SUSE-SU-2022:4504-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Fri Dec 16 17:30:22 UTC 2022

   SUSE Security Update: Security update for the Linux Kernel

Announcement ID:    SUSE-SU-2022:4504-1
Rating:             important
References:         #1065729 #1156395 #1164051 #1184350 #1189297 
                    #1190256 #1193629 #1194869 #1202341 #1203183 
                    #1204631 #1204636 #1204693 #1204810 #1204850 
                    #1205007 #1205100 #1205111 #1205128 #1205130 
                    #1205149 #1205153 #1205220 #1205331 #1205428 
                    #1205473 #1205514 #1205617 #1205653 #1205744 
                    #1205764 #1205796 #1205882 #1205993 #1206035 
                    #1206036 #1206037 #1206046 #1206047 #1206051 
                    #1206056 #1206057 #1206113 #1206114 #1206147 
                    #1206149 #1206207 #1206273 PED-1573 PED-1706 
                    PED-1936 PED-2684 PED-611 PED-824 PED-849 
Cross-References:   CVE-2022-2602 CVE-2022-3176 CVE-2022-3566
                    CVE-2022-3567 CVE-2022-3635 CVE-2022-3643
                    CVE-2022-3707 CVE-2022-3903 CVE-2022-4095
                    CVE-2022-4129 CVE-2022-4139 CVE-2022-41850
                    CVE-2022-41858 CVE-2022-42328 CVE-2022-42329
                    CVE-2022-42895 CVE-2022-42896 CVE-2022-4378
                    CVE-2022-43945 CVE-2022-45869 CVE-2022-45888
CVSS scores:
                    CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3566 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3566 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
                    CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
                    CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
                    CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45869 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-45869 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-45888 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45888 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise High Performance Computing 15-SP4
                    SUSE Linux Enterprise Module for Public Cloud 15-SP4
                    SUSE Linux Enterprise Server 15-SP4
                    SUSE Linux Enterprise Server for SAP Applications 15-SP4
                    SUSE Manager Proxy 4.3
                    SUSE Manager Retail Branch Server 4.3
                    SUSE Manager Server 4.3
                    openSUSE Leap 15.4

   An update that solves 22 vulnerabilities, contains 7
   features and has 26 fixes is now available.


   The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
   - CVE-2022-42328: Guests could trigger denial of service via the netback
     driver (bnc#1206114).
   - CVE-2022-42329: Guests could trigger denial of service via the netback
     driver (bnc#1206113).
   - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via
     netback driver (bnc#1206113).
   - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file
     drivers/atm/idt77252.c of the component IPsec (bsc#1204631).  -
     CVE-2022-41850: Fixed a race condition in roccat_report_event() in
     drivers/hid/hid-roccat.c (bsc#1203960).
   - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
     l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
   - CVE-2022-3567: Fixed a to race condition in
     inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler
   - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in
     drivers/net/slip (bsc#1205671).
   - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation
   - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
   - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver
     USB driver (bsc#1205220).
   - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which
     could cause a denial of service (bsc#1205882).
   - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB
     devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764).
   - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU
     to access any physical memory (bsc#1205700).
   - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling
     Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a
     race condition and NULL pointer dereference. (bsc#1205711)
   - CVE-2022-42896: Fixed a use-after-free vulnerability in the
     net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()
     which may have allowed code execution and leaking kernel memory
     (respectively) remotely via Bluetooth (bsc#1205709).
   - CVE-2022-42895: Fixed an information leak in the
     net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
     leak kernel pointers remotely (bsc#1205705).
   - CVE-2022-3566: Fixed a race condition in the functions
     tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The
     manipulation leads to race condition (bsc#1204405).
   - CVE-2022-2602: Fixed a local privilege escalation vulnerability
     involving Unix socket Garbage Collection and io_uring (bsc#1204228).
   - CVE-2022-3176: Fixed a use-after-free in io_uring related to
     signalfd_poll() and binder_poll() (bsc#1203391).
   - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver
   - CVE-2022-41850: Fixed a use-after-free in roccat_report_event in
     drivers/hid/hid-roccat.c (bnc#1203960).

   The following non-security bugs were fixed:

   - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes).
   - ACPI: HMAT: Fix initiator registration for single-initiator systems
   - ACPI: HMAT: remove unnecessary variable initialization (git-fixes).
   - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes).
   - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable
   - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes).
   - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
   - ALSA: hda/hdmi - enable runtime pm for more AMD display audio
   - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes).
   - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes).
   - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
   - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
   - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
   - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
   - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
   - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
   - ALSA: usb-audio: Remove redundant workaround for Roland quirk
   - ALSA: usb-audio: Yet more regression for for the delayed card
     registration (bsc#1205111).
   - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
   - ARM: at91: rm9200: fix usb device clock id (git-fixes).
