JIRA: https://issues.redhat.com/browse/RHEL-147786
This MR rebases supported usb/tbt/memstick/extcon drivers to upstream kernel v6.18. By design, rebase changes are limited to supported drivers and their relevant physical infrastructure. Treewide changes which touch these drivers are partially pulled in, whenever found out to be relevant.
CVE: CVE-2025-40002
CVE: CVE-2025-68282
CVE: CVE-2025-40345
CVE: CVE-2025-68331Addition/Removal of code: This MR enables CONFIG_USB_DWC3_GENERIC_PLAT for aarch64 due to DWC3 being already enabled. Moreover, a clk patch has been included in order to pro- vide a helper function used by the dwc3 generic plat driver.
Omitted fixes:
Omitted-fix: 0eff12ce88e1 ("thunderbolt: Use HMAC-SHA256 library instead of crypto_shash"
Omitted-fix: 1f69220b0998 ("mmc: mmc_spi: remove unnecessary check in mmc_spi_setup_data_message()")
Omitted-fix: 21188e8d6d75 ("usb: dwc3: qcom: Implement glue callbacks to facilitate runtime suspend")
Omitted-fix: ddf58738f502 ("ipmi: Add docs for IPMB direct addressing")
Omitted-fix: 3bad7fe22796 ("dt-bindings: phy: qcom,sc8280xp-qmp-usb43dp: Reference usb-switch.yaml to allow mode-switch")Signed-off-by: Desnes Nunes [email protected]
JIRA: https://issues.redhat.com/browse/VOYAGER-266
JIRA: https://issues.redhat.com/browse/VOYAGER-267
This MR include multiple bug fixes for both the RDMA subsystem and the mlx5 drivers.
Signed-off-by: Kamal Heib [email protected]
JIRA: https://issues.redhat.com/browse/RHEL-152865
ice: fix page leak for zero-size Rx descriptors
The previous attempt to fix the associated panic (commit ef68094cb09e "ice: Fix kernel panic due to page refcount underflow") added pagecnt_bias-- for zero-size descriptors in ice_get_rx_buf(). This fixed the panic in the CONSUMED (XDP_DROP/error) path but introduced the page leak in the PASS path.
Signed-off-by: Petr Oros [email protected]
JIRA: https://issues.redhat.com/browse/RHEL-148654
CVE: CVE-2026-23040
commit 333418872bfecf4843f1ded7a4151685dfcf07d5
Author: Benjamin Berg <[email protected]>
Date: Wed Jan 7 14:36:51 2026 +0100
wifi: mac80211_hwsim: fix typo in frequency notification
The NAN notification is for 5745 MHz which corresponds to channel 149
and not 5475 which is not actually a valid channel. This could result in
a NULL pointer dereference in cfg80211_next_nan_dw_notif.
Fixes: a37a6f54439b ("wifi: mac80211_hwsim: Add simulation support for NAN device")
Signed-off-by: Benjamin Berg <[email protected]>
Reviewed-by: Ilan Peer <[email protected]>
Reviewed-by: Miriam Rachel Korenblit <[email protected]>
Link: https://patch.msgid.link/20260107143652.7dab2035836f.Iacbaf7bb94ed5c14a0928a625827e4137d8bfede@changeid
Signed-off-by: Johannes Berg <[email protected]>Signed-off-by: CKI Backport Bot [email protected]
JIRA: https://issues.redhat.com/browse/RHEL-148653
CVE: CVE-2026-23040
commit 333418872bfecf4843f1ded7a4151685dfcf07d5
Author: Benjamin Berg <[email protected]>
Date: Wed Jan 7 14:36:51 2026 +0100
wifi: mac80211_hwsim: fix typo in frequency notification
The NAN notification is for 5745 MHz which corresponds to channel 149
and not 5475 which is not actually a valid channel. This could result in
a NULL pointer dereference in cfg80211_next_nan_dw_notif.
Fixes: a37a6f54439b ("wifi: mac80211_hwsim: Add simulation support for NAN device")
Signed-off-by: Benjamin Berg <[email protected]>
Reviewed-by: Ilan Peer <[email protected]>
Reviewed-by: Miriam Rachel Korenblit <[email protected]>
Link: https://patch.msgid.link/20260107143652.7dab2035836f.Iacbaf7bb94ed5c14a0928a625827e4137d8bfede@changeid
Signed-off-by: Johannes Berg <[email protected]>Signed-off-by: CKI Backport Bot [email protected]