge Maidana)
• ASoC: rt5650: fix the wrong result of key button (Shuming Fan)
• netfilter: nfnetlink_log: silence bogus compiler warning (Florian Westphal)
• fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (Arnd Bergmann)
• Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (Dmitry Torokhov)
• dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (Zhang Shurong)
• irqchip/stm32-exti: add missing DT IRQ flag translation (Ben Wolsieffer)
• ASoC: simple-card: fixup asoc_simple_probe() error handling (Kuninori Morimoto)
• x86: Fix .brk attribute in linker script (Juergen Gross)
• rpmsg: Fix possible refcount leak in rpmsg_register_device_override() (Hangyu Hua)
• rpmsg: glink: Release driver_override (Bjorn Andersson)
• rpmsg: Fix calling device_lock() on non-initialized device (Krzysztof Kozlowski)
• rpmsg: Fix kfree() of static memory on setting driver_override (Krzysztof Kozlowski)
• driver: platform: Add helper for safer setting of driver_override (Krzysztof Kozlowski)
• x86/mm: Fix RESERVE_BRK() for older binutils (Josh Poimboeuf)
• x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf)
• x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility (Thomas Gleixner)
• nfsd: lock_rename() needs both directories to live on the same fs (Al Viro)
• f2fs: fix to do sanity check on inode type during garbage collection (Chao Yu)
• kobject: Fix slab-out-of-bounds in fill_kobj_path() (Wang Hai)
• drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (Lukasz Majczak)
• ARM: 8933/1: replace Sun/Solaris style flag on section directive (Nick Desaulniers)
• i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina)
• i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (Herve Codina)
• i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina)
• i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (Ivan Vecera)
• gtp: uapi: fix GTPA_MAX (Pablo Neira Ayuso)
• tcp: fix wrong RTO timeout when received SACK reneging (Fred Chen)
• r8152: Increase USB control msg timeout to 5000ms as per spec (Douglas Anderson)
• igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (Mateusz Palczewski)
• treewide: Spelling fix in comment (Kunwu Chan)
• virtio_balloon: Fix endless deflation and inflation on arm64 (Gavin Shan)
• mcb-lpc: Reallocate memory region to avoid memory overlapping (Rodriguez Barbarin, Jose Javier)
• mcb: Return actual parsed size when reading chameleon table (Rodriguez Barbarin, Jose Javier)
  [4.14.35-2047.533.1]
• vhost-scsi: fix vqs allocation memory corruption (Dongli Zhang) [Orabug: 36110885]
• xfs: try to avoid allocation blocking on busy extents (Mark Tinguely) [Orabug: 35960820]
• KVM: x86: Don’t unnecessarily force masterclock update on vCPU hotplug (Sean Christopherson) [Orabug: 35910097]
  [4.14.35-2047.532.3]
• Revert ‘mmc: core: Capture correct oemid-bits for eMMC cards’ (Dominique Martinet)
• media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil)
• perf/core: Fix potential NULL deref (Peter Zijlstra)
  [4.14.35-2047.532.2]
• x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl (Andrea Arcangeli) [Orabug: 35905888]
• LTS version: 4.14.328 (Saeed Mirzamohammadi)
• Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz)
• Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook)
• Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD)
• gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen)
• s390/pci: fix iommu bitmap allocation (Niklas Schnelle)
• perf: Disallow mis-matched inherited group reads (Saeed Mirzamohammadi)
• USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu)
• USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoit Monin)
• USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda)
• ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L)
• Revert ‘pinctrl: avoid unsafe code pattern in find_pinctrl()’ (Andy Shevchenko)
• mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman)
• sky2: Make sure there is at least one frag_addr available (Kees Cook)
• wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg)
• wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong)
• Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz)
• Bluetooth: Avoid redundant authentication (Ying Hsu)
• HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke)
• tracing: relax trace_event_eval_update() execution with cond_resched() (Clement Leger)
• ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal)
• gpio: timberdale: Fix potential deadlock on &tgpio->lock (Chengfeng Ye)
• overlayfs: set ctime when setting mtime and atime (Jeff Layton)
• i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit)
• btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik)
• ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren)
• i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt)
• net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter)
• net: rfkill: gpio: prevent value glitch during probe (Josua Mayer)
• net: ipv6: fix return value check in esp_remove_trailer (Ma Ke)
• net: ipv4: fix return value check in esp_remove_trailer (Ma Ke)
• xfrm: fix a data-race in xfrm_gen_index() (Saeed Mirzamohammadi)
• netfilter: nft_payload: fix wrong mac header matching (Florian Westphal)
• KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson)
• regmap: fix NULL deref on lookup (Johan Hovold)
• nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski)
• Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann)
• Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz)
• Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy)
• Bluetooth: Fix a refcnt underflow problem for hci_conn (Ziyang Xuan)
• Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi)
• Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi)
• usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Canuelo)
• x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD))
• usb: gadget: ncm: Handle decoding of multiple NTB’s in unwrap call (Krishna Kurapati)
• usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta)
• pinctrl: avoid unsafe code pattern in find_pinctrl() (Dmitry Torokhov)
• cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutny)
