SUSE-SU-2022:3844-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Nov 1 23:21:12 UTC 2022


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:3844-1
Rating:             important
References:         #1185032 #1190497 #1194023 #1194869 #1195917 
                    #1196444 #1196869 #1197659 #1198189 #1200288 
                    #1200622 #1201309 #1201310 #1201987 #1202095 
                    #1202960 #1203039 #1203066 #1203101 #1203197 
                    #1203263 #1203338 #1203360 #1203361 #1203389 
                    #1203410 #1203505 #1203552 #1203664 #1203693 
                    #1203699 #1203767 #1203769 #1203770 #1203794 
                    #1203798 #1203893 #1203902 #1203906 #1203908 
                    #1203935 #1203939 #1203987 #1203992 #1204051 
                    #1204059 #1204060 #1204125 PED-387 PED-529 
                    PED-652 PED-664 PED-682 PED-688 PED-720 PED-729 
                    PED-755 PED-763 SLE-19924 SLE-24814 
Cross-References:   CVE-2022-1263 CVE-2022-2586 CVE-2022-3202
                    CVE-2022-32296 CVE-2022-3239 CVE-2022-3303
                    CVE-2022-39189 CVE-2022-41218 CVE-2022-41674
                    CVE-2022-41848 CVE-2022-41849 CVE-2022-42719
                    CVE-2022-42720 CVE-2022-42721 CVE-2022-42722
                   
CVSS scores:
                    CVE-2022-1263 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-1263 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3202 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-3202 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-32296 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-32296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Desktop 15-SP4
                    SUSE Linux Enterprise High Availability 15-SP4
                    SUSE Linux Enterprise High Performance Computing
                    SUSE Linux Enterprise High Performance Computing 15-SP4
                    SUSE Linux Enterprise Micro 5.3
                    SUSE Linux Enterprise Module for Basesystem 15-SP4
                    SUSE Linux Enterprise Module for Development Tools 15-SP4
                    SUSE Linux Enterprise Module for Legacy Software 15-SP4
                    SUSE Linux Enterprise Module for Live Patching 15-SP4
                    SUSE Linux Enterprise Server
                    SUSE Linux Enterprise Server 15-SP4
                    SUSE Linux Enterprise Server for SAP Applications
                    SUSE Linux Enterprise Server for SAP Applications 15-SP4
                    SUSE Linux Enterprise Workstation Extension 15-SP4
                    SUSE Manager Proxy 4.3
                    SUSE Manager Retail Branch Server 4.3
                    SUSE Manager Server 4.3
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that solves 15 vulnerabilities, contains 12
   features and has 33 fixes is now available.

Description:


   The SUSE Linux Enterprise 15 SP4 kernel was updated.

   The following security bugs were fixed:

   - CVE-2022-3303: Fixed a race condition in the sound subsystem due to
     improper locking (bnc#1203769).
   - CVE-2022-41218: Fixed an use-after-free caused by refcount races in
     drivers/media/dvb-core/dmxdev.c (bnc#1202960).
   - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that
     could lead a local user to able to crash the system or escalate their
     privileges (bnc#1203552).
   - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a
     physically proximate attacker removes a PCMCIA device while calling
     ioctl (bnc#1203987).
   - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a
     physically proximate attacker removes a USB device while calling open
     (bnc#1203992).
   - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the
     reception of specific WiFi Frames (bsc#1203770).
   - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM
     when releasing a vCPU with dirty ring support enabled. This flaw allowed
     an unprivileged local attacker on the host to issue specific ioctl
     calls, causing a kernel oops condition that results in a denial of
     service (bnc#1198189).
   - CVE-2022-32296: Fixed a bug which allowed TCP servers to identify
     clients by observing what source ports are used (bnc#1200288).
   - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File
     System. This could allow a local attacker to crash the system or leak
     kernel internal information (bnc#1203389).
   - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows
     unprivileged guest users to compromise the guest kernel because TLB
     flush operations are mishandled (bnc#1203066).
   - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft
     table is deleted (bnc#1202095).
   - CVE-2022-42722: Fixed crash in beacon protection for P2P-device.
     (bsc#1204125)
   - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051)
   - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060)
   - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059)

   The following non-security bugs were fixed:

