Security update for the Linux Kernel
An update that solves 296 vulnerabilities, contains two features and has 42 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
- CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798)
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
- CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
- CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
- CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
- CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
- CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
- CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
- CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
- CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569).
- CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
- CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
- CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
- CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
- CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
- CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
- CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
- CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
- CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
- CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
- CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
- CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-27016: Validate pppoe header (bsc#1223807).
- CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
- CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
- CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
- CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
- CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
- CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
- CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
- CVE-2024-26677: Blacklist e7870cf13d20 (" Fix delayed ACKs to not set the reference serial number") (bsc#1222387)
- CVE-2024-36009: Blacklist 467324bcfe1a ("ax25: Fix netdev refcount issue") (bsc#1224542)
- CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
- CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
- CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-42308: Update DRM patch reference (bsc#1229411)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
- CVE-2024-26669: Fix chain template offload (bsc#1222350).
- CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).
- CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
- CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
- CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
- CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
- CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
- CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
- CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
- CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
- CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
- CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
- CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
- CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
- CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
- CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
- CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
- CVE-2024-42139: Fix improper extts handling (bsc#1228503).
- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
- CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
- CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613).
- CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
- CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).
The following non-security bugs were fixed:
- Indicate support for IRQ ResourceSource thru _OSC (git-fixes).
- Indicate support for the Generic Event Device thru _OSC (git-fixes).
- Rework system-level device notification handling (git-fixes).
- Drop nocrt parameter (git-fixes).
- x86: s2 Post-increment variables when getting constraints (git-fixes).
- Do not cross .backup mountpoint from backup volume (git-fixes).
- Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).
- line6: Fix racy access to midibuf (stable-fixes).
- Relax start tick time check for slave timer elements (git-fixes).
- Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).
- Re-add ScratchAmp quirk entries (git-fixes).
- Support Yamaha P-125 quirk entry (stable-fixes).
- Fix UBSAN warning in parse_audio_unit() (stable-fixes).
- arm64: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: Add Neoverse-V2 part (git-fixes)
- arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: Restore spec_bar() macro (git-fixes)
- arm64: Add missing .field_width for GIC system registers (git-fixes)
- arm64: Fix the visibility of compat hwcaps (git-fixes)
- arm64: Force HWCAP to be based on the sysreg visible to (git-fixes)
- arm64: Add Cortex-A720 definitions (git-fixes)
- arm64: Add Cortex-A725 definitions (git-fixes)
- arm64: Add Cortex-X1C definitions (git-fixes)
- arm64: Add Cortex-X3 definitions (git-fixes)
- arm64: Add Cortex-X4 definitions (git-fixes)
- arm64: Add Cortex-X925 definitions (git-fixes)
- arm64: Add Neoverse-V3 definitions (git-fixes)
- arm64: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: Expand speculative SSBS workaround (again) (git-fixes)
- arm64: Expand speculative SSBS workaround (git-fixes)
- arm64: Unify speculative SSBS errata logic (git-fixes) Also update default configuration.
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- wcd938 Correct Soundwire ports mask (git-fixes).
- wsa881 Correct Soundwire ports mask (git-fixes).
- fix irq scheduling issue with PREEMPT_RT (git-fixes).
- Introduce async_schedule_dev_nocall() (bsc#1221269).
- Split async_schedule_node_domain() (bsc#1221269).
- Fix usage of __hci_cmd_sync_status (git-fixes).
- hci_ Fix not handling hibernation actions (git-fixes).
- l2 always unlock channel in l2cap_conless_channel() (git-fixes).
- L2 Fix deadlock (git-fixes).
- Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- remove unused declaring of bpf_kprobe_override (git-fixes).
- fix leak of qgroup extent records after transaction abort (git-fixes).
- make btrfs_destroy_delayed_refs() return void (git-fixes).
- remove unnecessary prototype declarations at disk-io.c (git-fixes).
- update fs features directory asynchronously (bsc#1226168).
- propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418).
- issue a cap release immediately if no cap exists (bsc#1225162).
- periodically flush the cap releases (bsc#1225162).
- Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpuidle, Evaluate LPI arch_flags for broadcast timer (git-fixes).
- Fix register ID of SPSR_FIQ (git-fixes).
- add missing MODULE_DESCRIPTION() macros (stable-fixes).
- Add labels for both Valve Steam Deck revisions (stable-fixes).
