SUSE-SU-2024:0855-1: important: Security update for the Linux Kernel

SLE-SECURITY-UPDATES null at suse.de
Tue Mar 12 20:30:19 UTC 2024



# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:0855-1  
Rating: important  
References:

  * bsc#1194869
  * bsc#1206453
  * bsc#1209412
  * bsc#1216776
  * bsc#1217927
  * bsc#1218195
  * bsc#1218216
  * bsc#1218450
  * bsc#1218527
  * bsc#1218562
  * bsc#1218663
  * bsc#1218915
  * bsc#1219126
  * bsc#1219127
  * bsc#1219141
  * bsc#1219146
  * bsc#1219295
  * bsc#1219443
  * bsc#1219653
  * bsc#1219827
  * bsc#1219835
  * bsc#1219839
  * bsc#1219840
  * bsc#1219934
  * bsc#1220003
  * bsc#1220009
  * bsc#1220021
  * bsc#1220030
  * bsc#1220106
  * bsc#1220140
  * bsc#1220187
  * bsc#1220238
  * bsc#1220240
  * bsc#1220241
  * bsc#1220243
  * bsc#1220250
  * bsc#1220251
  * bsc#1220253
  * bsc#1220254
  * bsc#1220255
  * bsc#1220257
  * bsc#1220267
  * bsc#1220277
  * bsc#1220317
  * bsc#1220325
  * bsc#1220326
  * bsc#1220328
  * bsc#1220330
  * bsc#1220335
  * bsc#1220344
  * bsc#1220348
  * bsc#1220350
  * bsc#1220364
  * bsc#1220392
  * bsc#1220393
  * bsc#1220398
  * bsc#1220409
  * bsc#1220433
  * bsc#1220444
  * bsc#1220457
  * bsc#1220459
  * bsc#1220469
  * bsc#1220649
  * bsc#1220735
  * bsc#1220736
  * bsc#1220796
  * bsc#1220825
  * bsc#1220845
  * bsc#1220848
  * bsc#1220917
  * bsc#1220930
  * bsc#1220931
  * bsc#1220933
  * jsc#PED-7618

  
Cross-References:

  * CVE-2019-25162
  * CVE-2021-46923
  * CVE-2021-46924
  * CVE-2021-46932
  * CVE-2021-46934
  * CVE-2021-47083
  * CVE-2022-48627
  * CVE-2022-48628
  * CVE-2023-5197
  * CVE-2023-52340
  * CVE-2023-52429
  * CVE-2023-52439
  * CVE-2023-52443
  * CVE-2023-52445
  * CVE-2023-52447
  * CVE-2023-52448
  * CVE-2023-52449
  * CVE-2023-52451
  * CVE-2023-52452
  * CVE-2023-52456
  * CVE-2023-52457
  * CVE-2023-52462
  * CVE-2023-52463
  * CVE-2023-52464
  * CVE-2023-52467
  * CVE-2023-52475
  * CVE-2023-52478
  * CVE-2023-52482
  * CVE-2023-52530
  * CVE-2023-52531
  * CVE-2023-52559
  * CVE-2023-6270
  * CVE-2023-6817
  * CVE-2024-0607
  * CVE-2024-1151
  * CVE-2024-23849
  * CVE-2024-23850
  * CVE-2024-23851
  * CVE-2024-25744
  * CVE-2024-26585
  * CVE-2024-26586
  * CVE-2024-26589
  * CVE-2024-26591
  * CVE-2024-26593
  * CVE-2024-26595
  * CVE-2024-26598
  * CVE-2024-26602
  * CVE-2024-26603
  * CVE-2024-26607
  * CVE-2024-26622

  
CVSS scores:

  * CVE-2019-25162 ( SUSE ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2021-46923 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2021-46924 ( SUSE ):  4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  * CVE-2021-46932 ( SUSE ):  2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
  * CVE-2021-46934 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2021-47083 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
  * CVE-2022-48627 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
  * CVE-2022-48628 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
  * CVE-2023-5197 ( SUSE ):  6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  * CVE-2023-5197 ( NVD ):  6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  * CVE-2023-52340 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52429 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52429 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52439 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52443 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52445 ( SUSE ):  6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52447 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52448 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52449 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52451 ( SUSE ):  5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
  * CVE-2023-52452 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-52456 ( SUSE ):  4.0 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52457 ( SUSE ):  4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
  * CVE-2023-52462 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
  * CVE-2023-52463 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52464 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-52467 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52475 ( SUSE ):  6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52478 ( SUSE ):  5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
  * CVE-2023-52482 ( SUSE ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2023-52530 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52531 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52559 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-6270 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6270 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6817 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6817 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-0607 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
  * CVE-2024-0607 ( NVD ):  6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  * CVE-2024-1151 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-23849 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-23849 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-23850 ( SUSE ):  4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-23850 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-23851 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-23851 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-25744 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-26585 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-26586 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-26589 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-26591 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26593 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-26595 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26598 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-26602 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-26603 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26607 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26622 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * openSUSE Leap 15.5
  * Public Cloud Module 15-SP5
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5

  
  
