SUSE-SU-2023:4810-1: important: Security update for the Linux Kernel

null at suse.de null at suse.de
Wed Dec 13 20:30:40 UTC 2023



# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:4810-1  
Rating: important  
References:

  * bsc#1084909
  * bsc#1210447
  * bsc#1214286
  * bsc#1214976
  * bsc#1215124
  * bsc#1215292
  * bsc#1215420
  * bsc#1215458
  * bsc#1215710
  * bsc#1216058
  * bsc#1216105
  * bsc#1216259
  * bsc#1216584
  * bsc#1216693
  * bsc#1216759
  * bsc#1216844
  * bsc#1216861
  * bsc#1216909
  * bsc#1216959
  * bsc#1216965
  * bsc#1216976
  * bsc#1217036
  * bsc#1217068
  * bsc#1217086
  * bsc#1217124
  * bsc#1217140
  * bsc#1217195
  * bsc#1217200
  * bsc#1217205
  * bsc#1217332
  * bsc#1217366
  * bsc#1217515
  * bsc#1217598
  * bsc#1217599
  * bsc#1217609
  * bsc#1217687
  * bsc#1217731
  * bsc#1217780
  * jsc#PED-3184
  * jsc#PED-5021
  * jsc#PED-7237

  
Cross-References:

  * CVE-2023-2006
  * CVE-2023-25775
  * CVE-2023-39197
  * CVE-2023-39198
  * CVE-2023-4244
  * CVE-2023-45863
  * CVE-2023-45871
  * CVE-2023-46862
  * CVE-2023-5158
  * CVE-2023-5717
  * CVE-2023-6039
  * CVE-2023-6176

  
CVSS scores:

  * CVE-2023-2006 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2006 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-25775 ( SUSE ):  5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
  * CVE-2023-25775 ( NVD ):  5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
  * CVE-2023-39197 ( SUSE ):  4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
  * CVE-2023-39198 ( SUSE ):  7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  * CVE-2023-39198 ( NVD ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4244 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4244 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-45863 ( SUSE ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-45863 ( NVD ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-45871 ( SUSE ):  5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-45871 ( NVD ):  9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-46862 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-46862 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-5158 ( SUSE ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  * CVE-2023-5158 ( NVD ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  * CVE-2023-5717 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-5717 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6039 ( SUSE ):  6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6039 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-6176 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6176 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * Basesystem Module 15-SP4
  * Development Tools Module 15-SP4
  * Legacy Module 15-SP4
  * openSUSE Leap 15.4
  * openSUSE Leap Micro 5.3
  * openSUSE Leap Micro 5.4
  * SUSE Linux Enterprise Desktop 15 SP4
  * SUSE Linux Enterprise High Availability Extension 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise Live Patching 15-SP4
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Real Time 15 SP4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Workstation Extension 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves 12 vulnerabilities, contains three features and has 26
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
    scatterwalk functionality (bsc#1217332).
  * CVE-2023-2006: Fixed a race condition in the RxRPC network protocol
    (bsc#1210447).
  * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
    (bsc#1216976).
  * CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
    could be exploited to achieve local privilege escalation (bsc#1215420).
  * CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in
    drivers/net/usb/lan78xx.c (bsc#1217068).
  * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path()
    (bsc#1216058).
  * CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in
    drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
  * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
    not be adequate for frames larger than the MTU (bsc#1216259).
  * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
    Performance Events component (bsc#1216584).
  * CVE-2023-39198: Fixed a race condition leading to use-after-free in
    qxl_mode_dumb_create() (bsc#1216965).
  * CVE-2023-25775: Fixed improper access control in the Intel Ethernet
    Controller RDMA driver (bsc#1216959).
  * CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo()
    (bsc#1216693).

The following non-security bugs were fixed:

  * ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
  * ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
  * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
  * ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
  * ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
  * ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
  * ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
  * ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
  * ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
  * ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
  * ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
  * ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
  * ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
  * ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
  * ALSA: info: Fix potential deadlock at disconnection (git-fixes).
  * ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
  * ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
  * ASoC: ams-delta.c: use component after check (git-fixes).
  * ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix
    (git-fixes).
  * ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
  * ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
  * ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
  * ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not
    described (git-fixes).
  * ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
  * ASoC: rt5650: fix the wrong result of key button (git-fixes).
  * ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
  * ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
  * Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
  * Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-
    fixes).
  * Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-
    fixes).
  * Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
  * Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-
    fixes).
  * HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
  * HID: hyperv: Replace one-element array with flexible-array member (git-
    fixes).
  * HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
  * HID: hyperv: remove unused struct synthhid_msg (git-fixes).
  * HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
    (git-fixes).
  * HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only
    (git-fixes).
  * HID: logitech-hidpp: Move get_wireless_feature_index() check to
    hidpp_connect_event() (git-fixes).
  * HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
  * HID: logitech-hidpp: Revert "Do not restart communication if not necessary"
    (git-fixes).
  * Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
    (git-fixes).
  * Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-
    fixes).
  * Input: xpad - add VID for Turtle Beach controllers (git-fixes).
  * PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
  * PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
  * PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
  * PCI: Extract ATS disabling to a helper function (bsc#1215458).
  * PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-
    fixes).
  * PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
  * PCI: Use FIELD_GET() to extract Link Width (git-fixes).
  * PCI: exynos: Do not discard .remove() callback (git-fixes).
  * PCI: keystone: Do not discard .probe() callback (git-fixes).
  * PCI: keystone: Do not discard .remove() callback (git-fixes).
  * PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-
    fixes).
  * PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
  * PM: hibernate: Use __get_safe_page() rather than touching the list (git-
    fixes).
  * USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
  * USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
  * USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
  * USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
  * USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
  * USB: serial: option: add Fibocom L7xx modules (git-fixes).
  * USB: serial: option: add Luat Air72*U series products (git-fixes).
  * USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
  * USB: serial: option: fix FM101R-GL defines (git-fixes).
  * USB: usbip: fix stub_dev hub disconnect (git-fixes).
  * arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
  * arm64: Add Cortex-A520 CPU part definition (git-fixes)
  * arm64: allow kprobes on EL0 handlers (git-fixes)
  * arm64: armv8_deprecated move emulation functions (git-fixes)
  * arm64: armv8_deprecated: fix unused-function error (git-fixes)
  * arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
  * arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
  * arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
  * arm64: consistently pass ESR_ELx to die() (git-fixes)
  * arm64: die(): pass 'err' as long (git-fixes)
  * arm64: factor insn read out of call_undef_hook() (git-fixes)
  * arm64: factor out EL1 SSBS emulation hook (git-fixes)
  * arm64: report EL1 UNDEFs better (git-fixes)
  * arm64: rework BTI exception handling (git-fixes)
  * arm64: rework EL0 MRS emulation (git-fixes)
  * arm64: rework FPAC exception handling (git-fixes)
  * arm64: split EL0/EL1 UNDEF handlers (git-fixes)
  * ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
  * atl1c: Work around the DMA RX overflow issue (git-fixes).
  * atm: iphase: Do PCI error checks on own line (git-fixes).
  * blk-mq: Do not clear driver tags own mapping (bsc#1217366).
  * blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
    (bsc#1217366).
  * bluetooth: Add device 0bda:887b to device tables (git-fixes).
  * bluetooth: Add device 13d3:3571 to device tables (git-fixes).
  * can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is
    accessed out of bounds (git-fixes).
  * can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
  * can: dev: can_restart(): fix race condition between controller restart and
    netif_carrier_on() (git-fixes).
  * can: isotp: add local echo tx processing for consecutive frames (git-fixes).
  * can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-
    fixes).
  * can: isotp: fix tx state handling for echo tx processing (git-fixes).
  * can: isotp: handle wait_event_interruptible() return values (git-fixes).
  * can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting
    (git-fixes).
  * can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-
    fixes).
  * can: isotp: remove re-binding of bound socket (git-fixes).
  * can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
  * can: isotp: set max PDU size to 64 kByte (git-fixes).
  * can: isotp: split tx timer into transmission and timeout (git-fixes).
  * can: sja1000: Fix comment (git-fixes).
  * clk: Sanitize possible_parent_show to Handle Return Value of
    of_clk_get_parent_name (git-fixes).
  * clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
  * clk: imx: imx8mq: correct error handling path (git-fixes).
  * clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
  * clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
  * clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
  * clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
  * clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
  * clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
  * clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
  * clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
  * clk: npcm7xx: Fix incorrect kfree (git-fixes).
  * clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
    (git-fixes).
  * clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
  * clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
  * clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-
    fixes).
  * clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-
    fixes).
  * clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
