SUSE-IU-2023:476-1: Security update of sles-15-sp4-chost-byos-v20230704-arm64

sle-security-updates at sle-security-updates at
Sat Jul 8 07:02:06 UTC 2023

SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20230704-arm64
Image Advisory ID : SUSE-IU-2023:476-1
Image Tags        : sles-15-sp4-chost-byos-v20230704-arm64:20230704
Image Release     : 
Severity          : important
Type              : security
References        : 1065729 1172073 1191112 1191731 1193629 1195655 1195921 1198097
                        1199020 1201627 1201817 1202234 1202234 1203750 1203818 1203906
                        1205650 1205756 1205758 1205760 1205762 1205803 1206024 1206578
                        1207004 1207071 1207534 1207553 1208074 1208604 1208758 1209233
                        1209287 1209288 1209565 1209565 1209856 1209982 1210165 1210294
                        1210298 1210449 1210450 1210498 1210533 1210551 1210591 1210647
                        1210741 1210775 1210783 1210791 1210806 1210940 1210947 1210996
                        1211037 1211043 1211044 1211089 1211105 1211113 1211131 1211158
                        1211205 1211256 1211257 1211261 1211261 1211263 1211272 1211280
                        1211281 1211354 1211418 1211419 1211449 1211465 1211519 1211564
                        1211578 1211588 1211590 1211592 1211612 1211661 1211686 1211687
                        1211688 1211689 1211690 1211691 1211692 1211693 1211714 1211754
                        1211795 1211796 1211804 1211807 1211808 1211847 1211855 1211960
                        1212187 1212187 1212187 1212187 1212189 1212222 1212222 1212230
                        1212516 1212517 1212544 1212567 1212662 CVE-2007-4559 CVE-2022-4269
                        CVE-2022-4304 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887
                        CVE-2022-45919 CVE-2023-1079 CVE-2023-1380 CVE-2023-1382 CVE-2023-2002
                        CVE-2023-2124 CVE-2023-2156 CVE-2023-2162 CVE-2023-2269 CVE-2023-2426
                        CVE-2023-2483 CVE-2023-2513 CVE-2023-2602 CVE-2023-2603 CVE-2023-2609
                        CVE-2023-2610 CVE-2023-2828 CVE-2023-28410 CVE-2023-2911 CVE-2023-2953
                        CVE-2023-3006 CVE-2023-30456 CVE-2023-31084 CVE-2023-31436 CVE-2023-32233
                        CVE-2023-33288 CVE-2023-34241 

The container sles-15-sp4-chost-byos-v20230704-arm64 was updated. The following patches have been included in this update:

Advisory ID: SUSE-RU-2023:2482-1
Released:    Mon Jun 12 07:19:53 2023
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  1211272
This update for systemd-rpm-macros fixes the following issues:

- Adjust functions so they are disabled when called from a chroot (bsc#1211272)

Advisory ID: SUSE-SU-2023:2484-1
Released:    Mon Jun 12 08:49:58 2023
Summary:     Security update for openldap2
Type:        security
Severity:    moderate
References:  1211795,CVE-2023-2953
This update for openldap2 fixes the following issues:

- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).

Advisory ID: SUSE-RU-2023:2495-1
Released:    Tue Jun 13 15:05:27 2023
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    important
References:  1211661,1212187
This update for libzypp fixes the following issues:

- Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187]
- Do not unconditionally release a medium if provideFile failed. [bsc#1211661]

Advisory ID: SUSE-SU-2023:2517-1
Released:    Thu Jun 15 07:09:52 2023
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1203750,1211158,CVE-2007-4559
This update for python3 fixes the following issues:

- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).

- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).

Advisory ID: SUSE-RU-2023:2519-1
Released:    Thu Jun 15 08:25:19 2023
Summary:     Recommended update for supportutils
Type:        recommended
Severity:    moderate
References:  1203818
This update for supportutils fixes the following issues:

 - Added missed sanitation check on crash.txt (bsc#1203818)
 - Added check to _sanitize_file
 - Using variable for replement text in _sanitize_file

Advisory ID: SUSE-RU-2023:2550-1
Released:    Mon Jun 19 17:51:21 2023
Summary:     Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings
Type:        recommended
Severity:    moderate
References:  1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189

This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to
the INSTALLER self-update channel.


- Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)


- Selected products are not installed after resetting the package manager internally (bsc#1202234)


- Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354)
- Fixed loading icons from an absolute path (bsc#1210591)
- Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112)
- Force messages from .ui file through our translation mechanism (bsc#1198097)

Advisory ID: SUSE-SU-2023:2571-1
Released:    Wed Jun 21 13:26:09 2023
Summary:     Security update for Salt
Type:        security
Severity:    moderate
References:  1207071,1209233,1211612,1211754,1212516,1212517
This update for salt fixes the following issues:


- Update to Salt release version 3006.0 (jsc#PED-4361)
  * See release notes:
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
- Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt
  (no source changes)
- Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath
  (no source changes)
Advisory ID: SUSE-SU-2023:2616-1
Released:    Thu Jun 22 16:47:50 2023
Summary:     Security update for cups
Type:        security
Severity:    important
References:  1212230,CVE-2023-34241
This update for cups fixes the following issues:

- CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230).

Advisory ID: SUSE-RU-2023:2625-1
Released:    Fri Jun 23 17:16:11 2023
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
This update for gcc12 fixes the following issues:

- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204

  * includes regression and other bug fixes

- Speed up builds with --enable-link-serialization.

- Update embedded newlib to version 4.2.0

Advisory ID: SUSE-RU-2023:2632-1
Released:    Mon Jun 26 12:16:31 2023
Summary:     Recommended update for suseconnect-ng
Type:        recommended
Severity:    moderate
References:  1211588
This update for suseconnect-ng fixes the following issues:

- Update to version 1.1.0~git2.f42b4b2a060e:
- Keep keepalive timer states when replacing SUSEConnect (bsc#1211588)

Advisory ID: SUSE-SU-2023:2640-1
Released:    Mon Jun 26 15:09:10 2023
Summary:     Security update for vim
Type:        security
Severity:    moderate
References:  1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610
This update for vim fixes the following issues:

- CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996).
- CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256).
- CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257).

Advisory ID: SUSE-SU-2023:2648-1
Released:    Tue Jun 27 09:52:35 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1201627,1207534,CVE-2022-4304
This update for openssl-1_1 fixes the following issues:

- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
  The previous fix for this timing side channel turned out to cause a
  severe 2-3x performance regression in the typical use case (bsc#1207534).

- Update further expiring certificates that affect the testsuite (bsc#1201627).

Advisory ID: SUSE-RU-2023:2649-1
Released:    Tue Jun 27 10:01:13 2023
Summary:     Recommended update for hwdata
Type:        recommended
Severity:    moderate
This update for hwdata fixes the following issues:

- update to 0.371:

Advisory ID: SUSE-SU-2023:2653-1
Released:    Tue Jun 27 12:08:18 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1172073,1191731,1193629,1195655,1195921,1203906,1205650,1205756,1205758,1205760,1205762,1205803,1206024,1206578,1207553,1208604,1208758,1209287,1209288,1209856,1209982,1210165,1210294,1210449,1210450,1210498,1210533,1210551,1210647,1210741,1210775,1210783,1210791,1210806,1210940,1210947,1211037,1211043,1211044,1211089,1211105,1211113,1211131,1211205,1211263,1211280,1211281,1211449,1211465,1211519,1211564,1211590,1211592,1211686,1211687,1211688,1211689,1211690,1211691,1211692,1211693,1211714,1211796,1211804,1211807,1211808,1211847,1211855,1211960,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2023-1079,CVE-2023-1380,CVE-2023-1382,CVE-2023-2002,CVE-2023-2124,CVE-2023-2156,CVE-2023-2162,CVE-2023-2269,CVE-2023-2483,CVE-2023-2513,CVE-2023-28410,CVE-2023-3006,CVE-2023-30456,CVE-2023-31084,CVE-2023-31436,CVE-2023-32233,CVE-2023-33288

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855).
- CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).

