Unbreakable Enterprise kernel security update

[4.14.35-2047.535.2.1]

• netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36467681] {CVE-2024-1086}
  [4.14.35-2047.535.2]
• Fix null ptr in rds_tcp_recv_path (Allison Henderson) [Orabug: 33499812]
• LTS version: v4.14.338 (Saeed Mirzamohammadi)
• crypto: scompress - initialize per-CPU variables on each CPU (Sebastian Andrzej Siewior)
• Revert ‘NFSD: Fix possible sleep during nfsd4_release_lockowner()’ (Greg Kroah-Hartman)
• i2c: s3c24xx: fix transferring more than one message in polling mode (Marek Szyprowski)
• i2c: s3c24xx: fix read transfers in polling mode (Marek Szyprowski)
• kdb: Fix a potential buffer overflow in kdb_local() (Christophe JAILLET)
• kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ (Daniel Thompson)
• ipvs: avoid stat macros calls from preemptible context (Fedor Pchelkin)
• net: ravb: Fix dma_addr_t truncation in error case (Nikita Yushchenko)
• serial: imx: Correct clock error message in function probe() (Christoph Niedermaier)
• apparmor: avoid crash when parsed profile name is empty (Fedor Pchelkin)
• MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() (Christophe JAILLET)
• MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() (Christophe JAILLET)
• HID: wacom: Correct behavior when processing some confidence == false touches (Jason Gerecke)
• wifi: mwifiex: configure BSSID consistently when starting AP (David Lin)
• wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (Ilpo Jarvinen)
• wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (Ilpo Jarvinen)
• fbdev: flush deferred work in fb_deferred_io_fsync() (Nam Cao)
• ALSA: oxygen: Fix right channel of capture volume mixer (Takashi Iwai)
• usb: mon: Fix atomicity violation in mon_bin_vma_fault (Gui-Dong Han)
• usb: chipidea: wait controller resume finished for wakeup irq (Xu Yang)
• usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (Uttkarsh Aggarwal)
• usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (Xu Yang)
• tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug (Heiko Carstens)
• binder: fix unused alloc->free_async_space (Carlos Llamas)
• binder: fix race between mmput() and do_exit() (Carlos Llamas)
• Input: atkbd - use ab83 as id when skipping the getid command (Hans de Goede)
• binder: fix async space check for 0-sized buffers (Carlos Llamas)
• watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (Stefan Wahren)
• watchdog: set cdev owner before adding (Curtis Klein)
• gpu/drm/radeon: fix two memleaks in radeon_vm_init (Zhipeng Lu)
• drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Zhipeng Lu)
• drm/amd/pm: fix a double-free in si_dpm_init (Zhipeng Lu)
• media: dvbdev: drop refcount on error path in dvb_device_open() (Dan Carpenter)
• media: cx231xx: fix a memleak in cx231xx_init_isoc (Zhipeng Lu)
• drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (Zhipeng Lu)
• drm/radeon/dpm: fix a memleak in sumo_parse_power_table (Zhipeng Lu)
• drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (Yang Yingliang)
• drm/drv: propagate errors from drm_modeset_register_all() (Dmitry Baryshkov)
• drm/msm/mdp4: flush vblank event on disable (Dmitry Baryshkov)
• ASoC: cs35l34: Fix GPIO name and drop legacy include (Linus Walleij)
• ASoC: cs35l33: Fix GPIO name and drop legacy include (Linus Walleij)
• drm/radeon: check return value of radeon_ring_lock() (Nikita Zhandarovich)
• drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (Nikita Zhandarovich)
• drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (Nikita Zhandarovich)
• f2fs: fix to avoid dirent corruption (Chao Yu)
• drm/bridge: Fix typo in post_disable() description (Dario Binacchi)
• media: pvrusb2: fix use after free on context disconnection (Ricardo B. Marliere)
• RDMA/usnic: Silence uninitialized symbol smatch warnings (Leon Romanovsky)
• ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (Eric Dumazet)
• Bluetooth: Fix bogus check for re-auth no supported with non-ssp (Luiz Augusto von Dentz)
• wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (Su Hui)
• wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (Su Hui)
• wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (Su Hui)
• rtlwifi: rtl8192de: make arrays static const, makes object smaller (Colin Ian King)
• wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (Su Hui)
• wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (Su Hui)
• wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (Su Hui)
• wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (Su Hui)
• wifi: rtlwifi: add calculate_bit_shift() (Su Hui)
• wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (Su Hui)
• rtlwifi: Use ffs in
  _phy_calculate_bit_shift (Joe Perches)
• firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (Christophe JAILLET)
• net/ncsi: Fix netlink major/minor version numbers (Peter Delevoryas)
• ncsi: internal.h: Fix a spello (Bhaskar Chowdhury)
• wifi: libertas: stop selecting wext (Arnd Bergmann)
• bpf, lpm: Fix check prefixlen before walking trie (Florian Lehner)
• NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (Trond Myklebust)