• Input: xpad - add PXN V900 support (Matthias Berndt)
• Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco)
• ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li)
• mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia)
• iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl)
• iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell)
• usb: musb: Modify the ‘HWVers’ register address (Xingxing Luo)
• usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo)
• net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (Javier Carrasco)
• usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng)
• workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long)
• nfc: nci: assert requested protocol is valid (Jeremy Cline)
• ixgbe: fix crash with empty VF macvlan list (Dan Carpenter)
• drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze)
• ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu)
• drm: etvnaviv: fix bad backport leading to warning (Martin Fuzzey)
• HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede)
• RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev)
• LTS version: 4.14.327 (Saeed Mirzamohammadi)
• parisc: Restore __ldcw_align for PA-RISC 2.0 processors (John David Anglin)
• RDMA/mlx5: Fix NULL string error (Shay Drory)
• RDMA/cma: Fix truncation compilation warning in make_cma_ports (Leon Romanovsky)
• gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (Bartosz Golaszewski)
• IB/mlx4: Fix the size of a buffer in add_port_entries() (Christophe JAILLET)
• cpupower: add Makefile dependencies for install targets (Ivan Babrou)
• sctp: update hb timer immediately after users change hb_interval (Xin Long)
• sctp: update transport state when processing a dupcook packet (Xin Long)
• tcp: fix delayed ACKs for MSS boundary condition (Neal Cardwell)
• net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida)
• ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (David Howells)
• modpost: add missing else to the ‘of’ check (Mauricio Faria de Oliveira)
• scsi: target: core: Fix deadlock due to recursive locking (Junxiao Bi)
• regmap: rbtree: Fix wrong register marked as in-cache when creating new node (Richard Fitzgerald)
• drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() (Alexandra Diupina)
• ubi: Refuse attaching if mtd’s erasesize is 0 (Zhihao Cheng)
• wifi: mwifiex: Fix tlv_buf_left calculation (Gustavo A. R. Silva)
• scsi: zfcp: Fix a double put in zfcp_port_enqueue() (Dinghao Liu)
• media: dvb: symbol fixup for dvb_attach() - again (Greg Kroah-Hartman)
• ata: libata: disallow dev-initiated LPM transitions to unsupported states (Niklas Cassel)
• net/sched: sch_hfsc: Ensure inner classes have fsc curve (Budimir Markovic) [Orabug: 35810543] {CVE-2023-4623}
• ext4: fix rec_len verify error (Shida Zhang)
• vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (George Kennedy)
• fs: binfmt_elf_efpic: fix personality for ELF-FDPIC (Greg Ungerer)
• ata: libata-sata: increase PMP SRST timeout to 10s (Matthias Schiffer)
• ata: libata-core: Fix port and device removal (Damien Le Moal)
• ata: libata-core: Fix ata_port_request_pm() locking (Damien Le Moal)
• btrfs: properly report 0 avail for very full file systems (Josef Bacik)
• i2c: i801: unregister tco_pdev in i801_probe() error path (Heiner Kallweit)
• ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (Niklas Cassel)
• nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (Pan Bian)
• serial: 8250_port: Check IRQ data before use (Andy Shevchenko)
• watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (Mika Westerberg)
• watchdog: iTCO_wdt: No need to stop the timer in probe (Mika Westerberg)
• ata: libahci: clear pending interrupt status (Szuying Chen)
• ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones (Hannes Reinecke)
• fbdev/sh7760fb: Depend on FB=y (Thomas Zimmermann)
• ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() (Niklas Cassel)
• ring-buffer: Avoid softlockup in ring_buffer_resize() (Zheng Yejian)
• selftests/ftrace: Correctly enable event in instance-event.tc (Zheng Yejian)
• parisc: irq: Make irq_stack_union static to avoid sparse warning (Helge Deller)
• parisc: iosapic.c: Fix sparse warnings (Helge Deller)
• parisc: sba: Fix compile warning wrt list of SBA devices (Helge Deller)
• xtensa: boot/lib: fix function prototypes (Max Filippov)
• xtensa: boot: don’t add include-dirs (Randy Dunlap)
• clk: tegra: fix error return case for recalc_rate (Timo Alho)
• i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (Xiaoke Wang)
• gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (Christophe JAILLET)
• team: fix null-ptr-deref when team device type is changed (Ziyang Xuan)
• powerpc/perf/hv-24x7: Update domain value check (Kajol Jain)
• ipv4: fix null-deref in ipv4_link_failure (Kyle Zeng)
• NFS/pNFS: Report EINVAL errors from connect() to the server (Trond Myklebust)
  [4.14.35-2047.532.1]
• rds/ib: Preserve dest qp num in the connect request (Arumugam Kolappan) [Orabug: 35649849]
• rds: Provision to allow all trace points at module load time (Arumugam Kolappan) [Orabug: 35355776]
  [4.14.35-2047.531.2]
• rtnetlink: Reject negative ifindexes in RTM_NEWLINK (Ido Schimmel) [Orabug: 35867429]
• Revert ‘rtnetlink: Reject negative ifindexes in RTM_NEWLINK’ (Boris Ostrovsky) [Orabug: 35867429]
• rds: Add proper refcnt when an RDS MR references an RDS Socket (Hakon Bugge) [Orabug: 35836950]
• rds: Check for UAF in rds_destroy_mr (Hakon Bugge) [Orabug: 35836950]
• xfs: reserve less log space when recovering log intent items (Darrick J. Wong) [Orabug: 35587163]
• xfs: reserve blocks for refcount / rmap log item recovery (Darrick J. Wong) [Orabug: 35587163]
• wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (Pin-yen Lin)
• dccp: fix dccp_v4_err()/dccp_v6_err() again (Eric Dumazet)
  [4.14.35-2047.531.1]
• ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block (Gautham Ananthakrishna) [Orabug: 35859332]
• bnxt_en: fix NULL dereference in bnxt_flash_package_from_file() (Samasth Norway Ananda) [Orabug: 35848949]
• LTS version: v4.14.326 (Saeed Mirzamohammadi)