The following non-security bugs were fixed:

- 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes).
- ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
- ACPI: tables: Add support for NBFT (bsc#1195921).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
- ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
- Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
- HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
- HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
- HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
- HID: wacom: Set a default resolution for older tablets (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- Input: xpad - add constants for GIP interface numbers (git-fixes).
- KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes)
- KVM: Do not create VM debugfs files outside of the VM directory (git-fixes)
- KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
- KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes).
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
- KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes).
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes).
- KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes)
- KVM: arm64: Do not return from void function (git-fixes)
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes).
- KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes).
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes).
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes).
- KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes).
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes).
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes).
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes).
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes).
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes).
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes).
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes).
- KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes).
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes).
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes).
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes).
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes).
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes).
- KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes).
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes).
- KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes).
- KVM: x86: do not set st->preempted when going back to user space (git-fixes).
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes).
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes).
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes).
- PM: hibernate: Turn snapshot_test into global variable (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path (git-fixes).
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- RDMA/hns: Fix base address table allocation (git-fixes)
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383).
- RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383).
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- RDMA/irdma: Prevent QP use after free (git-fixes)
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022).
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255).
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- Revert 'KVM: set owner of cpu and vm file operations' (git-fixes)
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- SMB3: Add missing locks to protect deferred close file list (git-fixes).
- SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629).
- SMB3: Close deferred file handles in case of handle lease break (bsc#1193629).
- SMB3: drop reference to cfile before sending oplock break (bsc#1193629).
- SMB3: force unmount was failing to close deferred close files (bsc#1193629).
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775).
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers (git-fixes).
- USB: sisusbvga: Add endpoint checks (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes).
- apparmor: add a kernel label to use on kernel objects (bsc#1211113).
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage.
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978).
- bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978).
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes).
- can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes).
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes).
- cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes).
- ceph: force updating the msg pointer in non-split case (bsc#1211804).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906).
- cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650).
- cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup  id (bsc#1205650).
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes).
- cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758).
- cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629).
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758).
- cifs: fix sharing of DFS connections (bsc#1208758).
- cifs: fix smb1 mount regression (bsc#1193629).
- cifs: mapchars mount option ignored (bsc#1193629).
- cifs: missing lock when updating session status (bsc#1193629).
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758).
- cifs: protect session status check in smb2_reconnect() (bsc#1208758).
- cifs: release leases for deferred close handles when freezing (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- configfs: fix possible memory leak in configfs_create_dir() (git-fixes).
- crypto: acomp - define max size for destination (jsc#PED-3692)
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- crypto: qat - add misc workqueue (jsc#PED-3692)
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- crypto: qat - add param check for DH (jsc#PED-3692)
- crypto: qat - add param check for RSA (jsc#PED-3692)
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- crypto: qat - change behaviour of (jsc#PED-3692)
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- crypto: qat - do not rely on min version (jsc#PED-3692)
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- crypto: qat - extract send and wait from (jsc#PED-3692)
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- crypto: qat - refactor submission logic (jsc#PED-3692)
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992).
- debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- do not reuse connection if share marked as isolated (bsc#1193629).
- docs: networking: fix x25-iface.rst heading & index order (git-fixes).
- drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes).
- drm-hyperv: Add a bug reference to two existing changes (bsc#1211281).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes).
- drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds better (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes).
- drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes).
- drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes).
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes).
- fbdev: udlfb: Fix endpoint check (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes).
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807).
- futex: Resend potentially swallowed owner death notification (git-fixes).
- google/gve:fix repeated words in comments (bsc#1211519).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (git-fixes).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (git-fixes).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes).
- gve: enhance no queue page list detection (bsc#1211519).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378).
- i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378).
- i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378).
- i40e: fix flow director packet filter programming (jsc#SLE-18378).
- i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378).
- iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385).
- iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385).
- iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385).
- iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385).
- ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377).
- igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377).
- igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: fix the validation logic for taprio's gate list (jsc#SLE-18377).
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes).
- iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- ixgbe: Enable setting RSS table to default values (jsc#SLE-18384).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384).
- ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384).
- kABI workaround for btbcm.c (git-fixes).
- kABI workaround for mt76_poll_msec() (git-fixes).
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest  (git-fixes)
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731).
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes).
- leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer() (git-fixes).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes).
- media: radio-shark: Add endpoint checks (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments (git-fixes).
- media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes).
- misc: fastrpc: reject new invocations during device removal (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes).
- mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes).
- mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written (git-fixes).
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
- net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982).
- net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551).
- net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022).
- net: mana: Enable RX path to handle various MTU sizes (bsc#1210551).
- net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022).
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes).
- net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022).
- net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022).
- net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551).
- net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes).
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564).
- net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes).
- net: qrtr: correct types of trace event parameters (git-fixes).
- net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
- net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes).
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD (git-fixes).
- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes).
- nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes).
- nvme-tcp: fix bogus request completion when failing to send AER (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes).
- nvme: fix passthrough csi check (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes).
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes).
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes).
- power: supply: bq27xxx: expose battery data when CI=1 (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes).
- powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes).
- powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729).
- powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- purgatory: fix disabling debug info (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001).
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes).
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes).
- ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes).
- ring-buffer: Fix kernel-doc (git-fixes).
- ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
- rpm/ Increase disk size constraint for riscv64 to 52GB
- rtmutex: Ensure that the top waiter is always woken up (git-fixes).
- s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947)
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686).
- s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687).
- s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes).
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690).
- s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692).
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes).
- s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714).
- s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes).
- scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847).
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847).
- scsi: lpfc: Update congestion warning notification period (bsc#1211847).
- scsi: lpfc: Update lpfc version to (bsc#1211847).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
- scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes).
- scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Check for return value after write_schemata() (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes).
- selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes).
- selinux: do not use make's grouped targets feature yet (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes).
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt (git-fixes).
- serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes).
- sfc: Change VF mac via PF as first preference if available (git-fixes).
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- sfc: ef10: do not overwrite offload features at NIC reset (git-fixes).
- sfc: fix TX channel offset when using legacy interrupts (git-fixes).
- sfc: fix considering that all channels have TX queues (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes).
- sfc: include vport_id in filter spec hash and equal() (git-fixes).
- smb3: display debug information better for encryption (bsc#1193629).
- smb3: fix problem remounting a share after shutdown (bsc#1193629).
- smb3: improve parallel reads of large files (bsc#1193629).
- smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629).
- smb3: move some common open context structs to smbfs_common (bsc#1193629).
- soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes).
- struct ci_hdrc: hide new member at end (git-fixes).
- supported.conf: mark mana_ib supported
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165).
- tools/virtio: compile with -pthread (git-fixes).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tools/virtio: fix virtio_test execution (git-fixes).
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes).
- tracing: Fix permissions for the buffer_percent file (git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
- usb: chipidea: core: fix possible concurrent when switch role (git-fixes).
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes).
- usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes).
- usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes).
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes).
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes).
- usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes).
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes).
- usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes).
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
- usb: typec: tcpm: fix multiple times discover svids error (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796).
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes).
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
- virtio_net: split free_unused_bufs() (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- wifi: mt76: add flexible polling wait-interval support (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044).
- workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044).
- workqueue: Warn when a new worker could not be created (bsc#1211044).
- workqueue: Warn when a rescuer could not be created (bsc#1211044).
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- x86/alternative: Report missing return thunk details (git-fixes).
- x86/alternative: Support relocations in alternatives (bsc#1206578).
- x86/amd: Use IBPB for firmware calls (git-fixes).
- x86/boot: Skip realmode init code when running as Xen PV guest  (git-fixes).
- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes).
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- x86/speculation/mmio: Print SMT warning (git-fixes).
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- x86: Fix return value of __setup handlers (git-fixes).
- x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes).
- xen/netback: do not do grant copy across page boundary (git-fixes).
- xen/netback: use same error messages for same errors (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes).
- xhci: Fix incorrect tracking of free space on transfer rings (git-fixes).

