bind
- Upgrade to release 9.16.50
  Bug Fixes:
  * A regression in cache-cleaning code enabled memory use to grow
    significantly more quickly than before, until the configured
    max-cache-size limit was reached. This has been fixed.
  * Using rndc flush inadvertently caused cache cleaning to become
    less effective. This could ultimately lead to the configured
    max-cache-size limit being exceeded and has now been fixed.
  * The logic for cleaning up expired cached DNS records was
    tweaked to be more aggressive. This change helps with enforcing
    max-cache-ttl and max-ncache-ttl in a timely manner.
  * It was possible to trigger a use-after-free assertion when the
    overmem cache cleaning was initiated. This has been fixed.
  New Features:
  * Added RESOLVER.ARPA to the built in empty zones.
- Security Fixes:
  * It is possible to craft excessively large numbers of resource
    record types for a given owner name, which has the effect of
    slowing down database processing. This has been addressed by
    adding a configurable limit to the number of records that can
    be stored per name and type in a cache or zone database. The
    default is 100, which can be tuned with the new
    max-types-per-name option. (CVE-2024-1737)
    [bsc#1228256, bind-9.16-CVE-2024-1737.patch]
  * Validating DNS messages signed using the SIG(0) protocol (RFC
    2931) could cause excessive CPU load, leading to a
    denial-of-service condition. Support for SIG(0) message
    validation was removed from this version of named.
    (CVE-2024-1975)
    [bsc#1228257, bind-9.16-CVE-2024-1975.patch]
  * When looking up the NS records of parent zones as part of
    looking up DS records, it was possible for named to trigger an
    assertion failure if serve-stale was enabled. This has been
    fixed. (CVE-2024-4076)
    [bsc#1228258, bind-9.16-CVE-2024-4076.patch]
ca-certificates-mozilla
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
  - Added: FIRMAPROFESIONAL CA ROOT-A WEB
  - Distrust: GLOBALTRUST 2020

- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
  Added:
  - CommScope Public Trust ECC Root-01
  - CommScope Public Trust ECC Root-02
  - CommScope Public Trust RSA Root-01
  - CommScope Public Trust RSA Root-02
  - D-Trust SBR Root CA 1 2022
  - D-Trust SBR Root CA 2 2022
  - Telekom Security SMIME ECC Root 2021
  - Telekom Security SMIME RSA Root 2023
  - Telekom Security TLS ECC Root 2020
  - Telekom Security TLS RSA Root 2023
  - TrustAsia Global Root CA G3
  - TrustAsia Global Root CA G4
  Removed:
  - Autoridad de Certificacion Firmaprofesional CIF A62634068
  - Chambers of Commerce Root - 2008
  - Global Chambersign Root - 2008
  - Security Communication Root CA
  - Symantec Class 1 Public Primary Certification Authority - G6
  - Symantec Class 2 Public Primary Certification Authority - G6
  - TrustCor ECA-1
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - VeriSign Class 1 Public Primary Certification Authority - G3
  - VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
dmidecode
- Update to upstream version 3.6 (jsc#PED-8574):
  * Support for SMBIOS 3.6.0. This includes new memory device types, new
    processor upgrades, and Loongarch support.
  * Support for SMBIOS 3.7.0. This includes new port types, new processor
    upgrades, new slot characteristics and new fields for memory modules.
  * Add bash completion.
  * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245.
  * Implement options --list-strings and --list-types.
  * Update HPE OEM records 203, 212, 216, 221, 233 and 236.
  * Update Redfish support.
  * Bug fixes:
    Fix enabled slot characteristics not being printed
  * Minor improvements:
    Print slot width on its own line
    Use standard strings for slot width
  * Add a --no-quirks option.
  * Drop the CPUID exception list.
  * Obsoletes dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch,
    dmidecode-fortify-entry-point-length-checks.patch,
    dmidecode-split-table-fetching-from-decoding.patch,
    dmidecode-write-the-whole-dump-file-at-once.patch,
    dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch,
    dmioem-hpe-oem-record-237-firmware-change.patch,
    dmioem-typo-fix-virutal-virtual.patch,
    ensure-dev-mem-is-a-character-device-file.patch,
    news-fix-typo.patch and
    use-read_file-to-read-from-dump.patch.
  Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238.patch: Decode PCI bus segment in
  HPE type 238 records.
docker
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.6-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/25.0/#2506>
- This update includes a fix for CVE-2024-41110. bsc#1228324
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
  * 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch

- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
  symlinks. Backport of <https://github.com/moby/buildkit/pull/4896> and
  <https://github.com/moby/buildkit/pull/5060>. bsc#1221916
  + 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- Write volume options atomically so sudden system crashes won't result in
  future Docker starts failing due to empty files. Backport of
  <https://github.com/moby/moby/pull/48034>. bsc#1214855
  + 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch

[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.5-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/25.0/#2505> bsc#1223409
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
  - 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- Update --add-runtime to point to correct binary path.
dracut
- Update to version 055+suse.388.g70c21afa:
  * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529)
  * fix(mdraid): try to assemble the missing raid device (bsc#1226412)
  * fix(dracut-install): continue parsing if ldd prints "cannot be preloaded" (bsc#1208690)
grub2
- Fix btrfs subvolume for platform modules not mounting at runtime when the
  default subvolume is the topmost root tree (bsc#1228124)
  * grub2-btrfs-06-subvol-mount.patch
- Rediff
  * 0001-Unify-the-check-to-enable-btrfs-relative-path.patch

- Fix error in grub-install when root is on tmpfs (bsc#1226100)
  * 0001-grub-install-bailout-root-device-probing.patch

- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
  * 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch

- Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to
  file_is_not_xen_garbage (bsc#1224226)
  * grub2-fix-menu-in-xen-host-server.patch
kernel-default
- Refresh
  patches.kabi/xhci-restre-deleted-trb-fields-for-tracing.patch.
  Fix KABI restoration also in tracing event message format.
- commit 3bd4a56

- PCI: hv: Return zero, not garbage, when reading
  PCI_INTERRUPT_PIN (git-fixes).
- commit df5839d

- Drop doubly defined References in sound patches
- commit 46ad1df

- ALSA: usb-audio: Correct surround channels in UAC1 channel map
  (git-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the
  polling mode (git-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
  (stable-fixes).
- ALSA: usb-audio: Move HD Webcam quirk to the right place
  (git-fixes).
- ALSA: usb-audio: Fix microphone sound on HD webcam
  (stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
  (stable-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue
  for gen8 (git-fixes).
- drm/etnaviv: don't block scheduler when GPU is still active
  (stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in
  mipi_dsi_dcs_write_seq() (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition
  format (stable-fixes).
- commit b91fd99

- ima: Fix use-after-free on a dentry's dname.name (bsc#1227716
  CVE-2024-39494).
- commit 81484ec

- bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
  (bsc#1228756 CVE-2024-42161).
- commit 8359d86

- ASoC: topology: Fix route memory corruption (CVE-2024-41069
  bsc#1228644).
- commit 586db1a

- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
  (bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3
  (bsc#1194869).
- KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings
  (bsc#1194869).
- KVM: PPC: Book3S HV: remove extraneous asterisk from
  rm_host_ipi_action() comment (bsc#1194869).
- KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES
  setting (bsc#1194869).
- KVM: PPC: Book3S: Suppress failed alloc warning in
  H_COPY_TOFROM_GUEST (bsc#1194869).
- KVM: PPC: Book3S: Suppress warnings when allocating too big
  memory slots (bsc#1194869).
- commit cc22863

- liquidio: Adjust a NULL pointer handling path in
  lio_vf_rep_copy_packet (CVE-2024-39506 bsc#1227729).
- commit 02e87a9

- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit 8f44f81

- kabi/severity: add nvme common code
  The nvme common code is also allowed to change the data structures, there
  are only internal users.
- commit b8cf562

- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI
  (bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly
  (bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for
  ELS cmds (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online
  (bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple'
  (bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count
  (bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: Avoid possible run-time warning with long
  model_num (bsc#1228850).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- commit ce7acc0

- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper
  endian macro usages (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting
  trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
  (bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in
  dev_loss callbk (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response
  (bsc#1228857).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if
  in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI
  port is inactive (bsc#1228857).
- commit 21ebef1

- nvme-pci: add missing condition check for existence of mapped
  data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management
  (git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp
  establishment (git-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
  (git-fixes).
- nvme-multipath: find NUMA path only for online numa-node
  (git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- commit 3284c90

- hfsplus: fix uninit-value in copy_name (git-fixes).
- commit 383d5d6

- blacklist.conf: blocks list lots of 5.15-stable nfsd fixes.
  In the 5.15 stable series there was a full backport of nfsd.  We don't
  won't all of that.  So blacklist lots of patches that we don't want.
- commit 0cfb63d

- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
  Mainline commit f2f6a8e88717 ("init/Kconfig: remove
  CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
  GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
  when checking config changes.
- commit b60be3e

- bnxt_re: Fix imm_data endianness (git-fixes)
- commit c690ca2

- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- commit 7f0f7e9

- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- commit 8395f97

- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- commit 6650e04

- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- commit 0bbda8c

- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- commit 741b900

- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- commit 19e60a6

- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- commit 1ef6723

- RDMA/hns: Check atomic wr length (git-fixes)
- commit 0fc73fc

- RDMA/device: Return error earlier if port in not valid (git-fixes)
- commit e02b7ee

- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- commit cd31168

- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- commit cf1cb3f

- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- commit a92f3fd

- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- commit 5cdefb2

- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- commit 59890ae

- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- commit 25b62bb

- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 84f3be4

- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- commit 478aa21

- Revert "ALSA: firewire-lib: operate for period elapse event
  in process context" (bsc#1208783).
- Revert "ALSA: firewire-lib: obsolete workqueue for period
  update" (bsc#1208783).
- commit 51e6ff5

- x86: stop playing stack games in profile_pc() (bsc#1228633
  CVE-2024-42096).
- commit f28c110

- ptp: fix integer overflow in max_vclocks_store (bsc#1227829
  CVE-2024-40994).
- commit 205cc4c

- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620
  CVE-2024-39493).
- commit 14b61d5

- filelock: Remove locks reliably when fcntl/close race is
  detected (CVE-2024-41012 bsc#1228247).
- commit e2c5917

- Update
  patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
  (bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
  patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
  (bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
  patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
  (bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
  patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
  (bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- commit 39eeeb9

- Update
  patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
  (git-fixes CVE-2023-52885 bsc#1227750).
- Update
  patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
  (bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
  patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
  (bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit 3784f34

- Update
  patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
  (git-fixes CVE-2022-48866 bsc#1228014).
- Update
  patches.suse/Input-aiptek-properly-check-endpoint-type.patch
  (git-fixes CVE-2022-48836 bsc#1227989).
- Update
  patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
  (git-fixes CVE-2022-48793 bsc#1228019).
- Update
  patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
  (git-fixes CVE-2022-48857 bsc#1228005).
- Update
  patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
  (git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
  CVE-2022-48828 bsc#1228054).
- Update
  patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
  (bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
  patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
  (bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
  patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
  (git-fixes CVE-2022-48830 bsc#1227982).
- Update
  patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
  (git-fixes CVE-2022-48784 bsc#1227938).
- Update
  patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
  (git-fixes CVE-2022-48774 bsc#1227923).
- Update
  patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
  (git-fixes CVE-2022-48849 bsc#1228061).
- Update
  patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
  (git-fixes CVE-2022-48826 bsc#1227975).
- Update
  patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
  (git-fixes CVE-2022-48843 bsc#1228066).
- Update
  patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
  (git-fixes CVE-2022-48806 bsc#1227948).
- Update
  patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
  (git-fixes CVE-2022-48860 bsc#1228008).
- Update
  patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
  (CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
  patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
  (git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
  (jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
  patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
  (bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
  patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
  (git-fixes CVE-2022-48807 bsc#1227970).
- Update
  patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
  (git-fixes CVE-2022-48842 bsc#1228064).
- Update
  patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
  (jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
  patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
  (git-fixes CVE-2022-48801 bsc#1227956).
- Update
  patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
  (git-fixes CVE-2022-48831 bsc#1227986).
- Update
  patches.suse/iommu-Fix-potential-use-after-free-during-probe
  (git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
  (bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
  patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
  (git-fixes CVE-2022-48863 bsc#1228063).
- Update
  patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
  (git-fixes CVE-2022-48821 bsc#1227976).
- Update
  patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
  (git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
  patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
  (bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
  patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
  (git-fixes CVE-2022-48775 bsc#1227924).
- Update
  patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
  (git-fixes CVE-2022-48777 bsc#1227922).
- Update
  patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
  (git-fixes CVE-2022-48776 bsc#1227925).
- Update
  patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
  (git-fixes CVE-2022-48778 bsc#1227935).
- Update
  patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
  (git-fixes CVE-2022-48817 bsc#1227931).
- Update
  patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48815 bsc#1227933).
- Update
  patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48813 bsc#1227963).
- Update
  patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48812 bsc#1227971).
- Update
  patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
  (git-fixes CVE-2022-48783 bsc#1227949).
- Update
  patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48818 bsc#1228039).
- Update
  patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
  (git-fixes CVE-2022-48814 bsc#1227944).
- Update
  patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
  (git-fixes CVE-2022-48794 bsc#1228025).
- Update
  patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
  (git-fixes CVE-2022-48859 bsc#1228007).
- Update
  patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
  (git-fixes CVE-2022-48858 bsc#1228006).
- Update
  patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
  (CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
  patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
  (git-fixes CVE-2022-48780 bsc#1227995).
- Update
  patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
  (bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
  CVE-2022-48805 bsc#1227969).
- Update
  patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
  (bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
  bsc#1227941).
- Update
  patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
  (bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
  bsc#1227952).
- Update
  patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
  (bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
  bsc#1228000).
- Update
  patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
  (git fixes CVE-2022-48799 bsc#1227953).
- Update
  patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
  (git-fixes CVE-2022-48820 bsc#1227972).
- Update
  patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
  (git-fixes CVE-2022-48803 bsc#1227965).
- Update
  patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
  (bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
  patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
  (git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
  (git-fixes CVE-2022-48824 bsc#1227964).
- Update
  patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
  (git-fixes CVE-2022-48792 bsc#1228013).
- Update
  patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
  (git-fixes CVE-2022-48791 bsc#1228002).
- Update
  patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
  (git-fixes CVE-2022-48825 bsc#1228056).
- Update
  patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
  (git-fixes CVE-2022-48823 bsc#1228045).
- Update
  patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
  (git-fixes CVE-2022-48851 bsc#1227997).
- Update
  patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
  (CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
  (git-fixes CVE-2022-48822 bsc#1228040).
- Update
  patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
  (git-fixes CVE-2022-48838 bsc#1227988).
- Update
  patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
  (git-fixes CVE-2022-48837 bsc#1227987).
- Update
  patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
  (git-fixes CVE-2022-48834 bsc#1228062).
- Update
  patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
  (git-fixes CVE-2022-48861 bsc#1228009).
- Update
  patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
  (git-fixes CVE-2022-48862 bsc#1228010).
- Update
  patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
  (git-fixes CVE-2022-48786 bsc#1227996).
- Update
  patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
  (git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
  (CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
  patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
  (git-fixes CVE-2022-48773 bsc#1227921).
- commit e328ee7

- Update
  patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
  (git-fixes CVE-2021-47624 bsc#1227920).
- Update
  patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
  (git-fixes CVE-2021-47622 bsc#1227917).
- commit f2d923e