   - ARM: dts: am335x-pcm-953: Define fixed regulators in root node
   - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes).
   - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
   - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes).
   - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes).
   - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes).
   - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes).
   - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source",
     "Routee" -> "Route" (git-fixes).
   - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
   - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
   - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
   - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
   - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
   - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes).
   - ASoC: fsl_sai: use local device pointer (git-fixes).
   - ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
   - ASoC: mt6660: Keep the pm_runtime enables before component stuff in
     mt6660_i2c_probe (git-fixes).
   - ASoC: ops: Fix bounds check for _sx controls (git-fixes).
   - ASoC: rt1019: Fix the TDM settings (git-fixes).
   - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes).
   - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
   - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
   - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes).
   - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes).
   - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes).
   - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
   - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
   - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes).
   - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
   - Bluetooth: L2CAP: Fix attempting to access uninitialized memory
   - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
   - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629).
   - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
   - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes).
   - Drivers: hv: Fix syntax errors in comments (git-fixes).
   - Drivers: hv: Never allocate anything besides framebuffer from
     framebuffer memory region (git-fixes).
   - Drivers: hv: fix repeated words in comments (git-fixes).
   - Drivers: hv: remove duplicate word in a comment (git-fixes).
   - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes).
   - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
   - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization
   - Drivers: hv: vmbus: Fix kernel-doc (git-fixes).
   - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes).
   - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes).
   - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better
     discoverability (git-fixes).
   - Drivers: hv: vmbus: fix double free in the error path of
     vmbus_add_channel_work() (git-fixes).
   - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
   - Drivers: hv: vmbus: fix typo in comment (git-fixes).
   - Fix formatting of client smbdirect RDMA logging (bsc#1193629).
   - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes).
   - HID: hid-lg4ff: Add check for empty lbuf (git-fixes).
   - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes).
   - HID: playstation: add initial DualSense Edge controller support
   - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
   - Handle variable number of SGEs in client smbdirect send (bsc#1193629).
   - IB/hfi1: Correctly move list in sc_disable() (git-fixes)
   - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes)
   - Input: goodix - try resetting the controller when no config is set
   - Input: i8042 - fix leaking of platform device on module removal
   - Input: iforce - invert valid length check when fetching device IDs
   - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
   - Input: soc_button_array - add Acer Switch V 10 to
     dmi_use_low_level_irq[] (git-fixes).
   - Input: soc_button_array - add use_low_level_irq module parameter
   - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
   - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes).
   - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes).
   - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes).
   - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is
     supported (git-fixes).
   - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes).
   - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes).
   - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm
   - KVM: SVM: retrieve VMCB from assembly (git-fixes).
   - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL
   - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
   - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no
     vPMU (git-fixes).
   - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled
   - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable
   - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1
   - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists
   - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}()
   - KVM: s390: Add a routine for setting userspace CPU state (git-fixes
   - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611).
   - KVM: s390: pv: do not allow userspace to set the clock under PV
   - KVM: s390: pv: leak the topmost page table when destroy fails
   - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap
   - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path
   - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes).
   - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic
   - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog
   - KVM: x86/pmu: Use different raw event masks for AMD and Intel
   - KVM: x86/svm: Account for family 17h event renumberings in
     amd_pmc_perf_hw_id (git-fixes).
   - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in
     kvm_pv_kick_cpu_op() (git-fixes).
   - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes).
   - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes).
   - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes).
   - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes).
   - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes).
   - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails
   - KVM: x86: Retry page fault if MMU reload is pending and root has no sp
   - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS)
   - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)
   - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses
   - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
   - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes).
   - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes).
   - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes).
   - KVM: x86: emulator: update the emulation mode after CR0 write
   - KVM: x86: emulator: update the emulation mode after rsm (git-fixes).
   - KVM: x86: use a separate asm-offsets.c file (git-fixes).
   - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13
     bug (git-fixes).
   - MIPS: Loongson: Use hwmon_device_register_with_groups() to register
     hwmon (git-fixes).
   - NFC: nci: Bounds check struct nfc_target arrays (git-fixes).
   - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
     to pci_ids.h (git-fixes).
   - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
   - PCI: hv: Fix the definition of vector in hv_compose_msi_msg()
   - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
   - RDMA/cm: Use SLID in the work completion as the DLID in responder side
   - RDMA/cma: Use output interface for net_dev check (git-fixes)
   - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes)
   - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes)
   - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes)
   - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes)
   - RDMA/hns: Correct the type of variables participating in the shift
     operation (git-fixes)
   - RDMA/hns: Disable local invalidate operation (git-fixes)
   - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes)
   - RDMA/hns: Fix supported page size (git-fixes)
   - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes)
   - RDMA/hns: Remove magic number (git-fixes)
   - RDMA/hns: Remove the num_cqc_timer variable (git-fixes)
   - RDMA/hns: Remove the num_qpc_timer variable (git-fixes)
   - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP
   - RDMA/hns: Replace tab with space in the right-side comments (git-fixes)
   - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx()
   - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes)
   - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes)
   - RDMA/mlx5: Set local port to one when accessing counters (git-fixes)
   - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
   - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes)
   - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes)
   - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes)
   - RDMA/rxe: Remove useless pkt parameters (git-fixes)
   - Reduce client smbdirect max receive segment size (bsc#1193629).
