SUSE-IU-2023:548-1: Security update of suse-sles-15-sp4-chost-byos-v20230803-x86_64-gen2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Sun Aug 6 07:02:00 UTC 2023
SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230803-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2023:548-1
Image Tags : suse-sles-15-sp4-chost-byos-v20230803-x86_64-gen2:20230803
Image Release :
Severity : important
Type : security
References : 1065729 1089497 1150305 1152472 1152489 1157881 1160435 1186673
1187829 1189998 1193629 1194557 1194869 1194869 1200710 1201399
1203300 1205758 1206447 1206674 1206798 1207894 1208003 1208410
1208600 1208721 1208788 1209039 1209229 1209367 1209536 1209859
1210004 1210335 1210565 1210584 1210799 1210853 1210999 1211026
1211243 1211299 1211346 1211387 1211410 1211449 1211674 1211796
1211811 1211828 1211852 1211867 1212051 1212126 1212129 1212154
1212155 1212158 1212260 1212265 1212301 1212350 1212448 1212494
1212495 1212504 1212513 1212540 1212561 1212563 1212564 1212584
1212592 1212603 1212605 1212606 1212619 1212623 1212701 1212741
1212756 1212835 1212838 1212842 1212846 1212861 1212869 1212892
1212905 1213004 1213008 1213010 1213011 1213012 1213013 1213014
1213015 1213016 1213017 1213018 1213019 1213020 1213021 1213024
1213025 1213032 1213034 1213035 1213036 1213037 1213038 1213039
1213040 1213041 1213059 1213061 1213087 1213088 1213089 1213090
1213092 1213093 1213094 1213095 1213096 1213098 1213099 1213100
1213102 1213103 1213104 1213105 1213106 1213107 1213108 1213109
1213110 1213111 1213112 1213113 1213114 1213134 1213171 1213172
1213173 1213174 1213237 1213245 1213247 1213252 1213258 1213259
1213263 1213264 1213286 1213384 1213487 1213504 1213523 1213524
1213543 1213705 CVE-2022-2127 CVE-2023-1077 CVE-2023-1249 CVE-2023-1829
CVE-2023-20593 CVE-2023-21102 CVE-2023-2985 CVE-2023-3090 CVE-2023-3111
CVE-2023-3117 CVE-2023-31248 CVE-2023-3141 CVE-2023-31484 CVE-2023-3161
CVE-2023-32001 CVE-2023-3212 CVE-2023-32681 CVE-2023-3357 CVE-2023-3358
CVE-2023-3389 CVE-2023-3390 CVE-2023-3446 CVE-2023-34966 CVE-2023-34967
CVE-2023-34968 CVE-2023-34969 CVE-2023-35001 CVE-2023-35788 CVE-2023-35823
CVE-2023-35828 CVE-2023-35829 CVE-2023-3812 CVE-2023-38408
-----------------------------------------------------------------
The container suse-sles-15-sp4-chost-byos-v20230803-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2800-1
Released: Mon Jul 10 07:35:22 2023
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1212623
This update for openssl-1_1 fixes the following issues:
- Check the OCSP RESPONSE in openssl s_client command and terminate
connection if a revoked certificate is found. [bsc#1212623]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2811-1
Released: Wed Jul 12 11:56:18 2023
Summary: Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt
Type: recommended
Severity: moderate
References:
This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues:
This update provides a feature update to the FIDO2 stack.
Changes in libfido2:
- Version 1.13.0 (2023-02-20)
* New API calls:
+ fido_assert_empty_allow_list;
+ fido_cred_empty_exclude_list.
* fido2-token: fix issue when listing large blobs.
- Version 1.12.0 (2022-09-22)
* Support for COSE_ES384.
* Improved support for FIDO 2.1 authenticators.
* New API calls:
+ es384_pk_free;
+ es384_pk_from_EC_KEY;
+ es384_pk_from_EVP_PKEY;
+ es384_pk_from_ptr;
+ es384_pk_new;
+ es384_pk_to_EVP_PKEY;
+ fido_cbor_info_certs_len;
+ fido_cbor_info_certs_name_ptr;
+ fido_cbor_info_certs_value_ptr;
+ fido_cbor_info_maxrpid_minpinlen;
+ fido_cbor_info_minpinlen;
+ fido_cbor_info_new_pin_required;
+ fido_cbor_info_rk_remaining;
+ fido_cbor_info_uv_attempts;
+ fido_cbor_info_uv_modality.
* Documentation and reliability fixes.
- Version 1.11.0 (2022-05-03)
* Experimental PCSC support; enable with -DUSE_PCSC.
* Improved OpenSSL 3.0 compatibility.
* Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
* winhello: advertise 'uv' instead of 'clientPin'.
* winhello: support hmac-secret in fido_dev_get_assert().
* New API calls:
+ fido_cbor_info_maxlargeblob.
* Documentation and reliability fixes.
* Separate build and regress targets.
- Version 1.10.0 (2022-01-17)
* bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.