- Update
  patches.suse/79b5b4b18bc8-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free-.patch
  (CVE-2024-35854 bsc#1224636 CVE-2024-35855 bsc#1224694).
- Update
  patches.suse/ACPICA-Revert-ACPICA-avoid-Info-mapping-multiple-BAR.patch
  (git-fixes CVE-2024-40984 bsc#1227820).
- Update
  patches.suse/Bluetooth-hci_core-Fix-possible-buffer-overflow.patch
  (git-fixes CVE-2024-26889 bsc#1228195).
- Update
  patches.suse/HID-core-remove-unnecessary-WARN_ON-in-implement.patch
  (git-fixes CVE-2024-39509 bsc#1227733).
- Update
  patches.suse/HID-logitech-dj-Fix-memory-leak-in-logi_dj_recv_swit.patch
  (git-fixes CVE-2024-40934 bsc#1227796).
- Update
  patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
  (bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
  patches.suse/RDMA-mlx5-Add-check-for-srq-max_sge-attribute.patch
  (git-fixes CVE-2024-40990 bsc#1227824).
- Update
  patches.suse/SUNRPC-Fix-loop-termination-condition-in-gss_free_in.patch
  (git-fixes CVE-2024-36288 bsc#1226834).
- Update
  patches.suse/USB-class-cdc-wdm-Fix-CPU-lockup-caused-by-excessive.patch
  (git-fixes CVE-2024-40904 bsc#1227772).
- Update
  patches.suse/ata-libata-core-Fix-double-free-on-error.patch
  (git-fixes CVE-2024-41087 bsc#1228740).
- Update
  patches.suse/batman-adv-bypass-empty-buckets-in-batadv_purge_orig.patch
  (stable-fixes CVE-2024-40981 bsc#1227864).
- Update
  patches.suse/cachefiles-remove-requests-from-xarray-during-flushin.patch
  (bsc#1226588 CVE-2024-40900 bsc#1227760).
- Update
  patches.suse/crypto-hisilicon-sec-Fix-memory-leak-for-sec-resourc.patch
  (stable-fixes CVE-2024-41002 bsc#1227870).
- Update
  patches.suse/dmaengine-idxd-Fix-possible-Use-After-Free-in-irq_pr.patch
  (git-fixes CVE-2024-40956 bsc#1227810).
- Update
  patches.suse/drivers-core-synchronize-really_probe-and-dev_uevent.patch
  (git-fixes CVE-2024-39501 bsc#1227754).
- Update
  patches.suse/drm-amdgpu-fix-UBSAN-warning-in-kv_dpm.c.patch
  (stable-fixes CVE-2024-40987 bsc#1228235).
- Update
  patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
  (CVE-2024-41011 bsc#1228115 git-fixes bsc#1228114).
- Update
  patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
  (git-fixes CVE-2024-38548 bsc#1228202).
- Update
  patches.suse/drm-exynos-hdmi-report-safe-640x480-mode-as-a-fallba.patch
  (git-fixes CVE-2024-40916 bsc#1227846).
- Update
  patches.suse/drm-exynos-vidi-fix-memory-leak-in-.get_modes.patch
  (stable-fixes CVE-2024-40932 bsc#1227828).
- Update
  patches.suse/drm-i915-dpt-Make-DPT-object-unshrinkable.patch
  (git-fixes CVE-2024-40924 bsc#1227787).
- Update
  patches.suse/drm-komeda-check-for-error-valued-pointer.patch
  (git-fixes CVE-2024-39505 bsc#1227728).
- Update
  patches.suse/drm-lima-mask-irqs-in-timeout-path-before-hard-reset.patch
  (stable-fixes CVE-2024-40976 bsc#1227893).
- Update
  patches.suse/drm-radeon-fix-UBSAN-warning-in-kv_dpm.c.patch
  (stable-fixes CVE-2024-40988 bsc#1227957).
- Update
  patches.suse/ftrace-Fix-possible-use-after-free-issue-in-ftrace_location.patch
  (git-fixes CVE-2024-38588 bsc#1226837).
- Update
  patches.suse/iommu-Return-right-value-in-iommu_sva_bind_device.patch
  (git-fixes CVE-2024-40945 bsc#1227802).
- Update
  patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
  (bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
  patches.suse/sock_map-avoid-race-between-sock_map_close-and-sk_ps.patch
  (bsc#1225475 CVE-2023-52735 CVE-2024-39500 bsc#1227724).
- Update
  patches.suse/tracing-Build-event-generation-tests-only-as-modules.patch
  (git-fixes CVE-2024-41004 bsc#1227851).
- Update
  patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
  (git-fixes CVE-2024-26920 bsc#1228237).
- Update
  patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch
  (git-fixes CVE-2024-40903 bsc#1227766).
- Update
  patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
  (bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
  patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
  (bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- Update
  patches.suse/vmci-prevent-speculation-leaks-by-sanitizing-event-i.patch
  (git-fixes CVE-2024-39499 bsc#1227725).
- Update
  patches.suse/wifi-cfg80211-Lock-wiphy-in-cfg80211_get_station.patch
  (git-fixes CVE-2024-40911 bsc#1227792).
- Update
  patches.suse/wifi-iwlwifi-mvm-check-n_ssids-before-accessing-the-.patch
  (git-fixes CVE-2024-40929 bsc#1227774).
- Update
  patches.suse/wifi-iwlwifi-mvm-don-t-read-past-the-mfuart-notifcat.patch
  (git-fixes CVE-2024-40941 bsc#1227771).
- Update
  patches.suse/wifi-mac80211-Fix-deadlock-in-ieee80211_sta_ps_deliv.patch
  (git-fixes CVE-2024-40912 bsc#1227790).
- Update
  patches.suse/wifi-mac80211-mesh-Fix-leak-of-mesh_preq_queue-objec.patch
  (git-fixes CVE-2024-40942 bsc#1227770).
- Update
  patches.suse/xhci-Handle-TD-clearing-for-multiple-streams-case.patch
  (git-fixes CVE-2024-40927 bsc#1227816).
- commit 14d852a

- Update
  patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
  (git-fixes CVE-2023-52885 bsc#1227750).
- Update
  patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
  (bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
  patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
  (bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit b28e7bb

- Update
  patches.suse/1216-drm-vc4-hdmi-Unregister-codec-device-on-unbind.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48852 bsc#1228067).
- Update
  patches.suse/Bluetooth-hci_core-Fix-leaking-sent_cmd-skb.patch
  (jsc#PED-1407 CVE-2022-48844 bsc#1228068).
- Update
  patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
  (git-fixes CVE-2022-48866 bsc#1228014).
- Update
  patches.suse/Input-aiptek-properly-check-endpoint-type.patch
  (git-fixes CVE-2022-48836 bsc#1227989).
- Update
  patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
  (git-fixes CVE-2022-48793 bsc#1228019).
- Update
  patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
  (git-fixes CVE-2022-48857 bsc#1228005).
- Update
  patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
  (git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
  CVE-2022-48828 bsc#1228054).
- Update
  patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
  (bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
  patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
  (bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
  patches.suse/block-release-rq-qos-structures-for-queue-without-di.patch
  (jsc#PED-1183 CVE-2022-48846 bsc#1227992).
- Update
  patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
  (git-fixes CVE-2022-48830 bsc#1227982).
- Update
  patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
  (git-fixes CVE-2022-48784 bsc#1227938).
- Update
  patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48730 bsc#1226713).
- Update
  patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
  (git-fixes CVE-2022-48774 bsc#1227923).
- Update
  patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48849 bsc#1228061).
- Update
  patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48749 bsc#1226650).
- Update
  patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48756 bsc#1226698).
- Update
  patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48732 bsc#1226716).
- Update
  patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48826 bsc#1227975).
- Update
  patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48843 bsc#1228066).
- Update
  patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
  (git-fixes CVE-2022-48806 bsc#1227948).
- Update
  patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
  (git-fixes CVE-2022-48860 bsc#1228008).
- Update
  patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
  (CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
  patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
  (git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
  (jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
  patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
  (bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
  patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
  (git-fixes CVE-2022-48807 bsc#1227970).
- Update
  patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
  (git-fixes CVE-2022-48842 bsc#1228064).
- Update
  patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
  (jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
  patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
  (git-fixes CVE-2022-48801 bsc#1227956).
- Update
  patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
  (git-fixes CVE-2022-48831 bsc#1227986).
- Update
  patches.suse/iommu-Fix-potential-use-after-free-during-probe
  (git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
  (bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
  patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
  (git-fixes CVE-2022-48863 bsc#1228063).
- Update
  patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
  (git-fixes CVE-2022-48821 bsc#1227976).
- Update
  patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
  (git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
  patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
  (bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
  patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
  (git-fixes CVE-2022-48775 bsc#1227924).
- Update
  patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
  (git-fixes CVE-2022-48777 bsc#1227922).
- Update
  patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
  (git-fixes CVE-2022-48776 bsc#1227925).
- Update
  patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
  (git-fixes CVE-2022-48778 bsc#1227935).
- Update
  patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
  (git-fixes CVE-2022-48817 bsc#1227931).
- Update
  patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48815 bsc#1227933).
- Update
  patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48813 bsc#1227963).
- Update
  patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48812 bsc#1227971).
- Update
  patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
  (git-fixes CVE-2022-48783 bsc#1227949).
- Update
  patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48818 bsc#1228039).
- Update
  patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
  (git-fixes CVE-2022-48814 bsc#1227944).
- Update
  patches.suse/net-fix-a-memleak-when-uncloning-an-skb-dst-and-its-.patch
  (git-fixes CVE-2022-48809 bsc#1227947).
- Update
  patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
  (git-fixes CVE-2022-48794 bsc#1228025).
- Update
  patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
  (git-fixes CVE-2022-48859 bsc#1228007).
- Update
  patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
  (git-fixes CVE-2022-48858 bsc#1228006).
- Update
  patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
  (CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
  patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
  (git-fixes CVE-2022-48780 bsc#1227995).
- Update
  patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
  (bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
  CVE-2022-48805 bsc#1227969).
- Update
  patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
  (bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
  bsc#1227941).
- Update
  patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
  (bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
  bsc#1227952).
- Update
  patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
  (bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
  bsc#1228000).
- Update
  patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
  (git fixes CVE-2022-48799 bsc#1227953).
- Update
  patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
  (git-fixes CVE-2022-48820 bsc#1227972).
- Update
  patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
  (git-fixes CVE-2022-48803 bsc#1227965).
- Update
  patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
  (bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
  patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
  (git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
  (git-fixes CVE-2022-48824 bsc#1227964).
- Update
  patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
  (jsc#PED-1559 CVE-2022-48792 bsc#1228013).
- Update
  patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
  (jsc#PED-1559 CVE-2022-48791 bsc#1228002).
- Update
  patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
  (jsc#PED-1524 CVE-2022-48825 bsc#1228056).
- Update
  patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
  (jsc#PED-1524 CVE-2022-48823 bsc#1228045).
- Update
  patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
  (git-fixes CVE-2022-48851 bsc#1227997).
- Update
  patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
  (CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
  (git-fixes CVE-2022-48822 bsc#1228040).
- Update
  patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
  (git-fixes CVE-2022-48838 bsc#1227988).
- Update
  patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
  (git-fixes CVE-2022-48837 bsc#1227987).
- Update
  patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
  (git-fixes CVE-2022-48834 bsc#1228062).
- Update
  patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
  (jsc#PED-1549 CVE-2022-48861 bsc#1228009).
- Update
  patches.suse/vdpa-mlx5-add-validation-for-VIRTIO_NET_CTRL_MQ_VQ_P.patch
  (jsc#PED-1549 CVE-2022-48864 bsc#1228011).
- Update
  patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
  (jsc#PED-1549 CVE-2022-48862 bsc#1228010).
- Update
  patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
  (git-fixes CVE-2022-48786 bsc#1227996).
- Update
  patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
  (git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
  (CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
  patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
  (git-fixes CVE-2022-48773 bsc#1227921).
- commit bfcee01

- Update
  patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
  (stable-5.14.10 bsc#1225302 CVE-2021-47402 bsc#1225301).
- Update
  patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
  (git-fixes CVE-2021-47624 bsc#1227920).
- Update
  patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
  (git-fixes CVE-2021-47622 bsc#1227917).
- commit a651650

- scsi: qedf: Make qedf_execute_tmf() non-preemptible (CVE-2024-42124 bsc#1228705)
- commit 9baaa6c

- net: dsa: mv88e6xxx: Correct check for empty list (CVE-2024-42224 bsc#1228723)
- commit 17953b6

- Update references in patches.suse/wifi-cfg80211-wext-add-extra-SIOCSIWSCAN-data-check.patch (CVE-2024-41072 bsc#1228626 stable-fixes)
- commit 273bfae

- skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048 bsc#1228565)
- commit 530a147

- netns: Make get_net_ns() handle zero refcount net
  (CVE-2024-40958 bsc#1227812).
- commit cd7215b

- blacklist.conf: Add 943ad0b62e3c kernel: rerun task_work while freezing in get_signal()
  and related io_uring fix.
- commit dd99721

- blacklist.conf: Add 7a4479680d7f cgroup_misc: add kernel-doc comments for enum misc_res_type
- commit 33a371b

- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit 8837200

- mm/hugetlb: fix missing hugetlb_lock for resv uncharge
  (bsc#1224548 CVE-2024-36000).
- commit bb54a15

- Bluetooth: hci_sync: Fix suspending with wrong filter policy
  (git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
  (git-fixes).
- commit d1b1ed5

- net/dpaa2: Avoid explicit cpumask var allocation on stack
  (CVE-2024-42093 bsc#1228680).
- ppp: reject claimed-as-LCP but actually malformed packets
  (CVE-2024-41044 bsc#1228530).
- ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066
  bsc#1228640).
- net/dpaa2: Avoid explicit cpumask var allocation on stack
  (CVE-2024-42093 bsc#1228680).
- commit e2a1614

- drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591 CVE-2024-42122)
- commit 42cafdc

- gfs2: Fix NULL pointer dereference in gfs2_log_flush
  (bsc#1228672 CVE-2024-42079).
- commit 9249ead

- btrfs: qgroup: fix quota root leak after quota disable failure
  (bsc#1228655 CVE-2024-41078).
- commit a021822

- workqueue: Improve scalability of workqueue watchdog touch
  (bsc#1193454).
- commit d6c3d9d

- workqueue: wq_watchdog_touch is always called with valid CPU
  (bsc#1193454).
- commit 8c80fa1

- KVM: arm64: Disassociate vcpus from redistributor region on
  teardown (CVE-2024-40989 bsc#1227823).
- commit 724dd5c

- wifi: mac80211: Avoid address calculations via out of bounds
  array indexing (CVE-2024-41071 bsc#1228625).
- commit 93c5732

- powerpc/eeh: avoid possible crash when edev->pdev changes
  (CVE-2024-41064 bsc#1228599).
- commit ba6e5c8

- ASoC: topology: Fix references to freed memory (CVE-2024-41069
  bsc#1228644).
- commit 44dd0c7

- net/sched: Fix UAF when resolving a clash (CVE-2024-41040 bsc#1228518)
- commit 38cd1ac

- btrfs: make sure that WRITTEN is set on all metadata blocks (CVE-2024-35949 bsc#1224700)
  Changes: adjust returned error codes to -EUCLEAN and drop definition of
  the enum error.
- commit c3c9515

- ila: block BH in ila_output() (CVE-2024-41081 bsc#1228617)
- commit 54b2845

- blacklist.conf: CVE-2024-41076 bsc#1228649: not applicable
  Different code using a local variable, switch to dynamic allocation done
  in 1b00ad657997c8 ("NFS: Remove the nfs4_label from the nfs_setattrres")
  in 5.16.
- commit 40fbbcc

- blk-cgroup: dropping parent refcount after pd_free_fn() is done
  (bsc#1224573).
- commit 87d4ac6

- Update patches.suse/nilfs2-fix-inode-number-range-checks.patch
  (git-fixes stable-fixes bsc#1228665 CVE-2024-42105).
- commit 363084c

- Update
  patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch
  (bsc#1221044 CVE-2023-52591 bsc#1228440).
- commit d21f810

- hfsplus: fix uninit-value in copy_name (bsc#1228561
  CVE-2024-41059).
- commit cfc2db1

- ext4: fix uninitialized ratelimit_state->lock access in
  __ext4_fill_super() (bsc#1227866 CVE-2024-40998).
- commit 5c2bc07

- cachefiles: fix slab-use-after-free in
  cachefiles_withdraw_cookie() (bsc#1228462 CVE-2024-41057).
- cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
  (bsc#1228459 CVE-2024-41058).
- netfs, fscache: export fscache_put_volume() and add
  fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- commit 599a85f

- platform/chrome: cros_ec_proto: Lock device when updating MKBP
  version (git-fixes).
- commit 3c731c9

- dmaengine: idxd: Fix possible Use-After-Free in
  irq_process_work_list (CVE-2024-40956 bsc#1227810).
- commit 3632d87

- platform/chrome: cros_ec_proto: Lock device when updating MKBP
  version (git-fixes).
- commit 43f2501

- ocfs2: add bounds checking to ocfs2_check_dir_entry()
  (bsc#1228409 CVE-2024-41015).
- ocfs2: strict bound check before memcmp in
  ocfs2_xattr_find_entry() (bsc#1228410).
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
  (bsc#1228410 CVE-2024-41016).
- ocfs2: remove redundant assignment to variable free_space
  (bsc#1228409).
- commit 568c7dd

- vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625
  CVE-2024-27437).
- commit 65556f4

- ocfs2: fix DIO failure due to insufficient transaction credits
  (bsc#1216834).
- commit edabc6f

- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (CVE-2024-41063 bsc#1228580)
- commit 7924d8c

- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041 bsc#1228520)
- commit eae6531

- ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (CVE-2022-48785 bsc#1227927)
- commit ca3b7b0

- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit bcdcd8a

- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070 bsc#1228470)
- commit ec1e1fa

- nfsd: Don't leave work of closing files to a work queue
  (bsc#1228140).
- commit 3b8e93d

- KVM: PPC: Book3S HV: Prevent UAF in
  kvm_spapr_tce_attach_iommu_group() (bsc#1228581 CVE-2024-41070).
- commit 5102495

- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
  (CVE-2024-40959 bsc#1227884).
- commit 4f042e1

- tap: add missing verification for short frame (CVE-2024-41090
  bsc#1228328).
- commit e64bcfc

- selftests/bpf: Add more ring buffer test coverage (bsc#1228020
  CVE-2024-41009).
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
  CVE-2024-41009).
- commit 320d7db

- rpm/guards: fix precedence issue with control flow operator
  With perl 5.40 it report the following error on rpm/guards script:
  Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
  Fix the issue by adding parenthesis around ternary operator.
- commit 07b8b4e

- blacklist.conf: Add 9c573cd31343 randomize_kstack: Improve entropy diffusion
  blacklist.conf: Add 375561bd6195 stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
- commit 07a7d85

- ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA
  is paused (git-fixes).
- commit 81d45da

- wifi: mac80211: handle tasklet frames before stopping
  (stable-fixes).
- commit 51c6566

- HID: wacom: Modify pen IDs (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
  (stable-fixes).
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
  (stable-fixes).
- wifi: mac80211: disable softirqs for queued frame handling
  (git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
  (stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane
  Button (stable-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout
  (stable-fixes).
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config
  (stable-fixes).
- ALSA: dmaengine: Synchronize dma channel after drop()
  (stable-fixes).
- ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium
  (stable-fixes).
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize
  (stable-fixes).
- Input: elantech - fix touchpad state on resume for Lenovo N24
  (stable-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
  (stable-fixes).
- mei: demote client disconnect warning on suspend to debug
  (stable-fixes).
- Input: silead - Always support 10 fingers (stable-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
  (stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe
  option (stable-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd
  (stable-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup
  (stable-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in
  mesh sdata (stable-fixes).
- ACPI: EC: Avoid returning AE_OK on errors in address space
  handler (stable-fixes).
- ACPI: EC: Abort address space access upon error (stable-fixes).
- docs: Fix formatting of literal sections in fanotify docs
  (stable-fixes).
- commit 38d8033

- xfs: add bounds checking to xlog_recover_process_data
  (bsc#1228408 CVE-2024-41014).
- commit 9b9175d

- xfs: don't walk off the end of a directory data block
  (bsc#1228405 CVE-2024-41013).
- commit 3a2120b

- jfs: don't walk off the end of ealist (bsc#1228403
  CVE-2024-41017).
- commit 553b2ef

- ext4: do not create EA inode under buffer lock (bsc#1227910
  CVE-2024-40972).
- commit aacd3b6

- ext4: fold quota accounting into
  ext4_xattr_inode_lookup_create() (bsc#1227910 CVE-2024-40972).
- commit 0630857

- ext4: fix mb_cache_entry's e_refcnt leak in
  ext4_xattr_block_cache_find() (bsc#1226993 CVE-2024-39276).
- commit 1269749

- Update patch reference for AMDGPU fix (CVE-2024-41011 bsc#1228115)
- commit 0303eab

- drm/amdkfd: don't allow mapping the MMIO HDP page with large
  pages (CVE-2024-41011 bsc#1228115).
- commit ff8f843

- 9p: add missing locking around taking dentry fid list (bsc#1227090, CVE-2024-39463).
- commit c58a66f

