[5.4.17-2036.104.4.el7uek] - KVM: arm64: guest context in x18 instead of x29 [Orabug: 32545182] [5.4.17-2036.104.3.el7uek] - config: enable CONFIG_MLX5_MPFS [Orabug: 32249042] - net: Fix bridge enslavement failure [Orabug: 32503298] - inet: do not call sublist_rcv on empty list [Orabug: 32512814] - KVM: arm64: pmu: Don"t mark a counter as chained if the odd one is disabled [Orabug: 32499188] - random: wire /dev/random with a DRBG instance [Orabug: 32522087] - crypto: drbg - always try to free Jitter RNG instance [Orabug: 32522087] - crypto: drbg - always seeded with SP800-90B compliant noise source [Orabug: 32522087] - crypto: jitter - SP800-90B compliance [Orabug: 32522087] - crypto: jitter - add header to fix buildwarnings [Orabug: 32522087] - crypto: jitter - fix comments [Orabug: 32522087] - xen-blkback: fix error handling in xen_blkbk_map [Orabug: 32492109] {CVE-2021-26930} - xen-scsiback: don"t handle error by BUG [Orabug: 32492101] {CVE-2021-26931} - xen-netback: don"t handle error by BUG [Orabug: 32492101] {CVE-2021-26931} - xen-blkback: don"t handle error by BUG [Orabug: 32492101] {CVE-2021-26931} - Xen/gntdev: correct error checking in gntdev_map_grant_pages [Orabug: 32492093] {CVE-2021-26932} - Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages [Orabug: 32492093] {CVE-2021-26932} - Xen/x86: also check kernel mapping in set_foreign_p2m_mapping [Orabug: 32492093] {CVE-2021-26932} - Xen/x86: don"t bail early from clear_foreign_p2m_mapping [Orabug: 32492093] {CVE-2021-26932} [5.4.17-2036.104.2.el7uek] - tcp: fix to update snd_wl1 in bulk receiver fast path [Orabug: 32498822] - selinux: allow reading labels before policy is loaded [Orabug: 32492277] - selinux: allow labeling before policy is loaded [Orabug: 32492277] - KVM: SVM: Initialize prev_ga_tag before use [Orabug: 32478549] - tools/power turbostat: Support additional CPU model numbers [Orabug: 32422451] - x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family [Orabug: 32422451] - x86/cpu: Add Sapphire Rapids CPU model number [Orabug: 32422451] - tools/power turbostat: Support Tiger Lake [Orabug: 32422451] - uek-rpm: config-aarch64: enable MEMORY HOTREMOVE [Orabug: 32353851] - arm64/mm/hotplug: Ensure early memory sections are all online [Orabug: 32353851] - arm64/mm/hotplug: Enable MEM_OFFLINE event handling [Orabug: 32353851] - arm64/mm/hotplug: Register boot memory hot remove notifier earlier [Orabug: 32353851] - arm64/mm: Enable memory hot remove [Orabug: 32353851] - arm64/mm: Hold memory hotplug lock while walking for kernel page table dump [Orabug: 32353851] - KVM: arm64: Save/restore sp_el0 as part of __guest_enter [Orabug: 32171445] - net/mlx4_en: Handle TX error CQE [Orabug: 32492969] - net/mlx4_en: Avoid scheduling restart task if it is already running [Orabug: 32492969] [5.4.17-2036.104.1.el7uek] - vhost scsi: alloc vhost_scsi with kvzalloc to avoid delay [Orabug: 32471677] - HID: hid-input: fix stylus battery reporting [Orabug: 32464784] {CVE-2020-0431} - nbd: freeze the queue while we"re adding connections [Orabug: 32447285] {CVE-2021-3348} - futex: Handle faults correctly for PI futexes [Orabug: 32447187] {CVE-2021-3347} - futex: Simplify fixup_pi_state_owner [Orabug: 32447187] {CVE-2021-3347} - futex: Use pi_state_update_owner in put_pi_state [Orabug: 32447187] {CVE-2021-3347} - rtmutex: Remove unused argument from rt_mutex_proxy_unlock [Orabug: 32447187] {CVE-2021-3347} - futex: Don"t enable IRQs unconditionally in put_pi_state [Orabug: 32447187] {CVE-2021-3347} - futex: Provide and use pi_state_update_owner [Orabug: 32447187] {CVE-2021-3347} - futex: Replace pointless printk in fixup_owner [Orabug: 32447187] {CVE-2021-3347} - futex: Ensure the correct return value from futex_lock_pi [Orabug: 32447187] {CVE-2021-3347} - uek-rpm: Enable Oracle Pilot BMC module [Orabug: 32422662] - hwmon: Add a new Oracle Pilot BMC driver [Orabug: 32422662] - arm64: Reserve only 256M on RPi for crashkernel=auto [Orabug: 32301026] [5.4.17-2036.104.0.el7uek] - Revert rds: Deregister all FRWR mr with free_mr [Orabug: 32426610] - thermal: intel_pch_thermal: Add PCI ids for Lewisburg PCH. [Orabug: 32424705] - thermal: intel: intel_pch_thermal: Add Cannon Lake Low Power PCH support [Orabug: 32424705] - thermal: intel: intel_pch_thermal: Add Comet Lake platform support [Orabug: 32424705] - nfs: Fix security label length not being reset [Orabug: 32350989] - ovl: check permission to open real file [Orabug: 32046372] {CVE-2020-16120} - ovl: verify permissions in ovl_path_open [Orabug: 32046372] {CVE-2020-16120} - ovl: switch to mounter creds in readdir [Orabug: 32046372] {CVE-2020-16120} - ovl: pass correct flags for opening real directory [Orabug: 32046372] - A/A Bonding: Add synchronized bundle failback [Orabug: 32381883]