- Add quirk for Aya Neo KUN (stable-fixes).
- Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes).
- Add quirk for Nanote UMPC-01 (stable-fixes).
- Add quirk for OrangePi Neo (stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes).
- Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- avoid using null object of framebuffer (git-fixes).
- Fix && vs || typos (git-fixes).
- Skip Recompute DSC Params if no Stream on Link (stable-fixes).
- Validate hw_points_num before using it (stable-fixes).
- Fix the null pointer dereference for vega10_hwmgr (stable-fixes).
- Actually check flags for all context ops (stable-fixes).
- Add lock around VF RLCG interface (stable-fixes).
- fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).
- Fix the null pointer dereference to ras_manager (stable-fixes).
- Validate TA binary size (stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).
- Fix the null pointer dereference for smu7 (stable-fixes).
- Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).
- Fix the param type of set_power_profile_mode (stable-fixes).
- analogix_ properly handle zero sized AUX transactions (stable-fixes).
- tc358768: Attempt to fix DSI horizontal timings (stable-fixes).
- fix null pointer dereference in drm_client_modeset_probe (git-fixes).
- drm/dp_ Skip CSN if topology probing is not done yet (stable-fixes).
- set gp bus_stop bit before hard reset (stable-fixes).
- reset the link phy params before link training (git-fixes).
- cleanup FB if dpu_format_populate_layout fails (git-fixes).
- do not play tricks with debug macros (git-fixes).
- Zero-initialize iosys_map (stable-fixes).
- fix inode->i_blocks for non-512 byte sector size device (git-fixes).
- fix potential deadlock on __exfat_get_dentry_set (git-fixes).
- redefine DIR_DELETED as the bad cluster number (git-fixes).
- support dynamic allocate bh for exfat_entry_set_cache (git-fixes).
- fs/netfs/fscache_ add missing "n_accesses" check (bsc#1229453).
- Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- Add might_sleep() to disable_irq() (git-fixes).
- Always limit the affinity to online CPUs (git-fixes).
- Do not return error on missing optional irq_request_resources() (git-fixes).
- Take the proposed affinity at face value if force==true (git-fixes).
- genirq/cpuhotplug, x86 Prevent vector leak during CPU offline (git-fixes).
- genirq/generic_ Make irq_remove_generic_chip() irqdomain aware (git-fixes).
- Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes).
- Do not try to remove non-existing sysfs files (git-fixes).
- Exclude managed interrupts in irq_matrix_allocated() (git-fixes).
- Shutdown managed interrupts with unsatifiable affinities (git-fixes).
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).
- fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).
- i2 Improve handling of stuck alerts (git-fixes).
- i2 Send alert notifications to all devices if source not found (git-fixes).
- Convert comma to semicolon (git-fixes).
- ip6_ Fix broken GRO (bsc#1229444).
- ipv6: fix incorrect unregister order (git-fixes).
- Drop bogus fwspec-mapping error handling (git-fixes).
- Fix association race (git-fixes).
- Fix disassociation race (git-fixes).
- Fix domain registration race (git-fixes).
- Fix mapping-creation race (git-fixes).
- Fixed unbalanced fwnode get and put (git-fixes).
- Look for existing mapping only once (git-fixes).
- Refactor __irq_domain_alloc_irqs() (git-fixes).
- Report irq number for NOMAP domains (git-fixes).
- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()" (bsc#1230413).
- Revert "mm, kmsan: fix infinite recursion due to RCU critical section" (bsc#1230413).
- Revert "mm/sparsemem: fix race in accessing memory_section->usage" (bsc#1230413).
- kernel/irq/irqdomain. fix memory leak with using debugfs_lookup() (git-fixes).
- Fix to check symbol prefixes correctly (git-fixes).
- move from strlcpy with unused retval to strscpy (git-fixes).
- protect concurrent access to mem_cgroup_idr (git-fixes).
- mm, fix infinite recursion due to RCU critical section (git-fixes).
- prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- dw_ allow biu and ciu clocks to defer (git-fixes).
- mmc_ Fix NULL dereference on allocation failure (git-fixes).
- ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes).
- ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- ks8851: Fix potential TX stall after interface reopen (git-fixes).
- ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes).
- Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).
- Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).
- Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).
- remove two BUG() from skb_checksum_help() (bsc#1229312).
- qmi_ fix memory leak for not ip packets (git-fixes).
- fix possible cp null dereference (git-fixes).