• net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814287] {CVE-2023-4207}
• mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (William Zhang)
• mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller (William Zhang)
• mtd: rawnand: brcmnand: Fix potential false time out warning (William Zhang)
• mtd: rawnand: brcmnand: Fix crash during the panic_write (William Zhang)
• nfsd: fix change_info in NFSv4 RENAME replies (Jeff Layton)
• btrfs: fix lockdep splat and potential deadlock after failure running delayed items (Filipe Manana)
• attr: block mode changes of symlinks (Christian Brauner)
• md/raid1: fix error: ISO C90 forbids mixed declarations (Nigel Croxon)
• kobject: Add sanity check for kset->kobj.ktype in kset_register() (Zhen Lei)
• serial: cpm_uart: Avoid suspicious locking (Christophe Leroy)
• scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (Konstantin Shelekhin)
• usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (Ma Ke)
• media: pci: cx23885: replace BUG with error return (Hans Verkuil)
• media: tuners: qt1010: replace BUG_ON with a regular error (Hans Verkuil)
• iio: core: Use min() instead of min_t() to make code more robust (Andy Shevchenko)
• media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() (Zhang Shurong)
• media: anysee: fix null-ptr-deref in anysee_master_xfer (Zhang Shurong)
• media: af9005: Fix null-ptr-deref in af9005_i2c_xfer (Zhang Shurong)
• media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() (Zhang Shurong)
• media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (Zhang Shurong)
• powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (ruanjinjie)
• jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (Liu Shixin via Jfs-discussion)
• fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (Andrew Kanner)
• ext2: fix datatype of block number in ext2_xattr_set2() (Georg Ottinger)
• md: raid1: fix potential OOB in raid1_remove_disk() (Zhang Shurong)
• drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (Tuo Li)
• alx: fix OOB-read compiler warning (GONG, Ruiqi)
• tpm_tis: Resend command to recover from data transfer errors (Alexander Steffen)
• crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (Mark O’Donovan)
• wifi: mwifiex: fix fortify warning (Dmitry Antipov)
• wifi: ath9k: fix printk specifier (Dongliang Mu)
• hw_breakpoint: fix single-stepping when using bpf_overflow_handler (Tomislav Novak)
• ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (Jiri Slaby (SUSE))
• ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (Abhishek Mainkar)
• btrfs: output extra debug info if we failed to find an inline backref (Qu Wenruo)
• autofs: fix memory leak of waitqueues in autofs_catatonic_mode (Fedor Pchelkin)
• parisc: Drop loops_per_jiffy from per_cpu struct (Helge Deller)
• kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). (Kuniyuki Iwashima)
• ixgbe: fix timestamp configuration code (Vadim Fedorenko)
• kcm: Fix memory leak in error path of kcm_sendmsg() (Shigeru Yoshida)
• net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() (Hangyu Hua)
• ata: pata_ftide010: Add missing MODULE_DESCRIPTION (Damien Le Moal)
• ata: sata_gemini: Add missing MODULE_DESCRIPTION (Damien Le Moal)
• igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (Olga Zaborska)
• igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (Olga Zaborska)
• kcm: Destroy mutex in kcm_exit_net() (Shigeru Yoshida)
• net: sched: sch_qfq: Fix UAF in qfq_dequeue() (valis) [Orabug: 35814456] {CVE-2023-4921}
• af_unix: Fix data race around sk->sk_err. (Kuniyuki Iwashima)
• af_unix: Fix data-races around sk->sk_shutdown. (Kuniyuki Iwashima)
• af_unix: Fix data-race around unix_tot_inflight. (Kuniyuki Iwashima)
• af_unix: Fix data-races around user->unix_inflight. (Kuniyuki Iwashima)
• net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr (Alex Henrie)
• igb: disable virtualization features on 82580 (Corinna Vinschen)
• net: read sk->sk_family once in sk_mc_loop() (Eric Dumazet)
• pwm: lpc32xx: Remove handling of PWM channels (Vladimir Zapolskiy)
• watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (Raag Jadav)
• x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() (Sean Christopherson)
• NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (Fedor Pchelkin)
• clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (Dmitry Baryshkov)
• parisc: led: Reduce CPU overhead for disk & lan LED computation (Helge Deller)
• parisc: led: Fix LAN receive and transmit LEDs (Helge Deller)
• drm/ast: Fix DRAM init on AST2200 (Thomas Zimmermann)
• fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (Thomas Zimmermann)
• scsi: qla2xxx: Turn off noisy message log (Quinn Tran)
• scsi: qla2xxx: fix inconsistent TMF timeout (Quinn Tran)
• crypto: stm32 - fix loop iterating through scatterlist for DMA (Thomas Bourgoin)
• pstore/ram: Check start of empty przs during init (Enlin Mu)
• net: handle ARPHRD_PPP in dev_is_mac_header_xmit() (Nicolas Dichtel)
• X.509: if signature is unsupported skip validation (Thore Sommer)
• dccp: Fix out of bounds access in DCCP error handler (Jann Horn)
• parisc: Fix /proc/cpuinfo output for lscpu (Helge Deller)
• procfs: block chmod on /proc/thread-self/comm (Aleksa Sarai)
• Revert ‘PCI: Mark NVIDIA T4 GPUs to avoid bus reset’ (Bjorn Helgaas)
• ntb: Fix calculation ntb_transport_tx_free_entry() (Dave Jiang)
• ntb: Clean up tx tail index on link down (Dave Jiang)
• ntb: Drop packets when qp link is down (Dave Jiang)
• media: dvb: symbol fixup for dvb_attach() (Greg Kroah-Hartman)
• backlight/lv5207lp: Compare against struct fb_info.device (Thomas Zimmermann)
• backlight/bd6107: Compare against struct fb_info.device (Thomas Zimmermann)
• backlight/gpio_backlight: Compare against struct fb_info.device (Thomas Zimmermann)
• ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() (Gustavo A. R. Silva)
• ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (Takashi Iwai)
• PM / devfreq: Fix leak in devfreq_dev_release() (Boris Brezillon)
• igb: set max size RX buffer when store bad packet is enabled (Radoslaw Tyl) [Orabug: 35924097] {CVE-2023-45871}
• igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU (Eric Dumazet) [Orabug: 35924001] {CVE-2023-42752}
• dmaengine: ste_dma40: Add missing IRQ check in d40_probe (ruanjinjie)
• rpmsg: glink: Add check for kstrdup (Jiasheng Jiang)
• HID: multitouch: Correct devm device reference for hidinput input_dev name (Rahul Rameshbabu)
• Revert ‘IB/isert: Fix incorrect release of isert connection’ (Leon Romanovsky)
• amba: bus: fix refcount leak (Peng Fan)
• serial: tegra: handle clk prepare error in tegra_uart_hw_init() (Yi Yang)
• scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (Chengfeng Ye)
• scsi: core: Use 32-bit hostnum in scsi_host_lookup() (Tony Battersby)
• cgroup:namespace: Remove unused cgroup_namespaces_init() (Lu Jialin)
• USB: gadget: f_mass_storage: Fix unused variable warning (Alan Stern)
• media: go7007: Remove redundant if statement (Colin Ian King)
• dma-buf/sync_file: Fix docs syntax (Rob Clark)
• scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (Oleksandr Natalenko)
• scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (Oleksandr Natalenko)
• x86/APM: drop the duplicate APM_MINOR_DEV macro (Randy Dunlap)
• scsi: qla4xxx: Add length check when parsing nlattrs (Lin Ma)
• scsi: be2iscsi: Add length check when parsing nlattrs (Lin Ma)
• scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (Lin Ma)
• usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (Xu Yang)
• media: mediatek: vcodec: Return NULL if no vdec_fb is found (Irui Wang)
• media: cx24120: Add retval check for cx24120_message_send() (Daniil Dulov)
• media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (Christophe JAILLET)
• media: dib7000p: Fix potential division by zero (Daniil Dulov)
• drivers: usb: smsusb: fix error handling code in smsusb_init_device (Dongliang Mu)
• NFSD: da_addr_body field missing in some GETDEVICEINFO replies (Chuck Lever)
• fs: lockd: avoid possible wrong NULL parameter (Su Hui)
• jfs: validate max amount of blocks before allocation. (Alexei Filippov)
• powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (Russell Currey)
• nfs/blocklayout: Use the passed in gfp flags (Dan Carpenter)
• wifi: ath10k: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen)
• PCI: pciehp: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen)
• PCI: Mark NVIDIA T4 GPUs to avoid bus reset (Wu Zongyong)
• clk: sunxi-ng: Modify mismatched function name (Zhang Jianhua)
• drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (Minjie Du)
• ALSA: ac97: Fix possible error value of *rac97 (Su Hui)
• audit: fix possible soft lockup in __audit_inode_child() (Gaosheng Cui)
• smackfs: Prevent underflow in smk_set_cipso() (Dan Carpenter)
• of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() (Ruan Jinjie)
• drm: adv7511: Fix low refresh rate register for ADV7533/5 (Bogdan Togorean)
• ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) (Krzysztof Kozlowski)
• ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) (Krzysztof Kozlowski)
• ARM: dts: BCM53573: Add cells sizes to PCIe node (Rafal Milecki)
• netrom: Deny concurrent connect(). (Kuniyuki Iwashima)
• net: arcnet: Do not call kfree_skb() under local_irq_disable() (Jinjie Ruan)
• wifi: ath9k: use IS_ERR() with debugfs_create_dir() (Wang Ming)
• wifi: mwifiex: avoid possible NULL skb pointer dereference (Dmitry Antipov)
• wifi: ath9k: protect WMI command response buffer replacement with a lock (Fedor Pchelkin)
• wifi: mwifiex: Fix missed return in oob checks failed path (Polaris Pi)
• wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (Dmitry Antipov)
• fs: ocfs2: namei: check return value of ocfs2_add_entry() (Artem Chernyshev)
• lwt: Check LWTUNNEL_XMIT_CONTINUE strictly (Yan Zhai)
• crypto: caam - fix unchecked return value error (Gaurav Jain)
• net: tcp: fix unexcepted socket die when snd_wnd is 0 (Menglong Dong)
• Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (Yuanjun Gong)
• wifi: mwifiex: Fix OOB and integer underflow when rx packets (Polaris Pi)
• can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (Marc Kleine-Budde)
• spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (Zhang Shurong)
• regmap: rbtree: Use alloc_flags for memory allocations (Dan Carpenter)
• cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() (Liao Chang)
• fs: Fix error checking for d_hash_and_lookup() (Wang Ming)
• reiserfs: Check the return value from __getblk() (Matthew Wilcox)
• Revert ‘net: macsec: preserve ingress frame ordering’ (Sabrina Dubroca)
• udf: Handle error when adding extent to a file (Jan Kara)
• udf: Check consistency of Space Bitmap Descriptor (Vladislav Efanov)
• powerpc/32s: Fix assembler warning about r0 (Christophe Leroy)
• powerpc/32: Include .branch_lt in data section (Joel Stanley)
• ALSA: seq: oss: Fix racy open/close of MIDI devices (Takashi Iwai)
• cifs: add a warning when the in-flight count goes negative (Shyam Prasad N)
• sctp: handle invalid error codes without calling BUG() (Dan Carpenter)
• bnx2x: fix page fault following EEH recovery (David Christensen)
• netlabel: fix shift wrapping bug in netlbl_catmap_setlong() (Dmitry Mastykin)
• scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (Chengfeng Ye)
• idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM (Baoquan He)
• net: usb: qmi_wwan: add Quectel EM05GV2 (Martin Kohn)
• security: keys: perform capable check only on privileged operations (Christian Gottsche)
• ASoc: codecs: ES8316: Fix DMIC config (Edgar)
• fs/nls: make load_nls() take a const parameter (Saeed Mirzamohammadi)
• s390/dasd: use correct number of retries for ERP requests (Stefan Haberland)
• m68k: Fix invalid .section syntax (Ben Hutchings)
• ethernet: atheros: fix return value check in atl1c_tso_csum() (Yuanjun Gong)
• ASoC: da7219: Flush pending AAD IRQ when suspending (Dmytro Maluka)
• 9p: virtio: make sure ‘offs’ is initialized in zc_request (Dominique Martinet)
• lib/ubsan: remove returns-nonnull-attribute checks (Andrey Ryabinin)
• pinctrl: amd: Don’t show Invalid config param errors (Mario Limonciello)
• nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (Ryusuke Konishi)
• nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi)