  * clk: scmi: Free scmi_clk allocated when the clocks with invalid info are
    skipped (git-fixes).
  * clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
  * clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
  * clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-
    fixes).
  * clk: ti: change ti_clk_register_omap_hw API (git-fixes).
  * clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
  * crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
  * crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
  * crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
  * dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-
    fixes).
  * dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-
    fixes).
  * dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
  * dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
  * docs: net: move the probe and open/close sections of driver.rst up
    (bsc#1215458).
  * docs: net: reformat driver.rst from a list to sections (bsc#1215458).
  * docs: net: use C syntax highlight in driver.rst (bsc#1215458).
  * drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
  * drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
    (git-fixes).
  * drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
  * drm/amd/display: use full update for clip size increase of large plane
    source (git-fixes).
  * drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
  * drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-
    fixes).
  * drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
  * drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
    (git-fixes).
  * drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
  * drm/amdgpu: do not use ATRM for external devices (git-fixes).
  * drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
  * drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
  * drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-
    fixes).
  * drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
  * drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
    (git-fixes).
  * drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in
    drm_bridge_state (git-fixes).
  * drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
  * drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
  * drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
  * drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-
    fixes).
  * drm/bridge: lt8912b: Register and attach our DSI device at probe (git-
    fixes).
  * drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
  * drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-
    fixes).
  * drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
  * drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
  * drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
  * drm/bridge: tc358768: Fix bit updates (git-fixes).
  * drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
  * drm/gud: Use size_add() in call to struct_size() (git-fixes).
  * drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
  * drm/i915: Fix potential spectre vulnerability (git-fixes).
  * drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
  * drm/mediatek: Fix iommu fault by swapping FBs after updating plane state
    (git-fixes).
  * drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
  * drm/mipi-dsi: Create devm device attachment (git-fixes).
  * drm/mipi-dsi: Create devm device registration (git-fixes).
  * drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
  * drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-
    fixes).
  * drm/panel: fix a possible null pointer dereference (git-fixes).
  * drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
  * drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
  * drm/panel: st7703: Pick different reset sequence (git-fixes).
  * drm/qxl: prevent memory leak (git-fixes).
  * drm/radeon: possible buffer overflow (git-fixes).
  * drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-
    fixes).
  * drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-
    fixes).
  * drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
  * drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-
    fixes).
  * drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-
    fixes).
  * drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
  * drm/vc4: fix typo (git-fixes).
  * drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
  * dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
  * dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
  * fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
  * fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
  * fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-
    fixes).
  * fbdev: imsttfb: fix a resource leak in probe (git-fixes).
  * fbdev: imsttfb: fix double free in probe() (git-fixes).
  * fbdev: omapfb: Drop unused remove function (git-fixes).
  * firewire: core: fix possible memory leak in create_units() (git-fixes).
  * firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-
    fixes).
  * gpio: mockup: fix kerneldoc (git-fixes).
  * gpio: mockup: remove unused field (git-fixes).
  * hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
  * hv: simplify sysctl registration (git-fixes).
  * hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-
    fixes).
  * hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
  * hv_netvsc: fix netvsc_send_completion to avoid multiple message length
    checks (git-fixes).
  * hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
  * hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-
    fixes).
  * i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
  * i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
  * i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
    (git-fixes).
  * i2c: dev: copy userspace array safely (git-fixes).
  * i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-
    fixes).
  * i2c: iproc: handle invalid slave state (git-fixes).
  * i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
  * i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
  * i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
  * i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
  * i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
  * i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-
    fixes).
  * i3c: master: cdns: Fix reading status register (git-fixes).
  * i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-
    fixes).
  * i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-
    fixes).
  * i3c: master: svc: fix check wrong status register in irq handler (git-
    fixes).
  * i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
  * i3c: master: svc: fix race condition in ibi work thread (git-fixes).
  * i3c: master: svc: fix wrong data return when IBI happen during start frame
    (git-fixes).
  * i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-
    fixes).
  * i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
  * idpf: add RX splitq napi poll support (bsc#1215458).
  * idpf: add SRIOV support and other ndo_ops (bsc#1215458).
  * idpf: add TX splitq napi poll support (bsc#1215458).
  * idpf: add controlq init and reset checks (bsc#1215458).
  * idpf: add core init and interrupt request (bsc#1215458).
  * idpf: add create vport and netdev configuration (bsc#1215458).
  * idpf: add ethtool callbacks (bsc#1215458).
  * idpf: add module register and probe functionality (bsc#1215458).
  * idpf: add ptypes and MAC filter support (bsc#1215458).
  * idpf: add singleq start_xmit and napi poll (bsc#1215458).
  * idpf: add splitq start_xmit (bsc#1215458).
  * idpf: cancel mailbox work in error path (bsc#1215458).
  * idpf: configure resources for RX queues (bsc#1215458).
  * idpf: configure resources for TX queues (bsc#1215458).
  * idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
  * idpf: initialize interrupts and enable vport (bsc#1215458).