- initialize noop_qdisc owner (git-fixes).
- pn533: Add poll mod list filling check (git-fixes).
- expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- make the rpc_stat per net namespace (git-fixes).
- add posix ACLs to struct nfsd_attrs (git-fixes).
- add security label to struct nfsd_attrs (git-fixes).
- fix regression with setting ACLs (git-fixes).
- Fix strncpy() fortify warning (git-fixes).
- Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- introduce struct nfsd_attrs (git-fixes).
- move from strlcpy with unused retval to strscpy (git-fixes).
- Optimize DRC bucket pruning (git-fixes).
- return error if nfs4_setacl fails (git-fixes).
- set attributes when creating symlinks (git-fixes).
- use locks_inode_context helper (git-fixes).
- nilfs2: Remove check for PageError (git-fixes).
- nvme_ scan namespaces asynchronously (bsc#1224105).
- ocfs2: use coarse time for new created files (git-fixes).
- Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).
- platform/x86 Add support for ACPI based probing (jsc#PED-8779).
- platform/x86 Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- platform/x86 Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- platform/x86 Check HSMP support on AMD family of processors (jsc#PED-8779).
- platform/x86 Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- platform/x86 Create static func to handle platdev (jsc#PED-8779).
- platform/x86 Define a struct to hold mailbox regs (jsc#PED-8779).
- platform/x86 Move dev from platdev to hsmp_socket (jsc#PED-8779).
- platform/x86 Move hsmp_test to probe (jsc#PED-8779).
- platform/x86 Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- platform/x86 Remove extra parenthesis and add a space (jsc#PED-8779).
- platform/x86 Restructure sysfs group creation (jsc#PED-8779).
- platform/x86 switch to use device_add_groups() (jsc#PED-8779).
- axp288_ Fix constant_charge_voltage writes (git-fixes).
- axp288_ Round constant_charge_voltage writes down (git-fixes).
- Fail build if using recordmcount with binutils v2.37 (bsc#1194869).
- Mark .opd section read-only (bsc#1194869).
- use generic version of arch_is_kernel_initmem_freed() (bsc#1194869).
- xor_ Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).
- Avoid clang null pointer arithmetic warnings (bsc#1194869).
- powerpc/kexec_ fix cpus node update to FDT (bsc#1194869).
- make the update_cpus_node() function public (bsc#1194869).
- split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).
- Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).
- Whitelist dtl slub object for copying to userspace (bsc#1194869).
- Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- Check cpu id in commands "c#", "dp#" and "dx#" (bsc#1194869).
- RDMA/mana_ Use virtual address in dma regions for MRs (git-fixes).
- Fix incomplete state save in rxe_requester (git-fixes)
- Fix rxe_modify_srq (git-fixes)
- Handle zero length rdma (git-fixes)
- Move work queue code to subroutines (git-fixes)
- s390 get rid of register asm (git-fixes bsc#1227079 bsc#1229187).
- s390 Make use of invalid opcode produce a link error (git-fixes bsc#1227079).
- s390 Split and rework cpacf query functions (git-fixes bsc#1229187).
- s390 fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190).
- s390 fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573).
- s390 Prevent release of buffer in I/O (git-fixes bsc#1229572).
- s390 Panic for set and remove shared access UVC errors (git-fixes bsc#1229188).
- Fix scldiv calculation (git-fixes).
- add a struct rpc_stats arg to rpc_create_args (git-fixes).
- Fix a race to wake a sync task (git-fixes).
- fix swiotlb_bounce() to do partial sync's correctly (git-fixes).
- fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).
- add check for crypto_shash_tfm_digest (git-fixes).
- dbg_orphan_ Fix missed key type checking (git-fixes).
- Fix adding orphan entry twice for the same inode (git-fixes).
- Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- fix potential memory leak in vfio_intx_enable() (git-fixes).
- fix wgds rev 3 exact size (git-fixes).
- duplicate static structs used in driver instances (git-fixes).
- x86 drop the duplicate APM_MINOR_DEV macro (git-fixes).
- x86 Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- x86 Fix pti_clone_entry_text() for i386 (git-fixes).
- x86 Check if fixed MTRRs exist before saving them (git-fixes).
- x86 Work around false positive kmemleak report in msr_build_context() (git-fixes).
- Fix missing interval for missing_owner in xfs fsmap (git-fixes).
- Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).
- use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).
- Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).