• crypto: scomp - fix req->dst buffer overflow (Chengming Zhou)
• crypto: scompress - Use per-CPU struct instead multiple variables (Sebastian Andrzej Siewior)
• crypto: scompress - return proper error code for allocation failure (Sebastian Andrzej Siewior)
• crypto: sahara - do not resize req->src when doing hash operations (Ovidiu Panait)
• crypto: sahara - fix processing hash requests with req->nbytes < sg->length (Ovidiu Panait)
• crypto: sahara - improve error handling in sahara_sha_process() (Ovidiu Panait)
• crypto: sahara - fix wait_for_completion_timeout() error handling (Ovidiu Panait)
• crypto: sahara - fix ahash reqsize (Ovidiu Panait)
• crypto: virtio - Wait for tasklet to complete on device remove (wangyangxin)
• pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (Sergey Shtylyov)
• crypto: sahara - fix error handling in sahara_hw_descriptor_create() (Ovidiu Panait)
• crypto: sahara - fix processing requests with cryptlen < sg->length (Ovidiu Panait)
• crypto: sahara - fix ahash selftest failure (Ovidiu Panait)
• crypto: sahara - remove FLAGS_NEW_KEY logic (Ovidiu Panait)
• crypto: af_alg - Disallow multiple in-flight AIO requests (Herbert Xu)
• crypto: ccp - fix memleak in ccp_init_dm_workarea (Dinghao Liu)
• crypto: virtio - Handle dataq logic with tasklet (Gonglei (Arei))
• mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (ZhaoLong Wang)
• calipso: fix memory leak in netlbl_calipso_add_pass() (Gavrilov Ilia)
• netlabel: remove unused parameter in netlbl_netlink_auditinfo() (Zheng Yejian)
• net: netlabel: Fix kerneldoc warnings (Andrew Lunn)
• ACPI: video: check for error while searching for backlight device parent (Nikita Kiryushin)
• mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (Ronald Monthero)
• powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (Kunwu Chan)
• powerpc/powernv: Add a null pointer check in opal_event_init() (Kunwu Chan)
• selftests/powerpc: Fix error handling in FPU/VMX preemption tests (Michael Ellerman)
• powerpc/pseries/memhp: Fix access beyond end of drmem array (Nathan Lynch)
• powerpc/pseries/memhotplug: Quieten some DLPAR operations (Laurent Dufour)
• powerpc/44x: select I2C for CURRITUCK (Randy Dunlap)
• powerpc: remove redundant ‘default n’ from Kconfig-s (Bartlomiej Zolnierkiewicz)
• powerpc: add crtsavres.o to always-y instead of extra-y (Masahiro Yamada)
• EDAC/thunderx: Fix possible out-of-bounds string access (Arnd Bergmann)
• x86/lib: Fix overflow when counting digits (Colin Ian King)
• coresight: etm4x: Fix width of CCITMIN field (James Clark)
• uio: Fix use-after-free in uio_open (Guanghui Feng)
• binder: fix comment on binder_alloc_new_buf() return value (Carlos Llamas)
• drm/crtc: fix uninitialized variable use (Jani Nikula)
• Input: xpad - add Razer Wolverine V2 support (Luca Weiss)
• ARC: fix spare error (Vineet Gupta)
• s390/scm: fix virtual vs physical address confusion (Vineeth Vijayan)
• Input: atkbd - skip ATKBD_CMD_GETID in translated mode (Hans de Goede)
• reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (Krzysztof Kozlowski)
• ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (Steven Rostedt (Google))
• tracing: Add size check when printing trace_marker output (Steven Rostedt (Google))
• tracing: Have large events show up as ‘[LINE TOO BIG]’ instead of nothing (Steven Rostedt (Google))
• drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (Ziqi Zhao)
• jbd2: correct the printing of write_flags in jbd2_write_superblock() (Zhang Yi)
• clk: rockchip: rk3128: Fix HCLK_OTG gate register (Weihao Li)
• drm/exynos: fix a potential error pointer dereference (Xiang Yang)
• ASoC: da7219: Support low DC impedance headset (David Rau)
• net/tg3: fix race condition in tg3_reset_task() (Thinh Tran)
• ASoC: rt5650: add mutex to avoid the jack detection failure (Shuming Fan)
• ASoC: cs43130: Fix incorrect frame delay configuration (Maciej Strozek)
• ASoC: cs43130: Fix the position of const qualifier (Maciej Strozek)
• f2fs: explicitly null-terminate the xattr list (Eric Biggers)
• LTS version: v4.14.337 (Saeed Mirzamohammadi)
• ipv6: remove max_size check inline with ipv4 (Saeed Mirzamohammadi)
• ipv6: make ip6_rt_gc_expire an atomic_t (Saeed Mirzamohammadi)
• net/dst: use a smaller percpu_counter batch for dst entries accounting (Eric Dumazet)
• net: add a route cache full diagnostic message (Peter Oskolkov)
• netfilter: nf_tables: Reject tables of unsupported family (Phil Sutter) [Orabug: 36192153] {CVE-2023-6040}
• fuse: nlookup missing decrement in fuse_direntplus_link (ruanmeisi)
• mm: fix unmap_mapping_range high bits shift bug (Jiajun Xie)
• mm/memory-failure: check the mapcount of the precise page (Matthew Wilcox (Oracle))
• bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (Michael Chan)
• asix: Add check for usbnet_get_endpoints (Chen Ni)
• net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues (Dinghao Liu)
• net/qla3xxx: switch from ‘pci_’ to ‘dma_’ API (Christophe JAILLET)
  [4.14.35-2047.535.1]
• mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334310]
• net/rds: print PPID/COMM of process doing user reset on RDS connection (Juan Garcia) [Orabug: 36248431]