An update that solves 50 vulnerabilities, contains one feature and has 23
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  * CVE-2023-6270: Fixed a use-after-free bug in aoecmd_cfg_pkts (bsc#1218562).
  * CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend
    (bsc#1220933).
  * CVE-2023-52462: Fixed a security check for attempt to corrupt spilled
    pointer (bsc#1220325).
  * CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register
    (bsc#1220433).
  * CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
  * CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211
    (bsc#1220930).
  * CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
  * CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach
    (bsc#1220254).
  * CVE-2024-26589: Fixed out of bounds read due to variable offset alu on
    PTR_TO_FLOW_KEYS (bsc#1220255).
  * CVE-2024-26585: Fixed race between tx work scheduling and socket close
    (bsc#1220187).
  * CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the
    Linux kernel by forcing 100% CPU (bsc#1219295).
  * CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval()
    (bsc#1218915).
  * CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
  * CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
  * CVE-2024-23850: Fixed double free of anonymous device after snapshot
    creation failure (bsc#1219126).
  * CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
  * CVE-2023-52457: Fixed skipped resource freeing if
    pm_runtime_resume_and_get() failed (bsc#1220350).
  * CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
  * CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
  * CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround
    (bsc#1220251).
  * CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier
    (bsc#1220238).
  * CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
  * CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
  * CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
  * CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
  * CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
  * CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
  * CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
  * CVE-2024-26586: Fixed stack corruption (bsc#1220243).
  * CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
  * CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
  * CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump
    (bsc#1220253).
  * CVE-2024-1151: Fixed unlimited number of recursions from action sets
    (bsc#1219835).
  * CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from
    chain bindings within the same transaction (bsc#1218216).
  * CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv
    (bsc#1219127).
  * CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-
    table.c (bsc#1219827).
  * CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c
    (bsc#1219146).

The following non-security bugs were fixed:

  * ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
    events (git-fixes).
  * ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A (git-fixes).
  * ACPI: extlog: fix NULL pointer dereference check (git-fixes).
  * ACPI: resource: Add ASUS model S5402ZA to quirks (git-fixes).
  * ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA (git-fixes).
  * ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA (git-fixes).
  * ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 (git-fixes).
  * ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2
    (git-fixes).
  * ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371
    AMD version) (git-fixes).
  * ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (git-fixes).
  * afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-
    fixes).
  * afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
    (git-fixes).
  * afs: Hide silly-rename files from userspace (git-fixes).
  * afs: Increase buffer size in afs_update_volume_status() (git-fixes).
  * ahci: asm1166: correct count of reported ports (git-fixes).
  * ALSA: Drop leftover snd-rtctimer stuff from Makefile (git-fixes).
  * ALSA: firewire-lib: fix to check cycle continuity (git-fixes).
  * ALSA: hda/conexant: Add quirk for SWS JS201D (git-fixes).
  * ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads
    (git-fixes).
  * ALSA: hda/realtek: cs35l41: Fix device ID / model name (git-fixes).
  * ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table (git-
    fixes).
  * ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL (git-fixes).
  * ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx (git-fixes).
  * ALSA: hda/realtek: fix mute/micmute LED For HP mt645 (git-fixes).
  * ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power (git-fixes).
  * ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift
    1 SF114-32 (git-fixes).
  * ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter (git-fixes).
  * ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision (git-fixes).
  * ALSA: usb-audio: add quirk for RODE NT-USB+ (git-fixes).
  * ALSA: usb-audio: Check presence of valid altsetting control (git-fixes).
  * ALSA: usb-audio: Ignore clock selector errors for single connection (git-
    fixes).
  * ALSA: usb-audio: More relaxed check of MIDI jack names (git-fixes).
  * ALSA: usb-audio: Sort quirk table entries (git-fixes).
  * arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD (bsc#1219443)
  * arm64: entry: Preserve/restore X29 even for compat tasks (bsc#1219443)
  * arm64: entry: Simplify tramp_alias macro and tramp_exit routine
    (bsc#1219443)
  * arm64: errata: Add Cortex-A510 speculative unprivileged load (bsc#1219443)
    Enable workaround.
  * arm64: errata: Add Cortex-A520 speculative unprivileged load (bsc#1219443)
    Enable workaround without kABI break.
  * arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2 (git-fixes)
    Enable AMPERE_ERRATUM_AC03_CPU_38 workaround without kABI break
  * arm64: irq: set the correct node for shadow call stack (git-fixes)
  * arm64: irq: set the correct node for VMAP stack (git-fixes)
  * arm64: Rename ARM64_WORKAROUND_2966298 (bsc#1219443)
  * arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata (git-
    fixes)
  * ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (git-fixes).
  * ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (git-fixes).
  * ASoC: SOF: IPC3: fix message bounds on ipc ops (git-fixes).
  * ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 (git-fixes).
  * atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
  * Bluetooth: Avoid potential use-after-free in hci_error_reset (git-fixes).
  * Bluetooth: Enforce validation on max value of connection interval (git-
    fixes).
  * Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST (git-fixes).
  * Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR (git-fixes).
  * Bluetooth: hci_sync: Check the correct flag before starting a scan (git-
    fixes).
  * Bluetooth: hci_sync: Fix accept_list when attempting to suspend (git-fixes).
  * Bluetooth: L2CAP: Fix possible multiple reject send (git-fixes).
  * Bluetooth: qca: Fix wrong event type for patch config command (git-fixes).
  * bpf: Fix verification of indirect var-off stack access (git-fixes).
  * bpf: Fix verification of indirect var-off stack access (git-fixes).
  * bpf: Guard stack limits against 32bit overflow (git-fixes).
  * bpf: Guard stack limits against 32bit overflow (git-fixes).
  * bpf: Minor logging improvement (bsc#1220257).
  * bus: moxtet: Add spi device table (git-fixes).
  * cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
  * can: j1939: Fix UAF in j1939_sk_match_filter during
    setsockopt(SO_J1939_FILTER) (git-fixes).
  * crypto: api - Disallow identical driver names (git-fixes).
  * crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
    (git-fixes).
  * crypto: octeontx2 - Fix cptvf driver cleanup (git-fixes).
  * crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
  * dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
    (git-fixes).
  * dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read (git-fixes).
  * dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
  * dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
  * dmaengine: ptdma: use consistent DMA masks (git-fixes).
  * dmaengine: shdma: increase size of 'dev_id' (git-fixes).
  * dmaengine: ti: edma: Add some null pointer checks to the edma_probe (git-
    fixes).
  * driver core: Fix device_link_flag_is_sync_state_only() (git-fixes).
  * drm/amd/display: Fix memory leak in dm_sw_fini() (git-fixes).
  * drm/amd/display: Fix possible buffer overflow in 'find_dcfclk_for_voltage()'
    (git-fixes).
  * drm/amd/display: Fix possible NULL dereference on device remove/driver
    unload (git-fixes).
  * drm/amd/display: Increase frame-larger-than for all display_mode_vba files
    (git-fixes).
  * drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
  * drm/amd/display: Preserve original aspect ratio in create stream (git-
    fixes).
  * drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
  * drm/amdgpu: skip to program GFXDEC registers for suspend abort (git-fixes).
  * drm/amdgpu/display: Initialize gamma correction mode variable in
    dcn30_get_gamcor_current() (git-fixes).
  * drm/buddy: fix range bias (git-fixes).
  * drm/crtc: fix uninitialized variable use even harder (git-fixes).
  * drm/i915/gvt: Fix uninitialized variable in handle_mmio() (git-fixes).
  * drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case
    (git-fixes).
  * drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-
    fixes).
  * drm/msms/dp: fixed link clock divider bits be over written in BPC unknown
    case (git-fixes).
  * drm/prime: Support page array >= 4GB (git-fixes).
  * drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
    (git-fixes).
  * drm/ttm: Fix an invalid freeing on already freed page in error path (git-
    fixes).
  * efi: Do not add memblocks for soft-reserved memory (git-fixes).
  * efi: runtime: Fix potential overflow of soft-reserved region size (git-
    fixes).
  * efi/capsule-loader: fix incorrect allocation size (git-fixes).
  * fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
  * fbdev: savage: Error out if pixclock equals zero (git-fixes).
  * fbdev: sis: Error out if pixclock equals zero (git-fixes).
  * firewire: core: send bus reset promptly on gap count error (git-fixes).
  * fs: dlm: fix build with CONFIG_IPV6 disabled (git-fixes).
  * fs: JFS: UBSAN: array-index-out-of-bounds in dbAdjTree (git-fixes).
  * gpio: 74x164: Enable output pins after registers are reset (git-fixes).
  * gpio: fix resource unwinding order in error path (git-fixes).
  * gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (git-fixes).
  * gpiolib: Fix the error path order in gpiochip_add_data_with_key() (git-
    fixes).
  * HID: apple: Add 2021 magic keyboard FN key mapping (git-fixes).
  * HID: apple: Add support for the 2021 Magic Keyboard (git-fixes).
  * HID: wacom: Do not register input devices until after hid_hw_start (git-
    fixes).
  * HID: wacom: generic: Avoid reporting a serial of '0' to userspace (git-
    fixes).
  * hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
  * hwmon: (coretemp) Enlarge per package core count limit (git-fixes).
  * hwmon: (coretemp) Fix bogus core_id to attr name mapping (git-fixes).
  * hwmon: (coretemp) Fix out-of-bounds memory access (git-fixes).
  * i2c: i801: Fix block process call transactions (git-fixes).
  * i2c: i801: Remove i801_set_block_buffer_mode (git-fixes).
  * i2c: imx: Add timer for handling the stop condition (git-fixes).
  * i2c: imx: when being a target, mark the last read as processed (git-fixes).
  * i3c: master: cdns: Update maximum prescaler value for i2c clock (git-fixes).
  * IB/hfi1: Fix a memleak in init_credit_return (git-fixes)
  * IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (git-fixes)
  * iio: accel: bma400: Fix a compilation problem (git-fixes).
  * iio: adc: ad7091r: Set alert bit in config register (git-fixes).
  * iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
  * iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP (git-
    fixes).
  * iio: magnetometer: rm3100: add boundary check for the value read from
    RM3100_REG_TMRC (git-fixes).
  * Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes).
  * Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes).
  * Input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes).
  * Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes).
  * Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr()
    (git-fixes).
  * Input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes).
  * Input: pm8941-pwrkey - add software key press debouncing support (git-
    fixes).
  * Input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes).
  * Input: xpad - add Lenovo Legion Go controllers (git-fixes).
  * Input: xpad - add Lenovo Legion Go controllers (git-fixes).
  * irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update (git-fixes).
  * irqchip/irq-brcmstb-l2: Add write memory barrier before exit (git-fixes).
  * jfs: fix array-index-out-of-bounds in dbAdjTree (git-fixes).
  * jfs: fix array-index-out-of-bounds in diNewExt (git-fixes).
  * jfs: fix slab-out-of-bounds Read in dtSearch (git-fixes).
  * jfs: fix uaf in jfs_evict_inode (git-fixes).
  * kbuild: Fix changing ELF file type for output of gen_btf for big endian
    (git-fixes).
  * KVM: s390: fix cc for successful PQAP (git-fixes bsc#1219839).
  * KVM: s390: fix setting of fpc register (git-fixes bsc#1220392).
  * KVM: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
  * KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
  * KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-
    fixes).
  * lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
    detected (git-commit).
  * lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
    detected (git-fixes).
  * leds: trigger: panic: Do not register panic notifier if creating the trigger
    failed (git-fixes).
  * lib/stackdepot: add depot_fetch_stack helper (jsc-PED#7423).
  * lib/stackdepot: add refcount for records (jsc-PED#7423).
  * lib/stackdepot: Fix first entry having a 0-handle (jsc-PED#7423).
  * lib/stackdepot: Move stack_record struct definition into the header (jsc-
    PED#7423).
  * libsubcmd: Fix memory leak in uniq() (git-fixes).
  * md: Do not ignore suspended array in md_check_recovery() (git-fixes).
  * md: do not leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly()
    (git-fixes).
  * md: introduce md_ro_state (git-fixes).
  * md: Make sure md_do_sync() will set MD_RECOVERY_DONE (git-fixes).
  * md: Whenassemble the array, consult the superblock of the freshest device
    (git-fixes).
  * md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
  * md/raid5: release batch_last before waiting for another stripe_head (git-
    fixes).
  * md/raid6: use valid sector values to determine if an I/O should wait on the
    reshape (git-fixes).
  * media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
  * media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
  * media: rc: bpf attach/detach requires write permission (git-fixes).
  * media: rockchip: rga: fix swizzling for RGB formats (git-fixes).
  * media: stk1160: Fixed high volume of stk1160_dbg messages (git-fixes).
  * mfd: syscon: Fix null pointer dereference in of_syscon_register() (git-
    fixes).
  * mm,page_owner: Display all stacks and their count (jsc-PED#7423).
  * mm,page_owner: Filter out stacks by a threshold (jsc-PED#7423).
  * mm,page_owner: Implement the tracking of the stacks count (jsc-PED#7423).
  * mm,page_owner: Maintain own list of stack_records structs (jsc-PED#7423).
  * mm,page_owner: Update Documentation regarding page_owner_stacks (jsc-
    PED#7423).
  * mm: memory-failure: fix potential unexpected return value from
    unpoison_memory() (git-fixes).