   - Revert "net: phy: meson-gxl: improve link-up behavior" (git-fixes).
   - Revert "tty: n_gsm: avoid call of sleeping functions from atomic
     context" (git-fixes).
   - Revert "tty: n_gsm: replace kicktimer with delayed_work" (git-fixes).
   - Revert "usb: dwc3: disable USB core PHY management" (git-fixes).
   - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
   - SMB3: fix lease break timeout when multiple deferred close handles for
     the same file (bsc#1193629).
   - USB: bcma: Make GPIO explicitly optional (git-fixes).
   - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
   - USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
   - USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
   - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
   - USB: serial: option: remove old LARA-R6 PID (git-fixes).
   - arcnet: fix potential memory leak in com20020_probe() (git-fixes).
   - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header
   - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes).
   - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes)
   - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes).
   - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes).
   - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed
   - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are
     allowed (git-fixes).
   - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed
   - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed
   - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4
   - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock
     frequency (git-fixes).
   - arm64: efi: Fix handling of misaligned runtime regions and drop warning
   - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes).
     Enable CONFIG_ARM64_ERRATUM_2441007, too
   - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable
     CONFIG_ARM64_ERRATUM_1742098 in arm64/default
   - arm64: fix rodata=full again (git-fixes)
   - ata: libata-core: do not issue non-internal commands once EH is pending
   - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes).
   - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes).
   - ata: libata-transport: fix double ata_host_put() in ata_tport_add()
   - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes).
   - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes).
   - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes).
   - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes).
   - blk-cgroup: fix missing put device in error path from blkg_conf_pref()
   - blk-mq: Properly init requests from blk_mq_alloc_request_hctx()
   - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created
   - blk-mq: fix io hung due to missing commit_rqs (git-fixes).
   - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes).
   - blktrace: Trace remapped requests correctly (git-fixes).
   - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes).
   - block: add bio_start_io_acct_time() to control start_time (git-fixes).
   - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for
     nowait (git-fixes).
   - block: drop unused includes in <linux/genhd.h> (git-fixes).
   - bridge: switchdev: Fix memory leaks when changing VLAN protocol
   - btrfs: check if root is readonly while setting security xattr
   - btrfs: do not allow compression on nodatacow files (bsc#1206149).
   - btrfs: export a helper for compression hard check (bsc#1206149).
   - btrfs: fix processing of delayed data refs during backref walking
   - btrfs: fix processing of delayed tree block refs during backref walking
   - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035).
   - btrfs: send: always use the rbtree based inode ref management
     infrastructure (bsc#1206036).
   - btrfs: send: fix failures when processing inodes with no links
   - btrfs: send: fix send failure of a subcase of orphan inodes
   - btrfs: send: fix sending link commands for existing file paths
   - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free
   - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036).
   - btrfs: send: remove unused found_type parameter to
     lookup_dir_item_inode() (bsc#1206036).
   - btrfs: send: remove unused type parameter to iterate_inode_ref_t
   - btrfs: send: use boolean types for current inode status (bsc#1206036).
   - bus: sunxi-rsb: Remove the shutdown callback (git-fixes).
   - bus: sunxi-rsb: Support atomic transfers (git-fixes).
   - ca8210: Fix crash by zero initializing data (git-fixes).
   - can: af_can: fix NULL pointer dereference in can_rx_register()
   - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes).
   - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev()
   - can: j1939: j1939_send_one(): fix missing CAN header initialization
   - can: m_can: Add check for devm_clk_get (git-fixes).
   - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove
     methods (git-fixes).
   - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
   - capabilities: fix potential memleak on error path from
     vfs_getxattr_alloc() (git-fixes).
   - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
   - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050).
   - ceph: avoid putting the realm twice when decoding snaps fails
   - ceph: do not update snapshot context when there is no new snapshot
   - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048).
   - ceph: fix memory leak in ceph_readdir when note_last_dentry returns
     error (bsc#1206049).
   - ceph: properly handle statfs on multifs setups (bsc#1206045).
   - ceph: switch netfs read ops to use rreq->inode instead of
     rreq->mapping->host (bsc#1206046).
   - char: tpm: Protect tpm_pm_suspend with locks (git-fixes).
   - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629).