- ceph: fix incorrect kmalloc size of pagevec mempool
  (bsc#1228418).
- commit 2230e72

- tun: add missing verification for short frame (CVE-2024-41091
  bsc#1228327).
- tap: add missing verification for short frame (CVE-2024-41090
  bsc#1228328).
- net: ena: Add validation for completion descriptors consistency
  (CVE-2024-40999 bsc#1227913).
- net: mvpp2: clear BM pool before initialization (CVE-2024-35837
  bsc#1224500).
- commit 80ce1bf

- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- commit 6bbdba6

- sit: do not call ipip6_dev_free() from sit_init_net()
  (CVE-2021-47588 bsc#1226568).
- commit 38c1d39

- mptcp: remove tcp ulp setsockopt support
  (CVE-2021-47591 bsc#1226570).
- commit 2079fc2

- Refresh
  patches.kabi/tty-add-the-option-to-have-a-tty-reject-a-new-ldisc.patch.
  Fix build for CONFIG_VT=n (ppc64le/kvmsmall).
- commit a0ede6a

- sch_cake: do not call cake_destroy() from cake_init()
  (CVE-2021-47598 bsc#1226574).
- commit d533b8e

- serial: imx: Introduce timeout when waiting on transmitter empty
  (CVE-2024-40967 bsc#1227891).
- commit 05ae86a

- kABI: tty: add the option to have a tty reject a new ldisc
  (kabi CVE-2024-40966 bsc#1227886).
- tty: add the option to have a tty reject a new ldisc
  (CVE-2024-40966 bsc#1227886).
- commit 875e673

- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- commit 1b3b67e

- devres: Fix memory leakage caused by driver API
  devm_free_percpu() (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env()
  (git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- commit 9c7dc5b

- bpf: Fix a potential use-after-free in bpf_link_free()
  (bsc#1227798 CVE-2024-40909).
- Refresh patches.kabi/bpf-bpf_link-and-bpf_link_ops-kABI-workaround.patch
- commit 755a2fd

- net-sysfs: add check for netdevice being present to speed_show (CVE-2022-48850 bsc#1228071)
- commit 3226c14

- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- commit 9b702c7

- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- commit 11f7aa0

- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- commit 33fb4ee

- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- commit d56b79b

- KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- commit be5ea07

- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- commit dc83512

- drm/radeon: check bo_va->bo is non-NULL before using it
  (stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode
  support (stable-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
  (stable-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency
  (stable-fixes).
- ALSA: hda/realtek: Add more codec ID to no shutup pins list
  (stable-fixes).
- commit a18e5d0

- powerpc/fixmap: Fix VM debug warning on unmap (CVE-2021-47623
  bsc#1227919).
- commit 6169baf

- wifi: mt76: mt7921s: fix potential hung tasks during chip
  recovery (CVE-2024-40977 bsc#1227950).
- commit ee916d4

- Avoid hw_desc array overrun in dw-axi-dmac (CVE-2024-40970
  bsc#1227899).
- commit 713bbc3

- ssb: Fix potential NULL pointer dereference in
  ssb_device_uevent() (CVE-2024-40982 bsc#1227865).
- commit 4f37558

- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- commit 12ba1f2

- Update patches.suse/IB-mlx5-Use-__iowrite64_copy-for-write-combining-sto.patch (git-fixes bsc#1226502)
- commit c55adfd

- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- commit 3783d1b

- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- commit cc50a67

- s390: Implement __iowrite32_copy() (bsc#1226502)
- commit 8fb0f46

- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- commit 92d3558

- smb: client: fix use-after-free in smb2_query_info_compound()
  (bsc#1225489, CVE-2023-52751).
- commit a32502b

- bpf: Set run context for rawtp test_run callback (bsc#1227783
  CVE-2024-40908).
- commit 3bc3979

- ipv6: prevent possible NULL dereference in rt6_probe()
  (CVE-2024-40960 bsc#1227813).
- commit 33bfa43

- PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
  (git-fixes).
- commit e67818e

- cachefiles: flush all requests after setting CACHEFILES_DEAD
  (bsc#1227797 CVE-2024-40935).
- commit f7e6672

- xfs: Add cond_resched to block unmap range and reflink remap
  path (bsc#1228226).
- commit 398a1d5

- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table()
  on failure path (CVE-2022-48810 bsc#1227936).
- commit 4b745d6

- PCI: Introduce cleanup helpers for device reference counts
  and locks (git-fixes).
- commit 4645732

- PCI: tegra194: Set EP alignment restriction for inbound ATU
  (git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
  (git-fixes).
- PCI: keystone: Fix NULL pointer dereference in case of DT
  error in ks_pcie_setup_rc_app_regs() (git-fixes).
- PCI: keystone: Don't enable BAR 0 for AM654x (git-fixes).
- PCI: Fix resource double counting on remove & rescan
  (git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
  (git-fixes).
- commit b5dfbee

- sctp: fix kernel-infoleak for SCTP sockets (CVE-2022-48855
  bsc#1228003).
- commit f84afd1

- blacklist.conf: add one pci entry
- commit 8c4446c

- ipv6: prevent possible NULL deref in fib6_nh_init()
  (CVE-2024-40961 bsc#1227814).
- commit 09176fe

- PCI: Extend ACS configurability (bsc#1228090).
- commit 9d1d191

- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated
  memory (bsc#1227762 CVE-2024-40901).
- commit 1473e56

- io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
  (bsc#1227732 CVE-2024-39508).
- commit 9c3b469

- mac802154: fix llsec key resources release in
  mac802154_llsec_key_del (CVE-2024-26961 bsc#1223652).
- commit 4396d9f

- usb: typec: tcpm: clear pd_event queue in PORT_RESET
  (git-fixes).
- commit 8782764

- netrom: Fix a memory leak in nr_heartbeat_expiry()
  (CVE-2024-41006 bsc#1227862).
- commit fa76ffa

- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
  (git-fixes).
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored
  (git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up
  (git-fixes).
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when
  pinctrl_enable() fails (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable()
  fails (git-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable()
  fails (git-fixes).
- pinctrl: rockchip: update rk3308 iomux routes (git-fixes).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
  (git-fixes).
- PCI: Fix resource double counting on remove & rescan
  (git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
  (git-fixes).
- PCI: Introduce cleanup helpers for device reference counts
  and locks (stable-fixes).
- commit a5ba589

- usb: gadget: call usb_gadget_check_config() to verify UDC
  capability (git-fixes).
- commit a789eca

- blacklist.conf: pure dts
- commit ed51b87

- usb: cdns3: fix iso transfer error when mult is not zero
  (git-fixes).
- commit 24ef45f

- usb: cdns3: fix incorrect calculation of ep_buf_size when more
  than one config (git-fixes).
- commit 1aee554

- usb: cdns3: allocate TX FIFO size according to composite EP
  number (git-fixes).
- blacklist.conf: needed as infrastructure
- Refresh
  patches.suse/usb-cdns3-fix-NCM-gadget-RX-speed-20x-slow-than-expe.patch.
- commit f5e4b65

- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- libceph: fix race between delayed_work() and ceph_monc_stop()
  (bsc#1228190).
- commit 7cce822

- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt
  is true (git-fixes).
- Refresh
  patches.suse/usb-cdns3-fix-uvc-failure-work-since-sg-support-enab.patch.
- commit f171c84

- usb: cdns3: optimize OUT transfer by copying only actual
  received data (git-fixes).
- commit 909f26f

- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
  (git-fixes).
- commit 82de9d3

- usb: cdns3: improve handling of unaligned address case
  (git-fixes).
- commit ada0d19

- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state
  (bsc#1227121 ltc#207129).
- commit 2fe1c33

- blacklist.conf: pure optimization
- commit 0f44899

- gve: Clear napi->skb before dev_kfree_skb_any() (CVE-2024-40937
  bsc#1227836).
- commit 610d469

- Input: elan_i2c - do not leave interrupt disabled on suspend
  failure (git-fixes).
- Input: qt1050 - handle CHIP_ID reading error (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- Revert "usb: musb: da8xx: Set phy in OTG mode by default"
  (stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
  Book Pro 360 (stable-fixes).
- ASoC: amd: Adjust error handling in case of absent codec device
  (git-fixes).
- ASoC: max98088: Check for clk_prepare_enable() error
  (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
  (stable-fixes).
- crypto: ecdsa - Fix the public key format description
  (git-fixes).
- commit daf9e8d

- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config
  (git-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush()
  ctl op (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after
  suspend/resume (git-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep
  (git-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- USB: serial: option: add Rolling RW350-GL variants
  (stable-fixes).
- USB: serial: option: add support for Foxconn T99W651
  (stable-fixes).
- USB: serial: option: add Netprisma LCUK54 series modules
  (stable-fixes).
- usb: gadget: configfs: Prevent OOB read/write in
  usb_string_copy() (stable-fixes).
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
  (stable-fixes).
- USB: serial: option: add Telit generic core-dump composition
  (stable-fixes).
- USB: serial: option: add Fibocom FM350-GL (stable-fixes).
- USB: serial: option: add Telit FN912 rmnet compositions
  (stable-fixes).
- nilfs2: add missing check for inode numbers on directory entries
  (stable-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
  (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT
  IVW 11.6" tablet (stable-fixes).
- nfc/nci: Add the inconsistency check between the input data
  length and count (stable-fixes).
- Input: ff-core - prefer struct_size over open coded arithmetic
  (stable-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- media: dvb-frontends: tda10048: Fix integer overflow
  (stable-fixes).
- media: s2255: Use refcount_t instead of atomic_t for
  num_channels (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div
  (stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: dw2102: Don't translate i2c read into write
  (stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware()
  (stable-fixes).
- media: dvb: as102-fe: Fix as10x_register_addr packing
  (stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- commit 1d67edd

- Update Alt-commit of AMDGPU patch (git-fixes)
- commit 486ad31

- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers
  (git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in
  prepare() (git-fixes).
- commit 7e23de0

- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO
  before regulators (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in
  amdgpu_device_baco_exit (git-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
  (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
  (stable-fixes).
- ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- crypto: aead,cipher - zeroize key buffer after use
  (stable-fixes).
- commit df254fc

- Update Alt-commit for AMDGPU patches (git-fixes)
- commit faaa427

- net: hns3: fix kernel crash problem in concurrent scenario
  (CVE-2024-39507 bsc#1227730).
- net/mlx5: Fix tainted pointer delete is case of flow rules
  creation fail (CVE-2024-40940 bsc#1227800).
- commit 778fd36

- vmxnet3: disable rx data ring on dma allocation failure
  (CVE-2024-40923 bsc#1227786).
- commit 39544d5

- mptcp: ensure snd_una is properly initialized on connect
  (CVE-2024-40931 bsc#1227780).
- commit 8410912

- bnxt_en: Adjust logging of firmware messages in case of released
  token in __hwrm_send() (CVE-2024-40919 bsc#1227779).
- commit 92740a7

- orangefs: fix out-of-bounds fsid access (git-fixes).
- commit 5492c0a

- nilfs2: fix incorrect inode allocation from reserved inodes
  (git-fixes).
- commit 84d8b23

- nilfs2: convert persistent object allocator to use kmap_local
  (git-fixes).
- commit 5ccbbbd

- nilfs2: add missing check for inode numbers on directory entries
  (git-fixes).
- commit 907b3f0

- nilfs2: fix inode number range checks (git-fixes).
- commit f8f08aa

- jffs2: Fix potential illegal address access in jffs2_free_inode
  (git-fixes).
- commit 03a6330

- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CVE-2024-39487 bsc#1227573)
- commit 07efe24

- netfilter: nf_tables: flush pending destroy work before exit_net release (CVE-2024-35899 bsc#1224499)
- commit fca7a67

- net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (CVE-2024-35934 bsc#1224641)
- commit 2be2fbe

- net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893 bsc#1224512)
- commit e1c4fc4

- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
  (CVE-2024-40953, bsc#1227806).
- commit 2476f39

- Refresh
  patches.suse/KVM-x86-Bail-from-kvm_recalculate_phys_map-if-x2APIC.patch.
- commit c36c759

- xfs: fix log recovery buffer allocation for the legacy h_size
  fixup (bsc#1227432 CVE-2024-39472).
- commit 18a9915

- KVM: x86: Add IBPB_BRTYPE support (bsc#1228079).
- commit aa09d73

- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff
  (git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp
  (git-fixes).
- saa7134: Unchecked i2c_transfer function result fixed
  (git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: dvb-usb: Fix unexpected infinite loop in
  dvb_usb_read_remote_control() (git-fixes).
- Revert "leds: led-core: Fix refcount leak in of_led_get()"
  (git-fixes).
- leds: triggers: Flush pending brightness before activating
  trigger (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos
  (git-fixes).
- leds: trigger: Unregister sysfs attributes before calling
  deactivate() (git-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- commit 960e7ee

- Update
  patches.suse/mptcp-ensure-snd_nxt-is-properly-initialized-on-conn.patch
  (CVE-2024-36889 bsc#1225746).
- commit cf8a3ad

- ocfs2: fix races between hole punching and AIO+DIO (CVE-2024-40943 bsc#1227849).
- commit b79d9d8

- net: rds: Fix possible NULL-pointer dereference (CVE-2023-52573 bsc#1220869)
- commit d3cf4c3

- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020 bsc#1223815)
- commit fd09409

- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019 bsc#1223813)
- commit ccbb2a8

- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- commit 7623aa9

- gro: fix ownership transfer (CVE-2024-35890 bsc#1224516).
- commit 59871a8

- mptcp: ensure snd_nxt is properly initialized on connect
  (CVE-2024-36889).
- commit d97efaf

- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- commit 7716ffe

- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- commit ee3b46a

- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- commit 4a9af64

- ipv6: fib6_rules: avoid possible NULL dereference in
  fib6_rule_action() (CVE-2024-36902 bsc#1225719).
- commit b7587ff

- phonet: fix rtm_phonet_notify() skb allocation (CVE-2024-36946
  bsc#1225851).
- commit f863dba

- net: netlink: af_netlink: Prevent empty skb by adding a check
  on len (CVE-2021-47606 bsc#1226555).
- commit 3b4f977

- r8169: Fix possible ring buffer corruption on fragmented Tx
  packets (CVE-2024-38586 bsc#1226750).
- commit 21fc784

- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code  block (bsc#1227900).
- commit cee3770

- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- commit 5326760

- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- commit 7113a94

- wifi: rtw89: Fix array index mistake in
  rtw89_sta_info_get_iter() (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
  (git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in
  cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
  (git-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
  (git-fixes).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox
  (git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of
  wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no
  waiters (git-fixes).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- pwm: stm32: Always do lazy disabling (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms
  (git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes
  (git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled
  (git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version
  (git-fixes).
- drm/gma500: fix null pointer dereference in
  cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in
  psb_intel_lvds_get_modes (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- commit f8f3fda

- SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
- SUNRPC: Fix loop termination condition in
  gss_free_in_token_pages() (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
  (git-fixes).
- NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
  (git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
  (git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- NFSD: Convert filecache to rhltable (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- nfsd: update comment over __nfsd_file_cache_purge (git-fixes).
- nfsd: don't take/put an extra reference when putting a file
  (git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: don't kill nfsd_files because of lease break error
  (git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
  (git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
  (git-fixes).
- nfsd: don't fsync nfsd_files on last close (git-fixes).
- nfsd: don't hand out delegation on setuid files being opened
  for write (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer
  (git-fixes).
- nfsd: don't free files unconditionally in
  __nfsd_file_cache_purge (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath
  (git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- lockd: set missing fl_flags field when retrieving args
  (git-fixes).
- NFSD: Add an nfsd_file_fsync tracepoint (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache
  (git-fixes).
- NFSD: Fix licensing header in filecache.c (git-fixes).
- NFSD: Flesh out a documenting comment for filecache.c
  (git-fixes).
- NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage
  collection (git-fixes).
- NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- filelock: add a new locks_inode_context accessor function
  (git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry
  (git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint
  (git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge
  (git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire
  (git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- NFSD enforce filehandle check for source file in COPY
  (git-fixes).
- NFSD: verify the opened dentry after setting a delegation
  (git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion
  (git-fixes).
- NFSD: Ensure nf_inode is never dereferenced (git-fixes).
- NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- NFSD: Separate tracepoints for acquire and create (git-fixes).
- NFSD: Clean up unused code after rhashtable conversion
  (git-fixes).
- NFSD: Convert the filecache to use rhashtable (git-fixes).
- NFSD: Set up an rhashtable for the filecache (git-fixes).
- NFSD: Replace the "init once" mechanism (git-fixes).
- NFSD: Remove nfsd_file::nf_hashval (git-fixes).
- NFSD: nfsd_file_hash_remove can compute hashval (git-fixes).
- NFSD: Refactor __nfsd_file_close_inode() (git-fixes).
- NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode
  (git-fixes).
- NFSD: Remove lockdep assertion from unhash_and_release_locked()
  (git-fixes).
- NFSD: No longer record nf_hashval in the trace log (git-fixes).
- NFSD: Fix the filecache LRU shrinker (git-fixes).
- NFSD: Leave open files out of the filecache LRU (git-fixes).
- NFSD: Trace filecache LRU activity (git-fixes).
- NFSD: WARN when freeing an item still linked via nf_lru
  (git-fixes).
- NFSD: Zero counters when the filecache is re-initialized
  (git-fixes).
- NFSD: Record number of flush calls (git-fixes).
- NFSD: Report the number of items evicted by the LRU walk
  (git-fixes).
- NFSD: Refactor nfsd_file_lru_scan() (git-fixes).
- NFSD: Refactor nfsd_file_gc() (git-fixes).
- NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- NFSD: Report average age of filecache items (git-fixes).
- NFSD: Report count of freed filecache items (git-fixes).
- NFSD: Report count of calls to nfsd_file_acquire() (git-fixes).
- NFSD: Report filecache LRU size (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed
  (git-fixes).
- NFSD: Fix potential use-after-free in nfsd_file_put()
  (git-fixes).
- NFSD: nfsd_file_put() can sleep (git-fixes).
- NFSD: Trace filecache opens (git-fixes).
- NFSD: Instantiate a struct file when creating a regular NFSv4
  file (git-fixes).
- NFSD: Clean up nfsd_open_verified() (git-fixes).
- NFSD: Remove do_nfsd_create() (git-fixes).
- NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- NFSD: Refactor NFSv3 CREATE (git-fixes).
- NFSD: Refactor nfsd_create_setattr() (git-fixes).
- NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()
  (git-fixes).
- NFSD: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- NFSD: De-duplicate hash bucket indexing (git-fixes).
- NFSD: Write verifier might go backwards (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return
  (git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- nfsd: map EBADF (git-fixes).
- NFSD: simplify per-net file cache management (git-fixes).
- NFSD: handle errors better in write_ports_addfd() (git-fixes).
- commit 93c3330