- Fix rpcrdma_reqs_reset() (git-fixes).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3483=1 openSUSE-SLE-15.5-2024-3483=1
-
openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3483=1
-
SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-3483=1
-
Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3483=1
-
Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3483=1
-
Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-3483=1
-
SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3483=1
Please note that this is the initial kernel livepatch without fixes itself,
this package is later updated by separate standalone kernel livepatch
updates.
-
SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-3483=1
-
SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3483=1
Package List:
-
openSUSE Leap 15.5 (noarch nosrc)
- kernel-docs-5.14.21-150500.55.80.2
-
openSUSE Leap 15.5 (noarch)
- kernel-docs-html-5.14.21-150500.55.80.2
- kernel-source-5.14.21-150500.55.80.2
- kernel-macros-5.14.21-150500.55.80.2
- kernel-source-vanilla-5.14.21-150500.55.80.2
- kernel-devel-5.14.21-150500.55.80.2
-
openSUSE Leap 15.5 (nosrc ppc64le x86_64)
- kernel-debug-5.14.21-150500.55.80.2
-
openSUSE Leap 15.5 (ppc64le x86_64)
- kernel-debug-devel-5.14.21-150500.55.80.2
- kernel-debug-livepatch-devel-5.14.21-150500.55.80.2
- kernel-debug-debugsource-5.14.21-150500.55.80.2
- kernel-debug-devel-debuginfo-5.14.21-150500.55.80.2
- kernel-debug-debuginfo-5.14.21-150500.55.80.2
-
openSUSE Leap 15.5 (x86_64)
- kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.80.2
- kernel-kvmsmall-vdso-5.14.21-150500.55.80.2
- kernel-debug-vdso-5.14.21-150500.55.80.2
- kernel-default-vdso-5.14.21-150500.55.80.2
- kernel-debug-vdso-debuginfo-5.14.21-150500.55.80.2
- kernel-default-vdso-debuginfo-5.14.21-150500.55.80.2
-
openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
- kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.80.2
- kernel-kvmsmall-debugsource-5.14.21-150500.55.80.2
- kernel-kvmsmall-debuginfo-5.14.21-150500.55.80.2
- kernel-default-base-rebuild-5.14.21-150500.55.80.2.150500.6.35.6
- kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.80.2
- kernel-kvmsmall-devel-5.14.21-150500.55.80.2
- kernel-default-base-5.14.21-150500.55.80.2.150500.6.35.6
-
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
- kernel-default-devel-5.14.21-150500.55.80.2
- kernel-default-debugsource-5.14.21-150500.55.80.2
- gfs2-kmp-default-5.14.21-150500.55.80.2
- dlm-kmp-default-debuginfo-5.14.21-150500.55.80.2
- ocfs2-kmp-default-debuginfo-5.14.21-150500.55.80.2
- kernel-default-debuginfo-5.14.21-150500.55.80.2
- kernel-obs-build-debugsource-5.14.21-150500.55.80.1
- kernel-default-optional-debuginfo-5.14.21-150500.55.80.2
- cluster-md-kmp-default-5.14.21-150500.55.80.2
- kernel-default-livepatch-5.14.21-150500.55.80.2
- dlm-kmp-default-5.14.21-150500.55.80.2
- kernel-default-extra-5.14.21-150500.55.80.2
- kernel-syms-5.14.21-150500.55.80.1
- kernel-obs-qa-5.14.21-150500.55.80.1
- kselftests-kmp-default-5.14.21-150500.55.80.2
- kernel-default-livepatch-devel-5.14.21-150500.55.80.2
- reiserfs-kmp-default-debuginfo-5.14.21-150500.55.80.2
- ocfs2-kmp-default-5.14.21-150500.55.80.2
- kernel-default-devel-debuginfo-5.14.21-150500.55.80.2
- cluster-md-kmp-default-debuginfo-5.14.21-150500.55.80.2
- kselftests-kmp-default-debuginfo-5.14.21-150500.55.80.2
- kernel-obs-build-5.14.21-150500.55.80.1
- kernel-default-extra-debuginfo-5.14.21-150500.55.80.2
