SUSE-IU-2023:775-1: Security update of suse-sles-15-sp4-chost-byos-v20231027-hvm-ssd-x86_64

sle-security-updates at sle-security-updates at
Mon Oct 30 08:01:09 UTC 2023

SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20231027-hvm-ssd-x86_64
Image Advisory ID : SUSE-IU-2023:775-1
Image Tags        : suse-sles-15-sp4-chost-byos-v20231027-hvm-ssd-x86_64:20231027
Image Release     : 
Severity          : important
Type              : security
References        : 1023051 1107342 1120059 1177719 1188885 1193629 1194869 1201066
                        1201300 1202845 1205462 1205767 1206480 1206684 1208902 1208949
                        1209233 1209284 1209799 1210048 1210335 1210448 1210557 1211078
                        1211427 1212091 1212101 1212142 1212475 1212526 1212857 1212873
                        1213026 1213123 1213428 1213546 1213580 1213601 1213666 1213757
                        1213759 1213808 1213854 1213915 1213916 1213921 1213927 1213940
                        1213946 1213968 1213970 1213971 1214000 1214019 1214052 1214120
                        1214149 1214180 1214238 1214285 1214292 1214297 1214299 1214350
                        1214368 1214370 1214371 1214372 1214380 1214386 1214392 1214393
                        1214395 1214397 1214428 1214451 1214460 1214635 1214659 1214661
                        1214729 1214742 1214743 1214756 1214806 1214922 1214924 1214925
                        1214928 1214940 1214941 1214942 1214943 1214944 1214950 1214951
                        1214954 1214957 1214986 1214988 1214992 1214993 1215004 1215006
                        1215007 1215033 1215215 1215286 1215313 1215322 1215323 1215434
                        1215522 1215523 1215552 1215553 1215713 1215744 1215746 1215747
                        1215748 1215877 1215888 1215889 1215891 1215894 1215895 1215896
                        1215904 1215905 1215908 1215911 1215915 1215916 1215935 1215936
                        1215968 1216123 1216174 1216268 1216378 CVE-2023-1192 CVE-2023-1206
                        CVE-2023-1829 CVE-2023-1859 CVE-2023-2007 CVE-2023-20588 CVE-2023-2177
                        CVE-2023-22652 CVE-2023-23559 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181
                        CVE-2023-34319 CVE-2023-34323 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327
                        CVE-2023-34328 CVE-2023-35945 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772
                        CVE-2023-38545 CVE-2023-38546 CVE-2023-3863 CVE-2023-39192 CVE-2023-39193
                        CVE-2023-39194 CVE-2023-4039 CVE-2023-4091 CVE-2023-4128 CVE-2023-4133
                        CVE-2023-4134 CVE-2023-4147 CVE-2023-4154 CVE-2023-4155 CVE-2023-4194
                        CVE-2023-42669 CVE-2023-4273 CVE-2023-42753 CVE-2023-42754 CVE-2023-43804
                        CVE-2023-4387 CVE-2023-4389 CVE-2023-44487 CVE-2023-4459 CVE-2023-4563
                        CVE-2023-4569 CVE-2023-45853 CVE-2023-4622 CVE-2023-46228 CVE-2023-4623
                        CVE-2023-4641 CVE-2023-4692 CVE-2023-4693 CVE-2023-4733 CVE-2023-4734
                        CVE-2023-4735 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 CVE-2023-4813
                        CVE-2023-4881 CVE-2023-4921 CVE-2023-5345 

The container suse-sles-15-sp4-chost-byos-v20231027-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

Advisory ID: SUSE-RU-2023:3951-1
Released:    Tue Oct  3 19:37:46 2023
Summary:     Recommended update for python3-jmespath, python3-ply
Type:        recommended
Severity:    moderate
References:  1209233

This update for python3-jmespath and python3-ply fixes the following issue:

- the packages are required as dependencies for python3-salt, and were missing
  on aarch64 based SLE Micro flavors so far.

There are no functional changes.

Advisory ID: SUSE-SU-2023:3952-1
Released:    Tue Oct  3 20:06:23 2023
Summary:     Security update for runc
Type:        security
Severity:    important
References:  1212475

This update of runc fixes the following issues:

- Update to runc v1.1.8.

  Upstream changelog is available from

- rebuild the package with the go 1.21 security release (bsc#1212475).

Advisory ID: SUSE-SU-2023:3954-1
Released:    Tue Oct  3 20:09:47 2023
Summary:     Security update for libeconf
Type:        security
Severity:    important
References:  1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181
This update for libeconf fixes the following issues:

Update to version 0.5.2.

- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)

Advisory ID: SUSE-SU-2023:3955-1
Released:    Tue Oct  3 21:27:58 2023
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1214922,1214924,1214925,1215004,1215006,1215033,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781
This update for vim fixes the following issues:

Security fixes:

- CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). 
- CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). 
- CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). 
- CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). 
- CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). 
- CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033).

Other fixes:

- Update to version 9.0 with patch level 1894,
  for the complete list of changes see
- Use app icons generated from vimlogo.eps in the source tarball;
  add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources

Advisory ID: SUSE-SU-2023:3969-1
Released:    Wed Oct  4 14:05:43 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1023051,1120059,1177719,1188885,1193629,1194869,1205462,1208902,1208949,1209284,1209799,1210048,1210448,1212091,1212142,1212526,1212857,1212873,1213026,1213123,1213546,1213580,1213601,1213666,1213757,1213759,1213916,1213921,1213927,1213946,1213968,1213970,1213971,1214000,1214019,1214120,1214149,1214180,1214238,1214285,1214297,1214299,1214350,1214368,1214370,1214371,1214372,1214380,1214386,1214392,1214393,1214397,1214428,1214451,1214635,1214659,1214661,1214729,1214742,1214743,1214756,1215522,1215523,1215552,1215553,CVE-2023-2007,CVE-2023-20588,CVE-2023-34319,CVE-2023-3610,CVE-2023-37453,CVE-2023-3772,CVE-2023-3863,CVE-2023-4128,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4387,CVE-2023-4459,CVE-2023-4569

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization  (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).

The following non-security bugs were fixed:

- Drop amdgpu patch causing spamming (bsc#1215523)
- acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes).
- acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes).
- acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes).
- alsa: ac97: fix possible error value of *rac97 (git-fixes).
- alsa: hda/cs8409: support new dell dolphin variants (git-fixes).
- alsa: hda/realtek - remodified 3k pull low procedure (git-fixes).
- alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes).
- alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes).
- alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes).
- alsa: hda/realtek: switch dell oasis models to use spi (git-fixes).
- alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes).
- alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes).
- alsa: usb-audio: fix init call orders for uac1 (git-fixes).
- alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes).
- amba: bus: fix refcount leak (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes).
- arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes).
- arm: dts: imx6sll: fixup of operating points (git-fixes).
- arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes).
- asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- asoc: rt5665: add missed regulator_bulk_disable (git-fixes).
- asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes).
- asoc: stac9766: fix build errors with regmap_ac97 (git-fixes).
- asoc: tegra: fix sfc conversion for few rates (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: compare against struct fb_info.device (git-fixes).
- batman-adv: do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: do not increase mtu when set by user (git-fixes).
- batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: fix tt global entry leak when client roamed back (git-fixes).
- batman-adv: trigger events for auto adjusted mtu (git-fixes).
- bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes).
- bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- bluetooth: fix potential use-after-free when clear keys (git-fixes).
- bluetooth: l2cap: fix use-after-free (git-fixes).
- bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- bluetooth: remove unused declaration amp_read_loc_info() (git-fixes).
- bnx2x: fix page fault following eeh recovery (bsc#1214299).
- bpf: disable preemption in bpf_event_output (git-fixes).
- bus: ti-sysc: fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: fix cast to enum warning (git-fixes).
- bus: ti-sysc: flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on mds stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- config_nvme_verbose_errors=y     gone with a82baa8083b
- config_printk_safe_log_buf_shift=13  gone with 7e152d55123
- cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659).
- cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004).
- cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel.
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - properly handle pm_runtime_get failing (git-fixes).
- dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: fix docs syntax (git-fixes).
- dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: return dma_paused when transaction is paused (git-fixes).
- dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes).
- docs/process/howto: replace c89 with c11 (bsc#1214756).
- docs: kernel-parameters: refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: fix hex printing of signed values (git-fixes).
- documentation: devices.txt: fix minors for ttycpm* (git-fixes).
- documentation: devices.txt: remove ttyioc* (git-fixes).
- documentation: devices.txt: remove ttysioc* (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes).
- drm/amd/display: check tg is non-null before checking if enabled (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes).
- drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: fix dram init on ast2200 (git-fixes).
- drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: fix -wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active mmu context (git-fixes).
- drm/mediatek: fix dereference before null check (git-fixes).
- drm/mediatek: fix potential memory leak if vmap() fail (git-fixes).
- drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes).
- drm/msm/mdp5: do not leak some plane state (git-fixes).
- drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes).
- drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes).
- drm/qxl: fix uaf on handle creation (git-fixes).
- drm/radeon: use rmw accessors for changing lnkctl (git-fixes).
- drm/rockchip: do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned bos for eviction&swap (git-fixes).
- drm/vmwgfx: fix shader stage validation (git-fixes).
- drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes).
- drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: fix typos in comments (jsc#ped-5738).
- e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738).
- e1000: switch to napi_build_skb() (jsc#ped-5738).
- e1000: switch to napi_consume_skb() (jsc#ped-5738).
- enable analog devices industrial ethernet phy driver (jsc#ped-4759)
- exfat: fix unexpected eof while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: do not assign to struct (git-fixes).
- fbdev: fix potential oob read in fast_imageblit() (git-fixes).
- fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: improve performance of sys_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes).
- firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes).
- fs/sysv: null check to prevent null-ptr-deref bug (git-fixes).
- ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: mvebu: make use of devm_pwmchip_add (git-fixes).
- gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes).
- hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes).
- hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes).
- hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes).
- hid: wacom: remove the battery when the ekr is off (git-fixes).
- hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes).
- hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes).
- hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes).
- hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: designware: correct length byte validation logic (git-fixes).
- i2c: designware: handle invalid smbus block data response length value (git-fixes).
- i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes).
- i2c: improve size determinations (git-fixes).
- i2c: nomadik: remove a useless call in the remove function (git-fixes).
- i2c: nomadik: remove unnecessary goto label (git-fixes).
- i2c: nomadik: use devm_clk_get_enabled() (git-fixes).
- i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for fdir filters (git-fixes).
- ib/hfi1: fix possible panic during hotplug remove (git-fixes)
- ib/uverbs: fix an potential error pointer dereference (git-fixes)
- ice: fix max_rate check while configuring tx rate limits (git-fixes).
- ice: fix memory management in ice_ethtool_fdir.c (git-fixes).
- ice: fix rdma vsi removal during queue rebuild (git-fixes).
- iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes).
- iio: adc: stx104: implement and utilize register structures (git-fixes).
- iio: adc: stx104: utilize iomap interface (git-fixes).
- iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes).
- input: exc3000 - properly stop timer on shutdown (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#ped-5738).
- intel: remove unused macros (jsc#ped-5738).
- iommu/amd: add pci segment support for ivrs_ commands (git-fixes).
- iommu/amd: fix compile warning in init code (git-fixes).
- iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: initialize dart_streams_enable (git-fixes).
- iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes).
- iommu/iova: fix module config properly (git-fixes).
- iommu/omap: fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/sun50i: consider all fault sources for reset (git-fixes).
- iommu/sun50i: fix flush size (git-fixes).
- iommu/sun50i: fix r/w permission check (git-fixes).
- iommu/sun50i: fix reset release (git-fixes).
- iommu/sun50i: implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: remove iommu_domain_identity (git-fixes).
- iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes).
- iommu/vt-d: check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes).
- iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes).
- iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes).
- ipmi:ssif: add check for kstrdup (git-fixes).
- ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: ignore newly added srso mitigation functions
- kabi: allow extra bugsints (bsc#1213927).
- kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756).
- kbuild: move to -std=gnu11 (bsc#1214756).
- kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12.
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- kvm: s390: fix sthyi error handling (git-fixes bsc#1214370).
- leds: fix bug_on check for led_color_id_multi that is always false (git-fixes).
- leds: multicolor: use rounded division when calculating color components (git-fixes).
- leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order max_order (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: remove redundant if statement (git-fixes).
- media: i2c: ccs: check rules is non-null (git-fixes).
- media: i2c: rdacm21: fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: fix ov2680_bayer_order() (git-fixes).
- media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes).
- media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: fix vflip / hflip set functions (git-fixes).
- media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes).
- media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for h.264 (git-fixes).
- media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes).
- media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes).
- misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes).
- mkspec: allow unsupported kmps (bsc#1214386)
- mlxsw: pci: add shutdown method in pci driver (git-fixes).
- mmc: block: fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- move upstreamed hid patch into sorted section
- move upstreamed powerpc patches into sorted section
- mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: check bus width while setting qe bit (git-fixes).
- mtd: spinand: toshiba: fix ecc_get_status (git-fixes).
- n_tty: rename tail to old_tail in n_tty_read() (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: stop leaking skb's (git-fixes).
- net: mana: fix mana vf unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes).
- net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes).
- net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: fix srso mess (git-fixes).
- objtool/x86: fixup frame-pointer vs rethunk (git-fixes).
- objtool: union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported.
- pci/aspm: avoid link retraining race (git-fixes).
- pci/aspm: factor out pcie_wait_for_retrain() (git-fixes).
- pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes).
- pci: acpiphp: reassign resources on bridge if necessary (git-fixes).
- pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- pci: mark nvidia t4 gpus to avoid bus reset (git-fixes).
- pci: meson: remove cast between incompatible function type (git-fixes).
- pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes).
- pci: microchip: remove cast between incompatible function type (git-fixes).
- pci: pciehp: use rmw accessors for changing lnkctl (git-fixes).
- pci: rockchip: remove writes to unused registers (git-fixes).
- pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes).
- pci: tegra194: fix possible array out of bounds access (git-fixes).
- pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/x86: dell-sysman: fix reference leak (git-fixes).
- pm / devfreq: fix leak in devfreq_dev_release() (git-fixes).
- powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106).
- powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106).
- powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files.
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503).
- pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: check start of empty przs during init (git-fixes).
- pwm: add a stub for devm_pwmchip_add() (git-fixes).
- pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes).
- pwm: meson: simplify duplicated per-channel tracking (git-fixes).
- qed: fix scheduling in a tasklet while getting stats (git-fixes).
- rdma/bnxt_re: fix error handling in probe failure path (git-fixes)
- rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes)
- rdma/efa: fix wrong resources deallocation order (git-fixes)
- rdma/hns: fix cq and qp cache affinity (git-fixes)
- rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes)
- rdma/hns: fix port active speed (git-fixes)
- rdma/irdma: prevent zero-length stag registration (git-fixes)
- rdma/irdma: replace one-element array with flexible-array member (git-fixes)
- rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes)
- rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes)
- rdma/siw: balance the reference of cep->kref in the error path (git-fixes)
- rdma/siw: correct wrong debug message (git-fixes)
- rdma/umem: set iova in odp flow (git-fixes)
- readme.branch: add miroslav franc as a sle15-sp4 co-maintainer.
- regmap: rbtree: use alloc_flags for memory allocations (git-fixes).
- revert 'ib/isert: fix incorrect release of isert connection' (git-fixes)
- revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes).
- ring-buffer: do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes).
- rpmsg: glink: add check for kstrdup (git-fixes).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799).
- scsi: bsg: increase number of devices (bsc#1210048).
- scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: rdma/srp: fix residual handling (git-fixes)
- scsi: sg: increase number of devices (bsc#1210048).
- scsi: storvsc: always set no_report_opcodes (git-fixes).
- scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes).
- scsi: storvsc: handle srb status value 0x30 (git-fixes).
- scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes).
- scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371).
- selftests/futex: order calls to futex_lock_pi (git-fixes).
- selftests/harness: actually report skip for signal tests (git-fixes).
- selftests/resctrl: close perf value read fd on errors (git-fixes).
- selftests/resctrl: do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: ethtool: skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes).
- selftests: forwarding: skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: switch off timeout (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_flower: relax success criterion (git-fixes).
- selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes).
- serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: fix dma buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while nic is resetting (git-fixes).
- smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629).
- smb: client: fix -wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: add shutdown mechanism to the internal functions (bsc#1213970).
- timers: provide timer_shutdown[_sync]() (bsc#1213970).
- timers: rename del_timer() to timer_delete() (bsc#1213970).
- timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: replace bug_on()s (bsc#1213970).
- timers: silently ignore timers with a null function (bsc#1213970).
- timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: update kernel-doc for various functions (bsc#1213970).
- timers: use del_timer_sync() even on up (bsc#1213970).
- tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: fix not to count error code to total length (git-fixes).
- tracing/probes: fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: fix warning in trace_buffered_event_disable() (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes).
- tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes).
- ubifs: fix memleak when insert_old_idx() failed (git-fixes).
- update cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes).
- usb: chipidea: imx: do not request qos for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: fix typos in gadget.c (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: dwc3: properly handle processing of pending events (git-fixes).
- usb: gadget: f_mass_storage: fix unused variable warning (git-fixes).
- usb: gadget: fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for focusrite scarlett (git-fixes).
- usb: serial: option: add quectel ec200a module support (git-fixes).
- usb: serial: option: support quectel em060k_128 (git-fixes).
- usb: serial: simple: add kaufmann rks+can vcp (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpm: fix response to vsafe0v event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: add id for a-300/b-500/c-700 (git-fixes).
- watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes).
- wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes).
- wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: mwifiex: fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- x86/alternative: make custom return thunk unconditional (git-fixes).
- x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes).
- x86/cpu/kvm: provide untrain_ret_vm (git-fixes).
- x86/cpu: clean up srso return thunk mess (git-fixes).
- x86/cpu: cleanup the untrain mess (git-fixes).
- x86/cpu: fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: rename original retbleed methods (git-fixes).
- x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/mce: make sure logged mces are processed after sysfs update (git-fixes).
- x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes).
- x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes).
- x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/speculation: add cpu_show_gds() prototype (git-fixes).
- x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes).
- x86/srso: correct the mitigation status when smt is disabled (git-fixes).
- x86/srso: disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: explain the untraining sequences a bit more (git-fixes).
- x86/srso: fix build breakage with the llvm linker (git-fixes).
- x86/srso: fix return thunks in generated code (git-fixes).
- x86/static_call: fix __static_call_fixup() (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).

Advisory ID: SUSE-RU-2023:3973-1
Released:    Thu Oct  5 10:14:49 2023
Summary:     Recommended update for zypper
Type:        recommended
Severity:    moderate
References:  1213854,1214292,1214395,1215007
This update for zypper fixes the following issues:

- Fix name of the bash completion script (bsc#1215007)
- Update notes about failing signature checks (bsc#1214395)
- Improve the SIGINT handler to be signal safe (bsc#1214292)
- Update to version 1.14.64
- Changed location of bash completion script (bsc#1213854).
Advisory ID: SUSE-RU-2023:3986-1
Released:    Thu Oct  5 14:07:58 2023
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1201066,1213428
This update for suse-module-tools fixes the following issues:

- Update to version 15.4.17:
  * cert-script: warn only once about non-writable efivarfs
  * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066)

Advisory ID: SUSE-SU-2023:3997-1
Released:    Fri Oct  6 14:13:56 2023
Summary:     Security update for nghttp2
Type:        security
Severity:    important
References:  1215713,CVE-2023-35945
This update for nghttp2 fixes the following issues:

- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).

Advisory ID: SUSE-SU-2023:4024-1
Released:    Tue Oct 10 13:24:40 2023
Summary:     Security update for shadow
Type:        security
Severity:    low
References:  1214806,CVE-2023-4641
This update for shadow fixes the following issues:

- CVE-2023-4641: Fixed potential password leak (bsc#1214806).

Advisory ID: SUSE-SU-2023:4044-1
Released:    Wed Oct 11 09:01:14 2023
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1215888,1215889,CVE-2023-38545,CVE-2023-38546
This update for curl fixes the following issues:

- CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888)
- CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)

Advisory ID: SUSE-SU-2023:4055-1
Released:    Thu Oct 12 09:50:39 2023
Summary:     Security update for xen
Type:        security
Severity:    important
References:  1215744,1215746,1215747,1215748,CVE-2023-34323,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328
This update for xen fixes the following issues:

- CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744)
- CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746)
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747)
- CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748)
- CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748)

Advisory ID: SUSE-SU-2023:4059-1
Released:    Thu Oct 12 10:01:24 2023
Summary:     Security update for samba
Type:        security
Severity:    important
References:  1213940,1215904,1215905,1215908,CVE-2023-4091,CVE-2023-4154,CVE-2023-42669
This update for samba fixes the following issues:

- CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904)
- CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905)
- CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908)

Advisory ID: SUSE-SU-2023:4072-1
Released:    Fri Oct 13 10:43:00 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1202845,1213808,1214928,1214940,1214941,1214942,1214943,1214944,1214950,1214951,1214954,1214957,1214986,1214988,1214992,1214993,1215322,1215877,1215894,1215895,1215896,1215911,1215915,1215916,CVE-2023-1192,CVE-2023-1206,CVE-2023-1859,CVE-2023-2177,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-4155,CVE-2023-42753,CVE-2023-42754,CVE-2023-4389,CVE-2023-4563,CVE-2023-4622,CVE-2023-4623,CVE-2023-4881,CVE-2023-4921,CVE-2023-5345

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727)
- CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861)
- CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860)
- CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858)
- CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).

The following non-security bugs were fixed:

- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kabi/severities: ignore mlx4 internal symbols
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/ requires python3 since Linux 4.18 Other simimlar scripts may exist.
- kselftest/ Propagate SIGTERM to runner child (git-fixes).
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- module: Expose module_init_layout_section() (git-fixes)
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- NFS/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
- NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- PCI: Free released resource after coalescing (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to (bsc#1214928).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).

Advisory ID: SUSE-RU-2023:4073-1
Released:    Fri Oct 13 11:40:26 2023
Summary:     Recommended update for rpm
Type:        recommended
Severity:    low
This update for rpm fixes the following issue:

- Enables build for all python modules (jsc#PED-68, jsc#PED-1988)

Advisory ID: SUSE-SU-2023:4108-1
Released:    Wed Oct 18 11:51:12 2023
Summary:     Security update for python-urllib3
Type:        security
Severity:    moderate
References:  1215968,CVE-2023-43804
This update for python-urllib3 fixes the following issues:

- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
  the user manually set the corresponding header (bsc#1215968).

Advisory ID: SUSE-SU-2023:4110-1
Released:    Wed Oct 18 12:35:26 2023
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1215286,1215891,CVE-2023-4813
This update for glibc fixes the following issues:

Security issue fixed:

- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)

Also a regression from a previous update was fixed:

- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)

Advisory ID: SUSE-RU-2023:4122-1
Released:    Thu Oct 19 08:24:34 2023
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1215215
This update for openssl-1_1 fixes the following issues:

- Displays 'fips' in the version string (bsc#1215215)

Advisory ID: SUSE-SU-2023:4135-1
Released:    Thu Oct 19 14:14:23 2023
Summary:     Security update for suse-module-tools
Type:        security
Severity:    important
References:  1205767,1210335,CVE-2023-1829,CVE-2023-23559
This update for suse-module-tools fixes the following issues:

- Updated to version 15.4.18:

  - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier
    module (bsc#1210335).
  - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules
    (bsc#1205767, jsc#PED-5731).

Advisory ID: SUSE-RU-2023:4138-1
Released:    Thu Oct 19 17:15:38 2023
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    moderate
This update for systemd-rpm-macros fixes the following issues:

- Switch to `systemd-hwdb` tool when updating the HW database. It's been
  introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`.

Advisory ID: SUSE-RU-2023:4139-1
Released:    Fri Oct 20 10:06:58 2023
Summary:     Recommended update for containerd, runc
Type:        recommended
Severity:    moderate
References:  1215323
This update for containerd, runc fixes the following issues:

runc was updated to v1.1.9. Upstream changelog is available from

containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes:

- bsc#1215323
- Add `Provides: cri-runtime` to use containerd as container runtime in Factory
  Kubernetes packages

Advisory ID: SUSE-SU-2023:4140-1
Released:    Fri Oct 20 11:34:03 2023
Summary:     Security update for grub2
Type:        security
Severity:    important
References:  1201300,1215935,1215936,CVE-2023-4692,CVE-2023-4693
This update for grub2 fixes the following issues:

Security fixes:
- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935)
- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936)

Other fixes:
- Fix a boot delay issue in PowerPC PXE boot (bsc#1201300)

Advisory ID: SUSE-RU-2023:4153-1
Released:    Fri Oct 20 19:27:58 2023
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1215313
This update for systemd fixes the following issues:

- Fix mismatch of nss-resolve version in Package Hub (no source code changes)

Advisory ID: SUSE-RU-2023:4154-1
Released:    Fri Oct 20 19:33:25 2023
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1107342,1215434
This update for aaa_base fixes the following issues:

- Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342)

Advisory ID: SUSE-SU-2023:4162-1
Released:    Mon Oct 23 15:33:03 2023
Summary:     Security update for gcc13
Type:        security
Severity:    important
References:  1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039
This update for gcc13 fixes the following issues:

This update ship the GCC 13.2 compiler suite and its base libraries.

The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.

The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.

To use gcc13 compilers use:

- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.