- usb: dwc3: gadget: Don't delay End Transfer on delayed_status
  (git-fixes).
- commit e973410

- Update
  patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
  (bsc#1225767 CVE-2024-36919).
  fix incorrect bug# reference
- commit 354086f

- ipv6: sr: fix missing sk_buff release in seg6_input_core
  (bsc#1227626 CVE-2024-39490).
- commit b5e215c

- usb: xhci-plat: Don't include xhci.h (git-fixes).
- commit 192a370

- blacklist.conf: missing backport for fix
- commit 6f546a1

- net/mlx5: Always stop health timer during driver removal
  (CVE-2024-40906 bsc#1227763).
- net/mlx5: Restore mistakenly dropped parts in register devlink
  flow (CVE-2024-35961 bsc#1224585).
- commit 63e2ff9

- USB: xhci-plat: fix legacy PHY double init (git-fixes).
- commit 287068c

- usb: dwc3: gadget: Synchronize IRQ between soft
  connect/disconnect (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 8914bb2

- exfat: check if cluster num is valid (git-fixes).
- commit bbb197c

- exfat: simplify is_valid_cluster() (git-fixes).
- commit ec3d5ea

- usb: dwc3: gadget: Force sending delayed status during soft
  disconnect (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Stall-and-restart-EP0-if-host-is-unr.patch.
- commit 78e41bc

- hfsplus: fix to avoid false alarm of circular locking
  (git-fixes).
- commit 88f4150

- blacklist.conf: cleanup, not a fix
- commit b7bc0b1

- net/mlx5: Register devlink first under devlink lock
  (CVE-2024-35961 bsc#1224585).
- idpf: fix kernel panic on unknown packet types (CVE-2024-35889
  bsc#1224517).
- stmmac: Clear variable when destroying workqueue (CVE-2024-26802
  bsc#1222799).
- commit b9232bb

- inet: fully convert sk->sk_rx_dst to RCU rules (CVE-2021-47103
  bsc#1221010).
- commit 6ef4a6c

- mptcp: fix deadlock in __mptcp_push_pending() (CVE-2021-47590
  bsc#1226565).
- commit 994eb84

- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722 CVE-2024-39497)
- commit 39b6841

- ionic: fix use after netif_napi_del() (CVE-2024-39502
  bsc#1227755).
- ionic: clean interrupt before enabling queue to avoid credit
  race (git-fixes).
- commit f8dee1e

- ipv6: prevent NULL dereference in ip6_output() (CVE-2024-36901 bsc#1225711)
- commit 0757942

- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004 bsc#1224545)
- commit 89d4439

- nbd: null check for nla_nest_start (CVE-2024-27025 bsc#1223778)
- commit d85f2c2

- btrfs: use latest_dev in btrfs_show_devname (CVE-2021-47599 bsc#1226571)
- commit ba2490e

- btrfs: convert latest_bdev type to btrfs_device and rename (CVE-2021-47599 bsc#1226571)
- commit abefb83

- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- commit 4b0837b

- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- commit 274b9eb

- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
  (CVE-2024-35853 bsc#1224604).
- commit e216456

- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during
  activity update (CVE-2024-35854 bsc#1224636).
- commit fa5b2f9

- phonet/pep: fix racy skb_queue_empty() use (CVE-2024-27402
  bsc#1224414).
- commit 3644194

- net: prevent mss overflow in skb_segment() (CVE-2023-52435
  bsc#1220138).
- commit 4ab465a

- tracing/net_sched: NULL pointer dereference in
  perf_trace_qdisc_reset() (git-fixes).
- commit b9d9fb5

- tracing: Build event generation tests only as modules
  (git-fixes).
- commit 383ccf7

- cachefiles: add output string to
  cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- commit f83a29c

- ftrace: Fix possible use-after-free issue in ftrace_location()
  (git-fixes).
- commit f6aba47

- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- commit 0a79f35

- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- commit 91021c0

- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- commit 369619b

- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- commit aa95b6b

- netfilter: nf_tables: do not compare internal table flags on
  updates (CVE-2024-27065 bsc#1223836).
- commit f1dd3b1

- kprobes: Make arch_check_ftrace_location static (git-fixes).
- commit 81e6138

- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- commit c256000

- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- commit 16300ba

- csky: ftrace: Drop duplicate implementation of
  arch_check_ftrace_location() (git-fixes).
- commit c9c9bba

- net/smc: avoid data corruption caused by decline (bsc#1225088
  CVE-2023-52775).
- commit 7b97698

- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- commit 82ec7e7

- netfilter: flowtable: incorrect pppoe tuple (CVE-2024-27015
  bsc#1223806).
- commit 6af6de1

- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- commit 4eee5e7

- tipc: Check the bearer type before calling
  tipc_udp_nl_bearer_add() (CVE-2024-26663 bsc#1222326).
- commit b23a947

- blacklist.conf: Blacklist unneeded patch
- commit a22ed51

- phonet/pep: refuse to enable an unbound pipe (CVE-2021-47086
  bsc#1220952).
- commit 3d5c321

- tipc: check for null after calling kmemdup (CVE-2021-47186
  bsc#1222702).
- commit 34af8f8

- i2c: rcar: bring hardware to known state when probing
  (git-fixes).
- i2c: testunit: avoid re-issued work after read message
  (git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- commit 720b7b0

- hpet: Support 32-bit userspace (git-fixes).
- USB: serial: mos7840: fix crash on resume (git-fixes).
- USB: core: Fix duplicate endpoint bug by clearing reserved
  bits in the descriptor (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
  (git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2
  alg headers (git-fixes).
- firmware: cs_dsp: Validate payload length before processing
  block (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file
  (git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header
  (git-fixes).
- ACPI: processor_idle: Fix invalid comparison with insertion
  sort for latency (git-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo
  (stable-fixes).
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with
  ALC897 (stable-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning
  (stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id
  (stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank
  (stable-fixes).
- drm/amd/display: Check index msg_id before read or write
  (stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs
  (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/lima: fix shared irq handling on driver remove
  (stable-fixes).
- commit 7c70cdc

- net: openvswitch: fix overwriting ct original tuple for  ICMPv6
  (bsc#1226783 CVE-2024-38558).
- net/smc: fix illegal rmb_desc access in SMC-D connection dump
  (bsc#1220942 CVE-2024-26615).
- commit eaeef60

- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- commit b1ce67e

- KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID
  is out-of-bounds (git-fixes).
- commit 9ec2217

- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- commit 083e305

- KVM: x86: Save/restore all NMIs when multiple NMIs are pending
  (git-fixes).
- commit 8bd778f

- block: don't add partitions if GD_SUPPRESS_PART_SCAN is set
  (bsc#1227162).
- commit 71773a0

- block, loop: support partitions without scanning (bsc#1227162).
- blacklist.conf:
- commit bb86429

- KVM: x86: Honor architectural behavior for aliased 8-bit APIC
  IDs (git-fixes).
- commit bf2b1de

- Update
  patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
  (git-fixes CVE-2024-36955 bsc#1225810).
- Update
  patches.suse/Bluetooth-qca-fix-firmware-check-error-path.patch
  (git-fixes CVE-2024-36942 bsc#1225843).
- Update
  patches.suse/Reapply-drm-qxl-simplify-qxl_fence_wait.patch
  (stable-fixes CVE-2024-36944 bsc#1225847).
- Update
  patches.suse/arm64-asm-bug-Add-.align-2-to-the-end-of-__BUG_ENTRY.patch
  (git-fixes CVE-2024-39488 bsc#1227618).
- Update
  patches.suse/fbdev-savage-Handle-err-return-when-savagefb_check_v.patch
  (git-fixes CVE-2024-39475 bsc#1227435).
- Update
  patches.suse/firewire-ohci-mask-bus-reset-interrupts-between-ISR-.patch
  (stable-fixes CVE-2024-36950 bsc#1225895).
- Update
  patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
  (git-fixes CVE-2024-36959 bsc#1225839).
- Update
  patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
  (bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- Update patches.suse/qibfs-fix-dentry-leak.patch (git-fixes
  CVE-2024-36947 bsc#1225856).
- Update
  patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
  (bsc#1224767 CVE-2024-36919 bsc#1225767).
- Update
  patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
  (git-fixes bsc#1223675 CVE-2024-269355 CVE-2024-26935).
- Update
  patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch
  (bsc#1221777 CVE-2024-36952 bsc#1225898).
- Update
  patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
  (bsc#1221777 CVE-2024-36924 bsc#1225820).
- Update
  patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
  (git-fixes CVE-2024-36941 bsc#1225835).
- commit 54600b7

- Update
  patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
  (git fixes CVE-2022-48713 bsc#1227549).
- Update
  patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
  (bsc#1226758 CVE-2024-38559 bsc#1226785).
- Update
  patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186
  CVE-2024-26800 bsc#1222728).
- commit 329a684

- KVM: SVM: Process ICR on AVIC IPI delivery failure due to
  invalid target (git-fixes).
- commit 112065d

- KVM: x86: Purge "highest ISR" cache when updating APICv state
  (git-fixes).
- commit a129b88

- KVM: x86: Disable APIC logical map if vCPUs are aliased in
  logical mode (git-fixes).
- commit 8d68b06

- vfio/fsl-mc: Block calling interrupt handler without trigger
  (bsc#1222810 CVE-2024-26814).
- commit 520ae3c

- KVM: x86: Disable APIC logical map if logical ID covers multiple
  MDAs (git-fixes).
- commit 0357410

- KVM: Always flush async #PF workqueue when vCPU is being
  destroyed (bsc#1223635 CVE-2024-26976).
- commit c5ed396

- virtio-blk: fix implicit overflow on virtio_max_dma_size
  (bsc#1225573 CVE-2023-52762).
- commit 4296dc1

- KVM: x86: Skip redundant x2APIC logical mode optimized cluster
  setup (git-fixes).
- commit 288a73b

- vfio/platform: Create persistent IRQ handlers (bsc#1222809
  CVE-2024-26813).
- commit a8290e8

- KVM: x86: Explicitly track all possibilities for APIC map's
  logical modes (git-fixes).
- commit 2cf1fb4

- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- commit 07e2e07

- KVM: x86: Explicitly skip optimized logical map setup if vCPU's
  LDR==0 (git-fixes).
- commit d6f5973

- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- commit f2aaa1a

- KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC
  routes (git-fixes).
- commit a815f21

- KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR
  in CPUID (git-fixes).
- commit ccf2508

- net: mana: Fix possible double free in error handling path (git-fixes).
- RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted (bsc#1225744, CVE-2024-36909).
- uio_hv_generic: Don't free decrypted memory (bsc#1225717, CVE-2024-36910).
- hv_netvsc: Don't free decrypted memory (bsc#1225745, CVE-2024-36911).
- Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752, CVE-2024-36912).
- Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753, CVE-2024-36913).
- commit a860c7f

- tpm, tpm_tis: correct tpm_tis_flags enumeration values
  (bsc#1082555).
- commit ee1e789

- KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT
  Misconfig (git-fixes).
- commit 0d2641d

- KVM: VMX: Report up-to-date exit qualification to userspace
  (git-fixes).
- commit 606216a

- tpm_tis: Resend command to recover from data transfer errors
  (bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside
  tpm_tis_resume (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on
  resume (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers
  (bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector
  (bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts
  (bsc#1082555).
- tpm: Allow system suspend to continue when TPM suspend fails
  (bsc#1082555).
- commit 7f61c0e

- KVM: x86: Fix broken debugregs ABI for 32 bit kernels
  (git-fixes).
- commit eea9593

- KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- commit 2af46f6

- Refresh
  patches.suse/bpf-keep-track-of-max-number-of-bpf_loop-callback-it.patch.
  (bsc#1225903)
  Include missing changes in
  tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
  was not backported previously.
- commit 69cbb3f

- Refresh
  patches.suse/bpf-verify-callbacks-as-if-they-are-called-unknown-n.patch.
  (bsc#1225903)
  Include missing changes in
  tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
  was not backported previously.
- commit 8238035

- btrfs: validate device maj:min during open (bsc#1227162).
- commit f49f11d

- btrfs: use dev_t to match device in device_matched
  (bsc#1227162).
- commit 4a1fa42

- btrfs: add device major-minor info in the struct  btrfs_device
  (bsc#1227162).
- commit 297d7e5

- btrfs: match stale devices by dev_t (bsc#1227162).
- commit ee773dd

- btrfs: harden identification of a stale device (bsc#1227162).
- commit 9bf979f

- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- commit 1a2918c

- btrfs: remove the cross file system checks from remap
  (bsc#1227157).
- commit b30d559

- arm64: dts: rockchip: fix alphabetical ordering RK3399 puma (git-fixes)
  In order to apply current patch need to refresh:
  arm64-dts-rockchip-enable-internal-pull-up-on-PCIE_WAKE-for-RK3399-Puma.patch
- commit 36ab413

- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- commit f6380d7

- blacklist.conf: ("arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK")
- commit 3dd6408

- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- commit 7c8b066

- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- commit c6de453

- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- commit 2d5f667

- blacklist.conf: ("arm64: dts: broadcom: bcmbca: bcm4908: set brcm,wp-not-connected")
- commit 9393d29

- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- commit dc0a371

- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- commit 37fadad

- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- commit f1a9bcf

- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- commit 296515d

- selftests/bpf: test case for callback_depth states pruning logic
  (bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is
  tracked (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks
  (bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier
  (bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in
  regsafe() (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar
  ids (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence
  of subprogs (bsc#1225903).
- selftests/bpf: populate map_array_ro map for
  verifier_array_access test (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for
  test_loader (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored
  (bsc#1225903).
- selftests/bpf: Add a selftest for checking subreg equality
  (bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier
  tests (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c
  (bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c
  (bsc#1225903).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h
  (bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error
  (bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple
  expected messages (bsc#1225903).
- commit d974185

- tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328 CVE-2024-26665).
- commit ba586e2

- ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557
  CVE-2024-35995).
- commit dccf281

- ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
  (bsc#1224557 CVE-2024-35995).
- commit a961424

- nfs: Handle error of rpc_proc_register() in nfs_net_init()
  (CVE-2024-36939 bsc#1225838).
- commit 1e7c712

- SUNRPC: avoid soft lockup when transmitting UDP to reachable
  server (bsc#1225272).
- commit a570654

- Update patches.suse/net-tls-factor-out-tls_-crypt_async_wait.patch.
- fix build warning
- commit 01715f7

- netfilter: conntrack: ignore overly delayed tcp packets
  (bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return
  value (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window
  (bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker
  (bsc#1223180).
- commit f482451

- powerpc/pseries: Fix scv instruction crash with kexec
  (bsc#1194869 CVE-2024-42230).
- powerpc/kasan: Disable address sanitization in kexec paths
  (bsc#1194869 CVE-2024-42230).
- powerpc/pseries: Fix scv instruction crash with kexec
  (bsc#1194869).
- powerpc/kasan: Disable address sanitization in kexec paths
  (bsc#1194869).
- commit c9d175f

- kernel-binary: vdso: Own module_dir
- commit ff69986

- ACPI: CPPC: Use access_width over bit_width for system memory
  accesses (bsc#1224557 CVE-2024-35995).
- commit 1947557

- drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323 CVE-2024-26661)
- commit c59a952

- Update
  patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
  (bsc#1226785 CVE-2024-38559).
  fixed incorrect bug number reference
- commit 999a0f9

- Update
  patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
  (bsc#1226785 CVE-2024-38559).
  Fixed incorrect bug reference.
- commit e3b8fb6

- net/dcb: check for detached device before executing callbacks
  (bsc#1215587).
- commit a6082a0

- kABI: rtas: Workaround false positive due to lost definition
  (bsc#1227487).
- commit fb8a8f3

- net/core: Fix ETH_P_1588 flow dissector (bsc#1220876
  CVE-2023-52580).
- commit 0ff3299

- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- sched/fair: Don't balance task to its current running CPU
  (git fixes (sched)).
- kernel/sched: Remove dl_boosted flag comment (git fixes
  (sched)).
- commit 27be692

- blacklist.conf: Unsupported architecture
- commit 74cc76a

- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
  (git-fixes).
- commit 4c4245d

- powerpc/rtas: Prevent Spectre v1 gadget construction in
  sys_rtas() (bsc#1227487).
- commit 9648fb4

- tls: fix use-after-free on failed backlog decryption
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: separate no-async decryption request handling from async
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: decrement decrypt_pending if no async completion will be
  called (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: handle backlogging of crypto requests (CVE-2024-26584
  bsc#1220186).
- tls: fix race between tx work scheduling and socket close
  (CVE-2024-26585 bsc#1220187).
- tls: fix race between async notify and socket close
  (CVE-2024-26583 bsc#1220185).
- net: tls: factor out tls_*crypt_async_wait() (CVE-2024-26583
  CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: fix async vs NIC crypto offload (CVE-2024-26583
  CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: use async as an in-out argument (CVE-2024-26583
  CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: assume crypto always calls our callback (CVE-2024-26583
  CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't track the async count (CVE-2024-26583
  CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: simplify async wait (CVE-2024-26583 CVE-2024-26584
  bsc#1220185 bsc#1220186).
- tls: rx: wrap decryption arguments in a structure
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't report text length from the bowels of decrypt
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: drop unnecessary arguments from tls_setup_from_iter()
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- commit 63dd4a4

- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- commit b623ae1

- drm/nouveau: fix null pointer dereference in
  nouveau_connector_get_modes (git-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer
  (stable-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info
  (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
  nv17_tv_get_ld_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
  nv17_tv_get_hd_modes (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for
  EliteBook 645/665 G11 (stable-fixes).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host
  (stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host
  (stable-fixes).
- xhci: Set correct transferred length for cancelled bulk
  transfers (stable-fixes).
- ACPI: x86: Force StorageD3Enable on more products
  (stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs
  (git-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the
  Belkin F5U002 (stable-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
  (stable-fixes).
- power: supply: cros_usbpd: provide ID table for avoiding
  fallback match (stable-fixes).
- mtd: partitions: redboot: Added conversion of operands to a
  larger type (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- ALSA: emux: improve patch ioctl data validation (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory
  (stable-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers
  that sleep (stable-fixes).
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
  (stable-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref()
  (stable-fixes).
- HID: Add quirk for Logitech Casa touchpad (stable-fixes).
- ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7
  (stable-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release
  (stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of
  pointer message (stable-fixes).
- Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c &
  amdgpu_device.c (stable-fixes).
- Bluetooth: hci_qca: mark OF related data as maybe unused
  (stable-fixes).
- ACPI: x86: utils: Add Picasso to the list for forcing
  StorageD3Enable (stable-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- PCI: Add PCI_ERROR_RESPONSE and related definitions
  (stable-fixes).
- commit 7f3043b