  * mm/hwpoison: fix unpoison_memory() (bsc#1218663).
  * mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
  * mm/hwpoison: remove MF_MSG_BUDDY_2ND and MF_MSG_POISONED_HUGE (bsc#1218663).
  * mmc: core: Fix eMMC initialization with 1-bit bus connection (git-fixes).
  * mmc: core: Use mrq.sbc in close-ended ffu (git-fixes).
  * mmc: mmc_spi: remove custom DMA mapped buffers (git-fixes).
  * mmc: sdhci-xenon: add timeout for PHY init complete (git-fixes).
  * mmc: sdhci-xenon: fix PHY init clock stability (git-fixes).
  * mmc: slot-gpio: Allow non-sleeping GPIO ro (git-fixes).
  * modpost: trim leading spaces when processing source files list (git-fixes).
  * mtd: spinand: gigadevice: Fix the get ecc status issue (git-fixes).
  * net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
  * net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
  * netfs, fscache: Prevent Oops in fscache_put_cache() (bsc#1220003).
  * nilfs2: fix data corruption in dsync block recovery for small block sizes
    (git-fixes).
  * nilfs2: replace WARN_ONs for invalid DAT metadata block requests (git-
    fixes).
  * nouveau: fix function cast warnings (git-fixes).
  * nouveau/svm: fix kvcalloc() argument order (git-fixes).
  * ntfs: check overflow when iterating ATTR_RECORDs (git-fixes).
  * ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
  * nvme-fabrics: fix I/O connect error handling (git-fixes).
  * nvme-host: fix the updating of the firmware version (git-fixes).
  * PCI: Add no PM reset quirk for NVIDIA Spectrum devices (git-fixes).
  * PCI: Add PCI_HEADER_TYPE_MFD definition (bsc#1220021).
  * PCI: Fix 64GT/s effective data rate calculation (git-fixes).
  * PCI: Only override AMD USB controller if required (git-fixes).
  * PCI: switchtec: Fix stdev_release() crash after surprise hot remove (git-
    fixes).
  * PCI/AER: Decode Requester ID when no error info found (git-fixes).
  * platform/x86: thinkpad_acpi: Only update profile if successfully converted
    (git-fixes).
  * platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet
    (git-fixes).
  * platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names
    (git-fixes).
  * PM: core: Remove unnecessary (void *) conversions (git-fixes).
  * PM: runtime: Have devm_pm_runtime_enable() handle
    pm_runtime_dont_use_autosuspend() (git-fixes).
  * PNP: ACPI: fix fortify warning (git-fixes).
  * power: supply: bq27xxx-i2c: Do not free non existing IRQ (git-fixes).
  * powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
  * powerpc: Do not include lppaca.h in paca.h (bsc#1194869).
  * powerpc/64: Set task pt_regs->link to the LR value on scv entry
    (bsc#1194869).
  * powerpc/powernv: Fix fortify source warnings in opal-prd.c (bsc#1194869).
  * powerpc/pseries: Add a clear modifier to ibm,pa/pi-features parser
    (bsc#1220348).
  * powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT
    (bsc#1194869).
  * powerpc/pseries: Set CPU_FTR_DBELL according to ibm,pi-features
    (bsc#1220348).
  * powerpc/watchpoint: Disable pagefaults when getting user instruction
    (bsc#1194869).
  * powerpc/watchpoints: Annotate atomic context in more places (bsc#1194869).
  * powerpc/watchpoints: Disable preemption in thread_change_pc() (bsc#1194869).
  * pstore/ram: Fix crash when setting number of cpus to an odd number (git-
    fixes).
  * RAS: Introduce a FRU memory poison manager (jsc#PED-7618).
  * RAS/AMD/ATL: Add MI300 row retirement support (jsc#PED-7618).
  * RAS/AMD/ATL: Fix bit overflow in denorm_addr_df4_np2() (git-fixes).
  * RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq (git-fixes)
  * RDMA/bnxt_re: Return error for SRQ resize (git-fixes)
  * RDMA/core: Fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
  * RDMA/core: Get IB width and speed from netdev (bsc#1219934).
  * RDMA/irdma: Add AE for too many RNRS (git-fixes)
  * RDMA/irdma: Fix KASAN issue with tasklet (git-fixes)
  * RDMA/irdma: Set the CQ read threshold for GEN 1 (git-fixes)
  * RDMA/irdma: Validate max_send_wr and max_recv_wr (git-fixes)
  * RDMA/qedr: Fix qedr_create_user_qp error flow (git-fixes)
  * RDMA/srpt: fix function pointer cast warnings (git-fixes)
  * RDMA/srpt: Support specifying the srpt_service_guid parameter (git-fixes)
  * regulator: core: Only increment use_count when enable_count changes (git-
    fixes).
  * regulator: pwm-regulator: Add validity checks in continuous .get_voltage
    (git-fixes).
  * Revert "drm/amd: flush any delayed gfxoff on suspend entry" (git-fixes).
  * Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" (git-
    fixes).
  * Revert "drm/amd/pm: resolve reboot exception for si oland" (git-fixes).
  * ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
  * s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
  * s390/qeth: Fix potential loss of L3-IP@ in case of network issues (git-fixes
    bsc#1219840).
  * sched/membarrier: reduce the ability to hammer on sys_membarrier (git-
    fixes).
  * scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
    (git-fixes).
  * scsi: core: Move scsi_host_busy() out of host lock if it is for per-command
    (git-fixes).
  * scsi: fnic: Move fnic_fnic_flush_tx() to a work queue (git-fixes
    bsc#1219141).
  * scsi: hisi_sas: Prevent parallel FLR and controller reset (git-fixes).
  * scsi: ibmvfc: Limit max hw queues by num_online_cpus() (bsc#1220106).
  * scsi: ibmvfc: Open-code reset loop for target reset (bsc#1220106).
  * scsi: isci: Fix an error code problem in isci_io_request_build() (git-
    fixes).
  * scsi: lpfc: Add condition to delete ndlp object after sending BLS_RJT to an
    ABTS (bsc#1220021).
  * scsi: lpfc: Allow lpfc_plogi_confirm_nport() logic to execute for Fabric
    nodes (bsc#1220021).
  * scsi: lpfc: Change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
  * scsi: lpfc: Change lpfc_vport load_flag member into a bitmask (bsc#1220021).
  * scsi: lpfc: Change nlp state statistic counters into atomic_t (bsc#1220021).
  * scsi: lpfc: Copyright updates for 14.4.0.0 patches (bsc#1220021).
  * scsi: lpfc: Fix failure to delete vports when discovery is in progress
    (bsc#1220021).
  * scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
  * scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list()
    (bsc#1220021).
  * scsi: lpfc: Move handling of reset congestion statistics events
    (bsc#1220021).
  * scsi: lpfc: Protect vport fc_nodes list with an explicit spin lock
    (bsc#1220021).
  * scsi: lpfc: Remove D_ID swap log message from trace event logger