For a full changelog with all new GCC13 features, check out

Detailed changes:

* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
  length stack allocations.  (bsc#1214052)

- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]

- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
  building with LTO.  [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
  can be installed standalone.  [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
  the benefit of the former one is that the linker jobs are not
  holding tokens of the make's jobserver.
- Add cross-bpf packages.  See
  for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
  specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0. 
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
  package.  Make libstdc++6 recommend timezone to get a fully
  working std::chrono.  Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing.  [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there. 
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
  as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
  PRU architecture is used for real-time MCUs embedded into TI
  armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
  armv7l in order to build both host applications and PRU firmware
  during the same build.

Advisory ID: SUSE-feature-2023:4194-1
Released:    Wed Oct 25 11:01:41 2023
Summary:     Feature update for python3
Type:        feature
Severity:    low
This feature update for python3 packages adds the following:

- First batch of python3.11 modules (jsc#PED-68)
- Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate
the new 3.11 versions, this 3 packages have no code changes.

Advisory ID: SUSE-SU-2023:4200-1
Released:    Wed Oct 25 12:04:29 2023
Summary:     Security update for nghttp2
Type:        security
Severity:    important
References:  1216123,1216174,CVE-2023-44487
This update for nghttp2 fixes the following issues:

- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)

Advisory ID: SUSE-SU-2023:4217-1
Released:    Thu Oct 26 12:20:27 2023
Summary:     Security update for zlib
Type:        security
Severity:    moderate
References:  1216378,CVE-2023-45853
This update for zlib fixes the following issues:

- CVE-2023-45853: Fixed an integer overflow that would lead to a
  buffer overflow in the minizip subcomponent (bsc#1216378).

Advisory ID: SUSE-SU-2023:4225-1
Released:    Fri Oct 27 11:02:14 2023
Summary:     Security update for zchunk
Type:        security
Severity:    important
References:  1216268,CVE-2023-46228
This update for zchunk fixes the following issues:

- CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268)

The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated
- containerd-ctr-1.7.7-150000.100.1 updated
- containerd-1.7.7-150000.100.1 updated
- curl-8.0.1-150400.5.32.1 updated
- glibc-locale-base-2.31-150300.63.1 updated
- glibc-locale-2.31-150300.63.1 updated
- glibc-2.31-150300.63.1 updated
- grub2-i386-pc-2.06-150400.11.38.1 updated
- grub2-x86_64-efi-2.06-150400.11.38.1 updated
- grub2-x86_64-xen-2.06-150400.11.38.1 updated
- grub2-2.06-150400.11.38.1 updated
- kernel-default-5.14.21-150400.24.92.1 updated
- libcurl4-8.0.1-150400.5.32.1 updated
- libeconf0-0.5.2-150400.3.6.1 updated
- libgcc_s1-13.2.1+git7813-150000.1.3.3 updated
- libnghttp2-14-1.40.0-150200.12.1 updated
- libopenssl1_1-1.1.1l-150400.7.57.1 updated
- libstdc++6-13.2.1+git7813-150000.1.3.3 updated
- libsystemd0-249.16-150400.8.35.5 updated
- libudev1-249.16-150400.8.35.5 updated
- libz1-1.2.11-150000.3.48.1 updated
- libzck1-1.1.16-150400.3.7.1 updated
- login_defs-4.8.1-150400.10.12.1 updated
- openssl-1_1-1.1.1l-150400.7.57.1 updated
- python3-cryptography-3.3.2-150400.20.3 updated
- python3-ply-3.10-150000.3.5.1 updated
- python3-urllib3-1.25.10-150300.4.6.1 updated
- rpm-ndb-4.14.3-150400.59.3.1 updated
- runc-1.1.9-150000.52.2 updated
- samba-client-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1 updated
- shadow-4.8.1-150400.10.12.1 updated
- suse-module-tools-15.4.18-150400.3.14.1 updated
- systemd-rpm-macros-14-150000.7.36.1 updated
- systemd-sysvinit-249.16-150400.8.35.5 updated
- systemd-249.16-150400.8.35.5 updated
- udev-249.16-150400.8.35.5 updated
- vim-data-common-9.0.1894-150000.5.54.1 updated
- vim-9.0.1894-150000.5.54.1 updated
- xen-libs-4.16.5_06-150400.4.37.1 updated
- xen-tools-domU-4.16.5_06-150400.4.37.1 updated
- zypper-1.14.64-150400.3.32.1 updated
- samba-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 removed

More information about the sle-security-updates mailing list