• serial: sc16is7xx: fix bug when first setting GPIO direction (Hugo Villeneuve)
• Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (Zheng Wang) [Orabug: 35282808] {CVE-2023-1989}
• HID: wacom: remove the battery when the EKR is off (Aaron Armstrong Skomra)
• USB: serial: option: add FOXCONN T99W368/T99W373 product (Slark Xiao)
• USB: serial: option: add Quectel EM05G variant (0x030e) (Martin Kohn)
• modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules (Christoph Hellwig)
• rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff (Christoph Hellwig)
• mmc: au1xmmc: force non-modular build and remove symbol_get usage (Christoph Hellwig)
• ARM: pxa: remove use of symbol_get() (Arnd Bergmann)
  [4.14.35-2047.530.5]
• netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) [Orabug: 35824288] {CVE-2023-42753}
• netfilter: xt_u32: validate user space input (Wander Lairson Costa) [Orabug: 35923468] {CVE-2023-39192}
• netfilter: xt_sctp: validate the flag_info count (Wander Lairson Costa) [Orabug: 35923499] {CVE-2023-39193}
  [4.14.35-2047.530.4]
• rds: Fix lack of reentrancy for connection reset with dst addr zero (Hakon Bugge) [Orabug: 35819110] {CVE-2023-22024}
• kernfs: fix missing kernfs_iattr_rwsem locking (Ian Kent) [Orabug: 35796772]
• uek-rpm: Removing pre scriptlet to not allow firmware downgrade (Samasth Norway Ananda) [Orabug: 35756463]
• scsi: megaraid_sas: Fix deadlock on firmware crashdump (Junxiao Bi) [Orabug: 35702793]
  [4.14.35-2047.530.3]
• Add the new PCI Device IDs to support new generation of AMD 19h processors. (Partha Sarathi Satapathy) [Orabug: 35773822]
• hwmon: (k10temp) Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (Babu Moger) [Orabug: 35773822]
  [4.14.35-2047.530.2]
• LTS version: v4.14.325 (Saeed Mirzamohammadi)
• Revert ‘ARM: ep93xx: fix missing-prototype warnings’ (Greg Kroah-Hartman)
• Revert ‘MIPS: Alchemy: fix dbdma2’ (Greg Kroah-Hartman)
• LTS version: v4.14.324 (Saeed Mirzamohammadi)
• dma-buf/sw_sync: Avoid recursive lock during fence signal (Rob Clark)
• scsi: core: raid_class: Remove raid_component_add() (Zhu Wang)
• scsi: snic: Fix double free in snic_tgt_create() (Zhu Wang)
• rtnetlink: Reject negative ifindexes in RTM_NEWLINK (Ido Schimmel)
• x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (Feng Tang)
• media: vcodec: Fix potential array out-of-bounds in encoder queue_setup (Wei Chen)
• lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels (Helge Deller)
• batman-adv: Fix batadv_v_ogm_aggr_send memory leak (Remi Pommarel)
• batman-adv: Fix TT global entry leak when client roamed back (Remi Pommarel)
• batman-adv: Do not get eth header before batadv_check_management_packet (Remi Pommarel)
• batman-adv: Trigger events for auto adjusted MTU (Sven Eckelmann)
• ibmveth: Use dcbf rather than dcbfl (Michael Ellerman)
• ipvs: fix racy memcpy in proc_do_sync_threshold (Sishuai Gong)
• ipvs: Improve robustness to the ipvs sysctl (Junwei Hu)
• igb: Avoid starting unnecessary workqueues (Alessio Igor Bogani)
• sock: annotate data-races around prot->memory_pressure (Eric Dumazet)
• tracing: Fix memleak due to race between current_tracer and trace (Zheng Yejian)
• net: phy: broadcom: stub c45 read/write for 54810 (Justin Chen)
• net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure (Lin Ma)
• net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled (Jason Xing)
• af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Kuniyuki Iwashima) [Orabug: 35814409] {CVE-2023-4622}
• ASoC: rt5665: add missed regulator_bulk_disable (Zhang Shurong)
• netfilter: set default timeout to 3 secs for sctp shutdown send and recv state (Xin Long)
• test_firmware: prevent race conditions by a correct implementation of locking (Mirsad Goran Todorovac)
• binder: fix memory leak in binder_init() (Qi Zheng)
• serial: 8250: Fix oops for port->pm on uart_change_pm() (Tony Lindgren)
• mmc: wbsd: fix double mmc_free_host() in wbsd_init() (Yang Yingliang)
• cifs: Release folio lock on fscache read hit. (Russell Harmon via samba-technical)
• ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. (dengxiang)
• net: do not allow gso_size to be set to GSO_BY_FRAGS (Eric Dumazet)
• sock: Fix misuse of sk_under_memory_pressure() (Abel Wu)
• i40e: fix misleading debug logs (Andrii Staikov)
• team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves (Ziyang Xuan)
• netfilter: nft_dynset: disallow object maps (Pablo Neira Ayuso)
• xfrm: add NULL check in xfrm_update_ae_params (Lin Ma) [Orabug: 35754508] {CVE-2023-3772}
• ip_vti: fix potential slab-use-after-free in decode_session6 (Zhengchao Shao)
• ip6_vti: fix slab-use-after-free in decode_session6 (Zhengchao Shao)
• net: af_key: fix sadb_x_filter validation (Lin Ma)
• net: xfrm: Fix xfrm_address_filter OOB read (Lin Ma) [Orabug: 35923516] {CVE-2023-39194}
• fbdev: mmp: fix value check in mmphw_probe() (Yuanjun Gong)
• drm/amdgpu: Fix potential fence use-after-free v2 (shanzhulig)
• Bluetooth: L2CAP: Fix use-after-free (Zhengping Jiang)
• pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (Armin Wolf)
• gfs2: Fix possible data races in gfs2_show_options() (Tuo Li)
• media: platform: mediatek: vpu: fix NULL ptr dereference (Hans Verkuil)
• media: v4l2-mem2mem: add lock to protect parameter num_rdy (Yunfei Dong)
• FS: JFS: Check for read-only mounted filesystem in txBegin (Immad Mir)
• FS: JFS: Fix null-ptr-deref Read in txBegin (Immad Mir)
• MIPS: dec: prom: Address -Warray-bounds warning (Gustavo A. R. Silva)
• fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (Yogesh)
• udf: Fix uninitialized array access for some pathnames (Jan Kara)
• quota: fix warning in dqgrab() (Ye Bin)
• quota: Properly disable quotas when add_dquot_ref() fails (Jan Kara)
• ALSA: emu10k1: roll up loops in DSP setup code for Audigy (Oswald Buddenhagen)
• drm/radeon: Fix integer overflow in radeon_cs_parser_init (hackyzh002)
• lib/mpi: Eliminate unused umul_ppmm definitions for MIPS (Nathan Chancellor)
• LTS version: v4.14.323 (Saeed Mirzamohammadi)
• alpha: remove __init annotation from exported page_is_ram() (Masahiro Yamada)
• scsi: core: Fix possible memory leak if device_add() fails (Zhu Wang)