    (bsc#1220021).
  * scsi: lpfc: Remove NLP_RCV_PLOGI early return during RSCN processing for
    ndlps (bsc#1220021).
  * scsi: lpfc: Remove shost_lock protection for fc_host_port shost APIs
    (bsc#1220021).
  * scsi: lpfc: Replace deprecated strncpy() with strscpy() (bsc#1220021).
  * scsi: lpfc: Save FPIN frequency statistics upon receipt of peer cgn
    notifications (bsc#1220021).
  * scsi: lpfc: Update lpfc version to 14.4.0.0 (bsc#1220021).
  * scsi: lpfc: Use PCI_HEADER_TYPE_MFD instead of literal (bsc#1220021).
  * scsi: lpfc: Use sg_dma_len() API to get struct scatterlist's length
    (bsc#1220021).
  * scsi: mpi3mr: Refresh sdev queue depth after controller reset (git-fixes).
  * scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" (git-
    fixes bsc#1219141).
  * serial: 8250: Remove serial_rs485 sanitization from em485 (git-fixes).
  * spi-mxs: Fix chipselect glitch (git-fixes).
  * spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected (git-
    fixes).
  * spi: ppc4xx: Drop write-only variable (git-fixes).
  * spi: sh-msiof: avoid integer overflow in constants (git-fixes).
  * staging: iio: ad5933: fix type mismatch regression (git-fixes).
  * tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
  * tomoyo: fix UAF write bug in tomoyo_write_control() (git-fixes).
  * topology: Fix up build warning in topology_is_visible() (jsc#PED-7618).
  * topology/sysfs: Add format parameter to macro defining "show" functions for
    proc (jsc#PED-7618).
  * topology/sysfs: Add PPIN in sysfs under cpu topology (jsc#PED-7618).
  * topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618).
  * tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
  * tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes).
  * tracing/probes: Fix to show a parse error for bad type for $comm (git-
    fixes).
  * tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE (git-fixes).
  * UBSAN: array-index-out-of-bounds in dtSplitRoot (git-fixes).
  * usb: cdns: readd old API (git-fixes).
  * usb: cdns3: fix memory double free when handle zero packet (git-fixes).
  * usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-
    fixes).
  * usb: cdns3: Modify the return value of cdns_set_active () to void when
    CONFIG_PM_SLEEP is disabled (git-fixes).
  * usb: cdns3: Put the cdns set active part outside the spin lock (git-fixes).
  * usb: cdnsp: blocked some cdns3 specific code (git-fixes).
  * usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers
    (git-fixes).
  * usb: dwc3: gadget: Do not disconnect if not started (git-fixes).
  * usb: dwc3: gadget: Handle EP0 request dequeuing properly (git-fixes).
  * usb: dwc3: gadget: Ignore End Transfer delay on teardown (git-fixes).
  * usb: dwc3: gadget: Queue PM runtime idle on disconnect event (git-fixes).
  * usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API
    (git-fixes).
  * usb: dwc3: gadget: Submit endxfer command if delayed during disconnect (git-
    fixes).
  * usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
  * usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
  * usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
  * usb: gadget: core: Add missing kerneldoc for vbus_work (git-fixes).
  * usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
  * usb: Gadget: core: Help prevent panic during UVC unconfigure (git-fixes).
  * usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
    (git-fixes).
  * usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
  * usb: gadget: Fix obscure lockdep violation for udc_mutex (git-fixes).
  * usb: gadget: Fix use-after-free Read in usb_udc_uevent() (git-fixes).
  * usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
  * usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs (git-
    fixes).
  * usb: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
  * usb: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
  * usb: gadget: udc: Handle gadget_connect failure during bind operation (git-
    fixes).
  * usb: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
    (bsc#1218527).
  * usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
  * usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
  * usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-
    fixes).
  * usb: roles: fix NULL pointer issue when put module's reference (git-fixes).
  * usb: serial: cp210x: add ID for IMST iM871A-USB (git-fixes).
  * usb: serial: option: add Fibocom FM101-GL variant (git-fixes).
  * usb: serial: qcserial: add new usb-id for Dell Wireless DW5826e (git-fixes).
  * watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 (git-
    fixes).
  * wifi: ath11k: fix registration of 6Ghz-only phy without the full channel
    range (git-fixes).
  * wifi: ath9k: Fix potential array-index-out-of-bounds read in
    ath9k_htc_txstatus() (git-fixes).
  * wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
  * wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (git-fixes).
  * wifi: cfg80211: free beacon_ies when overridden from hidden BSS (git-fixes).
  * wifi: iwlwifi: Fix some error codes (git-fixes).
  * wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
  * wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-
    fixes).
  * wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
  * wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
  * wifi: nl80211: reject iftype change with mesh ID change (git-fixes).
  * wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
  * wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (git-fixes).
  * wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
  * wifi: wext-core: Fix -Wstringop-overflow warning in
    ioctl_standard_iw_point() (git-fixes).
  * x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
  * x86/bugs: Add asm helpers for executing VERW (git-fixes).
  * x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-
    fixes). Also add mds_user_clear to kABI severities since it's strictly
    mitigation related so should be low risk.
  * x86/cpu: X86_FEATURE_INTEL_PPIN finally had a CPUID bit (jsc#PED-7618).
  * x86/entry_32: Add VERW just before userspace transition (git-fixes).
  * x86/entry_64: Add VERW just before userspace transition (git-fixes).
  * x86/mm: Fix memory encryption features advertisement (bsc#1206453).
  * xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
  * xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.5  
    zypper in -t patch openSUSE-SLE-15.5-2024-855=1 SUSE-2024-855=1