   - cifs: Add helper function to check smb1+ server (bsc#1193629).
   - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible
   - cifs: Do not use tcon->cfid directly, use the cfid we get from
     open_cached_dir (bsc#1193629).
   - cifs: Fix connections leak when tlink setup failed (git-fixes).
   - cifs: Fix memory leak on the deferred close (bsc#1193629).
   - cifs: Fix memory leak when build ntlmssp negotiate blob failed
   - cifs: Fix pages array leak when writedata alloc failed in
     cifs_writedata_alloc() (bsc#1193629).
   - cifs: Fix pages leak when writedata alloc failed in
     cifs_write_from_iter() (bsc#1193629).
   - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
   - cifs: Fix wrong return value checking when GETFLAGS (git-fixes).
   - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629).
   - cifs: Fix xid leak in cifs_create() (bsc#1193629).
   - cifs: Fix xid leak in cifs_flock() (bsc#1193629).
   - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629).
   - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629).
   - cifs: Make tcon contain a wrapper structure cached_fids instead of
     cached_fid (bsc#1193629).
   - cifs: Move cached-dir functions into a separate file (bsc#1193629).
   - cifs: Replace a couple of one-element arrays with flexible-array members
   - cifs: Use after free in debug code (git-fixes).
   - cifs: Use help macro to get the header preamble size (bsc#1193629).
   - cifs: Use help macro to get the mid header size (bsc#1193629).
   - cifs: add check for returning value of SMB2_close_init (git-fixes).
   - cifs: add check for returning value of SMB2_set_info_init (git-fixes).
   - cifs: add missing spinlock around tcon refcount (bsc#1193629).
   - cifs: alloc_mid function should be marked as static (bsc#1193629).
   - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629).
   - cifs: always iterate smb sessions using primary channel (bsc#1193629).
   - cifs: avoid deadlocks while updating iface (bsc#1193629).
   - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629).
   - cifs: avoid use of global locks for high contention data (bsc#1193629).
   - cifs: cache the dirents for entries in a cached directory (bsc#1193629).
   - cifs: change iface_list from array to sorted linked list (bsc#1193629).
   - cifs: destage dirty pages before re-reading them for cache=none
   - cifs: do not send down the destination address to sendmsg for a
     SOCK_STREAM (bsc#1193629).
   - cifs: drop the lease for cached directories on rmdir or rename
   - cifs: during reconnect, update interface if necessary (bsc#1193629).
   - cifs: enable caching of directories for which a lease is held
   - cifs: find and use the dentry for cached non-root directories also
   - cifs: fix double-fault crash during ntlmssp (bsc#1193629).
   - cifs: fix lock length calculation (bsc#1193629).
   - cifs: fix memory leaks in session setup (bsc#1193629).
   - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes).
   - cifs: fix race condition with delayed threads (bsc#1193629).
   - cifs: fix skipping to incorrect offset in emit_cached_dirents
   - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629).
   - cifs: fix static checker warning (bsc#1193629).
   - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629).
   - cifs: fix use-after-free caused by invalid pointer `hostname`
   - cifs: fix use-after-free on the link name (bsc#1193629).
   - cifs: fix wrong unlock before return from cifs_tree_connect()
   - cifs: improve handlecaching (bsc#1193629).
   - cifs: improve symlink handling for smb2+ (bsc#1193629).
   - cifs: lease key is uninitialized in smb1 paths (bsc#1193629).
   - cifs: lease key is uninitialized in two additional functions when smb1
   - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629).
   - cifs: misc: fix spelling typo in comment (bsc#1193629).
   - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629).
   - cifs: periodically query network interfaces from server (bsc#1193629).
   - cifs: populate empty hostnames for extra channels (bsc#1193629).
   - cifs: prevent copying past input buffer boundaries (bsc#1193629).
   - cifs: remove "cifs_" prefix from init/destroy mids functions
   - cifs: remove initialization value (bsc#1193629).
   - cifs: remove minor build warning (bsc#1193629).
   - cifs: remove redundant initialization to variable mnt_sign_enabled
   - cifs: remove remaining build warnings (bsc#1193629).
   - cifs: remove some camelCase and also some static build warnings
   - cifs: remove unnecessary (void*) conversions (bsc#1193629).
   - cifs: remove unnecessary locking of chan_lock while freeing session
   - cifs: remove unnecessary type castings (bsc#1193629).
   - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629).
   - cifs: remove useless DeleteMidQEntry() (bsc#1193629).
   - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
   - cifs: replace kfree() with kfree_sensitive() for sensitive data
   - cifs: return correct error in ->calc_signature() (bsc#1193629).
   - cifs: return errors during session setup during reconnects (bsc#1193629).
   - cifs: revalidate mapping when doing direct writes (bsc#1193629).
   - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629).
   - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir
   - cifs: skip extra NULL byte in filenames (bsc#1193629).