Advisory ID: SUSE-RU-2023:2658-1
Released:    Tue Jun 27 14:46:15 2023
Summary:     Recommended update for containerd, docker, runc
Type:        recommended
Severity:    moderate
References:  1207004,1208074,1210298,1211578
This update for containerd, docker, runc fixes the following issues:

- Update to containerd v1.6.21 (bsc#1211578)
- Update to Docker 23.0.6-ce (bsc#1211578)
- Update to runc v1.1.7
- Require a minimum Go version explicitly (bsc#1210298)
- Re-unify packaging for SLE-12 and SLE-15
- Fix build on SLE-12 by switching back to libbtrfs-devel headers
- Allow man pages to be built without internet access in OBS
- Add apparmor-parser as a Recommends to make sure that most users will end up with it installed   
  even if they are primarily running SELinux
- Fix syntax of boolean dependency
- Allow to install container-selinux instead of apparmor-parser
- Change to using systemd-sysusers
- Update runc.keyring to upstream version
- Fix the inability to use `/dev/null` when inside a container (bsc#1207004)

Advisory ID: SUSE-SU-2023:2667-1
Released:    Wed Jun 28 09:14:31 2023
Summary:     Security update for bind
Type:        security
Severity:    important
References:  1212544,1212567,CVE-2023-2828,CVE-2023-2911
This update for bind fixes the following issues:

Update to release 9.16.42

Security Fixes:

* The overmem cleaning process has been improved, to prevent the
  cache from significantly exceeding the configured
  max-cache-size limit. (CVE-2023-2828)
* A query that prioritizes stale data over lookup triggers a
  fetch to refresh the stale data in cache. If the fetch is
  aborted for exceeding the recursion quota, it was possible for
  named to enter an infinite callback loop and crash due to stack
  overflow. This has been fixed. (CVE-2023-2911)

Bug Fixes:

* Previously, it was possible for a delegation from cache to be
  returned to the client after the stale-answer-client-timeout
  duration. This has been fixed.  [bsc#1212544, bsc#1212567, jsc#SLE-24600]

Update to release 9.16.41

Bug Fixes:

* When removing delegations from an opt-out range,
  empty-non-terminal NSEC3 records generated by those delegations
  were not cleaned up. This has been fixed.  [jsc#SLE-24600]

Update to release 9.16.40

Bug Fixes:

* Logfiles using timestamp-style suffixes were not always
  correctly removed when the number of files exceeded the limit
  set by versions. This has been fixed for configurations which
  do not explicitly specify a directory path as part of the file
  argument in the channel specification.
* Performance of DNSSEC validation in zones with many DNSKEY
  records has been improved.

Update to release 9.16.39

Feature Changes:

* libuv support for receiving multiple UDP messages in a single
  recvmmsg() system call has been tweaked several times between
  libuv versions 1.35.0 and 1.40.0; the current recommended libuv
  version is 1.40.0 or higher. New rules are now in effect for
  running with a different version of libuv than the one used at
  compilation time. These rules may trigger a fatal error at
  - Building against or running with libuv versions 1.35.0 and
    1.36.0 is now a fatal error.
  - Running with libuv version higher than 1.34.2 is now a
    fatal error when named is built against libuv version
    1.34.2 or lower.
  - Running with libuv version higher than 1.39.0 is now a
    fatal error when named is built against libuv version
    1.37.0, 1.38.0, 1.38.1, or 1.39.0.

* This prevents the use of libuv versions that may trigger an
  assertion failure when receiving multiple UDP messages in a
  single system call.

Bug Fixes:

* named could crash with an assertion failure when adding a new
  zone into the configuration file for a name which was already
  configured as a member zone for a catalog zone. This has been
* When named starts up, it sends a query for the DNSSEC key for
  each configured trust anchor to determine whether the key has
  changed. In some unusual cases, the query might depend on a
  zone for which the server is itself authoritative, and would
  have failed if it were sent before the zone was fully loaded.
  This has now been fixed by delaying the key queries until all
  zones have finished loading. [jsc#SLE-24600]

Advisory ID: SUSE-RU-2023:2742-1
Released:    Fri Jun 30 11:40:59 2023
Summary:     Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper
Type:        recommended
Severity:    moderate
References:  1202234,1209565,1211261,1212187,1212222
This update for yast2-pkg-bindings fixes the following issues:

libzypp was updated to version 17.31.14 (22):

- Curl: trim all custom headers (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. So we make
  sure all custom headers are trimmed. This also includes headers
  returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)

zypper was updated to version 1.14.61:

- targetos: Add an error note if XPath:/product/register/target
  is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)

yast2-pkg-bindings, autoyast:

- Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- Selected products are not installed after resetting the package manager internally (bsc#1202234)


- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)

Advisory ID: SUSE-RU-2023:2761-1
Released:    Mon Jul  3 15:16:44 2023
Summary:     Recommended update for libjansson
Type:        recommended
Severity:    moderate
References:  1201817
This update for libjansson fixes the following issues:

- Update to 2.14 (bsc#1201817):
  * New Features:
    + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the
      corresponding `nocheck` functions.
    + Add jansson_version_str() and jansson_version_cmp() for runtime version checking
    + Add json_object_update_new(), json_object_update_existing_new()
      and json_object_update_missing_new() functions
    + Add json_object_update_recursive()
    + Add `json_pack()` format specifiers s*, o* and O* for values
      that can be omitted if null 
    + Add `json_error_code()` to retrieve numeric error codes
    + Enable thread safety for `json_dump()` on all systems.
      Enable thread safe `json_decref()` and `json_incref()` for
      modern compilers 
    + Add `json_sprintf()` and `json_vsprintf()` 
  * Fixes:
    + Handle `sprintf` corner cases.
    + Add infinite loop check in json_deep_copy()
    + Enhance JANSSON_ATTRS macro to support earlier C standard(C89)
    + Update version detection for sphinx-build
    + Fix error message in `json_pack()` for NULL object 
    + Avoid invalid memory read in `json_pack()` 
    + Call va_end after va_copy in `json_vsprintf()` 
    + Improve handling of formats with '?' and '*' in `json_pack()`
    + Remove inappropriate `jsonp_free()` which caused
      segmentation fault in error handling 
    + Fix incorrect report of success from `json_dump_file()` when
      an error is returned by `fclose()` 
    + Make json_equal() const-correct 
    + Fix incomplete stealing of references by `json_pack()` 
- Use GitHub as source URLs: Release hasn't been uploaded to
- Add check section.

Advisory ID: SUSE-SU-2023:2765-1
Released:    Mon Jul  3 20:28:14 2023
Summary:     Security update for libcap
Type:        security
Severity:    moderate
References:  1211418,1211419,CVE-2023-2602,CVE-2023-2603
This update for libcap fixes the following issues:

- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).

Advisory ID: SUSE-RU-2023:2767-1
Released:    Mon Jul  3 21:22:32 2023
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1212662
This update for dracut fixes the following issues:

- Update to version 055+suse.344.g3d5cd8fb
- Continue parsing if ldd prints 'cannot execute binary file' (bsc#1212662)

Advisory ID: SUSE-RU-2023:2772-1
Released:    Tue Jul  4 09:54:23 2023
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1211261,1212187,1212222
This update for libzypp, zypper fixes the following issues:

libzypp was updated to version 17.31.14 (22):

- Curl: trim all custom headers (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. So we make
  sure all custom headers are trimmed. This also includes headers
  returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)

zypper was updated to version 1.14.61:

- targetos: Add an error note if XPath:/product/register/target
  is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)

The following package changes have been done:

- bind-utils-9.16.42-150400.5.27.1 updated
- containerd-ctr-1.6.21-150000.93.1 updated
- containerd-1.6.21-150000.93.1 updated
- cups-config-2.2.7-150000.3.46.1 updated
- docker-23.0.6_ce-150000.178.1 updated
- dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 updated
- hwdata-0.371-150000.3.62.1 updated
- kernel-default-5.14.21-150400.24.66.1 updated
- libcap2-2.63-150400.3.3.1 updated
- libcups2-2.2.7-150000.3.46.1 updated
- libgcc_s1-12.3.0+git1204-150000.1.10.1 updated
- libjansson4-2.14-150000.3.3.1 updated
- libldap-2_4-2-2.4.46-150200.14.14.1 updated
- libldap-data-2.4.46-150200.14.14.1 updated
- libopenssl1_1-1.1.1l-150400.7.42.1 updated
- libprotobuf-lite20-3.9.2-150200.4.21.1 updated
- libpython3_6m1_0-3.6.15-150300.10.48.1 updated
- libsolv-tools-0.7.24-150400.3.8.1 updated
- libstdc++6-12.3.0+git1204-150000.1.10.1 updated
- libzck1-1.1.16-150400.3.4.1 updated
- libzypp-17.31.14-150400.3.35.1 updated
- openssl-1_1-1.1.1l-150400.7.42.1 updated
- python3-base-3.6.15-150300.10.48.1 updated
- python3-bind-9.16.42-150400.5.27.1 updated
- python3-ply-3.10-150000.3.3.4 updated
- python3-3.6.15-150300.10.48.1 updated
- runc-1.1.7-150000.46.1 updated
- supportutils-3.1.21-150300. updated
- suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1 updated
- systemd-rpm-macros-13-150000.7.33.1 updated
- vim-data-common-9.0.1572-150000.5.46.1 updated
- vim-9.0.1572-150000.5.46.1 updated
- zypper-1.14.61-150400.3.24.1 updated
- xxd-9.0.1443-150000.5.43.1 removed

More information about the sle-security-updates mailing list