  * Public Cloud Module 15-SP5  
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-855=1

## Package List:

  * openSUSE Leap 15.5 (aarch64 x86_64)
    * kernel-azure-optional-5.14.21-150500.33.37.1
    * dlm-kmp-azure-5.14.21-150500.33.37.1
    * kernel-azure-debugsource-5.14.21-150500.33.37.1
    * kernel-azure-extra-5.14.21-150500.33.37.1
    * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.37.1
    * kernel-azure-extra-debuginfo-5.14.21-150500.33.37.1
    * kernel-azure-livepatch-devel-5.14.21-150500.33.37.1
    * gfs2-kmp-azure-5.14.21-150500.33.37.1
    * dlm-kmp-azure-debuginfo-5.14.21-150500.33.37.1
    * kernel-syms-azure-5.14.21-150500.33.37.1
    * cluster-md-kmp-azure-5.14.21-150500.33.37.1
    * kernel-azure-debuginfo-5.14.21-150500.33.37.1
    * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.37.1
    * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.37.1
    * kernel-azure-devel-5.14.21-150500.33.37.1
    * kernel-azure-optional-debuginfo-5.14.21-150500.33.37.1
    * reiserfs-kmp-azure-5.14.21-150500.33.37.1
    * kselftests-kmp-azure-5.14.21-150500.33.37.1
    * kernel-azure-devel-debuginfo-5.14.21-150500.33.37.1
    * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.37.1
    * ocfs2-kmp-azure-5.14.21-150500.33.37.1
    * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.37.1
  * openSUSE Leap 15.5 (aarch64 nosrc x86_64)
    * kernel-azure-5.14.21-150500.33.37.1
  * openSUSE Leap 15.5 (x86_64)
    * kernel-azure-vdso-debuginfo-5.14.21-150500.33.37.1
    * kernel-azure-vdso-5.14.21-150500.33.37.1
  * openSUSE Leap 15.5 (noarch)
    * kernel-source-azure-5.14.21-150500.33.37.1
    * kernel-devel-azure-5.14.21-150500.33.37.1
  * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64)
    * kernel-azure-5.14.21-150500.33.37.1
  * Public Cloud Module 15-SP5 (aarch64 x86_64)
    * kernel-azure-devel-debuginfo-5.14.21-150500.33.37.1
    * kernel-azure-debugsource-5.14.21-150500.33.37.1
    * kernel-azure-devel-5.14.21-150500.33.37.1
    * kernel-syms-azure-5.14.21-150500.33.37.1
    * kernel-azure-debuginfo-5.14.21-150500.33.37.1
  * Public Cloud Module 15-SP5 (noarch)
    * kernel-source-azure-5.14.21-150500.33.37.1
    * kernel-devel-azure-5.14.21-150500.33.37.1