* New API calls:
- fido_dev_info_set;
- fido_dev_io_handle;
- fido_dev_new_with_info;
- fido_dev_open_with_info.
* Cygwin and NetBSD build fixes.
* Documentation and reliability fixes.
* Support for TPM 2.0 attestation of COSE_ES256 credentials.
- Version 1.9.0 (2021-10-27)
* Enabled NFC support on Linux.
* Support for FIDO 2.1 'minPinLength' extension.
* Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
* Support for TPM 2.0 attestation.
* Support for device timeouts; see fido_dev_set_timeout().
* New API calls:
- es256_pk_from_EVP_PKEY;
- fido_cred_attstmt_len;
- fido_cred_attstmt_ptr;
- fido_cred_pin_minlen;
- fido_cred_set_attstmt;
- fido_cred_set_pin_minlen;
- fido_dev_set_pin_minlen_rpid;
- fido_dev_set_timeout;
- rs256_pk_from_EVP_PKEY.
* Reliability and portability fixes.
* Better handling of HID devices without identification strings; gh#381.
- Update to version 1.8.0:
* Better support for FIDO 2.1 authenticators.
* Support for attestation format 'none'.
* New API calls:
- fido_assert_set_clientdata;
- fido_cbor_info_algorithm_cose;
- fido_cbor_info_algorithm_count;
- fido_cbor_info_algorithm_type;
- fido_cbor_info_transports_len;
- fido_cbor_info_transports_ptr;
- fido_cred_set_clientdata;
- fido_cred_set_id;
- fido_credman_set_dev_rk;
- fido_dev_is_winhello.
* fido2-token: new -Sc option to update a resident credential.
* Documentation and reliability fixes.
* HID access serialisation on Linux.
- Update to version 1.7.0:
* hid_win: detect devices with vendor or product IDs > 0x7fff
* Support for FIDO 2.1 authenticator configuration.
* Support for FIDO 2.1 UV token permissions.
* Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions.
* New API calls
* New fido_init flag to disable fido_dev_openâs U2F fallback
* Experimental NFC support on Linux.
- Enabled hidapi again, issues related to hidapi are fixed upstream
- Update to version 1.6.0:
* Documentation and reliability fixes.
* New API calls:
+ fido_cred_authdata_raw_len;
+ fido_cred_authdata_raw_ptr;
+ fido_cred_sigcount;
+ fido_dev_get_uv_retry_count;
+ fido_dev_supports_credman.
* Hardened Windows build.
* Native FreeBSD and NetBSD support.
* Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
- Create a udev subpackage and ship the udev rule.
Changes in python-fido2:
- update to 0.9.3:
* Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ
* Support the latest Windows webauthn.h API (included in Windows 11).
* Add product name and serial number to HidDescriptors.
* Remove the need for the uhid-freebsd dependency on FreeBSD.
- Update to version 0.9.1
* Add new CTAP error codes and improve handling of unknown codes.
* Client: API changes to better support extensions.
* Client.make_credential now returns a AuthenticatorAttestationResponse,
which holds the AttestationObject and ClientData, as well as any
client extension results for the credential.
* Client.get_assertion now returns an AssertionSelection object,
which is used to select between multiple assertions
* Renames: The CTAP1 and CTAP2 classes have been renamed to
Ctap1 and Ctap2, respectively.
* ClientPin: The ClientPin API has been restructured to support
multiple PIN protocols, UV tokens, and token permissions.
* CTAP 2.1 PRE: Several new features have been added for CTAP 2.1
* HID: The platform specific HID code has been revamped
- Version 0.8.1 (released 2019-11-25)
* Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified.
- Version 0.8.0 (released 2019-11-25)
* New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced.
* CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request.
* Fido2Client:
- make_credential/get_assertion now take WebAuthn options objects.
- timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event.
* Fido2Server:
- ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes.
- RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional.
- Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values.
- Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers.
- Fido2Server.timeout is now in ms and of type int.
* Support native WebAuthn API on Windows through WindowsClient.
- Version 0.7.2 (released 2019-10-24)
* Support for the TPM attestation format.
* Allow passing custom challenges to register/authenticate in Fido2Server.
* Bugfix: CTAP2 CANCEL command response handling fixed.
* Bugfix: Fido2Client fix handling of empty allow_list.
* Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail.
- Version 0.7.1 (released 2019-09-20)
* Enforce canonical CBOR on Authenticator responses by default.
* PCSC: Support extended APDUs.
* Server: Verify that UP flag is set.
* U2FFido2Server: Implement AppID exclusion extension.
* U2FFido2Server: Allow custom U2F facet verification.
* Bugfix: U2FFido2Server.authenticate_complete now returns the result.
- Version 0.7.0 (released 2019-06-17)
* Add support for NFC devices using PCSC.
* Add support for the hmac-secret Authenticator extension.
* Honor max credential ID length and number of credentials to Authenticator.
* Add close() method to CTAP devices to explicitly release their resources.
- Version 0.6.0 (released 2019-05-10)
* Don't fail if CTAP2 Info contains unknown fields.