- RDMA/restrack: Fix potential invalid address access (git-fixes)
- commit 23ae4ef

- bpf: check bpf_func_state->callback_depth when pruning states
  (bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global
  func exit (bsc#1225903).
- commit d19d633

- bcache: fix variable length array abuse in btree_iter
  (CVE-2024-39482 bsc#1227447).
- commit 17815f2

- soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683
  CVE-2024-35819).
- commit 450645b

- soc: fsl: qbman: Add CGR update function (bsc#1224683
  CVE-2024-35819).
- commit 2baf830

- soc: fsl: qbman: Add helper for sanity checking cgr ops
  (bsc#1224683 CVE-2024-35819).
- commit 47079b2

- Delete
  patches.suse/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch.
  Will be replaced with a refreshed version once all conflicting new patches are in.
- commit a0fa0a3

- hwmon: (axi-fan-control) Fix possible NULL pointer dereference
  (git-fixes CVE-2023-52863 bsc#1225586).
- commit 084eb37

- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- can: kvaser_usb: Explicitly initialize family in leafimx
  driver_info struct (git-fixes).
- Bluetooth: qca: Fix BT enable failure again for QCA6390 after
  warm reboot (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
  (git-fixes).
- commit 2b22fa3

- kABI: bpf: callback fixes kABI workaround (bsc#1225903).
- kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kABI: bpf: bpf_reg_state reorganization kABI workaround
  (bsc#1225903).
- kABI: bpf: struct bpf_{idmap,idset} kABI workaround
  (bsc#1225903).
- commit c363b0e

- jfs: xattr: fix buffer overflow for invalid xattr
  (bsc#1227383).
- commit 33e2d96

- blacklist.conf: Add 8b793bcda61f watchdog: move softlockup_panic back to early_param
- commit 884e27b

- blacklist.conf: Add d988d9a9b9d1 panic: Flush kernel log buffer at the end
- commit 1b88df8

- net: tulip: de4x5: fix the problem that the array 'lp->phy'
  may be  out of bound (bsc#1225505 CVE-2021-47547).
- commit 9f2e6d7

- Update
  patches.suse/arm64-mm-Batch-dsb-and-isb-when-populating-pgtables.patch
  (jsc#PED-8690 bsc#1226202).
- Update
  patches.suse/arm64-mm-Don-t-remap-pgtables-for-allocate-vs-populate.patch
  (jsc#PED-8690 bsc#1226202).
- Update
  patches.suse/arm64-mm-Don-t-remap-pgtables-per-cont-pte-pmd-block.patch
  (jsc#PED-8690 bsc#1226202).
- Update
  patches.suse/arm64-mm-don-t-acquire-mutex-when-rewriting-swapper.patch
  (jsc#PED-8690 bsc#1226202).
- Update
  patches.suse/net-ena-Fix-redundant-device-NUMA-node-override.patch
  (jsc#PED-8690 bsc#1226202).
- commit 6a3ad32

- Update
  patches.suse/usb-gadget-printer-fix-races-against-disable.patch
  (CVE-2024-25741 bsc#1219832).
- commit ad103cc

- md: fix resync softlockup when bitmap size is less than array
  size (CVE-2024-38598, bsc#1226757).
- commit 63bdd4c

- Replaced by upstream version and add CVE-2024-35979 bsc#1224572 References,
  patches.suse/raid1-fix-use-after-free-for-original-bio-in-raid1_w-fcf3.patch.
- commit b286e82

- dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743,
  CVE-2024-35805).
- commit cd48313

- llc: make llc_ui_sendmsg() more robust against bonding changes
  (CVE-2024-26636 bsc#1221659).
- commit ecb089c

- llc: Drop support for ETH_P_TR_802_2 (CVE-2024-26635
  bsc#1221656).
- commit 1100e9f

- usb: gadget: u_audio: Fix race condition use of controls after
  free during gadget unbind (CVE-2024-38628 bsc#1226911).
- commit 9098f97

- usb: gadget: u_audio: clean up some inconsistent indenting
  (CVE-2024-38628 bsc#1226911).
- commit 59d56d9

- blacklist.conf: 9cb46b31f3d0 drm/xe/xe_migrate: Cast to output precision before multiplying operands
- commit f111be2

- ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
  (CVE-2024-26641 bsc#1221654).
- commit 41bffae

- hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021
  CVE-2024-26863).
- commit f065753

- ip6_tunnel: fix NEXTHDR_FRAGMENT handling in
  ip6_tnl_parse_tlv_enc_lim() (CVE-2024-26633 bsc#1221647).
- commit f5f5027

- gfs2: Fix potential glock use-after-free on unmount (bsc#1226775
  CVE-2024-38570).
- gfs2: Rename sd_{ glock => kill }_wait (bsc#1226775
  CVE-2024-38570).
- gfs2: Use container_of() for gfs2_glock(aspace) (bsc#1226775
  CVE-2024-38570).
- commit 1854bb6

- io_uring: check for non-NULL file pointer in io_file_can_poll()
  (bsc#1226990 CVE-2024-39371).
- commit f9fcf1f

- fs/9p: fix uninitialized values during inode evict (bsc#1225815
  CVE-2024-36923).
- commit 40f7a6e

- hsr: Prevent use after free in prp_create_tagged_frame()
  (CVE-2023-52846 bsc#1225098).
- commit 74c7662

- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot
  of subvolume being deleted (bsc#1221282).
- btrfs: don't abort filesystem when attempting to snapshot
  deleted subvolume (bsc#1221282 CVE-2024-26644 bsc#1222072).
- commit 7829d14

- btrfs: fix crash on racing fsync and size-extending write into
  prealloc (bsc#1227101 CVE-2024-37354).
- commit 899b45b

- kbuild: do not include include/config/auto.conf from shell
  scripts (bsc#1227274).
- commit c743753

- kernel-doc: fix struct_group_tagged() parsing (git-fixes).
- lib: memcpy_kunit: Fix an invalid format specifier in an
  assertion msg (git-fixes).
- commit d600a63

- mtd: rawnand: rockchip: ensure NVDDR timings are rejected
  (git-fixes).
- mtd: rawnand: Bypass a couple of sanity checks during NAND
  identification (git-fixes).
- mtd: rawnand: Ensure ECC configuration is propagated to upper
  layers (git-fixes).
- commit 69e8827

- bpf: keep track of max number of bpf_loop callback iterations
  (bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- commit 4740932

- bpf: verify callbacks as if they are called unknown number of
  times (bsc#1225903).
- Refresh patches.kabi/bpf-struct-bpf_insn_aux_data-workaround.patch
- bpf: clean up visit_insn()'s instruction processing
  (bsc#1225903).
- Refresh patches.suse/bpf-handle-ldimm64-properly-in-check_cfg.patch
- bpf: Remove unused insn_cnt argument from
  visit_[func_call_]insn() (bsc#1225903).
- Refresh patches.suse/bpf-handle-ldimm64-properly-in-check_cfg.patch
- commit 4cfaa45

- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in
  strobemeta (bsc#1225903).
- bpf: print full verifier states on infinite loop detection
  (bsc#1225903).
- bpf: Fix memory leaks in __check_func_call (bsc#1225903).
- commit 319cd93

- Update
  patches.suse/0001-dm-btree-remove-fix-use-after-free-in-rebalance_chil.patch
  (git-fixes CVE-2021-47600 bsc#1226575).
- Update
  patches.suse/ALSA-hda-Fix-UAF-of-leds-class-devs-at-unbinding.patch
  (bsc#1195349 CVE-2022-48735 bsc#1226719).
- Update
  patches.suse/ARM-9170-1-fix-panic-when-kasan-and-kprobe-are-enabl.patch
  (git-fixes CVE-2021-47618 bsc#1226644).
- Update
  patches.suse/ASoC-hdmi-codec-Fix-OOB-memory-accesses.patch
  (git-fixes CVE-2022-48739 bsc#1226675).
- Update
  patches.suse/ASoC-max9759-fix-underflow-in-speaker_gain_control_p.patch
  (git-fixes CVE-2022-48717 bsc#1226679).
- Update
  patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4cf28e9ae6e2.patch
  (git-fixes CVE-2022-48736 bsc#1226721).
- Update
  patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4f1e50d6a9cf.patch
  (git-fixes CVE-2022-48737 bsc#1226762).
- Update
  patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_.patch
  (git-fixes CVE-2022-48738 bsc#1226674).
- Update
  patches.suse/Bluetooth-refactor-malicious-adv-data-check.patch
  (git-fixes CVE-2021-47620 bsc#1226669).
- Update patches.suse/IB-hfi1-Fix-AIP-early-init-panic.patch
  (git-fixes CVE-2022-48728 bsc#1226691).
- Update
  patches.suse/IB-hfi1-Fix-panic-with-larger-ipoib-send_queue_size.patch
  (jsc#SLE-19242 CVE-2022-48729 bsc#1226710).
- Update
  patches.suse/KVM-LAPIC-Also-cancel-preemption-timer-during-SET_LA.patch
  (git-fixes CVE-2022-48765 bsc#1226697).
- Update
  patches.suse/KVM-arm64-Avoid-consuming-a-stale-esr-value-when-SEr.patch
  (git-fixes CVE-2022-48727 bsc#1226690).
- Update
  patches.suse/KVM-x86-Forcibly-leave-nested-virt-when-SMM-state-is.patch
  (git-fixes CVE-2022-48763 bsc#1226628).
- Update
  patches.suse/PCI-pciehp-Fix-infinite-loop-in-IRQ-handler-upon-pow.patch
  (git-fixes CVE-2021-47617 bsc#1226614).
- Update
  patches.suse/RDMA-Fix-use-after-free-in-rxe_queue_cleanup.patch
  (jsc#SLE-19249 CVE-2021-47616 bsc#1226603).
- Update
  patches.suse/RDMA-irdma-Fix-a-user-after-free-in-add_pble_prm.patch
  (jsc#SLE-18383 CVE-2021-47614 bsc#1226601).
- Update
  patches.suse/RDMA-mlx5-Fix-releasing-unallocated-memory-in-dereg-.patch
  (jsc#SLE-19253 CVE-2021-47615 bsc#1226602).
- Update
  patches.suse/RDMA-siw-Fix-refcounting-leak-in-siw_create_qp.patch
  (jsc#SLE-19249 CVE-2022-48725 bsc#1226618).
- Update
  patches.suse/RDMA-ucma-Protect-mc-during-concurrent-multicast-lea.patch
  (git-fixes CVE-2022-48726 bsc#1226686).
- Update
  patches.suse/USB-core-Fix-hang-in-usb_kill_urb-by-adding-memory-b.patch
  (git-fixes CVE-2022-48760 bsc#1226712).
- Update
  patches.suse/USB-core-Make-do_proc_control-and-do_proc_bulk-killa.patch
  (git-fixes CVE-2021-47582 bsc#1226559).
- Update
  patches.suse/audit-improve-robustness-of-the-audit-queue-handling.patch
  (git-fixes CVE-2021-47603 bsc#1226577).
- Update patches.suse/block-Fix-wrong-offset-in-bio_truncate.patch
  (bsc#1202780 CVE-2022-48747 bsc#1226643).
- Update
  patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-cmpxchg-s-r.patch
  (git-fixes CVE-2021-47607 bsc#1226580).
- Update
  patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-fetch.patch
  (bsc#1193883 bsc#1194826 CVE-2022-0264 CVE-2021-47608
  bsc#1226569).
- Update
  patches.suse/bpf-Protect-against-int-overflow-for-stack-access-si.patch
  (bsc#1224488 CVE-2024-35905).
- Update
  patches.suse/btrfs-fix-deadlock-between-quota-disable-and-qgroup-.patch
  (bsc#1199295 CVE-2022-48734 bsc#1226626).
- Update
  patches.suse/btrfs-fix-memory-leak-in-__add_inode_ref.patch
  (bsc#1197915 CVE-2021-47585 bsc#1226556).
- Update
  patches.suse/ceph-properly-put-ceph_string-reference-after-async-create-attempt.patch
  (bsc#1195341 CVE-2022-48767 bsc#1226715).
- Update
  patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
  (git-fixes CVE-2022-48730 bsc#1226713).
- Update
  patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
  (git-fixes CVE-2022-48749 bsc#1226650).
- Update
  patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
  (git-fixes CVE-2022-48756 bsc#1226698).
- Update
  patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
  (git-fixes CVE-2022-48732 bsc#1226716).
- Update
  patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
  (git-fixes CVE-2021-47534).
- Update
  patches.suse/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch
  (CVE-2022-22942 bsc#1195065 CVE-2022-48771 bsc#1226732).
- Update
  patches.suse/efi-runtime-avoid-EFIv2-runtime-services-on-Apple-x8.patch
  (git-fixes CVE-2022-48769 bsc#1226629).
- Update
  patches.suse/ext4-fix-error-handling-in-ext4_fc_record_modified_i.patch
  (bsc#1202767 CVE-2022-48712 bsc#1226673).
- Update
  patches.suse/firmware-arm_scpi-Fix-string-overflow-in-SCPI-genpd-.patch
  (git-fixes CVE-2021-47609 bsc#1226562).
- Update
  patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
  (git-fixes CVE-2023-52766).
- Update patches.suse/i40e-Fix-queues-reservation-for-XDP.patch
  (git-fixes CVE-2021-47619 bsc#1226645).
- Update patches.suse/igbvf-fix-double-free-in-igbvf_probe.patch
  (jsc#SLE-18379 CVE-2021-47589 bsc#1226557).
- Update
  patches.suse/inet_diag-fix-kernel-infoleak-for-UDP-sockets.patch
  (git-fixes CVE-2021-47597 bsc#1226553).
- Update
  patches.suse/iocost-Fix-divide-by-zero-on-donation-from-low-hweig.patch
  (bsc#1198014 CVE-2021-47584 bsc#1226564).
- Update
  patches.suse/iommu-vt-d-fix-potential-memory-leak-in-intel_setup_irq_remapping
  (git-fixes CVE-2022-48724 bsc#1226624).
- Update
  patches.suse/isdn-cpai-check-ctr-cnr-to-avoid-array-index-out-of-.patch
  (stable-5.14.15 CVE-2021-43389 CVE-2021-3896 bsc#1191958
  CVE-2021-4439 bsc#1226670).
- Update
  patches.suse/mac80211-track-only-QoS-data-frames-for-admission-co.patch
  (git-fixes CVE-2021-47602 bsc#1226554).
- Update
  patches.suse/mac80211-validate-extended-element-ID-is-present.patch
  (git-fixes CVE-2021-47611 bsc#1226583).
- Update
  patches.suse/media-mxl111sf-change-mutex_init-location.patch
  (git-fixes CVE-2021-47583 bsc#1226563).
- Update
  patches.suse/net-amd-xgbe-Fix-skb-data-length-underflow.patch
  (git-fixes CVE-2022-48743 bsc#1226705).
- Update
  patches.suse/net-hns3-fix-use-after-free-bug-in-hclgevf_send_mbx_.patch
  (bsc#1190336 CVE-2021-47596 bsc#1226558).
- Update
  patches.suse/net-ieee802154-ca8210-Stop-leaking-skb-s.patch
  (git-fixes CVE-2022-48722 bsc#1226619).
- Update
  patches.suse/net-macsec-Fix-offload-support-for-NETDEV_UNREGISTER.patch
  (git-fixes CVE-2022-48720 bsc#1226683).
- Update
  patches.suse/net-mlx5-Use-del_timer_sync-in-fw-reset-flow-of-halt.patch
  (git-fixes CVE-2022-48745 bsc#1226702).
- Update
  patches.suse/net-mlx5e-Avoid-field-overflowing-memcpy.patch
  (git-fixes CVE-2022-48744 bsc#1226696).
- Update
  patches.suse/net-mlx5e-Fix-handling-of-wrong-devices-during-bond-.patch
  (git-fixes CVE-2022-48746 bsc#1226703).
- Update
  patches.suse/net-smc-Forward-wakeup-to-smc-socket-waitqueue-after-fallback
  (git-fixes CVE-2022-48721 bsc#1226685).
- Update
  patches.suse/net-smc-Transitional-solution-for-clcsock-race-issue
  (git-fixes CVE-2022-48751 bsc#1226653).
- Update
  patches.suse/net-stmmac-dwmac-rk-fix-oob-read-in-rk_gmac_setup.patch
  (git-fixes CVE-2021-47586 bsc#1226561).
- Update
  patches.suse/net-stmmac-fix-tc-flower-deletion-for-VLAN-priority-.patch
  (git-fixes CVE-2021-47592 bsc#1226572).
- Update
  patches.suse/net-systemport-Add-global-locking-for-descriptor-lif.patch
  (git-fixes CVE-2021-47587 bsc#1226567).
- Update
  patches.suse/nfc-fix-segfault-in-nfc_genl_dump_devices_done.patch
  (git-fixes CVE-2021-47612 bsc#1226585).
- Update
  patches.suse/of-module-prevent-NULL-pointer-dereference-in-vsnprintf.patch
  (bsc#1226587 CVE-2024-38541 CVE-2024-35878 bsc#1224671).
- Update
  patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
  (git fixes CVE-2022-48713).
- Update patches.suse/phylib-fix-potential-use-after-free.patch
  (git-fixes CVE-2022-48754 bsc#1226692).
- Update
  patches.suse/powerpc-perf-Fix-power_pmu_disable-to-call-clear_pmi.patch
  (bsc#1156395 CVE-2022-48752 bsc#1226709).
- Update
  patches.suse/rpmsg-char-Fix-race-between-the-release-of-rpmsg_ctr.patch
  (git-fixes CVE-2022-48759 bsc#1226711).
- Update
  patches.suse/scsi-bnx2fc-Flush-destroy_work-queue-before-calling-bnx2fc_interface_put
  (git-fixes bsc#1196746 CVE-2022-48758 bsc#1226708).
- Update patches.suse/scsi-bnx2fc-Make-bnx2fc_recv_frame-mp-safe
  (git-fixes bsc#1196746 CVE-2022-48715 bsc#1226621).
- Update
  patches.suse/scsi-scsi_debug-Don-t-call-kcalloc-if-size-arg-is-zero.patch
  (git-fixes CVE-2021-47578 bsc#1226539).
- Update
  patches.suse/scsi-scsi_debug-Fix-type-in-min_t-to-avoid-stack-OOB.patch
  (git-fixes CVE-2021-47580 bsc#1226550).
- Update
  patches.suse/scsi-scsi_debug-Sanity-check-block-descriptor-length-in-resp_mode_select.patch
  (git-fixes CVE-2021-47576 bsc#1226537).
- Update
  patches.suse/selinux-fix-double-free-of-cond_list-on-error-paths.patch
  (git-fixes CVE-2022-48740 bsc#1226699).
- Update
  patches.suse/spi-uniphier-fix-reference-count-leak-in-uniphier_sp.patch
  (git-fixes CVE-2022-48723 bsc#1226617).
- Update patches.suse/tee-amdtee-fix-an-IS_ERR-vs-NULL-bug.patch
  (jsc#SLE-21844 CVE-2021-47601 bsc#1226576).
- Update
  patches.suse/tipc-improve-size-validations-for-received-domain-re.patch
  (bsc#1195254 CVE-2022-0435 CVE-2022-48711 bsc#1226672).
- Update
  patches.suse/tracing-histogram-Fix-a-potential-memory-leak-for-kstrdup.patch
  (git-fixes CVE-2022-48768 bsc#1226720).
- Update
  patches.suse/usb-xhci-plat-fix-crash-when-suspend-if-remote-wake-.patch
  (git-fixes CVE-2022-48761 bsc#1226701).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
  (git-fixes CVE-2023-52800).
- commit cc322a0