## References:

  * https://www.suse.com/security/cve/CVE-2019-25162.html
  * https://www.suse.com/security/cve/CVE-2021-46923.html
  * https://www.suse.com/security/cve/CVE-2021-46924.html
  * https://www.suse.com/security/cve/CVE-2021-46932.html
  * https://www.suse.com/security/cve/CVE-2021-46934.html
  * https://www.suse.com/security/cve/CVE-2021-47083.html
  * https://www.suse.com/security/cve/CVE-2022-48627.html
  * https://www.suse.com/security/cve/CVE-2022-48628.html
  * https://www.suse.com/security/cve/CVE-2023-5197.html
  * https://www.suse.com/security/cve/CVE-2023-52340.html
  * https://www.suse.com/security/cve/CVE-2023-52429.html
  * https://www.suse.com/security/cve/CVE-2023-52439.html
  * https://www.suse.com/security/cve/CVE-2023-52443.html
  * https://www.suse.com/security/cve/CVE-2023-52445.html
  * https://www.suse.com/security/cve/CVE-2023-52447.html
  * https://www.suse.com/security/cve/CVE-2023-52448.html
  * https://www.suse.com/security/cve/CVE-2023-52449.html
  * https://www.suse.com/security/cve/CVE-2023-52451.html
  * https://www.suse.com/security/cve/CVE-2023-52452.html
  * https://www.suse.com/security/cve/CVE-2023-52456.html
  * https://www.suse.com/security/cve/CVE-2023-52457.html
  * https://www.suse.com/security/cve/CVE-2023-52462.html
  * https://www.suse.com/security/cve/CVE-2023-52463.html
  * https://www.suse.com/security/cve/CVE-2023-52464.html
  * https://www.suse.com/security/cve/CVE-2023-52467.html
  * https://www.suse.com/security/cve/CVE-2023-52475.html
  * https://www.suse.com/security/cve/CVE-2023-52478.html
  * https://www.suse.com/security/cve/CVE-2023-52482.html
  * https://www.suse.com/security/cve/CVE-2023-52530.html
  * https://www.suse.com/security/cve/CVE-2023-52531.html
  * https://www.suse.com/security/cve/CVE-2023-52559.html
  * https://www.suse.com/security/cve/CVE-2023-6270.html
  * https://www.suse.com/security/cve/CVE-2023-6817.html
  * https://www.suse.com/security/cve/CVE-2024-0607.html
  * https://www.suse.com/security/cve/CVE-2024-1151.html
  * https://www.suse.com/security/cve/CVE-2024-23849.html
  * https://www.suse.com/security/cve/CVE-2024-23850.html
  * https://www.suse.com/security/cve/CVE-2024-23851.html
  * https://www.suse.com/security/cve/CVE-2024-25744.html
  * https://www.suse.com/security/cve/CVE-2024-26585.html
  * https://www.suse.com/security/cve/CVE-2024-26586.html
  * https://www.suse.com/security/cve/CVE-2024-26589.html
  * https://www.suse.com/security/cve/CVE-2024-26591.html
  * https://www.suse.com/security/cve/CVE-2024-26593.html
  * https://www.suse.com/security/cve/CVE-2024-26595.html
  * https://www.suse.com/security/cve/CVE-2024-26598.html
  * https://www.suse.com/security/cve/CVE-2024-26602.html
  * https://www.suse.com/security/cve/CVE-2024-26603.html
  * https://www.suse.com/security/cve/CVE-2024-26607.html
  * https://www.suse.com/security/cve/CVE-2024-26622.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1194869
  * https://bugzilla.suse.com/show_bug.cgi?id=1206453
  * https://bugzilla.suse.com/show_bug.cgi?id=1209412
  * https://bugzilla.suse.com/show_bug.cgi?id=1216776
  * https://bugzilla.suse.com/show_bug.cgi?id=1217927
  * https://bugzilla.suse.com/show_bug.cgi?id=1218195
  * https://bugzilla.suse.com/show_bug.cgi?id=1218216
  * https://bugzilla.suse.com/show_bug.cgi?id=1218450
  * https://bugzilla.suse.com/show_bug.cgi?id=1218527
  * https://bugzilla.suse.com/show_bug.cgi?id=1218562
  * https://bugzilla.suse.com/show_bug.cgi?id=1218663
  * https://bugzilla.suse.com/show_bug.cgi?id=1218915
  * https://bugzilla.suse.com/show_bug.cgi?id=1219126
  * https://bugzilla.suse.com/show_bug.cgi?id=1219127
  * https://bugzilla.suse.com/show_bug.cgi?id=1219141
  * https://bugzilla.suse.com/show_bug.cgi?id=1219146
  * https://bugzilla.suse.com/show_bug.cgi?id=1219295
  * https://bugzilla.suse.com/show_bug.cgi?id=1219443
  * https://bugzilla.suse.com/show_bug.cgi?id=1219653
  * https://bugzilla.suse.com/show_bug.cgi?id=1219827
  * https://bugzilla.suse.com/show_bug.cgi?id=1219835
  * https://bugzilla.suse.com/show_bug.cgi?id=1219839
  * https://bugzilla.suse.com/show_bug.cgi?id=1219840
  * https://bugzilla.suse.com/show_bug.cgi?id=1219934
  * https://bugzilla.suse.com/show_bug.cgi?id=1220003
  * https://bugzilla.suse.com/show_bug.cgi?id=1220009
  * https://bugzilla.suse.com/show_bug.cgi?id=1220021
  * https://bugzilla.suse.com/show_bug.cgi?id=1220030
  * https://bugzilla.suse.com/show_bug.cgi?id=1220106
  * https://bugzilla.suse.com/show_bug.cgi?id=1220140
  * https://bugzilla.suse.com/show_bug.cgi?id=1220187
  * https://bugzilla.suse.com/show_bug.cgi?id=1220238
  * https://bugzilla.suse.com/show_bug.cgi?id=1220240
  * https://bugzilla.suse.com/show_bug.cgi?id=1220241
  * https://bugzilla.suse.com/show_bug.cgi?id=1220243
  * https://bugzilla.suse.com/show_bug.cgi?id=1220250
  * https://bugzilla.suse.com/show_bug.cgi?id=1220251
  * https://bugzilla.suse.com/show_bug.cgi?id=1220253
  * https://bugzilla.suse.com/show_bug.cgi?id=1220254
  * https://bugzilla.suse.com/show_bug.cgi?id=1220255
  * https://bugzilla.suse.com/show_bug.cgi?id=1220257
  * https://bugzilla.suse.com/show_bug.cgi?id=1220267
  * https://bugzilla.suse.com/show_bug.cgi?id=1220277
  * https://bugzilla.suse.com/show_bug.cgi?id=1220317
  * https://bugzilla.suse.com/show_bug.cgi?id=1220325
  * https://bugzilla.suse.com/show_bug.cgi?id=1220326
  * https://bugzilla.suse.com/show_bug.cgi?id=1220328
  * https://bugzilla.suse.com/show_bug.cgi?id=1220330
  * https://bugzilla.suse.com/show_bug.cgi?id=1220335
  * https://bugzilla.suse.com/show_bug.cgi?id=1220344
  * https://bugzilla.suse.com/show_bug.cgi?id=1220348
  * https://bugzilla.suse.com/show_bug.cgi?id=1220350
  * https://bugzilla.suse.com/show_bug.cgi?id=1220364
  * https://bugzilla.suse.com/show_bug.cgi?id=1220392
  * https://bugzilla.suse.com/show_bug.cgi?id=1220393
  * https://bugzilla.suse.com/show_bug.cgi?id=1220398
  * https://bugzilla.suse.com/show_bug.cgi?id=1220409
  * https://bugzilla.suse.com/show_bug.cgi?id=1220433
  * https://bugzilla.suse.com/show_bug.cgi?id=1220444
  * https://bugzilla.suse.com/show_bug.cgi?id=1220457
  * https://bugzilla.suse.com/show_bug.cgi?id=1220459
  * https://bugzilla.suse.com/show_bug.cgi?id=1220469
  * https://bugzilla.suse.com/show_bug.cgi?id=1220649
  * https://bugzilla.suse.com/show_bug.cgi?id=1220735
  * https://bugzilla.suse.com/show_bug.cgi?id=1220736
  * https://bugzilla.suse.com/show_bug.cgi?id=1220796
  * https://bugzilla.suse.com/show_bug.cgi?id=1220825
  * https://bugzilla.suse.com/show_bug.cgi?id=1220845
  * https://bugzilla.suse.com/show_bug.cgi?id=1220848
  * https://bugzilla.suse.com/show_bug.cgi?id=1220917
  * https://bugzilla.suse.com/show_bug.cgi?id=1220930
  * https://bugzilla.suse.com/show_bug.cgi?id=1220931
  * https://bugzilla.suse.com/show_bug.cgi?id=1220933
  * https://jira.suse.com/browse/PED-7618

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20240312/5b05fcda/attachment.htm>


More information about the sle-security-updates mailing list