   - ACPI / scan: Create platform device for CS35L41 (bsc#1203699).
   - ACPI: processor idle: Practically limit "Dummy wait" workaround to old
     Intel systems (bsc#1203767).
   - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes).
   - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699).
   - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699).
   - ALSA: aloop: Fix random zeros in capture data when using jiffies timer
     (git-fixes).
   - ALSA: core: Fix double-free at snd_card_new() (git-fixes).
   - ALSA: cs35l41: Check hw_config before using it (bsc#1203699).
   - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699).
   - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699).
   - ALSA: cs35l41: Unify hardware configuration (bsc#1203699).
   - ALSA: emu10k1: Fix out of bounds access in
     snd_emu10k1_pcm_channel_alloc() (git-fixes).
   - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
   - ALSA: hda: cs35l41: Add Amp Name based on channel and index
     (bsc#1203699).
   - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699).
   - ALSA: hda: cs35l41: Add calls to newly added test key function
     (bsc#1203699).
   - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence
     (bsc#1203699).
   - ALSA: hda: cs35l41: Add initial DSP support and firmware loading
     (bsc#1203699).
   - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699).
   - ALSA: hda: cs35l41: Add module parameter to control firmware load
     (bsc#1203699).
   - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699).
   - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699).
   - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations
     (bsc#1203699).
   - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699).
   - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699).
   - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties
     (bsc#1203699).
   - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41
     (bsc#1203699).
   - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699).
   - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699).
   - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops
     (bsc#1203699).
   - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference
     (bsc#1203699).
   - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699).
   - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name
     (bsc#1203699).
   - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699).
   - ALSA: hda: cs35l41: Handle all external boost setups the same way
     (bsc#1203699).
   - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699).
   - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699).
   - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe()
     (bsc#1203699).
   - ALSA: hda: cs35l41: Move boost config to initialization code
     (bsc#1203699).
   - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace
     (bsc#1203699).
   - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use
     (bsc#1203699).
   - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699).
   - ALSA: hda: cs35l41: Put the device into safe mode for external boost
     (bsc#1203699).
   - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables
     (bsc#1203699).
   - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699).
   - ALSA: hda: cs35l41: Remove Set Channel Map api from binding
     (bsc#1203699).
   - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699).
   - ALSA: hda: cs35l41: Save codec object inside component struct
     (bsc#1203699).
   - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver
     (bsc#1203699).
   - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop
     (bsc#1203699).
   - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699).
   - ALSA: hda: cs35l41: Support Firmware switching and reloading
     (bsc#1203699).
   - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699).
   - ALSA: hda: cs35l41: Support multiple load paths for firmware
     (bsc#1203699).
   - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699).
   - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699).
   - ALSA: hda: cs35l41: Tidyup code (bsc#1203699).
   - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699).
   - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699).
   - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699).
   - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount
     saturation (git-fixes).
   - ALSA: hda: Fix Nvidia dp infoframe (git-fixes).
   - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly
     (bsc#1203699).
   - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699).
   - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls
     (bsc#1203699).
   - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720).
   - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699).
   - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699).
   - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699).
   - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static
     (bsc#1203699).
   - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699).
   - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants
     (bsc#1203699).
   - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration
     (bsc#1203699).
   - ALSA: hda/cs8409: Re-order quirk table into ascending order
     (bsc#1203699).
   - ALSA: hda/cs8409: Support manual mode detection for CS42L42
     (bsc#1203699).
   - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699).
   - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699).
   - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699).
   - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver
     (bsc#1203699).
   - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED
     (git-fixes).
   - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops
     (bsc#1203699).
   - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9
     (bsc#1203699).
   - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
   - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).
   - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
   - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model
     (bsc#1203699).
   - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
   - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699).
   - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41
     (bsc#1203699).
   - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699).
   - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699).
   - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
     (git-fixes).
   - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop
     (git-fixes).
   - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on
     EliteBook 845/865 G9 (bsc#1203699).
   - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops
     (bsc#1203699).
   - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops
     (bsc#1203699).
   - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699).
   - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec
     (bsc#1203699).
   - ALSA: hda/realtek: More robust component matching for CS35L41
     (bsc#1203699).
   - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
   - ALSA: hda/sigmatel: Fix unused variable warning for beep power change
     (git-fixes).
   - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes).
   - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
   - ALSA: hda/tegra: set depop delay for tegra (git-fixes).
   - ALSA: hda/tegra: Update scratch reg. communication (git-fixes).
   - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes).
   - ALSA: usb-audio: Fix an out-of-bounds bug in
     __snd_usb_parse_audio_interface() (git-fixes).
   - ALSA: usb-audio: Inform the delayed registration more properly
     (git-fixes).
   - ALSA: usb-audio: Register card again for iface over delayed_register
     option (git-fixes).
   - ALSA: usb-audio: Split endpoint setups for hw_params and prepare
     (git-fixes).
   - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes).
   - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes).
   - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes).
   - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes).
   - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes).
   - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes).
   - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
     (git-fixes).
   - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes).
   - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes)
     Enable this errata fix configuration option to arm64/default.
   - arm64: kexec_file: use more system keyrings to verify kernel image
     signature (bsc#1196444).
   - arm64: lib: Import latest version of Arm Optimized Routines' strcmp
     (git-fixes)
   - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes)
   - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes).
   - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699).
   - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699).
   - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699).
   - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699).
   - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver
     (bsc#1203699).
   - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).
   - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).
   - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699).
   - ASoC: cs35l41: Add support for hibernate memory retention mode
     (bsc#1203699).
   - ASoC: cs35l41: Binding fixes (bsc#1203699).
   - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699).
   - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699).
   - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699).
   - ASoC: cs35l41: Correct DSP power down (bsc#1203699).
   - ASoC: cs35l41: Correct handling of some registers in the cache
     (bsc#1203699).
   - ASoC: cs35l41: Correct some control names (bsc#1203699).
   - ASoC: cs35l41: Create shared function for boost configuration
     (bsc#1203699).
   - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699).
   - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699).
   - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699).
   - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699).
   - ASoC: cs35l41: Do not print error when waking from hibernation
     (bsc#1203699).
   - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699).
   - ASoC: cs35l41: DSP Support (bsc#1203699).
   - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues
     (bsc#1203699).
   - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN
     (bsc#1203699).
   - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t
     (bsc#1203699).
   - ASoC: cs35l41: Fix DSP mbox start command and global enable order
     (bsc#1203699).
   - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699).
   - ASoC: cs35l41: Fix link problem (bsc#1203699).
   - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699).
   - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699).
   - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699).
   - ASoC: cs35l41: Fixup the error messages (bsc#1203699).
   - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699).
   - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699).
   - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code
     (bsc#1203699).
   - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699).
   - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699).
   - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code
     (bsc#1203699).
   - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699).
   - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware
     (bsc#1203699).
   - ASoC: cs35l41: Remove incorrect comment (bsc#1203699).
   - ASoC: cs35l41: Remove unnecessary param (bsc#1203699).
   - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699).
   - ASoC: cs35l41: Support external boost (bsc#1203699).
   - ASoC: cs35l41: Update handling of test key registers (bsc#1203699).
   - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot
     (bsc#1203699).
   - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699).
   - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START
     (bsc#1203699).
   - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable
     (bsc#1203699).
   - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts
     (bsc#1203699).
   - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling
     (bsc#1203699).
   - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699).
   - ASoC: cs42l42: Do not reconfigure the PLL while it is running
     (bsc#1203699).
   - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt
     (bsc#1203699).
   - ASoC: cs42l42: free_irq() before powering-down on probe() fail
     (bsc#1203699).
   - ASoC: cs42l42: Handle system suspend (bsc#1203699).
   - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699).
   - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699).
   - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script
     (bsc#1203699).
   - ASoC: cs42l42: Move CS42L42 register descriptions to general include
     (bsc#1203699).
   - ASoC: cs42l42: Only report button state if there was a button interrupt
     (git-fixes).
   - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler
     (bsc#1203699).
   - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699).
   - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699).
   - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks
     (bsc#1203699).
   - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks
     (bsc#1203699).
   - ASoC: cs42l42: Report full jack status when plug is detected
     (bsc#1203699).
   - ASoC: cs42l42: Report initial jack state (bsc#1203699).
   - ASoC: cs42l42: Reset and power-down on remove() and failed probe()
     (bsc#1203699).
   - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699).
   - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699).
   - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699).
   - ASoC: cs42l42: Use two thresholds and increased wait time for manual
     type detection (bsc#1203699).
   - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699).
   - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes).
   - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes).
   - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes).
   - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes).
   - ASoC: qcom: sm8250: add missing module owner (git-fixes).
   - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720).
   - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720).
   - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652).
   - ASoC: tas2770: Reinit regcache on reset (git-fixes).
   - ASoC: wm_adsp: Add support for "toggle" preloaders (bsc#1203699).
   - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699).
   - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699).
   - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed
     (bsc#1203699).
   - ASoC: wm_adsp: Correct control read size when parsing compressed buffer
     (bsc#1203699).
   - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699).
   - ASoC: wm_adsp: Fix event for preloader (bsc#1203699).
   - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699).
   - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699).
   - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699).
   - ASoC: wm_adsp: Move check for control existence (bsc#1203699).
   - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699).
   - ASoC: wm_adsp: move firmware loading to client (bsc#1203699).
   - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699).
   - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core
     (bsc#1203699).
   - ASoC: wm_adsp: remove a repeated including (bsc#1203699).
   - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699).
   - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699).
   - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699).
   - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699).
   - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699).
   - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699).
   - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops
     (bsc#1203699).
   - ASoC: wm_adsp: Split DSP power operations into helper functions
     (bsc#1203699).
   - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699).
   - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers
     (bsc#1203699).
   - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret'
     (bsc#1203699).
   - batman-adv: Fix hang up with small MTU hard-interface (git-fixes).
   - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
     (git-fixes).
   - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
     (git-fixes).
   - Bluetooth: hci_core: Fix not handling link timeouts propertly
     (git-fixes).
   - bnx2x: fix built-in kernel driver load failure (git-fixes).
   - bnx2x: fix driver load from initrd (git-fixes).
   - btrfs: fix relocation crash due to premature return from
     btrfs_commit_transaction() (bsc#1203360).
   - btrfs: fix space cache corruption and potential double allocations
     (bsc#1203361).
   - can: gs_usb: gs_can_open(): fix race dev->can.state condition
     (git-fixes).
   - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes).
   - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
     (bsc#1196869).
   - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
     (bsc#1203906).
   - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902).
   - cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869).
   - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes).
   - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc()
     (git-fixes).
   - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
     (git-fixes).
   - clk: ingenic-tcu: Properly enable registers before accessing timers
     (git-fixes).
   - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).
   - constraints: increase disk space for all architectures References:
     bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show
     that it is very close to the limit.
   - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
   - cs-dsp and serial-multi-instantiate enablement (bsc#1203699)
   - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682).
   - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755).
   - dmaengine: idxd: change MSIX allocation based on per wq activation
     (jsc#PED-664).
   - dmaengine: idxd: create locked version of idxd_quiesce() call
     (jsc#PED-682).
   - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664).
   - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664).
   - dmaengine: idxd: fix retry value to be constant for duration of function
     call (git-fixes).
   - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682).
   - dmaengine: idxd: handle invalid interrupt handle descriptors
     (jsc#PED-682).
   - dmaengine: idxd: int handle management refactoring (jsc#PED-682).
   - dmaengine: idxd: match type for retries var in idxd_enqcmds()
     (git-fixes).
   - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682).
   - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682).
   - dmaengine: idxd: set defaults for wq configs (jsc#PED-688).
   - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763).
   - dmaengine: ti: k3-udma-private: Fix refcount leak bug in
     of_xudma_dev_get() (git-fixes).
   - docs: i2c: i2c-topology: fix incorrect heading (git-fixes).
   - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes).
   - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes).
   - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes).
   - drm/amd/display: Limit user regamma to a valid value (git-fixes).
   - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack
     usage (git-fixes).
   - drm/amd/display: Reduce number of arguments of dml31's
     CalculateFlipSchedule() (git-fixes).
   - drm/amd/display: Reduce number of arguments of dml31's
     CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes).
   - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid
     cards (git-fixes).
   - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
   - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).
   - drm/amdgpu: make sure to init common IP before gmc (git-fixes).
   - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
   - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega
     (git-fixes).
   - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega
     (git-fixes).
   - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device
     to psp_hw_fini (git-fixes).
   - drm/amdgpu: Separate vf2pf work item init from virt data exchange
     (git-fixes).
   - drm/amdgpu: use dirty framebuffer helper (git-fixes).
   - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes).
   - drm/bridge: lt8912b: add vsync hsync (git-fixes).
   - drm/bridge: lt8912b: fix corrupted image output (git-fixes).
   - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes).
   - drm/gem: Fix GEM handle release errors (git-fixes).
   - drm/gma500: Fix BUG: sleeping function called from invalid context
     errors (git-fixes).
   - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes).
   - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes).
   - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
   - drm/i915/gt: Restrict forced preemption to the active context
     (git-fixes).
   - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks
     (git-fixes).
   - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
     (git-fixes).
   - drm/meson: Correct OSD1 global alpha value (git-fixes).
   - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
   - drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
   - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes).
   - drm/panfrost: devfreq: set opp to the recommended one to configure
     regulator (git-fixes).
   - drm/radeon: add a force flush to delay work when radeon (git-fixes).
   - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).
   - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes).
   - dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to be optional
     (git-fixes).
   - EDAC/dmc520: Do not print an error for each unconfigured interrupt line
     (bsc#1190497).
   - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
   - efi: libstub: Disable struct randomization (git-fixes).
   - eth: alx: take rtnl_lock on resume (git-fixes).
   - eth: sun: cassini: remove dead code (git-fixes).
   - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472)
     Backporting changes: 	* context fixes in other patch 	* update config
   - fbcon: Fix accelerated fbdev scrolling while logo is still shown
     (bsc#1152472)
   - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
     (git-fixes).
   - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes).
   - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes).
   - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic
     DSPs (bsc#1203699).
   - firmware: cs_dsp: Add lockdep asserts to interface functions
     (bsc#1203699).
   - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699).
   - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699).
   - firmware: cs_dsp: Add pre_run callback (bsc#1203699).
   - firmware: cs_dsp: Add pre_stop callback (bsc#1203699).
   - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699).
   - firmware: cs_dsp: Add version checks on coefficient loading
     (bsc#1203699).
   - firmware: cs_dsp: Allow creation of event controls (bsc#1203699).
   - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699).
   - firmware: cs_dsp: Clear core reset for cache (bsc#1203699).
   - firmware: cs_dsp: Fix overrun of unterminated control name string
     (bsc#1203699).
   - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer
     (bsc#1203699).
   - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl
     (bsc#1203699).
   - firmware: cs_dsp: Print messages from bin files (bsc#1203699).
   - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699).
   - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace
     is dead (git-fixes).
   - fuse: Remove the control interface for virtio-fs (bsc#1203798).
   - gpio: mockup: fix NULL pointer dereference when removing debugfs
     (git-fixes).
   - gpio: mockup: remove gpio debugfs when remove device (git-fixes).
   - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
     (git-fixes).
   - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes).
   - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
     (git-fixes).
   - gve: Fix GFP flags when allocing pages (git-fixes).
   - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
     (git-fixes).
   - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
   - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes).
   - hwmon: (mr75203) enable polling for all VM channels (git-fixes).
   - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes).
   - hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not
     defined (git-fixes).
   - hwmon: (mr75203) fix voltage equation for negative source input
     (git-fixes).
   - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of
     used sensors (git-fixes).
   - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888
     controller (git-fixes).
   - hwmon: (tps23861) fix byte order in resistance register (git-fixes).
   - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699).
   - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible
     (git-fixes).
   - i2c: mlxbf: Fix frequency calculation (git-fixes).
   - i2c: mlxbf: incorrect base address passed during io write (git-fixes).
   - i2c: mlxbf: prevent stack overflow in
     mlxbf_i2c_smbus_start_transaction() (git-fixes).
   - i2c: mlxbf: support lock mechanism (git-fixes).
   - ice: Allow operation with reduced device MSI-X (bsc#1201987).
   - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes).
   - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes).
   - ice: fix crash when writing timestamp on RX rings (git-fixes).
   - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes).
   - ice: fix possible under reporting of ethtool Tx and Rx statistics
     (git-fixes).
   - ice: Fix race during aux device (un)plugging (git-fixes).
   - ice: Match on all profiles in slow-path (git-fixes).
   - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
   - igb: skip phy status check where unavailable (git-fixes).
   - Input: goodix - add compatible string for GT1158 (git-fixes).
   - Input: goodix - add support for GT1158 (git-fixes).
   - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
   - Input: iqs62x-keys - drop unused device node references (git-fixes).
   - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
   - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
   - kABI workaround for spi changes (bsc#1203699).
   - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236).
   - kABI: fix adding another field to scsi_device (bsc#1203039).
   - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814).
   - kbuild: disable header exports for UML in a straightforward way
     (git-fixes).
   - kexec, KEYS, s390: Make use of built-in and secondary keyring for
     signature verification (bsc#1196444).
   - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
   - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
   - kexec: drop weak attribute from functions (bsc#1196444).
   - KVM: SVM: Create a separate mapping for the GHCB save area
     (jsc#SLE-19924, jsc#SLE-24814).
   - KVM: SVM: Create a separate mapping for the SEV-ES save area
     (jsc#SLE-19924, jsc#SLE-24814).
   - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924,
     jsc#SLE-24814).
   - KVM: SVM: fix tsc scaling cache logic (bsc#1203263).
   - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924,
     jsc#SLE-24814).
   - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes).
   - KVM: X86: Fix when shadow_root_level=5 and guest root_level 4
     (git-fixes).
   - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi()
     (git-fixes).
   - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall
     (git-fixes).
   - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924,
     jsc#SLE-24814).
   - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
     (git-fixes).
   - lockd: detect and reject lock arguments that overflow (git-fixes).
   - md-raid10: fix KASAN warning (git-fixes).
   - md: call __md_stop_writes in md_stop (git-fixes).
   - md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
   - media: aspeed: Fix an error handling path in aspeed_video_probe()
     (git-fixes).
   - media: coda: Add more H264 levels for CODA960 (git-fixes).
   - media: coda: Fix reported H264 profile (git-fixes).
   - media: dvb_vb2: fix possible out of bound access (git-fixes).
   - media: exynos4-is: Change clk_disable to clk_disable_unprepare
     (git-fixes).
   - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe
     (git-fixes).
   - media: flexcop-usb: fix endpoint type check (git-fixes).
   - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes).
   - media: imx-jpeg: Correct some definition according specification
     (git-fixes).
   - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes).
   - media: imx-jpeg: Fix potential array out of bounds in queue_setup
     (git-fixes).
   - media: imx-jpeg: Leave a blank space before the configuration data
     (git-fixes).
   - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes).
   - media: mceusb: Use new usb_control_msg_*() routines (git-fixes).
   - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment.
   - media: rkvdec: Disable H.264 error detection (git-fixes).
   - media: st-delta: Fix PM disable depth imbalance in delta_probe
     (git-fixes).
   - media: vsp1: Fix offset calculation for plane cropping.
   - misc: cs35l41: Remove unused pdn variable (bsc#1203699).
   - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes).
   - mlxsw: i2c: Fix initialization error flow (git-fixes).
   - mm: Fix PASID use-after-free issue (bsc#1203908).
   - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch
     failure (git-fixes).
   - mmc: hsq: Fix data stomping during mmc recovery (git-fixes).
   - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).
   - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
     (git-fixes).
   - net: axienet: fix RX ring refill allocation failure handling (git-fixes).
   - net: axienet: reset core on initialization prior to MDIO access
     (git-fixes).
   - net: bcmgenet: hide status block before TX timestamping (git-fixes).
   - net: bcmgenet: Revert "Use stronger register read/writes to assure
     ordering" (git-fixes).
   - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
   - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
     (git-fixes).
   - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes).
   - net: dsa: felix: fix tagging protocol changes with multiple CPU ports
     (git-fixes).
   - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
   - net: dsa: introduce helpers for iterating through ports using dp
     (git-fixes).
   - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes).
   - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes).
   - net: dsa: microchip: fix bridging with more than two member ports
     (git-fixes).
   - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes).
   - net: dsa: mt7530: add missing of_node_put() in mt7530_setup()
     (git-fixes).
   - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr
     (git-fixes).
   - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
     (git-fixes).
   - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes).
   - net: emaclite: Add error handling for of_address_to_resource()
     (git-fixes).
   - net: enetc: Use pci_release_region() to release some resources
     (git-fixes).
   - net: ethernet: mediatek: ppe: fix wrong size passed to memset()
     (git-fixes).
   - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address()
     (git-fixes).
   - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
     (git-fixes).
   - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes).
   - net: fec: add missing of_node_put() in fec_enet_init_stop_mode()
     (git-fixes).
   - net: ftgmac100: access hardware register after clock ready (git-fixes).
   - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes).
   - net: hns3: fix the concurrency between functions reading debugfs
     (git-fixes).
   - net: ipa: get rid of a duplicate initialization (git-fixes).
   - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes).
   - net: ipa: record proper RX transaction count (git-fixes).
   - net: macb: Fix PTP one step sync support (git-fixes).
   - net: macb: Increment rx bd head after allocating skb and buffer
     (git-fixes).
   - net: mana: Add rmb after checking owner bits (git-fixes).
   - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
   - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
   - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller
     (git-fixes).
   - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP
     filters (git-fixes).
   - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP
     over IP (git-fixes).
   - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes).
   - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware
     when deleted (git-fixes).
   - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set()
     (git-fixes).
   - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups
     (git-fixes).
   - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0
     (git-fixes).
   - net: phy: aquantia: wait for the suspend/resume operations to finish
     (git-fixes).
   - net: phy: at803x: move page selection fix to config_init (git-fixes).
   - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume()
     (git-fixes).
   - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes).
   - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes).
   - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management
     (git-fixes).
   - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume
     (git-fixes).
   - net: stmmac: dwmac-sun8i: add missing of_node_put() in
     sun8i_dwmac_register_mdio_mux() (git-fixes).
   - net: stmmac: enhance XDP ZC driver level switching performance
     (git-fixes).
   - net: stmmac: fix out-of-bounds access in a selftest (git-fixes).
   - net: stmmac: Fix unset max_speed difference between DT and non-DT
     platforms (git-fixes).
   - net: stmmac: only enable DMA interrupts when ready (git-fixes).
   - net: stmmac: perserve TX and RX coalesce value during XDP setup
     (git-fixes).
   - net: stmmac: remove unused get_addr() callback (git-fixes).
   - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes).
   - net: systemport: Fix an error handling path in bcm_sysport_probe()
     (git-fixes).
   - net: thunderbolt: Enable DMA paths only after rings are enabled
     (git-fixes).
   - net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
   - net: wwan: iosm: Call mutex_init before locking it (git-fixes).
   - net: wwan: iosm: remove pointless null check (git-fixes).
   - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes).
   - net/mlx5: Drain fw_reset when removing device (git-fixes).
   - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes).
   - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes).
   - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes).
   - net/mlx5e: Remove HW-GRO from reported features (git-fixes).
   - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes).
   - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes).
   - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()
     (git-fixes).
   - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).
   - NFS: fix problems with __nfs42_ssc_open (git-fixes).
   - NFS: Fix races in the legacy idmapper upcall (git-fixes).
   - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes).
   - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
   - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
   - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
   - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0
     (git-fixes).
   - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes).
   - NFSD: Clean up the show_nf_flags() macro (git-fixes).
   - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes).
   - NFSD: Fix offset type in I/O trace points (git-fixes).
   - NFSD: Report RDMA connection errors to the server (git-fixes).
   - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes).
   - of/device: Fix up of_dma_configure_id() stub (git-fixes).
   - of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
   - parisc/sticon: fix reverse colors (bsc#1152489)
   - parisc/stifb: Fix fb_is_primary_device() only available with
     (bsc#1152489)
   - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489)
   - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489)
   - PCI: Correct misspelled words (git-fixes).
   - PCI: Disable MSI for Tegra234 Root Ports (git-fixes).
   - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes).
   - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387).
   - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes).
   - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes).
   - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes).
   - platform/surface: aggregator_registry: Add support for Surface Laptop Go
     2 (git-fixes).
   - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap
     fixes (git-fixes).
   - platform/x86: i2c-multi-instantiate: Rename it for a generic serial
     driver name (bsc#1203699).
   - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop
     (bsc#1203699).
   - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699).
   - platform/x86: serial-multi-instantiate: Reorganize I2C functions
     (bsc#1203699).
   - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL
     (bsc#1194869).
   - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
   - regulator: core: Clean up on enable failure (git-fixes).
   - regulator: pfuze100: Fix the global-out-of-bounds access in
     pfuze100_regulator_probe() (git-fixes).
   - regulator: qcom_rpm: Fix circular deferral regression (git-fixes).
   - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
   - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197
     LTC#199895).
   - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
   - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039).
   - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
   - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID
     cases (bsc#1203939).
   - scsi: lpfc: Add reporting capability for Link Degrade Signaling
     (bsc#1203939).
   - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
   - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload
     (bsc#1203939).
   - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same
     NPort ID (bsc#1203939).
   - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
   - scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
   - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed
     phba (bsc#1185032 bsc#1203939).
   - scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
   - scsi: lpfc: Remove unneeded result variable (bsc#1203939).
   - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd
     (bsc#1203939).
   - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE
     (bsc#1203939).
   - scsi: lpfc: Rework FDMI attribute registration for unintential padding
     (bsc#1203939).
   - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency
     (bsc#1203939).
   - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager
     application (bsc#1203939).
   - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
   - scsi: mpt3sas: Fix use-after-free warning (git-fixes).
   - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
   - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status
     (bsc#1203935).
   - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1()
     (bsc#1203935).
   - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
   - scsi: qla2xxx: Define static symbols (bsc#1203935).
   - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX
     (bsc#1203935).
   - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
   - scsi: qla2xxx: Enhance driver tracing with separate tunable and more
     (bsc#1203935).
   - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
   - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
   - scsi: qla2xxx: Fix response queue handler reading stale packets
     (bsc#1203935).
   - scsi: qla2xxx: Fix spelling mistake "definiton" "definition"
     (bsc#1203935).
   - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational
     (bsc#1203935).
   - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
   - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
   - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
   - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading
     stale packets" (bsc#1203935).
   - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
   - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes).
   - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893).
   - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
   - selftests: Fix the if conditions of in test_extra_filter() (git-fixes).
   - selftests: forwarding: add shebang for sch_red.sh (git-fixes).
   - selftests: forwarding: Fix failing tests with old libnet (git-fixes).
   - serial: atmel: remove redundant assignment in rs485_config (git-fixes).
   - serial: Create uart_xmit_advance() (git-fixes).
   - serial: fsl_lpuart: Reset prior to registration (git-fixes).
   - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
     (git-fixes).
   - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
     (git-fixes).
   - soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
   - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
   - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).
   - spi: Add API to count spi acpi resources (bsc#1203699).
   - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699).
   - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes).
   - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes).
   - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes).
   - spi: propagate error code to the caller of acpi_spi_device_alloc()
     (bsc#1203699).
   - spi: qup: add missing clk_disable_unprepare on error in
     spi_qup_pm_resume_runtime() (git-fixes).
   - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
     (git-fixes).
   - spi: Return deferred probe error when controller isn't yet available
     (bsc#1203699).
   - spi: s3c64xx: Fix large transfers with DMA (git-fixes).
   - spi: Support selection of the index of the ACPI Spi Resource before
     alloc (bsc#1203699).
   - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
     (git-fixes).
   - struct ehci_hcd: hide new element going into a hole (git-fixes).
   - struct xhci_hcd: restore member now dynamically allocated (git-fixes).
   - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).
   - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).
   - SUNRPC: fix expiry of auth creds (git-fixes).
   - SUNRPC: Fix xdr_encode_bool() (git-fixes).
   - SUNRPC: Reinitialise the backchannel request buffers before reuse
     (git-fixes).
   - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).
   - thunderbolt: Add support for Intel Maple Ridge single port controller
     (git-fixes).
   - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
   - tty: serial: atmel: Preserve previous USART mode if RS485 disabled
     (git-fixes).
   - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
   - USB: add quirks for Lenovo OneLink+ Dock (git-fixes).
   - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
   - USB: core: Fix RST error in hub.c (git-fixes).
   - USB: core: Prevent nested device-reset calls (git-fixes).
   - USB: Drop commas after SoC match table sentinels (git-fixes).
   - USB: dwc3: core: leave default DMA if the controller does not support
     64-bit DMA (git-fixes).
   - USB: dwc3: disable USB core PHY management (git-fixes).
   - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
     (git-fixes).
   - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes).
   - USB: dwc3: gadget: Refactor pullup() (git-fixes).
   - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes).
   - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes).
   - USB: Fix memory leak in usbnet_disconnect() (git-fixes).
   - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes).
   - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes).
   - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes).
   - USB: serial: cp210x: add Decagon UCA device id (git-fixes).
   - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
   - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
   - USB: serial: option: add Quectel EM060K modem (git-fixes).
   - USB: serial: option: add Quectel RM520N (git-fixes).
   - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
     (git-fixes).
   - USB: serial: option: add support for OPPO R11 diag port (git-fixes).
   - USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes).
   - USB: struct usb_device: hide new member (git-fixes).
   - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device
     (git-fixes).
   - USB: typec: tipd: Add an additional overflow check (git-fixes).
   - USB: typec: tipd: Do not read/write more bytes than required (git-fixes).
   - USB: typec: ucsi: Remove incorrect warning (git-fixes).
   - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes).
   - vfio/type1: Unpin zero pages (git-fixes).
   - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
   - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes).
   - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
     (git-fixes).
   - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814).
   - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement
     (jsc#SLE-19924, jsc#SLE-24814).
   - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814).
   - virt: sevguest: Add support to get extended report (jsc#SLE-19924,
     jsc#SLE-24814).
   - virt: sevguest: Fix bool function returning negative value
     (jsc#SLE-19924, jsc#SLE-24814).
   - virt: sevguest: Fix return value check in alloc_shared_pages()
     (jsc#SLE-19924, jsc#SLE-24814).
   - vrf: fix packet sniffing for traffic originating from ip tunnels
     (git-fixes).
   - vt: Clear selection before changing the font (git-fixes).
   - watchdog: wdat_wdt: Set the min and max timeout values properly
     (bsc#1194023).
   - wifi: ath10k: add peer map clean up for peer delete in
     ath10k_sta_state() (git-fixes).
   - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes).
   - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
     il4965_rs_fill_link_cmd() (git-fixes).
   - wifi: mac80211_hwsim: check length for virtio packets (git-fixes).
   - wifi: mac80211: allow bw change during channel switch in mesh
     (git-fixes).
   - wifi: mac80211: fix regression with non-QoS drivers (git-fixes).
   - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
   - wifi: mt76: fix reading current per-tid starting sequence number for
     aggregation (git-fixes).
   - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in
     mt7615_sta_set_decap_offload (git-fixes).
   - wifi: mt76: mt7915: do not check state before configuring implicit
     beamform (git-fixes).
   - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes).
   - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes).
   - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes).
   - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes).
   - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
   - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
     (git-fixes).
   - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
     (git-fixes).
   - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes).
   - wifi: rtw88: add missing destroy_workqueue() on error path in
     rtw_core_init() (git-fixes).
   - workqueue: do not skip lockdep work dependency in cancel_work_sync()
     (git-fixes).
   - x86/boot: Add a pointer to Confidential Computing blob in bootparams
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/boot: Put globals that are accessed early into the .data section
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/boot: Use MSR read/write helpers instead of inline assembly
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/compressed: Add helper for validating pages in the decompression
     stage (jsc#SLE-19924, jsc#SLE-24814).
   - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/compressed: Register GHCB memory when SEV-SNP is active
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/compressed/64: Add identity mapping for Confidential Computing blob
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/compressed/64: Detect/setup SEV/SME features earlier during boot
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/compressed/acpi: Move EFI config table lookup to helper
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/compressed/acpi: Move EFI kexec handling into common code
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/compressed/acpi: Move EFI system table lookup to helper
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/compressed/acpi: Move EFI vendor table lookup to helper
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814).
   - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969).
   - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
   - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814).
   - x86/sev: Add helper for validating pages in early enc attribute changes
     (jsc#SLE-19924, jsc#SLE-24814).
   - x86/sev: Add missing __init annotations to SEV init routines
     (jsc#SLE-19924 jsc#SLE-24814).
   - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814).
   - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814).
   - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924,
     jsc#SLE-24814).
   - x86/xen: Remove undefined behavior in setup_features() (git-fixes).
   - xen-blkback: Advertise feature-persistent as user requested (git-fixes).
   - xen-blkback: Apply 'feature_persistent' parameter when connect
     (git-fixes).
   - xen-blkback: fix persistent grants negotiation (git-fixes).
   - xen-blkfront: Advertise feature-persistent as user requested (git-fixes).
   - xen-blkfront: Apply 'feature_persistent' parameter when connect
     (git-fixes).
   - xen-blkfront: Cache feature_persistent value before advertisement
     (git-fixes).
   - xen-blkfront: Handle NULL gendisk (git-fixes).
   - xen-netback: only remove 'hotplug-status' when the vif is actually
     destroyed (git-fixes).
   - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
   - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
   - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages()
     (git-fixes).
   - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes).
   - xhci: Allocate separate command structures for each LPM command
     (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-3844=1