- gfs2-kmp-default-debuginfo-5.14.21-150500.55.80.2
- kernel-default-optional-5.14.21-150500.55.80.2
- reiserfs-kmp-default-5.14.21-150500.55.80.2
-
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-5.14.21-150500.55.80.2
-
openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
- kernel-kvmsmall-5.14.21-150500.55.80.2
-
openSUSE Leap 15.5 (ppc64le s390x x86_64)
- kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-1-150500.11.3.2
- kernel-livepatch-SLE15-SP5_Update_19-debugsource-1-150500.11.3.2
- kernel-livepatch-5_14_21-150500_55_80-default-1-150500.11.3.2
-
openSUSE Leap 15.5 (nosrc s390x)
- kernel-zfcpdump-5.14.21-150500.55.80.2
-
openSUSE Leap 15.5 (s390x)
- kernel-zfcpdump-debuginfo-5.14.21-150500.55.80.2
- kernel-zfcpdump-debugsource-5.14.21-150500.55.80.2
-
openSUSE Leap 15.5 (nosrc)
- dtb-aarch64-5.14.21-150500.55.80.1
-
openSUSE Leap 15.5 (aarch64)
- dtb-arm-5.14.21-150500.55.80.1
- gfs2-kmp-64kb-5.14.21-150500.55.80.2
- kernel-64kb-debuginfo-5.14.21-150500.55.80.2
- dtb-amazon-5.14.21-150500.55.80.1
- kernel-64kb-debugsource-5.14.21-150500.55.80.2
- dtb-altera-5.14.21-150500.55.80.1
- kernel-64kb-optional-debuginfo-5.14.21-150500.55.80.2
- dtb-lg-5.14.21-150500.55.80.1
- dtb-exynos-5.14.21-150500.55.80.1
- dtb-rockchip-5.14.21-150500.55.80.1
- dtb-qcom-5.14.21-150500.55.80.1
- ocfs2-kmp-64kb-5.14.21-150500.55.80.2
- dtb-amlogic-5.14.21-150500.55.80.1
- kernel-64kb-devel-debuginfo-5.14.21-150500.55.80.2
- kselftests-kmp-64kb-5.14.21-150500.55.80.2
- dtb-nvidia-5.14.21-150500.55.80.1
- kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.80.2
- cluster-md-kmp-64kb-5.14.21-150500.55.80.2
- dtb-amd-5.14.21-150500.55.80.1
- dtb-xilinx-5.14.21-150500.55.80.1
- reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.80.2
- dlm-kmp-64kb-debuginfo-5.14.21-150500.55.80.2
- dtb-allwinner-5.14.21-150500.55.80.1
- dtb-broadcom-5.14.21-150500.55.80.1
- dtb-socionext-5.14.21-150500.55.80.1
- dtb-sprd-5.14.21-150500.55.80.1
- dtb-freescale-5.14.21-150500.55.80.1
- kernel-64kb-devel-5.14.21-150500.55.80.2
- dtb-apm-5.14.21-150500.55.80.1
- dtb-apple-5.14.21-150500.55.80.1
- dlm-kmp-64kb-5.14.21-150500.55.80.2
- kernel-64kb-optional-5.14.21-150500.55.80.2
- reiserfs-kmp-64kb-5.14.21-150500.55.80.2
- cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.80.2
- kernel-64kb-extra-5.14.21-150500.55.80.2
- ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.80.2
- dtb-cavium-5.14.21-150500.55.80.1
- dtb-marvell-5.14.21-150500.55.80.1
- gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.80.2
- kernel-64kb-livepatch-devel-5.14.21-150500.55.80.2
- dtb-hisilicon-5.14.21-150500.55.80.1
- dtb-mediatek-5.14.21-150500.55.80.1
- dtb-renesas-5.14.21-150500.55.80.1
- kernel-64kb-extra-debuginfo-5.14.21-150500.55.80.2
-
openSUSE Leap 15.5 (aarch64 nosrc)
- kernel-64kb-5.14.21-150500.55.80.2
-
openSUSE Leap Micro 5.5 (aarch64 nosrc s390x x86_64)
- kernel-default-5.14.21-150500.55.80.2
-
openSUSE Leap Micro 5.5 (aarch64 x86_64)
- kernel-default-base-5.14.21-150500.55.80.2.150500.6.35.6
-
openSUSE Leap Micro 5.5 (aarch64 s390x x86_64)
- kernel-default-debuginfo-5.14.21-150500.55.80.2
- kernel-default-debugsource-5.14.21-150500.55.80.2
-
SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-5.14.21-150500.55.80.2
-
SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64)
- kernel-default-base-5.14.21-150500.55.80.2.150500.6.35.6
-
SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