• scsi: snic: Fix possible memory leak if device_add() fails (Zhu Wang)
• scsi: 53c700: Check that command slot is not NULL (Alexandra Diupina)
• scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (Michael Kelley)
• scsi: core: Fix legacy /proc parsing buffer overflow (Tony Battersby)
• netfilter: nf_tables: report use refcount overflow (Pablo Neira Ayuso)
• btrfs: don’t stop integrity writeback too early (Christoph Hellwig)
• IB/hfi1: Fix possible panic during hotplug remove (Douglas Miller)
• drivers: net: prevent tun_build_skb() to exceed the packet size limit (Andrew Kanner)
• dccp: fix data-race around dp->dccps_mss_cache (Eric Dumazet)
• bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves (Ziyang Xuan)
• net/packet: annotate data-races around tp->status (Eric Dumazet)
• drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (Karol Herbst)
• x86/mm: Fix VDSO and VVAR placement on 5-level paging machines (Kirill A. Shutemov)
• usb: dwc3: Properly handle processing of pending events (Elson Roy Serrao)
• usb-storage: alauda: Fix uninit-value in alauda_check_media() (Alan Stern)
• iio: cros_ec: Fix the allocation size for cros_ec_command (Yiyuan Guo)
• test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (Mirsad Goran Todorovac)
• nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (Ryusuke Konishi)
• radix tree test suite: fix incorrect allocation size for pthreads (Colin Ian King)
• dmaengine: pl330: Return DMA_PAUSED when transaction is paused (Ilpo Jarvinen)
• ipv6: adjust ndisc_is_useropt() to also return true for PIO (Maciej Zenczykowski)
• mmc: moxart: read scr register without changing byte order (Sergei Antonov)
• sparc: fix up arch_cpu_finalize_init() build breakage. (Greg Kroah-Hartman)
  [4.14.35-2047.530.1]
• rds: Remove gratuitous include of time.h from rds.h (Mark Haywood) [Orabug: 35742762]
• smp: Reduce NMI traffic from CSD waiters to CSD destination (Imran Khan) [Orabug: 35236407]
• smp: Reduce logging due to dump_stack of CSD waiters (Imran Khan) [Orabug: 35236407]
  [4.14.35-2047.529.3]
• uek-rpm: Update kernel linux-firmware dependency to 20230516-999.26.git6c9e0ed5. (Somasundaram Krishnasamy) [Orabug: 35724203]
• LTS version: v4.14.322 (Saeed Mirzamohammadi)
• drm/edid: fix objtool warning in drm_cvt_modes() (Linus Torvalds)
• mtd: rawnand: omap_elm: Fix incorrect type in assignment (Roger Quadros)
• test_firmware: fix a memory leak with reqs buffer (Mirsad Goran Todorovac)
• ext2: Drop fragment support (Jan Kara)
• net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (Alan Stern)
• Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Sungwoo Kim) [Orabug: 35814477] {CVE-2023-40283}
• fs/sysv: Null check to prevent null-ptr-deref bug (Prince Kumar Maurya)
• USB: zaurus: Add ID for A-300/B-500/C-700 (Ross Maynard)
• libceph: fix potential hang in ceph_osdc_notify() (Ilya Dryomov)
• loop: Select I/O scheduler ‘none’ from inside add_disk() (Bart Van Assche)
• tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen (Eric Dumazet)
• tcp_metrics: annotate data-races around tm->tcpm_net (Eric Dumazet)
• tcp_metrics: annotate data-races around tm->tcpm_vals[] (Eric Dumazet)
• tcp_metrics: annotate data-races around tm->tcpm_lock (Eric Dumazet)
• tcp_metrics: annotate data-races around tm->tcpm_stamp (Eric Dumazet)
• tcp_metrics: fix addr_same() helper (Eric Dumazet)
• ip6mr: Fix skb_under_panic in ip6mr_cache_report() (Yue Haibing)
• net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35707465] {CVE-2023-4206}
• net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814296] {CVE-2023-4208}
• net: add missing data-race annotation for sk_ll_usec (Eric Dumazet)
• net: add missing data-race annotations around sk->sk_peek_off (Eric Dumazet)
• perf test uprobe_from_different_cu: Skip if there is no gcc (Georg Muller)
• net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (Yuanjun Gong)
• word-at-a-time: use the same return type for has_zero regardless of endianness ([email protected])
• perf: Fix function pointer case (Peter Zijlstra)
• net/sched: cls_u32: Fix reference counter leak leading to overflow (Lee Jones) [Orabug: 35635632] {CVE-2023-3609}
• net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Pedro Tammela) [Orabug: 35636290] {CVE-2023-3611}
• net/sched: cls_fw: Fix improper refcount update leads to use-after-free (M A Ramdhan) [Orabug: 35636312] {CVE-2023-3776}
• drm/client: Fix memory leak in drm_client_target_cloned (Jocelyn Falempe)
• dm cache policy smq: ensure IO doesn’t prevent cleaner policy progress (Joe Thornber)
• ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (Mark Brown)
• s390/dasd: fix hanging device after quiesce/resume (Stefan Haberland)
• irq-bcm6345-l1: Do not assume a fixed block to cpu mapping (Jonas Gorski)
• tpm_tis: Explicitly check for error code (Alexander Steffen)
• hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (Gilles Buloz)
• staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (Zhang Shurong)
• Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group (Greg Kroah-Hartman)
• usb: xhci-mtk: set the dma max_seg_size (Ricardo Ribalda)
• usb: ohci-at91: Fix the unhandle interrupt when resume (Guiting Shen)
• can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (Marc Kleine-Budde)
• USB: serial: simple: sort driver entries (Johan Hovold)
• USB: serial: simple: add Kaufmann RKS+CAN VCP (Oliver Neukum)
• USB: serial: option: add Quectel EC200A module support (Mohsen Tahmasebi)
• USB: serial: option: support Quectel EM060K_128 (Jerry Meng)
• tracing: Fix warning in trace_buffered_event_disable() (Zheng Yejian)
• ring-buffer: Fix wrong stat of cpu_buffer->read (Zheng Yejian)
• ata: pata_ns87415: mark ns87560_tf_read static (Arnd Bergmann)
• dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (Yu Kuai)
• block: Fix a source code comment in include/uapi/linux/blkzoned.h (Bart Van Assche)
• ASoC: fsl_spdif: Silence output on stop (Matus Gajdos)
• benet: fix return value check in be_lancer_xmit_workarounds() (Yuanjun Gong)
• platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (Maxim Mikityanskiy)
