SUSE-IU-2023:579-1: Security update of sles-15-sp5-chost-byos-v20230816-arm64

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Sun Aug 20 07:02:03 UTC 2023


SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20230816-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2023:579-1
Image Tags        : sles-15-sp5-chost-byos-v20230816-arm64:20230816
Image Release     : 
Severity          : important
Type              : security
References        : 1089497 1124564 1150305 1186673 1193629 1194557 1194869 1201399
                        1203300 1204563 1206418 1206627 1207129 1207894 1207948 1208003
                        1208788 1209536 1210323 1210627 1210780 1210799 1210825 1211026
                        1211079 1211131 1211243 1211738 1211811 1211867 1212256 1212301
                        1212375 1212418 1212445 1212496 1212502 1212525 1212598 1212604
                        1212613 1212756 1212759 1212766 1212806 1212846 1212901 1212905
                        1212928 1213004 1213008 1213049 1213059 1213061 1213167 1213170
                        1213171 1213172 1213173 1213174 1213189 1213205 1213206 1213226
                        1213233 1213237 1213245 1213247 1213252 1213258 1213259 1213263
                        1213264 1213272 1213286 1213287 1213304 1213384 1213386 1213417
                        1213443 1213472 1213487 1213493 1213504 1213514 1213517 1213523
                        1213524 1213527 1213533 1213543 1213578 1213585 1213586 1213588
                        1213601 1213618 1213620 1213632 1213653 1213686 1213705 1213713
                        1213715 1213747 1213756 1213759 1213777 1213810 1213812 1213853
                        1213856 1213857 1213863 1213867 1213870 1213871 1213872 1214054
                        CVE-2020-25720 CVE-2022-2127 CVE-2022-40982 CVE-2022-41409 CVE-2022-48468
                        CVE-2023-0459 CVE-2023-20569 CVE-2023-20593 CVE-2023-21400 CVE-2023-2156
                        CVE-2023-2166 CVE-2023-2985 CVE-2023-31083 CVE-2023-3117 CVE-2023-31248
                        CVE-2023-32001 CVE-2023-3268 CVE-2023-33460 CVE-2023-3347 CVE-2023-3390
                        CVE-2023-3446 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 CVE-2023-35001
                        CVE-2023-3567 CVE-2023-36054 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776
                        CVE-2023-3812 CVE-2023-3817 CVE-2023-38408 CVE-2023-38409 CVE-2023-3863
                        CVE-2023-4004 
-----------------------------------------------------------------

The container sles-15-sp5-chost-byos-v20230816-arm64 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2143-1
Released:    Tue May  9 14:49:45 2023
Summary:     Security update for protobuf-c
Type:        security
Severity:    important
References:  1210323,CVE-2022-48468
This update for protobuf-c fixes the following issues:

- CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2891-1
Released:    Wed Jul 19 21:14:33 2023
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1213237,CVE-2023-32001
This update for curl fixes the following issues:

- CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2901-1
Released:    Thu Jul 20 09:49:16 2023
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    important
References:  1212613
This update for lvm2 fixes the following issues:

- multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2905-1
Released:    Thu Jul 20 10:17:54 2023
Summary:     Recommended update for fstrm
Type:        recommended
Severity:    moderate
References:  
This update for fstrm fixes the following issues:

- Update to 0.6.1:

  - fstrm_capture: ignore SIGPIPE, which will cause the
    interrupted connections to generate an EPIPE instead.
  - Fix truncation in snprintf calls in argument processing.
  - fstrm_capture: Fix output printf format. 

- Update to 0.6.0 

  It adds a new feature for fstrm_capture. It can perform output
  file rotation when a SIGUSR1 signal is received by fstrm_capture.
  (See the --gmtime or --localtime options.) This allows
  fstrm_capture's output file to be rotated by logrotate or a
  similar external utility. (Output rotation is suppressed if
  fstrm_capture is writing to stdout.)

Update to 0.5.0

- Change license to modern MIT license for compatibility with
  GPLv2 software. Contact software at farsightsecurity.com for
  alternate licensing.
- src/fstrm_replay.c: For OpenBSD and Posix portability include
  netinet/in.h and sys/socket.h to get struct sockaddr_in and the
  AF_* defines respectively.
- Fix various compiler warnings.

Update to 0.4.0

The C implementation of the Frame Streams data transport
protocol, fstrm version 0.4.0, was released. It adds TCP support,
a new tool, new documentation, and several improvements.

- Added manual pages for fstrm_capture and fstrm_dump.
- Added new tool, fstrm_replay, for replaying saved Frame Streams
  data to a socket connection.
- Adds TCP support. Add tcp_writer to the core library which
  implements a bi-directional Frame Streams writer as a TCP
  socket client. Introduces new developer API:
  fstrm_tcp_writer_init, fstrm_tcp_writer_options_init,
  fstrm_tcp_writer_options_destroy,
  fstrm_tcp_writer_options_set_socket_address, and
  fstrm_tcp_writer_options_set_socket_port.
- fstrm_capture: new options for reading from TCP socket.
- fstrm_capture: add '-c' / '--connections' option to limit the
  number of concurrent connections it will accept.
- fstrm_capture: add '-b / --buffer-size' option to set the read
  buffer size (effectively the maximum frame size) to a value
  other than the default 256 KiB.
- fstrm_capture: skip oversize messages to fix stalled
  connections caused by messages larger than the read highwater
  mark of the input buffer. Discarded messages are logged for the
  purposes of tuning the input buffer size.
- fstrm_capture: complete sending of FINISH frame before closing
  connection.
- Various test additions and improvements.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2910-1
Released:    Thu Jul 20 10:59:53 2023
Summary:     Recommended update for grub2
Type:        recommended
Severity:    important
References:  1204563
This update for grub2 fixes the following issues:

- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2918-1
Released:    Thu Jul 20 12:00:17 2023
Summary:     Recommended update for gpgme
Type:        recommended
Severity:    moderate
References:  1089497
This update for gpgme fixes the following issues:

gpgme:

- Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497)
    
libassuan:

- Version upgrade to 2.5.5 in LTSS to address gpgme new requirements

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2922-1
Released:    Thu Jul 20 18:34:03 2023
Summary:     Recommended update for libfido2
Type:        recommended
Severity:    moderate
References:  
This update for libfido2 fixes the following issues:

- Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded
  openssl-3 dependency. (jsc#PED-4521)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2927-1
Released:    Fri Jul 21 07:05:30 2023
Summary:     Recommended update for wicked
Type:        recommended
Severity:    moderate
References:  1194557,1203300,1211026,1212806
This update for wicked fixes the following issues:

- Fix arp notify loop and burst sending (bsc#1212806)
- Update to version 0.6.73
- Allow verify/notify counter and interval configuration
- Handle ENOBUFS sending errors (bsc#1203300)
- Improve environment variable handling
- Refactor firmware extension definition
- Enable, disable and revert cli commands
- Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026)
- Cleanup /var/run leftovers in extension scripts (bsc#1194557)
- Output formatting improvements and Unicode support

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2929-1
Released:    Fri Jul 21 10:09:07 2023
Summary:     Security update for samba
Type:        security
Severity:    important
References:  1212375,1213170,1213171,1213172,1213173,1213174,1213384,1213386,CVE-2020-25720,CVE-2022-2127,CVE-2023-3347,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968
This update for samba fixes the following issues:

  samba was updated to version 4.17.9:

  - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
  - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173).
  - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172).
  - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171).
  - CVE-2023-3347: Fixed issue where SMB2 packet signing not enforced (bsc#1213170).
  - CVE-2020-25720: Fixed issue where creating child permission allowed full write to all attributes (bsc#1213386).