* Replace cbor loads/dumps functions with encode/decode/decode_from.
* Server: Add support for AuthenticatorAttachment.
* Server: Add support for more key algorithms.
* Client: Expose CTAP2 Info object as Fido2Client.info.
Changes in yubikey-manager:
- Update to version 4.0.9 (released 2022-06-17)
* Dependency: Add support for python-fido2 1.x
* Fix: Drop stated support for Click 6 as features from 7 are being used.
- Update to version 4.0.8 (released 2022-01-31)
* Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential.
* Bugfix: Fix issue with displaying a Steam credential when it is the only account.
* Bugfix: Prevent installation of files in site-packages root.
* Bugfix: Fix cleanup logic in PIV for protected management key.
* Add support for token identifier when programming slot-based HOTP.
* Add support for programming NDEF in text mode.
* Dependency: Add support for Cryptography â 38.
- version update to 4.0.7
** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with
touch Steam credentials.
- version 4.0.6 (released 2021-09-08)
** Improve handling of YubiKey device reboots.
** More consistently mask PIN/password input in prompts.
** Support switching mode over CCID for YubiKey Edge.
** Run pkill from PATH instead of fixed location.
- version 4.0.5 (released 2021-07-16)
** Bugfix: Fix PIV feature detection for some YubiKey NEO versions.
** Bugfix: Fix argument short form for --period when adding TOTP credentials.
** Bugfix: More strict validation for some arguments, resulting in better error messages.
** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required.
** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -').
- Update to version 4.0.3
* Add support for fido reset over NFC.
* Bugfix: The --touch argument to piv change-management-key was
ignored.
* Bugfix: Donât prompt for password when importing PIV key/cert
if file is invalid.
* Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO.
* Bugfix: Detect PKCS#12 format when outer sequence uses
indefinite length.
* Dependency: Add support for Click 8.
- Update to version 4.0.2
* Update device names
* Add read_info output to the --diagnose command, and show
exception types.
* Bugfix: Fix read_info for YubiKey Plus.
* Add support for YK5-based FIPS YubiKeys.
* Bugfix: Fix OTP device enumeration on Win32.
* Drop reliance on libusb and libykpersonalize.
* Support the 'fido' and 'otp' subcommands over NFC
* New 'ykman --diagnose' command to aid in troubleshooting.
* New 'ykman apdu' command for sending raw APDUs over the smart
card interface.
* New 'yubikit' package added for custom development and advanced
scripting.
* OpenPGP: Add support for KDF enabled YubiKeys.
* Static password: Add support for FR, IT, UK and BEPO keyboard
layouts.
- Update to 3.1.1
* Add support for YubiKey 5C NFC
* OpenPGP: set-touch now performs compatibility checks before prompting for PIN
* OpenPGP: Improve error messages and documentation for set-touch
* PIV: read-object command no longer adds a trailing newline
* CLI: Hint at missing permissions when opening a device fails
* Linux: Improve error handling when pcscd is not running
* Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this!
* Bugfix: set-touch now accepts the cached-fixed option
* Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing
* Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate
* Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate
* Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception
- Version 3.1.0 (released 2019-08-20)
* Add support for YubiKey 5Ci
* OpenPGP: the info command now prints OpenPGP specification version as well
* OpenPGP: Update support for attestation to match OpenPGP v3.4
* PIV: Use UTC time for self-signed certificates
* OTP: Static password now supports the Norman keyboard layout
- Version 3.0.0 (released 2019-06-24)
* Add support for new YubiKey Preview and lightning form factor
* FIDO: Support for credential management
* OpenPGP: Support for OpenPGP attestation, cardholder certificates and
cached touch policies
* OTP: Add flag for using numeric keypad when sending digits
- Version 2.1.1 (released 2019-05-28)
* OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud
* Donât automatically select the U2F applet on YubiKey NEO, it might be
blocked by the OS
* ChalResp: Always pad challenge correctly
* Bugfix: Donât crash with older versions of cryptography
* Bugfix: Password was always prompted in OATH command, even if sent as
argument
Changes in yubikey-manager-qt:
- update to 1.2.5:
* Compatibility update for ykman 5.0.1.
* Update to Python 3.11.
* Update product images.
- Update to version 1.2.4 (released 2021-10-26)
* Update device names and images.
* PIV: Fix import of certificate.
- Update to version 1.2.3
* Improved error handling when using Security Key Series devices.
* PIV: Fix generation of certificate in slot 9c.
- Update to version 1.2.2
* Fix detection of YubiKey Plus
* Compatibility update for yubikey-manager 4.0
* Bugfix: Device caching with multiple devices
* Drop dependencies on libusb and libykpers.