   - cifs: store a pointer to a fid in the cfid structure instead of the
     struct (bsc#1193629).
   - cifs: truncate the inode and mapping when we simulate fcollapse
   - cifs: update cifs_ses::ip_addr after failover (bsc#1193629).
   - cifs: update internal module number (bsc#1193629).
   - cifs: use ALIGN() and round_up() macros (bsc#1193629).
   - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629).
   - cifs: when a channel is not found for server, log its connection id
   - cifs: when insecure legacy is disabled shrink amount of SMB1 code
   - clocksource/drivers/hyperv: add data structure for reference TSC MSR
   - cpufreq: intel_pstate: Handle no_turbo in frequency invariance
   - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849).
   - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936).
   - dm btree remove: fix use after free in rebalance_children() (git-fixes).
   - dm crypt: make printing of the key constant-time (git-fixes).
   - dm era: commit metadata in postsuspend after worker stops (git-fixes).
   - dm integrity: fix memory corruption when tag_size is less than digest
     size (git-fixes).
   - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
   - dm raid: fix accesses beyond end of raid member array (git-fixes).
   - dm stats: add cond_resched when looping over entries (git-fixes).
   - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
   - dm: fix double accounting of flush with data (git-fixes).
   - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes).
   - dm: properly fix redundant bio-based IO accounting (git-fixes).
   - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes).
   - dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
   - dm: revert partial fix for redundant bio-based IO accounting (git-fixes).
   - dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
   - dmaengine: at_hdmac: Check return code of dma_async_device_register
   - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable
   - dmaengine: at_hdmac: Do not call the complete callback on
     device_terminate_all (git-fixes).
   - dmaengine: at_hdmac: Do not start transactions at tx_submit level
   - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
   - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of
     errors (git-fixes).
   - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes).
   - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes).
   - dmaengine: at_hdmac: Fix concurrency problems by removing
     atc_complete_all() (git-fixes).
   - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware
   - dmaengine: at_hdmac: Fix impossible condition (git-fixes).
   - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending
   - dmaengine: at_hdmac: Free the memset buf without holding the chan lock
   - dmaengine: at_hdmac: Protect atchan->status with the channel lock
   - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending
   - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
   - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
   - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail
   - docs, kprobes: Fix the wrong location of Kprobes (git-fixes).
   - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes).
   - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes).
   - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes).
   - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV
     case (git-fixes).
   - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
   - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes).
   - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes).
   - drm/amdkfd: handle CPU fault on COW mapping (git-fixes).
   - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes).
   - drm/hyperv: Add ratelimit on error message (git-fixes).
   - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes).
   - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes).
   - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes).
   - drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
   - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
   - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes).
   - drm/msm/hdmi: fix IRQ lifetime (git-fixes).
   - drm/panel: simple: set bpc field for logic technologies displays
   - drm/rockchip: dsi: Force synchronous probe (git-fixes).
   - drm/vc4: Fix missing platform_unregister_drivers() call in
     vc4_drm_register() (git-fixes).
   - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes).
   - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
   - e1000e: Fix TX dispatch condition (git-fixes).
   - e100: Fix possible use after free in e100_xmit_prepare (git-fixes).
   - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes).
   - efi: random: reduce seed size to 32 bytes (git-fixes).
   - fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
   - firmware: coreboot: Register bus in module init (git-fixes).
   - fm10k: Fix error handling in fm10k_init_module() (git-fixes).
   - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes).
   - ftrace: Fix the possible incorrect kernel message (git-fixes).
   - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
   - ftrace: Optimize the allocation for mcount entries (git-fixes).
   - fuse: add file_modified() to fallocate (bsc#1205332).
   - fuse: fix readdir cache race (bsc#1205331).
   - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273).
   - gpio: amd8111: Fix PCI device reference count leak (git-fixes).
   - hamradio: fix issue of dev reference count leakage in bpq_device_event()
   - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
   - hv_netvsc: Fix race between VF offering and VF association message from
     host (bsc#1204850).
   - hv_netvsc: Print value of invalid ID in
     netvsc_send_{completion,tx_complete}() (git-fixes).
   - hv_sock: Add validation for untrusted Hyper-V values (git-fixes).
   - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes).
   - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes).
   - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes).
   - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
   - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes).
   - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
   - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes).
   - hwmon: (ltc2947) fix temperature scaling (git-fixes).
   - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes).
   - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes).
   - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes).
   - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes).
   - i2c: xiic: Add platform module alias (git-fixes).
   - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
   - ieee802154: cc2520: Fix error return code in cc2520_hw_init()
   - iio: adc: at91_adc: fix possible memory leak in
     at91_adc_allocate_trigger() (git-fixes).
   - iio: adc: mp2629: fix potential array out of bound access (git-fixes).
