[4.14.35-2025.402.2.1.el7] - powercap: restrict energy meter to root access [Orabug: 32040805] {CVE-2020-8694} {CVE-2020-8695} [4.14.35-2025.402.2.el7] - ocfs2: fix remounting needed after setfacl command - Fix multiple variable definition with syzkaller [Orabug: 32008770] - drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses [Orabug: 32010349] - i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings [Orabug: 32034050] - bnxt: Corrects warning: "struct tc_cls_flower_offload" [Orabug: 32041757] - SCSI: Corrects "ret" not used warning [Orabug: 32041763] - IB/mlx4: disable CQ time stamping [Orabug: 32042520] - qed: Corrects warning: "qed_iwarp_ll2_slowpath" defined but not used [Orabug: 32052276] [4.14.35-2025.402.1.el7] - configfs: make ci_type field, some pointers and function arguments const [Orabug: 32022427] - IB/ipoib: Arm "send_cq" to process completions in due time [Orabug: 31596798] - hdlc_ppp: add range checks in ppp_cp_parse_cr [Orabug: 31989189] {CVE-2020-25643} - uek-rpm: Create initramfs at postinstall stage also. [Orabug: 32010303] - SUNRPC: Remove xprt_connect_status again [Orabug: 32010341] - geneve: add transport ports in route lookup for geneve [Orabug: 32014099] {CVE-2020-25645} - nvme-fc: fix double-free scenarios on hw queues [Orabug: 32019898] - xfs: fix warning: unused variable "sb" [Orabug: 32010343] - nvme-pci: remove queue_count_ops for write_queues and poll_queues [Orabug: 32010357] - nvme: Corrects warning: unused variable "startka" [Orabug: 32010357] - uek-rpm: config-aarch64-embedded add fast_kexec [Orabug: 32010273] - arm64: kexec: Add optional fast shutdown for kexec [Orabug: 32010273] - ocfs2: remove unused ocfs2_prepare_inode_for_refcount [Orabug: 32007790] - rds: fixes warning: unused variable "cache_sz_k" [Orabug: 32008320] - panic: move disabling iommu to after dump_stack [Orabug: 32009003] - uek-rpm: Add old OL keys to the default .blacklist keyring [Orabug: 31961118] - certs: Add ability to preload revocation certs [Orabug: 31961118] - certs: Move load_system_certificate_list to a common function [Orabug: 31961118] - certs: Add EFI_CERT_X509_GUID support for dbx entries [Orabug: 31961118] {CVE-2020-26541} - Revert "l2tp: initialise PPP sessions before registering them" [Orabug: 31906205] - btrfs: Don"t submit any btree write bio if the fs has errors [Orabug: 31265337] {CVE-2019-19377} - btrfs: only search for left_info if there is no right_info in try_merge_free_space [Orabug: 31351023] {CVE-2019-19448} - xfs: fix boundary test in xfs_attr_shortform_verify [Orabug: 31895824] {CVE-2020-14385} - net: add high_order_alloc_disable sysctl [Orabug: 31907603] - mm, page_alloc: double zone"s batchsize [Orabug: 31907603] - mm/free_pcppages_bulk: prefetch buddy while not holding lock [Orabug: 31907603] - mm/free_pcppages_bulk: do not hold lock when picking pages to free [Orabug: 31907603] - ghes: Corrects: warning: unused variable "vaddr" [-Wunused-variable] [Orabug: 31995830] - ACPI: properties: Implement get_match_data callback [Orabug: 31995830] - blk-mq: warning: unused variable "ctx" [Orabug: 31996284] - x86/mitigations: Restore paranoid checks for int3 handling [Orabug: 31999336] [4.14.35-2025.402.0.el7] - nbd_genl_status: null check for nla_nest_start [Orabug: 31351789] {CVE-2019-16089} - efi/x86/Add missing error handling to old_memmap 1:1 mapping code [Orabug: 31351924] {CVE-2019-12380} - RDS: add module parameter to allow module unload or not [Orabug: 31503865] - rds: Revert "Disable module unload by default" [Orabug: 31503865] - rds/tcp: Enhance stats maintained by rds [Orabug: 31521372] - EDAC/i10nm: Update driver to support different bus number config register offsets [Orabug: 31645136] - EDAC, {skx,i10nm}: Make some configurations CPU model specific [Orabug: 31645136] - mstflint_access: Update driver code to v4.15.0-1 from Github [Orabug: 31682346] - KVM: x86: minor code refactor and comments fixup around dirty logging [Orabug: 31722765] - KVM: x86: Manually flush collapsible SPTEs only when toggling flags [Orabug: 31722765] - KVM: x86: avoid unnecessary rmap walks when creating/moving slots [Orabug: 31722765] - KVM: x86: remove unnecessary rmap walk of read-only memslots [Orabug: 31722765] - cgroup: fix cgroup_sk_alloc for sk_clone_lock [Orabug: 31779798] {CVE-2020-14356} - bpf: ensure helper ids match between UEK5, UEK6 and upstream [Orabug: 31860453] - netfilter: ctnetlink: add a range check for l3/l4 protonum [Orabug: 31872862] {CVE-2020-25211} - vgacon: remove software scrollback support [Orabug: 31914690] {CVE-2020-14390} - fbcon: remove soft scrollback code [Orabug: 31914690] {CVE-2020-14390} - KVM: nVMX: do not use dangling shadow VMCS after guest reset [Orabug: 31941096] - Revert "usb: xhci: do not create and register shared_hcd when USB3.0 is disabled" [Orabug: 31943628] - uek-rpm: Use oracle-armset-1 to build uekemb2 [Orabug: 31950869] - block: allow for_each_bvec to support zero len bvec [Orabug: 31955141] {CVE-2020-25641} - uek-rpm: Update secure boot UEK signing certificates [Orabug: 31979628]