  Bugfixes:

  - Fixed trust relationship failure (bsc#1213384).
  - Backported --pidl-developer fixes.
  - Fixed smbd_scavenger crash when service smbd is stopped.
  - Fixed issue where vfs_fruit might cause a failing open for delete.
  - Fixed named crashes on DLZ zone update.
  - Fixed issue where winbind recurses into itself via rpcd_lsad.
  - Fixed cli_list looping 100% CPU against pre-lanman2 servers.
  - Fixed smbclient leaks fds with showacls.
  - Fixed aes256 smb3 encryption algorithms not allowed in smb3_sid_parse().
  - Fixed winbindd getting stuck on NT_STATUS_RPC_SEC_PKG_ERROR.
  - Fixed smbget memory leak if failed to download files recursively.
  - Fixed log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower.
  - Fixed floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c.
  - Fixed test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners.
  - Reduce flapping of ridalloc test.
  - Fixed unreliable large_ldap test.
  - Fixed filename parser not checking veto files smb.conf parameter.
  - Fixed mdssvc may crash when initializing.
  - Fixed broken large directory optimization for non-lcomp path elements
  - Fixed streams_depot failing to create streams.
  - Fixed shadow_copy2 and streams_depot issues.
  - Fixed wbinfo -u fails on ad dc with >1000 users.
  - Fixed winbindd idmap child contacting the domain controller without a need.
  - Fixed idmap_autorid may fail to map sids of trusted domains for the first time.
  - Fixed idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings.
  - Fixed net ads search -P doesn't work against servers in other domains.
  - Fixed DS ACEs might be inherited to unrelated object classes.
  - Fixed temporary smbXsrv_tcon_global.tdb can't be parsed.
  - Fixed setting veto files = /.*/ breaking listing directories (bsc#1212375).
  - Fixed dsgetdcname assuming local system uses IPv4.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2945-1
Released:    Mon Jul 24 09:37:30 2023
Summary:     Security update for openssh
Type:        security
Severity:    important
References:  1186673,1209536,1213004,1213008,1213504,CVE-2023-38408
This update for openssh fixes the following issues:

- CVE-2023-38408: Fixed a condition where specific libaries loaded via
  ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
  execution via a forwarded agent socket if those libraries were present on the
  victim's system and if the agent was forwarded to an attacker-controlled
  system. [bsc#1213504, CVE-2023-38408]

- Close the right filedescriptor and also close fdh in read_hmac to avoid file
  descriptor leaks. [bsc#1209536]

- Attempts to mitigate instances of secrets lingering in memory after a session
  exits. [bsc#1186673, bsc#1213004, bsc#1213008]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2965-1
Released:    Tue Jul 25 12:30:22 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1213487,CVE-2023-3446
This update for openssl-1_1 fixes the following issues:

- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2966-1
Released:    Tue Jul 25 14:26:14 2023
Summary:     Recommended update for libxml2
Type:        recommended
Severity:    moderate
References:  
This update for libxml2 fixes the following issues:

- Build also for modern python version (jsc#PED-68)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3088-1
Released:    Tue Aug  1 09:52:03 2023
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    moderate
References:  1212496
This update for systemd-presets-common-SUSE fixes the following issues:

- Fix systemctl being called with an empty argument (bsc#1212496)
- Don't call systemctl list-unit-files with an empty argument (bsc#1212496)
- Add wtmpdb-update-boot.service and wtmpdb-rotate.timer

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3102-1
Released:    Tue Aug  1 14:11:53 2023
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1213517
This update for openssl-1_1 fixes the following issues:

- Dont pass zero length input to EVP_Cipher (bsc#1213517)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3117-1
Released:    Wed Aug  2 05:57:30 2023
Summary:     Recommended update for hwinfo
Type:        recommended
Severity:    moderate
References:  1212756
This update for hwinfo fixes the following issues:

- Avoid linking problems with libsamba (bsc#1212756)
- Update to version 21.85

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3170-1
Released:    Thu Aug  3 08:02:27 2023
Summary:     Recommended update for perl-Bootloader
Type:        recommended
Severity:    moderate
References:  1201399,1208003,1210799
This update for perl-Bootloader fixes the following issues:

- Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799)                                                                                                                                                                           
- UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399)                                                                                                                                                                    
- Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003)                                                                                                                                                                  
- Add basic support for systemd-boot  

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3172-1
Released:    Thu Aug  3 08:36:43 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1150305,1193629,1194869,1207894,1208788,1211243,1211867,1212256,1212301,1212525,1212846,1212905,1213059,1213061,1213205,1213206,1213226,1213233,1213245,1213247,1213252,1213258,1213259,1213263,1213264,1213286,1213493,1213523,1213524,1213533,1213543,1213705,CVE-2023-20593,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3812

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).

The following non-security bugs were fixed:

- Dropped patch that caused issues with k3s (bsc#1213705).
- ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices (git-fixes).
- ASoC: SOF: topology: Fix logic for copying tuples (git-fixes).
- Bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG (git-fixes).
- Bluetooth: ISO: consider right CIS when removing CIG at cleanup (git-fixes).
- Bluetooth: ISO: fix iso_conn related locking and validity issues (git-fixes).
- Bluetooth: ISO: use hci_sync for setting CIG parameters (git-fixes).
- Bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes).
- Bluetooth: fix use-bdaddr-property quirk (git-fixes).
- Bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes).
- Bluetooth: hci_event: call disconnect callback before deleting conn (git-fixes).
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() (git-fixes).
- Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync (git-fixes).
- Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758)
- PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (bsc#1212525).
- PCI: vmd: Fix uninitialized variable usage in vmd_enable_domain() (git-fixes).
- Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes)
- Revert 'drm/i915: Disable DSB usage for now' (git-fixes).
- USB: dwc2: Fix some error handling paths (git-fixes).
- USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
- USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
- USB: typec: Fix fast_role_swap_current show function (git-fixes).
- Update config and supported.conf files due to renaming.
- acpi: Fix suspend with Xen PV (git-fixes).
- adreno: Shutdown the GPU properly (git-fixes).
- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
- arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes)
- arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
- ceph: add a dedicated private data for netfs rreq (bsc#1213205).
- ceph: fix blindly expanding the readahead windows (bsc#1213206).
- cifs: add a warning when the in-flight count goes negative (bsc#1193629).
- cifs: address unused variable warning (bsc#1193629).
- cifs: do all necessary checks for credits within or before locking (bsc#1193629).
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- cifs: fix max_credits implementation (bsc#1193629).
- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- cifs: log session id when a matching ses is not found (bsc#1193629).
- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
- cifs: print all credit counters in DebugData (bsc#1193629).
- cifs: print client_guid in DebugData (bsc#1193629).
- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
- cifs: print nosharesock value while dumping mount options (bsc#1193629).
- codel: fix kernel-doc notation warnings (git-fixes).
- cpufreq: tegra194: Fix module loading (git-fixes).
- devlink: fix kernel-doc notation warnings (git-fixes).
- dma-buf/dma-resv: Stop leaking on krealloc() failure (git-fixes).
- drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes).
- drm/amd/amdgpu: limit one queue per gang (git-fixes).
- drm/amd/amdgpu: update mes11 api def (git-fixes).
- drm/amd/display (gcc13): fix enum mismatch (git-fixes).
- drm/amd/display: Add Z8 allow states to z-state support list (git-fixes).
- drm/amd/display: Add debug option to skip PSR CRTC disable (git-fixes).
- drm/amd/display: Add minimum Z8 residency debug option (git-fixes).
- drm/amd/display: Add missing WA and MCLK validation (git-fixes).
- drm/amd/display: Change default Z8 watermark values (git-fixes).
- drm/amd/display: Correct DML calculation to align HW formula (git-fixes).
- drm/amd/display: Correct DML calculation to follow HW SPEC (git-fixes).
- drm/amd/display: Do not update DRR while BW optimizations pending (git-fixes).
- drm/amd/display: Enable HostVM based on rIOMMU active (git-fixes).
- drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes (git-fixes).
- drm/amd/display: Ensure vmin and vmax adjust for DCE (git-fixes).
- drm/amd/display: Fix 4to1 MPC black screen with DPP RCO (git-fixes).
- drm/amd/display: Fix Z8 support configurations (git-fixes).
- drm/amd/display: Fix a test CalculatePrefetchSchedule() (git-fixes).
- drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (git-fixes).
- drm/amd/display: Have Payload Properly Created After Resume (git-fixes).
- drm/amd/display: Lowering min Z8 residency time (git-fixes).
- drm/amd/display: Reduce sdp bw after urgent to 90% (git-fixes).
- drm/amd/display: Refactor eDP PSR codes (git-fixes).
- drm/amd/display: Remove FPU guards from the DML folder (git-fixes).
- drm/amd/display: Remove optimization for VRR updates (git-fixes).
- drm/amd/display: Remove stutter only configurations (git-fixes).
- drm/amd/display: Update Z8 SR exit/enter latencies (git-fixes).
- drm/amd/display: Update Z8 watermarks for DCN314 (git-fixes).
- drm/amd/display: Update minimum stutter residency for DCN314 Z8 (git-fixes).
- drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes).
- drm/amd/display: fix PSR-SU/DSC interoperability support (git-fixes).
- drm/amd/display: fix a divided-by-zero error (git-fixes).
- drm/amd/display: fixed dcn30+ underflow issue (git-fixes).
- drm/amd/display: limit timing for single dimm memory (git-fixes).
- drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes).
- drm/amd/display: set dcn315 lb bpp to 48 (git-fixes).
- drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7 (git-fixes).
- drm/amd/pm: avoid potential UBSAN issue on legacy asics (git-fixes).
- drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs (git-fixes).
- drm/amd/pm: fix possible power mode mismatch between driver and PMFW (git-fixes).
- drm/amd/pm: resolve reboot exception for si oland (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (git-fixes).
- drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (git-fixes).
- drm/amd/pm: workaround for compute workload type on some skus (git-fixes).
- drm/amd: Add a new helper for loading/validating microcode (git-fixes).
- drm/amd: Do not allow s0ix on APUs older than Raven (git-fixes).
- drm/amd: Load MES microcode during early_init (git-fixes).
- drm/amd: Use `amdgpu_ucode_*` helpers for MES (git-fixes).
- drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (git-fixes).
- drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes).
- drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes).
- drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes).
- drm/amdgpu/jpeg: Remove harvest checking for JPEG3 (git-fixes).
- drm/amdgpu/mes11: enable reg active poll (git-fixes).
- drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes (git-fixes).
- drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git-fixes).
- drm/amdgpu: Do not set struct drm_driver.output_poll_changed (git-fixes).
- drm/amdgpu: Fix desktop freezed after gpu-reset (git-fixes).
- drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function (git-fixes).
- drm/amdgpu: Fix sdma v4 sw fini error (git-fixes).
- drm/amdgpu: Fix usage of UMC fill record in RAS (git-fixes).
- drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs (git-fixes).
- drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes).
- drm/amdgpu: change reserved vram info print (git-fixes).
- drm/amdgpu: declare firmware for new MES 11.0.4 (git-fixes).
- drm/amdgpu: enable tmz by default for GC 11.0.1 (git-fixes).
- drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes).
- drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes).
- drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes).
- drm/amdgpu: refine get gpu clock counter method (git-fixes).
- drm/amdgpu: remove deprecated MES version vars (git-fixes).
- drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes).
- drm/amdgpu: set gfx9 onwards APU atomics support to be true (git-fixes).
- drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes).
- drm/bridge: anx7625: Convert to i2c's .probe_new() (git-fixes).
- drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (git-fixes).
- drm/bridge: anx7625: Prevent endless probe loop (git-fixes).
- drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (git-fixes).
- drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/bridge: ti-sn65dsi83: Fix enable error path (git-fixes).
- drm/client: Fix memory leak in drm_client_target_cloned (git-fixes).
- drm/display/dp_mst: Fix payload addition on a disconnected sink (git-fixes).
- drm/display: Do not block HDR_OUTPUT_METADATA on unknown EOTF (git-fixes).
- drm/drm_vma_manager: Add drm_vma_node_allow_once() (git-fixes).
- drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (git-fixes).
- drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage (git-fixes).
- drm/etnaviv: move idle mapping reaping into separate function (git-fixes).
- drm/etnaviv: reap idle mapping if it does not match the softpin address (git-fixes).
- drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs (bsc#1213493).
- drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes).
- drm/i915/gt: Cleanup partial engine discovery failures (git-fixes).
- drm/i915/guc: Add error-capture init warnings when needed (git-fixes).
- drm/i915/guc: Fix missing ecodes (git-fixes).
- drm/i915/guc: Limit scheduling properties to avoid overflow (git-fixes).
- drm/i915/guc: Rename GuC register state capture node to be more obvious (git-fixes).
- drm/i915/mtl: update scaler source and destination limits for MTL (git-fixes).
- drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid WARNs (git-fixes).
- drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git-fixes).
- drm/i915/tc: Fix TC port link ref init for DP MST during HW readout (git-fixes).
- drm/i915: Allow panel fixed modes to have differing sync polarities (git-fixes).
- drm/i915: Check pipe source size when using skl+ scalers (git-fixes).
- drm/i915: Do panel VBT init early if the VBT declares an explicit panel type (git-fixes).
- drm/i915: Fix TypeC mode initialization during system resume (git-fixes).
- drm/i915: Fix a memory leak with reused mmap_offset (git-fixes).
- drm/i915: Fix negative value passed as remaining time (git-fixes).
- drm/i915: Fix one wrong caching mode enum usage (git-fixes).
- drm/i915: Introduce intel_panel_init_alloc() (git-fixes).
- drm/i915: Never return 0 if not all requests retired (git-fixes).
- drm/i915: Populate encoder->devdata for DSI on icl+ (git-fixes).
- drm/i915: Print return value on error (git-fixes).
- drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR (git-fixes).
- drm/meson: Fix return type of meson_encoder_cvbs_mode_valid() (git-fixes).
- drm/msm/a5xx: really check for A510 in a5xx_gpu_init (git-fixes).
- drm/msm/adreno: Simplify read64/write64 helpers (git-fixes).
- drm/msm/adreno: fix runtime PM imbalance at unbind (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: Add DSC hardware blocks to register snapshot (git-fixes).
- drm/msm/dpu: Assign missing writeback log_mask (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
- drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes).
- drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register (git-fixes).
- drm/msm/hdmi: use devres helper for runtime PM management (git-fixes).
- drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable (git-fixes).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes).
- drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes).
- drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes).
- drm/ttm: Do not leak a resource on swapout move error (git-fixes).
- drm/virtio: Fix memory leak in virtio_gpu_object_create() (git-fixes).
- drm/virtio: Simplify error handling of virtio_gpu_object_create() (git-fixes).
- drm/vmwgfx: Refactor resource manager's hashtable to use linux/hashtable implementation (git-fixes).
- drm/vmwgfx: Refactor resource validation hashtable to use linux/hashtable implementation (git-fixes).
- drm/vmwgfx: Refactor ttm reference object hashtable to use linux/hashtable (git-fixes).
- drm/vmwgfx: Remove ttm object hashtable (git-fixes).
- drm/vmwgfx: Remove vmwgfx_hashtab (git-fixes).
- drm/vmwgfx: Write the driver id registers (git-fixes).
- drm: Add fixed-point helper to get rounded integer values (git-fixes).
- drm: Add missing DP DSC extended capability definitions (git-fixes).
- drm: Optimize drm buddy top-down allocation method (git-fixes).
- drm: buddy_allocator: Fix buddy allocator init on 32-bit systems (git-fixes).
- drm: panel-orientation-quirks: Add quirk for DynaBook K50 (git-fixes).
- drm: rcar-du: Add quirk for H3 ES1.x pclk workaround (git-fixes).
- drm: rcar-du: Fix setting a reserved bit in DPLLCR (git-fixes).
- drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes).
- fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
- i2c: tegra: Set ACPI node as primary fwnode (bsc#1213226).
- irqchip/gic-v3: Claim iomem resources (bsc#1213533)
- irqchip/gicv3: Handle resource request failure consistently (bsc#1213533)
- irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (bsc#1213533)
- kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).
- kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers
- kabi/severities: ignore kABI of i915 module It's exported only for its sub-module, not really used by externals
- kabi/severities: ignore kABI of vmwgfx The driver exports a function unnecessarily without used by anyone else. Ignore the kABI changes.
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- net: mana: Add support for vlan tagging (bsc#1212301).
- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
- net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (git-fixes).
- net: qrtr: start MHI channel after endpoit creation (git-fixes).
- nilfs2: reject devices with insufficient block count (git-fixes).
- ocfs2: Switch to security_inode_init_security() (git-fixes).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- perf/x86/amd/core: Always clear status for idx (bsc#1213233).
- pie: fix kernel-doc notation warning (git-fixes).
- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869).
- powerpc/64s: Fix VAS mm use after free (bsc#1194869).
- powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869).
- powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).
- powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).
- powerpc/prom_init: Fix kernel config grep (bsc#1194869).
- powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close (jsc#PED-542 git-fixes).
- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- powerpc: define get_cycles macro for arch-override (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*.
- rsi: remove kernel-doc comment marker (git-fixes).
- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
- s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263).
- s390/pci: clean up left over special treatment for function zero (bsc#1212525).
- s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525).
- s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525).
- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).
- s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264).
- s390: discard .interp section (git-fixes bsc#1213247).
- security: keys: Modify mismatched function name (git-fixes).
- selftests/ir: fix build with ancient kernel headers (git-fixes).
- selftests: cgroup: fix unsigned comparison with less than zero (git-fixes).
- selftests: forwarding: Fix packet matching in mirroring selftests (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: add ConnTrack procfs kconfig (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869).
- signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869).
- smb3: do not reserve too many oplock credits (bsc#1193629).
- smb3: missing null check in SMB2_change_notify (bsc#1193629).
- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
- smb: client: fix missed ses refcounting (git-fixes).
- smb: client: fix parsing of source mount option (bsc#1193629).
- smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629).
- smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
- smb: client: fix warning in CIFSFindNext() (bsc#1193629).
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- smb: client: improve DFS mount check (bsc#1193629).
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- smb: delete an unnecessary statement (bsc#1193629).
- smb: move client and server files to common directory fs/smb (bsc#1193629).
- smb: remove obsolete comment (bsc#1193629).
- soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (git-fixes).
- soundwire: cadence: Drain the RX FIFO after an IO timeout (git-fixes).
- soundwire: stream: Add missing clear of alloc_slave_rt (git-fixes).
- spi: bcm63xx: fix max prepend length (git-fixes).
- swsmu/amdgpu_smu: Fix the wrong if-condition (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).
- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
- wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart (git-fixes).
- wifi: ath11k: Add missing check for ioremap (git-fixes).
- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).
- x86/amd_nb: Add PCI ID for family 19h model 78h (git-fixes).
- x86/platform/uv: Add platform resolving #defines for misc GAM_MMIOH_REDIRECT* (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Fix printed information in calc_mmioh_map (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Helper functions for allocating and freeing conversion tables (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Introduce helper function uv_pnode_to_socket (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Remove remaining BUG_ON() and BUG() calls (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: UV support for sub-NUMA clustering (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Update UV platform code for SNC (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: When searching for minimums, start at INT_MAX not 99999 (bsc#1212256 jsc#PED-4718).
- x86: Fix .brk attribute in linker script (git-fixes).
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).
- xfs: do not reverse order of items in bulk AIL insertion (git-fixes).
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).
- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
- xfs: fix logdev fsmap query result filtering (git-fixes).
- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
- xfs: fix uninitialized variable access (git-fixes).
- xfs: make fsmap backend function key parameters const (git-fixes).
- xfs: make the record pointer passed to query_range functions const (git-fixes).
- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3196-1
Released:    Fri Aug  4 10:02:04 2023
Summary:     Recommended update for protobuf-c
Type:        recommended
Severity:    moderate
References:  1213443
This update for protobuf-c fixes the following issues:

- Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3197-1
Released:    Fri Aug  4 10:04:10 2023
Summary:     Recommended update for google-guest-agent, google-guest-configs, google-osconfig-agent
Type:        recommended
Severity:    moderate
References:  1212418,1212759
This update for google-guest-agent, google-guest-configs, google-osconfig-agent fixes the following issues:

- Update to version 20230601.00 (bsc#1212418, bsc#1212759)
- Don't block google-osconfig-agent (#213)
- Avoid conflict with automated package updates (#212)
- Add a support of TrustedUserCAKeys into sshd configuration (#206)
- Add a new dracut module for gcp udev rules (#53)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3200-1
Released:    Fri Aug  4 11:52:44 2023
Summary:     Recommended update for libnvme, nvme-cli
Type:        recommended
Severity:    important
References:  1124564,1212598,1213527,1213618,1213686
This update for libnvme, nvme-cli fixes the following issues:


- Update to version 1.4+27.g5ae1c3
- Add getter for subsystem iopolicy (bsc#1124564)
- nvme list command improvements (bsc#bsc#1212598)
- Don't open nvme devices until it's absolutely required (bsc#1213527, bsc#1213686)
- Check genctr after getting discovery entries (bsc#1213618)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3217-1
Released:    Mon Aug  7 16:51:10 2023
Summary:     Recommended update for cryptsetup
Type:        recommended
Severity:    moderate
References:  1211079
This update for cryptsetup fixes the following issues:

- Handle system with low memory and no swap space (bsc#1211079)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3242-1
Released:    Tue Aug  8 18:19:40 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1213853,CVE-2023-3817
This update for openssl-1_1 fixes the following issues:

- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3253-1
Released:    Wed Aug  9 10:52:10 2023
Summary:     Recommended update for bind
Type:        recommended
Severity:    moderate
References:  1213049
This update for bind fixes the following issues:

- Add dnstap support (jsc#PED-4852)
- Log named-checkconf output (bsc#1213049)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3276-1
Released:    Fri Aug 11 10:20:40 2023
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1213472
This update for apparmor fixes the following issues:

- Add pam_apparmor README (bsc#1213472)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3282-1
Released:    Fri Aug 11 10:26:23 2023
Summary:     Recommended update for blog
Type:        recommended
Severity:    moderate
References:  
This update for blog fixes the following issues:

- Fix big endian cast problems to be able to read commands and ansers as well as passphrases

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3285-1
Released:    Fri Aug 11 10:30:38 2023
Summary:     Recommended update for shadow
Type:        recommended
Severity:    moderate
References:  1206627,1213189
This update for shadow fixes the following issues:

- Prevent lock files from remaining after power interruptions (bsc#1213189)
- Add --prefix support to passwd, chpasswd and chage (bsc#1206627)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3301-1
Released:    Mon Aug 14 07:24:59 2023
Summary:     Security update for libyajl
Type:        security
Severity:    moderate
References:  1212928,CVE-2023-33460
This update for libyajl fixes the following issues:

  - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3311-1
Released:    Mon Aug 14 16:23:36 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1206418,1207129,1207948,1210627,1210780,1210825,1211131,1211738,1211811,1212445,1212502,1212604,1212766,1212901,1213167,1213272,1213287,1213304,1213417,1213578,1213585,1213586,1213588,1213601,1213620,1213632,1213653,1213713,1213715,1213747,1213756,1213759,1213777,1213810,1213812,1213856,1213857,1213863,1213867,1213870,1213871,1213872,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-21400,CVE-2023-2156,CVE-2023-2166,CVE-2023-31083,CVE-2023-3268,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-38409,CVE-2023-3863,CVE-2023-4004

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to  overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in  cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-38409: Fixed an issue in set_con2fb_map in drivers/video/fbdev/core/fbcon.c. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info) (bsc#1213417).
- CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC. This flaw allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).

The following non-security bugs were fixed:

- ACPI: CPPC: Add ACPI disabled check to acpi_cpc_valid() (bsc#1212445).
- ACPI: CPPC: Add definition for undefined FADT preferred PM profile value (bsc#1212445).
- ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info() (git-fixes).
- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
- afs: Adjust ACK interpretation to try and cope with NAT (git-fixes).
- afs: Fix access after dec in put functions (git-fixes).
- afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
- afs: Fix dynamic root getattr (git-fixes).
- afs: Fix fileserver probe RTT handling (git-fixes).
- afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
- afs: Fix lost servers_outstanding count (git-fixes).
- afs: Fix server->active leak in afs_put_server (git-fixes).
- afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes).
- afs: Fix updating of i_size with dv jump from server (git-fixes).
- afs: Fix vlserver probe RTT handling (git-fixes).
- afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes).
- afs: Use refcount_t rather than atomic_t (git-fixes).
- afs: Use the operation issue time instead of the reply time for callbacks (git-fixes).
- ALSA: emu10k1: roll up loops in DSP setup code for Audigy (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
- ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes).
- ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes).
- ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes).
- ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless (git-fixes).
- ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (git-fixes).
- ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset (bsc#1207129).
- ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (git-fixes).
- ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() (git-fixes).
- ALSA: usb-audio: Avoid superfluous endpoint setup (git-fixes).
- ALSA: usb-audio: Avoid unnecessary interface change at EP close (git-fixes).
- ALSA: usb-audio: Clear fixed clock rate at closing EP (git-fixes).
- ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params() (git-fixes).
- ALSA: usb-audio: Drop superfluous interface setup at parsing (git-fixes).
- ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() (git-fixes).
- ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all (git-fixes).
- ALSA: usb-audio: More refactoring of hw constraint rules (git-fixes).
- ALSA: usb-audio: Properly refcounting clock rate (git-fixes).
- ALSA: usb-audio: Rate limit usb_set_interface error reporting (git-fixes).
- ALSA: usb-audio: Refcount multiple accesses on the single clock (git-fixes).
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2) (git-fixes).
- ALSA: usb-audio: Update for native DSD support quirks (git-fixes).
- ALSA: usb-audio: Use atomic_try_cmpxchg in ep_state_update (git-fixes).
- ALSA: usb-audio: Workaround for XRUN at prepare (git-fixes).
- amd-pstate: Fix amd_pstate mode switch (git-fixes).
- ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count() (git-fixes).
- ASoC: atmel: Fix the 8K sample parameter in I2SC master (git-fixes).
- ASoc: codecs: ES8316: Fix DMIC config (git-fixes).
- ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes).
- ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes).
- ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
- ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
- ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
- ASoC: da7219: Check for failure reading AAD IRQ events (git-fixes).
- ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes).
- ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes).
- ASoC: fsl_spdif: Silence output on stop (git-fixes).
- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 (git-fixes).
- ASoC: rt711: fix for JD event handling in ClockStop Mode0 (git-fixes).
- ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 (git-fixes).
- ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write() (git-fixes).
- ASoC: tegra: Fix ADX byte map (git-fixes).
- ASoC: tegra: Fix AMX byte map (git-fixes).
- ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (git-fixes).
- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- block, bfq: Fix division by zero error on zero wsum (bsc#1213653).
- block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
- bus: mhi: add new interfaces to handle MHI channels directly (bsc#1207948).
- bus: mhi: host: add destroy_device argument to mhi_power_down() (bsc#1207948).
- can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes).
- ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
- coda: Avoid partial allocation of sig_inputArgs (git-fixes).
- cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection (bsc#1212445).
- cpufreq: amd-pstate: Add AMD P-State frequencies attributes (bsc#1212445).
- cpufreq: amd-pstate: Add AMD P-State performance attributes (bsc#1212445).
- cpufreq: amd-pstate: Add boost mode support for AMD P-State (bsc#1212445).
- cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445).
- cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1212445).
- cpufreq: amd-pstate: Add fast switch function for AMD P-State (bsc#1212445).
- cpufreq: amd-pstate: Add guided autonomous mode (bsc#1212445).
- cpufreq: amd-pstate: Add guided mode control support via sysfs (bsc#1212445).
- cpufreq: amd-pstate: Add more tracepoint for AMD P-State module (bsc#1212445).
- cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1212445).
- cpufreq: amd-pstate: Add trace for AMD P-State module (bsc#1212445).
- cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445).
- cpufreq: amd-pstate: change amd-pstate driver to be built-in type (bsc#1212445).
- cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445).
- cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init (bsc#1212445).
- cpufreq: amd-pstate: Expose struct amd_cpudata (bsc#1212445).
- cpufreq: amd-pstate: Fix initial highest_perf value (bsc#1212445).
- cpufreq: amd-pstate: Fix invalid write to MSR_AMD_CPPC_REQ (bsc#1212445).
- cpufreq: amd-pstate: Fix Kconfig dependencies for AMD P-State (bsc#1212445).
- cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering (bsc#1212445).
- cpufreq: amd-pstate: Fix struct amd_cpudata kernel-doc comment (bsc#1212445).
- cpufreq: amd-pstate: fix white-space (bsc#1212445).
- cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445).
- cpufreq: amd-pstate: implement amd pstate cpu online and offline callback (bsc#1212445).
- cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors (bsc#1212445).
- cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445).
- cpufreq: amd-pstate: Introduce a new AMD P-State driver to support future processors (bsc#1212445).
- cpufreq: amd-pstate: Introduce the support for the processors with shared memory solution (bsc#1212445).
- cpufreq: amd-pstate: Let user know amd-pstate is disabled (bsc#1212445).
- cpufreq: amd-pstate: Make amd-pstate EPP driver name hyphenated (bsc#1212445).
- cpufreq: amd-pstate: Make varaiable mode_state_machine static (bsc#1212445).
- cpufreq: amd_pstate: map desired perf into pstate scope for powersave governor (bsc#1212445).
- cpufreq: amd-pstate: optimize driver working mode selection in amd_pstate_param() (bsc#1212445).
- cpufreq: amd-pstate: Remove fast_switch_possible flag from active driver (bsc#1212445).
- cpufreq: amd-pstate: remove MODULE_LICENSE in non-modules (bsc#1212445).
- cpufreq: amd-pstate: Set a fallback policy based on preferred_profile (bsc#1212445).
- cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445).
- cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf() (bsc#1212445).
- cpufreq: amd-pstate: update pstate frequency transition delay time (bsc#1212445).
- cpufreq: amd-pstate: Write CPPC enable bit per-socket (bsc#1212445).
- crypto: kpp - Add helper to set reqsize (git-fixes).
- crypto: qat - Use helper to set reqsize (git-fixes).
- dlm: fix missing lkb refcount handling (git-fixes).
- dlm: fix plock invalid read (git-fixes).
- Documentation: cpufreq: amd-pstate: Move amd_pstate param to alphabetical order (bsc#1212445).
- Documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes).
- drm/amd/display: Add monitor specific edid quirk (git-fixes).
- drm/amd/display: Add polling method to handle MST reply packet (bsc#1213578).
- drm/amd/display: check TG is non-null before checking if enabled (git-fixes).
- drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
- drm/amd/display: Disable MPC split by default on special asic (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: fix seamless odm transitions (git-fixes).
- drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes).
- drm/amd/display: only accept async flips for fast updates (git-fixes).
- drm/amd/display: Only update link settings after successful MST link train (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/display: Unlock on error path in dm_handle_mst_sideband_msg_ready_event() (git-fixes).
- drm/amd: Fix an error handling mistake in psp_sw_init() (git-fixes).
- drm/amdgpu: add the fan abnormal detection feature (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes).
- drm/amdgpu: Fix minmax warning (git-fixes).
- drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes).
- drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 (git-fixes).
- drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes).
- drm/amd/pm: share the code around SMU13 pcie parameters update (git-fixes).
- drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes).
- drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (git-fixes).
- drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes).
- drm/dp_mst: Clear MSG_RDY flag before sending new message (bsc#1213578).
- drm: Fix null pointer dereference in drm_dp_atomic_find_time_slots() (bsc#1213578).
- drm/i915: Do not preserve dpll_hw_state for slave crtc in Bigjoiner (git-fixes).
- drm/i915/dpt: Use shmem for dpt objects (git-fixes).
- drm/i915: Fix an error handling path in igt_write_huge() (git-fixes).
- drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks (git-fixes).
- drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
- drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes).
- drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes).
- drm/ttm: fix bulk_move corruption when adding a entry (git-fixes).
- drm/ttm: fix warning that we shouldn't mix && and || (git-fixes).
- drm/vmwgfx: Fix Legacy Display Unit atomic drm support (bsc#1213632).
- drm/vmwgfx: Remove explicit and broken vblank handling (bsc#1213632).
- drm/vmwgfx: Remove rcu locks from user resources (bsc#1213632).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes).
- fbdev: imxfb: Removed unneeded release_mem_region (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
- fs: dlm: add midcomms init/start functions (git-fixes).
- fs: dlm: do not set stop rx flag after node reset (git-fixes).
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
- fs: dlm: fix race in lowcomms (git-fixes).
- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- fs: dlm: move sending fin message into state change handling (git-fixes).
- fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes).
- fs: dlm: return positive pid value for F_GETLK (git-fixes).
- fs: dlm: start midcomms before scand (git-fixes).
- fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes).
- FS: JFS: Check for read-only mounted filesystem in txBegin (git-fixes).
- FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes).
- fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes).
- gve: Set default duplex configuration to full (git-fixes).
- gve: unify driver name usage (git-fixes).
- hwmon: (adm1275) Allow setting sample averaging (git-fixes).
- hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes).
- hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes).
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes).
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).
- i2c: xiic: Do not try to handle more interrupt events after error (git-fixes).
- iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED (git-fixes).
- iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies (git-fixes).
- iavf: Fix out-of-bounds when setting channels on remove (git-fixes).
- iavf: fix potential deadlock on allocation failure (git-fixes).
- iavf: fix reset task race with iavf_remove() (git-fixes).
- iavf: Fix use-after-free in free_netdev (git-fixes).
- iavf: Move netdev_update_features() into watchdog task (git-fixes).
- iavf: use internal state to free traffic IRQs (git-fixes).
- iavf: Wait for reset in callbacks which trigger it (git-fixes).
- IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
- ice: Fix max_rate check while configuring TX rate limits (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- ice: handle extts in the miscellaneous interrupt thread (git-fixes).
- igc: Check if hardware TX timestamping is enabled earlier (git-fixes).
- igc: Enable and fix RX hash usage by netstack (git-fixes).
- igc: Fix inserting of empty frame for launchtime (git-fixes).
- igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes).
- igc: Fix launchtime before start of cycle (git-fixes).
- igc: Fix race condition in PTP tx code (git-fixes).
- igc: Handle PPS start time programming for past time values (git-fixes).
- igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
- igc: Remove delay during TX ring configuration (git-fixes).
- igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes).
- igc: Work around HW bug causing missing timestamps (git-fixes).
- Input: i8042 - add Clevo PCX0DX to i8042 quirk table (git-fixes).
- Input: iqs269a - do not poll during ATI (git-fixes).
- Input: iqs269a - do not poll during suspend or resume (git-fixes).
- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes).
- jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
- jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes).
- kABI fix after Restore kABI for NVidia vGPU driver (bsc#1210825).
- kabi/severities: relax kABI for ath11k local symbols (bsc#1207948)
- kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes).
- KVM: arm64: Do not read a HW interrupt pending state in user context (git-fixes)
- KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620)
- KVM: Do not null dereference ops->destroy (git-fixes)
- KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes)
- KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-fixes)
- KVM: s390: pv: fix index value of replaced ASCE (git-fixes bsc#1213867).
- KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are unsupported (git-fixes).
- KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled (CR0.PG==0) (git-fixes).
- KVM: VMX: restore vmx_vmexit alignment (git-fixes).
- KVM: x86: Account fastpath-only VM-Exits in vCPU stats (git-fixes).
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes).
- libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
- MAINTAINERS: Add AMD P-State driver maintainer entry (bsc#1212445).
- m ALSA: usb-audio: Add quirk for Tascam Model 12 (git-fixes).
- md: add error_handlers for raid0 and linear (bsc#1212766).
- media: staging: atomisp: select V4L2_FWNODE (git-fixes).
- mhi_power_down() kABI workaround (bsc#1207948).
- mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
- mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes).
- net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
- net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901).
- net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901).
- net/mlx5: DR, Support SW created encap actions for FW table (git-fixes).
- net/mlx5e: Check for NOT_READY flag state after locking (git-fixes).
- net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes).
- net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes).
- net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes).
- net/mlx5e: XDP, Allow growing tail for XDP multi buffer (git-fixes).
- net/mlx5e: xsk: Set napi_id to support busy polling on XSK RQ (git-fixes).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585).
- nfsd: add encoding of op_recall flag for write delegation (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
- nfsd: Fix sparse warning (git-fixes).
- nfsd: Remove open coding of string copy (git-fixes).
- nfsv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git-fixes).
- nfsv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION (git-fixes).
- nvme: do not reject probe due to duplicate IDs for single-ported PCIe devices (git-fixes).
- nvme: fix the NVME_ID_NS_NVM_STS_MASK definition (git-fixes).
- nvme-pci: fix DMA direction of unmapping integrity data (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- octeontx2-af: Move validation of ptp pointer before its usage (git-fixes).
- octeontx2-pf: Add additional check for MCAM rules (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes).
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes).
- phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes).
- pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes).
- pinctrl: amd: Do not show `Invalid config param` errors (git-fixes).
- pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes).
- pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes).
- pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes).
- platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes).
- RDMA/bnxt_re: Fix hang during driver unload (git-fixes)
- RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes)
- RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes)
- RDMA/irdma: Add missing read barriers (git-fixes)
- RDMA/irdma: Fix data race on CQP completion stats (git-fixes)
- RDMA/irdma: Fix data race on CQP request done (git-fixes)
- RDMA/irdma: Fix op_type reporting in CQEs (git-fixes)
- RDMA/irdma: Report correct WC error (git-fixes)
- RDMA/mlx4: Make check for invalid flags stricter (git-fixes)
- RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes)
- regmap: Account for register length in SMBus I/O limits (git-fixes).
- regmap: Drop initial version of maximum transfer length fixes (git-fixes).
- Restore kABI for NVidia vGPU driver (bsc#1210825).
- Revert 'ALSA: usb-audio: Drop superfluous interface setup at parsing' (git-fixes).
- Revert 'debugfs, coccinelle: check for obsolete DEFINE_SIMPLE_ATTRIBUTE() usage' (git-fixes).
- Revert 'Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)' 
- Revert 'iavf: Detach device during reset task' (git-fixes).
- Revert 'iavf: Do not restart Tx queues after reset task failure' (git-fixes).
- Revert 'NFSv4: Retry LOCK on OLD_STATEID during delegation return' (git-fixes).
- Revert 'usb: dwc3: core: Enable AutoRetry feature in the controller' (git-fixes).
- Revert 'usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()' (git-fixes).
- Revert 'usb: xhci: tegra: Fix error check' (git-fixes).
- Revert 'xhci: add quirk for host controllers that do not update endpoint DCS' (git-fixes).
- Revive drm_dp_mst_hpd_irq() function (bsc#1213578).
- rxrpc, afs: Fix selection of abort codes (git-fixes).
- s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
- s390/dasd: print copy pair message only for the correct error (git-fixes bsc#1213872).
- s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863).
- s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
- s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871).
- s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
- s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715).
- scftorture: Count reschedule IPIs (git-fixes).
- scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756).
- scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756).
- scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756).
- scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756).
- scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756).
- scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756).
- scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756).
- scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756).
- scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756).
- scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756).
- scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756).
- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756).
- scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756).
- scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: Use struct_size() helper (bsc#1213756).
- scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747).
- scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747).
- scsi: qla2xxx: Correct the index of array (bsc#1213747).
- scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
- scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
- scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: Fix end of loop test (bsc#1213747).
- scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747).
- scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
- scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747).
- scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747).
- scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
- scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
- scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747).
- scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747).
- scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).
- serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
- serial: sifive: Fix sifive_serial_console_setup() section (git-fixes).
- series: udpate metadata Refresh
- sfc: fix crash when reading stats while NIC is resetting (git-fixes).
- sfc: fix XDP queues mode with legacy IRQ (git-fixes).
- sfc: use budget for TX completions (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes).
- SUNRPC: always free ctxt when freeing deferred request (git-fixes).
- SUNRPC: double free xprt_ctxt while still in use (git-fixes).
- SUNRPC: Fix trace_svc_register() call site (git-fixes).
- SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes).
- SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes).
- SUNRPC: remove the maximum number of retries in call_bind_status (git-fixes).
- svcrdma: Prevent page release when nothing was received (git-fixes).
- tpm_tis: Explicitly check for error code (git-fixes).
- tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
- ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes).
- ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes).
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes).
- ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes).
- ubifs: Fix build errors as symbol undefined (git-fixes).
- ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes).
- ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
- ubifs: Fix memory leak in do_rename (git-fixes).
- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
- ubifs: Fix to add refcount once page is set private (git-fixes).
- ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes).
- ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
- ubifs: Free memory for tmpfile name (git-fixes).
- ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes).
- ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes).
- ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
- ubifs: Rename whiteout atomically (git-fixes).
- ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
- ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes).
- ubifs: Reserve one leb for each journal head while doing budget (git-fixes).
- ubifs: Re-statistic cleaned znode count if commit failed (git-fixes).
- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
- ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes).
- Update config files: enable CONFIG_X86_AMD_PSTATE (bsc#1212445)
- usb: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes).
- usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes).
- usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- usb: typec: Iterate pds array when showing the pd list (git-fixes).
- usb: typec: Set port->pd before adding device for typec_port (git-fixes).
- usb: typec: Use sysfs_emit_at when concatenating the string (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- vhost_net: revert upend_idx only on retriable error (git-fixes).
- vhost: support PACKED when setting-getting vring_base (git-fixes).
- virtio_net: Fix error unwinding of XDP initialization (git-fixes).
- virtio-net: Maintain reverse cleanup order (git-fixes).
- wifi: ath11k: add support for suspend in power down state (bsc#1207948).
- wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948).
- wifi: ath11k: handle thermal device registeration together with MAC (bsc#1207948).
- wifi: ath11k: remove MHI LOOPBACK channels (bsc#1207948).
- wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes).
- wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- x86/PVH: obtain VGA console info in Dom0 (git-fixes).
- xen/blkfront: Only check REQ_FUA for writes (git-fixes).
- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes).
- xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
- xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811).
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
- xfs: CIL work is serialised, not pipelined (bsc#1211811).
- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
- xfs: drop async cache flushes from CIL commits (bsc#1211811).
- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
- xfs: move the CIL workqueue to the CIL (bsc#1211811).
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- xfs: order CIL checkpoint start records (bsc#1211811).
- xfs: pass a CIL context to xlog_write() (bsc#1211811).
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).
- xfs: separate out log shutdown callback processing (bsc#1211811).
- xfs: wait iclog complete before tearing down AIL (bsc#1211811).
- xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
- xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
- xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3325-1
Released:    Wed Aug 16 08:26:08 2023
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1214054,CVE-2023-36054
This update for krb5 fixes the following issues:

- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3327-1
Released:    Wed Aug 16 08:45:25 2023
Summary:     Security update for pcre2
Type:        security
Severity:    moderate
References:  1213514,CVE-2022-41409
This update for pcre2 fixes the following issues:

  - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).


The following package changes have been done:

- apparmor-abstractions-3.0.4-150500.11.3.1 updated
- apparmor-parser-3.0.4-150500.11.3.1 updated
- bind-utils-9.16.42-150500.8.7.1 updated
- blog-2.26-150300.4.6.1 updated
- curl-8.0.1-150400.5.26.1 updated
- google-guest-agent-20230601.00-150000.1.37.1 updated
- google-osconfig-agent-20230706.02-150000.1.30.1 updated
- grub2-i386-pc-2.06-150500.29.3.1 updated
- grub2-x86_64-efi-2.06-150500.29.3.1 updated
- grub2-2.06-150500.29.3.1 updated
- hostname-3.16-2.22 added
- hwinfo-21.85-150500.3.3.1 updated
- kernel-default-5.14.21-150500.55.19.1 updated
- krb5-1.20.1-150500.3.3.1 updated
- libapparmor1-3.0.4-150500.11.3.1 updated
- libassuan0-2.5.5-150000.4.5.2 updated
- libblogger2-2.26-150300.4.6.1 updated
- libcryptsetup12-2.4.3-150400.3.3.1 updated
- libcurl4-8.0.1-150400.5.26.1 updated
- libdevmapper1_03-2.03.16_1.02.185-150500.7.3.1 updated
- libfido2-1-1.13.0-150400.5.6.1 updated
- libfstrm0-0.6.1-150300.9.3.1 added
- libnvme-mi1-1.4+27.g5ae1c3-150500.4.6.1 updated
- libnvme1-1.4+27.g5ae1c3-150500.4.6.1 updated
- libopenssl1_1-1.1.1l-150500.17.15.1 updated
- libpcre2-8-0-10.39-150400.4.9.1 updated
- libprotobuf-c1-1.3.2-150200.3.6.1 added
- libxml2-2-2.10.3-150500.5.5.1 updated
- libyajl2-2.1.0-150000.4.6.1 updated
- login_defs-4.8.1-150400.10.9.1 updated
- nvme-cli-2.4+24.ga1ee20-150500.4.6.1 updated
- openssh-clients-8.4p1-150300.3.22.1 updated
- openssh-common-8.4p1-150300.3.22.1 updated
- openssh-server-8.4p1-150300.3.22.1 updated
- openssh-8.4p1-150300.3.22.1 updated
- openssl-1_1-1.1.1l-150500.17.15.1 updated
- perl-Bootloader-0.944-150400.3.6.1 updated
- python3-bind-9.16.42-150500.8.7.1 updated
- samba-client-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 updated
- samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 updated
- shadow-4.8.1-150400.10.9.1 updated
- systemd-presets-common-SUSE-15-150500.20.3.1 updated
- wicked-service-0.6.73-150500.3.10.1 updated
- wicked-0.6.73-150500.3.10.1 updated
- libopenssl3-3.0.8-150500.5.3.1 removed


More information about the sle-security-updates mailing list