* Add additional product names and images
- update to 1.1.5
* Add support for YubiKey 5C NFC
- Update to version 1.1.4
* OTP: Add option to upload YubiOTP credential to YubiCloud
* Linux: Show hint about pcscd service if opening device fails
* Bugfix: Signal handling now compatible with Python 3.8
- Version 1.1.3 (released 2019-08-20)
* Add suppport for YubiKey 5Ci
* PIV: Use UTC time for self-signed certificates
- Version 1.1.2 (released 2019-06-24)
* Add support for new YubiKey Preview
* PIV: The popup for the management key now have a 'Use default' option
* Windows: Fix issue with importing PIV certificates
* Bugfix: generate static password now works correctly
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2820-1
Released: Thu Jul 13 11:20:27 2023
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1152472,1152489,1160435,1187829,1189998,1194869,1205758,1208410,1208600,1209039,1209367,1210335,1211299,1211346,1211387,1211410,1211449,1211796,1211852,1212051,1212129,1212154,1212155,1212158,1212265,1212350,1212448,1212494,1212495,1212504,1212513,1212540,1212561,1212563,1212564,1212584,1212592,1212603,1212605,1212606,1212619,1212701,1212741,1212835,1212838,1212842,1212861,1212869,1212892,CVE-2023-1077,CVE-2023-1249,CVE-2023-1829,CVE-2023-21102,CVE-2023-3090,CVE-2023-3111,CVE-2023-3141,CVE-2023-3161,CVE-2023-3212,CVE-2023-3357,CVE-2023-3358,CVE-2023-3389,CVE-2023-35788,CVE-2023-35823,CVE-2023-35828,CVE-2023-35829
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
The following non-security bugs were fixed:
- Drop dvb-core fix patch due to a bug (bsc#1205758).
- Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931).
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix usrmerge error (boo#1211796).
- Generalize kernel-doc build requirements.
- Get module prefix from kmod (bsc#1212835).
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
- Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes).
- Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes).
- Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
- Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253).
- acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
- affs: initialize fsdata in affs_truncate() (git-fixes).
- alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
- alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes).
- alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
- alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
- alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
- alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
- alsa: oss: avoid missing-prototype warnings (git-fixes).
- alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
- alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
- arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- arm: dts: vexpress: add missing cache properties (git-fixes).
- asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
- asoc: dwc: limit the number of overrun messages (git-fixes).
- asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
- asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
- asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
- asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
- asoc: mediatek: mt8173: Fix irq error path (git-fixes).
- asoc: nau8824: Add quirk to active-high jack-detect (git-fixes).
- asoc: simple-card: Add missing of_node_put() in case of error (git-fixes).
- asoc: soc-pcm: test if a BE can be prepared (git-fixes).
- asoc: ssm2602: Add workaround for playback distortions (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work (git-fixes).
- binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249).
- bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
- bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
- bluetooth: hci_qca: fix debugfs registration (git-fixes).
- bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- bpf: Fix UAF in task local storage (bsc#1212564).
- btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
- can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
- can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: make header self contained (git-fixes).
- ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
- cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
- cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
- clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: return error if one synth clock registration fails (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
- dmaengine: pl330: rename _start to prevent build error (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
- drm/amd/display: Add minimal pipe split transition state (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- drm/amd/display: fix the system hang while disable PSR (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
- drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes).
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
- drm/ast: Fix ARM compatibility (git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
- drm/i915/selftests: Add some missing error propagation (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
- drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
- drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
- drm/msm: Set max segment size earlier (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
- drm/vram-helper: fix function names in vram helper doc (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
- eeprom: at24: also select REGMAP (git-fixes).
- elf: correct note name comment (git-fixes).
- ext4: unconditionally enable the i_version counter (bsc#1211299).
- extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
- extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read()
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212).
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
- hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
- hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357).
- hid: google: add jewel USB id (git-fixes).
- hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
- hid: wacom: Add error check to wacom_parse_and_register() (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
- hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- ib/isert: Fix dead lock in ib_isert (git-fixes)
- ib/isert: Fix incorrect release of isert connection (git-fixes)
- ib/isert: Fix possible list corruption in CMA handler (git-fixes)
- ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
- ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
- ice: Do not double unplug aux on peer initiated reset (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
- ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- igb: fix nvm.ops.read() error handling (git-fixes).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- igc: Fix possible system crash when loading module (git-fixes).
- iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- init: Remove check_bugs() leftovers (bsc#1212448).
- input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
- input: drv260x - fix typo in register value define (git-fixes).
- input: drv260x - remove unused .reg_defaults (git-fixes).
- input: drv260x - sleep between polling GO bit (git-fixes).
- input: fix open count when closing inhibited device (git-fixes).
- input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
- input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
- integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
- io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389).
- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090).
- irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
- jfs: Fix fortify moan in symlink (git-fixes).
- kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
- kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
- kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
- kprobes: Prohibit probes in gate area (git-fixes).
- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
- kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
- kvm: arm64: Do not hypercall before EL2 init (git-fixes)
- kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- kvm: arm64: Save PSTATE early on exit (git-fixes)
- kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Enhance congestion statistics collection (bsc#1211852).
- lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
- media: cec: core: do not set last_initiator if tx in progress (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled (git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test (git-fixes).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410).
- mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253).
- net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253).
- net/mlx5: Do not use already freed action pointer (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253).
- net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253).
- net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253).
- net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253).
- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253).
- net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253).
- net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253).
- net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: fix initialization order when updating chain 0 head (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes).
- net/sched: tcindex: Do not use perfect hashing (bsc#1210335 CVE-2023-1829).
- net: ena: Account for the number of processed bytes in XDP (git-fixes).
- net: ena: Do not register memory info on XDP exchange (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: ena: Set default value for RX interrupt moderation (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes).
- net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- nfp: only report pause frame configuration for physical device (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes).
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes).
- pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes).
- pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- pci: Release resource invalidated by coalescing (git-fixes).
- pci: cadence: Fix Gen2 Link Retraining process (git-fixes).
- pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes).
- pci: ftpci100: Release the clock resources (git-fixes).
- pci: pciehp: Cancel bringup sequence if card is not present (git-fixes).
- pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes).
- pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes).
- pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
- pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes).
- pci: rockchip: Set address alignment for endpoint mode (git-fixes).
- pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
- pci: rockchip: Write PCI Device ID to correct register (git-fixes).
- pci: vmd: Reset VMD config register between soft reboots (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes).
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes).
- platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling (git-fixes).
- platform/x86: think-lmi: Correct System password interface (git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes).
- pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
- power: supply: Fix logic checking if system is running from battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: ab8500: Fix external_power_changed race (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race (git-fixes).
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869).
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701).
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662).
- pstore/ram: Add check for kstrdup (git-fixes).
- qed/qede: Fix scheduling while atomic (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes).
- rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- rdma/bnxt_re: Remove unnecessary checks (git-fixes)
- rdma/bnxt_re: Return directly without goto jumps (git-fixes)
- rdma/bnxt_re: Use unique names while registering interrupts (git-fixes)
- rdma/bnxt_re: wraparound mbox producer index (git-fixes)
- rdma/cma: Always set static rate to 0 for RoCE (git-fixes)
- rdma/hns: Fix hns_roce_table_get return value (git-fixes)
- rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
- rdma/mlx5: Fix affinity assignment (git-fixes)
- rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
- rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- rdma/rxe: Fix packet length checks (git-fixes)
- rdma/rxe: Fix ref count error in check_rkey() (git-fixes)
- rdma/rxe: Fix rxe_cq_post (git-fixes)
- rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes)
- rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- rdma/rxe: Remove the unused variable obj (git-fixes)
- rdma/rxe: Removed unused name from rxe_task struct (git-fixes)
- rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- regmap: Account for register length when chunking (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- regulator: Fix error checking for debugfs_create_dir (git-fixes).
- regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes).
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).
- reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes).
- revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes).
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes).
- s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592).
- s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes).
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes).
- serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes).
- serial: atmel: do not enable IRQs prematurely (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- spi: qup: Request DMA before enabling clocks (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes).
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).
- staging: octeon: delete my name from TODO contact (git-fixes).
- sunrpc: Clean up svc_deferred_class trace events (git-fixes).
- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- test_firmware: Use kstrtobool() instead of strtobool() (git-fixes).
- test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes).
- test_firmware: prevent race conditions by a correct implementation of locking (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes).
- thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes).
- thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- tracing/histograms: Allow variables to have some modifiers (git-fixes).
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes).
- tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes).
- tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350).
- tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes).
- tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes).
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: fix use-after-free on core driver unbind (git-fixes).
- usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes).
- usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions (git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
- usb: serial: option: add Quectel EM061KGL series (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes).
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes).
- writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes).
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Mark init functions __init (bsc#1212448).
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- x86/init: Initialize signal frame size late (bsc#1212448).
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes).
- x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes).
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes).
- x86/microcode: Print previous version of microcode after reload (git-fixes).
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- x86/mm: Initialize text poking earlier (bsc#1212448).
- x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- x86/xen: fix secondary processor fpu initialization (bsc#1212869).
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2827-1
Released: Fri Jul 14 11:27:42 2023
Summary: Recommended update for libxml2
Type: recommended
Severity: moderate
References:
This update for libxml2 fixes the following issues:
- Build also for modern python version (jsc#PED-68)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2847-1
Released: Mon Jul 17 08:40:42 2023
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1210004
This update for audit fixes the following issues:
- Check for AF_UNIX unnamed sockets (bsc#1210004)
- Enable livepatching on main library on x86_64
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2855-1
Released: Mon Jul 17 16:35:21 2023
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1212260
This update for openldap2 fixes the following issues:
- libldap2 crashes on ldap_sasl_bind_s (bsc#1212260)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2866-1
Released: Tue Jul 18 11:09:03 2023
Summary: Security update for python-requests
Type: security
Severity: moderate
References: 1211674,CVE-2023-32681
This update for python-requests fixes the following issues:
- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2877-1
Released: Wed Jul 19 09:43:42 2023
Summary: Security update for dbus-1
Type: security
Severity: moderate
References: 1212126,CVE-2023-34969
This update for dbus-1 fixes the following issues:
- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2882-1
Released: Wed Jul 19 11:49:39 2023
Summary: Security update for perl
Type: security
Severity: important
References: 1210999,CVE-2023-31484
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2885-1
Released: Wed Jul 19 16:58:43 2023
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1208721,1209229,1211828
This update for glibc fixes the following issues:
- getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235)
- Exclude static archives from preparation for live patching (bsc#1208721)
- resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2891-1
Released: Wed Jul 19 21:14:33 2023
Summary: Security update for curl
Type: security
Severity: moderate
References: 1213237,CVE-2023-32001
This update for curl fixes the following issues:
- CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2893-1
Released: Thu Jul 20 06:44:05 2023
Summary: Recommended update for wicked
Type: recommended
Severity: moderate
References: 1194557,1203300,1206447,1206674,1206798,1211026
This update for wicked fixes the following issues:
- Update to version 0.6.73
- Fix arp notify loop and burst sending (boo#1212806)
- Allow verify/notify counter and interval configuration
- Handle ENOBUFS sending errors (bsc#1203300)
- Improve environment variable handling
- Refactor firmware extension definition
- Enable, disable and revert cli commands
- Fix memory leaks, add array/list utils
- Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026)
- Cleanup /var/run leftovers in extension scripts (bsc#1194557)
- Output formatting improvements and Unicode support
- bond: workaround 6.1 kernel enslave regression (bsc#1206674)
- Add `wicked firmware` command to improve `ibft`,`nbft`,`redfish`
firmware extension and interface handling.
- Improve error handling in netif firmware discovery
extension execution and extension definition overrides in
the wicked-config.
- Fix use-after-free in debug mode (bsc#1206447)
- Replace transitional `%usrmerged` macro with regular
version check (bsc#1206798)
- Improve to show `no-carrier` in ifstatus output
- Cleanup inclusions and update uapi header to 6.0
- Link mode nwords cleanup and new advertise mode names
- Enable raw-ip support for wwan-qmi interfaces (jsc#PED-90)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2918-1
Released: Thu Jul 20 12:00:17 2023
Summary: Recommended update for gpgme
Type: recommended
Severity: moderate
References: 1089497
This update for gpgme fixes the following issues:
gpgme:
- Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497)
libassuan:
- Version upgrade to 2.5.5 in LTSS to address gpgme new requirements
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2922-1
Released: Thu Jul 20 18:34:03 2023
Summary: Recommended update for libfido2
Type: recommended
Severity: moderate
References:
This update for libfido2 fixes the following issues:
- Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded
openssl-3 dependency. (jsc#PED-4521)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2930-1
Released: Fri Jul 21 10:09:57 2023
Summary: Security update for samba
Type: security
Severity: important
References: 1213171,1213172,1213173,1213174,1213384,CVE-2022-2127,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968
This update for samba fixes the following issues:
- CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
- CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173).
- CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172).
- CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171).
Bugfixes:
- Fixed trust relationship failure (bsc#1213384).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2945-1
Released: Mon Jul 24 09:37:30 2023
Summary: Security update for openssh
Type: security
Severity: important
References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408
This update for openssh fixes the following issues:
- CVE-2023-38408: Fixed a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
execution via a forwarded agent socket if those libraries were present on the
victim's system and if the agent was forwarded to an attacker-controlled
system. [bsc#1213504, CVE-2023-38408]
- Close the right filedescriptor and also close fdh in read_hmac to avoid file
descriptor leaks. [bsc#1209536]
- Attempts to mitigate instances of secrets lingering in memory after a session
exits. [bsc#1186673, bsc#1213004, bsc#1213008]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2962-1
Released: Tue Jul 25 09:34:53 2023
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1213487,CVE-2023-3446
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2994-1
Released: Thu Jul 27 06:45:29 2023
Summary: Recommended update for nfs-utils
Type: recommended
Severity: moderate
References: 1157881,1200710,1209859
This update for nfs-utils fixes the following issues:
- SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710)
- Avoid unhelpful warnings (bsc#1157881)
- Fix rpc.nfsd man pages (bsc#1209859)
- Allow scope to be set in sysconfig: NFSD_SCOPE
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3118-1
Released: Wed Aug 2 05:57:56 2023
Summary: Recommended update for hwinfo
Type: recommended
Severity: moderate
References: 1212756
This update for hwinfo fixes the following issues:
- Avoid linking problems with libsamba (bsc#1212756)
- Update to version 21.85
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3170-1
Released: Thu Aug 3 08:02:27 2023
Summary: Recommended update for perl-Bootloader
Type: recommended
Severity: moderate
References: 1201399,1208003,1210799
This update for perl-Bootloader fixes the following issues:
- Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799)
- UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399)
- Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003)
- Add basic support for systemd-boot
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3171-1
Released: Thu Aug 3 08:33:37 2023
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1150305,1193629,1194869,1207894,1208788,1210565,1210584,1210853,1211243,1211811,1211867,1212301,1212846,1212905,1213010,1213011,1213012,1213013,1213014,1213015,1213016,1213017,1213018,1213019,1213020,1213021,1213024,1213025,1213032,1213034,1213035,1213036,1213037,1213038,1213039,1213040,1213041,1213059,1213061,1213087,1213088,1213089,1213090,1213092,1213093,1213094,1213095,1213096,1213098,1213099,1213100,1213102,1213103,1213104,1213105,1213106,1213107,1213108,1213109,1213110,1213111,1213112,1213113,1213114,1213134,1213245,1213247,1213252,1213258,1213259,1213263,1213264,1213286,1213523,1213524,1213543,1213705,CVE-2023-20593,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3812
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
The following non-security bugs were fixed:
- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
- ALSA: fireface: make read-only const array for model names static (git-fixes).
- ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
- ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes).
- ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes).
- ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes).
- ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes).
- ALSA: hda/realtek: Whitespace fix (git-fixes).
- ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
- ALSA: oxfw: make read-only const array models static (git-fixes).
- ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes).
- ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes).
- ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes).
- ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
- ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
- ASoC: tegra: Fix ADX byte map (git-fixes).
- ASoC: tegra: Fix AMX byte map (git-fixes).
- Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
- Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes).
- Documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
- Documentation: timers: hrtimers: Make hybrid union historical (git-fixes).
- Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758)
- Fix documentation of panic_on_warn (git-fixes).
- IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes).
- RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
- Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes)
- Revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes).
- USB: dwc2: Fix some error handling paths (git-fixes).
- USB: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes).
- USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
- USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- Update config and supported.conf files due to renaming.
- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
- arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes)
- arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
- cifs: add a warning when the in-flight count goes negative (bsc#1193629).
- cifs: address unused variable warning (bsc#1193629).
- cifs: do all necessary checks for credits within or before locking (bsc#1193629).
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- cifs: fix max_credits implementation (bsc#1193629).
- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- cifs: log session id when a matching ses is not found (bsc#1193629).
- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
- cifs: print all credit counters in DebugData (bsc#1193629).
- cifs: print client_guid in DebugData (bsc#1193629).
- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
- cifs: print nosharesock value while dumping mount options (bsc#1193629).
- clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes).
- clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- crypto: kpp - Add helper to set reqsize (git-fixes).
- crypto: qat - Use helper to set reqsize (git-fixes).
- devlink: fix kernel-doc notation warnings (git-fixes).
- docs: networking: Update codeaurora references for rmnet (git-fixes).
- drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
- drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
- drm/amdgpu: Validate VM ioctl flags (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes).
- drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes).
- drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/client: Fix memory leak in drm_client_target_cloned (git-fixes).
- drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes).
- drm/i915: Fix one wrong caching mode enum usage (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes).
- drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes).
- drm/ttm: Do not leak a resource on swapout move error (git-fixes).
- dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes).
- ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020).
- ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
- ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088).
- ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
- ext4: add strict range checks while freeing blocks (bsc#1213089).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
- ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090).
- ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103).
- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
- ext4: fix WARNING in mb_find_extent (bsc#1213099).
- ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111).
- ext4: fix data races when using cached status extents (bsc#1213102).
- ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105).
- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
- ext4: fix lockdep warning when enabling MMP (bsc#1213100).
- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
- ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098).
- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
- ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).
- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087).
- ext4: refuse to create ea block when umounted (bsc#1213093).
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107).
- ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
- ext4: update s_journal_inum if it changes after journal replay (bsc#1213094).
- ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
- hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
- hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
- hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861).
- hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861).
- hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hwmon: (adm1275) Allow setting sample averaging (git-fixes).
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes).
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).
- i2c: xiic: Do not try to handle more interrupt events after error (git-fixes).
- inotify: Avoid reporting event with invalid wd (bsc#1213025).
- jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095).
- jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014).
- kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).
- kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers
- kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes).
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes).
- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes).
- media: cec: i2c: ch7322: also select REGMAP (git-fixes).
- media: i2c: Correct format propagation for st-mipid02 (git-fixes).
- media: usb: Check az6007_read() return value (git-fixes).
- media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes).
- media: venus: helpers: Fix ALIGN() of non power of two (git-fixes).
- media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes).
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
- mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes).
- net: mana: Add support for vlan tagging (bsc#1212301).
- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
- ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes).
- ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes).
- ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes).
- ntb: ntb_tool: Add check for devm_kcalloc (git-fixes).
- ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).
- nvme-multipath: support io stats on the mpath device (bsc#1210565).
- nvme: introduce nvme_start_request (bsc#1210565).
- ocfs2: Switch to security_inode_init_security() (git-fixes).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
- phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes).
- phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes).
- pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes).
- pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes).
- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869).
- powerpc/64s: Fix VAS mm use after free (bsc#1194869).
- powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869).
- powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).
- powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).
- powerpc/prom_init: Fix kernel config grep (bsc#1194869).
- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- powerpc: define get_cycles macro for arch-override (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
- pwm: ab8500: Fix error code in probe() (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
- pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes).
- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*.
- rsi: remove kernel-doc comment marker (git-fixes).
- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
- s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263).
- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).
- s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264).
- s390: discard .interp section (git-fixes bsc#1213247).
- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
- security: keys: Modify mismatched function name (git-fixes).
- selftests: mptcp: depend on SYN_COOKIES (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: add ConnTrack procfs kconfig (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869).
- signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869).
- smb3: do not reserve too many oplock credits (bsc#1193629).
- smb3: missing null check in SMB2_change_notify (bsc#1193629).
- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
- smb: client: fix missed ses refcounting (git-fixes).
- smb: client: fix parsing of source mount option (bsc#1193629).
- smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629).
- smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
- smb: client: fix warning in CIFSFindNext() (bsc#1193629).
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- smb: client: improve DFS mount check (bsc#1193629).
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- smb: delete an unnecessary statement (bsc#1193629).
- smb: move client and server files to common directory fs/smb (bsc#1193629).
- smb: remove obsolete comment (bsc#1193629).
- soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes).
- spi: bcm63xx: fix max prepend length (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584).
- udf: Avoid double brelse() in udf_rename() (bsc#1213032).
- udf: Define EFSCORRUPTED error code (bsc#1213038).
- udf: Detect system inodes linked into directory hierarchy (bsc#1213114).
- udf: Discard preallocation before extending file with a hole (bsc#1213036).
- udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035).
- udf: Do not bother merging very long extents (bsc#1213040).
- udf: Do not update file length for failed writes to inline files (bsc#1213041).
- udf: Fix error handling in udf_new_inode() (bsc#1213112).
- udf: Fix extending file within last block (bsc#1213037).
- udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).
- udf: Preserve link count of system files (bsc#1213113).
- udf: Truncate added extents on failed expansion (bsc#1213039).
- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
- wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes).
- wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- writeback: fix call of incorrect macro (bsc#1213024).
- x86: Fix .brk attribute in linker script (git-fixes).
- xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
- xfs: CIL work is serialised, not pipelined (bsc#1211811).
- xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
- xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811).
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).
- xfs: do not reverse order of items in bulk AIL insertion (git-fixes).
- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
- xfs: drop async cache flushes from CIL commits (bsc#1211811).
- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).
- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
- xfs: fix logdev fsmap query result filtering (git-fixes).
- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
- xfs: fix uninitialized variable access (git-fixes).
- xfs: make fsmap backend function key parameters const (git-fixes).
- xfs: make the record pointer passed to query_range functions const (git-fixes).
- xfs: move the CIL workqueue to the CIL (bsc#1211811).
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- xfs: order CIL checkpoint start records (bsc#1211811).
- xfs: pass a CIL context to xlog_write() (bsc#1211811).
- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).
- xfs: separate out log shutdown callback processing (bsc#1211811).
- xfs: wait iclog complete before tearing down AIL (bsc#1211811).
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
- xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
- xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
The following package changes have been done:
- audit-3.0.6-150400.4.10.1 updated
- curl-8.0.1-150400.5.26.1 updated
- dbus-1-1.12.2-150400.18.8.1 updated
- glibc-locale-base-2.31-150300.52.2 updated
- glibc-locale-2.31-150300.52.2 updated
- glibc-2.31-150300.52.2 updated
- hwinfo-21.85-150400.3.12.1 updated
- kernel-default-5.14.21-150400.24.74.1 updated
- libassuan0-2.5.5-150000.4.5.2 updated
- libaudit1-3.0.6-150400.4.10.1 updated
- libauparse0-3.0.6-150400.4.10.1 updated
- libcurl4-8.0.1-150400.5.26.1 updated
- libdbus-1-3-1.12.2-150400.18.8.1 updated
- libfido2-1-1.13.0-150400.5.6.1 updated
- libhidapi-hidraw0-0.10.1-1.6 added
- libldap-2_4-2-2.4.46-150200.14.17.1 updated
- libldap-data-2.4.46-150200.14.17.1 updated
- libopenssl1_1-1.1.1l-150400.7.48.1 updated
- libxml2-2-2.9.14-150400.5.19.1 updated
- nfs-client-2.1.1-150100.10.37.1 updated
- openssh-clients-8.4p1-150300.3.22.1 updated
- openssh-common-8.4p1-150300.3.22.1 updated
- openssh-server-8.4p1-150300.3.22.1 updated
- openssh-8.4p1-150300.3.22.1 updated
- openssl-1_1-1.1.1l-150400.7.48.1 updated
- perl-Bootloader-0.944-150400.3.6.1 updated
- perl-base-5.26.1-150300.17.14.1 updated
- perl-5.26.1-150300.17.14.1 updated
- python3-requests-2.24.0-150300.3.3.1 updated
- samba-client-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 updated
- samba-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 updated
- system-group-audit-3.0.6-150400.4.10.1 updated
- wicked-service-0.6.73-150400.3.8.1 updated
- wicked-0.6.73-150400.3.8.1 updated
- libfido2-udev-1.5.0-1.30 removed
More information about the sle-security-updates
mailing list