   - iio: adc: mp2629: fix wrong comparison of channel (git-fixes).
   - iio: core: Fix entry not deleted when iio_register_sw_trigger_type()
     fails (git-fixes).
   - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes).
   - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
   - iio: light: apds9960: fix wrong register for gesture gain (git-fixes).
   - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes).
   - iio: ms5611: Simplify IO callback parameters (git-fixes).
   - iio: pressure: ms5611: changed hardcoded SPI speed to value limited
   - iio: pressure: ms5611: fixed value compensation bug (git-fixes).
   - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
   - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes).
   - intel_idle: Add AlderLake support (jsc#PED-824).
   - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936).
   - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824
   - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936).
   - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113).
   - io-wq: do not retry task_work creation failure on fatal conditions
   - io-wq: ensure we exit if thread group is exiting (git-fixes).
   - io-wq: exclusively gate signal based exit on get_signal() return
   - io-wq: fix cancellation on create-worker failure (bnc#1205113).
   - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113).
   - io_uring: correct __must_hold annotation (git-fixes).
   - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes).
   - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL
   - io_uring: fix io_timeout_remove locking (git-fixes).
   - io_uring: fix missing mb() before waitqueue_active (git-fixes).
   - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes).
   - io_uring: fix possible poll event lost in multi shot mode (git-fixes).
   - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes).
   - ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
   - kABI: Fix kABI after "KVM: x86/pmu: Use different raw event masks for
     AMD and Intel" (git-fixes).
   - kbuild: Unify options for BTF generation for vmlinux and modules
   - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
   - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes).
   - mISDN: fix possible memory leak in mISDN_dsp_element_register()
   - mac80211: radiotap: Use BIT() instead of shifts (git-fixes).
   - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes).
   - macsec: Fix invalid error code set (git-fixes).
   - macsec: add missing attribute validation for offload (git-fixes).
   - macsec: clear encryption keys from the stack after setting up offload
   - macsec: delete new rxsc when offload fails (git-fixes).
   - macsec: fix detection of RXSCs when toggling offloading (git-fixes).
   - macsec: fix secy->n_rx_sc accounting (git-fixes).
   - md/raid5: Ensure stripe_fill happens on non-read IO with journal
   - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()
   - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
   - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes).
   - media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
   - media: meson: vdec: fix possible refcount leak in vdec_probe()
   - media: rkisp1: Do not pass the quantization to rkisp1_csm_config()
   - media: rkisp1: Initialize color space on resizer sink and source pads
   - media: rkisp1: Use correct macro for gradient registers (git-fixes).
   - media: rkisp1: Zero v4l2_subdev_format fields in when validating links
   - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes).
   - media: v4l: subdev: Fail graciously when getting try data for NULL state
   - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
   - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes).
   - mmc: core: properly select voltage range without power cycle (git-fixes).
   - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
   - mmc: mmc_test: Fix removal of debugfs file (git-fixes).
   - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes).
   - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
   - mmc: sdhci-brcmstb: Re-organize flags (git-fixes).
   - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes).
   - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA
   - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
   - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD#
     debounce timeout (git-fixes).
   - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
   - mmc: sdhci-sprd: Fix no reset data and command after voltage switch
   - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
   - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
   - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
   - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes).
   - mtd: parsers: bcm47xxpart: print correct offset on read error
   - mtd: spi-nor: intel-spi: Disable write protection only if asked
   - nbd: Fix incorrect error handle when first_minor is illegal in
     nbd_dev_add (git-fixes).
   - net/smc: Avoid overwriting the copies of clcsock callback functions
   - net/smc: Fix an error code in smc_lgr_create() (git-fixes).
   - net/smc: Fix possible access to freed memory in link clear (git-fixes).
   - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes).
   - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes).
   - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes).
   - net/smc: Forward wakeup to smc socket waitqueue after fallback
   - net/smc: Only save the original clcsock callback functions (git-fixes).
   - net/smc: Send directly when TCP_CORK is cleared (git-fixes).
   - net/smc: kABI workarounds for struct smc_link (git-fixes).
   - net/smc: kABI workarounds for struct smc_sock (git-fixes).
   - net/smc: send directly on setting TCP_NODELAY (git-fixes).
   - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
   - net: ethernet: nixge: fix NULL dereference (git-fixes).
   - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
   - net: ethernet: ti: am65-cpsw: fix error handling in
     am65_cpsw_nuss_probe() (git-fixes).
   - net: hyperv: remove use of bpf_op_t (git-fixes).
   - net: mdio: fix unbalanced fwnode reference count in
     mdio_device_release() (git-fixes).
   - net: mdiobus: fix unbalanced node reference count (git-fixes).
   - net: phy: fix null-ptr-deref while probe() failed (git-fixes).
   - net: phy: marvell: add sleep time after enabling the loopback bit
   - net: phy: mscc: macsec: clear encryption keys when freeing a flow
   - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes).
   - net: stmmac: work around sporadic tx issue on link-up (git-fixes).
   - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes).
   - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes).
   - net: thunderx: Fix the ACPI memory leak (git-fixes).
   - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes).
   - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type
   - net: wwan: iosm: fix kernel test robot reported error (git-fixes).
   - nfc/nci: fix race with opening and closing (git-fixes).
   - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
   - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes).
   - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
   - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION
   - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
   - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
   - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
   - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes).
   - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
   - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes).
   - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition
     failure (git-fixes).
   - panic, kexec: make __crash_kexec() NMI safe (git-fixes).
   - parport_pc: Avoid FIFO port location truncation (git-fixes).
   - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes).
   - phy: stm32: fix an error code in probe (git-fixes).
   - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
   - pinctrl: intel: Save and restore pins in "direct IRQ" mode (git-fixes).
   - pinctrl: rockchip: list all pins in a possible mux route for PX30
   - pinctrl: single: Fix potential division by zero (git-fixes).
   - platform/surface: aggregator: Do not check for repeated unsequenced
     packets (git-fixes).
   - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684
   - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes).
   - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when
     virtualized (git-fixes).
   - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
   - platform/x86: asus-wmi: add missing pci_dev_put() in
     asus_wmi_set_xusb2pr() (git-fixes).
   - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes).
   - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes).
   - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes).
   - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2
     2-in-1 (git-fixes).
   - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S
   - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395).
   - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
   - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static
   - proc: avoid integer type confusion in get_proc_long (git-fixes).
   - proc: proc_skip_spaces() shouldn't think it is working on C strings
   - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
   - regulator: core: fix UAF in destroy_regulator() (git-fixes).
   - regulator: core: fix kobject release warning and memory leak in
     regulator_register() (git-fixes).
   - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
   - ring-buffer: Include dropped pages in counting dirty patches (git-fixes).
   - ring_buffer: Do not deactivate non-existant pages (git-fixes).
   - s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
     (bsc#1205427 LTC#200502).
   - s390/pci: add missing EX_TABLE entries to
     __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502).
   - s390/uaccess: add missing EX_TABLE entries to __clear_user(),
     copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and
     __strnlen_user() (bsc#1205428 LTC#200501).
   - s390: fix nospec table alignments (git-fixes).
   - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)).
   - sched: Disable sched domain debugfs creation on ppc64 unless
     sched_verbose is specified (bnc#1205653).
   - scripts/faddr2line: Fix regression in name resolution on ppc64le
   - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729).
   - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
   - scsi: megaraid_sas: Correct value passed to scsi_device_lookup()
   - scsi: mpt3sas: Fix return value check of dma_get_required_mask()
   - scsi: qedf: Populate sysfs attributes for vport (git-fixes).
   - scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
   - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
   - scsi: storvsc: Fix handling of srb_status and capacity change events
   - scsi: storvsc: Fix typo in comment (git-fixes).
   - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
   - scsi: storvsc: remove an extraneous "to" in a comment (git-fixes).
   - scsi: zfcp: Fix double free of FSF request when qdio send fails
   - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes).
   - selftests: mptcp: fix mibit vs mbit mix up (git-fixes).
   - selftests: mptcp: make sendfile selftest work (git-fixes).
   - selftests: mptcp: more stable simult_flows tests (git-fixes).
   - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
   - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
   - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes).
   - serial: 8250: Flush DMA Rx on RLSI (git-fixes).
   - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in
     omap8250_remove() (git-fixes).
   - serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
   - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes).
   - serial: 8250_omap: remove wait loop from Errata i202 workaround
   - serial: imx: Add missing .thaw_noirq hook (git-fixes).
   - siox: fix possible memory leak in siox_device_add() (git-fixes).
   - slimbus: stream: correct presence rate frequencies (git-fixes).
   - smb2: small refactor in smb2_check_message() (bsc#1193629).
   - smb3: Move the flush out of smb2_copychunk_range() into its callers
   - smb3: add dynamic trace points for tree disconnect (bsc#1193629).
   - smb3: add trace point for SMB2_set_eof (bsc#1193629).
   - smb3: allow deferred close timeout to be configurable (bsc#1193629).
   - smb3: check xattr value length earlier (bsc#1193629).
   - smb3: clarify multichannel warning (bsc#1193629).
   - smb3: do not log confusing message when server returns no network
     interfaces (bsc#1193629).
   - smb3: fix empty netname context on secondary channels (bsc#1193629).
   - smb3: fix oops in calculating shash_setkey (bsc#1193629).
   - smb3: fix temporary data corruption in collapse range (bsc#1193629).
   - smb3: fix temporary data corruption in insert range (bsc#1193629).