   - SUSE Linux Enterprise Workstation Extension 15-SP4:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3844=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP4:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3844=1

      Please note that this is the initial kernel livepatch without fixes
      itself, this livepatch package is later updated by seperate standalone
      livepatch updates.

   - SUSE Linux Enterprise Module for Legacy Software 15-SP4:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3844=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP4:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3844=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP4:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3844=1

   - SUSE Linux Enterprise Micro 5.3:

      zypper in -t patch SUSE-SLE-Micro-5.3-2022-3844=1

   - SUSE Linux Enterprise High Availability 15-SP4:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3844=1



Package List:

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.14.21-150400.24.28.1
      cluster-md-kmp-default-debuginfo-5.14.21-150400.24.28.1
      dlm-kmp-default-5.14.21-150400.24.28.1
      dlm-kmp-default-debuginfo-5.14.21-150400.24.28.1
      gfs2-kmp-default-5.14.21-150400.24.28.1
      gfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1
      kernel-default-5.14.21-150400.24.28.1
      kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5
      kernel-default-base-rebuild-5.14.21-150400.24.28.1.150400.24.9.5
      kernel-default-debuginfo-5.14.21-150400.24.28.1
      kernel-default-debugsource-5.14.21-150400.24.28.1
      kernel-default-devel-5.14.21-150400.24.28.1
      kernel-default-devel-debuginfo-5.14.21-150400.24.28.1
      kernel-default-extra-5.14.21-150400.24.28.1
      kernel-default-extra-debuginfo-5.14.21-150400.24.28.1
      kernel-default-livepatch-5.14.21-150400.24.28.1
      kernel-default-livepatch-devel-5.14.21-150400.24.28.1
      kernel-default-optional-5.14.21-150400.24.28.1
      kernel-default-optional-debuginfo-5.14.21-150400.24.28.1
      kernel-obs-build-5.14.21-150400.24.28.1
      kernel-obs-build-debugsource-5.14.21-150400.24.28.1
      kernel-obs-qa-5.14.21-150400.24.28.1
      kernel-syms-5.14.21-150400.24.28.1
      kselftests-kmp-default-5.14.21-150400.24.28.1
      kselftests-kmp-default-debuginfo-5.14.21-150400.24.28.1
      ocfs2-kmp-default-5.14.21-150400.24.28.1
      ocfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1
      reiserfs-kmp-default-5.14.21-150400.24.28.1
      reiserfs-kmp-default-debuginfo-5.14.21-150400.24.28.1

   - openSUSE Leap 15.4 (aarch64 ppc64le x86_64):

      kernel-kvmsmall-5.14.21-150400.24.28.1
      kernel-kvmsmall-debuginfo-5.14.21-150400.24.28.1
      kernel-kvmsmall-debugsource-5.14.21-150400.24.28.1
      kernel-kvmsmall-devel-5.14.21-150400.24.28.1
      kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.28.1
      kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.28.1

   - openSUSE Leap 15.4 (ppc64le x86_64):

      kernel-debug-5.14.21-150400.24.28.1
      kernel-debug-debuginfo-5.14.21-150400.24.28.1
      kernel-debug-debugsource-5.14.21-150400.24.28.1
      kernel-debug-devel-5.14.21-150400.24.28.1
      kernel-debug-devel-debuginfo-5.14.21-150400.24.28.1
      kernel-debug-livepatch-devel-5.14.21-150400.24.28.1

   - openSUSE Leap 15.4 (aarch64):

      cluster-md-kmp-64kb-5.14.21-150400.24.28.1
      cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.28.1
      dlm-kmp-64kb-5.14.21-150400.24.28.1
      dlm-kmp-64kb-debuginfo-5.14.21-150400.24.28.1
      dtb-allwinner-5.14.21-150400.24.28.1
      dtb-altera-5.14.21-150400.24.28.1
      dtb-amazon-5.14.21-150400.24.28.1
      dtb-amd-5.14.21-150400.24.28.1
      dtb-amlogic-5.14.21-150400.24.28.1
      dtb-apm-5.14.21-150400.24.28.1
      dtb-apple-5.14.21-150400.24.28.1
      dtb-arm-5.14.21-150400.24.28.1
      dtb-broadcom-5.14.21-150400.24.28.1
      dtb-cavium-5.14.21-150400.24.28.1
      dtb-exynos-5.14.21-150400.24.28.1
      dtb-freescale-5.14.21-150400.24.28.1
      dtb-hisilicon-5.14.21-150400.24.28.1
      dtb-lg-5.14.21-150400.24.28.1
      dtb-marvell-5.14.21-150400.24.28.1
      dtb-mediatek-5.14.21-150400.24.28.1
      dtb-nvidia-5.14.21-150400.24.28.1
      dtb-qcom-5.14.21-150400.24.28.1
      dtb-renesas-5.14.21-150400.24.28.1
      dtb-rockchip-5.14.21-150400.24.28.1
      dtb-socionext-5.14.21-150400.24.28.1
      dtb-sprd-5.14.21-150400.24.28.1
      dtb-xilinx-5.14.21-150400.24.28.1
      gfs2-kmp-64kb-5.14.21-150400.24.28.1
      gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.28.1
      kernel-64kb-5.14.21-150400.24.28.1
      kernel-64kb-debuginfo-5.14.21-150400.24.28.1
      kernel-64kb-debugsource-5.14.21-150400.24.28.1
      kernel-64kb-devel-5.14.21-150400.24.28.1
      kernel-64kb-devel-debuginfo-5.14.21-150400.24.28.1
      kernel-64kb-extra-5.14.21-150400.24.28.1
      kernel-64kb-extra-debuginfo-5.14.21-150400.24.28.1
      kernel-64kb-livepatch-devel-5.14.21-150400.24.28.1
      kernel-64kb-optional-5.14.21-150400.24.28.1
      kernel-64kb-optional-debuginfo-5.14.21-150400.24.28.1
      kselftests-kmp-64kb-5.14.21-150400.24.28.1
      kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.28.1
      ocfs2-kmp-64kb-5.14.21-150400.24.28.1
      ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.28.1
      reiserfs-kmp-64kb-5.14.21-150400.24.28.1
      reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.28.1

   - openSUSE Leap 15.4 (noarch):

      kernel-devel-5.14.21-150400.24.28.1
      kernel-docs-5.14.21-150400.24.28.1
      kernel-docs-html-5.14.21-150400.24.28.1
      kernel-macros-5.14.21-150400.24.28.1
      kernel-source-5.14.21-150400.24.28.1
      kernel-source-vanilla-5.14.21-150400.24.28.1

   - openSUSE Leap 15.4 (s390x):

      kernel-zfcpdump-5.14.21-150400.24.28.1
      kernel-zfcpdump-debuginfo-5.14.21-150400.24.28.1
      kernel-zfcpdump-debugsource-5.14.21-150400.24.28.1

   - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):

      kernel-default-debuginfo-5.14.21-150400.24.28.1
      kernel-default-debugsource-5.14.21-150400.24.28.1
      kernel-default-extra-5.14.21-150400.24.28.1
      kernel-default-extra-debuginfo-5.14.21-150400.24.28.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.14.21-150400.24.28.1
      kernel-default-debugsource-5.14.21-150400.24.28.1
      kernel-default-livepatch-5.14.21-150400.24.28.1
      kernel-default-livepatch-devel-5.14.21-150400.24.28.1
      kernel-livepatch-5_14_21-150400_24_28-default-1-150400.9.3.5
      kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-1-150400.9.3.5
      kernel-livepatch-SLE15-SP4_Update_4-debugsource-1-150400.9.3.5

   - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64):

      kernel-default-debuginfo-5.14.21-150400.24.28.1
      kernel-default-debugsource-5.14.21-150400.24.28.1
      reiserfs-kmp-default-5.14.21-150400.24.28.1
      reiserfs-kmp-default-debuginfo-5.14.21-150400.24.28.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-5.14.21-150400.24.28.1
      kernel-obs-build-debugsource-5.14.21-150400.24.28.1
      kernel-syms-5.14.21-150400.24.28.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):

      kernel-docs-5.14.21-150400.24.28.1
      kernel-source-5.14.21-150400.24.28.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):

      kernel-default-5.14.21-150400.24.28.1
      kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5
      kernel-default-debuginfo-5.14.21-150400.24.28.1
      kernel-default-debugsource-5.14.21-150400.24.28.1
      kernel-default-devel-5.14.21-150400.24.28.1
      kernel-default-devel-debuginfo-5.14.21-150400.24.28.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64):

      kernel-64kb-5.14.21-150400.24.28.1
      kernel-64kb-debuginfo-5.14.21-150400.24.28.1
      kernel-64kb-debugsource-5.14.21-150400.24.28.1
      kernel-64kb-devel-5.14.21-150400.24.28.1
      kernel-64kb-devel-debuginfo-5.14.21-150400.24.28.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):

      kernel-devel-5.14.21-150400.24.28.1
      kernel-macros-5.14.21-150400.24.28.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x):

      kernel-zfcpdump-5.14.21-150400.24.28.1
      kernel-zfcpdump-debuginfo-5.14.21-150400.24.28.1
      kernel-zfcpdump-debugsource-5.14.21-150400.24.28.1

   - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):

      kernel-default-5.14.21-150400.24.28.1
      kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5
      kernel-default-debuginfo-5.14.21-150400.24.28.1
      kernel-default-debugsource-5.14.21-150400.24.28.1

   - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.14.21-150400.24.28.1
      cluster-md-kmp-default-debuginfo-5.14.21-150400.24.28.1
      dlm-kmp-default-5.14.21-150400.24.28.1
      dlm-kmp-default-debuginfo-5.14.21-150400.24.28.1
      gfs2-kmp-default-5.14.21-150400.24.28.1
      gfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1
      kernel-default-debuginfo-5.14.21-150400.24.28.1
      kernel-default-debugsource-5.14.21-150400.24.28.1
      ocfs2-kmp-default-5.14.21-150400.24.28.1
      ocfs2-kmp-default-debuginfo-5.14.21-150400.24.28.1


References:

   https://www.suse.com/security/cve/CVE-2022-1263.html
   https://www.suse.com/security/cve/CVE-2022-2586.html
   https://www.suse.com/security/cve/CVE-2022-3202.html
   https://www.suse.com/security/cve/CVE-2022-32296.html
   https://www.suse.com/security/cve/CVE-2022-3239.html
   https://www.suse.com/security/cve/CVE-2022-3303.html
   https://www.suse.com/security/cve/CVE-2022-39189.html
   https://www.suse.com/security/cve/CVE-2022-41218.html
   https://www.suse.com/security/cve/CVE-2022-41674.html
   https://www.suse.com/security/cve/CVE-2022-41848.html
   https://www.suse.com/security/cve/CVE-2022-41849.html
   https://www.suse.com/security/cve/CVE-2022-42719.html
   https://www.suse.com/security/cve/CVE-2022-42720.html
   https://www.suse.com/security/cve/CVE-2022-42721.html
   https://www.suse.com/security/cve/CVE-2022-42722.html
   https://bugzilla.suse.com/1185032
   https://bugzilla.suse.com/1190497
   https://bugzilla.suse.com/1194023
   https://bugzilla.suse.com/1194869
   https://bugzilla.suse.com/1195917
   https://bugzilla.suse.com/1196444
   https://bugzilla.suse.com/1196869
   https://bugzilla.suse.com/1197659
   https://bugzilla.suse.com/1198189
   https://bugzilla.suse.com/1200288
   https://bugzilla.suse.com/1200622
   https://bugzilla.suse.com/1201309
   https://bugzilla.suse.com/1201310
   https://bugzilla.suse.com/1201987
   https://bugzilla.suse.com/1202095
   https://bugzilla.suse.com/1202960
   https://bugzilla.suse.com/1203039
   https://bugzilla.suse.com/1203066
   https://bugzilla.suse.com/1203101
   https://bugzilla.suse.com/1203197
   https://bugzilla.suse.com/1203263
   https://bugzilla.suse.com/1203338
   https://bugzilla.suse.com/1203360
   https://bugzilla.suse.com/1203361
   https://bugzilla.suse.com/1203389
   https://bugzilla.suse.com/1203410
   https://bugzilla.suse.com/1203505
   https://bugzilla.suse.com/1203552
   https://bugzilla.suse.com/1203664
   https://bugzilla.suse.com/1203693
   https://bugzilla.suse.com/1203699
   https://bugzilla.suse.com/1203767
   https://bugzilla.suse.com/1203769
   https://bugzilla.suse.com/1203770
   https://bugzilla.suse.com/1203794
   https://bugzilla.suse.com/1203798
   https://bugzilla.suse.com/1203893
   https://bugzilla.suse.com/1203902
   https://bugzilla.suse.com/1203906
   https://bugzilla.suse.com/1203908
   https://bugzilla.suse.com/1203935
   https://bugzilla.suse.com/1203939
   https://bugzilla.suse.com/1203987
   https://bugzilla.suse.com/1203992
   https://bugzilla.suse.com/1204051
   https://bugzilla.suse.com/1204059
   https://bugzilla.suse.com/1204060
   https://bugzilla.suse.com/1204125



More information about the sle-security-updates mailing list