- X.509: Fix the parser of extended key usage for length
  (bsc#1218820).
- commit c5d6d23

- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
  (CVE-2024-36904 bsc#1225732).
- commit 975b193

- bpf: correct loop detection for iterators convergence
  (bsc#1225903).
- commit c7253b6

- bpf: exact states comparison for iterator convergence checks
  (bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c
  (bsc#1225903).
- bpf: Verify scalar ids mapping in regsafe() using check_ids()
  (bsc#1225903).
- bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
- bpf: fix calculation of subseq_idx during precision backtracking
  (bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-backtracking-instruction-iteration.patch
- commit 7f3ee03

- bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
- commit 3786246

- Update
  patches.suse/1203-drm-mxsfb-Fix-NULL-pointer-dereference.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48718 bsc#1226616).
- Update
  patches.suse/1250-drm-amd-display-Wrap-dcn301_calculate_wm_and_dlg-for.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48766 bsc#1226704).
- Update
  patches.suse/1327-drm-msm-Fix-null-ptr-access-msm_ioctl_gem_submit.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2021-47610 bsc#1226581).
- Update
  patches.suse/ALSA-Fix-deadlocks-with-kctl-removals-at-disconnecti.patch
  (stable-fixes CVE-2024-38600 bsc#1226864).
- Update
  patches.suse/ALSA-core-Fix-NULL-module-pointer-assignment-at-card.patch
  (git-fixes CVE-2024-38605 bsc#1226740).
- Update
  patches.suse/ALSA-hda-cs_dsp_ctl-Use-private_free-for-control-cle.patch
  (git-fixes CVE-2024-38388 bsc#1226890).
- Update
  patches.suse/ALSA-timer-Set-lower-bound-of-start-tick-time.patch
  (stable-fixes git-fixes CVE-2024-38618 bsc#1226754).
- Update
  patches.suse/ASoC-kirkwood-Fix-potential-NULL-dereference.patch
  (git-fixes CVE-2024-38550 bsc#1226633).
- Update
  patches.suse/Input-cyapa-add-missing-input-core-locking-to-suspen.patch
  (git-fixes CVE-2023-52884 bsc#1226764).
- Update
  patches.suse/KEYS-trusted-Do-not-use-WARN-when-encode-fails.patch
  (git-fixes CVE-2024-36975 bsc#1226520).
- Update
  patches.suse/KEYS-trusted-Fix-memory-leak-in-tpm2_key_encode.patch
  (git-fixes CVE-2024-36967 bsc#1226131).
- Update
  patches.suse/RDMA-hns-Fix-deadlock-on-SRQ-async-events.patch
  (git-fixes CVE-2024-38591 bsc#1226738).
- Update
  patches.suse/RDMA-hns-Modify-the-print-level-of-CQE-error.patch
  (git-fixes CVE-2024-38590 bsc#1226839).
- Update
  patches.suse/RDMA-rxe-Fix-seg-fault-in-rxe_comp_queue_pkt.patch
  (git-fixes CVE-2024-38544 bsc#1226597).
- Update
  patches.suse/block-fix-memory-leak-in-disk_register_independent_a.patch
  (jsc#PED-1183 CVE-2022-48753 bsc#1226693).
- Update
  patches.suse/bnxt_re-avoid-shift-undefined-behavior-in-bnxt_qplib.patch
  (git-fixes CVE-2024-38540 bsc#1226582).
- Update
  patches.suse/bpf-Guard-against-accessing-NULL-pt_regs-in-bpf_get_.patch
  (jsc#PED-1377 CVE-2022-48770 bsc#1226730).
- Update
  patches.suse/bpf-Use-VM_MAP-instead-of-VM_ALLOC-for-ringbuf.patch
  (jsc#PED-1377 CVE-2022-48714 bsc#1226622).
- Update
  patches.suse/btrfs-fix-use-after-free-after-failure-to-create-a-s.patch
  (git-fixes CVE-2022-48733 bsc#1226718).
- Update
  patches.suse/cppc_cpufreq-Fix-possible-null-pointer-dereference.patch
  (git-fixes CVE-2024-38573 bsc#1226739).
- Update patches.suse/crypto-bcm-Fix-pointer-arithmetic.patch
  (git-fixes CVE-2024-38579 bsc#1226637).
- Update
  patches.suse/drm-amd-display-Fix-division-by-zero-in-setup_dsc_co.patch
  (stable-fixes CVE-2024-36969 bsc#1226155).
- Update
  patches.suse/drm-amd-display-Fix-potential-index-out-of-bounds-in.patch
  (git-fixes CVE-2024-38552 bsc#1226767).
- Update
  patches.suse/drm-amdgpu-add-error-handle-to-avoid-out-of-bounds.patch
  (stable-fixes CVE-2024-39471 bsc#1227096).
- Update
  patches.suse/drm-amdgpu-mes-fix-use-after-free-issue.patch
  (stable-fixes CVE-2024-38581 bsc#1226657).
- Update
  patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
  (git-fixes CVE-2024-38548).
- Update
  patches.suse/drm-mediatek-Add-0-size-check-to-mtk_drm_gem_obj.patch
  (git-fixes CVE-2024-38549 bsc#1226735).
- Update
  patches.suse/drm-msm-a6xx-Avoid-a-nullptr-dereference-when-speedb.patch
  (git-fixes CVE-2024-38390 bsc#1226891).
- Update
  patches.suse/drm-vc4-Fix-possible-null-pointer-dereference.patch
  (git-fixes CVE-2024-38546 bsc#1226593).
- Update
  patches.suse/drm-vmwgfx-Fix-invalid-reads-in-fence-signaled-event.patch
  (git-fixes CVE-2024-36960 bsc#1225872).
- Update
  patches.suse/efi-libstub-only-free-priv.runtime_map-when-allocate.patch
  (git-fixes CVE-2024-33619 bsc#1226768).
- Update
  patches.suse/io-wq-check-for-wq-exit-after-adding-new-worker-task.patch
  (bsc#1205205 CVE-2021-47577 bsc#1226538).
- Update
  patches.suse/jffs2-prevent-xattr-node-from-overflowing-the-eraseblock.patch
  (git-fixes CVE-2024-38599 bsc#1226848).
- Update
  patches.suse/media-atomisp-ssh_css-Fix-a-null-pointer-dereference.patch
  (git-fixes CVE-2024-38547 bsc#1226632).
- Update
  patches.suse/media-lgdt3306a-Add-a-check-against-null-pointer-def.patch
  (stable-fixes CVE-2022-48772 bsc#1226976).
- Update
  patches.suse/media-stk1160-fix-bounds-checking-in-stk1160_copy_vi.patch
  (git-fixes CVE-2024-38621 bsc#1226895).
- Update
  patches.suse/net-bridge-vlan-fix-memory-leak-in-__allowed_ingress.patch
  (git-fixes CVE-2022-48748 bsc#1226647).
- Update
  patches.suse/net-sched-sch_ets-don-t-remove-idle-classes-from-the.patch
  (bsc#1207361 CVE-2021-47595 bsc#1226552).
- Update
  patches.suse/netfilter-complete-validation-of-user-input.patch
  (CVE-2024-35896 bsc#1224662 git-fixes CVE-2024-35962
  bsc#1224583).
- Update
  patches.suse/nfc-nci-Fix-uninit-value-in-nci_rx_work.patch
  (git-fixes CVE-2024-38381 bsc#1226878).
- Update
  patches.suse/nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch
  (stable-fixes CVE-2024-38582 bsc#1226658).
- Update
  patches.suse/nilfs2-fix-use-after-free-of-timer-for-log-writer-th.patch
  (git-fixes CVE-2024-38583 bsc#1226777).
- Update
  patches.suse/powerpc64-bpf-Limit-ldbrx-to-processors-compliant-wi.patch
  (jsc#PED-1377 CVE-2022-48755 bsc#1226706).
- Update
  patches.suse/remoteproc-mediatek-Make-sure-IPI-buffer-fits-in-L2T.patch
  (git-fixes CVE-2024-36965 bsc#1226149).
- Update
  patches.suse/ring-buffer-Fix-a-race-between-readers-and-resize-checks.patch
  (bsc#1222893 CVE-2024-38601 bsc#1226876).
- Update
  patches.suse/scsi-qla2xxx-Fix-off-by-one-in-qla_edif_app_getstats.patch
  (git-fixes CVE-2024-36025 bsc#1225704).
- Update
  patches.suse/serial-max3100-Lock-port-lock-when-calling-uart_hand.patch
  (git-fixes CVE-2024-38634 bsc#1226868).
- Update
  patches.suse/serial-max3100-Update-uart_driver_registered-on-driv.patch
  (git-fixes CVE-2024-38633 bsc#1226867).
- Update
  patches.suse/soundwire-cadence-fix-invalid-PDI-offset.patch
  (stable-fixes CVE-2024-38635 bsc#1226863).
- Update patches.suse/speakup-Fix-sizeof-vs-ARRAY_SIZE-bug.patch
  (git-fixes CVE-2024-38587 bsc#1226780).
- Update
  patches.suse/swiotlb-Fix-double-allocation-of-slots-due-to-broken-alignment-handling.patch
  (bsc#1224331 CVE-2024-35814 bsc#1224602).
- Update
  patches.suse/thermal-drivers-tsens-Fix-null-pointer-dereference.patch
  (git-fixes CVE-2024-38571 bsc#1226737).
- Update
  patches.suse/tpm_tis_spi-Account-for-SPI-header-when-allocating-TPM-SPI-xfer-buffer.patch
  (bsc#1225535 CVE-2024-36477 bsc#1226840).
- Update
  patches.suse/usb-storage-alauda-Check-whether-the-media-is-initia.patch
  (git-fixes CVE-2024-38619 bsc#1226861).
- Update
  patches.suse/vduse-check-that-offset-is-within-bounds-in-get_conf.patch
  (jsc#PED-1549 CVE-2021-47604 bsc#1226566).
- Update
  patches.suse/vduse-fix-memory-corruption-in-vduse_dev_ioctl.patch
  (jsc#PED-1549 CVE-2021-47605 bsc#1226579).
- Update
  patches.suse/watchdog-cpu5wdt.c-Fix-use-after-free-bug-caused-by-.patch
  (git-fixes CVE-2024-38630 bsc#1226908).
- Update
  patches.suse/wifi-ar5523-enable-proper-endpoint-verification.patch
  (git-fixes CVE-2024-38565 bsc#1226747).
- Update
  patches.suse/wifi-carl9170-add-a-proper-sanity-check-for-endpoint.patch
  (git-fixes CVE-2024-38567 bsc#1226769).
- Update
  patches.suse/wifi-carl9170-re-fix-fortified-memset-warning.patch
  (git-fixes CVE-2024-38616 bsc#1226852).
- commit efd69a4

- tcp: do not accept ACK of bytes we never sent (CVE-2023-52881
  bsc#1225611).
- commit ab5f35b

- bpf: support precision propagation in the presence of subprogs
  (bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-backtracking-instruction-iteration.patch
- bpf: fix mark_all_scalars_precise use in mark_chain_precision
  (bsc#1225903).
- bpf: fix propagate_precision() logic for inner frames
  (bsc#1225903).
- bpf: maintain bitmasks across all active frames in
  __mark_chain_precision (bsc#1225903).
- bpf: take into account liveness when propagating precision
  (bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-propagation-verbose-logging.patch
- commit c5f7596

- net: ena: Fix redundant device NUMA node override
  (jsc#PED-8690).
- commit 629130c

- ata: ahci: Clean up sysfs file on error (git-fixes).
- ata: libata-core: Fix double free on error (git-fixes).
- ata: libata-core: Fix null pointer dereference on error
  (git-fixes).
- kbuild: Install dtb files as 0644 in Makefile.dtbinst
  (git-fixes).
- iio: chemical: bme680: Fix sensor data read operation
  (git-fixes).
- iio: chemical: bme680: Fix overflows in compensate() functions
  (git-fixes).
- iio: chemical: bme680: Fix calibration data variable
  (git-fixes).
- iio: chemical: bme680: Fix pressure value output (git-fixes).
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
  (git-fixes).
- iio: adc: ad7266: Fix variable checking bug (git-fixes).
- tty: mcf: MCF54418 has 10 UARTS (git-fixes).
- usb: dwc3: core: remove lock of otg mode during gadget
  suspend/resume to avoid deadlock (git-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind()
  (git-fixes).
- usb: gadget: printer: fix races against disable (git-fixes).
- commit 201a936

- i2c: testunit: discard write requests while old command is
  running (git-fixes).
- i2c: testunit: don't erase registers after STOP (git-fixes).
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
  (git-fixes).
- mmc: sdhci: Do not invert write-protect twice (git-fixes).
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
  (git-fixes).
- commit 958e336

- gpiolib: cdev: Disallow reconfiguration without direction
  (uAPI v1) (git-fixes).
- gpio: davinci: Validate the obtained number of IRQs (git-fixes).
- commit dc60c09

- net/9p: fix uninit-value in p9_client_rpc() (CVE-2024-39301
  bsc#1226994).
- commit b325415

- arm64: mm: Don't remap pgtables for allocate vs populate
  (jsc#PED-8690).
- arm64: mm: Batch dsb and isb when populating pgtables
  (jsc#PED-8690).
- arm64: mm: Don't remap pgtables per-cont(pte|pmd) block
  (jsc#PED-8690).
- arm64: mm: don't acquire mutex when rewriting swapper
  (jsc#PED-8690).
- commit 911eabe

- smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103,
  CVE-2024-39468).
- commit ef9e40f

- bpf: improve precision backtrack logging (bsc#1225903).
- bpf: encapsulate precision backtracking bookkeeping
  (bsc#1225903).
- Refresh patches.suse/bpf-Fix-precision-tracking-for-BPF_ALU-BPF_TO_BE-BPF.patch
- bpf: mark relevant stack slots scratched for register read
  instructions (bsc#1225903).
- commit acd95d8

- bpf: Improve verifier u32 scalar equality checking
  (bsc#1225903).
- bpf: ensure state checkpointing at iter_next() call sites
  (bsc#1225903).
- Refresh patches.kabi/bpf-struct-bpf_insn_aux_data-workaround.patch
- bpf: fix regs_exact() logic in regsafe() to remap IDs correctly
  (bsc#1225903).
- bpf: perform byte-by-byte comparison only when necessary in
  regsafe() (bsc#1225903).
- selftests/bpf: Verify copy_register_state() preserves
  parent/live fields (bsc#1225903).
- bpf: Fix to preserve reg parent/live fields when copying range
  info (bsc#1225903).
- commit 6ef5769

- bpf: reject non-exact register type matches in regsafe()
  (bsc#1225903).
- bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
- bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
- bpf: teach refsafe() to take into account ID remapping
  (bsc#1225903).
- selftests/bpf: test case for relaxed prunning of active_lock.id
  (bsc#1225903).
- selftests/bpf: Add pruning test case for bpf_spin_lock
  (bsc#1225903).
- bpf: use check_ids() for active_lock comparison (bsc#1225903).
- selftests/bpf: verify states_equal() maintains idmap across
  all frames (bsc#1225903).
- bpf: states_equal() must build idmap for all function frames
  (bsc#1225903).
- selftests/bpf: test cases for regsafe() bug skipping check_id()
  (bsc#1225903).
- bpf: regsafe() must not skip check_ids() (bsc#1225903).
- selftests/bpf: make test_align selftest more robust
  (bsc#1225903).
- bpf: aggressively forget precise markings during state
  checkpointing (bsc#1225903).
- bpf: stop setting precise in current state (bsc#1225903).
- bpf: allow precision tracking for programs with subprogs
  (bsc#1225903).
- Remove f655badf2a8f "bpf: fix propagate_precision() logic for inner
  frames" from blacklist.conf, which is a fix for this
- commit 605166e

- iommu: mtk: fix module autoloading (git-fixes).
- commit 8d5ca45

- iommu: Return right value in iommu_sva_bind_device()
  (git-fixes).
- iommu/amd: Fix sysfs leak in iommu init (git-fixes).
- commit 89e035d

- random: treat bootloader trust toggle the same way as cpu
  trust toggle (bsc#1226953).
- commit ad48400

- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
  (bsc#1222015 bsc#1226962).
- commit 71e0b41

- Fix new build warnings regarding unused variables:
  Changed build warnings:
  * **** 2 warnings *****
  * unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_queue_cap_unlink_work
  ../fs/ceph/mds_client.c: In function 'ceph_queue_cap_unlink_work':
  ../fs/ceph/mds_client.c:2421:22: warning: unused variable 'cl' [-Wunused-variable]
  * unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_cap_unlink_work
  ../fs/ceph/mds_client.c: In function 'ceph_cap_unlink_work':
  ../fs/ceph/mds_client.c:2436:22: warning: unused variable 'cl' [-Wunused-variable]
- Refresh
  patches.suse/ceph-add-ceph_cap_unlink_work-to-fire-check_caps-imme.patch.
- Refresh
  patches.suse/ceph-switch-to-use-cap_delay_lock-for-the-unlink-dela.patch.
- commit 0e2186a

- ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820
  (git-fixes).
- commit 7df4f37