- kernel-default-debuginfo-5.14.21-150500.55.80.2
- kernel-default-debugsource-5.14.21-150500.55.80.2
-
Basesystem Module 15-SP5 (aarch64 nosrc)
- kernel-64kb-5.14.21-150500.55.80.2
-
Basesystem Module 15-SP5 (aarch64)
- kernel-64kb-debuginfo-5.14.21-150500.55.80.2
- kernel-64kb-debugsource-5.14.21-150500.55.80.2
- kernel-64kb-devel-5.14.21-150500.55.80.2
- kernel-64kb-devel-debuginfo-5.14.21-150500.55.80.2
-
Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-5.14.21-150500.55.80.2
-
Basesystem Module 15-SP5 (aarch64 ppc64le x86_64)
- kernel-default-base-5.14.21-150500.55.80.2.150500.6.35.6
-
Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
- kernel-default-devel-5.14.21-150500.55.80.2
- kernel-default-devel-debuginfo-5.14.21-150500.55.80.2
- kernel-default-debuginfo-5.14.21-150500.55.80.2
- kernel-default-debugsource-5.14.21-150500.55.80.2
-
Basesystem Module 15-SP5 (noarch)
- kernel-macros-5.14.21-150500.55.80.2
- kernel-devel-5.14.21-150500.55.80.2
-
Basesystem Module 15-SP5 (nosrc s390x)
- kernel-zfcpdump-5.14.21-150500.55.80.2
-
Basesystem Module 15-SP5 (s390x)
- kernel-zfcpdump-debuginfo-5.14.21-150500.55.80.2
- kernel-zfcpdump-debugsource-5.14.21-150500.55.80.2
-
Development Tools Module 15-SP5 (noarch nosrc)
- kernel-docs-5.14.21-150500.55.80.2
-
Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
- kernel-obs-build-5.14.21-150500.55.80.1
- kernel-syms-5.14.21-150500.55.80.1
- kernel-obs-build-debugsource-5.14.21-150500.55.80.1
-
Development Tools Module 15-SP5 (noarch)
- kernel-source-5.14.21-150500.55.80.2
-
Legacy Module 15-SP5 (nosrc)
- kernel-default-5.14.21-150500.55.80.2
-
Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
- reiserfs-kmp-default-debuginfo-5.14.21-150500.55.80.2
- reiserfs-kmp-default-5.14.21-150500.55.80.2
- kernel-default-debuginfo-5.14.21-150500.55.80.2
- kernel-default-debugsource-5.14.21-150500.55.80.2
-
SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
- kernel-default-5.14.21-150500.55.80.2
-
SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
- kernel-livepatch-SLE15-SP5_Update_19-debugsource-1-150500.11.3.2
- kernel-default-debugsource-5.14.21-150500.55.80.2
- kernel-default-debuginfo-5.14.21-150500.55.80.2
- kernel-livepatch-5_14_21-150500_55_80-default-1-150500.11.3.2
- kernel-default-livepatch-devel-5.14.21-150500.55.80.2
- kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-1-150500.11.3.2
- kernel-default-livepatch-5.14.21-150500.55.80.2
-
SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64)
- dlm-kmp-default-5.14.21-150500.55.80.2
- dlm-kmp-default-debuginfo-5.14.21-150500.55.80.2
- kernel-default-debugsource-5.14.21-150500.55.80.2
- ocfs2-kmp-default-debuginfo-5.14.21-150500.55.80.2
- kernel-default-debuginfo-5.14.21-150500.55.80.2
- gfs2-kmp-default-debuginfo-5.14.21-150500.55.80.2
- gfs2-kmp-default-5.14.21-150500.55.80.2
- ocfs2-kmp-default-5.14.21-150500.55.80.2
- cluster-md-kmp-default-debuginfo-5.14.21-150500.55.80.2
- cluster-md-kmp-default-5.14.21-150500.55.80.2
-
SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc)
- kernel-default-5.14.21-150500.55.80.2
-
SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc)
- kernel-default-5.14.21-150500.55.80.2
-
SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
- kernel-default-extra-5.14.21-150500.55.80.2
- kernel-default-debuginfo-5.14.21-150500.55.80.2
- kernel-default-extra-debuginfo-5.14.21-150500.55.80.2
- kernel-default-debugsource-5.14.21-150500.55.80.2
References: