openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
August 2023
- 3 participants
- 127 discussions
16 Aug '23
# Security update for pcre2
Announcement ID: SUSE-SU-2023:3327-1
Rating: moderate
References:
* #1213514
Cross-References:
* CVE-2022-41409
CVSS scores:
* CVE-2022-41409 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-41409 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for pcre2 fixes the following issues:
* CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that
allows attackers to cause a denial of service via negative input
(bsc#1213514).
## Patch Instructions:
To install this SUSE Moderate update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-3327=1 openSUSE-SLE-15.4-2023-3327=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3327=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3327=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3327=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3327=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3327=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3327=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3327=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3327=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3327=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* pcre2-debugsource-10.39-150400.4.9.1
* pcre2-devel-static-10.39-150400.4.9.1
* libpcre2-32-0-10.39-150400.4.9.1
* libpcre2-posix2-10.39-150400.4.9.1
* pcre2-tools-debuginfo-10.39-150400.4.9.1
* libpcre2-8-0-10.39-150400.4.9.1
* libpcre2-8-0-debuginfo-10.39-150400.4.9.1
* libpcre2-posix2-debuginfo-10.39-150400.4.9.1
* pcre2-tools-10.39-150400.4.9.1
* pcre2-devel-10.39-150400.4.9.1
* libpcre2-16-0-debuginfo-10.39-150400.4.9.1
* libpcre2-32-0-debuginfo-10.39-150400.4.9.1
* libpcre2-16-0-10.39-150400.4.9.1
* openSUSE Leap 15.4 (x86_64)
* libpcre2-32-0-32bit-debuginfo-10.39-150400.4.9.1
* libpcre2-16-0-32bit-debuginfo-10.39-150400.4.9.1
* libpcre2-32-0-32bit-10.39-150400.4.9.1
* libpcre2-8-0-32bit-debuginfo-10.39-150400.4.9.1
* libpcre2-posix2-32bit-10.39-150400.4.9.1
* libpcre2-16-0-32bit-10.39-150400.4.9.1
* libpcre2-posix2-32bit-debuginfo-10.39-150400.4.9.1
* libpcre2-8-0-32bit-10.39-150400.4.9.1
* openSUSE Leap 15.4 (noarch)
* pcre2-doc-10.39-150400.4.9.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libpcre2-32-0-64bit-10.39-150400.4.9.1
* libpcre2-8-0-64bit-10.39-150400.4.9.1
* libpcre2-posix2-64bit-debuginfo-10.39-150400.4.9.1
* libpcre2-32-0-64bit-debuginfo-10.39-150400.4.9.1
* libpcre2-posix2-64bit-10.39-150400.4.9.1
* libpcre2-16-0-64bit-debuginfo-10.39-150400.4.9.1
* libpcre2-16-0-64bit-10.39-150400.4.9.1
* libpcre2-8-0-64bit-debuginfo-10.39-150400.4.9.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* pcre2-debugsource-10.39-150400.4.9.1
* libpcre2-8-0-10.39-150400.4.9.1
* libpcre2-8-0-debuginfo-10.39-150400.4.9.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* pcre2-debugsource-10.39-150400.4.9.1
* libpcre2-8-0-10.39-150400.4.9.1
* libpcre2-8-0-debuginfo-10.39-150400.4.9.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* pcre2-debugsource-10.39-150400.4.9.1
* pcre2-devel-static-10.39-150400.4.9.1
* libpcre2-32-0-10.39-150400.4.9.1
* libpcre2-posix2-10.39-150400.4.9.1
* pcre2-tools-debuginfo-10.39-150400.4.9.1
* libpcre2-8-0-10.39-150400.4.9.1
* libpcre2-8-0-debuginfo-10.39-150400.4.9.1
* libpcre2-posix2-debuginfo-10.39-150400.4.9.1
* pcre2-tools-10.39-150400.4.9.1
* pcre2-devel-10.39-150400.4.9.1
* libpcre2-16-0-debuginfo-10.39-150400.4.9.1
* libpcre2-32-0-debuginfo-10.39-150400.4.9.1
* libpcre2-16-0-10.39-150400.4.9.1
* openSUSE Leap 15.5 (x86_64)
* libpcre2-32-0-32bit-debuginfo-10.39-150400.4.9.1
* libpcre2-16-0-32bit-debuginfo-10.39-150400.4.9.1
* libpcre2-32-0-32bit-10.39-150400.4.9.1
* libpcre2-8-0-32bit-debuginfo-10.39-150400.4.9.1
* libpcre2-posix2-32bit-10.39-150400.4.9.1
* libpcre2-16-0-32bit-10.39-150400.4.9.1
* libpcre2-posix2-32bit-debuginfo-10.39-150400.4.9.1
* libpcre2-8-0-32bit-10.39-150400.4.9.1
* openSUSE Leap 15.5 (noarch)
* pcre2-doc-10.39-150400.4.9.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* pcre2-debugsource-10.39-150400.4.9.1
* libpcre2-8-0-10.39-150400.4.9.1
* libpcre2-8-0-debuginfo-10.39-150400.4.9.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* pcre2-debugsource-10.39-150400.4.9.1
* libpcre2-8-0-10.39-150400.4.9.1
* libpcre2-8-0-debuginfo-10.39-150400.4.9.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* pcre2-debugsource-10.39-150400.4.9.1
* libpcre2-8-0-10.39-150400.4.9.1
* libpcre2-8-0-debuginfo-10.39-150400.4.9.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* pcre2-debugsource-10.39-150400.4.9.1
* libpcre2-8-0-10.39-150400.4.9.1
* libpcre2-8-0-debuginfo-10.39-150400.4.9.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* pcre2-debugsource-10.39-150400.4.9.1
* libpcre2-32-0-10.39-150400.4.9.1
* libpcre2-posix2-10.39-150400.4.9.1
* libpcre2-8-0-10.39-150400.4.9.1
* libpcre2-8-0-debuginfo-10.39-150400.4.9.1
* libpcre2-posix2-debuginfo-10.39-150400.4.9.1
* pcre2-devel-10.39-150400.4.9.1
* libpcre2-16-0-debuginfo-10.39-150400.4.9.1
* libpcre2-32-0-debuginfo-10.39-150400.4.9.1
* libpcre2-16-0-10.39-150400.4.9.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* pcre2-debugsource-10.39-150400.4.9.1
* libpcre2-32-0-10.39-150400.4.9.1
* libpcre2-posix2-10.39-150400.4.9.1
* libpcre2-8-0-10.39-150400.4.9.1
* libpcre2-8-0-debuginfo-10.39-150400.4.9.1
* libpcre2-posix2-debuginfo-10.39-150400.4.9.1
* pcre2-devel-10.39-150400.4.9.1
* libpcre2-16-0-debuginfo-10.39-150400.4.9.1
* libpcre2-32-0-debuginfo-10.39-150400.4.9.1
* libpcre2-16-0-10.39-150400.4.9.1
## References:
* https://www.suse.com/security/cve/CVE-2022-41409.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213514
1
0
openSUSE-SU-2023:0222-1: moderate: Security update for perl-HTTP-Tiny
by opensuse-security@opensuse.org 15 Aug '23
by opensuse-security@opensuse.org 15 Aug '23
15 Aug '23
openSUSE Security Update: Security update for perl-HTTP-Tiny
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0222-1
Rating: moderate
References: #1211002
Cross-References: CVE-2023-31486
CVSS scores:
CVE-2023-31486 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-31486 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for perl-HTTP-Tiny fixes the following issues:
perl-HTTP-Tiny was updated to 0.086:
see /usr/share/doc/packages/perl-HTTP-Tiny/Changes
0.086 2023-06-22 10:06:37-04:00 America/New_York
- Fix code to use `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` as
documented.
0.084 2023-06-14 06:35:01-04:00 America/New_York
- No changes from 0.083-TRIAL.
0.083 2023-06-11 07:05:45-04:00 America/New_York (TRIAL RELEASE)
[!!! SECURITY !!!]
- Changes the `verify_SSL` default parameter from `0` to `1`. Fixes
CVE-2023-31486 (boo#1211002)
- `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` can be used to
restore the
old default if required.
0.081 2022-07-17 09:01:51-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- No longer deletes the 'headers' key from post_form arguments
hashref. [DOCS]
- Noted that request/response content are handled as raw bytes.
0.079 2021-11-04 12:33:43-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Fixed uninitialized value warnings on older Perls when the
REQUEST_METHOD environment variable is set and CGI_HTTP_PROXY is not.
0.077 2021-07-22 13:07:14-04:00 America/New_York (TRIAL RELEASE)
[ADDED]
- Added a `patch` helper method for the HTTP `PATCH` verb.
- If the REQUEST_METHOD environment variable is set, then
CGI_HTTP_PROXY replaces HTTP_PROXY.
[FIXED]
- Unsupported scheme errors early without giving an uninitialized
value warning first.
- Sends Content-Length: 0 on empty body PUT/POST. This is not in
the spec, but some servers require this.
- Allows optional status line reason, as clarified in RFC 7230.
- Ignore SIGPIPE on reads as well as writes, as IO::Socket::SSL says
that SSL reads can also send writes as a side effect.
- Check if a server has closed a connection before preserving it for
reuse.
[DOCS]
- Clarified that exceptions/errors result in 599 status codes.
[PREREQS]
- Optional IO::Socket::IP prereq must be at least version 0.32 to be
used. This ensures correct timeout support.
0.076 2018-08-05 21:07:38-04:00 America/New_York
- No changes from 0.075-TRIAL.
0.075 2018-08-01 07:03:36-04:00 America/New_York (TRIAL RELEASE)
[CHANGED] - The 'peer' option now also can take a code reference
0.073 2018-07-24 11:33:53-04:00 America/New_York (TRIAL RELEASE)
[DOCS] - Documented 'protocol' field in response hash.
0.071 2018-04-22 14:45:43+02:00 Europe/Oslo (TRIAL RELEASE)
[DOCS] - Documented that method argument to request() is
case-sensitive.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-222=1
Package List:
- openSUSE Backports SLE-15-SP4 (noarch):
perl-HTTP-Tiny-0.086-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2023-31486.html
https://bugzilla.suse.com/1211002
1
0
openSUSE-SU-2023:0223-1: moderate: Security update for perl-HTTP-Tiny
by opensuse-security@opensuse.org 15 Aug '23
by opensuse-security@opensuse.org 15 Aug '23
15 Aug '23
openSUSE Security Update: Security update for perl-HTTP-Tiny
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0223-1
Rating: moderate
References: #1211002
Cross-References: CVE-2023-31486
CVSS scores:
CVE-2023-31486 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-31486 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for perl-HTTP-Tiny fixes the following issues:
perl-HTTP-Tiny was updated to 0.086:
see /usr/share/doc/packages/perl-HTTP-Tiny/Changes
0.086 2023-06-22 10:06:37-04:00 America/New_York
- Fix code to use `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` as
documented.
0.084 2023-06-14 06:35:01-04:00 America/New_York
- No changes from 0.083-TRIAL.
0.083 2023-06-11 07:05:45-04:00 America/New_York (TRIAL RELEASE)
[!!! SECURITY !!!]
- Changes the `verify_SSL` default parameter from `0` to `1`. Fixes
CVE-2023-31486 (boo#1211002)
- `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` can be used to
restore the
old default if required.
0.081 2022-07-17 09:01:51-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- No longer deletes the 'headers' key from post_form arguments
hashref. [DOCS]
- Noted that request/response content are handled as raw bytes.
0.079 2021-11-04 12:33:43-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Fixed uninitialized value warnings on older Perls when the
REQUEST_METHOD environment variable is set and CGI_HTTP_PROXY is not.
0.077 2021-07-22 13:07:14-04:00 America/New_York (TRIAL RELEASE)
[ADDED]
- Added a `patch` helper method for the HTTP `PATCH` verb.
- If the REQUEST_METHOD environment variable is set, then
CGI_HTTP_PROXY replaces HTTP_PROXY.
[FIXED]
- Unsupported scheme errors early without giving an uninitialized
value warning first.
- Sends Content-Length: 0 on empty body PUT/POST. This is not in
the spec, but some servers require this.
- Allows optional status line reason, as clarified in RFC 7230.
- Ignore SIGPIPE on reads as well as writes, as IO::Socket::SSL says
that SSL reads can also send writes as a side effect.
- Check if a server has closed a connection before preserving it for
reuse.
[DOCS]
- Clarified that exceptions/errors result in 599 status codes.
[PREREQS]
- Optional IO::Socket::IP prereq must be at least version 0.32 to be
used. This ensures correct timeout support.
0.076 2018-08-05 21:07:38-04:00 America/New_York
- No changes from 0.075-TRIAL.
0.075 2018-08-01 07:03:36-04:00 America/New_York (TRIAL RELEASE)
[CHANGED] - The 'peer' option now also can take a code reference
0.073 2018-07-24 11:33:53-04:00 America/New_York (TRIAL RELEASE)
[DOCS] - Documented 'protocol' field in response hash.
0.071 2018-04-22 14:45:43+02:00 Europe/Oslo (TRIAL RELEASE)
[DOCS] - Documented that method argument to request() is
case-sensitive.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-223=1
Package List:
- openSUSE Backports SLE-15-SP5 (noarch):
perl-HTTP-Tiny-0.086-bp155.3.3.1
References:
https://www.suse.com/security/cve/CVE-2023-31486.html
https://bugzilla.suse.com/1211002
1
0
SUSE-SU-2023:3318-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 15 Aug '23
by security@lists.opensuse.org 15 Aug '23
15 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3318-1
Rating: important
References:
* #1150305
* #1193629
* #1194869
* #1206418
* #1207129
* #1207894
* #1208788
* #1210565
* #1210584
* #1210627
* #1210780
* #1210853
* #1211131
* #1211243
* #1211738
* #1211811
* #1211867
* #1212301
* #1212502
* #1212604
* #1212846
* #1212901
* #1212905
* #1213010
* #1213011
* #1213012
* #1213013
* #1213014
* #1213015
* #1213016
* #1213017
* #1213018
* #1213019
* #1213020
* #1213021
* #1213024
* #1213025
* #1213032
* #1213034
* #1213035
* #1213036
* #1213037
* #1213038
* #1213039
* #1213040
* #1213041
* #1213059
* #1213061
* #1213087
* #1213088
* #1213089
* #1213090
* #1213092
* #1213093
* #1213094
* #1213095
* #1213096
* #1213098
* #1213099
* #1213100
* #1213102
* #1213103
* #1213104
* #1213105
* #1213106
* #1213107
* #1213108
* #1213109
* #1213110
* #1213111
* #1213112
* #1213113
* #1213114
* #1213134
* #1213167
* #1213245
* #1213247
* #1213252
* #1213258
* #1213259
* #1213263
* #1213264
* #1213272
* #1213286
* #1213287
* #1213304
* #1213523
* #1213524
* #1213543
* #1213585
* #1213586
* #1213588
* #1213620
* #1213653
* #1213705
* #1213713
* #1213715
* #1213747
* #1213756
* #1213759
* #1213777
* #1213810
* #1213812
* #1213856
* #1213857
* #1213863
* #1213867
* #1213870
* #1213871
Cross-References:
* CVE-2022-40982
* CVE-2023-0459
* CVE-2023-20569
* CVE-2023-20593
* CVE-2023-21400
* CVE-2023-2156
* CVE-2023-2166
* CVE-2023-2985
* CVE-2023-31083
* CVE-2023-3117
* CVE-2023-31248
* CVE-2023-3268
* CVE-2023-3390
* CVE-2023-35001
* CVE-2023-3567
* CVE-2023-3609
* CVE-2023-3611
* CVE-2023-3776
* CVE-2023-3812
* CVE-2023-4004
CVSS scores:
* CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Real Time Module 15-SP4
An update that solves 20 vulnerabilities and has 89 fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2022-40982: Fixed transient execution attack called "Gather Data
Sampling" (bsc#1206418).
* CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
(bsc#1211738).
* CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’
(bsc#1213287).
* CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an
attacker to potentially access sensitive information (bsc#1213286).
* CVE-2023-21400: Fixed several memory corruptions due to improper locking in
io_uring (bsc#1213272).
* CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
of the RPL protocol (bsc#1211131).
* CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter
(bsc#1210627).
* CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in
fs/hfsplus/super.c that could allow a local user to cause a denial of
service (bsc#1211867).
* CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
* CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter
subsystem when processing named and anonymous sets in batch requests that
could allow a local user with CAP_NET_ADMIN capability to crash or
potentially escalate their privileges on the system (bsc#1213245).
* CVE-2023-31248: Fixed an use-after-free vulnerability in
nft_chain_lookup_byid that could allow a local attacker to escalate their
privilege (bsc#1213061).
* CVE-2023-3268: Fixed an out of bounds memory access flaw in
relay_file_read_start_pos in the relayfs (bsc#1212502).
* CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter
subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker
with user access to cause a privilege escalation issue (bsc#1212846).
* CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
that could allow a local attacker to escalate their privilege (bsc#1213059).
* CVE-2023-3567: Fixed a use-after-free in vcs_read in
drivers/tty/vt/vc_screen.c (bsc#1213167).
* CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
(bsc#1213586).
* CVE-2023-3611: Fixed an out-of-bounds write in net/sched
sch_qfq(bsc#1213585).
* CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
free (bsc#1213588).
* CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP
device driver functionality that could allow a local user to crash or
potentially escalate their privileges on the system (bsc#1213543).
* CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo
(bsc#1213812).
The following non-security bugs were fixed:
* acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
* add module_firmware() for firmware_tg357766 (git-fixes).
* afs: adjust ack interpretation to try and cope with nat (git-fixes).
* afs: fix access after dec in put functions (git-fixes).
* afs: fix afs_getattr() to refetch file status if callback break occurred
(git-fixes).
* afs: fix dynamic root getattr (git-fixes).
* afs: fix fileserver probe rtt handling (git-fixes).
* afs: fix infinite loop found by xfstest generic/676 (git-fixes).
* afs: fix lost servers_outstanding count (git-fixes).
* afs: fix server->active leak in afs_put_server (git-fixes).
* afs: fix setting of mtime when creating a file/dir/symlink (git-fixes).
* afs: fix updating of i_size with dv jump from server (git-fixes).
* afs: fix vlserver probe rtt handling (git-fixes).
* afs: return -eagain, not -eremoteio, when a file already locked (git-fixes).
* afs: use refcount_t rather than atomic_t (git-fixes).
* afs: use the operation issue time instead of the reply time for callbacks
(git-fixes).
* alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
* alsa: fireface: make read-only const array for model names static (git-
fixes).
* alsa: hda/realtek - remove 3k pull low procedure (git-fixes).
* alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes).
* alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes).
* alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes).
* alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes).
* alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes).
* alsa: hda/realtek: add quirk for clevo ns70au (git-fixes).
* alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes).
* alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes).
* alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes).
* alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes).
* alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes).
* alsa: hda/realtek: support asus g713pv laptop (git-fixes).
* alsa: hda/realtek: whitespace fix (git-fixes).
* alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
* alsa: hda: fix a possible null-pointer dereference due to data race in
snd_hdac_regmap_sync() (git-fixes).
* alsa: oxfw: make read-only const array models static (git-fixes).
* alsa: pcm: fix potential data race at pcm memory allocation helpers (git-
fixes).
* alsa: usb-audio: add quirk for microsoft modern wireless headset
(bsc#1207129).
* alsa: usb-audio: update for native dsd support quirks (git-fixes).
* apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
* arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes)
* arm64: dts: microchip: sparx5: do not use psci on reference boards (git-
fixes)
* arm64: vdso: pass (void *) to virt_to_page() (git-fixes)
* arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
* asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
* asoc: codecs: es8316: fix dmic config (git-fixes).
* asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-
fixes).
* asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
* asoc: codecs: wcd938x: fix codec initialisation race (git-fixes).
* asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes).
* asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
* asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
* asoc: da7219: check for failure reading aad irq events (git-fixes).
* asoc: da7219: flush pending aad irq when suspending (git-fixes).
* asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
* asoc: fsl_spdif: silence output on stop (git-fixes).
* asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: tegra: fix adx byte map (git-fixes).
* asoc: tegra: fix amx byte map (git-fixes).
* asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
* ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
* block, bfq: fix division by zero error on zero wsum (bsc#1213653).
* block: fix a source code comment in include/uapi/linux/blkzoned.h (git-
fixes).
* can: bcm: fix uaf in bcm_proc_show() (git-fixes).
* can: gs_usb: gs_can_close(): add missing set of can state to
can_state_stopped (git-fixes).
* ceph: do not let check_caps skip sending responses for revoke msgs
(bsc#1213856).
* cifs: add a warning when the in-flight count goes negative (bsc#1193629).
* cifs: address unused variable warning (bsc#1193629).
* cifs: do all necessary checks for credits within or before locking
(bsc#1193629).
* cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
* cifs: fix max_credits implementation (bsc#1193629).
* cifs: fix session state check in reconnect to avoid use-after-free issue
(bsc#1193629).
* cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
* cifs: fix session state transition to avoid use-after-free issue
(bsc#1193629).
* cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
* cifs: fix status checks in cifs_tree_connect (bsc#1193629).
* cifs: log session id when a matching ses is not found (bsc#1193629).
* cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
* cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
* cifs: print all credit counters in debugdata (bsc#1193629).
* cifs: print client_guid in debugdata (bsc#1193629).
* cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
* cifs: print nosharesock value while dumping mount options (bsc#1193629).
* clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git-
fixes).
* clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes).
* coda: avoid partial allocation of sig_inputargs (git-fixes).
* codel: fix kernel-doc notation warnings (git-fixes).
* crypto: kpp - add helper to set reqsize (git-fixes).
* crypto: qat - use helper to set reqsize (git-fixes).
* delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix
bsc#1213705.
* devlink: fix kernel-doc notation warnings (git-fixes).
* dlm: fix missing lkb refcount handling (git-fixes).
* dlm: fix plock invalid read (git-fixes).
* docs: networking: update codeaurora references for rmnet (git-fixes).
* documentation: abi: sysfs-class-net-qmi: pass_through contact update (git-
fixes).
* documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
* documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-
fixes).
* documentation: timers: hrtimers: make hybrid union historical (git-fixes).
* drm/amd/display: correct `dmub_fw_version` macro (git-fixes).
* drm/amd/display: disable mpc split by default on special asic (git-fixes).
* drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes).
* drm/amdgpu: avoid restore process run into dead loop (git-fixes).
* drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git-
fixes).
* drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes).
* drm/amdgpu: validate vm ioctl flags (git-fixes).
* drm/atomic: allow vblank-enabled + self-refresh "disable" (git-fixes).
* drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes).
* drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git-
fixes).
* drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes).
* drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes).
* drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes).
* drm/client: fix memory leak in drm_client_modeset_probe (git-fixes).
* drm/client: fix memory leak in drm_client_target_cloned (git-fixes).
* drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git-
fixes).
* drm/i915: fix one wrong caching mode enum usage (git-fixes).
* drm/msm/adreno: fix snapshot bindless_data size (git-fixes).
* drm/msm/disp/dpu: get timing engine status from intf status register (git-
fixes).
* drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
* drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes).
* drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-
fixes).
* drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes).
* drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git-
fixes).
* drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes).
* drm/ttm: do not leak a resource on swapout move error (git-fixes).
* drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777)
* dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in "compatible"
conditional schema (git-fixes).
* enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#PED-4758)
* ext4: add ea_inode checking to ext4_iget() (bsc#1213106).
* ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid()
(bsc#1213088).
* ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
* ext4: add strict range checks while freeing blocks (bsc#1213089).
* ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
* ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
* ext4: block range must be validated before use in ext4_mb_clear_bb()
(bsc#1213090).
* ext4: check iomap type only if ext4_iomap_begin() does not fail
(bsc#1213103).
* ext4: disallow ea_inodes with extended attributes (bsc#1213108).
* ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
* ext4: fix bug_on in __es_tree_search caused by bad quota inode
(bsc#1213111).
* ext4: fix data races when using cached status extents (bsc#1213102).
* ext4: fix deadlock when converting an inline directory in nojournal mode
(bsc#1213105).
* ext4: fix i_disksize exceeding i_size problem in paritally written case
(bsc#1213015).
* ext4: fix lockdep warning when enabling mmp (bsc#1213100).
* ext4: fix reusing stale buffer heads from last failed mounting
(bsc#1213020).
* ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
* ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
(bsc#1213021).
* ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
(bsc#1213098).
* ext4: fix warning in ext4_update_inline_data (bsc#1213012).
* ext4: fix warning in mb_find_extent (bsc#1213099).
* ext4: improve error handling from ext4_dirhash() (bsc#1213104).
* ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
* ext4: move where set the may_inline_data flag is set (bsc#1213011).
* ext4: only update i_reserved_data_blocks on successful block allocation
(bsc#1213019).
* ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb()
(bsc#1213087).
* ext4: refuse to create ea block when umounted (bsc#1213093).
* ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
(bsc#1213107).
* ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
* ext4: update s_journal_inum if it changes after journal replay
(bsc#1213094).
* ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
* ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
* fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes).
* fbdev: imxfb: warn about invalid left/right margin (git-fixes).
* file: always lock position for fmode_atomic_pos (bsc#1213759).
* fix documentation of panic_on_warn (git-fixes).
* fs: dlm: add midcomms init/start functions (git-fixes).
* fs: dlm: do not set stop rx flag after node reset (git-fixes).
* fs: dlm: filter user dlm messages for kernel locks (git-fixes).
* fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
* fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
* fs: dlm: fix race in lowcomms (git-fixes).
* fs: dlm: handle -ebusy first in lock arg validation (git-fixes).
* fs: dlm: move sending fin message into state change handling (git-fixes).
* fs: dlm: retry accept() until -eagain or error returns (git-fixes).
* fs: dlm: return positive pid value for f_getlk (git-fixes).
* fs: dlm: start midcomms before scand (git-fixes).
* fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-
fixes).
* fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
* fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
* fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes).
* fuse: ioctl: translate enosys in outarg (bsc#1213524).
* fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
* gve: set default duplex configuration to full (git-fixes).
* gve: unify driver name usage (git-fixes).
* hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861).
* hvcs: get reference to tty in remove (bsc#1213134 ltc#202861).
* hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
* hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134
ltc#202861).
* hvcs: use driver groups to manage driver attributes (bsc#1213134
ltc#202861).
* hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861).
* hwmon: (adm1275) allow setting sample averaging (git-fixes).
* hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-
fixes).
* hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled
(git-fixes).
* hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272
(git-fixes).
* i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
(git-fixes).
* i2c: xiic: do not try to handle more interrupt events after error (git-
fixes).
* iavf: fix out-of-bounds when setting channels on remove (git-fixes).
* iavf: fix use-after-free in free_netdev (git-fixes).
* iavf: use internal state to free traffic irqs (git-fixes).
* ib/hfi1: use bitmap_zalloc() when applicable (git-fixes)
* igc: check if hardware tx timestamping is enabled earlier (git-fixes).
* igc: enable and fix rx hash usage by netstack (git-fixes).
* igc: fix inserting of empty frame for launchtime (git-fixes).
* igc: fix kernel panic during ndo_tx_timeout callback (git-fixes).
* igc: fix launchtime before start of cycle (git-fixes).
* igc: fix race condition in ptp tx code (git-fixes).
* igc: handle pps start time programming for past time values (git-fixes).
* igc: prevent garbled tx queue with xdp zerocopy (git-fixes).
* igc: remove delay during tx ring configuration (git-fixes).
* igc: set tp bit in 'supported' and 'advertising' fields of
ethtool_link_ksettings (git-fixes).
* igc: work around hw bug causing missing timestamps (git-fixes).
* inotify: avoid reporting event with invalid wd (bsc#1213025).
* input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
* input: iqs269a - do not poll during ati (git-fixes).
* input: iqs269a - do not poll during suspend or resume (git-fixes).
* jbd2: fix data missing when reusing bh which is ready to be checkpointed
(bsc#1213095).
* jdb2: do not refuse invalidation of already invalidated buffers
(bsc#1213014).
* jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
* jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
* jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
* jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
* jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-
fixes).
* jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
* jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes).
* kabi/severities: add vas symbols changed due to recent fix vas accelerators
are directly tied to the architecture, there is no reason to have out-of-
tree production drivers
* kabi: do not check external trampolines for signature (kabi bsc#1207894
bsc#1211243).
* kernel-binary.spec.in: remove superfluous %% in supplements fixes:
02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags
to in-tree kmps")
* kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime
is undefined (git-fixes).
* kvm: arm64: do not read a hw interrupt pending state in user context (git-
fixes)
* kvm: arm64: warn if accessing timer pending state outside of vcpu
(bsc#1213620)
* kvm: do not null dereference ops->destroy (git-fixes)
* kvm: downgrade two bug_ons to warn_on_once (git-fixes)
* kvm: initialize debugfs_dentry when a vm is created to avoid null (git-
fixes)
* kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
* kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-
fixes).
* kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-
fixes).
* kvm: vmx: restore vmx_vmexit alignment (git-fixes).
* kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
* leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git-
fixes).
* libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
* media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
(git-fixes).
* media: cec: i2c: ch7322: also select regmap (git-fixes).
* media: i2c: correct format propagation for st-mipid02 (git-fixes).
* media: staging: atomisp: select v4l2_fwnode (git-fixes).
* media: usb: check az6007_read() return value (git-fixes).
* media: usb: siano: fix warning due to null work_func_t function pointer
(git-fixes).
* media: venus: helpers: fix align() of non power of two (git-fixes).
* media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes).
* memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
* mmc: core: disable trim on kingston emmc04g-m627 (git-fixes).
* mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is
used (git-fixes).
* net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
* net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585).
* net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
* net: mana: add support for vlan tagging (bsc#1212301).
* net: mana: batch ringing rx queue doorbell on receiving packets
(bsc#1212901).
* net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901).
* net: phy: marvell10g: fix 88x3310 power up (git-fixes).
* net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
* nfsd: add encoding of op_recall flag for write delegation (git-fixes).
* nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
* nfsd: fix sparse warning (git-fixes).
* nfsd: remove open coding of string copy (git-fixes).
* nfsv4.1: always send a reclaim_complete after establishing lease (git-
fixes).
* nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-
fixes).
* ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes).
* ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes).
* ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes).
* ntb: ntb_tool: add check for devm_kcalloc (git-fixes).
* ntb: ntb_transport: fix possible memory leak while device_register() fails
(git-fixes).
* nvme-multipath: support io stats on the mpath device (bsc#1210565).
* nvme-pci: fix dma direction of unmapping integrity data (git-fixes).
* nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
* nvme: introduce nvme_start_request (bsc#1210565).
* ocfs2: check new file size on fallocate call (git-fixes).
* ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
* ocfs2: switch to security_inode_init_security() (git-fixes).
* octeontx-af: fix hardware timestamp configuration (git-fixes).
* octeontx2-af: move validation of ptp pointer before its usage (git-fixes).
* octeontx2-pf: add additional check for mcam rules (git-fixes).
* opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
* pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes).
* pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes).
* phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-
fixes).
* phy: revert "phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb" (git-
fixes).
* phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
* phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes).
* pie: fix kernel-doc notation warning (git-fixes).
* pinctrl: amd: detect internal gpio0 debounce handling (git-fixes).
* pinctrl: amd: do not show `invalid config param` errors (git-fixes).
* pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes).
* pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes).
* pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes).
* platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-
fixes).
* powerpc/64: only warn if __pa()/__va() called with bad addresses
(bsc#1194869).
* powerpc/64s: fix vas mm use after free (bsc#1194869).
* powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869).
* powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869).
* powerpc/ftrace: remove ftrace init tramp once kernel init is complete
(bsc#1194869).
* powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare()
(bsc#1194869).
* powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross-
boundary (bsc#1150305 ltc#176097 git-fixes).
* powerpc/mm: switch obsolete dssall to .long (bsc#1194869).
* powerpc/powernv/sriov: perform null check on iov before dereferencing iov
(bsc#1194869).
* powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr
(bsc#1194869).
* powerpc/prom_init: fix kernel config grep (bsc#1194869).
* powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
* powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
* powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
* powerpc: define get_cycles macro for arch-override (bsc#1194869).
* powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
* pwm: ab8500: fix error code in probe() (git-fixes).
* pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
* pwm: sysfs: do not apply state to already disabled pwms (git-fixes).
* rdma/bnxt_re: fix hang during driver unload (git-fixes)
* rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
* rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
* rdma/irdma: add missing read barriers (git-fixes)
* rdma/irdma: fix data race on cqp completion stats (git-fixes)
* rdma/irdma: fix data race on cqp request done (git-fixes)
* rdma/irdma: fix op_type reporting in cqes (git-fixes)
* rdma/irdma: report correct wc error (git-fixes)
* rdma/mlx4: make check for invalid flags stricter (git-fixes)
* rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
* rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes)
* regmap: account for register length in smbus i/o limits (git-fixes).
* regmap: drop initial version of maximum transfer length fixes (git-fixes).
* revert "arm64: dts: zynqmp: add address-cells property to interrupt (git-
fixes)
* revert "debugfs, coccinelle: check for obsolete define_simple_attribute()
usage" (git-fixes).
* revert "drm/amd/display: edp do not add non-edid timings" (git-fixes).
* revert "nfsv4: retry lock on old_stateid during delegation return" (git-
fixes).
* revert "usb: dwc3: core: enable autoretry feature in the controller" (git-
fixes).
* revert "usb: gadget: tegra-xudc: fix error check in
tegra_xudc_powerdomain_init()" (git-fixes).
* revert "usb: xhci: tegra: fix error check" (git-fixes).
* revert "xhci: add quirk for host controllers that do not update endpoint
dcs" (git-fixes).
* rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe
they depend on config_toolchain_has__.
* rpm: update dependency to match current kmod.
* rsi: remove kernel-doc comment marker (git-fixes).
* rxrpc, afs: fix selection of abort codes (git-fixes).
* s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
* s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
* s390/bpf: add expoline to tail calls (git-fixes bsc#1213870).
* s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
* s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263).
* s390/decompressor: specify __decompress() buf len to avoid overflow (git-
fixes bsc#1213863).
* s390/ipl: add missing intersection check to ipl_report handling (git-fixes
bsc#1213871).
* s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes
bsc#1213252).
* s390/qeth: fix vipa deletion (git-fixes bsc#1213713).
* s390/vmem: fix empty page tables cleanup under kasan (git-fixes
bsc#1213715).
* s390: define runtime_discard_exit to fix link error with gnu ld < 2.36
(git-fixes bsc#1213264).
* s390: discard .interp section (git-fixes bsc#1213247).
* s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
* scftorture: count reschedule ipis (git-fixes).
* sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
* sched: fix debug && !schedstats warn (git-fixes)
* scsi: lpfc: abort outstanding els cmds when mailbox timeout error is
detected (bsc#1213756).
* scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756).
* scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756).
* scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756).
* scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan()
(bsc#1213756).
* scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path
(bsc#1213756).
* scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths
(bsc#1213756).
* scsi: lpfc: fix lpfc_name struct packing (bsc#1213756).
* scsi: lpfc: make fabric zone discovery more robust when handling unsolicited
logo (bsc#1213756).
* scsi: lpfc: pull out fw diagnostic dump log message from driver's trace
buffer (bsc#1213756).
* scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756).
* scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756).
* scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology
(bsc#1213756).
* scsi: lpfc: replace all non-returning strlcpy() with strscpy()
(bsc#1213756).
* scsi: lpfc: replace one-element array with flexible-array member
(bsc#1213756).
* scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and
lpfc_drop_node (bsc#1213756).
* scsi: lpfc: set establish image pair service parameter only for target
functions (bsc#1213756).
* scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756).
* scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756).
* scsi: lpfc: use struct_size() helper (bsc#1213756).
* scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747).
* scsi: qla2xxx: array index may go out of bound (bsc#1213747).
* scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747).
* scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport()
(bsc#1213747).
* scsi: qla2xxx: correct the index of array (bsc#1213747).
* scsi: qla2xxx: drop useless list_head (bsc#1213747).
* scsi: qla2xxx: fix buffer overrun (bsc#1213747).
* scsi: qla2xxx: fix command flush during tmf (bsc#1213747).
* scsi: qla2xxx: fix deletion race condition (bsc#1213747).
* scsi: qla2xxx: fix end of loop test (bsc#1213747).
* scsi: qla2xxx: fix erroneous link up failure (bsc#1213747).
* scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747).
* scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747).
* scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747).
* scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747).
* scsi: qla2xxx: fix session hang in gnl (bsc#1213747).
* scsi: qla2xxx: fix tmf leak through (bsc#1213747).
* scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747).
* scsi: qla2xxx: pointer may be dereferenced (bsc#1213747).
* scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747).
* scsi: qla2xxx: replace one-element array with declare_flex_array() helper
(bsc#1213747).
* scsi: qla2xxx: silence a static checker warning (bsc#1213747).
* scsi: qla2xxx: turn off noisy message log (bsc#1213747).
* scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).
* scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747).
* scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747).
* security: keys: modify mismatched function name (git-fixes).
* selftests: mptcp: depend on syn_cookies (git-fixes).
* selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
* selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-
fixes).
* selftests: tc: add 'ct' action kconfig dep (git-fixes).
* selftests: tc: add conntrack procfs kconfig (git-fixes).
* selftests: tc: set timeout to 15 minutes (git-fixes).
* serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
* serial: sifive: fix sifive_serial_console_setup() section (git-fixes).
* signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869).
* signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv)
(bsc#1194869).
* smb3: do not reserve too many oplock credits (bsc#1193629).
* smb3: missing null check in smb2_change_notify (bsc#1193629).
* smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
* smb: client: fix missed ses refcounting (git-fixes).
* smb: client: fix parsing of source mount option (bsc#1193629).
* smb: client: fix shared dfs root mounts with different prefixes
(bsc#1193629).
* smb: client: fix warning in cifs_match_super() (bsc#1193629).
* smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
* smb: client: fix warning in cifsfindfirst() (bsc#1193629).
* smb: client: fix warning in cifsfindnext() (bsc#1193629).
* smb: client: fix warning in generic_ip_connect() (bsc#1193629).
* smb: client: improve dfs mount check (bsc#1193629).
* smb: client: remove redundant pointer 'server' (bsc#1193629).
* smb: delete an unnecessary statement (bsc#1193629).
* smb: move client and server files to common directory fs/smb (bsc#1193629).
* smb: remove obsolete comment (bsc#1193629).
* soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
* soundwire: qcom: update status correctly with mask (git-fixes).
* spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-
fixes).
* spi: bcm63xx: fix max prepend length (git-fixes).
* staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-
fixes).
* staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes).
* sunrpc: always free ctxt when freeing deferred request (git-fixes).
* sunrpc: double free xprt_ctxt while still in use (git-fixes).
* sunrpc: fix trace_svc_register() call site (git-fixes).
* sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
* sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
* sunrpc: remove the maximum number of retries in call_bind_status (git-
fixes).
* svcrdma: prevent page release when nothing was received (git-fixes).
* tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-
fixes).
* tpm_tis: explicitly check for error code (git-fixes).
* tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes).
* tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
* ubi: ensure that vid header offset + vid header size <= alloc, size
(bsc#1210584).
* ubi: fix failure attaching when vid_hdr offset equals to (sub)page size
(bsc#1210584).
* ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-
fixes).
* ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-
fixes).
* ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers
(git-fixes).
* ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-
fixes).
* ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes).
* ubifs: fix build errors as symbol undefined (git-fixes).
* ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-
fixes).
* ubifs: fix memory leak in alloc_wbufs() (git-fixes).
* ubifs: fix memory leak in do_rename (git-fixes).
* ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
* ubifs: fix to add refcount once page is set private (git-fixes).
* ubifs: fix wrong dirty space budget for dirty inode (git-fixes).
* ubifs: free memory for tmpfile name (git-fixes).
* ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes).
* ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted
(git-fixes).
* ubifs: rectify space budget for ubifs_xrename() (git-fixes).
* ubifs: rename whiteout atomically (git-fixes).
* ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
* ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes).
* ubifs: reserve one leb for each journal head while doing budget (git-fixes).
* ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes).
* ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-
fixes).
* udf: avoid double brelse() in udf_rename() (bsc#1213032).
* udf: define efscorrupted error code (bsc#1213038).
* udf: detect system inodes linked into directory hierarchy (bsc#1213114).
* udf: discard preallocation before extending file with a hole (bsc#1213036).
* udf: do not bother looking for prealloc extents if i_lenextents matches
i_size (bsc#1213035).
* udf: do not bother merging very long extents (bsc#1213040).
* udf: do not update file length for failed writes to inline files
(bsc#1213041).
* udf: fix error handling in udf_new_inode() (bsc#1213112).
* udf: fix extending file within last block (bsc#1213037).
* udf: fix preallocation discarding at indirect extent boundary (bsc#1213034).
* udf: preserve link count of system files (bsc#1213113).
* udf: truncate added extents on failed expansion (bsc#1213039).
* update config and supported.conf files due to renaming.
* update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes
bsc#1212604). added bug reference.
* usb: dwc2: fix some error handling paths (git-fixes).
* usb: dwc2: platform: improve error reporting for problems during .remove()
(git-fixes).
* usb: dwc3: do not reset device side if dwc3 was configured as host-only
(git-fixes).
* usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes).
* usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
(git-fixes).
* usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
* usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
* usb: serial: option: add lara-r6 01b pids (git-fixes).
* usb: xhci-mtk: set the dma max_seg_size (git-fixes).
* vhost: support packed when setting-getting vring_base (git-fixes).
* vhost_net: revert upend_idx only on retriable error (git-fixes).
* virtio-net: maintain reverse cleanup order (git-fixes).
* virtio_net: fix error unwinding of xdp initialization (git-fixes).
* wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
* wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes).
* wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes).
* wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-
fixes).
* wl3501_cs: use eth_hw_addr_set() (git-fixes).
* writeback: fix call of incorrect macro (bsc#1213024).
* x86/pvh: obtain vga console info in dom0 (git-fixes).
* x86: fix .brk attribute in linker script (git-fixes).
* xen/blkfront: only check req_fua for writes (git-fixes).
* xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-
fixes).
* xfs: ail needs asynchronous cil forcing (bsc#1211811).
* xfs: async cil flushes need pending pushes to be made stable (bsc#1211811).
* xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
* xfs: cil work is serialised, not pipelined (bsc#1211811).
* xfs: clean up the rtbitmap fsmap backend (git-fixes).
* xfs: do not deplete the reserve pool when trying to shrink the fs (git-
fixes).
* xfs: do not reverse order of items in bulk ail insertion (git-fixes).
* xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
* xfs: drop async cache flushes from cil commits (bsc#1211811).
* xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
* xfs: fix getfsmap reporting past the last rt extent (git-fixes).
* xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-
fixes).
* xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
* xfs: fix logdev fsmap query result filtering (git-fixes).
* xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
* xfs: fix uninitialized variable access (git-fixes).
* xfs: make fsmap backend function key parameters const (git-fixes).
* xfs: make the record pointer passed to query_range functions const (git-
fixes).
* xfs: move the cil workqueue to the cil (bsc#1211811).
* xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
* xfs: order cil checkpoint start records (bsc#1211811).
* xfs: pass a cil context to xlog_write() (bsc#1211811).
* xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
* xfs: rework xlog_state_do_callback() (bsc#1211811).
* xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks
(bsc#1211811).
* xfs: separate out log shutdown callback processing (bsc#1211811).
* xfs: wait iclog complete before tearing down ail (bsc#1211811).
* xfs: xlog_state_ioerror must die (bsc#1211811).
* xhci: fix resume issue of some zhaoxin hosts (git-fixes).
* xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes).
* xhci: show zhaoxin xhci root hub speed correctly (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3318=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3318=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3318=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3318=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3318=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3318=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3318=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3318=1
* SUSE Real Time Module 15-SP4
zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-3318=1
## Package List:
* openSUSE Leap Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* openSUSE Leap Micro 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* openSUSE Leap Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* openSUSE Leap Micro 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* openSUSE Leap 15.4 (x86_64)
* kernel-syms-rt-5.14.21-150400.15.46.1
* cluster-md-kmp-rt-5.14.21-150400.15.46.1
* ocfs2-kmp-rt-5.14.21-150400.15.46.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt-devel-debuginfo-5.14.21-150400.15.46.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.46.1
* kernel-rt_debug-debuginfo-5.14.21-150400.15.46.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* gfs2-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt-devel-5.14.21-150400.15.46.1
* dlm-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt_debug-debugsource-5.14.21-150400.15.46.1
* dlm-kmp-rt-5.14.21-150400.15.46.1
* kernel-rt_debug-devel-5.14.21-150400.15.46.1
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* gfs2-kmp-rt-5.14.21-150400.15.46.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-rt-5.14.21-150400.15.46.1
* kernel-source-rt-5.14.21-150400.15.46.1
* openSUSE Leap 15.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* kernel-rt_debug-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-5_14_21-150400_15_46-rt-debuginfo-1-150400.1.5.1
* kernel-livepatch-SLE15-SP4-RT_Update_11-debugsource-1-150400.1.5.1
* kernel-livepatch-5_14_21-150400_15_46-rt-1-150400.1.5.1
* SUSE Real Time Module 15-SP4 (x86_64)
* kernel-syms-rt-5.14.21-150400.15.46.1
* cluster-md-kmp-rt-5.14.21-150400.15.46.1
* ocfs2-kmp-rt-5.14.21-150400.15.46.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt-devel-debuginfo-5.14.21-150400.15.46.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.46.1
* kernel-rt_debug-debuginfo-5.14.21-150400.15.46.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* gfs2-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt-devel-5.14.21-150400.15.46.1
* dlm-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt_debug-debugsource-5.14.21-150400.15.46.1
* dlm-kmp-rt-5.14.21-150400.15.46.1
* kernel-rt_debug-devel-5.14.21-150400.15.46.1
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* gfs2-kmp-rt-5.14.21-150400.15.46.1
* SUSE Real Time Module 15-SP4 (noarch)
* kernel-devel-rt-5.14.21-150400.15.46.1
* kernel-source-rt-5.14.21-150400.15.46.1
* SUSE Real Time Module 15-SP4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* kernel-rt_debug-5.14.21-150400.15.46.1
## References:
* https://www.suse.com/security/cve/CVE-2022-40982.html
* https://www.suse.com/security/cve/CVE-2023-0459.html
* https://www.suse.com/security/cve/CVE-2023-20569.html
* https://www.suse.com/security/cve/CVE-2023-20593.html
* https://www.suse.com/security/cve/CVE-2023-21400.html
* https://www.suse.com/security/cve/CVE-2023-2156.html
* https://www.suse.com/security/cve/CVE-2023-2166.html
* https://www.suse.com/security/cve/CVE-2023-2985.html
* https://www.suse.com/security/cve/CVE-2023-31083.html
* https://www.suse.com/security/cve/CVE-2023-3117.html
* https://www.suse.com/security/cve/CVE-2023-31248.html
* https://www.suse.com/security/cve/CVE-2023-3268.html
* https://www.suse.com/security/cve/CVE-2023-3390.html
* https://www.suse.com/security/cve/CVE-2023-35001.html
* https://www.suse.com/security/cve/CVE-2023-3567.html
* https://www.suse.com/security/cve/CVE-2023-3609.html
* https://www.suse.com/security/cve/CVE-2023-3611.html
* https://www.suse.com/security/cve/CVE-2023-3776.html
* https://www.suse.com/security/cve/CVE-2023-3812.html
* https://www.suse.com/security/cve/CVE-2023-4004.html
* https://bugzilla.suse.com/show_bug.cgi?id=1150305
* https://bugzilla.suse.com/show_bug.cgi?id=1193629
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1206418
* https://bugzilla.suse.com/show_bug.cgi?id=1207129
* https://bugzilla.suse.com/show_bug.cgi?id=1207894
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
* https://bugzilla.suse.com/show_bug.cgi?id=1210565
* https://bugzilla.suse.com/show_bug.cgi?id=1210584
* https://bugzilla.suse.com/show_bug.cgi?id=1210627
* https://bugzilla.suse.com/show_bug.cgi?id=1210780
* https://bugzilla.suse.com/show_bug.cgi?id=1210853
* https://bugzilla.suse.com/show_bug.cgi?id=1211131
* https://bugzilla.suse.com/show_bug.cgi?id=1211243
* https://bugzilla.suse.com/show_bug.cgi?id=1211738
* https://bugzilla.suse.com/show_bug.cgi?id=1211811
* https://bugzilla.suse.com/show_bug.cgi?id=1211867
* https://bugzilla.suse.com/show_bug.cgi?id=1212301
* https://bugzilla.suse.com/show_bug.cgi?id=1212502
* https://bugzilla.suse.com/show_bug.cgi?id=1212604
* https://bugzilla.suse.com/show_bug.cgi?id=1212846
* https://bugzilla.suse.com/show_bug.cgi?id=1212901
* https://bugzilla.suse.com/show_bug.cgi?id=1212905
* https://bugzilla.suse.com/show_bug.cgi?id=1213010
* https://bugzilla.suse.com/show_bug.cgi?id=1213011
* https://bugzilla.suse.com/show_bug.cgi?id=1213012
* https://bugzilla.suse.com/show_bug.cgi?id=1213013
* https://bugzilla.suse.com/show_bug.cgi?id=1213014
* https://bugzilla.suse.com/show_bug.cgi?id=1213015
* https://bugzilla.suse.com/show_bug.cgi?id=1213016
* https://bugzilla.suse.com/show_bug.cgi?id=1213017
* https://bugzilla.suse.com/show_bug.cgi?id=1213018
* https://bugzilla.suse.com/show_bug.cgi?id=1213019
* https://bugzilla.suse.com/show_bug.cgi?id=1213020
* https://bugzilla.suse.com/show_bug.cgi?id=1213021
* https://bugzilla.suse.com/show_bug.cgi?id=1213024
* https://bugzilla.suse.com/show_bug.cgi?id=1213025
* https://bugzilla.suse.com/show_bug.cgi?id=1213032
* https://bugzilla.suse.com/show_bug.cgi?id=1213034
* https://bugzilla.suse.com/show_bug.cgi?id=1213035
* https://bugzilla.suse.com/show_bug.cgi?id=1213036
* https://bugzilla.suse.com/show_bug.cgi?id=1213037
* https://bugzilla.suse.com/show_bug.cgi?id=1213038
* https://bugzilla.suse.com/show_bug.cgi?id=1213039
* https://bugzilla.suse.com/show_bug.cgi?id=1213040
* https://bugzilla.suse.com/show_bug.cgi?id=1213041
* https://bugzilla.suse.com/show_bug.cgi?id=1213059
* https://bugzilla.suse.com/show_bug.cgi?id=1213061
* https://bugzilla.suse.com/show_bug.cgi?id=1213087
* https://bugzilla.suse.com/show_bug.cgi?id=1213088
* https://bugzilla.suse.com/show_bug.cgi?id=1213089
* https://bugzilla.suse.com/show_bug.cgi?id=1213090
* https://bugzilla.suse.com/show_bug.cgi?id=1213092
* https://bugzilla.suse.com/show_bug.cgi?id=1213093
* https://bugzilla.suse.com/show_bug.cgi?id=1213094
* https://bugzilla.suse.com/show_bug.cgi?id=1213095
* https://bugzilla.suse.com/show_bug.cgi?id=1213096
* https://bugzilla.suse.com/show_bug.cgi?id=1213098
* https://bugzilla.suse.com/show_bug.cgi?id=1213099
* https://bugzilla.suse.com/show_bug.cgi?id=1213100
* https://bugzilla.suse.com/show_bug.cgi?id=1213102
* https://bugzilla.suse.com/show_bug.cgi?id=1213103
* https://bugzilla.suse.com/show_bug.cgi?id=1213104
* https://bugzilla.suse.com/show_bug.cgi?id=1213105
* https://bugzilla.suse.com/show_bug.cgi?id=1213106
* https://bugzilla.suse.com/show_bug.cgi?id=1213107
* https://bugzilla.suse.com/show_bug.cgi?id=1213108
* https://bugzilla.suse.com/show_bug.cgi?id=1213109
* https://bugzilla.suse.com/show_bug.cgi?id=1213110
* https://bugzilla.suse.com/show_bug.cgi?id=1213111
* https://bugzilla.suse.com/show_bug.cgi?id=1213112
* https://bugzilla.suse.com/show_bug.cgi?id=1213113
* https://bugzilla.suse.com/show_bug.cgi?id=1213114
* https://bugzilla.suse.com/show_bug.cgi?id=1213134
* https://bugzilla.suse.com/show_bug.cgi?id=1213167
* https://bugzilla.suse.com/show_bug.cgi?id=1213245
* https://bugzilla.suse.com/show_bug.cgi?id=1213247
* https://bugzilla.suse.com/show_bug.cgi?id=1213252
* https://bugzilla.suse.com/show_bug.cgi?id=1213258
* https://bugzilla.suse.com/show_bug.cgi?id=1213259
* https://bugzilla.suse.com/show_bug.cgi?id=1213263
* https://bugzilla.suse.com/show_bug.cgi?id=1213264
* https://bugzilla.suse.com/show_bug.cgi?id=1213272
* https://bugzilla.suse.com/show_bug.cgi?id=1213286
* https://bugzilla.suse.com/show_bug.cgi?id=1213287
* https://bugzilla.suse.com/show_bug.cgi?id=1213304
* https://bugzilla.suse.com/show_bug.cgi?id=1213523
* https://bugzilla.suse.com/show_bug.cgi?id=1213524
* https://bugzilla.suse.com/show_bug.cgi?id=1213543
* https://bugzilla.suse.com/show_bug.cgi?id=1213585
* https://bugzilla.suse.com/show_bug.cgi?id=1213586
* https://bugzilla.suse.com/show_bug.cgi?id=1213588
* https://bugzilla.suse.com/show_bug.cgi?id=1213620
* https://bugzilla.suse.com/show_bug.cgi?id=1213653
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
* https://bugzilla.suse.com/show_bug.cgi?id=1213713
* https://bugzilla.suse.com/show_bug.cgi?id=1213715
* https://bugzilla.suse.com/show_bug.cgi?id=1213747
* https://bugzilla.suse.com/show_bug.cgi?id=1213756
* https://bugzilla.suse.com/show_bug.cgi?id=1213759
* https://bugzilla.suse.com/show_bug.cgi?id=1213777
* https://bugzilla.suse.com/show_bug.cgi?id=1213810
* https://bugzilla.suse.com/show_bug.cgi?id=1213812
* https://bugzilla.suse.com/show_bug.cgi?id=1213856
* https://bugzilla.suse.com/show_bug.cgi?id=1213857
* https://bugzilla.suse.com/show_bug.cgi?id=1213863
* https://bugzilla.suse.com/show_bug.cgi?id=1213867
* https://bugzilla.suse.com/show_bug.cgi?id=1213870
* https://bugzilla.suse.com/show_bug.cgi?id=1213871
1
0
openSUSE-SU-2023:0219-1: important: Security update for opensuse-welcome
by opensuse-security@opensuse.org 14 Aug '23
by opensuse-security@opensuse.org 14 Aug '23
14 Aug '23
openSUSE Security Update: Security update for opensuse-welcome
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0219-1
Rating: important
References: #1213708
Cross-References: CVE-2023-32184
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for opensuse-welcome fixes the following issues:
Update to version 0.1.9+git.35.4b9444a:
* CVE-2023-32184: panellayouter: use QTemporaryFile for applyLayout()
(boo#1213708).
* Translation updates.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-219=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 x86_64):
opensuse-welcome-0.1.9+git.35.4b9444a-bp155.2.3.1
- openSUSE Backports SLE-15-SP5 (noarch):
opensuse-welcome-lang-0.1.9+git.35.4b9444a-bp155.2.3.1
References:
https://www.suse.com/security/cve/CVE-2023-32184.html
https://bugzilla.suse.com/1213708
1
0
SUSE-SU-2023:3311-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 14 Aug '23
by security@lists.opensuse.org 14 Aug '23
14 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3311-1
Rating: important
References:
* #1206418
* #1207129
* #1207948
* #1210627
* #1210780
* #1210825
* #1211131
* #1211738
* #1211811
* #1212445
* #1212502
* #1212604
* #1212766
* #1212901
* #1213167
* #1213272
* #1213287
* #1213304
* #1213417
* #1213578
* #1213585
* #1213586
* #1213588
* #1213601
* #1213620
* #1213632
* #1213653
* #1213713
* #1213715
* #1213747
* #1213756
* #1213759
* #1213777
* #1213810
* #1213812
* #1213856
* #1213857
* #1213863
* #1213867
* #1213870
* #1213871
* #1213872
Cross-References:
* CVE-2022-40982
* CVE-2023-0459
* CVE-2023-20569
* CVE-2023-21400
* CVE-2023-2156
* CVE-2023-2166
* CVE-2023-31083
* CVE-2023-3268
* CVE-2023-3567
* CVE-2023-3609
* CVE-2023-3611
* CVE-2023-3776
* CVE-2023-38409
* CVE-2023-3863
* CVE-2023-4004
CVSS scores:
* CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-38409 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-38409 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
An update that solves 15 vulnerabilities and has 27 fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2022-40982: Fixed transient execution attack called "Gather Data
Sampling" (bsc#1206418).
* CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
(bsc#1211738).
* CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’
(bsc#1213287).
* CVE-2023-21400: Fixed several memory corruptions due to improper locking in
io_uring (bsc#1213272).
* CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
of the RPL protocol (bsc#1211131).
* CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter
(bsc#1210627).
* CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
* CVE-2023-3268: Fixed an out of bounds memory access flaw in
relay_file_read_start_pos in the relayfs (bsc#1212502).
* CVE-2023-3567: Fixed a use-after-free in vcs_read in
drivers/tty/vt/vc_screen.c (bsc#1213167).
* CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
(bsc#1213586).
* CVE-2023-3611: Fixed an out-of-bounds write in net/sched
sch_qfq(bsc#1213585).
* CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
free (bsc#1213588).
* CVE-2023-38409: Fixed an issue in set_con2fb_map in
drivers/video/fbdev/core/fbcon.c. Because an assignment occurs only for the
first vc, the fbcon_registered_fb and fbcon_display arrays can be
desynchronized in fbcon_mode_deleted (the con2fb_map points at the old
fb_info) (bsc#1213417).
* CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in
net/nfc/llcp_core.c in NFC. This flaw allowed a local user with special
privileges to impact a kernel information leak issue (bsc#1213601).
* CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo
(bsc#1213812).
The following non-security bugs were fixed:
* ACPI: CPPC: Add ACPI disabled check to acpi_cpc_valid() (bsc#1212445).
* ACPI: CPPC: Add definition for undefined FADT preferred PM profile value
(bsc#1212445).
* ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info() (git-
fixes).
* ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
* afs: Adjust ACK interpretation to try and cope with NAT (git-fixes).
* afs: Fix access after dec in put functions (git-fixes).
* afs: Fix afs_getattr() to refetch file status if callback break occurred
(git-fixes).
* afs: Fix dynamic root getattr (git-fixes).
* afs: Fix fileserver probe RTT handling (git-fixes).
* afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
* afs: Fix lost servers_outstanding count (git-fixes).
* afs: Fix server->active leak in afs_put_server (git-fixes).
* afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes).
* afs: Fix updating of i_size with dv jump from server (git-fixes).
* afs: Fix vlserver probe RTT handling (git-fixes).
* afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes).
* afs: Use refcount_t rather than atomic_t (git-fixes).
* afs: Use the operation issue time instead of the reply time for callbacks
(git-fixes).
* ALSA: emu10k1: roll up loops in DSP setup code for Audigy (git-fixes).
* ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
* ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes).
* ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes).
* ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes).
* ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
* ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes).
* ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes).
* ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless (git-
fixes).
* ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (git-
fixes).
* ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset
(bsc#1207129).
* ALSA: usb-audio: Always initialize fixed_rate in
snd_usb_find_implicit_fb_sync_format() (git-fixes).
* ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() (git-
fixes).
* ALSA: usb-audio: Avoid superfluous endpoint setup (git-fixes).
* ALSA: usb-audio: Avoid unnecessary interface change at EP close (git-fixes).
* ALSA: usb-audio: Clear fixed clock rate at closing EP (git-fixes).
* ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params()
(git-fixes).
* ALSA: usb-audio: Drop superfluous interface setup at parsing (git-fixes).
* ALSA: usb-audio: Fix possible NULL pointer dereference in
snd_usb_pcm_has_fixed_rate() (git-fixes).
* ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all (git-
fixes).
* ALSA: usb-audio: More refactoring of hw constraint rules (git-fixes).
* ALSA: usb-audio: Properly refcounting clock rate (git-fixes).
* ALSA: usb-audio: Rate limit usb_set_interface error reporting (git-fixes).
* ALSA: usb-audio: Refcount multiple accesses on the single clock (git-fixes).
* ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2)
(git-fixes).
* ALSA: usb-audio: Update for native DSD support quirks (git-fixes).
* ALSA: usb-audio: Use atomic_try_cmpxchg in ep_state_update (git-fixes).
* ALSA: usb-audio: Workaround for XRUN at prepare (git-fixes).
* amd-pstate: Fix amd_pstate mode switch (git-fixes).
* ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count()
(git-fixes).
* ASoC: atmel: Fix the 8K sample parameter in I2SC master (git-fixes).
* ASoc: codecs: ES8316: Fix DMIC config (git-fixes).
* ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
* ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes).
* ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes).
* ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
* ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
* ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-
fixes).
* ASoC: da7219: Check for failure reading AAD IRQ events (git-fixes).
* ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes).
* ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes).
* ASoC: fsl_spdif: Silence output on stop (git-fixes).
* ASoC: rt5640: Fix sleep in atomic context (git-fixes).
* ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 (git-fixes).
* ASoC: rt711: fix for JD event handling in ClockStop Mode0 (git-fixes).
* ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 (git-fixes).
* ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write()
(git-fixes).
* ASoC: tegra: Fix ADX byte map (git-fixes).
* ASoC: tegra: Fix AMX byte map (git-fixes).
* ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (git-fixes).
* ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
* block, bfq: Fix division by zero error on zero wsum (bsc#1213653).
* block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-
fixes).
* bus: mhi: add new interfaces to handle MHI channels directly (bsc#1207948).
* bus: mhi: host: add destroy_device argument to mhi_power_down()
(bsc#1207948).
* can: gs_usb: gs_can_close(): add missing set of CAN state to
CAN_STATE_STOPPED (git-fixes).
* ceph: do not let check_caps skip sending responses for revoke msgs
(bsc#1213856).
* coda: Avoid partial allocation of sig_inputArgs (git-fixes).
* cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection
(bsc#1212445).
* cpufreq: amd-pstate: Add AMD P-State frequencies attributes (bsc#1212445).
* cpufreq: amd-pstate: Add AMD P-State performance attributes (bsc#1212445).
* cpufreq: amd-pstate: Add boost mode support for AMD P-State (bsc#1212445).
* cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445).
* cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1212445).
* cpufreq: amd-pstate: Add fast switch function for AMD P-State (bsc#1212445).
* cpufreq: amd-pstate: Add guided autonomous mode (bsc#1212445).
* cpufreq: amd-pstate: Add guided mode control support via sysfs
(bsc#1212445).
* cpufreq: amd-pstate: Add more tracepoint for AMD P-State module
(bsc#1212445).
* cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1212445).
* cpufreq: amd-pstate: Add trace for AMD P-State module (bsc#1212445).
* cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445).
* cpufreq: amd-pstate: change amd-pstate driver to be built-in type
(bsc#1212445).
* cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445).
* cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at
init (bsc#1212445).
* cpufreq: amd-pstate: Expose struct amd_cpudata (bsc#1212445).
* cpufreq: amd-pstate: Fix initial highest_perf value (bsc#1212445).
* cpufreq: amd-pstate: Fix invalid write to MSR_AMD_CPPC_REQ (bsc#1212445).
* cpufreq: amd-pstate: Fix Kconfig dependencies for AMD P-State (bsc#1212445).
* cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering
(bsc#1212445).
* cpufreq: amd-pstate: Fix struct amd_cpudata kernel-doc comment
(bsc#1212445).
* cpufreq: amd-pstate: fix white-space (bsc#1212445).
* cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445).
* cpufreq: amd-pstate: implement amd pstate cpu online and offline callback
(bsc#1212445).
* cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors
(bsc#1212445).
* cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445).
* cpufreq: amd-pstate: Introduce a new AMD P-State driver to support future
processors (bsc#1212445).
* cpufreq: amd-pstate: Introduce the support for the processors with shared
memory solution (bsc#1212445).
* cpufreq: amd-pstate: Let user know amd-pstate is disabled (bsc#1212445).
* cpufreq: amd-pstate: Make amd-pstate EPP driver name hyphenated
(bsc#1212445).
* cpufreq: amd-pstate: Make varaiable mode_state_machine static (bsc#1212445).
* cpufreq: amd_pstate: map desired perf into pstate scope for powersave
governor (bsc#1212445).
* cpufreq: amd-pstate: optimize driver working mode selection in
amd_pstate_param() (bsc#1212445).
* cpufreq: amd-pstate: Remove fast_switch_possible flag from active driver
(bsc#1212445).
* cpufreq: amd-pstate: remove MODULE_LICENSE in non-modules (bsc#1212445).
* cpufreq: amd-pstate: Set a fallback policy based on preferred_profile
(bsc#1212445).
* cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445).
* cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf()
(bsc#1212445).
* cpufreq: amd-pstate: update pstate frequency transition delay time
(bsc#1212445).
* cpufreq: amd-pstate: Write CPPC enable bit per-socket (bsc#1212445).
* crypto: kpp - Add helper to set reqsize (git-fixes).
* crypto: qat - Use helper to set reqsize (git-fixes).
* dlm: fix missing lkb refcount handling (git-fixes).
* dlm: fix plock invalid read (git-fixes).
* Documentation: cpufreq: amd-pstate: Move amd_pstate param to alphabetical
order (bsc#1212445).
* Documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-
fixes).
* drm/amd/display: Add monitor specific edid quirk (git-fixes).
* drm/amd/display: Add polling method to handle MST reply packet
(bsc#1213578).
* drm/amd/display: check TG is non-null before checking if enabled (git-
fixes).
* drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
* drm/amd/display: Disable MPC split by default on special asic (git-fixes).
* drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
* drm/amd/display: fix seamless odm transitions (git-fixes).
* drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes).
* drm/amd/display: only accept async flips for fast updates (git-fixes).
* drm/amd/display: Only update link settings after successful MST link train
(git-fixes).
* drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
* drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 (git-
fixes).
* drm/amd/display: save restore hdcp state when display is unplugged from mst
hub (git-fixes).
* drm/amd/display: Unlock on error path in
dm_handle_mst_sideband_msg_ready_event() (git-fixes).
* drm/amd: Fix an error handling mistake in psp_sw_init() (git-fixes).
* drm/amdgpu: add the fan abnormal detection feature (git-fixes).
* drm/amdgpu: avoid restore process run into dead loop (git-fixes).
* drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-
fixes).
* drm/amdgpu: Fix minmax warning (git-fixes).
* drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes).
* drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 (git-
fixes).
* drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes).
* drm/amd/pm: share the code around SMU13 pcie parameters update (git-fixes).
* drm/atomic: Allow vblank-enabled + self-refresh "disable" (git-fixes).
* drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes).
* drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-
fixes).
* drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
* drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
* drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
* drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (git-fixes).
* drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes).
* drm/dp_mst: Clear MSG_RDY flag before sending new message (bsc#1213578).
* drm: Fix null pointer dereference in drm_dp_atomic_find_time_slots()
(bsc#1213578).
* drm/i915: Do not preserve dpll_hw_state for slave crtc in Bigjoiner (git-
fixes).
* drm/i915/dpt: Use shmem for dpt objects (git-fixes).
* drm/i915: Fix an error handling path in igt_write_huge() (git-fixes).
* drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks (git-
fixes).
* drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
* drm/msm/disp/dpu: get timing engine status from intf status register (git-
fixes).
* drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
* drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
* drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-
fixes).
* drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes).
* drm/ttm: fix bulk_move corruption when adding a entry (git-fixes).
* drm/ttm: fix warning that we shouldn't mix && and || (git-fixes).
* drm/vmwgfx: Fix Legacy Display Unit atomic drm support (bsc#1213632).
* drm/vmwgfx: Remove explicit and broken vblank handling (bsc#1213632).
* drm/vmwgfx: Remove rcu locks from user resources (bsc#1213632).
* fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes).
* fbdev: imxfb: Removed unneeded release_mem_region (git-fixes).
* fbdev: imxfb: warn about invalid left/right margin (git-fixes).
* file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
* fs: dlm: add midcomms init/start functions (git-fixes).
* fs: dlm: do not set stop rx flag after node reset (git-fixes).
* fs: dlm: filter user dlm messages for kernel locks (git-fixes).
* fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
* fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
* fs: dlm: fix race in lowcomms (git-fixes).
* fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
* fs: dlm: move sending fin message into state change handling (git-fixes).
* fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes).
* fs: dlm: return positive pid value for F_GETLK (git-fixes).
* fs: dlm: start midcomms before scand (git-fixes).
* fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-
fixes).
* FS: JFS: Check for read-only mounted filesystem in txBegin (git-fixes).
* FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes).
* fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes).
* gve: Set default duplex configuration to full (git-fixes).
* gve: unify driver name usage (git-fixes).
* hwmon: (adm1275) Allow setting sample averaging (git-fixes).
* hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-
fixes).
* hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
(git-fixes).
* hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272
(git-fixes).
* i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
(git-fixes).
* i2c: xiic: Do not try to handle more interrupt events after error (git-
fixes).
* iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED (git-fixes).
* iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies
(git-fixes).
* iavf: Fix out-of-bounds when setting channels on remove (git-fixes).
* iavf: fix potential deadlock on allocation failure (git-fixes).
* iavf: fix reset task race with iavf_remove() (git-fixes).
* iavf: Fix use-after-free in free_netdev (git-fixes).
* iavf: Move netdev_update_features() into watchdog task (git-fixes).
* iavf: use internal state to free traffic IRQs (git-fixes).
* iavf: Wait for reset in callbacks which trigger it (git-fixes).
* IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
* ice: Fix max_rate check while configuring TX rate limits (git-fixes).
* ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
* ice: handle extts in the miscellaneous interrupt thread (git-fixes).
* igc: Check if hardware TX timestamping is enabled earlier (git-fixes).
* igc: Enable and fix RX hash usage by netstack (git-fixes).
* igc: Fix inserting of empty frame for launchtime (git-fixes).
* igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes).
* igc: Fix launchtime before start of cycle (git-fixes).
* igc: Fix race condition in PTP tx code (git-fixes).
* igc: Handle PPS start time programming for past time values (git-fixes).
* igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
* igc: Remove delay during TX ring configuration (git-fixes).
* igc: set TP bit in 'supported' and 'advertising' fields of
ethtool_link_ksettings (git-fixes).
* igc: Work around HW bug causing missing timestamps (git-fixes).
* Input: i8042 - add Clevo PCX0DX to i8042 quirk table (git-fixes).
* Input: iqs269a - do not poll during ATI (git-fixes).
* Input: iqs269a - do not poll during suspend or resume (git-fixes).
* jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
* jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
* jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
* jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
* jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-
fixes).
* jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
* jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes).
* kABI fix after Restore kABI for NVidia vGPU driver (bsc#1210825).
* kabi/severities: relax kABI for ath11k local symbols (bsc#1207948)
* kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME
is undefined (git-fixes).
* KVM: arm64: Do not read a HW interrupt pending state in user context (git-
fixes)
* KVM: arm64: Warn if accessing timer pending state outside of vcpu
(bsc#1213620)
* KVM: Do not null dereference ops->destroy (git-fixes)
* KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes)
* KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-
fixes)
* KVM: s390: pv: fix index value of replaced ASCE (git-fixes bsc#1213867).
* KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are unsupported (git-
fixes).
* KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled (CR0.PG==0) (git-
fixes).
* KVM: VMX: restore vmx_vmexit alignment (git-fixes).
* KVM: x86: Account fastpath-only VM-Exits in vCPU stats (git-fixes).
* leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-
fixes).
* libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
* MAINTAINERS: Add AMD P-State driver maintainer entry (bsc#1212445).
* m ALSA: usb-audio: Add quirk for Tascam Model 12 (git-fixes).
* md: add error_handlers for raid0 and linear (bsc#1212766).
* media: staging: atomisp: select V4L2_FWNODE (git-fixes).
* mhi_power_down() kABI workaround (bsc#1207948).
* mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
* mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is
used (git-fixes).
* net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
* net: mana: Batch ringing RX queue doorbell on receiving packets
(bsc#1212901).
* net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901).
* net/mlx5: DR, Support SW created encap actions for FW table (git-fixes).
* net/mlx5e: Check for NOT_READY flag state after locking (git-fixes).
* net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes).
* net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes).
* net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes).
* net/mlx5e: XDP, Allow growing tail for XDP multi buffer (git-fixes).
* net/mlx5e: xsk: Set napi_id to support busy polling on XSK RQ (git-fixes).
* net: phy: marvell10g: fix 88x3310 power up (git-fixes).
* net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
* net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585).
* nfsd: add encoding of op_recall flag for write delegation (git-fixes).
* nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
* nfsd: Fix sparse warning (git-fixes).
* nfsd: Remove open coding of string copy (git-fixes).
* nfsv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git-
fixes).
* nfsv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION (git-
fixes).
* nvme: do not reject probe due to duplicate IDs for single-ported PCIe
devices (git-fixes).
* nvme: fix the NVME_ID_NS_NVM_STS_MASK definition (git-fixes).
* nvme-pci: fix DMA direction of unmapping integrity data (git-fixes).
* nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
* octeontx2-af: Move validation of ptp pointer before its usage (git-fixes).
* octeontx2-pf: Add additional check for MCAM rules (git-fixes).
* octeontx-af: fix hardware timestamp configuration (git-fixes).
* PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes).
* PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes).
* phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-
fixes).
* pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes).
* pinctrl: amd: Do not show `Invalid config param` errors (git-fixes).
* pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes).
* pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes).
* pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes).
* platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-
fixes).
* RDMA/bnxt_re: Fix hang during driver unload (git-fixes)
* RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes)
* RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes)
* RDMA/irdma: Add missing read barriers (git-fixes)
* RDMA/irdma: Fix data race on CQP completion stats (git-fixes)
* RDMA/irdma: Fix data race on CQP request done (git-fixes)
* RDMA/irdma: Fix op_type reporting in CQEs (git-fixes)
* RDMA/irdma: Report correct WC error (git-fixes)
* RDMA/mlx4: Make check for invalid flags stricter (git-fixes)
* RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes)
* regmap: Account for register length in SMBus I/O limits (git-fixes).
* regmap: Drop initial version of maximum transfer length fixes (git-fixes).
* Restore kABI for NVidia vGPU driver (bsc#1210825).
* Revert "ALSA: usb-audio: Drop superfluous interface setup at parsing" (git-
fixes).
* Revert "debugfs, coccinelle: check for obsolete DEFINE_SIMPLE_ATTRIBUTE()
usage" (git-fixes).
* Revert "Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)"
* Revert "iavf: Detach device during reset task" (git-fixes).
* Revert "iavf: Do not restart Tx queues after reset task failure" (git-
fixes).
* Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation return" (git-
fixes).
* Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" (git-
fixes).
* Revert "usb: gadget: tegra-xudc: Fix error check in
tegra_xudc_powerdomain_init()" (git-fixes).
* Revert "usb: xhci: tegra: Fix error check" (git-fixes).
* Revert "xhci: add quirk for host controllers that do not update endpoint
DCS" (git-fixes).
* Revive drm_dp_mst_hpd_irq() function (bsc#1213578).
* rxrpc, afs: Fix selection of abort codes (git-fixes).
* s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
* s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
* s390/dasd: print copy pair message only for the correct error (git-fixes
bsc#1213872).
* s390/decompressor: specify __decompress() buf len to avoid overflow (git-
fixes bsc#1213863).
* s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
* s390/ipl: add missing intersection check to ipl_report handling (git-fixes
bsc#1213871).
* s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
* s390/vmem: fix empty page tables cleanup under KASAN (git-fixes
bsc#1213715).
* scftorture: Count reschedule IPIs (git-fixes).
* scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is
detected (bsc#1213756).
* scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
* scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756).
* scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756).
* scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
(bsc#1213756).
* scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path
(bsc#1213756).
* scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths
(bsc#1213756).
* scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
* scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited
LOGO (bsc#1213756).
* scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace
buffer (bsc#1213756).
* scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756).
* scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756).
* scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology
(bsc#1213756).
* scsi: lpfc: Replace all non-returning strlcpy() with strscpy()
(bsc#1213756).
* scsi: lpfc: Replace one-element array with flexible-array member
(bsc#1213756).
* scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and
lpfc_drop_node (bsc#1213756).
* scsi: lpfc: Set Establish Image Pair service parameter only for Target
Functions (bsc#1213756).
* scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756).
* scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
* scsi: lpfc: Use struct_size() helper (bsc#1213756).
* scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747).
* scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
* scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
* scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
(bsc#1213747).
* scsi: qla2xxx: Correct the index of array (bsc#1213747).
* scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
* scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
* scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
* scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
* scsi: qla2xxx: Fix end of loop test (bsc#1213747).
* scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
* scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747).
* scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
* scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747).
* scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747).
* scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
* scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
* scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
* scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
* scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747).
* scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper
(bsc#1213747).
* scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
* scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
* scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
* scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
* scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
* selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-
fixes).
* serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
* serial: sifive: Fix sifive_serial_console_setup() section (git-fixes).
* series: udpate metadata Refresh
* sfc: fix crash when reading stats while NIC is resetting (git-fixes).
* sfc: fix XDP queues mode with legacy IRQ (git-fixes).
* sfc: use budget for TX completions (git-fixes).
* soundwire: qcom: update status correctly with mask (git-fixes).
* staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-
fixes).
* staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes).
* SUNRPC: always free ctxt when freeing deferred request (git-fixes).
* SUNRPC: double free xprt_ctxt while still in use (git-fixes).
* SUNRPC: Fix trace_svc_register() call site (git-fixes).
* SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes).
* SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes).
* SUNRPC: remove the maximum number of retries in call_bind_status (git-
fixes).
* svcrdma: Prevent page release when nothing was received (git-fixes).
* tpm_tis: Explicitly check for error code (git-fixes).
* tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
* tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
* ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-
fixes).
* ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-
fixes).
* ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
(git-fixes).
* ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes).
* ubifs: Fix build errors as symbol undefined (git-fixes).
* ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-
fixes).
* ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
* ubifs: Fix memory leak in do_rename (git-fixes).
* ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
* ubifs: Fix to add refcount once page is set private (git-fixes).
* ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-
fixes).
* ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
* ubifs: Free memory for tmpfile name (git-fixes).
* ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes).
* ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
(git-fixes).
* ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
* ubifs: Rename whiteout atomically (git-fixes).
* ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
* ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes).
* ubifs: Reserve one leb for each journal head while doing budget (git-fixes).
* ubifs: Re-statistic cleaned znode count if commit failed (git-fixes).
* ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
* ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-
fixes).
* Update config files: enable CONFIG_X86_AMD_PSTATE (bsc#1212445)
* usb: dwc2: platform: Improve error reporting for problems during .remove()
(git-fixes).
* usb: dwc3: do not reset device side if dwc3 was configured as host-only
(git-fixes).
* usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes).
* usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
(git-fixes).
* USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
* usb: typec: Iterate pds array when showing the pd list (git-fixes).
* usb: typec: Set port->pd before adding device for typec_port (git-fixes).
* usb: typec: Use sysfs_emit_at when concatenating the string (git-fixes).
* usb: xhci-mtk: set the dma max_seg_size (git-fixes).
* vhost_net: revert upend_idx only on retriable error (git-fixes).
* vhost: support PACKED when setting-getting vring_base (git-fixes).
* virtio_net: Fix error unwinding of XDP initialization (git-fixes).
* virtio-net: Maintain reverse cleanup order (git-fixes).
* wifi: ath11k: add support for suspend in power down state (bsc#1207948).
* wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948).
* wifi: ath11k: handle thermal device registeration together with MAC
(bsc#1207948).
* wifi: ath11k: remove MHI LOOPBACK channels (bsc#1207948).
* wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes).
* wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
* wl3501_cs: use eth_hw_addr_set() (git-fixes).
* x86/PVH: obtain VGA console info in Dom0 (git-fixes).
* xen/blkfront: Only check REQ_FUA for writes (git-fixes).
* xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-
fixes).
* xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
* xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811).
* xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
* xfs: CIL work is serialised, not pipelined (bsc#1211811).
* xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
* xfs: drop async cache flushes from CIL commits (bsc#1211811).
* xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
* xfs: move the CIL workqueue to the CIL (bsc#1211811).
* xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
* xfs: order CIL checkpoint start records (bsc#1211811).
* xfs: pass a CIL context to xlog_write() (bsc#1211811).
* xfs: rework xlog_state_do_callback() (bsc#1211811).
* xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks
(bsc#1211811).
* xfs: separate out log shutdown callback processing (bsc#1211811).
* xfs: wait iclog complete before tearing down AIL (bsc#1211811).
* xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
* xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
* xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
* xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3311=1 SUSE-2023-3311=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3311=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3311=1
* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3311=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3311=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3311=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3311=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* dlm-kmp-default-5.14.21-150500.55.19.1
* kernel-obs-build-debugsource-5.14.21-150500.55.19.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.19.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.19.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.19.1
* kernel-default-livepatch-devel-5.14.21-150500.55.19.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.19.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.19.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.19.1
* kernel-obs-build-5.14.21-150500.55.19.1
* ocfs2-kmp-default-5.14.21-150500.55.19.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.19.1
* kselftests-kmp-default-5.14.21-150500.55.19.1
* gfs2-kmp-default-5.14.21-150500.55.19.1
* kernel-default-livepatch-5.14.21-150500.55.19.1
* kernel-obs-qa-5.14.21-150500.55.19.1
* kernel-default-devel-5.14.21-150500.55.19.1
* reiserfs-kmp-default-5.14.21-150500.55.19.1
* kernel-syms-5.14.21-150500.55.19.1
* kernel-default-optional-5.14.21-150500.55.19.1
* kernel-default-extra-5.14.21-150500.55.19.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.19.1
* cluster-md-kmp-default-5.14.21-150500.55.19.1
* kernel-default-debuginfo-5.14.21-150500.55.19.1
* kernel-default-debugsource-5.14.21-150500.55.19.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (ppc64le x86_64)
* kernel-debug-debugsource-5.14.21-150500.55.19.1
* kernel-debug-livepatch-devel-5.14.21-150500.55.19.1
* kernel-debug-devel-5.14.21-150500.55.19.1
* kernel-debug-devel-debuginfo-5.14.21-150500.55.19.1
* kernel-debug-debuginfo-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (x86_64)
* kernel-default-vdso-debuginfo-5.14.21-150500.55.19.1
* kernel-default-vdso-5.14.21-150500.55.19.1
* kernel-debug-vdso-debuginfo-5.14.21-150500.55.19.1
* kernel-kvmsmall-vdso-5.14.21-150500.55.19.1
* kernel-debug-vdso-5.14.21-150500.55.19.1
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-debugsource-5.14.21-150500.55.19.1
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.19.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.19.1
* kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.19.1
* kernel-default-base-5.14.21-150500.55.19.1.150500.6.6.4
* kernel-kvmsmall-devel-5.14.21-150500.55.19.1
* kernel-default-base-rebuild-5.14.21-150500.55.19.1.150500.6.6.4
* openSUSE Leap 15.5 (noarch)
* kernel-macros-5.14.21-150500.55.19.1
* kernel-source-5.14.21-150500.55.19.1
* kernel-docs-html-5.14.21-150500.55.19.1
* kernel-source-vanilla-5.14.21-150500.55.19.1
* kernel-devel-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.19.1
* kernel-zfcpdump-debugsource-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (aarch64)
* dtb-broadcom-5.14.21-150500.55.19.1
* dtb-rockchip-5.14.21-150500.55.19.1
* kernel-64kb-devel-5.14.21-150500.55.19.1
* kernel-64kb-optional-5.14.21-150500.55.19.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.19.1
* dtb-apm-5.14.21-150500.55.19.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.19.1
* dtb-cavium-5.14.21-150500.55.19.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.19.1
* dtb-arm-5.14.21-150500.55.19.1
* dtb-exynos-5.14.21-150500.55.19.1
* dtb-allwinner-5.14.21-150500.55.19.1
* kernel-64kb-extra-5.14.21-150500.55.19.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.19.1
* dtb-xilinx-5.14.21-150500.55.19.1
* dtb-mediatek-5.14.21-150500.55.19.1
* dtb-apple-5.14.21-150500.55.19.1
* dtb-hisilicon-5.14.21-150500.55.19.1
* dtb-marvell-5.14.21-150500.55.19.1
* reiserfs-kmp-64kb-5.14.21-150500.55.19.1
* dtb-nvidia-5.14.21-150500.55.19.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.19.1
* dtb-amazon-5.14.21-150500.55.19.1
* dlm-kmp-64kb-5.14.21-150500.55.19.1
* kernel-64kb-debuginfo-5.14.21-150500.55.19.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.19.1
* dtb-sprd-5.14.21-150500.55.19.1
* kernel-64kb-livepatch-devel-5.14.21-150500.55.19.1
* dtb-freescale-5.14.21-150500.55.19.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.19.1
* dtb-amlogic-5.14.21-150500.55.19.1
* dtb-socionext-5.14.21-150500.55.19.1
* dtb-amd-5.14.21-150500.55.19.1
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.19.1
* dtb-lg-5.14.21-150500.55.19.1
* kselftests-kmp-64kb-5.14.21-150500.55.19.1
* dtb-altera-5.14.21-150500.55.19.1
* dtb-qcom-5.14.21-150500.55.19.1
* kernel-64kb-debugsource-5.14.21-150500.55.19.1
* gfs2-kmp-64kb-5.14.21-150500.55.19.1
* ocfs2-kmp-64kb-5.14.21-150500.55.19.1
* dtb-renesas-5.14.21-150500.55.19.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.19.1
* cluster-md-kmp-64kb-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_19-default-1-150500.11.3.4
* kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-1-150500.11.3.4
* kernel-livepatch-SLE15-SP5_Update_3-debugsource-1-150500.11.3.4
* Basesystem Module 15-SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.19.1
* Basesystem Module 15-SP5 (aarch64)
* kernel-64kb-debugsource-5.14.21-150500.55.19.1
* kernel-64kb-devel-5.14.21-150500.55.19.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.19.1
* kernel-64kb-debuginfo-5.14.21-150500.55.19.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.19.1
* Basesystem Module 15-SP5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.19.1.150500.6.6.4
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150500.55.19.1
* kernel-default-debugsource-5.14.21-150500.55.19.1
* kernel-default-debuginfo-5.14.21-150500.55.19.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.19.1
* Basesystem Module 15-SP5 (noarch)
* kernel-devel-5.14.21-150500.55.19.1
* kernel-macros-5.14.21-150500.55.19.1
* Basesystem Module 15-SP5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.19.1
* Basesystem Module 15-SP5 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.19.1
* kernel-zfcpdump-debugsource-5.14.21-150500.55.19.1
* Development Tools Module 15-SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.19.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-5.14.21-150500.55.19.1
* kernel-obs-build-5.14.21-150500.55.19.1
* kernel-syms-5.14.21-150500.55.19.1
* Development Tools Module 15-SP5 (noarch)
* kernel-source-5.14.21-150500.55.19.1
* Legacy Module 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.19.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-5.14.21-150500.55.19.1
* kernel-default-debugsource-5.14.21-150500.55.19.1
* kernel-default-debuginfo-5.14.21-150500.55.19.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.19.1
* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.19.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_19-default-1-150500.11.3.4
* kernel-default-livepatch-devel-5.14.21-150500.55.19.1
* kernel-default-debuginfo-5.14.21-150500.55.19.1
* kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-1-150500.11.3.4
* kernel-default-livepatch-5.14.21-150500.55.19.1
* kernel-livepatch-SLE15-SP5_Update_3-debugsource-1-150500.11.3.4
* kernel-default-debugsource-5.14.21-150500.55.19.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.19.1
* dlm-kmp-default-5.14.21-150500.55.19.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.19.1
* ocfs2-kmp-default-5.14.21-150500.55.19.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.19.1
* kernel-default-debuginfo-5.14.21-150500.55.19.1
* gfs2-kmp-default-5.14.21-150500.55.19.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.19.1
* kernel-default-debugsource-5.14.21-150500.55.19.1
* cluster-md-kmp-default-5.14.21-150500.55.19.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.19.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.19.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* kernel-default-extra-debuginfo-5.14.21-150500.55.19.1
* kernel-default-debugsource-5.14.21-150500.55.19.1
* kernel-default-debuginfo-5.14.21-150500.55.19.1
* kernel-default-extra-5.14.21-150500.55.19.1
## References:
* https://www.suse.com/security/cve/CVE-2022-40982.html
* https://www.suse.com/security/cve/CVE-2023-0459.html
* https://www.suse.com/security/cve/CVE-2023-20569.html
* https://www.suse.com/security/cve/CVE-2023-21400.html
* https://www.suse.com/security/cve/CVE-2023-2156.html
* https://www.suse.com/security/cve/CVE-2023-2166.html
* https://www.suse.com/security/cve/CVE-2023-31083.html
* https://www.suse.com/security/cve/CVE-2023-3268.html
* https://www.suse.com/security/cve/CVE-2023-3567.html
* https://www.suse.com/security/cve/CVE-2023-3609.html
* https://www.suse.com/security/cve/CVE-2023-3611.html
* https://www.suse.com/security/cve/CVE-2023-3776.html
* https://www.suse.com/security/cve/CVE-2023-38409.html
* https://www.suse.com/security/cve/CVE-2023-3863.html
* https://www.suse.com/security/cve/CVE-2023-4004.html
* https://bugzilla.suse.com/show_bug.cgi?id=1206418
* https://bugzilla.suse.com/show_bug.cgi?id=1207129
* https://bugzilla.suse.com/show_bug.cgi?id=1207948
* https://bugzilla.suse.com/show_bug.cgi?id=1210627
* https://bugzilla.suse.com/show_bug.cgi?id=1210780
* https://bugzilla.suse.com/show_bug.cgi?id=1210825
* https://bugzilla.suse.com/show_bug.cgi?id=1211131
* https://bugzilla.suse.com/show_bug.cgi?id=1211738
* https://bugzilla.suse.com/show_bug.cgi?id=1211811
* https://bugzilla.suse.com/show_bug.cgi?id=1212445
* https://bugzilla.suse.com/show_bug.cgi?id=1212502
* https://bugzilla.suse.com/show_bug.cgi?id=1212604
* https://bugzilla.suse.com/show_bug.cgi?id=1212766
* https://bugzilla.suse.com/show_bug.cgi?id=1212901
* https://bugzilla.suse.com/show_bug.cgi?id=1213167
* https://bugzilla.suse.com/show_bug.cgi?id=1213272
* https://bugzilla.suse.com/show_bug.cgi?id=1213287
* https://bugzilla.suse.com/show_bug.cgi?id=1213304
* https://bugzilla.suse.com/show_bug.cgi?id=1213417
* https://bugzilla.suse.com/show_bug.cgi?id=1213578
* https://bugzilla.suse.com/show_bug.cgi?id=1213585
* https://bugzilla.suse.com/show_bug.cgi?id=1213586
* https://bugzilla.suse.com/show_bug.cgi?id=1213588
* https://bugzilla.suse.com/show_bug.cgi?id=1213601
* https://bugzilla.suse.com/show_bug.cgi?id=1213620
* https://bugzilla.suse.com/show_bug.cgi?id=1213632
* https://bugzilla.suse.com/show_bug.cgi?id=1213653
* https://bugzilla.suse.com/show_bug.cgi?id=1213713
* https://bugzilla.suse.com/show_bug.cgi?id=1213715
* https://bugzilla.suse.com/show_bug.cgi?id=1213747
* https://bugzilla.suse.com/show_bug.cgi?id=1213756
* https://bugzilla.suse.com/show_bug.cgi?id=1213759
* https://bugzilla.suse.com/show_bug.cgi?id=1213777
* https://bugzilla.suse.com/show_bug.cgi?id=1213810
* https://bugzilla.suse.com/show_bug.cgi?id=1213812
* https://bugzilla.suse.com/show_bug.cgi?id=1213856
* https://bugzilla.suse.com/show_bug.cgi?id=1213857
* https://bugzilla.suse.com/show_bug.cgi?id=1213863
* https://bugzilla.suse.com/show_bug.cgi?id=1213867
* https://bugzilla.suse.com/show_bug.cgi?id=1213870
* https://bugzilla.suse.com/show_bug.cgi?id=1213871
* https://bugzilla.suse.com/show_bug.cgi?id=1213872
1
0
SUSE-SU-2023:3313-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 14 Aug '23
by security@lists.opensuse.org 14 Aug '23
14 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3313-1
Rating: important
References:
* #1206418
* #1207129
* #1210627
* #1210780
* #1211131
* #1211738
* #1212502
* #1212604
* #1212901
* #1213167
* #1213272
* #1213287
* #1213304
* #1213585
* #1213586
* #1213588
* #1213620
* #1213653
* #1213713
* #1213715
* #1213747
* #1213756
* #1213759
* #1213777
* #1213810
* #1213812
* #1213842
* #1213856
* #1213857
* #1213863
* #1213867
* #1213870
* #1213871
Cross-References:
* CVE-2022-40982
* CVE-2023-0459
* CVE-2023-20569
* CVE-2023-21400
* CVE-2023-2156
* CVE-2023-2166
* CVE-2023-31083
* CVE-2023-3268
* CVE-2023-3567
* CVE-2023-3609
* CVE-2023-3611
* CVE-2023-3776
* CVE-2023-4004
CVSS scores:
* CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP4
* Development Tools Module 15-SP4
* Legacy Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Workstation Extension 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 13 vulnerabilities and has 20 fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2022-40982: Fixed transient execution attack called "Gather Data
Sampling" (bsc#1206418).
* CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
(bsc#1211738).
* CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’
(bsc#1213287).
* CVE-2023-21400: Fixed several memory corruptions due to improper locking in
io_uring (bsc#1213272).
* CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
of the RPL protocol (bsc#1211131).
* CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter
(bsc#1210627).
* CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
* CVE-2023-3268: Fixed an out of bounds memory access flaw in
relay_file_read_start_pos in the relayfs (bsc#1212502).
* CVE-2023-3567: Fixed a use-after-free in vcs_read in
drivers/tty/vt/vc_screen.c (bsc#1213167).
* CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
(bsc#1213586).
* CVE-2023-3611: Fixed an out-of-bounds write in net/sched
sch_qfq(bsc#1213585).
* CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
free (bsc#1213588).
* CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo
(bsc#1213812).
The following non-security bugs were fixed:
* afs: Fix access after dec in put functions (git-fixes).
* afs: Fix afs_getattr() to refetch file status if callback break occurred
(git-fixes).
* afs: Fix dynamic root getattr (git-fixes).
* afs: Fix fileserver probe RTT handling (git-fixes).
* afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
* afs: Fix lost servers_outstanding count (git-fixes).
* afs: Fix server->active leak in afs_put_server (git-fixes).
* afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes).
* afs: Fix updating of i_size with dv jump from server (git-fixes).
* afs: Fix vlserver probe RTT handling (git-fixes).
* afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes).
* afs: Use refcount_t rather than atomic_t (git-fixes).
* afs: Use the operation issue time instead of the reply time for callbacks
(git-fixes).
* afs: adjust ack interpretation to try and cope with nat (git-fixes).
* alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
* alsa: hda/realtek: support asus g713pv laptop (git-fixes).
* alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
* alsa: usb-audio: add quirk for microsoft modern wireless headset
(bsc#1207129).
* alsa: usb-audio: update for native dsd support quirks (git-fixes).
* asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
* asoc: codecs: es8316: fix dmic config (git-fixes).
* asoc: da7219: check for failure reading aad irq events (git-fixes).
* asoc: da7219: flush pending aad irq when suspending (git-fixes).
* asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
* asoc: fsl_spdif: silence output on stop (git-fixes).
* asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
* ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
* block, bfq: Fix division by zero error on zero wsum (bsc#1213653).
* block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-
fixes).
* can: gs_usb: gs_can_close(): add missing set of CAN state to
CAN_STATE_STOPPED (git-fixes).
* ceph: do not let check_caps skip sending responses for revoke msgs
(bsc#1213856).
* coda: Avoid partial allocation of sig_inputArgs (git-fixes).
* dlm: fix missing lkb refcount handling (git-fixes).
* dlm: fix plock invalid read (git-fixes).
* documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-
fixes).
* drm/amd/display: Disable MPC split by default on special asic (git-fixes).
* drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes).
* drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes).
* drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
* drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
* drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-
fixes).
* drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes).
* file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
* fs: dlm: add midcomms init/start functions (git-fixes).
* fs: dlm: do not set stop rx flag after node reset (git-fixes).
* fs: dlm: filter user dlm messages for kernel locks (git-fixes).
* fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
* fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
* fs: dlm: fix race in lowcomms (git-fixes).
* fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
* fs: dlm: move sending fin message into state change handling (git-fixes).
* fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes).
* fs: dlm: return positive pid value for F_GETLK (git-fixes).
* fs: dlm: start midcomms before scand (git-fixes).
* fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-
fixes).
* fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes).
* fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
* fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
* gve: Set default duplex configuration to full (git-fixes).
* gve: unify driver name usage (git-fixes).
* hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-
fixes).
* hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
(git-fixes).
* iavf: Fix out-of-bounds when setting channels on remove (git-fixes).
* iavf: Fix use-after-free in free_netdev (git-fixes).
* iavf: use internal state to free traffic IRQs (git-fixes).
* igc: Check if hardware TX timestamping is enabled earlier (git-fixes).
* igc: Enable and fix RX hash usage by netstack (git-fixes).
* igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes).
* igc: Fix inserting of empty frame for launchtime (git-fixes).
* igc: Fix launchtime before start of cycle (git-fixes).
* igc: Fix race condition in PTP tx code (git-fixes).
* igc: Handle PPS start time programming for past time values (git-fixes).
* igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
* igc: Remove delay during TX ring configuration (git-fixes).
* igc: Work around HW bug causing missing timestamps (git-fixes).
* igc: set TP bit in 'supported' and 'advertising' fields of
ethtool_link_ksettings (git-fixes).
* input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
* input: iqs269a - do not poll during ati (git-fixes).
* input: iqs269a - do not poll during suspend or resume (git-fixes).
* jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-
fixes).
* jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
* jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
* jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
* jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
* jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
* jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes).
* kvm: arm64: do not read a hw interrupt pending state in user context (git-
fixes)
* kvm: arm64: warn if accessing timer pending state outside of vcpu
(bsc#1213620)
* kvm: do not null dereference ops->destroy (git-fixes)
* kvm: downgrade two bug_ons to warn_on_once (git-fixes)
* kvm: initialize debugfs_dentry when a vm is created to avoid null (git-
fixes)
* kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
* kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-
fixes).
* kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-
fixes).
* kvm: vmx: restore vmx_vmexit alignment (git-fixes).
* kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
* libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
* media: staging: atomisp: select V4L2_FWNODE (git-fixes).
* net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
* net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585).
* net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
* net: mana: Batch ringing RX queue doorbell on receiving packets
(bsc#1212901).
* net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901).
* net: phy: marvell10g: fix 88x3310 power up (git-fixes).
* nfsd: add encoding of op_recall flag for write delegation (git-fixes).
* nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
* nfsd: fix sparse warning (git-fixes).
* nfsd: remove open coding of string copy (git-fixes).
* nfsv4.1: always send a reclaim_complete after establishing lease (git-
fixes).
* nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-
fixes).
* nvme-pci: fix DMA direction of unmapping integrity data (git-fixes).
* nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
* octeontx-af: fix hardware timestamp configuration (git-fixes).
* octeontx2-af: Move validation of ptp pointer before its usage (git-fixes).
* octeontx2-pf: Add additional check for MCAM rules (git-fixes).
* phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-
fixes).
* pinctrl: amd: Do not show `Invalid config param` errors (git-fixes).
* pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes).
* platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-
fixes).
* rdma/bnxt_re: fix hang during driver unload (git-fixes)
* rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
* rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
* rdma/irdma: add missing read barriers (git-fixes)
* rdma/irdma: fix data race on cqp completion stats (git-fixes)
* rdma/irdma: fix data race on cqp request done (git-fixes)
* rdma/irdma: fix op_type reporting in cqes (git-fixes)
* rdma/irdma: report correct wc error (git-fixes)
* rdma/mlx4: make check for invalid flags stricter (git-fixes)
* rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
* regmap: Account for register length in SMBus I/O limits (git-fixes).
* regmap: Drop initial version of maximum transfer length fixes (git-fixes).
* revert "debugfs, coccinelle: check for obsolete define_simple_attribute()
usage" (git-fixes).
* revert "nfsv4: retry lock on old_stateid during delegation return" (git-
fixes).
* revert "usb: dwc3: core: enable autoretry feature in the controller" (git-
fixes).
* revert "usb: gadget: tegra-xudc: fix error check in
tegra_xudc_powerdomain_init()" (git-fixes).
* revert "usb: xhci: tegra: fix error check" (git-fixes).
* revert "xhci: add quirk for host controllers that do not update endpoint
dcs" (git-fixes).
* rxrpc, afs: Fix selection of abort codes (git-fixes).
* s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
* s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
* s390/decompressor: specify __decompress() buf len to avoid overflow (git-
fixes bsc#1213863).
* s390/ipl: add missing intersection check to ipl_report handling (git-fixes
bsc#1213871).
* s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
* s390/vmem: fix empty page tables cleanup under KASAN (git-fixes
bsc#1213715).
* s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
* scftorture: Count reschedule IPIs (git-fixes).
* scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is
detected (bsc#1213756).
* scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
* scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756).
* scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756).
* scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
(bsc#1213756).
* scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path
(bsc#1213756).
* scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths
(bsc#1213756).
* scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
* scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited
LOGO (bsc#1213756).
* scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace
buffer (bsc#1213756).
* scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756).
* scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756).
* scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology
(bsc#1213756).
* scsi: lpfc: Replace all non-returning strlcpy() with strscpy()
(bsc#1213756).
* scsi: lpfc: Replace one-element array with flexible-array member
(bsc#1213756).
* scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and
lpfc_drop_node (bsc#1213756).
* scsi: lpfc: Set Establish Image Pair service parameter only for Target
Functions (bsc#1213756).
* scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756).
* scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
* scsi: lpfc: Use struct_size() helper (bsc#1213756).
* scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747).
* scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
* scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
* scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
(bsc#1213747).
* scsi: qla2xxx: Correct the index of array (bsc#1213747).
* scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
* scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747).
* scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
* scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
* scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
* scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
* scsi: qla2xxx: Fix end of loop test (bsc#1213747).
* scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
* scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747).
* scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747).
* scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
* scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
* scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
* scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747).
* scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper
(bsc#1213747).
* scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
* scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
* scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
* scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
* scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
* scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
* serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
* serial: sifive: Fix sifive_serial_console_setup() section (git-fixes).
* soundwire: qcom: update status correctly with mask (git-fixes).
* staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-
fixes).
* staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes).
* sunrpc: always free ctxt when freeing deferred request (git-fixes).
* sunrpc: double free xprt_ctxt while still in use (git-fixes).
* sunrpc: fix trace_svc_register() call site (git-fixes).
* sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
* sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
* sunrpc: remove the maximum number of retries in call_bind_status (git-
fixes).
* svcrdma: Prevent page release when nothing was received (git-fixes).
* tpm_tis: Explicitly check for error code (git-fixes).
* tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
* ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-
fixes).
* ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
(git-fixes).
* ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-
fixes).
* ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes).
* ubifs: Fix build errors as symbol undefined (git-fixes).
* ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-
fixes).
* ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
* ubifs: Fix memory leak in do_rename (git-fixes).
* ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
* ubifs: Fix to add refcount once page is set private (git-fixes).
* ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
* ubifs: Free memory for tmpfile name (git-fixes).
* ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes).
* ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
(git-fixes).
* ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
* ubifs: Rename whiteout atomically (git-fixes).
* ubifs: Reserve one leb for each journal head while doing budget (git-fixes).
* ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-
fixes).
* ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes).
* ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
* ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
* ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-
fixes).
* usb: dwc3: do not reset device side if dwc3 was configured as host-only
(git-fixes).
* usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes).
* usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
(git-fixes).
* usb: xhci-mtk: set the dma max_seg_size (git-fixes).
* vhost: support PACKED when setting-getting vring_base (git-fixes).
* vhost_net: revert upend_idx only on retriable error (git-fixes).
* virtio-net: Maintain reverse cleanup order (git-fixes).
* virtio_net: Fix error unwinding of XDP initialization (git-fixes).
* x86/PVH: obtain VGA console info in Dom0 (git-fixes).
* xen/blkfront: Only check REQ_FUA for writes (git-fixes).
* xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-
fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3313=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3313=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3313=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3313=1
* Legacy Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3313=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3313=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3313=1
* SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3313=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-3313=1 openSUSE-SLE-15.4-2023-3313=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3313=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3313=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3313=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3313=1
## Package List:
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (aarch64)
* kernel-64kb-devel-5.14.21-150400.24.81.1
* kernel-64kb-debuginfo-5.14.21-150400.24.81.1
* kernel-64kb-debugsource-5.14.21-150400.24.81.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150400.24.81.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (noarch)
* kernel-devel-5.14.21-150400.24.81.1
* kernel-macros-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.81.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.81.1
* Development Tools Module 15-SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.81.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-5.14.21-150400.24.81.1
* kernel-syms-5.14.21-150400.24.81.1
* kernel-obs-build-5.14.21-150400.24.81.1
* Development Tools Module 15-SP4 (noarch)
* kernel-source-5.14.21-150400.24.81.1
* Legacy Module 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.81.1
* Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.81.1
* reiserfs-kmp-default-5.14.21-150400.24.81.1
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-livepatch-SLE15-SP4_Update_16-debugsource-1-150400.9.3.3
* kernel-livepatch-5_14_21-150400_24_81-default-1-150400.9.3.3
* kernel-default-livepatch-5.14.21-150400.24.81.1
* kernel-default-livepatch-devel-5.14.21-150400.24.81.1
* kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-1-150400.9.3.3
* kernel-default-debugsource-5.14.21-150400.24.81.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-5.14.21-150400.24.81.1
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* cluster-md-kmp-default-5.14.21-150400.24.81.1
* gfs2-kmp-default-5.14.21-150400.24.81.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.81.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.81.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.81.1
* dlm-kmp-default-5.14.21-150400.24.81.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
* kernel-default-extra-debuginfo-5.14.21-150400.24.81.1
* kernel-default-extra-5.14.21-150400.24.81.1
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-1-150400.9.3.3
* kernel-livepatch-5_14_21-150400_24_81-default-1-150400.9.3.3
* kernel-livepatch-SLE15-SP4_Update_16-debugsource-1-150400.9.3.3
* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (noarch)
* kernel-source-vanilla-5.14.21-150400.24.81.1
* kernel-source-5.14.21-150400.24.81.1
* kernel-devel-5.14.21-150400.24.81.1
* kernel-docs-html-5.14.21-150400.24.81.1
* kernel-macros-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-debuginfo-5.14.21-150400.24.81.1
* kernel-debug-livepatch-devel-5.14.21-150400.24.81.1
* kernel-debug-devel-5.14.21-150400.24.81.1
* kernel-debug-devel-debuginfo-5.14.21-150400.24.81.1
* kernel-debug-debugsource-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-default-base-rebuild-5.14.21-150400.24.81.1.150400.24.35.3
* kernel-kvmsmall-debugsource-5.14.21-150400.24.81.1
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* kernel-kvmsmall-devel-5.14.21-150400.24.81.1
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.81.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.81.1
* kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* cluster-md-kmp-default-5.14.21-150400.24.81.1
* kernel-default-optional-debuginfo-5.14.21-150400.24.81.1
* kernel-obs-build-5.14.21-150400.24.81.1
* kernel-default-livepatch-5.14.21-150400.24.81.1
* kernel-default-extra-5.14.21-150400.24.81.1
* kernel-default-optional-5.14.21-150400.24.81.1
* kernel-obs-qa-5.14.21-150400.24.81.1
* kernel-default-devel-5.14.21-150400.24.81.1
* kernel-obs-build-debugsource-5.14.21-150400.24.81.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.81.1
* gfs2-kmp-default-5.14.21-150400.24.81.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.81.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.81.1
* kselftests-kmp-default-5.14.21-150400.24.81.1
* dlm-kmp-default-5.14.21-150400.24.81.1
* kernel-syms-5.14.21-150400.24.81.1
* ocfs2-kmp-default-5.14.21-150400.24.81.1
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.81.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* kernel-default-livepatch-devel-5.14.21-150400.24.81.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.81.1
* reiserfs-kmp-default-5.14.21-150400.24.81.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.81.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (aarch64)
* dtb-marvell-5.14.21-150400.24.81.1
* dtb-apple-5.14.21-150400.24.81.1
* dtb-renesas-5.14.21-150400.24.81.1
* dtb-qcom-5.14.21-150400.24.81.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.81.1
* kernel-64kb-devel-5.14.21-150400.24.81.1
* kernel-64kb-debugsource-5.14.21-150400.24.81.1
* dtb-altera-5.14.21-150400.24.81.1
* dtb-freescale-5.14.21-150400.24.81.1
* dtb-cavium-5.14.21-150400.24.81.1
* kernel-64kb-optional-5.14.21-150400.24.81.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.81.1
* kernel-64kb-livepatch-devel-5.14.21-150400.24.81.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.81.1
* gfs2-kmp-64kb-5.14.21-150400.24.81.1
* dtb-amd-5.14.21-150400.24.81.1
* dtb-amlogic-5.14.21-150400.24.81.1
* dtb-exynos-5.14.21-150400.24.81.1
* dtb-broadcom-5.14.21-150400.24.81.1
* ocfs2-kmp-64kb-5.14.21-150400.24.81.1
* cluster-md-kmp-64kb-5.14.21-150400.24.81.1
* dtb-allwinner-5.14.21-150400.24.81.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.81.1
* dtb-rockchip-5.14.21-150400.24.81.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.81.1
* dtb-amazon-5.14.21-150400.24.81.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.81.1
* kselftests-kmp-64kb-5.14.21-150400.24.81.1
* kernel-64kb-extra-5.14.21-150400.24.81.1
* dtb-nvidia-5.14.21-150400.24.81.1
* kernel-64kb-debuginfo-5.14.21-150400.24.81.1
* dtb-lg-5.14.21-150400.24.81.1
* dtb-arm-5.14.21-150400.24.81.1
* dtb-sprd-5.14.21-150400.24.81.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.81.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.81.1
* dtb-apm-5.14.21-150400.24.81.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.81.1
* dtb-xilinx-5.14.21-150400.24.81.1
* dlm-kmp-64kb-5.14.21-150400.24.81.1
* reiserfs-kmp-64kb-5.14.21-150400.24.81.1
* dtb-mediatek-5.14.21-150400.24.81.1
* dtb-socionext-5.14.21-150400.24.81.1
* dtb-hisilicon-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.81.1
* openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
* kernel-default-5.14.21-150400.24.81.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.81.1
* openSUSE Leap Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
## References:
* https://www.suse.com/security/cve/CVE-2022-40982.html
* https://www.suse.com/security/cve/CVE-2023-0459.html
* https://www.suse.com/security/cve/CVE-2023-20569.html
* https://www.suse.com/security/cve/CVE-2023-21400.html
* https://www.suse.com/security/cve/CVE-2023-2156.html
* https://www.suse.com/security/cve/CVE-2023-2166.html
* https://www.suse.com/security/cve/CVE-2023-31083.html
* https://www.suse.com/security/cve/CVE-2023-3268.html
* https://www.suse.com/security/cve/CVE-2023-3567.html
* https://www.suse.com/security/cve/CVE-2023-3609.html
* https://www.suse.com/security/cve/CVE-2023-3611.html
* https://www.suse.com/security/cve/CVE-2023-3776.html
* https://www.suse.com/security/cve/CVE-2023-4004.html
* https://bugzilla.suse.com/show_bug.cgi?id=1206418
* https://bugzilla.suse.com/show_bug.cgi?id=1207129
* https://bugzilla.suse.com/show_bug.cgi?id=1210627
* https://bugzilla.suse.com/show_bug.cgi?id=1210780
* https://bugzilla.suse.com/show_bug.cgi?id=1211131
* https://bugzilla.suse.com/show_bug.cgi?id=1211738
* https://bugzilla.suse.com/show_bug.cgi?id=1212502
* https://bugzilla.suse.com/show_bug.cgi?id=1212604
* https://bugzilla.suse.com/show_bug.cgi?id=1212901
* https://bugzilla.suse.com/show_bug.cgi?id=1213167
* https://bugzilla.suse.com/show_bug.cgi?id=1213272
* https://bugzilla.suse.com/show_bug.cgi?id=1213287
* https://bugzilla.suse.com/show_bug.cgi?id=1213304
* https://bugzilla.suse.com/show_bug.cgi?id=1213585
* https://bugzilla.suse.com/show_bug.cgi?id=1213586
* https://bugzilla.suse.com/show_bug.cgi?id=1213588
* https://bugzilla.suse.com/show_bug.cgi?id=1213620
* https://bugzilla.suse.com/show_bug.cgi?id=1213653
* https://bugzilla.suse.com/show_bug.cgi?id=1213713
* https://bugzilla.suse.com/show_bug.cgi?id=1213715
* https://bugzilla.suse.com/show_bug.cgi?id=1213747
* https://bugzilla.suse.com/show_bug.cgi?id=1213756
* https://bugzilla.suse.com/show_bug.cgi?id=1213759
* https://bugzilla.suse.com/show_bug.cgi?id=1213777
* https://bugzilla.suse.com/show_bug.cgi?id=1213810
* https://bugzilla.suse.com/show_bug.cgi?id=1213812
* https://bugzilla.suse.com/show_bug.cgi?id=1213842
* https://bugzilla.suse.com/show_bug.cgi?id=1213856
* https://bugzilla.suse.com/show_bug.cgi?id=1213857
* https://bugzilla.suse.com/show_bug.cgi?id=1213863
* https://bugzilla.suse.com/show_bug.cgi?id=1213867
* https://bugzilla.suse.com/show_bug.cgi?id=1213870
* https://bugzilla.suse.com/show_bug.cgi?id=1213871
1
0
SUSE-SU-2023:3305-1: important: Security update for java-1_8_0-openj9
by security@lists.opensuse.org 14 Aug '23
by security@lists.opensuse.org 14 Aug '23
14 Aug '23
# Security update for java-1_8_0-openj9
Announcement ID: SUSE-SU-2023:3305-1
Rating: important
References:
* #1210628
* #1210631
* #1210632
* #1210634
* #1210635
* #1210636
* #1210637
* #1211615
Cross-References:
* CVE-2023-21930
* CVE-2023-21937
* CVE-2023-21938
* CVE-2023-21939
* CVE-2023-21954
* CVE-2023-21967
* CVE-2023-21968
* CVE-2023-2597
CVSS scores:
* CVE-2023-21930 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-21930 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-21937 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21937 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21938 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21938 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21939 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21939 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21954 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-21954 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-21967 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-21967 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-21968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21968 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-2597 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2597 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Package Hub 15 15-SP5
An update that solves eight vulnerabilities can now be installed.
## Description:
This update for java-1_8_0-openj9 fixes the following issues:
Update to OpenJDK 8u372 build 07 with OpenJ9 0.38.0 virtual machine.
CVE-2023-21930: Unauthenticated attacker with network access via TLS to
compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1210628).
CVE-2023-21937: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Networking).
(bsc#1210631). CVE-2023-21938: Fixed vulnerability in the Oracle Java SE, Oracle
GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
(bsc#1210632). CVE-2023-21939: Fixed vulnerability in the Oracle Java SE, Oracle
GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).
(bsc#1210634). CVE-2023-21954: Fixed vulnerability in the Oracle Java SE, Oracle
GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
(bsc#1210635). CVE-2023-21967: Fixed vulnerability in the Oracle Java SE, Oracle
GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).
(bsc#1210636). CVE-2023-21968: Fixed ulnerability in the Oracle Java SE, Oracle
GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)
(bsc#1210637). CVE-2023-2597: Fixed buffer overflow in shared cache
implementation (bsc#1211615).
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3305=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3305=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3305=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-devel-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-debugsource-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-demo-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-headless-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2
* openSUSE Leap 15.4 (noarch)
* java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-devel-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-debugsource-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-demo-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-headless-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2
* openSUSE Leap 15.5 (noarch)
* java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2
* SUSE Package Hub 15 15-SP5 (ppc64le s390x)
* java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-devel-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-debugsource-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-demo-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-headless-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2
## References:
* https://www.suse.com/security/cve/CVE-2023-21930.html
* https://www.suse.com/security/cve/CVE-2023-21937.html
* https://www.suse.com/security/cve/CVE-2023-21938.html
* https://www.suse.com/security/cve/CVE-2023-21939.html
* https://www.suse.com/security/cve/CVE-2023-21954.html
* https://www.suse.com/security/cve/CVE-2023-21967.html
* https://www.suse.com/security/cve/CVE-2023-21968.html
* https://www.suse.com/security/cve/CVE-2023-2597.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210628
* https://bugzilla.suse.com/show_bug.cgi?id=1210631
* https://bugzilla.suse.com/show_bug.cgi?id=1210632
* https://bugzilla.suse.com/show_bug.cgi?id=1210634
* https://bugzilla.suse.com/show_bug.cgi?id=1210635
* https://bugzilla.suse.com/show_bug.cgi?id=1210636
* https://bugzilla.suse.com/show_bug.cgi?id=1210637
* https://bugzilla.suse.com/show_bug.cgi?id=1211615
1
0
SUSE-SU-2023:3301-1: moderate: Security update for libyajl
by security@lists.opensuse.org 14 Aug '23
by security@lists.opensuse.org 14 Aug '23
14 Aug '23
# Security update for libyajl
Announcement ID: SUSE-SU-2023:3301-1
Rating: moderate
References:
* #1212928
Cross-References:
* CVE-2023-33460
CVSS scores:
* CVE-2023-33460 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-33460 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for libyajl fixes the following issues:
* CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server
(bsc#1212928).
## Patch Instructions:
To install this SUSE Moderate update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3301=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3301=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3301=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3301=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3301=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3301=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3301=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3301=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3301=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3301=1
* SUSE Linux Enterprise Real Time 15 SP3
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3301=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3301=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-3301=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3301=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3301=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3301=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3301=1
## Package List:
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* yajl-debuginfo-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* yajl-2.1.0-150000.4.6.1
* libyajl-devel-static-2.1.0-150000.4.6.1
* libyajl-devel-2.1.0-150000.4.6.1
* libyajl2-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* openSUSE Leap 15.4 (x86_64)
* libyajl-devel-32bit-2.1.0-150000.4.6.1
* libyajl2-32bit-2.1.0-150000.4.6.1
* libyajl2-32bit-debuginfo-2.1.0-150000.4.6.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* yajl-debuginfo-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* yajl-2.1.0-150000.4.6.1
* libyajl-devel-static-2.1.0-150000.4.6.1
* libyajl-devel-2.1.0-150000.4.6.1
* libyajl2-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* openSUSE Leap 15.5 (x86_64)
* libyajl-devel-32bit-2.1.0-150000.4.6.1
* libyajl2-32bit-2.1.0-150000.4.6.1
* libyajl2-32bit-debuginfo-2.1.0-150000.4.6.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl-devel-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl-devel-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* SUSE Linux Enterprise Real Time 15 SP3 (x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl-devel-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* SUSE Manager Proxy 4.2 (x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl-devel-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl-devel-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl-devel-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libyajl2-2.1.0-150000.4.6.1
* libyajl-debugsource-2.1.0-150000.4.6.1
* libyajl2-debuginfo-2.1.0-150000.4.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-33460.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212928
1
0
SUSE-SU-2023:3302-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 14 Aug '23
by security@lists.opensuse.org 14 Aug '23
14 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3302-1
Rating: important
References:
* #1150305
* #1187829
* #1193629
* #1194869
* #1206418
* #1207129
* #1207894
* #1207948
* #1208788
* #1210335
* #1210565
* #1210584
* #1210627
* #1210780
* #1210825
* #1210853
* #1211014
* #1211131
* #1211243
* #1211738
* #1211811
* #1211867
* #1212051
* #1212256
* #1212265
* #1212301
* #1212445
* #1212456
* #1212502
* #1212525
* #1212603
* #1212604
* #1212685
* #1212766
* #1212835
* #1212838
* #1212842
* #1212846
* #1212848
* #1212861
* #1212869
* #1212892
* #1212901
* #1212905
* #1212961
* #1213010
* #1213011
* #1213012
* #1213013
* #1213014
* #1213015
* #1213016
* #1213017
* #1213018
* #1213019
* #1213020
* #1213021
* #1213024
* #1213025
* #1213032
* #1213034
* #1213035
* #1213036
* #1213037
* #1213038
* #1213039
* #1213040
* #1213041
* #1213059
* #1213061
* #1213087
* #1213088
* #1213089
* #1213090
* #1213092
* #1213093
* #1213094
* #1213095
* #1213096
* #1213098
* #1213099
* #1213100
* #1213102
* #1213103
* #1213104
* #1213105
* #1213106
* #1213107
* #1213108
* #1213109
* #1213110
* #1213111
* #1213112
* #1213113
* #1213114
* #1213116
* #1213134
* #1213167
* #1213205
* #1213206
* #1213226
* #1213233
* #1213245
* #1213247
* #1213252
* #1213258
* #1213259
* #1213263
* #1213264
* #1213272
* #1213286
* #1213287
* #1213304
* #1213417
* #1213493
* #1213523
* #1213524
* #1213533
* #1213543
* #1213578
* #1213585
* #1213586
* #1213588
* #1213601
* #1213620
* #1213632
* #1213653
* #1213705
* #1213713
* #1213715
* #1213747
* #1213756
* #1213759
* #1213777
* #1213810
* #1213812
* #1213856
* #1213857
* #1213863
* #1213867
* #1213870
* #1213871
* #1213872
Cross-References:
* CVE-2022-40982
* CVE-2023-0459
* CVE-2023-1829
* CVE-2023-20569
* CVE-2023-20593
* CVE-2023-21400
* CVE-2023-2156
* CVE-2023-2166
* CVE-2023-2430
* CVE-2023-2985
* CVE-2023-3090
* CVE-2023-31083
* CVE-2023-3111
* CVE-2023-3117
* CVE-2023-31248
* CVE-2023-3212
* CVE-2023-3268
* CVE-2023-3389
* CVE-2023-3390
* CVE-2023-35001
* CVE-2023-3567
* CVE-2023-3609
* CVE-2023-3611
* CVE-2023-3776
* CVE-2023-3812
* CVE-2023-38409
* CVE-2023-3863
* CVE-2023-4004
CVSS scores:
* CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2430 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-2430 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3212 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3212 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-3389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-3389 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-38409 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-38409 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Real Time Module 15-SP5
An update that solves 28 vulnerabilities, contains two features and has 115
fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2022-40982: Fixed transient execution attack called "Gather Data
Sampling" (bsc#1206418).
* CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
(bsc#1211738).
* CVE-2023-1829: Fixed a use-after-free vulnerability in the control index
filter (tcindex) (bsc#1210335).
* CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’
(bsc#1213287).
* CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an
attacker to potentially access sensitive information (bsc#1213286).
* CVE-2023-21400: Fixed several memory corruptions due to improper locking in
io_uring (bsc#1213272).
* CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
of the RPL protocol (bsc#1211131).
* CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter
(bsc#1210627).
* CVE-2023-2430: Fixed amissing lock for IOPOLL in io_cqring_event_overflow()
in io_uring.c that could allow a privileged user to cause a denial of
service (bsc#1211014).
* CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in
fs/hfsplus/super.c that could allow a local user to cause a denial of
service (bsc#1211867).
* CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver
(bsc#1212842).
* CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
* CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate
in fs/btrfs/relocation.c (bsc#1212051).
* CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter
subsystem when processing named and anonymous sets in batch requests that
could allow a local user with CAP_NET_ADMIN capability to crash or
potentially escalate their privileges on the system (bsc#1213245).
* CVE-2023-31248: Fixed an use-after-free vulnerability in
nft_chain_lookup_byid that could allow a local attacker to escalate their
privilege (bsc#1213061).
* CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system
(bsc#1212265).
* CVE-2023-3268: Fixed an out of bounds memory access flaw in
relay_file_read_start_pos in the relayfs (bsc#1212502).
* CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring
subsystem (bsc#1212838).
* CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter
subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker
with user access to cause a privilege escalation issue (bsc#1212846).
* CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
that could allow a local attacker to escalate their privilege (bsc#1213059).
* CVE-2023-3567: Fixed a use-after-free in vcs_read in
drivers/tty/vt/vc_screen.c (bsc#1213167).
* CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
(bsc#1213586).
* CVE-2023-3611: Fixed an out-of-bounds write in net/sched
sch_qfq(bsc#1213585).
* CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
free (bsc#1213588).
* CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP
device driver functionality that could allow a local user to crash or
potentially escalate their privileges on the system (bsc#1213543).
* CVE-2023-38409: Fixed a use-after-free in drivers/video/fbdev/core/fbcon.c
(bsc#1213417).
* CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in
net/nfc/llcp_core.c in NFC (bsc#1213601).
* CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo
(bsc#1213812).
The following non-security bugs were fixed:
* acpi/iort: remove erroneous id_count check in iort_node_get_rmr_info() (git-
fixes).
* acpi: cppc: add acpi disabled check to acpi_cpc_valid() (bsc#1212445).
* acpi: cppc: add definition for undefined fadt preferred pm profile value
(bsc#1212445).
* acpi: fix suspend with xen pv (git-fixes).
* acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
* add module_firmware() for firmware_tg357766 (git-fixes).
* adreno: shutdown the gpu properly (git-fixes).
* afs: adjust ack interpretation to try and cope with nat (git-fixes).
* afs: fix access after dec in put functions (git-fixes).
* afs: fix afs_getattr() to refetch file status if callback break occurred
(git-fixes).
* afs: fix dynamic root getattr (git-fixes).
* afs: fix fileserver probe rtt handling (git-fixes).
* afs: fix infinite loop found by xfstest generic/676 (git-fixes).
* afs: fix lost servers_outstanding count (git-fixes).
* afs: fix server->active leak in afs_put_server (git-fixes).
* afs: fix setting of mtime when creating a file/dir/symlink (git-fixes).
* afs: fix updating of i_size with dv jump from server (git-fixes).
* afs: fix vlserver probe rtt handling (git-fixes).
* afs: return -eagain, not -eremoteio, when a file already locked (git-fixes).
* afs: use refcount_t rather than atomic_t (git-fixes).
* afs: use the operation issue time instead of the reply time for callbacks
(git-fixes).
* alsa: ac97: fix possible null dereference in snd_ac97_mixer (git-fixes).
* alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
* alsa: fireface: make read-only const array for model names static (git-
fixes).
* alsa: hda/realtek - remove 3k pull low procedure (git-fixes).
* alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes).
* alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes).
* alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes).
* alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes).
* alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes).
* alsa: hda/realtek: add quirk for clevo ns70au (git-fixes).
* alsa: hda/realtek: add quirks for rog ally cs35l41 audio (git-fixes).
* alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes).
* alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes).
* alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes).
* alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes).
* alsa: hda/realtek: enable mute/micmute leds and limit mic boost on elitebook
(git-fixes).
* alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes).
* alsa: hda/realtek: support asus g713pv laptop (git-fixes).
* alsa: hda/realtek: whitespace fix (git-fixes).
* alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
* alsa: hda: fix a possible null-pointer dereference due to data race in
snd_hdac_regmap_sync() (git-fixes).
* alsa: hda: lnl: add hd audio pci id (git-fixes).
* alsa: jack: fix mutex call in snd_jack_report() (git-fixes).
* alsa: oxfw: make read-only const array models static (git-fixes).
* alsa: pcm: fix potential data race at pcm memory allocation helpers (git-
fixes).
* alsa: usb-audio: add fixed_rate quirk for jbl quantum610 wireless (git-
fixes).
* alsa: usb-audio: add new quirk fixed_rate for jbl quantum810 wireless (git-
fixes).
* alsa: usb-audio: add quirk for microsoft modern wireless headset
(bsc#1207129).
* alsa: usb-audio: always initialize fixed_rate in
snd_usb_find_implicit_fb_sync_format() (git-fixes).
* alsa: usb-audio: apply mutex around snd_usb_endpoint_set_params() (git-
fixes).
* alsa: usb-audio: avoid superfluous endpoint setup (git-fixes).
* alsa: usb-audio: avoid unnecessary interface change at ep close (git-fixes).
* alsa: usb-audio: clear fixed clock rate at closing ep (git-fixes).
* alsa: usb-audio: correct the return code from snd_usb_endpoint_set_params()
(git-fixes).
* alsa: usb-audio: drop superfluous interface setup at parsing (git-fixes).
* alsa: usb-audio: fix possible null pointer dereference in
snd_usb_pcm_has_fixed_rate() (git-fixes).
* alsa: usb-audio: fix wrong kfree issue in snd_usb_endpoint_free_all (git-
fixes).
* alsa: usb-audio: more refactoring of hw constraint rules (git-fixes).
* alsa: usb-audio: properly refcounting clock rate (git-fixes).
* alsa: usb-audio: rate limit usb_set_interface error reporting (git-fixes).
* alsa: usb-audio: refcount multiple accesses on the single clock (git-fixes).
* alsa: usb-audio: split endpoint setups for hw_params and prepare (take#2)
(git-fixes).
* alsa: usb-audio: update for native dsd support quirks (git-fixes).
* alsa: usb-audio: use atomic_try_cmpxchg in ep_state_update (git-fixes).
* alsa: usb-audio: workaround for xrun at prepare (git-fixes).
* amd-pstate: fix amd_pstate mode switch (git-fixes).
* amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
* apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
* arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes)
* arm64: add missing set/way cmo encodings (git-fixes).
* arm64: dts: microchip: sparx5: do not use psci on reference boards (git-
fixes)
* arm64: vdso: pass (void *) to virt_to_page() (git-fixes)
* arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
* arm: dts: fix erroneous ads touchscreen polarities (git-fixes).
* asoc: amd: acp: fix for invalid dai id handling in acp_get_byte_count()
(git-fixes).
* asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
* asoc: codecs: es8316: fix dmic config (git-fixes).
* asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-
fixes).
* asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
* asoc: codecs: wcd938x: fix codec initialisation race (git-fixes).
* asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes).
* asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
* asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
* asoc: da7219: check for failure reading aad irq events (git-fixes).
* asoc: da7219: flush pending aad irq when suspending (git-fixes).
* asoc: es8316: do not set rate constraints for unsupported mclks (git-fixes).
* asoc: es8316: increment max value for alc capture target volume control
(git-fixes).
* asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
* asoc: fsl_spdif: silence output on stop (git-fixes).
* asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
* asoc: intel: sof_sdw: remove sof_sdw_tgl_hdmi for meteorlake devices (git-
fixes).
* asoc: mediatek: mt8173: fix irq error path (git-fixes).
* asoc: nau8824: add quirk to active-high jack-detect (git-fixes).
* asoc: rt5640: fix sleep in atomic context (git-fixes).
* asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: simple-card: add missing of_node_put() in case of error (git-fixes).
* asoc: sof: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write()
(git-fixes).
* asoc: sof: topology: fix logic for copying tuples (git-fixes).
* asoc: tegra: fix adx byte map (git-fixes).
* asoc: tegra: fix amx byte map (git-fixes).
* asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
* ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
* block, bfq: fix division by zero error on zero wsum (bsc#1213653).
* block: fix a source code comment in include/uapi/linux/blkzoned.h (git-
fixes).
* bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes).
* bluetooth: fix use-bdaddr-property quirk (git-fixes).
* bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes).
* bluetooth: hci_event: call disconnect callback before deleting conn (git-
fixes).
* bluetooth: hci_sync: avoid use-after-free in dbg for
hci_remove_adv_monitor() (git-fixes).
* bluetooth: iso: consider right cis when removing cig at cleanup (git-fixes).
* bluetooth: iso: fix cig auto-allocation to select configurable cig (git-
fixes).
* bluetooth: iso: fix iso_conn related locking and validity issues (git-
fixes).
* bluetooth: iso: use hci_sync for setting cig parameters (git-fixes).
* bluetooth: use rcu for hci_conn_params and iterate safely in hci_sync (git-
fixes).
* bonding: fix negative jump label count on nested bonding (bsc#1212685).
* bus: fsl-mc: fsl-mc-allocator: drop a write-only variable (git-fixes).
* bus: mhi: add new interfaces to handle mhi channels directly (bsc#1207948).
* bus: mhi: host: add destroy_device argument to mhi_power_down()
(bsc#1207948).
* bus: ti-sysc: fix dispc quirk masking bool variables (git-fixes).
* can: bcm: fix uaf in bcm_proc_show() (git-fixes).
* can: gs_usb: gs_can_close(): add missing set of can state to
can_state_stopped (git-fixes).
* can: isotp: isotp_sendmsg(): fix return error fix on tx path (git-fixes).
* can: kvaser_pciefd: remove handler for unused
kvaser_pciefd_pack_type_eframe_ack (git-fixes).
* can: kvaser_pciefd: remove useless write to interrupt register (git-fixes).
* can: length: fix bitstuffing count (git-fixes).
* can: length: fix description of the rrs field (git-fixes).
* can: length: make header self contained (git-fixes).
* ceph: add a dedicated private data for netfs rreq (bsc#1213205).
* ceph: do not let check_caps skip sending responses for revoke msgs
(bsc#1213856).
* ceph: fix blindly expanding the readahead windows (bsc#1213206).
* cifs: add a warning when the in-flight count goes negative (bsc#1193629).
* cifs: address unused variable warning (bsc#1193629).
* cifs: do all necessary checks for credits within or before locking
(bsc#1193629).
* cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
* cifs: fix max_credits implementation (bsc#1193629).
* cifs: fix session state check in reconnect to avoid use-after-free issue
(bsc#1193629).
* cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
* cifs: fix session state transition to avoid use-after-free issue
(bsc#1193629).
* cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
* cifs: fix status checks in cifs_tree_connect (bsc#1193629).
* cifs: log session id when a matching ses is not found (bsc#1193629).
* cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
* cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
* cifs: print all credit counters in debugdata (bsc#1193629).
* cifs: print client_guid in debugdata (bsc#1193629).
* cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
* cifs: print nosharesock value while dumping mount options (bsc#1193629).
* clk: cdce925: check return value of kasprintf() (git-fixes).
* clk: fix memory leak in devm_clk_notifier_register() (git-fixes).
* clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
* clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-
fixes).
* clk: imx: scu: use _safe list iterator to avoid a use after free (git-
fixes).
* clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
* clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git-
fixes).
* clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes).
* clk: samsung: add exynos4212 compatible to clkout driver (git-fixes).
* clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
* clk: si5341: free unused memory on probe failure (git-fixes).
* clk: si5341: return error if one synth clock registration fails (git-fixes).
* clk: tegra: tegra124-emc: fix potential memory leak (git-fixes).
* clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
* clk: vc5: check memory returned by kasprintf() (git-fixes).
* coda: avoid partial allocation of sig_inputargs (git-fixes).
* codel: fix kernel-doc notation warnings (git-fixes).
* cpufreq: amd-pstate: add ->fast_switch() callback (bsc#1212445).
* cpufreq: amd-pstate: add amd p-state frequencies attributes (bsc#1212445).
* cpufreq: amd-pstate: add amd p-state performance attributes (bsc#1212445).
* cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection
(bsc#1212445).
* cpufreq: amd-pstate: add boost mode support for amd p-state (bsc#1212445).
* cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445).
* cpufreq: amd-pstate: add fast switch function for amd p-state (bsc#1212445).
* cpufreq: amd-pstate: add guided autonomous mode (bsc#1212445).
* cpufreq: amd-pstate: add guided mode control support via sysfs
(bsc#1212445).
* cpufreq: amd-pstate: add more tracepoint for amd p-state module
(bsc#1212445).
* cpufreq: amd-pstate: add resume and suspend callbacks (bsc#1212445).
* cpufreq: amd-pstate: add trace for amd p-state module (bsc#1212445).
* cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445).
* cpufreq: amd-pstate: change amd-pstate driver to be built-in type
(bsc#1212445).
* cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445).
* cpufreq: amd-pstate: cpufreq: amd-pstate: reset msr_amd_perf_ctl register at
init (bsc#1212445).
* cpufreq: amd-pstate: expose struct amd_cpudata (bsc#1212445).
* cpufreq: amd-pstate: fix initial highest_perf value (bsc#1212445).
* cpufreq: amd-pstate: fix invalid write to msr_amd_cppc_req (bsc#1212445).
* cpufreq: amd-pstate: fix kconfig dependencies for amd p-state (bsc#1212445).
* cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering
(bsc#1212445).
* cpufreq: amd-pstate: fix struct amd_cpudata kernel-doc comment
(bsc#1212445).
* cpufreq: amd-pstate: fix white-space (bsc#1212445).
* cpufreq: amd-pstate: implement amd pstate cpu online and offline callback
(bsc#1212445).
* cpufreq: amd-pstate: implement pstate epp support for the amd processors
(bsc#1212445).
* cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445).
* cpufreq: amd-pstate: introduce a new amd p-state driver to support future
processors (bsc#1212445).
* cpufreq: amd-pstate: introduce the support for the processors with shared
memory solution (bsc#1212445).
* cpufreq: amd-pstate: let user know amd-pstate is disabled (bsc#1212445).
* cpufreq: amd-pstate: make amd-pstate epp driver name hyphenated
(bsc#1212445).
* cpufreq: amd-pstate: make varaiable mode_state_machine static (bsc#1212445).
* cpufreq: amd-pstate: optimize driver working mode selection in
amd_pstate_param() (bsc#1212445).
* cpufreq: amd-pstate: remove fast_switch_possible flag from active driver
(bsc#1212445).
* cpufreq: amd-pstate: remove module_license in non-modules (bsc#1212445).
* cpufreq: amd-pstate: set a fallback policy based on preferred_profile
(bsc#1212445).
* cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445).
* cpufreq: amd-pstate: update policy->cur in amd_pstate_adjust_perf()
(bsc#1212445).
* cpufreq: amd-pstate: update pstate frequency transition delay time
(bsc#1212445).
* cpufreq: amd-pstate: write cppc enable bit per-socket (bsc#1212445).
* cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445).
* cpufreq: amd_pstate: map desired perf into pstate scope for powersave
governor (bsc#1212445).
* cpufreq: tegra194: fix module loading (git-fixes).
* crypto: kpp - add helper to set reqsize (git-fixes).
* crypto: marvell/cesa - fix type mismatch warning (git-fixes).
* crypto: nx - fix build warnings when debug_fs is not enabled (git-fixes).
* crypto: qat - use helper to set reqsize (git-fixes).
* delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix
bsc#1213705.
* devlink: fix kernel-doc notation warnings (git-fixes).
* dlm: fix missing lkb refcount handling (git-fixes).
* dlm: fix plock invalid read (git-fixes).
* dma-buf/dma-resv: stop leaking on krealloc() failure (git-fixes).
* docs: networking: update codeaurora references for rmnet (git-fixes).
* documentation: abi: sysfs-class-net-qmi: pass_through contact update (git-
fixes).
* documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
* documentation: cpufreq: amd-pstate: move amd_pstate param to alphabetical
order (bsc#1212445).
* documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-
fixes).
* documentation: timers: hrtimers: make hybrid union historical (git-fixes).
* drivers: meson: secure-pwrc: always enable dma domain (git-fixes).
* drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes).
* drm/amd/amdgpu: limit one queue per gang (git-fixes).
* drm/amd/amdgpu: update mes11 api def (git-fixes).
* drm/amd/display (gcc13): fix enum mismatch (git-fixes).
* drm/amd/display: add a null pointer check (bsc#1212848, bsc#1212961).
* drm/amd/display: add debug option to skip psr crtc disable (git-fixes).
* drm/amd/display: add logging for display mall refresh setting (git-fixes).
* drm/amd/display: add minimal pipe split transition state (git-fixes).
* drm/amd/display: add minimum z8 residency debug option (git-fixes).
* drm/amd/display: add missing wa and mclk validation (git-fixes).
* drm/amd/display: add monitor specific edid quirk (git-fixes).
* drm/amd/display: add polling method to handle mst reply packet
(bsc#1213578).
* drm/amd/display: add wrapper to call planes and stream update (git-fixes).
* drm/amd/display: add z8 allow states to z-state support list (git-fixes).
* drm/amd/display: change default z8 watermark values (git-fixes).
* drm/amd/display: check tg is non-null before checking if enabled (git-
fixes).
* drm/amd/display: correct `dmub_fw_version` macro (git-fixes).
* drm/amd/display: correct dml calculation to align hw formula (git-fixes).
* drm/amd/display: correct dml calculation to follow hw spec (git-fixes).
* drm/amd/display: disable mpc split by default on special asic (git-fixes).
* drm/amd/display: disable seamless boot if force_odm_combine is enabled
(bsc#1212848, bsc#1212961).
* drm/amd/display: do not update drr while bw optimizations pending (git-
fixes).
* drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-
fixes).
* drm/amd/display: enable hostvm based on riommu active (git-fixes).
* drm/amd/display: enforce 60us prefetch for 200mhz dcfclk modes (git-fixes).
* drm/amd/display: ensure vmin and vmax adjust for dce (git-fixes).
* drm/amd/display: explicitly specify update type per plane info change (git-
fixes).
* drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes).
* drm/amd/display: fix 4to1 mpc black screen with dpp rco (git-fixes).
* drm/amd/display: fix a divided-by-zero error (git-fixes).
* drm/amd/display: fix a test calculateprefetchschedule() (git-fixes).
* drm/amd/display: fix a test dml32_rq_dlg_get_rq_reg() (git-fixes).
* drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
* drm/amd/display: fix artifacting on edp panels when engaging freesync video
mode (git-fixes).
* drm/amd/display: fix psr-su/dsc interoperability support (git-fixes).
* drm/amd/display: fix seamless odm transitions (git-fixes).
* drm/amd/display: fix the system hang while disable psr (git-fixes).
* drm/amd/display: fix z8 support configurations (git-fixes).
* drm/amd/display: fixed dcn30+ underflow issue (git-fixes).
* drm/amd/display: have payload properly created after resume (git-fixes).
* drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes).
* drm/amd/display: limit timing for single dimm memory (git-fixes).
* drm/amd/display: lowering min z8 residency time (git-fixes).
* drm/amd/display: only update link settings after successful mst link train
(git-fixes).
* drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
* drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes).
* drm/amd/display: reduce sdp bw after urgent to 90% (git-fixes).
* drm/amd/display: refactor edp psr codes (git-fixes).
* drm/amd/display: remove fpu guards from the dml folder (git-fixes).
* drm/amd/display: remove optimization for vrr updates (git-fixes).
* drm/amd/display: remove phantom pipe check when calculating k1 and k2 (git-
fixes).
* drm/amd/display: remove stutter only configurations (git-fixes).
* drm/amd/display: save restore hdcp state when display is unplugged from mst
hub (git-fixes).
* drm/amd/display: set dcn315 lb bpp to 48 (git-fixes).
* drm/amd/display: unlock on error path in
dm_handle_mst_sideband_msg_ready_event() (git-fixes).
* drm/amd/display: update minimum stutter residency for dcn314 z8 (git-fixes).
* drm/amd/display: update z8 sr exit/enter latencies (git-fixes).
* drm/amd/display: update z8 watermarks for dcn314 (git-fixes).
* drm/amd/display: use dc_update_planes_and_stream (git-fixes).
* drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes).
* drm/amd/pm: add missing notifypowersource message mapping for smu13.0.7
(git-fixes).
* drm/amd/pm: avoid potential ubsan issue on legacy asics (git-fixes).
* drm/amd/pm: conditionally disable pcie lane switching for some
sienna_cichlid skus (git-fixes).
* drm/amd/pm: conditionally disable pcie lane/speed switching for smu13 (git-
fixes).
* drm/amd/pm: fix possible power mode mismatch between driver and pmfw (git-
fixes).
* drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes).
* drm/amd/pm: resolve reboot exception for si oland (git-fixes).
* drm/amd/pm: reverse mclk and fclk clocks levels for smu v13.0.4 (git-fixes).
* drm/amd/pm: reverse mclk clocks levels for smu v13.0.5 (git-fixes).
* drm/amd/pm: revise the aspm settings for thunderbolt attached scenario
(bsc#1212848, bsc#1212961).
* drm/amd/pm: share the code around smu13 pcie parameters update (git-fixes).
* drm/amd/pm: update the lc_l1_inactivity setting to address possible noise
issue (bsc#1212848, bsc#1212961).
* drm/amd/pm: workaround for compute workload type on some skus (git-fixes).
* drm/amd: add a new helper for loading/validating microcode (git-fixes).
* drm/amd: disable psr-su on parade 0803 tcon (bsc#1212848, bsc#1212961).
* drm/amd: do not allow s0ix on apus older than raven (git-fixes).
* drm/amd: do not try to enable secure display ta multiple times (bsc#1212848,
bsc#1212961).
* drm/amd: fix an error handling mistake in psp_sw_init() (git-fixes).
* drm/amd: load mes microcode during early_init (git-fixes).
* drm/amd: use `amdgpu_ucode_*` helpers for mes (git-fixes).
* drm/amdgpu/gfx11: adjust gfxoff before powergating on gfx11 as well (git-
fixes).
* drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes).
* drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes).
* drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes).
* drm/amdgpu/jpeg: remove harvest checking for jpeg3 (git-fixes).
* drm/amdgpu/mes11: enable reg active poll (git-fixes).
* drm/amdgpu/vcn: disable indirect sram on vangogh broken bioses (git-fixes).
* drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git-
fixes).
* drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes).
* drm/amdgpu: add the fan abnormal detection feature (git-fixes).
* drm/amdgpu: avoid restore process run into dead loop (git-fixes).
* drm/amdgpu: change reserved vram info print (git-fixes).
* drm/amdgpu: declare firmware for new mes 11.0.4 (git-fixes).
* drm/amdgpu: do not set struct drm_driver.output_poll_changed (git-fixes).
* drm/amdgpu: enable tmz by default for gc 11.0.1 (git-fixes).
* drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes).
* drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes).
* drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes).
* drm/amdgpu: fix clearing mappings for bos that are always valid in vm
(bsc#1212848, bsc#1212961).
* drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git-
fixes).
* drm/amdgpu: fix desktop freezed after gpu-reset (git-fixes).
* drm/amdgpu: fix memcpy() in sienna_cichlid_append_powerplay_table function
(git-fixes).
* drm/amdgpu: fix minmax warning (git-fixes).
* drm/amdgpu: fix number of fence calculations (bsc#1212848, bsc#1212961).
* drm/amdgpu: fix sdma v4 sw fini error (git-fixes).
* drm/amdgpu: fix usage of umc fill record in ras (git-fixes).
* drm/amdgpu: force signal hw_fences that are embedded in non-sched jobs (git-
fixes).
* drm/amdgpu: refine get gpu clock counter method (git-fixes).
* drm/amdgpu: remove deprecated mes version vars (git-fixes).
* drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes).
* drm/amdgpu: set gfx9 onwards apu atomics support to be true (git-fixes).
* drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes).
* drm/amdgpu: validate vm ioctl flags (git-fixes).
* drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes).
* drm/amdkfd: fix potential deallocation of previously deallocated memory
(git-fixes).
* drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes).
* drm/bridge: anx7625: convert to i2c's .probe_new() (git-fixes).
* drm/bridge: anx7625: fix refcount bug in anx7625_parse_dt() (git-fixes).
* drm/bridge: anx7625: prevent endless probe loop (git-fixes).
* drm/bridge: it6505: move a variable assignment behind a null pointer check
in receive_timing_debugfs_show() (git-fixes).
* drm/bridge: tc358767: switch to devm mipi-dsi helpers (git-fixes).
* drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git-
fixes).
* drm/bridge: tc358768: always enable hs video mode (git-fixes).
* drm/bridge: tc358768: fix pll parameters computation (git-fixes).
* drm/bridge: tc358768: fix pll target frequency (git-fixes).
* drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes).
* drm/bridge: tc358768: fix tclk_zerocnt computation (git-fixes).
* drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes).
* drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes).
* drm/bridge: tc358768: fix txtagocnt computation (git-fixes).
* drm/bridge: ti-sn65dsi83: fix enable error path (git-fixes).
* drm/bridge: ti-sn65dsi86: fix auxiliary bus lifetime (git-fixes).
* drm/client: fix memory leak in drm_client_modeset_probe (git-fixes).
* drm/client: fix memory leak in drm_client_target_cloned (git-fixes).
* drm/display/dp_mst: fix payload addition on a disconnected sink (git-fixes).
* drm/display: do not block hdr_output_metadata on unknown eotf (git-fixes).
* drm/dp_mst: clear msg_rdy flag before sending new message (bsc#1213578).
* drm/drm_vma_manager: add drm_vma_node_allow_once() (git-fixes).
* drm/dsc: fix dp_dsc_max_bpp_delta_* macro values (git-fixes).
* drm/dsc: fix drm_edp_dsc_sink_output_bpp() dpcd high byte usage (git-fixes).
* drm/etnaviv: move idle mapping reaping into separate function (git-fixes).
* drm/etnaviv: reap idle mapping if it does not match the softpin address
(git-fixes).
* drm/exynos: fix race condition uaf in exynos_g2d_exec_ioctl (git-fixes).
* drm/exynos: vidi: fix a wrong error return (git-fixes).
* drm/i915/dp_mst: add the mst topology state for modesetted crtcs
(bsc#1213493).
* drm/i915/dpt: use shmem for dpt objects (git-fixes).
* drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes).
* drm/i915/gt: cleanup partial engine discovery failures (git-fixes).
* drm/i915/guc: add error-capture init warnings when needed (git-fixes).
* drm/i915/guc: fix missing ecodes (git-fixes).
* drm/i915/guc: limit scheduling properties to avoid overflow (git-fixes).
* drm/i915/guc: rename guc register state capture node to be more obvious
(git-fixes).
* drm/i915/gvt: remove unused variable gma_bottom in command parser (git-
fixes).
* drm/i915/mtl: update scaler source and destination limits for mtl (git-
fixes).
* drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git-
fixes).
* drm/i915/sdvo: grab mode_config.mutex during lvds init to avoid warns (git-
fixes).
* drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git-
fixes).
* drm/i915/tc: fix system resume mst mode restore for dp-alt sinks (git-
fixes).
* drm/i915/tc: fix tc port link ref init for dp mst during hw readout (git-
fixes).
* drm/i915: allow panel fixed modes to have differing sync polarities (git-
fixes).
* drm/i915: check pipe source size when using skl+ scalers (git-fixes).
* drm/i915: do not preserve dpll_hw_state for slave crtc in bigjoiner (git-
fixes).
* drm/i915: do panel vbt init early if the vbt declares an explicit panel type
(git-fixes).
* drm/i915: fix a memory leak with reused mmap_offset (git-fixes).
* drm/i915: fix an error handling path in igt_write_huge() (git-fixes).
* drm/i915: fix negative value passed as remaining time (git-fixes).
* drm/i915: fix one wrong caching mode enum usage (git-fixes).
* drm/i915: fix typec mode initialization during system resume (git-fixes).
* drm/i915: introduce intel_panel_init_alloc() (git-fixes).
* drm/i915: never return 0 if not all requests retired (git-fixes).
* drm/i915: populate encoder->devdata for dsi on icl+ (git-fixes).
* drm/i915: print return value on error (git-fixes).
* drm/i915: use _mmio_pipe() for skl_bottom_color (git-fixes).
* drm/meson: fix return type of meson_encoder_cvbs_mode_valid() (git-fixes).
* drm/msm/a5xx: really check for a510 in a5xx_gpu_init (git-fixes).
* drm/msm/adreno: fix runtime pm imbalance at unbind (git-fixes).
* drm/msm/adreno: fix snapshot bindless_data size (git-fixes).
* drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
* drm/msm/adreno: simplify read64/write64 helpers (git-fixes).
* drm/msm/disp/dpu: get timing engine status from intf status register (git-
fixes).
* drm/msm/dp: free resources after unregistering them (git-fixes).
* drm/msm/dpu: add dsc hardware blocks to register snapshot (git-fixes).
* drm/msm/dpu: assign missing writeback log_mask (git-fixes).
* drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes).
* drm/msm/dpu: correct merge_3d length (git-fixes).
* drm/msm/dpu: do not enable color-management if dspps are not available (git-
fixes).
* drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
* drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes).
* drm/msm/dpu: set dsc flush bit correctly at mdp ctl flush register (git-
fixes).
* drm/msm/dsi: do not allow enabling 14nm vco with unprogrammed rate (git-
fixes).
* drm/msm/hdmi: use devres helper for runtime pm management (git-fixes).
* drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-
fixes).
* drm/panel: boe-tv101wum-nl6: ensure dsi writes succeed during disable (git-
fixes).
* drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
* drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes).
* drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git-
fixes).
* drm/panel: simple: fix active size for ampire am-480272h3tmqw-t01h (git-
fixes).
* drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes).
* drm/radeon: fix possible division-by-zero errors (git-fixes).
* drm/radeon: fix race condition uaf in radeon_gem_set_domain_ioctl (git-
fixes).
* drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes).
* drm/rockchip: vop: leave vblank enabled in self-refresh (git-fixes).
* drm/ttm: do not leak a resource on swapout move error (git-fixes).
* drm/ttm: fix bulk_move corruption when adding a entry (git-fixes).
* drm/ttm: fix warning that we shouldn't mix && and || (git-fixes).
* drm/virtio: fix memory leak in virtio_gpu_object_create() (git-fixes).
* drm/virtio: simplify error handling of virtio_gpu_object_create() (git-
fixes).
* drm/vmwgfx: fix legacy display unit atomic drm support (bsc#1213632).
* drm/vmwgfx: refactor resource manager's hashtable to use linux/hashtable
implementation (git-fixes).
* drm/vmwgfx: refactor resource validation hashtable to use linux/hashtable
implementation (git-fixes).
* drm/vmwgfx: refactor ttm reference object hashtable to use linux/hashtable
(git-fixes).
* drm/vmwgfx: remove explicit and broken vblank handling (bsc#1213632).
* drm/vmwgfx: remove rcu locks from user resources (bsc#1213632).
* drm/vmwgfx: remove ttm object hashtable (git-fixes).
* drm/vmwgfx: remove vmwgfx_hashtab (git-fixes).
* drm/vmwgfx: write the driver id registers (git-fixes).
* drm/vram-helper: fix function names in vram helper doc (git-fixes).
* drm: add fixed-point helper to get rounded integer values (git-fixes).
* drm: add missing dp dsc extended capability definitions (git-fixes).
* drm: buddy_allocator: fix buddy allocator init on 32-bit systems (git-
fixes).
* drm: optimize drm buddy top-down allocation method (git-fixes).
* drm: panel-orientation-quirks: add quirk for dynabook k50 (git-fixes).
* drm: rcar-du: add quirk for h3 es1.x pclk workaround (git-fixes).
* drm: rcar-du: fix setting a reserved bit in dpllcr (git-fixes).
* drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-
fixes).
* drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes).
* drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777).
* dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in "compatible"
conditional schema (git-fixes).
* elf: correct note name comment (git-fixes).
* enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#ped-4758)
* ext4: add ea_inode checking to ext4_iget() (bsc#1213106).
* ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid()
(bsc#1213088).
* ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
* ext4: add strict range checks while freeing blocks (bsc#1213089).
* ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
* ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
* ext4: block range must be validated before use in ext4_mb_clear_bb()
(bsc#1213090).
* ext4: check iomap type only if ext4_iomap_begin() does not fail
(bsc#1213103).
* ext4: disallow ea_inodes with extended attributes (bsc#1213108).
* ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
* ext4: fix bug_on in __es_tree_search caused by bad quota inode
(bsc#1213111).
* ext4: fix data races when using cached status extents (bsc#1213102).
* ext4: fix deadlock when converting an inline directory in nojournal mode
(bsc#1213105).
* ext4: fix i_disksize exceeding i_size problem in paritally written case
(bsc#1213015).
* ext4: fix lockdep warning when enabling mmp (bsc#1213100).
* ext4: fix reusing stale buffer heads from last failed mounting
(bsc#1213020).
* ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
* ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
(bsc#1213021).
* ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
(bsc#1213098).
* ext4: fix warning in ext4_update_inline_data (bsc#1213012).
* ext4: fix warning in mb_find_extent (bsc#1213099).
* ext4: improve error handling from ext4_dirhash() (bsc#1213104).
* ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
* ext4: move where set the may_inline_data flag is set (bsc#1213011).
* ext4: only update i_reserved_data_blocks on successful block allocation
(bsc#1213019).
* ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb()
(bsc#1213087).
* ext4: refuse to create ea block when umounted (bsc#1213093).
* ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
(bsc#1213107).
* ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
* ext4: update s_journal_inum if it changes after journal replay
(bsc#1213094).
* ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
* ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
* extcon: fix kernel doc of property capability fields to avoid warnings (git-
fixes).
* extcon: fix kernel doc of property fields to avoid warnings (git-fixes).
* extcon: usbc-tusb320: add usb type-c support (git-fixes).
* extcon: usbc-tusb320: call the type-c irq handler only if a port is
registered (git-fixes).
* extcon: usbc-tusb320: unregister typec port on driver removal (git-fixes).
* extcon: usbc-tusb320: update state on probe even if no irq pending (git-
fixes).
* fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes).
* fbdev: imxfb: removed unneeded release_mem_region (git-fixes).
* fbdev: imxfb: warn about invalid left/right margin (git-fixes).
* fbdev: omapfb: lcd_mipid: fix an error handling path in mipid_spi_probe()
(git-fixes).
* file: always lock position for fmode_atomic_pos (bsc#1213759).
* firmware: stratix10-svc: fix a potential resource leak in
svc_create_memory_pool() (git-fixes).
* fix documentation of panic_on_warn (git-fixes).
* fix null pointer dereference in drm_dp_atomic_find_time_slots()
(bsc#1213578).
* fs: dlm: add midcomms init/start functions (git-fixes).
* fs: dlm: do not set stop rx flag after node reset (git-fixes).
* fs: dlm: filter user dlm messages for kernel locks (git-fixes).
* fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
* fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
* fs: dlm: fix race in lowcomms (git-fixes).
* fs: dlm: handle -ebusy first in lock arg validation (git-fixes).
* fs: dlm: move sending fin message into state change handling (git-fixes).
* fs: dlm: retry accept() until -eagain or error returns (git-fixes).
* fs: dlm: return positive pid value for f_getlk (git-fixes).
* fs: dlm: start midcomms before scand (git-fixes).
* fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-
fixes).
* fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
* fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
* fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes).
* fuse: ioctl: translate enosys in outarg (bsc#1213524).
* fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
* get module prefix from kmod (bsc#1212835).
* gve: set default duplex configuration to full (git-fixes).
* gve: unify driver name usage (git-fixes).
* hid: logitech-hidpp: add hidpp_quirk_delayed_init for the t651 (git-fixes).
* hid: wacom: add error check to wacom_parse_and_register() (git-fixes).
* hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861).
* hvcs: get reference to tty in remove (bsc#1213134 ltc#202861).
* hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
* hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134
ltc#202861).
* hvcs: use driver groups to manage driver attributes (bsc#1213134
ltc#202861).
* hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861).
* hwmon: (adm1275) allow setting sample averaging (git-fixes).
* hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
* hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-
fixes).
* hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled
(git-fixes).
* hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272
(git-fixes).
* hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
* hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
* i2c: tegra: set acpi node as primary fwnode (bsc#1213226).
* i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
(git-fixes).
* i2c: xiic: do not try to handle more interrupt events after error (git-
fixes).
* iavf: check for removal state before iavf_flag_pf_comms_failed (git-fixes).
* iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies
(git-fixes).
* iavf: fix out-of-bounds when setting channels on remove (git-fixes).
* iavf: fix potential deadlock on allocation failure (git-fixes).
* iavf: fix reset task race with iavf_remove() (git-fixes).
* iavf: fix use-after-free in free_netdev (git-fixes).
* iavf: move netdev_update_features() into watchdog task (git-fixes).
* iavf: use internal state to free traffic irqs (git-fixes).
* iavf: wait for reset in callbacks which trigger it (git-fixes).
* ib/hfi1: fix wrong mmu_node used for user sdma packet after invalidate (git-
fixes)
* ib/hfi1: use bitmap_zalloc() when applicable (git-fixes)
* ib/isert: fix dead lock in ib_isert (git-fixes)
* ib/isert: fix incorrect release of isert connection (git-fixes)
* ib/isert: fix possible list corruption in cma handler (git-fixes)
* ib/uverbs: fix to consider event queue closing also upon non-blocking mode
(git-fixes)
* ibmvnic: do not reset dql stats on non_fatal err (bsc#1212603 ltc#202604).
* ice: fix max_rate check while configuring tx rate limits (git-fixes).
* ice: fix memory management in ice_ethtool_fdir.c (git-fixes).
* ice: handle extts in the miscellaneous interrupt thread (git-fixes).
* igc: check if hardware tx timestamping is enabled earlier (git-fixes).
* igc: enable and fix rx hash usage by netstack (git-fixes).
* igc: fix inserting of empty frame for launchtime (git-fixes).
* igc: fix kernel panic during ndo_tx_timeout callback (git-fixes).
* igc: fix launchtime before start of cycle (git-fixes).
* igc: fix race condition in ptp tx code (git-fixes).
* igc: handle pps start time programming for past time values (git-fixes).
* igc: prevent garbled tx queue with xdp zerocopy (git-fixes).
* igc: remove delay during tx ring configuration (git-fixes).
* igc: set tp bit in 'supported' and 'advertising' fields of
ethtool_link_ksettings (git-fixes).
* igc: work around hw bug causing missing timestamps (git-fixes).
* iio: accel: fxls8962af: errata bug only applicable for fxls8962af (git-
fixes).
* iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
* iio: adc: ad7192: fix internal/external clock selection (git-fixes).
* iio: adc: ad7192: fix null ad7192_state pointer access (git-fixes).
* inotify: avoid reporting event with invalid wd (bsc#1213025).
* input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
* input: drv260x - fix typo in register value define (git-fixes).
* input: drv260x - remove unused .reg_defaults (git-fixes).
* input: drv260x - sleep between polling go bit (git-fixes).
* input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
* input: iqs269a - do not poll during ati (git-fixes).
* input: iqs269a - do not poll during suspend or resume (git-fixes).
* input: soc_button_array - add invalid acpi_index dmi quirk handling (git-
fixes).
* integrity: fix possible multiple allocation in integrity_inode_get() (git-
fixes).
* io_uring: do not expose io_fill_cqe_aux() (bsc#1211014).
* irqchip/gic-v3: claim iomem resources (bsc#1213533)
* irqchip/gicv3: handle resource request failure consistently (bsc#1213533)
* irqchip/gicv3: workaround for nvidia erratum t241-fabric-4 (bsc#1213533)
* jbd2: fix data missing when reusing bh which is ready to be checkpointed
(bsc#1213095).
* jdb2: do not refuse invalidation of already invalidated buffers
(bsc#1213014).
* jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
* jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
* jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
* jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
* jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-
fixes).
* jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
* jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes).
* kabi fix after restore kabi for nvidia vgpu driver (bsc#1210825).
* kabi/severities: add vas symbols changed due to recent fix vas accelerators
are directly tied to the architecture, there is no reason to have out-of-
tree production drivers
* kabi/severities: ignore kabi of i915 module it's exported only for its sub-
module, not really used by externals
* kabi/severities: ignore kabi of vmwgfx the driver exports a function
unnecessarily without used by anyone else. ignore the kabi changes.
* kabi/severities: relax kabi for ath11k local symbols (bsc#1207948)
* kabi: do not check external trampolines for signature (kabi bsc#1207894
bsc#1211243).
* kernel-binary.spec.in: remove superfluous %% in supplements fixes:
02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags
to in-tree kmps")
* kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime
is undefined (git-fixes).
* kvm: arm64: do not read a hw interrupt pending state in user context (git-
fixes)
* kvm: arm64: warn if accessing timer pending state outside of vcpu
(bsc#1213620)
* kvm: do not null dereference ops->destroy (git-fixes)
* kvm: downgrade two bug_ons to warn_on_once (git-fixes)
* kvm: initialize debugfs_dentry when a vm is created to avoid null (git-
fixes)
* kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
* kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-
fixes).
* kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-
fixes).
* kvm: vmx: restore vmx_vmexit alignment (git-fixes).
* kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
* leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git-
fixes).
* libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
* m alsa: usb-audio: add quirk for tascam model 12 (git-fixes).
* mailbox: ti-msgmgr: fill non-message tx data fields with 0x0 (git-fixes).
* maintainers: add amd p-state driver maintainer entry (bsc#1212445).
* md: add error_handlers for raid0 and linear (bsc#1212766).
* media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
(git-fixes).
* media: cec: core: do not set last_initiator if tx in progress (git-fixes).
* media: cec: i2c: ch7322: also select regmap (git-fixes).
* media: i2c: correct format propagation for st-mipid02 (git-fixes).
* media: staging: atomisp: select v4l2_fwnode (git-fixes).
* media: usb: check az6007_read() return value (git-fixes).
* media: usb: siano: fix warning due to null work_func_t function pointer
(git-fixes).
* media: venus: helpers: fix align() of non power of two (git-fixes).
* media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes).
* memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
* memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
* meson saradc: fix clock divider mask length (git-fixes).
* mfd: intel-lpss: add missing check for platform_get_resource (git-fixes).
* mfd: pm8008: fix module autoloading (git-fixes).
* mfd: rt5033: drop rt5033-battery sub-device (git-fixes).
* mfd: stmfx: fix error path in stmfx_chip_init (git-fixes).
* mfd: stmfx: nullify stmfx->vdd in case of error (git-fixes).
* mfd: stmpe: only disable the regulators if they are enabled (git-fixes).
* mhi_power_down() kabi workaround (bsc#1207948).
* misc: fastrpc: create fastrpc scalar with correct buffer count (git-fixes).
* misc: pci_endpoint_test: free irqs before removing the device (git-fixes).
* misc: pci_endpoint_test: re-init completion for every test (git-fixes).
* mmc: core: disable trim on kingston emmc04g-m627 (git-fixes).
* mmc: mmci: set probe_prefer_asynchronous (git-fixes).
* mmc: sdhci-msm: disable broken 64-bit dma on msm8916 (git-fixes).
* mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is
used (git-fixes).
* mtd: rawnand: meson: fix unaligned dma buffers handling (git-fixes).
* net/mlx5: add ifc bits for bypassing port select flow table (git-fixes)
* net/mlx5: dr, support sw created encap actions for fw table (git-fixes).
* net/mlx5e: check for not_ready flag state after locking (git-fixes).
* net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes).
* net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes).
* net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes).
* net/mlx5e: xdp, allow growing tail for xdp multi buffer (git-fixes).
* net/mlx5e: xsk: set napi_id to support busy polling on xsk rq (git-fixes).
* net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
* net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585).
* net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
* net: mana: add support for vlan tagging (bsc#1212301).
* net: mana: batch ringing rx queue doorbell on receiving packets
(bsc#1212901).
* net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901).
* net: phy: marvell10g: fix 88x3310 power up (git-fixes).
* net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
* net: qrtr: fix an uninit variable access bug in qrtr_tx_resume() (git-
fixes).
* net: qrtr: start mhi channel after endpoit creation (git-fixes).
* nfcsim.c: fix error checking for debugfs_create_dir (git-fixes).
* nfsd: add encoding of op_recall flag for write delegation (git-fixes).
* nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
* nfsd: fix sparse warning (git-fixes).
* nfsd: remove open coding of string copy (git-fixes).
* nfsv4.1: always send a reclaim_complete after establishing lease (git-
fixes).
* nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-
fixes).
* nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
* nilfs2: reject devices with insufficient block count (git-fixes).
* ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes).
* ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes).
* ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes).
* ntb: ntb_tool: add check for devm_kcalloc (git-fixes).
* ntb: ntb_transport: fix possible memory leak while device_register() fails
(git-fixes).
* nvme-core: fix dev_pm_qos memleak (git-fixes).
* nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
* nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
* nvme-multipath: support io stats on the mpath device (bsc#1210565).
* nvme-pci: add quirk for missing secondary temperature thresholds (git-
fixes).
* nvme-pci: fix dma direction of unmapping integrity data (git-fixes).
* nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
* nvme: do not reject probe due to duplicate ids for single-ported pcie
devices (git-fixes).
* nvme: double ka polling frequency to avoid kato with tbkas on (git-fixes).
* nvme: fix the nvme_id_ns_nvm_sts_mask definition (git-fixes).
* nvme: introduce nvme_start_request (bsc#1210565).
* ocfs2: check new file size on fallocate call (git-fixes).
* ocfs2: fix defrag path triggering jbd2 assert (git-fixes).
* ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
* ocfs2: fix non-auto defrag path not working issue (git-fixes).
* ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
* ocfs2: switch to security_inode_init_security() (git-fixes).
* octeontx-af: fix hardware timestamp configuration (git-fixes).
* octeontx2-af: move validation of ptp pointer before its usage (git-fixes).
* octeontx2-pf: add additional check for mcam rules (git-fixes).
* opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
* pci/aspm: disable aspm on mfd function removal to avoid use-after-free (git-
fixes).
* pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes).
* pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes).
* pci: add pci_clear_master() stub for non-config_pci (git-fixes).
* pci: cadence: fix gen2 link retraining process (git-fixes).
* pci: endpoint: add missing documentation about the msi/msi-x range (git-
fixes).
* pci: ftpci100: release the clock resources (git-fixes).
* pci: pciehp: cancel bringup sequence if card is not present (git-fixes).
* pci: qcom: disable write access to read only registers for ip v2.3.3 (git-
fixes).
* pci: release resource invalidated by coalescing (git-fixes).
* pci: rockchip: add poll and timeout to wait for phy plls to be locked (git-
fixes).
* pci: rockchip: assert pci configuration enable bit after probe (git-fixes).
* pci: rockchip: fix legacy irq generation for rk3399 pcie endpoint core (git-
fixes).
* pci: rockchip: set address alignment for endpoint mode (git-fixes).
* pci: rockchip: use u32 variable to access 32-bit registers (git-fixes).
* pci: rockchip: write pci device id to correct register (git-fixes).
* pci: s390: fix use-after-free of pci resources with per-function hotplug
(bsc#1212525).
* pci: vmd: fix uninitialized variable usage in vmd_enable_domain() (git-
fixes).
* pci: vmd: reset vmd config register between soft reboots (git-fixes).
* perf/x86/amd/core: always clear status for idx (bsc#1213233).
* phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-
fixes).
* phy: revert "phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb" (git-
fixes).
* phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
* phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes).
* pie: fix kernel-doc notation warning (git-fixes).
* pinctrl: amd: detect internal gpio0 debounce handling (git-fixes).
* pinctrl: amd: do not show `invalid config param` errors (git-fixes).
* pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes).
* pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes).
* pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes).
* pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
* pinctrl: cherryview: return correct value if pin in push-pull mode (git-
fixes).
* pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-
fixes).
* platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-
fixes).
* platform/x86: think-lmi: correct nvme password handling (git-fixes).
* platform/x86: think-lmi: correct system password interface (git-fixes).
* platform/x86: think-lmi: mutex protection around multiple wmi calls (git-
fixes).
* platform/x86: thinkpad_acpi: fix lkp-tests warnings for platform profiles
(git-fixes).
* powerpc/64: only warn if __pa()/__va() called with bad addresses
(bsc#1194869).
* powerpc/64s: fix vas mm use after free (bsc#1194869).
* powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869).
* powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869).
* powerpc/ftrace: remove ftrace init tramp once kernel init is complete
(bsc#1194869).
* powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare()
(bsc#1194869).
* powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross-
boundary (bsc#1150305 ltc#176097 git-fixes).
* powerpc/mm: switch obsolete dssall to .long (bsc#1194869).
* powerpc/powernv/sriov: perform null check on iov before dereferencing iov
(bsc#1194869).
* powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr
(bsc#1194869).
* powerpc/prom_init: fix kernel config grep (bsc#1194869).
* powerpc/pseries/vas: hold mmap_mutex after mmap lock during window close
(jsc#ped-542 git-fixes).
* powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
* powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
* powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
* powerpc: define get_cycles macro for arch-override (bsc#1194869).
* powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
* pstore/ram: add check for kstrdup (git-fixes).
* pwm: ab8500: fix error code in probe() (git-fixes).
* pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
* pwm: sysfs: do not apply state to already disabled pwms (git-fixes).
* radeon: avoid double free in ci_dpm_init() (git-fixes).
* rdma/bnxt_re: avoid calling wake_up threads from spin_lock context (git-
fixes)
* rdma/bnxt_re: disable/kill tasklet only if it is enabled (git-fixes)
* rdma/bnxt_re: fix hang during driver unload (git-fixes)
* rdma/bnxt_re: fix to remove an unnecessary log (git-fixes)
* rdma/bnxt_re: fix to remove unnecessary return labels (git-fixes)
* rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
* rdma/bnxt_re: remove a redundant check inside bnxt_re_update_gid (git-fixes)
* rdma/bnxt_re: remove unnecessary checks (git-fixes)
* rdma/bnxt_re: return directly without goto jumps (git-fixes)
* rdma/bnxt_re: use unique names while registering interrupts (git-fixes)
* rdma/bnxt_re: wraparound mbox producer index (git-fixes)
* rdma/cma: always set static rate to 0 for roce (git-fixes)
* rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
* rdma/hns: fix hns_roce_table_get return value (git-fixes)
* rdma/irdma: add missing read barriers (git-fixes)
* rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
* rdma/irdma: fix data race on cqp completion stats (git-fixes)
* rdma/irdma: fix data race on cqp request done (git-fixes)
* rdma/irdma: fix op_type reporting in cqes (git-fixes)
* rdma/irdma: report correct wc error (git-fixes)
* rdma/mlx4: make check for invalid flags stricter (git-fixes)
* rdma/mlx5: create an indirect flow table for steering anchor (git-fixes)
* rdma/mlx5: do not set tx affinity when lag is in hash mode (git-fixes)
* rdma/mlx5: fix affinity assignment (git-fixes)
* rdma/mlx5: initiate dropless rq for raw ethernet functions (git-fixes)
* rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
* rdma/rtrs: fix rxe_dealloc_pd warning (git-fixes)
* rdma/rtrs: fix the last iu->buf leak in err path (git-fixes)
* rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes)
* rdma/rxe: fix packet length checks (git-fixes)
* rdma/rxe: fix ref count error in check_rkey() (git-fixes)
* rdma/rxe: fix rxe_cq_post (git-fixes)
* rdma/rxe: fix the use-before-initialization error of resp_pkts (git-fixes)
* rdma/rxe: remove dangling declaration of rxe_cq_disable() (git-fixes)
* rdma/rxe: remove the unused variable obj (git-fixes)
* rdma/rxe: removed unused name from rxe_task struct (git-fixes)
* rdma/uverbs: restrict usage of privileged qkeys (git-fixes)
* rdma/vmw_pvrdma: remove unnecessary check on wr->opcode (git-fixes)
* regmap: account for register length in smbus i/o limits (git-fixes).
* regmap: drop initial version of maximum transfer length fixes (git-fixes).
* regulator: core: fix more error checking for debugfs_create_dir() (git-
fixes).
* regulator: core: streamline debugfs operations (git-fixes).
* regulator: helper: document ramp_delay parameter of
regulator_set_ramp_delay_regmap() (git-fixes).
* restore kabi for nvidia vgpu driver (bsc#1210825).
* revert "alsa: usb-audio: drop superfluous interface setup at parsing" (git-
fixes).
* revert "arm64: dts: zynqmp: add address-cells property to interrupt (git-
fixes)
* revert "debugfs, coccinelle: check for obsolete define_simple_attribute()
usage" (git-fixes).
* revert "drm/amd/display: edp do not add non-edid timings" (git-fixes).
* revert "drm/i915: disable dsb usage for now" (git-fixes).
* revert "drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777)"
sle15-sp5 branch works as is, hence revive the dropped patches again.
* revert "iavf: detach device during reset task" (git-fixes).
* revert "iavf: do not restart tx queues after reset task failure" (git-
fixes).
* revert "mtd: rawnand: arasan: prevent an unsupported configuration" (git-
fixes).
* revert "net: phy: dp83867: perform soft reset and retain established link"
(git-fixes).
* revert "nfsv4: retry lock on old_stateid during delegation return" (git-
fixes).
* revert "usb: dwc3: core: enable autoretry feature in the controller" (git-
fixes).
* revert "usb: gadget: tegra-xudc: fix error check in
tegra_xudc_powerdomain_init()" (git-fixes).
* revert "usb: gadget: udc: core: offload usb_udc_vbus_handler processing"
* revert "usb: gadget: udc: core: prevent soft_connect_store() race"
* revert "usb: xhci: tegra: fix error check" (git-fixes).
* revive drm_dp_mst_hpd_irq() function (bsc#1213578).
* rpm/check-for-config-changes: ignore also pahole_has_* we now also have
options like config_pahole_has_lang_exclude.
* rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe
they depend on config_toolchain_has__.
* rsi: remove kernel-doc comment marker (git-fixes).
* rtc: efi: add wakeup support (bsc#1213116).
* rtc: efi: enable set/get wakeup services as optional (bsc#1213116).
* rtc: efi: switch to devm_rtc_allocate_device (bsc#1213116).
* rtc: st-lpc: release some resources in st_rtc_probe() in case of error (git-
fixes).
* rxrpc, afs: fix selection of abort codes (git-fixes).
* s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
* s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
* s390/bpf: add expoline to tail calls (git-fixes bsc#1213870).
* s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
* s390/dasd: print copy pair message only for the correct error (git-fixes
bsc#1213872).
* s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263).
* s390/decompressor: specify __decompress() buf len to avoid overflow (git-
fixes bsc#1213863).
* s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
* s390/ipl: add missing intersection check to ipl_report handling (git-fixes
bsc#1213871).
* s390/pci: clean up left over special treatment for function zero
(bsc#1212525).
* s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525).
* s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525).
* s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes
bsc#1213252).
* s390/qeth: fix vipa deletion (git-fixes bsc#1213713).
* s390/vmem: fix empty page tables cleanup under kasan (git-fixes
bsc#1213715).
* s390: define runtime_discard_exit to fix link error with gnu ld < 2.36
(git-fixes bsc#1213264).
* s390: discard .interp section (git-fixes bsc#1213247).
* s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
* scftorture: count reschedule ipis (git-fixes).
* sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
* sched: fix debug && !schedstats warn (git-fixes)
* scsi: lpfc: abort outstanding els cmds when mailbox timeout error is
detected (bsc#1213756).
* scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756).
* scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756).
* scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756).
* scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan()
(bsc#1213756).
* scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path
(bsc#1213756).
* scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths
(bsc#1213756).
* scsi: lpfc: fix lpfc_name struct packing (bsc#1213756).
* scsi: lpfc: make fabric zone discovery more robust when handling unsolicited
logo (bsc#1213756).
* scsi: lpfc: pull out fw diagnostic dump log message from driver's trace
buffer (bsc#1213756).
* scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756).
* scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756).
* scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology
(bsc#1213756).
* scsi: lpfc: replace all non-returning strlcpy() with strscpy()
(bsc#1213756).
* scsi: lpfc: replace one-element array with flexible-array member
(bsc#1213756).
* scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and
lpfc_drop_node (bsc#1213756).
* scsi: lpfc: set establish image pair service parameter only for target
functions (bsc#1213756).
* scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756).
* scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756).
* scsi: lpfc: use struct_size() helper (bsc#1213756).
* scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747).
* scsi: qla2xxx: array index may go out of bound (bsc#1213747).
* scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747).
* scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport()
(bsc#1213747).
* scsi: qla2xxx: correct the index of array (bsc#1213747).
* scsi: qla2xxx: drop useless list_head (bsc#1213747).
* scsi: qla2xxx: fix buffer overrun (bsc#1213747).
* scsi: qla2xxx: fix command flush during tmf (bsc#1213747).
* scsi: qla2xxx: fix deletion race condition (bsc#1213747).
* scsi: qla2xxx: fix end of loop test (bsc#1213747).
* scsi: qla2xxx: fix erroneous link up failure (bsc#1213747).
* scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747).
* scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747).
* scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747).
* scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747).
* scsi: qla2xxx: fix session hang in gnl (bsc#1213747).
* scsi: qla2xxx: fix tmf leak through (bsc#1213747).
* scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747).
* scsi: qla2xxx: pointer may be dereferenced (bsc#1213747).
* scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747).
* scsi: qla2xxx: replace one-element array with declare_flex_array() helper
(bsc#1213747).
* scsi: qla2xxx: silence a static checker warning (bsc#1213747).
* scsi: qla2xxx: turn off noisy message log (bsc#1213747).
* scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).
* scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747).
* scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747).
* security: keys: modify mismatched function name (git-fixes).
* selftests/ir: fix build with ancient kernel headers (git-fixes).
* selftests: cgroup: fix unsigned comparison with less than zero (git-fixes).
* selftests: forwarding: fix packet matching in mirroring selftests (git-
fixes).
* selftests: mptcp: depend on syn_cookies (git-fixes).
* selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
* selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-
fixes).
* selftests: tc: add 'ct' action kconfig dep (git-fixes).
* selftests: tc: add conntrack procfs kconfig (git-fixes).
* selftests: tc: set timeout to 15 minutes (git-fixes).
* serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
* serial: 8250: lock port for uart_ier access in omap8250_irq() (git-fixes).
* serial: 8250: omap: fix freeing of resources on failed register (git-fixes).
* serial: 8250_omap: use force_suspend and resume for system suspend (git-
fixes).
* serial: atmel: do not enable irqs prematurely (git-fixes).
* serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
* serial: sifive: fix sifive_serial_console_setup() section (git-fixes).
* sfc: fix crash when reading stats while nic is resetting (git-fixes).
* sfc: fix xdp queues mode with legacy irq (git-fixes).
* sfc: use budget for tx completions (git-fixes).
* signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869).
* signal/s390: use force_sigsegv in default_trap_handler (git-fixes
bsc#1212861).
* signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv)
(bsc#1194869).
* smb3: do not reserve too many oplock credits (bsc#1193629).
* smb3: missing null check in smb2_change_notify (bsc#1193629).
* smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
* smb: client: fix missed ses refcounting (git-fixes).
* smb: client: fix parsing of source mount option (bsc#1193629).
* smb: client: fix shared dfs root mounts with different prefixes
(bsc#1193629).
* smb: client: fix warning in cifs_match_super() (bsc#1193629).
* smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
* smb: client: fix warning in cifsfindfirst() (bsc#1193629).
* smb: client: fix warning in cifsfindnext() (bsc#1193629).
* smb: client: fix warning in generic_ip_connect() (bsc#1193629).
* smb: client: improve dfs mount check (bsc#1193629).
* smb: client: remove redundant pointer 'server' (bsc#1193629).
* smb: delete an unnecessary statement (bsc#1193629).
* smb: move client and server files to common directory fs/smb (bsc#1193629).
* smb: remove obsolete comment (bsc#1193629).
* soc/fsl/qe: fix usb.c build errors (git-fixes).
* soc: samsung: exynos-pmu: re-introduce exynos4212 support (git-fixes).
* soundwire: bus_type: avoid lockdep assert in sdw_drv_probe() (git-fixes).
* soundwire: cadence: drain the rx fifo after an io timeout (git-fixes).
* soundwire: dmi-quirks: add new mapping for hp spectre x360 (git-fixes).
* soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
* soundwire: qcom: update status correctly with mask (git-fixes).
* soundwire: stream: add missing clear of alloc_slave_rt (git-fixes).
* spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-
fixes).
* spi: bcm63xx: fix max prepend length (git-fixes).
* spi: dw: round of n_bytes to power of 2 (git-fixes).
* spi: lpspi: disable lpspi module irq in dma mode (git-fixes).
* spi: spi-geni-qcom: correct cs_toggle bit in spi_trans_cfg (git-fixes).
* staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-
fixes).
* staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes).
* sunrpc: always free ctxt when freeing deferred request (git-fixes).
* sunrpc: double free xprt_ctxt while still in use (git-fixes).
* sunrpc: fix trace_svc_register() call site (git-fixes).
* sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
* sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
* sunrpc: remove the maximum number of retries in call_bind_status (git-
fixes).
* svcrdma: prevent page release when nothing was received (git-fixes).
* swsmu/amdgpu_smu: fix the wrong if-condition (git-fixes).
* test_firmware: return enomem instead of enospc on failed memory allocation
(git-fixes).
* tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-
fixes).
* tpm_tis: explicitly check for error code (git-fixes).
* tracing/timer: add missing hrtimer modes to decode_hrtimer_mode() (git-
fixes).
* tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes).
* tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
* tty: serial: imx: fix rs485 rx after tx (git-fixes).
* tty: serial: samsung_tty: fix a memory leak in s3c24xx_serial_getclk() in
case of error (git-fixes).
* tty: serial: samsung_tty: fix a memory leak in s3c24xx_serial_getclk() when
iterating clk (git-fixes).
* ubi: ensure that vid header offset + vid header size <= alloc, size
(bsc#1210584).
* ubi: fix failure attaching when vid_hdr offset equals to (sub)page size
(bsc#1210584).
* ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-
fixes).
* ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-
fixes).
* ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers
(git-fixes).
* ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-
fixes).
* ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes).
* ubifs: fix build errors as symbol undefined (git-fixes).
* ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-
fixes).
* ubifs: fix memory leak in alloc_wbufs() (git-fixes).
* ubifs: fix memory leak in do_rename (git-fixes).
* ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
* ubifs: fix to add refcount once page is set private (git-fixes).
* ubifs: fix wrong dirty space budget for dirty inode (git-fixes).
* ubifs: free memory for tmpfile name (git-fixes).
* ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes).
* ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted
(git-fixes).
* ubifs: rectify space budget for ubifs_xrename() (git-fixes).
* ubifs: rename whiteout atomically (git-fixes).
* ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
* ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes).
* ubifs: reserve one leb for each journal head while doing budget (git-fixes).
* ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes).
* ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-
fixes).
* udf: avoid double brelse() in udf_rename() (bsc#1213032).
* udf: define efscorrupted error code (bsc#1213038).
* udf: detect system inodes linked into directory hierarchy (bsc#1213114).
* udf: discard preallocation before extending file with a hole (bsc#1213036).
* udf: do not bother looking for prealloc extents if i_lenextents matches
i_size (bsc#1213035).
* udf: do not bother merging very long extents (bsc#1213040).
* udf: do not update file length for failed writes to inline files
(bsc#1213041).
* udf: fix error handling in udf_new_inode() (bsc#1213112).
* udf: fix extending file within last block (bsc#1213037).
* udf: fix preallocation discarding at indirect extent boundary (bsc#1213034).
* udf: preserve link count of system files (bsc#1213113).
* udf: truncate added extents on failed expansion (bsc#1213039).
* update config and supported.conf files due to renaming.
* update config files: enable config_x86_amd_pstate (bsc#1212445)
* update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes
bsc#1212604).
* usb: dwc2: fix some error handling paths (git-fixes).
* usb: dwc2: platform: improve error reporting for problems during .remove()
(git-fixes).
* usb: dwc3-meson-g12a: fix an error handling path in dwc3_meson_g12a_probe()
(git-fixes).
* usb: dwc3: do not reset device side if dwc3 was configured as host-only
(git-fixes).
* usb: dwc3: gadget: propagate core init errors to udc during pullup (git-
fixes).
* usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes).
* usb: dwc3: qcom: fix an error handling path in dwc3_qcom_probe() (git-
fixes).
* usb: dwc3: qcom: fix potential memory leak (git-fixes).
* usb: dwc3: qcom: release the correct resources in dwc3_qcom_remove() (git-
fixes).
* usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
(git-fixes).
* usb: gadget: u_serial: add null pointer check in gserial_suspend (git-
fixes).
* usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
* usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
* usb: gadget: udc: fix null dereference in remove() (git-fixes).
* usb: hide unused usbfs_notify_suspend/resume functions (git-fixes).
* usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
* usb: serial: option: add lara-r6 01b pids (git-fixes).
* usb: typec: fix fast_role_swap_current show function (git-fixes).
* usb: typec: iterate pds array when showing the pd list (git-fixes).
* usb: typec: set port->pd before adding device for typec_port (git-fixes).
* usb: typec: use sysfs_emit_at when concatenating the string (git-fixes).
* usb: xhci-mtk: set the dma max_seg_size (git-fixes).
* usb: xhci: remove unused udev from xhci_log_ctx trace event (git-fixes).
* usrmerge: adjust module path in the kernel sources (bsc#1212835).
* vhost: support packed when setting-getting vring_base (git-fixes).
* vhost_net: revert upend_idx only on retriable error (git-fixes).
* virtio-net: maintain reverse cleanup order (git-fixes).
* virtio_net: fix error unwinding of xdp initialization (git-fixes).
* w1: fix loop in w1_fini() (git-fixes).
* w1: w1_therm: fix locking behavior in convert_t (git-fixes).
* wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
* wifi: ath10k: trigger sta disconnect after reconfig complete on hardware
restart (git-fixes).
* wifi: ath11k: add missing check for ioremap (git-fixes).
* wifi: ath11k: add support for suspend in power down state (bsc#1207948).
* wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948).
* wifi: ath11k: handle thermal device registeration together with mac
(bsc#1207948).
* wifi: ath11k: remove mhi loopback channels (bsc#1207948).
* wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-
fixes).
* wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
* wifi: ath9k: do not allow to overwrite endpoint0 attributes (git-fixes).
* wifi: ath9k: fix ar9003 mac hardware hang check register offset calculation
(git-fixes).
* wifi: ath9k: fix possible stall on ath9k_txq_list_has_key() (git-fixes).
* wifi: atmel: fix an error handling path in atmel_probe() (git-fixes).
* wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
* wifi: iwlwifi: mvm: indicate hw decrypt for beacon protection (git-fixes).
* wifi: iwlwifi: pcie: fix null pointer dereference in
iwl_pcie_irq_rx_msix_handler() (git-fixes).
* wifi: iwlwifi: pull from txqs with softirqs disabled (git-fixes).
* wifi: mwifiex: fix the size of a memory allocation in
mwifiex_ret_802_11_scan() (git-fixes).
* wifi: orinoco: fix an error handling path in orinoco_cs_probe() (git-fixes).
* wifi: orinoco: fix an error handling path in spectrum_cs_probe() (git-
fixes).
* wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes).
* wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes).
* wifi: rsi: do not configure wowlan in shutdown hook if not enabled (git-
fixes).
* wifi: rsi: do not set mmc_pm_keep_power in shutdown (git-fixes).
* wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-
fixes).
* wifi: wilc1000: fix for absent rsn capabilities wfa testcase (git-fixes).
* wl3501_cs: use eth_hw_addr_set() (git-fixes).
* writeback: fix call of incorrect macro (bsc#1213024).
* writeback: fix dereferencing null mapping->host on writeback_page_template
(git-fixes).
* x86/amd_nb: add pci id for family 19h model 78h (git-fixes).
* x86/build: avoid relocation information in final vmlinux (bsc#1187829).
* x86/kprobes: fix arch_check_optimized_kprobe check within optimized_kprobe
range (git-fixes).
* x86/platform/uv: add platform resolving #defines for misc
gam_mmioh_redirect* (bsc#1212256 jsc#ped-4718).
* x86/platform/uv: fix printed information in calc_mmioh_map (bsc#1212256
jsc#ped-4718).
* x86/platform/uv: helper functions for allocating and freeing conversion
tables (bsc#1212256 jsc#ped-4718).
* x86/platform/uv: introduce helper function uv_pnode_to_socket (bsc#1212256
jsc#ped-4718).
* x86/platform/uv: remove remaining bug_on() and bug() calls (bsc#1212256
jsc#ped-4718).
* x86/platform/uv: update uv platform code for snc (bsc#1212256 jsc#ped-4718).
* x86/platform/uv: uv support for sub-numa clustering (bsc#1212256
jsc#ped-4718).
* x86/platform/uv: when searching for minimums, start at int_max not 99999
(bsc#1212256 jsc#ped-4718).
* x86/pvh: obtain vga console info in dom0 (git-fixes).
* x86/xen: fix secondary processor fpu initialization (bsc#1212869).
* x86: fix .brk attribute in linker script (git-fixes).
* xen/blkfront: only check req_fua for writes (git-fixes).
* xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-
fixes).
* xfs: ail needs asynchronous cil forcing (bsc#1211811).
* xfs: async cil flushes need pending pushes to be made stable (bsc#1211811).
* xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
* xfs: cil work is serialised, not pipelined (bsc#1211811).
* xfs: clean up the rtbitmap fsmap backend (git-fixes).
* xfs: do not deplete the reserve pool when trying to shrink the fs (git-
fixes).
* xfs: do not reverse order of items in bulk ail insertion (git-fixes).
* xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
* xfs: drop async cache flushes from cil commits (bsc#1211811).
* xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
* xfs: fix getfsmap reporting past the last rt extent (git-fixes).
* xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-
fixes).
* xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
* xfs: fix logdev fsmap query result filtering (git-fixes).
* xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
* xfs: fix uninitialized variable access (git-fixes).
* xfs: make fsmap backend function key parameters const (git-fixes).
* xfs: make the record pointer passed to query_range functions const (git-
fixes).
* xfs: move the cil workqueue to the cil (bsc#1211811).
* xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
* xfs: order cil checkpoint start records (bsc#1211811).
* xfs: pass a cil context to xlog_write() (bsc#1211811).
* xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
* xfs: rework xlog_state_do_callback() (bsc#1211811).
* xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks
(bsc#1211811).
* xfs: separate out log shutdown callback processing (bsc#1211811).
* xfs: wait iclog complete before tearing down ail (bsc#1211811).
* xfs: xlog_state_ioerror must die (bsc#1211811).
* xhci: fix resume issue of some zhaoxin hosts (git-fixes).
* xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes).
* xhci: show zhaoxin xhci root hub speed correctly (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-3302=1 openSUSE-SLE-15.5-2023-3302=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3302=1
* SUSE Real Time Module 15-SP5
zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-3302=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* kernel-devel-rt-5.14.21-150500.13.11.1
* kernel-source-rt-5.14.21-150500.13.11.1
* openSUSE Leap 15.5 (x86_64)
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.11.1
* kernel-livepatch-SLE15-SP5-RT_Update_3-debugsource-1-150500.11.5.1
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.11.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.11.1
* kernel-rt-debuginfo-5.14.21-150500.13.11.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.11.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.11.1
* kernel-rt-debugsource-5.14.21-150500.13.11.1
* kselftests-kmp-rt-5.14.21-150500.13.11.1
* cluster-md-kmp-rt-5.14.21-150500.13.11.1
* kernel-rt-livepatch-5.14.21-150500.13.11.1
* kernel-syms-rt-5.14.21-150500.13.11.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.11.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.11.1
* gfs2-kmp-rt-5.14.21-150500.13.11.1
* kernel-rt-livepatch-devel-5.14.21-150500.13.11.1
* ocfs2-kmp-rt-5.14.21-150500.13.11.1
* kernel-rt-extra-debuginfo-5.14.21-150500.13.11.1
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.11.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.11.1
* kernel-rt-optional-debuginfo-5.14.21-150500.13.11.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.11.1
* kernel-livepatch-5_14_21-150500_13_11-rt-debuginfo-1-150500.11.5.1
* kernel-rt-optional-5.14.21-150500.13.11.1
* kernel-rt_debug-livepatch-devel-5.14.21-150500.13.11.1
* kernel-rt-devel-5.14.21-150500.13.11.1
* kernel-rt_debug-devel-5.14.21-150500.13.11.1
* dlm-kmp-rt-5.14.21-150500.13.11.1
* kernel-rt-vdso-5.14.21-150500.13.11.1
* kernel-rt_debug-vdso-5.14.21-150500.13.11.1
* reiserfs-kmp-rt-5.14.21-150500.13.11.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.11.1
* kernel-rt-extra-5.14.21-150500.13.11.1
* kernel-livepatch-5_14_21-150500_13_11-rt-1-150500.11.5.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.11.1
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.11.1
* kernel-rt_debug-5.14.21-150500.13.11.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-SLE15-SP5-RT_Update_3-debugsource-1-150500.11.5.1
* kernel-livepatch-5_14_21-150500_13_11-rt-debuginfo-1-150500.11.5.1
* kernel-livepatch-5_14_21-150500_13_11-rt-1-150500.11.5.1
* SUSE Real Time Module 15-SP5 (x86_64)
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.11.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.11.1
* kernel-rt-debuginfo-5.14.21-150500.13.11.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.11.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.11.1
* kernel-rt-debugsource-5.14.21-150500.13.11.1
* kernel-syms-rt-5.14.21-150500.13.11.1
* cluster-md-kmp-rt-5.14.21-150500.13.11.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.11.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.11.1
* gfs2-kmp-rt-5.14.21-150500.13.11.1
* ocfs2-kmp-rt-5.14.21-150500.13.11.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.11.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.11.1
* kernel-rt-devel-5.14.21-150500.13.11.1
* kernel-rt_debug-devel-5.14.21-150500.13.11.1
* dlm-kmp-rt-5.14.21-150500.13.11.1
* kernel-rt-vdso-5.14.21-150500.13.11.1
* kernel-rt_debug-vdso-5.14.21-150500.13.11.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.11.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.11.1
* SUSE Real Time Module 15-SP5 (noarch)
* kernel-devel-rt-5.14.21-150500.13.11.1
* kernel-source-rt-5.14.21-150500.13.11.1
* SUSE Real Time Module 15-SP5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.11.1
* kernel-rt_debug-5.14.21-150500.13.11.1
## References:
* https://www.suse.com/security/cve/CVE-2022-40982.html
* https://www.suse.com/security/cve/CVE-2023-0459.html
* https://www.suse.com/security/cve/CVE-2023-1829.html
* https://www.suse.com/security/cve/CVE-2023-20569.html
* https://www.suse.com/security/cve/CVE-2023-20593.html
* https://www.suse.com/security/cve/CVE-2023-21400.html
* https://www.suse.com/security/cve/CVE-2023-2156.html
* https://www.suse.com/security/cve/CVE-2023-2166.html
* https://www.suse.com/security/cve/CVE-2023-2430.html
* https://www.suse.com/security/cve/CVE-2023-2985.html
* https://www.suse.com/security/cve/CVE-2023-3090.html
* https://www.suse.com/security/cve/CVE-2023-31083.html
* https://www.suse.com/security/cve/CVE-2023-3111.html
* https://www.suse.com/security/cve/CVE-2023-3117.html
* https://www.suse.com/security/cve/CVE-2023-31248.html
* https://www.suse.com/security/cve/CVE-2023-3212.html
* https://www.suse.com/security/cve/CVE-2023-3268.html
* https://www.suse.com/security/cve/CVE-2023-3389.html
* https://www.suse.com/security/cve/CVE-2023-3390.html
* https://www.suse.com/security/cve/CVE-2023-35001.html
* https://www.suse.com/security/cve/CVE-2023-3567.html
* https://www.suse.com/security/cve/CVE-2023-3609.html
* https://www.suse.com/security/cve/CVE-2023-3611.html
* https://www.suse.com/security/cve/CVE-2023-3776.html
* https://www.suse.com/security/cve/CVE-2023-3812.html
* https://www.suse.com/security/cve/CVE-2023-38409.html
* https://www.suse.com/security/cve/CVE-2023-3863.html
* https://www.suse.com/security/cve/CVE-2023-4004.html
* https://bugzilla.suse.com/show_bug.cgi?id=1150305
* https://bugzilla.suse.com/show_bug.cgi?id=1187829
* https://bugzilla.suse.com/show_bug.cgi?id=1193629
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1206418
* https://bugzilla.suse.com/show_bug.cgi?id=1207129
* https://bugzilla.suse.com/show_bug.cgi?id=1207894
* https://bugzilla.suse.com/show_bug.cgi?id=1207948
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
* https://bugzilla.suse.com/show_bug.cgi?id=1210335
* https://bugzilla.suse.com/show_bug.cgi?id=1210565
* https://bugzilla.suse.com/show_bug.cgi?id=1210584
* https://bugzilla.suse.com/show_bug.cgi?id=1210627
* https://bugzilla.suse.com/show_bug.cgi?id=1210780
* https://bugzilla.suse.com/show_bug.cgi?id=1210825
* https://bugzilla.suse.com/show_bug.cgi?id=1210853
* https://bugzilla.suse.com/show_bug.cgi?id=1211014
* https://bugzilla.suse.com/show_bug.cgi?id=1211131
* https://bugzilla.suse.com/show_bug.cgi?id=1211243
* https://bugzilla.suse.com/show_bug.cgi?id=1211738
* https://bugzilla.suse.com/show_bug.cgi?id=1211811
* https://bugzilla.suse.com/show_bug.cgi?id=1211867
* https://bugzilla.suse.com/show_bug.cgi?id=1212051
* https://bugzilla.suse.com/show_bug.cgi?id=1212256
* https://bugzilla.suse.com/show_bug.cgi?id=1212265
* https://bugzilla.suse.com/show_bug.cgi?id=1212301
* https://bugzilla.suse.com/show_bug.cgi?id=1212445
* https://bugzilla.suse.com/show_bug.cgi?id=1212456
* https://bugzilla.suse.com/show_bug.cgi?id=1212502
* https://bugzilla.suse.com/show_bug.cgi?id=1212525
* https://bugzilla.suse.com/show_bug.cgi?id=1212603
* https://bugzilla.suse.com/show_bug.cgi?id=1212604
* https://bugzilla.suse.com/show_bug.cgi?id=1212685
* https://bugzilla.suse.com/show_bug.cgi?id=1212766
* https://bugzilla.suse.com/show_bug.cgi?id=1212835
* https://bugzilla.suse.com/show_bug.cgi?id=1212838
* https://bugzilla.suse.com/show_bug.cgi?id=1212842
* https://bugzilla.suse.com/show_bug.cgi?id=1212846
* https://bugzilla.suse.com/show_bug.cgi?id=1212848
* https://bugzilla.suse.com/show_bug.cgi?id=1212861
* https://bugzilla.suse.com/show_bug.cgi?id=1212869
* https://bugzilla.suse.com/show_bug.cgi?id=1212892
* https://bugzilla.suse.com/show_bug.cgi?id=1212901
* https://bugzilla.suse.com/show_bug.cgi?id=1212905
* https://bugzilla.suse.com/show_bug.cgi?id=1212961
* https://bugzilla.suse.com/show_bug.cgi?id=1213010
* https://bugzilla.suse.com/show_bug.cgi?id=1213011
* https://bugzilla.suse.com/show_bug.cgi?id=1213012
* https://bugzilla.suse.com/show_bug.cgi?id=1213013
* https://bugzilla.suse.com/show_bug.cgi?id=1213014
* https://bugzilla.suse.com/show_bug.cgi?id=1213015
* https://bugzilla.suse.com/show_bug.cgi?id=1213016
* https://bugzilla.suse.com/show_bug.cgi?id=1213017
* https://bugzilla.suse.com/show_bug.cgi?id=1213018
* https://bugzilla.suse.com/show_bug.cgi?id=1213019
* https://bugzilla.suse.com/show_bug.cgi?id=1213020
* https://bugzilla.suse.com/show_bug.cgi?id=1213021
* https://bugzilla.suse.com/show_bug.cgi?id=1213024
* https://bugzilla.suse.com/show_bug.cgi?id=1213025
* https://bugzilla.suse.com/show_bug.cgi?id=1213032
* https://bugzilla.suse.com/show_bug.cgi?id=1213034
* https://bugzilla.suse.com/show_bug.cgi?id=1213035
* https://bugzilla.suse.com/show_bug.cgi?id=1213036
* https://bugzilla.suse.com/show_bug.cgi?id=1213037
* https://bugzilla.suse.com/show_bug.cgi?id=1213038
* https://bugzilla.suse.com/show_bug.cgi?id=1213039
* https://bugzilla.suse.com/show_bug.cgi?id=1213040
* https://bugzilla.suse.com/show_bug.cgi?id=1213041
* https://bugzilla.suse.com/show_bug.cgi?id=1213059
* https://bugzilla.suse.com/show_bug.cgi?id=1213061
* https://bugzilla.suse.com/show_bug.cgi?id=1213087
* https://bugzilla.suse.com/show_bug.cgi?id=1213088
* https://bugzilla.suse.com/show_bug.cgi?id=1213089
* https://bugzilla.suse.com/show_bug.cgi?id=1213090
* https://bugzilla.suse.com/show_bug.cgi?id=1213092
* https://bugzilla.suse.com/show_bug.cgi?id=1213093
* https://bugzilla.suse.com/show_bug.cgi?id=1213094
* https://bugzilla.suse.com/show_bug.cgi?id=1213095
* https://bugzilla.suse.com/show_bug.cgi?id=1213096
* https://bugzilla.suse.com/show_bug.cgi?id=1213098
* https://bugzilla.suse.com/show_bug.cgi?id=1213099
* https://bugzilla.suse.com/show_bug.cgi?id=1213100
* https://bugzilla.suse.com/show_bug.cgi?id=1213102
* https://bugzilla.suse.com/show_bug.cgi?id=1213103
* https://bugzilla.suse.com/show_bug.cgi?id=1213104
* https://bugzilla.suse.com/show_bug.cgi?id=1213105
* https://bugzilla.suse.com/show_bug.cgi?id=1213106
* https://bugzilla.suse.com/show_bug.cgi?id=1213107
* https://bugzilla.suse.com/show_bug.cgi?id=1213108
* https://bugzilla.suse.com/show_bug.cgi?id=1213109
* https://bugzilla.suse.com/show_bug.cgi?id=1213110
* https://bugzilla.suse.com/show_bug.cgi?id=1213111
* https://bugzilla.suse.com/show_bug.cgi?id=1213112
* https://bugzilla.suse.com/show_bug.cgi?id=1213113
* https://bugzilla.suse.com/show_bug.cgi?id=1213114
* https://bugzilla.suse.com/show_bug.cgi?id=1213116
* https://bugzilla.suse.com/show_bug.cgi?id=1213134
* https://bugzilla.suse.com/show_bug.cgi?id=1213167
* https://bugzilla.suse.com/show_bug.cgi?id=1213205
* https://bugzilla.suse.com/show_bug.cgi?id=1213206
* https://bugzilla.suse.com/show_bug.cgi?id=1213226
* https://bugzilla.suse.com/show_bug.cgi?id=1213233
* https://bugzilla.suse.com/show_bug.cgi?id=1213245
* https://bugzilla.suse.com/show_bug.cgi?id=1213247
* https://bugzilla.suse.com/show_bug.cgi?id=1213252
* https://bugzilla.suse.com/show_bug.cgi?id=1213258
* https://bugzilla.suse.com/show_bug.cgi?id=1213259
* https://bugzilla.suse.com/show_bug.cgi?id=1213263
* https://bugzilla.suse.com/show_bug.cgi?id=1213264
* https://bugzilla.suse.com/show_bug.cgi?id=1213272
* https://bugzilla.suse.com/show_bug.cgi?id=1213286
* https://bugzilla.suse.com/show_bug.cgi?id=1213287
* https://bugzilla.suse.com/show_bug.cgi?id=1213304
* https://bugzilla.suse.com/show_bug.cgi?id=1213417
* https://bugzilla.suse.com/show_bug.cgi?id=1213493
* https://bugzilla.suse.com/show_bug.cgi?id=1213523
* https://bugzilla.suse.com/show_bug.cgi?id=1213524
* https://bugzilla.suse.com/show_bug.cgi?id=1213533
* https://bugzilla.suse.com/show_bug.cgi?id=1213543
* https://bugzilla.suse.com/show_bug.cgi?id=1213578
* https://bugzilla.suse.com/show_bug.cgi?id=1213585
* https://bugzilla.suse.com/show_bug.cgi?id=1213586
* https://bugzilla.suse.com/show_bug.cgi?id=1213588
* https://bugzilla.suse.com/show_bug.cgi?id=1213601
* https://bugzilla.suse.com/show_bug.cgi?id=1213620
* https://bugzilla.suse.com/show_bug.cgi?id=1213632
* https://bugzilla.suse.com/show_bug.cgi?id=1213653
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
* https://bugzilla.suse.com/show_bug.cgi?id=1213713
* https://bugzilla.suse.com/show_bug.cgi?id=1213715
* https://bugzilla.suse.com/show_bug.cgi?id=1213747
* https://bugzilla.suse.com/show_bug.cgi?id=1213756
* https://bugzilla.suse.com/show_bug.cgi?id=1213759
* https://bugzilla.suse.com/show_bug.cgi?id=1213777
* https://bugzilla.suse.com/show_bug.cgi?id=1213810
* https://bugzilla.suse.com/show_bug.cgi?id=1213812
* https://bugzilla.suse.com/show_bug.cgi?id=1213856
* https://bugzilla.suse.com/show_bug.cgi?id=1213857
* https://bugzilla.suse.com/show_bug.cgi?id=1213863
* https://bugzilla.suse.com/show_bug.cgi?id=1213867
* https://bugzilla.suse.com/show_bug.cgi?id=1213870
* https://bugzilla.suse.com/show_bug.cgi?id=1213871
* https://bugzilla.suse.com/show_bug.cgi?id=1213872
* https://jira.suse.com/browse/PED-4718
* https://jira.suse.com/browse/PED-4758
1
0