• team: reset team’s flags when down link is P2P device (Hangbin Liu)
• bonding: reset bond’s flags when down link is P2P device (Hangbin Liu)
• tcp: Reduce chance of collisions in inet6_hashfn(). (Stewart Smith) [Orabug: 35754476] {CVE-2023-1206}
• ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address (Maciej Zenczykowski)
• ethernet: atheros: fix return value check in atl1e_tso_csum() (Yuanjun Gong)
• i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (Wang Ming)
• gpio: tps68470: Make tps68470_gpio_output() always set the initial value (Hans de Goede)
• tcp: annotate data-races around fastopenq.max_qlen (Eric Dumazet)
• tcp: annotate data-races around tp->notsent_lowat (Eric Dumazet)
• tcp: annotate data-races around rskq_defer_accept (Eric Dumazet)
• netfilter: nf_tables: fix spurious set element insertion failure (Florian Westphal)
• llc: Don’t drop packet from non-root netns. (Kuniyuki Iwashima)
• fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (Zhang Shurong)
• net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() (Tanmay Patil)
• pinctrl: amd: Use amd_pinconf_set() for all config options (Mario Limonciello)
• fbdev: imxfb: warn about invalid left/right margin (Martin Kaiser)
• spi: bcm63xx: fix max prepend length (Jonas Gorski)
• igb: Fix igb_down hung on surprise removal (Ying Hsu)
• wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() (Gustavo A. R. Silva)
• bpf: Address KCSAN report on bpf_lru_list (Martin KaFai Lau)
• sched/fair: Don’t balance task to its current running CPU (Yicong Yang)
• posix-timers: Ensure timer ID search-loop limit is valid (Saeed Mirzamohammadi)
• md/raid10: prevent soft lockup while flush writes (Yu Kuai)
• md: fix data corruption for raid456 when reshape restart while grow up (Yu Kuai)
• nbd: Add the maximum limit of allocated index in nbd_dev_add (Zhong Jinghua)
• debugobjects: Recheck debug_objects_enabled before reporting (Tetsuo Handa)
• ext4: correct inline offset when handling xattrs in inode body (Eric Whitney)
• can: bcm: Fix UAF in bcm_proc_show() (YueHaibing)
• fuse: revalidate: don’t invalidate if interrupted (Miklos Szeredi)
• perf probe: Add test for regression introduced by switch to die_get_decl_file() (Georg Muller)
• serial: atmel: don’t enable IRQs prematurely (Dan Carpenter)
• scsi: qla2xxx: Pointer may be dereferenced (Shreyas Deodhar)
• scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (Nilesh Javali)
• scsi: qla2xxx: Fix potential NULL pointer dereference (Bikash Hazarika)
• scsi: qla2xxx: Wait for io return on terminate rport (Quinn Tran)
• xtensa: ISS: fix call to split_if_spec (Max Filippov)
• ring-buffer: Fix deadloop issue on reading trace_pipe (Zheng Yejian)
• tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (Christophe JAILLET)
• tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (Christophe JAILLET)
• Revert ‘8250: add support for ASIX devices with a FIFO bug’ (Jiaqing Zhao)
• meson saradc: fix clock divider mask length (George Stark)
• hwrng: imx-rngc - fix the timeout for init and self check (Martin Kaiser)
• fs: dlm: return positive pid value for F_GETLK (Alexander Aring)
• md/raid0: add discard support for the ‘original’ layout (Jason Baron)
• misc: pci_endpoint_test: Re-init completion for every test (Damien Le Moal)
• PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (Robin Murphy)
• jfs: jfs_dmap: Validate db_l2nbperpage while mounting (Siddh Raman Pant)
• ext4: only update i_reserved_data_blocks on successful block allocation (Baokun Li)
• ext4: fix wrong unit use in ext4_mb_clear_bb (Kemeng Shi)
• perf intel-pt: Fix CYC timestamps after standalone CBR (Adrian Hunter)
• SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (Ding Hui)
• tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (Jarkko Sakkinen)
• net/sched: make psched_mtu() RTNL-less safe (Pedro Tammela)
• wifi: airo: avoid uninitialized warning in airo_get_rate() (Randy Dunlap)
• ipv6/addrconf: fix a potential refcount underflow for idev (Ziyang Xuan)
• NTB: ntb_transport: fix possible memory leak while device_register() fails (Yang Yingliang)
• ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (Yuan Can)
• NTB: amd: Fix error handling in amd_ntb_pci_driver_init() (Yuan Can)
• ntb: idt: Fix error handling in idt_pci_driver_init() (Yuan Can)
• udp6: fix udp6_ehashfn() typo (Eric Dumazet)
• net: mvneta: fix txq_map in case of txq_number==1 (Klaus Kudielka)
• workqueue: clean up WORK_* constant types, clarify masking (Linus Torvalds)
• netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Thadeu Lima de Souza Cascardo) [Orabug: 35609785] {CVE-2023-35001}
• netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (Florent Revest)
• netfilter: nf_tables: unbind non-anonymous set if rule construction fails (Pablo Neira Ayuso)
• netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (Pablo Neira Ayuso) [Orabug: 35550219] {CVE-2023-3390}
• netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE (Pablo Neira Ayuso) [Orabug: 35560845] {CVE-2023-3117} {CVE-2023-3390}
• spi: spi-fsl-spi: allow changing bits_per_word while CS is still active (Rasmus Villemoes)
• spi: spi-fsl-spi: relax message sanity checking a little (Rasmus Villemoes)
• spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg (Rasmus Villemoes)
• ARM: orion5x: fix d2net gpio initialization (Arnd Bergmann)
• btrfs: fix race when deleting quota root from the dirty cow roots list (Filipe Manana)
• jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (Fabian Frederick)
• integrity: Fix possible multiple allocation in integrity_inode_get() (Tianjia Zhang)
• mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M (Robert Marko)
• mmc: core: disable TRIM on Kingston EMMC04G-M627 (Robert Marko)
• NFSD: add encoding of op_recall flag for write delegation (Dai Ngo)
• sh: dma: Fix DMA channel offset calculation (Artur Rojek)
• net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX (Lin Ma)
• tcp: annotate data races in __tcp_oow_rate_limited() (Eric Dumazet)
• net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode (Vladimir Oltean)
• powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y (Randy Dunlap)
• mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (Nishanth Menon)
• spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (Jonas Gorski)
• Add MODULE_FIRMWARE() for FIRMWARE_TG357766. (Tobias Heider)
• sctp: fix potential deadlock on &net->sctp.addr_wq_lock (Chengfeng Ye)
• rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (Christophe JAILLET)
• mfd: stmpe: Only disable the regulators if they are enabled (Christophe JAILLET)
• mfd: intel-lpss: Add missing check for platform_get_resource (Jiasheng Jiang)
• mfd: rt5033: Drop rt5033-battery sub-device (Stephan Gerhold)
• usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (Li Yang)
• extcon: Fix kernel doc of property capability fields to avoid warnings (Andy Shevchenko)
• extcon: Fix kernel doc of property fields to avoid warnings (Andy Shevchenko)
• media: usb: siano: Fix warning due to null work_func_t function pointer (Duoming Zhou) [Orabug: 35686150] {CVE-2023-4132}
• media: videodev2.h: Fix struct v4l2_input tuner index comment (Marek Vasut)
• media: usb: Check az6007_read() return value (Daniil Dulov)
• sh: j2: Use ioremap() to translate device tree address into kernel memory (John Paul Adrian Glaubitz)
• w1: fix loop in w1_fini() (Dan Carpenter)
• block: change all __u32 annotations to __be32 in affs_hardblocks.h (Michael Schmitz)
• USB: serial: option: add LARA-R6 01B PIDs (Davide Tronchin)
• modpost: fix off by one in is_executable_section() (Dan Carpenter)
• modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} (Masahiro Yamada)
• modpost: fix section mismatch message for R_ARM_ABS32 (Masahiro Yamada)
• crypto: nx - fix build warnings when DEBUG_FS is not enabled (Randy Dunlap)
• pinctrl: at91-pio4: check return value of devm_kasprintf() (Claudiu Beznea)
• perf dwarf-aux: Fix off-by-one in die_get_varname() (Namhyung Kim)
• pinctrl: cherryview: Return correct value if pin in push-pull mode (Andy Shevchenko)
• PCI: Add pci_clear_master() stub for non-CONFIG_PCI (Sui Jingfeng)
• scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (Yuchen Yang)
• ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (Su Hui)
• drm/radeon: fix possible division-by-zero errors (Nikita Zhandarovich)
• fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (Christophe JAILLET)
• soc/fsl/qe: fix usb.c build errors (Randy Dunlap)
• ASoC: es8316: Increment max value for ALC Capture Target Volume control (Cristian Ciocaltea)
• ARM: ep93xx: fix missing-prototype warnings (Arnd Bergmann)
• drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (Dario Binacchi)
• Input: adxl34x - do not hardcode interrupt trigger type (Marek Vasut)
• ARM: dts: BCM5301X: Drop ‘clock-names’ from the SPI node (Rafal Milecki)
• Input: drv260x - sleep between polling GO bit (Luca Weiss)
• radeon: avoid double free in ci_dpm_init() (Nikita Zhandarovich)
• netlink: Add __sock_i_ino() for __netlink_diag_dump(). (Kuniyuki Iwashima)
• netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. (Ilia.Gavrilov)
• lib/ts_bm: reset initial match offset for every block of text (Jeremy Sowden)
• gtp: Fix use-after-free in __gtp_encap_destroy(). (Kuniyuki Iwashima)
• netlink: do not hard code device address lenth in fdb dumps (Eric Dumazet)
• netlink: fix potential deadlock in netlink_set_err() (Eric Dumazet)
• wifi: ath9k: convert msecs to jiffies where needed (Dmitry Antipov)
• wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (Remi Pommarel)
• memstick r592: make memstick_debug_get_tpc_name() static (Arnd Bergmann)
• kexec: fix a memory leak in crash_shrink_memory() (Zhen Lei)
• watchdog/perf: more properly prevent false positives with turbo modes (Douglas Anderson)
• watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config (Douglas Anderson)
• wifi: ath9k: don’t allow to overwrite ENDPOINT0 attributes (Fedor Pchelkin)
• wifi: ray_cs: Fix an error handling path in ray_probe() (Christophe JAILLET)
• wifi: wl3501_cs: Fix an error handling path in wl3501_probe() (Christophe JAILLET)
• wifi: atmel: Fix an error handling path in atmel_probe() (Christophe JAILLET)
• wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (Christophe JAILLET)
• wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (Christophe JAILLET)
• wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (Fedor Pchelkin)
• wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (Peter Seiderer)
• evm: Complete description of evm_inode_setattr() (Roberto Sassu)
• PM: domains: fix integer overflow issues in genpd_parse_state() (Nikita Zhandarovich)
• md/raid10: fix io loss while replacement replace rdev (Li Nan)
• md/raid10: fix wrong setting of max_corr_read_errors (Li Nan)
• md/raid10: fix overflow of md/safe_mode_delay (Li Nan)
• treewide: Remove uninitialized_var() usage (Kees Cook)
• drm/amdgpu: Validate VM ioctl flags. (Bas Nieuwenhuizen)
• scripts/tags.sh: Resolve gtags empty index generation (Ahmed S. Darwish)
• drm/edid: Fix uninitialized variable in drm_cvt_modes() (Lyude Paul)
• fbdev: imsttfb: Fix use after free bug in imsttfb_probe (Zheng Wang)
• x86/smp: Use dedicated cache-line for mwait_play_dead() (Thomas Gleixner)
• x86/microcode/AMD: Load late on both threads too (Borislav Petkov (AMD))
• gfs2: Don’t deref jdesc in evict (Bob Peterson)
• LTS version: v4.14.321 (Saeed Mirzamohammadi)
  [4.14.35-2047.529.2]
• x86/cpu: persist X86_FEATURE_NT_GOOD for late reload (Ankur Arora) [Orabug: 35693947]
• uek-rpm: Disable cls_tcindex in file tcindex-disable.conf (Sherry Yang) [Orabug: 35678739]
• uek-rpm: Update kernel’s linux-firmware dependency. (Somasundaram Krishnasamy) [Orabug: 35678693]
• Revert ‘sched/fair: sanitize vruntime of entity being placed’ (Saeed Mirzamohammadi) [Orabug: 35651310]
• Revert ‘sched/fair: Sanitize vruntime of entity being migrated’ (Saeed Mirzamohammadi) [Orabug: 35651310]
• x86/microcode/AMD: Clean up per-family patch size checks (Borislav Petkov) [Orabug: 35643967]
  [4.14.35-2047.529.1]
• vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (George Kennedy) [Orabug: 35649492] {CVE-2023-3567}
• ocfs2: always read both high and low parts of dinode link count (Alexey Asemov) [Orabug: 35643004]