  * idpf: set scheduling mode for completion queue (bsc#1215458).
  * iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-
    fixes).
  * iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds
    (git-fixes).
  * iio: exynos-adc: request second interupt only when touchscreen mode is used
    (git-fixes).
  * irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
  * leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
  * leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
    (git-fixes).
  * leds: turris-omnia: Do not use SMBUS calls (git-fixes).
  * lsm: fix default return value for inode_getsecctx (git-fixes).
  * lsm: fix default return value for vm_enough_memory (git-fixes).
  * media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
  * media: ccs: Correctly initialise try compose rectangle (git-fixes).
  * media: ccs: Fix driver quirk struct documentation (git-fixes).
  * media: cedrus: Fix clock/reset sequence (git-fixes).
  * media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
  * media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
  * media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
  * media: imon: fix access to invalid resource for the second interface (git-
    fixes).
  * media: lirc: drop trailing space from scancode transmit (git-fixes).
  * media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
  * media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
  * media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
  * media: qcom: camss: Fix vfe_get() error jump (git-fixes).
  * media: sharp: fix sharp encoding (git-fixes).
  * media: siano: Drop unnecessary error check for debugfs_create_dir/file()
    (git-fixes).
  * media: venus: hfi: add checks to handle capabilities from firmware (git-
    fixes).
  * media: venus: hfi: add checks to perform sanity on queue pointers (git-
    fixes).
  * media: venus: hfi: fix the check to handle session buffer requirement (git-
    fixes).
  * media: venus: hfi_parser: Add check to keep the number of codecs within
    range (git-fixes).
  * media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
  * media: vidtv: psi: Add check for kstrdup (git-fixes).
  * media: vivid: avoid integer overflow (git-fixes).
  * mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-
    fixes).
  * mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
  * mfd: dln2: Fix double put in dln2_probe (git-fixes).
  * misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
  * misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-
    fixes).
  * mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237,
    git-fixes).
  * mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
  * mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
  * mmc: block: Retry commands in CQE error recovery (git-fixes).
  * mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
  * mmc: cqhci: Increase recovery halt timeout (git-fixes).
  * mmc: cqhci: Warn of halt or task clear failure (git-fixes).
  * mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
  * mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-
    fixes).
  * mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-
    fixes).
  * mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
  * mmc: vub300: fix an error code (git-fixes).
  * modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
  * mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
  * mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
  * mtd: rawnand: arasan: Include ECC syndrome along with in-band data while
    checking for ECC failure (git-fixes).
  * net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
  * net: Avoid address overwrite in kernel_connect (bsc#1216861).
  * net: add macro netif_subqueue_completed_wake (bsc#1215458).
  * net: fix use-after-free in tw_timer_handler (bsc#1217195).
  * net: ieee802154: adf7242: Fix some potential buffer overflow in
    adf7242_stats_show() (git-fixes).
  * net: mana: Fix return type of mana_start_xmit() (git-fixes).
  * net: piggy back on the memory barrier in bql when waking queues
    (bsc#1215458).
  * net: provide macros for commonly copied lockless queue stop/wake code
    (bsc#1215458).
  * net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-
    fixes).
  * net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-
    fixes).
  * nvme: update firmware version after commit (bsc#1215292).
  * pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
  * pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
    (git-fixes).
  * pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
  * pinctrl: avoid reload of p state in list iteration (git-fixes).
  * platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-
    fixes).
  * platform/x86: wmi: Fix opening of char device (git-fixes).
  * platform/x86: wmi: Fix probe failure when failing to register WMI devices
    (git-fixes).
  * platform/x86: wmi: remove unnecessary initializations (git-fixes).
  * powerpc: Do not clobber f0/vs0 during fp|altivec register save
    (bsc#1217780).
  * pwm: Fix double shift bug (git-fixes).
  * pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
  * pwm: sti: Reduce number of allocations and drop usage of chip_data (git-
    fixes).
  * r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
  * r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
  * r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
  * r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
  * r8152: Release firmware if we have an error in probe (git-fixes).
  * r8152: Run the unload routine if we have errors during probe (git-fixes).
  * regmap: Ensure range selector registers are updated after cache sync (git-
    fixes).
  * regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
  * regmap: prevent noinc writes from clobbering cache (git-fixes).
  * s390/ap: fix AP bus crash on early config change callback invocation (git-
    fixes bsc#1217687).
  * s390/cio: unregister device when the only path is gone (git-fixes
    bsc#1217609).
  * s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
  * s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997
    bsc#1217086).
  * s390/cmma: fix initial kernel address space page table walk (LTC#203997
    bsc#1217086).
  * s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
  * s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629
    bsc#1215124).
  * s390/dasd: protect device queue against concurrent access (git-fixes
    bsc#1217515).
  * s390/dasd: use correct number of retries for ERP requests (git-fixes
    bsc#1217598).
  * s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
    (bsc#1214976 git-fixes).
  * s390/mm: add missing arch_set_page_dat() call to gmap allocations
    (LTC#203997 bsc#1217086).
  * s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
    (LTC#203997 bsc#1217086).
  * s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
  * s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes
    bsc#1217599).
  * sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
  * scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
  * scsi: lpfc: Correct maximum PCI function value for RAS fw logging
    (bsc#1217731).
  * scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss()
    (bsc#1217731).
  * scsi: lpfc: Enhance driver logging for selected discovery events
    (bsc#1217731).
  * scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi()
    (bsc#1217731).
  * scsi: lpfc: Fix possible file string name overflow when updating firmware
    (bsc#1217731).
  * scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
  * scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
  * scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV
    ports (bsc#1217124).
  * scsi: lpfc: Remove unnecessary zero return code assignment in
    lpfc_sli4_hba_setup (bsc#1217124).
  * scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading
    (bsc#1217731).
  * scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci
    offline (bsc#1217124).
  * scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
  * scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
  * scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
  * scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
  * scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-
    fixes).
  * selftests/efivarfs: create-read: fix a resource leak (git-fixes).
  * selftests/pidfd: Fix ksft print formats (git-fixes).
  * selftests/resctrl: Ensure the benchmark commands fits to its array (git-
    fixes).
  * selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-
    fixes).
  * selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
  * seq_buf: fix a misleading comment (git-fixes).
  * serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial
    cards" (git-fixes).
  * serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
  * soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
  * spi: nxp-fspi: use the correct ioremap function (git-fixes).
  * spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
  * spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
  * staging: media: ipu3: remove ftrace-like logging (git-fixes).
  * string.h: add array-wrappers for (v)memdup_user() (git-fixes).
  * supported.conf: marked idpf supported
  * thermal: core: prevent potential string overflow (git-fixes).
  * treewide: Spelling fix in comment (git-fixes).
  * tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
  * tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
  * tty: 8250: Add support for Brainboxes UP cards (git-fixes).
  * tty: 8250: Add support for Intashield IS-100 (git-fixes).
  * tty: 8250: Add support for Intashield IX cards (git-fixes).
  * tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
  * tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
  * tty: 8250: Fix port count of PX-257 (git-fixes).
  * tty: 8250: Fix up PX-803/PX-857 (git-fixes).
  * tty: 8250: Remove UC-257 and UC-431 (git-fixes).
  * tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
  * tty: n_gsm: fix race condition in status line change on dead connections
    (git-fixes).
  * tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
  * tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
  * tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
  * usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
  * usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
  * usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
  * usb: dwc2: fix possible NULL pointer dereference caused by driver
    concurrency (git-fixes).
  * usb: dwc3: Fix default mode initialization (git-fixes).
  * usb: dwc3: set the dma max_seg_size (git-fixes).
  * usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
  * usb: raw-gadget: properly handle interrupted requests (git-fixes).
  * usb: storage: set 1.50 as the lower bcdDevice for older "Super Top"
    compatibility (git-fixes).
  * usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-
    fixes).
  * usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
  * virtchnl: add virtchnl version 2 ops (bsc#1215458).
  * wifi: ath10k: Do not touch the CE interrupt registers after power up (git-
    fixes).
  * wifi: ath10k: fix clang-specific fortify warning (git-fixes).
  * wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
  * wifi: ath11k: fix dfs radar event locking (git-fixes).
  * wifi: ath11k: fix htt pktlog locking (git-fixes).
  * wifi: ath11k: fix temperature event locking (git-fixes).
  * wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
  * wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
  * wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-
    fixes).
  * wifi: iwlwifi: empty overflow queue during flush (git-fixes).
  * wifi: iwlwifi: honor the enable_ini value (git-fixes).
  * wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
  * wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-
    fixes).
  * wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
  * wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
  * wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
  * wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
    (git-fixes).
  * x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
  * x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
  * x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-
    fixes).
  * x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
  * x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
  * x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
  * x86/hyperv: fix a warning in mshyperv.h (git-fixes).
  * x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-
    fixes).
  * x86/sev: Fix calculation of end address based on number of pages (git-
    fixes).
  * x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-
    fixes).
  * x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
  * xfs: add attr state machine tracepoints (git-fixes).
  * xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
  * xfs: constify btree function parameters that are not modified (git-fixes).
  * xfs: convert AGF log flags to unsigned (git-fixes).
  * xfs: convert AGI log flags to unsigned (git-fixes).
  * xfs: convert attr type flags to unsigned (git-fixes).
  * xfs: convert bmap extent type flags to unsigned (git-fixes).
  * xfs: convert bmapi flags to unsigned (git-fixes).
  * xfs: convert btree buffer log flags to unsigned (git-fixes).
  * xfs: convert buffer flags to unsigned (git-fixes).
  * xfs: convert buffer log item flags to unsigned (git-fixes).
  * xfs: convert da btree operations flags to unsigned (git-fixes).
  * xfs: convert dquot flags to unsigned (git-fixes).
  * xfs: convert inode lock flags to unsigned (git-fixes).
  * xfs: convert log item tracepoint flags to unsigned (git-fixes).
  * xfs: convert log ticket and iclog flags to unsigned (git-fixes).
  * xfs: convert quota options flags to unsigned (git-fixes).
  * xfs: convert scrub type flags to unsigned (git-fixes).
  * xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno"
    (git-fixes).
  * xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
  * xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
  * xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
  * xfs: make the key parameters to all btree key comparison functions const
    (git-fixes).
  * xfs: make the key parameters to all btree query range functions const (git-
    fixes).
  * xfs: make the keys and records passed to btree inorder functions const (git-
    fixes).
  * xfs: make the pointer passed to btree set_root functions const (git-fixes).
  * xfs: make the start pointer passed to btree alloc_block functions const
    (git-fixes).
  * xfs: make the start pointer passed to btree update_lastrec functions const
    (git-fixes).
  * xfs: mark the record passed into btree init_key functions as const (git-
    fixes).
  * xfs: mark the record passed into xchk_btree functions as const (git-fixes).
  * xfs: remove xfs_btree_cur_t typedef (git-fixes).
  * xfs: rename i_disk_size fields in ftrace output (git-fixes).
  * xfs: resolve fork names in trace output (git-fixes).
  * xfs: standardize AG block number formatting in ftrace output (git-fixes).
  * xfs: standardize AG number formatting in ftrace output (git-fixes).
  * xfs: standardize daddr formatting in ftrace output (git-fixes).
  * xfs: standardize inode generation formatting in ftrace output (git-fixes).
  * xfs: standardize inode number formatting in ftrace output (git-fixes).
  * xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
  * xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
  * xhci: Enable RPM on controllers that support low-power states (git-fixes).
  * xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2023-4810=1 openSUSE-SLE-15.4-2023-4810=1

  * openSUSE Leap Micro 5.3  
    zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4810=1

  * openSUSE Leap Micro 5.4  
    zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4810=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2023-4810=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2023-4810=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2023-4810=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2023-4810=1

  * Basesystem Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4810=1

  * Development Tools Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4810=1

  * Legacy Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4810=1

  * SUSE Linux Enterprise Live Patching 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4810=1  
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

  * SUSE Linux Enterprise High Availability Extension 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4810=1

  * SUSE Linux Enterprise Workstation Extension 15 SP4  
    zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4810=1

## Package List:

  * openSUSE Leap 15.4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.100.1
  * openSUSE Leap 15.4 (noarch)
    * kernel-devel-5.14.21-150400.24.100.2
    * kernel-docs-html-5.14.21-150400.24.100.1
    * kernel-macros-5.14.21-150400.24.100.2
    * kernel-source-vanilla-5.14.21-150400.24.100.2
    * kernel-source-5.14.21-150400.24.100.2
  * openSUSE Leap 15.4 (nosrc ppc64le x86_64)
    * kernel-debug-5.14.21-150400.24.100.2
  * openSUSE Leap 15.4 (ppc64le x86_64)
    * kernel-debug-devel-debuginfo-5.14.21-150400.24.100.2
    * kernel-debug-livepatch-devel-5.14.21-150400.24.100.2
    * kernel-debug-debuginfo-5.14.21-150400.24.100.2
    * kernel-debug-debugsource-5.14.21-150400.24.100.2
    * kernel-debug-devel-5.14.21-150400.24.100.2
  * openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
    * kernel-default-base-rebuild-5.14.21-150400.24.100.2.150400.24.46.2
    * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.100.2
    * kernel-kvmsmall-devel-5.14.21-150400.24.100.2
    * kernel-kvmsmall-debuginfo-5.14.21-150400.24.100.2
    * kernel-kvmsmall-debugsource-5.14.21-150400.24.100.2
    * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
    * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.100.2
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
    * gfs2-kmp-default-5.14.21-150400.24.100.2
    * dlm-kmp-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debugsource-5.14.21-150400.24.100.2
    * cluster-md-kmp-default-5.14.21-150400.24.100.2
    * kernel-obs-build-debugsource-5.14.21-150400.24.100.2
    * kernel-obs-build-5.14.21-150400.24.100.2
    * kernel-default-optional-debuginfo-5.14.21-150400.24.100.2
    * kernel-obs-qa-5.14.21-150400.24.100.1
    * ocfs2-kmp-default-5.14.21-150400.24.100.2
    * kselftests-kmp-default-5.14.21-150400.24.100.2
    * kernel-default-optional-5.14.21-150400.24.100.2
    * kernel-default-extra-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-extra-5.14.21-150400.24.100.2
    * kernel-default-livepatch-5.14.21-150400.24.100.2
    * kernel-syms-5.14.21-150400.24.100.1
    * kselftests-kmp-default-debuginfo-5.14.21-150400.24.100.2
    * gfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2
    * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-devel-debuginfo-5.14.21-150400.24.100.2
    * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-devel-5.14.21-150400.24.100.2
    * kernel-default-livepatch-devel-5.14.21-150400.24.100.2
    * reiserfs-kmp-default-5.14.21-150400.24.100.2
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.100.2
    * dlm-kmp-default-5.14.21-150400.24.100.2
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
    * kernel-default-5.14.21-150400.24.100.2
  * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
    * kernel-kvmsmall-5.14.21-150400.24.100.2
  * openSUSE Leap 15.4 (ppc64le s390x x86_64)
    * kernel-livepatch-5_14_21-150400_24_100-default-1-150400.9.3.2
    * kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-1-150400.9.3.2
    * kernel-livepatch-SLE15-SP4_Update_21-debugsource-1-150400.9.3.2
  * openSUSE Leap 15.4 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.100.2
  * openSUSE Leap 15.4 (s390x)
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.100.2
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.100.2
  * openSUSE Leap 15.4 (nosrc)
    * dtb-aarch64-5.14.21-150400.24.100.1
  * openSUSE Leap 15.4 (aarch64)
    * dtb-cavium-5.14.21-150400.24.100.1
    * dtb-amd-5.14.21-150400.24.100.1
    * dtb-xilinx-5.14.21-150400.24.100.1
    * dtb-freescale-5.14.21-150400.24.100.1
    * dtb-amlogic-5.14.21-150400.24.100.1
    * kselftests-kmp-64kb-5.14.21-150400.24.100.2
    * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
    * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
    * dtb-qcom-5.14.21-150400.24.100.1
    * dtb-exynos-5.14.21-150400.24.100.1
    * kernel-64kb-extra-5.14.21-150400.24.100.2
    * dtb-arm-5.14.21-150400.24.100.1
    * dtb-lg-5.14.21-150400.24.100.1
    * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
    * kernel-64kb-devel-5.14.21-150400.24.100.2
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.100.2
    * dtb-sprd-5.14.21-150400.24.100.1
    * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
    * gfs2-kmp-64kb-5.14.21-150400.24.100.2
    * kernel-64kb-debugsource-5.14.21-150400.24.100.2
    * dtb-socionext-5.14.21-150400.24.100.1
    * dtb-marvell-5.14.21-150400.24.100.1
    * dtb-allwinner-5.14.21-150400.24.100.1
    * kernel-64kb-extra-debuginfo-5.14.21-150400.24.100.2
    * dtb-rockchip-5.14.21-150400.24.100.1
    * dtb-renesas-5.14.21-150400.24.100.1
    * cluster-md-kmp-64kb-5.14.21-150400.24.100.2
    * dlm-kmp-64kb-5.14.21-150400.24.100.2
    * kernel-64kb-optional-5.14.21-150400.24.100.2
    * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
    * ocfs2-kmp-64kb-5.14.21-150400.24.100.2
    * kernel-64kb-debuginfo-5.14.21-150400.24.100.2
    * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
    * dtb-amazon-5.14.21-150400.24.100.1
    * dtb-apm-5.14.21-150400.24.100.1
    * dtb-broadcom-5.14.21-150400.24.100.1
    * dtb-hisilicon-5.14.21-150400.24.100.1
    * dtb-nvidia-5.14.21-150400.24.100.1
    * kernel-64kb-optional-debuginfo-5.14.21-150400.24.100.2
    * dtb-altera-5.14.21-150400.24.100.1
    * reiserfs-kmp-64kb-5.14.21-150400.24.100.2
    * dtb-apple-5.14.21-150400.24.100.1
    * dtb-mediatek-5.14.21-150400.24.100.1
    * kernel-64kb-livepatch-devel-5.14.21-150400.24.100.2
  * openSUSE Leap 15.4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.100.2
  * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
    * kernel-default-5.14.21-150400.24.100.2
  * openSUSE Leap Micro 5.3 (aarch64 x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
    * kernel-default-debugsource-5.14.21-150400.24.100.2
  * openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.100.2
  * openSUSE Leap Micro 5.4 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
  * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debugsource-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debugsource-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debugsource-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debugsource-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debugsource-5.14.21-150400.24.100.2
  * Basesystem Module 15-SP4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.100.2
  * Basesystem Module 15-SP4 (aarch64)
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.100.2
    * kernel-64kb-debuginfo-5.14.21-150400.24.100.2
    * kernel-64kb-debugsource-5.14.21-150400.24.100.2
    * kernel-64kb-devel-5.14.21-150400.24.100.2
  * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
    * kernel-default-5.14.21-150400.24.100.2
  * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64)
    * kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
  * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debugsource-5.14.21-150400.24.100.2
    * kernel-default-devel-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-devel-5.14.21-150400.24.100.2
  * Basesystem Module 15-SP4 (noarch)
    * kernel-macros-5.14.21-150400.24.100.2
    * kernel-devel-5.14.21-150400.24.100.2
  * Basesystem Module 15-SP4 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.100.2
  * Basesystem Module 15-SP4 (s390x)
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.100.2
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.100.2
  * Development Tools Module 15-SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.100.1
  * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    * kernel-obs-build-debugsource-5.14.21-150400.24.100.2
    * kernel-obs-build-5.14.21-150400.24.100.2
    * kernel-syms-5.14.21-150400.24.100.1
  * Development Tools Module 15-SP4 (noarch)
    * kernel-source-5.14.21-150400.24.100.2
  * Legacy Module 15-SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.100.2
  * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debugsource-5.14.21-150400.24.100.2
    * reiserfs-kmp-default-5.14.21-150400.24.100.2
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
    * kernel-default-livepatch-5.14.21-150400.24.100.2
    * kernel-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debugsource-5.14.21-150400.24.100.2
    * kernel-default-livepatch-devel-5.14.21-150400.24.100.2
    * kernel-livepatch-5_14_21-150400_24_100-default-1-150400.9.3.2
    * kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-1-150400.9.3.2
    * kernel-livepatch-SLE15-SP4_Update_21-debugsource-1-150400.9.3.2
  * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
    s390x x86_64)
    * gfs2-kmp-default-5.14.21-150400.24.100.2
    * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2
    * dlm-kmp-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debugsource-5.14.21-150400.24.100.2
    * cluster-md-kmp-default-5.14.21-150400.24.100.2
    * ocfs2-kmp-default-5.14.21-150400.24.100.2
    * gfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2
    * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.100.2
    * dlm-kmp-default-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.100.2
  * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.100.2
    * kernel-default-debugsource-5.14.21-150400.24.100.2
    * kernel-default-extra-5.14.21-150400.24.100.2
    * kernel-default-extra-debuginfo-5.14.21-150400.24.100.2