- drm/i915/gt: Fix potential UAF by revoke of fence registers
  (git-fixes).
- drm/panel: simple: Add missing display timing flags for KOE
  TX26D202VM0BWA (git-fixes).
- net: usb: ax88179_178a: improve link status logs (git-fixes).
- net: phy: micrel: add Microchip KSZ 9477 to the device table
  (git-fixes).
- batman-adv: Don't accept TT entries for out-of-spec VIDs
  (git-fixes).
- net: can: j1939: recover socket queue on CAN bus error during
  BAM transmission (git-fixes).
- net: can: j1939: Initialize unused data in j1939_send_one()
  (git-fixes).
- net: can: j1939: enhanced error handling for tightly received
  RTS messages in xtp_rx_rts_session_new (git-fixes).
- ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes).
- ASoC: amd: acp: remove i2s configuration check in
  acp_i2s_probe() (git-fixes).
- ASoC: amd: acp: add a null check for chip_pdev structure
  (git-fixes).
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
- ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM
  (git-fixes).
- ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option
  (git-fixes).
- ALSA: hda/realtek: Remove Framework Laptop 16 from quirks
  (git-fixes).
- ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook
  445/465 G11 (stable-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
- drm/lima: mask irqs in timeout path before hard reset
  (stable-fixes).
- drm/lima: add mask irq callback to gp and pp (stable-fixes).
- drm/amd/display: revert Exit idle optimizations before HDCP
  execution (stable-fixes).
- drm/amd/display: Exit idle optimizations before HDCP execution
  (stable-fixes).
- commit 8b51ea0

- kfence: fix memory leak when cat kfence objects (bsc#1220958,
  CVE-2021-47089).
- commit 10017b7

- nilfs2: fix potential kernel bug due to lack of writeback flag
  waiting (bsc#1227066 CVE-2024-37078).
- commit f38d6d3

- nilfs2: fix nilfs_empty_dir() misjudgment and long loop on
  I/O errors (bsc#1226992 CVE-2024-39469).
- commit 6b2d7ad

- kABI workaround for FPGA changes (CVE-2024-35247 bsc#1226948
  CVE-2024-36479 bsc#1226949 CVE-2024-37021 bsc#1226950).
- commit 34bcd8e

- fpga: region: add owner module and take its refcount
  (CVE-2024-35247 bsc#1226948).
- Refresh patches.suse/fpga-add-kABI-padding.patch.
- commit 2206f02

- fpga: manager: add owner module and take its refcount
  (CVE-2024-37021 bsc#1226950).
- Refresh patches.suse/fpga-add-kABI-padding.patch.
- commit 9371d28

- fpga: bridge: add owner module and take its refcount
  (CVE-2024-36479 bsc#1226949).
- commit 8710b3c

- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
  CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
  CVE-2024-38560).
- scsi: bnx2fc: Remove spin_lock_bh while releasing resources
  after upload (bsc#1224767 CVE-2024-36919).
- commit 0e530b8

- kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
- commit bacb90a

- Update
  patches.suse/smb-client-guarantee-refcounted-children-from-parent-session.patch
  (bsc#1224679 CVE-2024-35869).
- commit ed4e9d0

- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
  BPF_LINK_CREATE (bsc#1226789 CVE-2024-38564).
- bpf: Add attach_type checks under
  bpf_prog_attach_check_attach_type (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Add sockopt case to verify prog_type (bsc#1226789
  CVE-2024-38564).
- selftests/bpf: Extend sockopt tests to use BPF_LINK_CREATE
  (bsc#1226789 CVE-2024-38564).
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
  BPF_LINK_CREATE (bsc#1226789 CVE-2024-38564).
- bpf: Add attach_type checks under
  bpf_prog_attach_check_attach_type (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Check whether to run selftest (bsc#1226789
  CVE-2024-38564).
- bpf: Force kprobe multi expected_attach_type for kprobe_multi
  link (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Convert sockopt test to ASSERT_* macros
  (bsc#1226789 CVE-2024-38564).
- commit fec2539

- s390/ap: Fix crash in AP internal function modify_bitmap()
  (CVE-2024-38661 bsc#1226996 git-fixes).
- commit bd5322c

- null_blk: Fix return value of nullb_device_power_store()
  (bsc#1226841 CVE-2024-36478).
- commit c3dfa05

- null_blk: fix null-ptr-dereference while configuring 'power'
  and 'submit_queues' (bsc#1226841 CVE-2024-36478).
- commit 0589f0b

- block: fix overflow in blk_ioctl_discard() (bsc#1225770
  CVE-2024-36917).
- commit 8cdaac1

- epoll: be better about file lifetimes (bsc#1226610
  CVE-2024-38580).
- commit e0be089

- Kabi fix for ipv6: fix memory leak in fib6_rule_suppress
  (CVE-2021-47546 bsc#1225504).
- ipv6: fix memory leak in fib6_rule_suppress (CVE-2021-47546
  bsc#1225504).
- commit 589556f

- cifs: fix hang in wait_for_response() (bsc#1220812,
  bsc#1220368).
- commit b9be417

- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
  CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
  CVE-2024-38560).
- commit 45c369f

- Update
  patches.suse/io_uring-fix-race-between-timeout-flush-and-removal.patch
  (bsc#1205205 CVE-2022-29582).
  I accidentally dropped the CVE reference when updating this backport.
  Re-add it.
- commit f2446ba

- mptcp: clear 'kern' flag from fallback sockets
  (CVE-2021-47593 bsc#1226551).
- commit 2659f40

- net: sched: sch_multiq: fix possible OOB write in multiq_tune()
  (CVE-2024-36978 bsc#1226514).
- commit bc93665

- net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
  (CVE-2024-36974 bsc#1226519).
- commit 433e33d

- xhci: Simplify event ring dequeue pointer update for port
  change events (git-fixes).
- commit 3185bc8

- PCI/ASPM: Update save_state when configuration changes (bsc#1226915)
- commit b938861

- mm: Avoid overflows in dirty throttling logic (bsc#1222364
  CVE-2024-26720).
- commit 6a8050a

- net/mlx5: Discard command completions in internal error
  (CVE-2024-38555 bsc#1226607).
- enic: Validate length of nl attributes in enic_set_vf_port
  (CVE-2024-38659 bsc#1226883).
- net: fec: remove .ndo_poll_controller to avoid deadlocks
  (CVE-2024-38553 bsc#1226744).
- net/mlx5: Discard command completions in internal error
  (CVE-2024-38555 bsc#1226607).
- net/mlx5: Add a timeout to acquire the command queue semaphore
  (CVE-2024-38556 bsc#1226774).
- net/mlx5: Reload only IB representors upon lag disable/enable
  (CVE-2024-38557 bsc#1226781).
- net/mlx5e: Fix netif state handling (CVE-2024-38608
  bsc#1226746).
- eth: sungem: remove .ndo_poll_controller to avoid deadlocks
  (CVE-2024-38597 bsc#1226749).
- net: stmmac: move the EST lock to struct stmmac_priv
  (CVE-2024-38594 bsc#1226734).
- net/mlx5e: Add wrapping for auxiliary_driver ops and remove
  unused args (CVE-2024-38608 bsc#1226746).
- net/mlx5e: Fix a race in command alloc flow (git-fixes).
- commit 2ae4454

- usb: xhci: address off-by-one in xhci_num_trbs_free()
  (git-fixes).
- commit 841d39b

- usb: xhci: improve debug message in xhci_ring_expansion_needed()
  (git-fixes).
- commit d2b5f1e

- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- commit 1a2e96b

- xhci: fix matching completion events with TDs (git-fixes).
- commit aca914a

- xhci: update event ring dequeue pointer position to controller
  correctly (git-fixes).
- commit 93be17d

- dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
  (CVE-2024-38780 bsc#1226886).
- commit 43f7b44

- nvmet-passthru: propagate status from id override functions
  (git-fixes).
- nvme: find numa distance only if controller has valid numa id
  (git-fixes).
- commit cdc1f02

- PCI: Clear Secondary Status errors after enumeration (bsc#1226928)
- commit 5d3e24c

- stm class: Fix a double free in stm_register_device()
  (CVE-2024-38627 bsc#1226857).
- commit 050e247

- Input: ili210x - fix ili251x_read_touch_data() return value
  (git-fixes).
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
  (git-fixes).
- pinctrl: rockchip: use dedicated pinctrl type for RK3328
  (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
  (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
  (git-fixes).
- pinctrl: fix deadlock in create_pinctrl() when handling
  - EPROBE_DEFER (git-fixes).
- pinctrl: qcom: spmi-gpio: drop broken pm8008 support
  (git-fixes).
- commit 6e807ea

- drivers/perf: hisi: hns3: Actually use
  devm_add_action_or_reset() (CVE-2024-38603 bsc#1226842).
- commit 1bb22d3

- usb: xhci: Implement xhci_handshake_check_state() helper
  (git-fixes).
- commit cb838be

- ecryptfs: Fix buffer size for tag 66 packet  (bsc#1226634, CVE-2024-38578).
- commit 7445d84

- NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- commit 63fa513

- xhci: Fix failure to detect ring expansion need (git-fixes).
- commit 113690d

- usb: typec: ucsi: Never send a lone connector change ack
  (git-fixes).
- commit 7ee9645

- xhci: restre deleted trb fields for tracing (git-fixes).
- commit 93cf02b

- xhci: Stop unnecessary tracking of free trbs in a ring
  (git-fixes).
- commit a2d1e46

- xhci: Fix transfer ring expansion size calculation (git-fixes).
- commit 896ce4e

- xhci: remove unused stream_id parameter from
  xhci_handle_halted_endpoint() (git-fixes).
- commit 98ef3b9

- xhci: simplify event ring dequeue tracking for transfer events
  (git-fixes).
- commit 53c9c00

- usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
- commit 212d0e7

- usb: typec: ucsi: Ack also failed Get Error commands
  (git-fixes).
- commit 39df22a

- net: usb: ax88179_178a: improve reset check (git-fixes).
- commit a9cd82a

- net: usb: rtl8150 fix unintiatilzed variables in
  rtl8150_get_link_ksettings (git-fixes).
- commit 331f817

- i2c: ocores: set IACK bit after core is enabled (git-fixes).
- commit 208be97

- RDMA/hns: Fix UAF for cq async event (bsc#1226595 CVE-2024-38545)
- commit 98b2f74

- regulator: bd71815: fix ramp values (git-fixes).
- regulator: core: Fix modpost error "regulator_get_regmap"
  undefined (git-fixes).
- commit 67d8d3b

- RDMA/mlx5: Add check for srq max_sge attribute (git-fixes)
- commit d13a032

- drm/i915/mso: using joiner is not possible with eDP MSO
  (git-fixes).
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your
  kernel is fine." (git-fixes).
- dmaengine: ioatdma: Fix missing kmem_cache_destroy()
  (git-fixes).
- dmaengine: idxd: Fix possible Use-After-Free in
  irq_process_work_list (git-fixes).
- drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
- drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
- drm/i915/gt: Disarm breadcrumbs if engines are already idle
  (git-fixes).
- drm/amd/display: drop unnecessary NULL checks in debugfs
  (stable-fixes).
- commit 2ec7855

- ASoC: codecs: wcd938x: fix incorrect used of portid
  (CVE-2022-48716 bsc#1226678).
- Refresh
  patches.suse/ASoC-codecs-wcd938x-fix-return-value-of-mixer-put-fu.patch.
- commit 72e80ef

- drivers/perf: hisi: hns3: Fix out-of-bound access when valid
  event group (CVE-2024-38568 bsc#1226771).
- commit 8713f77

- sched/core: Fix incorrect initialization of the 'burst'
  parameter in cpu_max_write() (bsc#1226791).
- commit b41cbc1

- bsc#1225894: Fix patch references
- commit eaa0db4

- net/mlx5: Properly link new fs rules into the tree (bsc#1224588
  CVE-2024-35960).
- commit e25590c

- net/mlx5e: fix a potential double-free in fs_any_create_groups
  (bsc#1224603 CVE-2023-52667).
- commit df4661c

- net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605
  CVE-2024-35835).
- commit 60e8562

- Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
- Update config files.
- supported.conf:
- commit 875ffbb

- of: module: prevent NULL pointer dereference in vsnprintf() (bsc#1226587 CVE-2024-38541)
- commit 0394d90

- of: module: add buffer overflow check in of_modalias() (bsc#1226587 CVE-2024-38541)
- commit e54e996

- net: ena: Fix incorrect descriptor free behavior (bsc#1224677
  CVE-2024-35958).
- commit 5e978bb

- net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716
  CVE-2024-27432).
- commit d64a6b1

- Revert "net/mlx5: Block entering switchdev mode with ns
  inconsistency" (bsc#1224719 CVE-2023-52658).
- commit a900e45

- bonding: stop the device in bond_setup_by_slave() (bsc#1224946
  CVE-2023-52784).
- commit e6d4b4f

- cachefiles: remove requests from xarray during flushing requests
  (bsc#1226588).
- commit 3613d54

- blacklist.conf: add ppdev cleanup
- commit efdca47

- net/smc: fix neighbour and rtable leak in smc_ib_find_route()
  (git-fixes bsc#1225823 CVE-2024-36945 bsc#1226548).
- commit 1725fed

- net: preserve kabi for struct dst_ops (CVE-2024-36971
  bsc#1226145).
- commit 74d650a

- net: fix __dst_negative_advice() race (CVE-2024-36971
  bsc#1226145).
- commit 6d5c393

- RDMA/hns: Fix incorrect sge nums calculation (git-fixes)
- commit 11a4ad4

- RDMA/irdma: Drop unused kernel push code (git-fixes)
- commit 4f86e97

- amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872 CVE-2024-36949)
- commit 0c17d54

- drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
- commit a9a84c1

- nfsd: optimise recalculate_deny_mode() for a common case
  (bsc#1217912).
- commit 49675fb

- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633
  bsc#1226226).
- commit 8203342

- Revert "Add remote for nfs maintainer"
  This reverts commit 9de16b6543dde7651ef5da514ebf6f29e7eac94b.
  This came in through the wrong tree - sorry.
- commit 3905117

- Rename to
  patches.suse/fs-9p-only-translate-RWX-permissions-for-plain-9P200.patch.
  by scripts/renamepatches
- commit 0b4b132

- x86/mce: Dynamically size space for machine check records
  (bsc#1222241).
- commit 96985c9

- seg6: fix the iif in the IPv6 socket control block
  (CVE-2021-47515 bsc#1225426).
- commit 07e18ce

- net: nexthop: fix null pointer dereference when IPv6 is not enabled
  (CVE-2021-47572 bsc#1225389).
- commit 87d2dc4

- netfilter: nf_tables: reject new basechain after table flag update
  (CVE-2024-35900 bsc#1224497).
- commit e2ad7db

- ipv6: Fix infinite recursion in fib6_dump_done() (CVE-2024-35886
  bsc#1224670).
- commit 8bfad13

- Update references
- commit b8183f9

- xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
- commit 0b50d79

- net: usb: smsc95xx: fix changing LED_SEL bit value updated
  from EEPROM (git-fixes).
- commit a3c495c

- RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized
  address translation (bsc#1225300).
- RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300).
- commit 4a3a73c

- i2c: designware: Fix the functionality flags of the slave-only
  interface (git-fixes).
- i2c: at91: Fix the functionality flags of the slave-only
  interface (git-fixes).
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log
  messages (git-fixes).
- xhci: Handle TD clearing for multiple streams case (git-fixes).
- usb-storage: alauda: Check whether the media is initialized
  (git-fixes).
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state
  (git-fixes).
- usb: typec: tcpm: fix use-after-free case in
  tcpm_register_source_caps (git-fixes).
- USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected
  (git-fixes).
- drivers: core: synchronize really_probe() and dev_uevent()
  (git-fixes).
- iio: imu: inv_icm42600: delete unneeded update watermark call
  (git-fixes).
- iio: dac: ad5592r: fix temperature channel scaling value
  (git-fixes).
- iio: adc: ad9467: fix scan type sign (git-fixes).
- mei: me: release irq in mei_me_pci_resume error path
  (git-fixes).
- hwmon: (shtc1) Fix property misspelling (git-fixes).
- spi: stm32: Don't warn about spurious interrupts (git-fixes).
- net: usb: smsc95xx: fix changing LED_SEL bit value updated
  from EEPROM (git-fixes).
- nilfs2: fix potential hang in nilfs_detach_log_writer()
  (stable-fixes).
- drm/amdgpu/atomfirmware: add intergrated info v2.3 table
  (stable-fixes).
- ALSA: timer: Set lower bound of start tick time (stable-fixes).
- intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
- soundwire: cadence: fix invalid PDI offset (stable-fixes).
- watchdog: bd9576: Drop "always-running" property (git-fixes).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba
  WT10-A (stable-fixes).
- mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot
  not working (stable-fixes).
- mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
- mmc: core: Add mmc_gpiod_set_cd_config() function
  (stable-fixes).
- mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
- mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
  (git-fixes).
- mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
- media: mxl5xx: Move xpt structures off stack (stable-fixes).
- media: flexcop-usb: fix sanity check of bNumEndpoints
  (git-fixes).
- media: lgdt3306a: Add a check against null-pointer-def
  (stable-fixes).
- media: v4l2-core: hold videodev_lock until dev reg, finishes
  (stable-fixes).
- media: radio-shark2: Avoid led_names truncations (git-fixes).
- ALSA: Fix deadlocks with kctl removals at disconnection
  (stable-fixes).
- drm/amdgpu: add error handle to avoid out-of-bounds
  (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
  (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
  (stable-fixes).
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
  (stable-fixes).
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
  (stable-fixes).
- crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
- ASoC: da7219-aad: fix usage of device_get_named_child_node()
  (stable-fixes).
- ASoC: rt715-sdca: volume step modification (stable-fixes).
- ASoC: rt715: add vendor clear control register (stable-fixes).
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts
  floating (stable-fixes).
- regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
- regulator: irq_helpers: duplicate IRQ name (stable-fixes).
- wifi: cfg80211: fix the order of arguments for trace events
  of the tx_rx_evt class (stable-fixes).
- net: usb: qmi_wwan: add Telit FN920C04 compositions
  (stable-fixes).
- mmc: core: Do not force a retune before RPMB switch
  (stable-fixes).
- mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
  (stable-fixes).
- watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get()
  (stable-fixes).
- media: flexcop-usb: clean up endpoint sanity checks
  (stable-fixes).
- media: ipu3-cio2: Use temporary storage for struct device
  pointer (stable-fixes).
- commit aace7d0