   - smb3: improve SMB3 change notification support (bsc#1193629).
   - smb3: interface count displayed incorrectly (bsc#1193629).
   - smb3: missing inode locks in punch hole (bsc#1193629).
   - smb3: missing inode locks in zero range (bsc#1193629).
   - smb3: must initialize two ACL struct fields to zero (bsc#1193629).
   - smb3: remove unneeded null check in cifs_readdir (bsc#1193629).
   - smb3: rename encryption/decryption TFMs (bsc#1193629).
   - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait
   - smb3: use netname when available on secondary channels (bsc#1193629).
   - smb3: workaround negprot bug in some Samba servers (bsc#1193629).
   - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes).
   - soundwire: intel: Initialize clock stop timeout (bsc#1205507).
   - soundwire: qcom: check for outanding writes before doing a read
   - soundwire: qcom: reinit broadcast completion (git-fixes).
   - speakup: fix a segfault caused by switching consoles (git-fixes).
   - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld()
   - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input
     clock (git-fixes).
   - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes).
   - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every
     run (git-fixes).
   - spi: tegra210-quad: Fix duplicate resource error (git-fixes).
   - thunderbolt: Add DP OUT resource when DP tunnel is discovered
   - tools: hv: Remove an extraneous "the" (git-fixes).
   - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes).
   - tools: iio: iio_generic_buffer: Fix read size (git-fixes).
   - tracing/ring-buffer: Have polling block on watermark (git-fixes).
   - tracing: Fix memory leak in test_gen_synth_cmd() and
     test_empty_synth_event() (git-fixes).
   - tracing: Fix memory leak in tracing_read_pipe() (git-fixes).
   - tracing: Fix wild-memory-access in register_synth_event() (git-fixes).
   - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()
   - tracing: kprobe: Fix potential null-ptr-deref on trace_array in
     kprobe_event_gen_test_exit() (git-fixes).
   - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in
     kprobe_event_gen_test_exit() (git-fixes).
   - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
   - tty: serial: fsl_lpuart: do not break the on-going transfer when global
     reset (git-fixes).
   - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
   - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes).
   - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes).
   - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes).
   - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
   - usb: dwc3: exynos: Fix remove() function (git-fixes).
   - usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
   - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes).
   - usb: dwc3: gadget: conditionally remove requests (git-fixes).
   - usb: smsc: use eth_hw_addr_set() (git-fixes).
   - usb: typec: mux: Enter safe mode only when pins need to be reconfigured
   - usb: xhci-mtk: check boundary before check tt (git-fixes).
   - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes).
   - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes).
   - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"
   - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes).
   - virtio-blk: Use blk_validate_block_size() to validate block size
   - vmxnet3: correctly report encapsulated LRO packet (git-fixes).
   - vmxnet3: use correct intrConf reference when using extended queues
   - wifi: airo: do not assign -1 to unsigned char (git-fixes).
   - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes).
   - wifi: ath11k: avoid deadlock during regulatory update in
     ath11k_regd_update() (git-fixes).
   - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes).
   - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes).
   - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes).
   - wifi: cfg80211: silence a sparse RCU warning (git-fixes).
   - wifi: mac80211: Fix ack frame idr leak when mesh has no route
   - wifi: mac80211: fix memory free error when registering wiphy fail
   - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
   - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
   - wifi: wext: use flex array destination for memcpy() (git-fixes).
   - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST
     attribute (git-fixes).
   - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL
     attribute (git-fixes).
   - wifi: wilc1000: validate number of channels (git-fixes).
   - wifi: wilc1000: validate pairwise and authentication suite offsets
   - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes).
   - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from
     S3 (bsc#1206037).
   - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
   - x86/entry: Work around Clang __bdos() bug (git-fixes).
   - x86/extable: Extend extable functionality (git-fixes).
   - x86/fpu: Drop fpregs lock before inheriting FPU permissions
   - x86/futex: Remove .fixup usage (git-fixes).
   - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests
   - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes).
   - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes).
   - x86/hyperv: fix invalid writes to MSRs during root partition kexec
   - x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
   - x86/microcode/AMD: Apply the patch early on every logical thread
   - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes).
   - xen/gntdev: Accommodate VMA splitting (git-fixes).
   - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
   - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
   - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes).
   - xfs: fix perag reference leak on iteration race with growfs (git-fixes).
   - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes).
   - xfs: reserve quota for dir expansion when linking/unlinking files
   - xfs: reserve quota for target dir expansion when renaming files

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-4504=1

   - SUSE Linux Enterprise Module for Public Cloud 15-SP4:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-4504=1

Package List:

   - openSUSE Leap 15.4 (aarch64 x86_64):


   - openSUSE Leap 15.4 (noarch):


   - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64):


   - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch):



More information about the sle-security-updates mailing list