## References:

  * https://www.suse.com/security/cve/CVE-2023-2006.html
  * https://www.suse.com/security/cve/CVE-2023-25775.html
  * https://www.suse.com/security/cve/CVE-2023-39197.html
  * https://www.suse.com/security/cve/CVE-2023-39198.html
  * https://www.suse.com/security/cve/CVE-2023-4244.html
  * https://www.suse.com/security/cve/CVE-2023-45863.html
  * https://www.suse.com/security/cve/CVE-2023-45871.html
  * https://www.suse.com/security/cve/CVE-2023-46862.html
  * https://www.suse.com/security/cve/CVE-2023-5158.html
  * https://www.suse.com/security/cve/CVE-2023-5717.html
  * https://www.suse.com/security/cve/CVE-2023-6039.html
  * https://www.suse.com/security/cve/CVE-2023-6176.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1084909
  * https://bugzilla.suse.com/show_bug.cgi?id=1210447
  * https://bugzilla.suse.com/show_bug.cgi?id=1214286
  * https://bugzilla.suse.com/show_bug.cgi?id=1214976
  * https://bugzilla.suse.com/show_bug.cgi?id=1215124
  * https://bugzilla.suse.com/show_bug.cgi?id=1215292
  * https://bugzilla.suse.com/show_bug.cgi?id=1215420
  * https://bugzilla.suse.com/show_bug.cgi?id=1215458
  * https://bugzilla.suse.com/show_bug.cgi?id=1215710
  * https://bugzilla.suse.com/show_bug.cgi?id=1216058
  * https://bugzilla.suse.com/show_bug.cgi?id=1216105
  * https://bugzilla.suse.com/show_bug.cgi?id=1216259
  * https://bugzilla.suse.com/show_bug.cgi?id=1216584
  * https://bugzilla.suse.com/show_bug.cgi?id=1216693
  * https://bugzilla.suse.com/show_bug.cgi?id=1216759
  * https://bugzilla.suse.com/show_bug.cgi?id=1216844
  * https://bugzilla.suse.com/show_bug.cgi?id=1216861
  * https://bugzilla.suse.com/show_bug.cgi?id=1216909
  * https://bugzilla.suse.com/show_bug.cgi?id=1216959
  * https://bugzilla.suse.com/show_bug.cgi?id=1216965
  * https://bugzilla.suse.com/show_bug.cgi?id=1216976
  * https://bugzilla.suse.com/show_bug.cgi?id=1217036
  * https://bugzilla.suse.com/show_bug.cgi?id=1217068
  * https://bugzilla.suse.com/show_bug.cgi?id=1217086
  * https://bugzilla.suse.com/show_bug.cgi?id=1217124
  * https://bugzilla.suse.com/show_bug.cgi?id=1217140
  * https://bugzilla.suse.com/show_bug.cgi?id=1217195
  * https://bugzilla.suse.com/show_bug.cgi?id=1217200
  * https://bugzilla.suse.com/show_bug.cgi?id=1217205
  * https://bugzilla.suse.com/show_bug.cgi?id=1217332
  * https://bugzilla.suse.com/show_bug.cgi?id=1217366
  * https://bugzilla.suse.com/show_bug.cgi?id=1217515
  * https://bugzilla.suse.com/show_bug.cgi?id=1217598
  * https://bugzilla.suse.com/show_bug.cgi?id=1217599
  * https://bugzilla.suse.com/show_bug.cgi?id=1217609
  * https://bugzilla.suse.com/show_bug.cgi?id=1217687
  * https://bugzilla.suse.com/show_bug.cgi?id=1217731
  * https://bugzilla.suse.com/show_bug.cgi?id=1217780
  * https://jira.suse.com/browse/PED-3184
  * https://jira.suse.com/browse/PED-5021
  * https://jira.suse.com/browse/PED-7237

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20231213/9123c3ff/attachment-0001.htm>


More information about the sle-security-updates mailing list