- netfilter: complete validation of user input
  (CVE-2024-35896 bsc#1224662 git-fixes).
- commit 58a4873

- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high
  (bsc#1219224).
- commit f18a759

- drm/exynos: hdmi: report safe 640x480 mode as a fallback when
  no EDID found (git-fixes).
- drm/bridge/panel: Fix runtime warning on panel bridge release
  (git-fixes).
- drm/komeda: check for error-valued pointer (git-fixes).
- commit e843af8

- smb: client: guarantee refcounted children from parent session
  (bsc#1224679, CVE-35869).
- commit b0f469c

- smb: client: ensure to try all targets when finding nested links
  (bsc#1224020).
- commit df159e7

- smb: client: fix potential UAF in smb2_is_valid_lease_break()
  (bsc#1224765, CVE-2024-35864).
- commit c296805

- smb: client: fix potential UAF in smb2_is_network_name_deleted()
  (bsc#1224764, CVE-2024-35862).
- commit aa75c00

- smb: client: fix potential UAF in
  cifs_signal_cifsd_for_reconnect() (bsc#1224766, CVE-2024-35861).
- commit f77cc8d

- smb: client: fix use-after-free bug in
  cifs_debug_data_proc_show() (bsc#1225487, CVE-2023-52752).
- commit 39fb8f3

- drm/amd/display: Skip on writeback when it's not applicable (CVE-2024-36914 bsc#1225757).
- commit 9393875

- blacklist.conf: Add a7fb0423c201 cgroup: Move rcu_head up near the top of cgroup_root
- commit 221e9a0

- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
  (git-fixes).
- HID: logitech-dj: Fix memory leak in
  logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: core: remove unnecessary WARN_ON() in implement()
  (git-fixes).
- kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
- gpio: tqmx86: introduce shadow register for GPIO output value
  (git-fixes).
- gpio: tqmx86: fix typo in Kconfig label (git-fixes).
- drm/vmwgfx: 3D disabled should not effect STDU memory limits
  (git-fixes).
- drm/vmwgfx: Filter modes which exceed graphics memory
  (git-fixes).
- drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms
  (git-fixes).
- net: phy: Micrel KSZ8061: fix errata solution not taking effect
  problem (git-fixes).
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set
  element (git-fixes).
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation
  (git-fixes).
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
  (git-fixes).
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of
  debugfs ifdef (git-fixes).
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
  (git-fixes).
- wifi: cfg80211: pmsr: use correct nla_get_uX functions
  (git-fixes).
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
- wifi: mac80211: Fix deadlock in
  ieee80211_sta_ps_deliver_wakeup() (git-fixes).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
  (git-fixes).
- cpufreq: amd-pstate: Fix the inconsistency in max frequency
  units (git-fixes).
- kconfig: fix comparison to constant symbols, 'm', 'n'
  (git-fixes).
- drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
- ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
  (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook
  440/460 G11 (stable-fixes).
- drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting
  fails (git-fixes).
- drm/msm/dp: Avoid a long timeout for AUX transfer if nothing
  connected (git-fixes).
- ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
  (stable-fixes).
- drm/amdkfd: Flush the process wq before creating a kfd_process
  (stable-fixes).
- drm/amd/display: Add VCO speed parameter for DCN31 FPU
  (stable-fixes).
- drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
- drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
- drm/amdgpu: Fix the ring buffer size for queue VM flush
  (stable-fixes).
- drm/amdgpu: Update BO eviction priorities (stable-fixes).
- drm/amd/display: Set color_mgmt_changed to true on unsuspend
  (stable-fixes).
- drm/msm/dp: Return IRQ_NONE for unhandled interrupts
  (stable-fixes).
- drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays
  (stable-fixes).
- drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
- commit 8f779cb

- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
  (bsc#1225737 CVE-2024-36899).
- commit 9b295f5

- drm/mediatek: Fix coverity issue with unintentional integer overflow (CVE-2023-52857 bsc#1225581).
- commit 3f9829b

- drm/amd: check num of link levels when update pcie param (CVE-2023-52812 bsc#1225564).
- commit 86f2ac6

- rpmsg: virtio: Free driver_override when rpmsg_remove()
  (bsc#1224696 CVE-2023-52670).
- commit beb5bc4

- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- commit 212272f

- ext4: correct offset of gdb backup in non meta_bg group to
  update_backups (bsc#1224735 CVE-2024-35807).
- commit bec0d72

- cgroup: Add annotation for holding namespace_sem in
  current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in
  proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe
  (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- commit b08e6de

- ext4: remove unnecessary check from alloc_flex_gd() (bsc#1222080
  CVE-2023-52622).
- commit f15da02

- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
  changes (CVE-2024-35789 bsc#1224749).
- commit 2b6904d

- btrfs: lock the inode in shared mode before starting fiemap
  (bsc#1225484 CVE-2023-52737).
- commit 613e476

- nbd: fix uaf in nbd_open (bsc#1224935 CVE-2023-52837).
- commit ade8b65

- blk-iocost: avoid out of bounds shift (bsc#1225759
  CVE-2024-36916).
- commit bc772e8

- lib/generic-radix-tree.c: Don't overflow in peek() (bsc#1225391 CVE-2021-47432).
- commit 3dddaec

- blk-mq: make sure active queue usage is held for
  bio_integrity_prep() (bsc#1225105 CVE-2023-52787).
- commit a4bdd9d

- block: prevent division by zero in blk_rq_stat_sum()
  (bsc#1224661 CVE-2024-35925).
- commit 8cd7179

- ext4: fix corruption during on-line resize (bsc#1224735
  CVE-2024-35807).
- commit d596ce4

- fat: fix uninitialized field in nostale filehandles (git-fixes
  CVE-2024-26973 bsc#1223641).
- commit 91c4b39

- ext4: avoid online resizing failures due to oversized flex bg
  (bsc#1222080 CVE-2023-52622).
- commit e47e37e

- fs/9p: only translate RWX permissions for plain 9P2000
  (bsc#1225866 CVE-2024-36964).
- commit b5d7488

- pinctrl: core: delete incorrect free in pinctrl_enable()
  (CVE-2024-36940 bsc#1225840).
- commit 9b799cc

- clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
  (CVE-2023-52882 bsc#1225692).
- commit fe79065

- staging: rtl8192e: Fix use after free in
  _rtl92e_pci_disconnect() (CVE-2021-47571 bsc#1225518).
- commit 9461ee5

- supported.conf: mark ufs as unsupported
  UFS is an unsupported filesystem, mark it as such. We still keep it
  around (not marking as optional), to accommodate any potential
  migrations from BSD systems.
- commit 0fea8fe

- supported.conf: mark orangefs as optional
  We don't support orangefs at all (and it is already marked as such), but
  since there are no SLE consumers of it, mark it as optional.
- commit fa81a2f

- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212)
  Some builds don't just create an iso9660 image, but also mount it during
  build.
- commit aaee141

- llc: verify mac len before reading mac header
  (CVE-2023-52843 bsc#1224951).
- commit ad237fd

- netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
  (CVE-2024-35898 bsc#1224498).
- commit c5fbeed

- nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
  (CVE-2024-36915 bsc#1225758).
- commit 5137f7b

- net: add copy_safe_from_sockptr() helper
  (git-fixes prerequisite CVE-2024-36915 bsc#1225758).
- commit 7b13e3e

- rpm/kernel-obs-build.spec.in: Add networking modules for docker
  (bsc#1226211)
  docker needs more networking modules, even legacy iptable_nat and _filter.
- commit 415e132

- Kabi workaround for icmp: prevent possible NULL dereferences from
  icmp_build_probe()
  (CVE-2024-35857 bsc#1224619)
- commit d5d7caf

- rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()
  (CVE-2021-47539 bsc#1225452).
- Refresh
  patches.suse/rxrpc-Fix-race-between-conn-bundle-lookup-and-bundle.patch.
- commit 0d78641

- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
  (CVE-2021-47538 bsc#1225448).
- commit 6348fbd

- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
  (CVE-2024-36017 bsc#1225681).
- commit 829fd05

- net: vlan: fix underflow for the real_dev refcnt
  (CVE-2021-47555 bsc#1225467).
- commit 345ef84

- net: hns3: fix kernel crash when devlink reload during
  initialization (CVE-2024-36900 bsc#1225726).
- net: hns3: release PTP resources if pf initialization failed
  (CVE-2024-36900 bsc#1225726).
- commit 59940cd

- netfilter: validate user input for expected length
  (CVE-2024-35896 bsc#1224662).
- commit 4582da9

- scsi: sd: Update DIX config every time sd_revalidate_disk()
  is called (bsc#1218570).
- commit d99bf25

- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
  (git-fixes).
- commit a35fad9

- net: mana: Enable MANA driver on ARM64 with 4K page size
  (jsc#PED-8491).
- Update config files.
- commit b5a81c3

- bna: ensure the copied buf is NUL terminated (CVE-2024-36934
  bsc#1225760).
- i40e: fix vf may be used uninitialized in this function warning
  (CVE-2024-36020 bsc#1225698).
- net: hns3: fix kernel crash when devlink reload during pf
  initialization (CVE-2024-36021 bsc#1225699).
- commit f146593

- Bluetooth: Add more enc key size check (bsc#1218148
  CVE-2023-24023).
- commit 38891ed

- Bluetooth: Normalize HCI_OP_READ_ENC_KEY_SIZE cmdcmplt
  (bsc#1218148 CVE-2023-24023).
- commit b7a79da

- xdp: use flags field to disambiguate broadcast redirect
  (bsc#1225834 CVE-2024-36937).
- commit 7bc6ec5

- NFS: abort nfs_atomic_open_v23 if name is too long
  (bsc#1219847).
- NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly
  (bsc#1219847).
- commit c7a4ea9

- Add remote for nfs maintainer
- commit 9de16b6

- tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
  (CVE-2023-52845 bsc#1225585).
- commit e952257

- fs/pipe: move check to pipe_has_watch_queue() (bsc#1224614
  CVE-2023-52672).
- commit 3827adf

- pstore/platform: Add check for kstrdup (bsc#1225050
  CVE-2023-52869).
- Refresh
  patches.suse/pstore_disable_efi_backend_by_default.patch.
  While refreshing of pstore_disable_efi_backend_by_default.patch, also
  fix the non-conformant Patch-mainline tag.
- commit 6db9ce6

- pipe: wakeup wr_wait after setting max_usage (bsc#1224614
  CVE-2023-52672).
- commit 2e5e06b

- blacklist.conf: Add 1971d13ffa84a "af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc()."
- commit afe27ac

- nvme: use ctrl state accessor (bsc#1215492).
- nvme: ensure reset state check ordering (bsc#1215492).
  Refresh:
  - patches.suse/nvme-tcp-do-not-terminate-commands-when-in-resetting.patch
  - patches.suse/nvme-tcp-make-err_work-a-delayed-work.patch
- commit cad3abd

- netfilter: nf_tables: honor table dormant flag from netdev release event path
  (CVE-2024-36005 bsc#1224539).
- commit a6152f6

- blacklist.conf: kABI
- commit 3718c69

- HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent
  lock-up (bsc#1224552 CVE-2024-35997).
- commit bce3fab

- eeprom: at24: fix memory corruption race condition (bsc#1224612
  CVE-2024-35848).
- commit 3fcf5a7

- udp: do not accept non-tunnel GSO skbs landing in a tunnel
  (CVE-2024-35884 bsc#1224520).
- commit 62c6d61

- mm/slab: make __free(kfree) accept error pointers
  (CVE-2024-36890 bsc#1225714).
- commit d6b7c8a

- perf/core: Bail out early if the request AUX area is out of
  bound (bsc#1225602 CVE-2023-52835).
- commit cf52881

- Update
  patches.suse/scsi-target-core-Add-TMF-to-tmr_list-handling.patch
  (bsc#1223018 CVE-2024-26845).
  Update references to correct bug number and CVE number.
- commit 0b7584b

- blacklist.conf: add CVE-2024-26842 bsc#1223013
- commit 654e9e2

- scsi: target: core: Add TMF to tmr_list handling (bsc#1223013
  CVE-2024-26842).
- commit b16632b

- blacklist.conf: CVE-2024-35956 bsc#1224674: not applicable bsc#1225945
- commit ae7238f

- powerpc/imc-pmu: Add a null pointer check in
  update_events_in_group() (bsc#1224504 CVE-2023-52675).
- commit 9619143

- icmp: prevent possible NULL dereferences from icmp_build_probe()
  (CVE-2024-35857 bsc#1224619)
- commit d66584e

- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
  request complete (CVE-2024-36894 bsc#1225749).
- commit c99f07a

- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
  request complete (CVE-2024-36894 bsc#1225749).
- commit 5501fb7

- sock_map: avoid race between sock_map_close and sk_psock_put
  (bsc#1225475 CVE-2023-52735).
- Refresh patches.kabi/bpf-sockmap-struct-psock-kABI-workaround.patch
- commit 4b60451

- proc/vmcore: fix clearing user buffer by properly using
  clear_user() (CVE-2021-47566 bsc#1225514).
- commit 26144da

- ceph: switch to use cap_delay_lock for the unlink delay list
  (bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately
  (bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps
  (bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- commit de9fe57

- usb: typec: altmodes/displayport: create sysfs nodes as driver's
  default device attribute group (CVE-2024-35790 bsc#1224712).
  Altered because we do not have 001b0c780eac328bc48b70b8437f202a4ed785e4
  Needs to be redone if DRM requires that
- blacklist.conf: Incompatible with adjusted version
- commit a52e669
util-linux
- agetty: Prevent login cursor escape (bsc#1194818,
  util-linux-agetty-prevent-cursor-escape.patch).

- Document unexpected side effects of lazy destruction
  (bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
  util-linux-umount-losetup-lazy-destruction-generated.patch).

- Don't delete binaries not common for all architectures. Create an
  util-linux-extra subpackage instead, so users of third party
  tools can use them. (bsc#1222285)
openssl-1_1
- Build with no-afalgeng [bsc#1226463]

- Security fix: [bsc#1227138, CVE-2024-5535]
  * SSL_select_next_proto buffer overread
  * Add openssl-CVE-2024-5535.patch
shadow
- bsc#1228770: Fix not copying of skel files
  Update shadow-CVE-2013-4235.patch

- bsc#916845 (CVE-2013-4235): Fix TOCTOU race condition
  Add shadow-CVE-2013-4235.patch
pam
- Prevent cursor escape from the login prompt [bsc#1194818]
  * Added: pam-bsc1194818-cursor-escape.patch
python-PyYAML
- reenable the cython yaml loader (bsc#1225641)
python3-lxml
- Add libexpat-2.6.0-backport.patch to fix compatibility with system
  libexpat in tests (bsc#1222075, CVE-2023-52425).
python-urllib3
- Add CVE-2024-37891.patch (bsc#1226469, CVE-2024-37891)
runc
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.13. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.12>.
- Rebase patches:
  * 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
  * 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
  * 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Backport <https://github.com/opencontainers/runc/pull/3931> to fix a
  performance issue when running lots of containers, caused by system getting
  too many mount notifications. bsc#1214960
  + 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-server-applications-release
n/a
000release-packages:SLES-release
n/a
suseconnect-ng
- Update version to 1.11
  - Added uname as collector
  - Added SAP workload detection
  - Added detection of container runtimes
  - Multiple fixes on ARM64 detection
  - Use `read_values` for the CPU collector on Z
  - Fixed data collection for ppc64le
  - Grab the home directory from /etc/passwd if needed (bsc#1226128)

- Update version to 1.10.0
  * Build zypper-migration and zypper-packages-search as standalone
    binaries rather then one single binary
  * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004)
  * Include /etc/products.d in directories whose content are backed
    up and restored if a zypper-migration rollback happens. (bsc#1219004)
  * Add the ability to upload the system uptime logs, produced by the
    suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report.
    (jsc#PED-7982) (jsc#PED-8018)
  * Add support for third party packages in SUSEConnect
  * Refactor existing system information collection implementation
util-linux-systemd
- agetty: Prevent login cursor escape (bsc#1194818,
  util-linux-agetty-prevent-cursor-escape.patch).

- Document unexpected side effects of lazy destruction
  (bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
  util-linux-umount-losetup-lazy-destruction-generated.patch).

- Don't delete binaries not common for all architectures. Create an
  util-linux-extra subpackage instead, so users of third party
  tools can use them. (bsc#1222285)
wicked
- Update to version 0.6.76
  - compat-suse: warn user and create missing parent config of
    infiniband children (gh#openSUSE/wicked#1027)
  - client: fix origin in loaded xml-config with obsolete port
    references but missing port interface config, causing a
    no-carrier of master (bsc#1226125)
  - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
  - wireless: add frequency-list in station mode (jsc#PED-8715)
  - client: fix crash while hierarchy traversing due to loop in
    e.g. systemd-nspawn containers (bsc#1226664)
  - man: add supported bonding options to ifcfg-bonding(5) man page
    (gh#openSUSE/wicked#1021)
  - arputil: Document minimal interval for getopts (gh#openSUSE/wicked#1019)
  - man: (re)generate man pages from md sources (gh#openSUSE/wicked#1018)
  - client: warn on interface wait time reached (gh#openSUSE/wicked#1017)
  - compat-suse: fix dummy type detection from ifname to not cause
    conflicts with e.g. correct vlan config on dummy0.42 interfaces
    (gh#openSUSE/wicked#1016)
  - compat-suse: fix infiniband and infiniband child type detection
    from ifname (gh#openSUSE/wicked#1015)
- Removed patches included in the source archive:
  [- 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
  [- 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]
xen
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
  guest IRQ handling (XSA-458)
  xsa458.patch

- bsc#1214718 - The system hangs intermittently when Power Control
  Mode is set to Minimum Power on SLES15SP5 Xen
  6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
  666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
  666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
  66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
  6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
  6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
- Upstream bug fixes (bsc#1027519)
  6646031f-x86-ucode-further-identify-already-up-to-date.patch
  666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
  666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
  666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
  667187cc-x86-Intel-unlock-CPUID-earlier.patch
  6672c846-x86-xstate-initialisation-of-XSS-cache.patch
  6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch

- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
  trigger Xen bug check (XSA-454)
  6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
- Upstream bug fixes (bsc#1027519)
  6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
  6627a5fc-x86-MTRR-inverted-WC-check.patch
  662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
  662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
  663090fd-x86-gen-cpuid-syntax.patch
  663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
  663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
  663d05b5-x86-ucode-distinguish-up-to-date.patch
  663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
  66450626-sched-set-all-sched_resource-data-inside-locked.patch
  66450627-x86-respect-mapcache_domain_init-failing.patch