- bind
-
- Upgrade to release 9.16.50
Bug Fixes:
* A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed.
* Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed.
* The logic for cleaning up expired cached DNS records was
tweaked to be more aggressive. This change helps with enforcing
max-cache-ttl and max-ncache-ttl in a timely manner.
* It was possible to trigger a use-after-free assertion when the
overmem cache cleaning was initiated. This has been fixed.
New Features:
* Added RESOLVER.ARPA to the built in empty zones.
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (CVE-2024-1737)
[bsc#1228256, bind-9.16-CVE-2024-1737.patch]
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975)
[bsc#1228257, bind-9.16-CVE-2024-1975.patch]
* When looking up the NS records of parent zones as part of
looking up DS records, it was possible for named to trigger an
assertion failure if serve-stale was enabled. This has been
fixed. (CVE-2024-4076)
[bsc#1228258, bind-9.16-CVE-2024-4076.patch]
- ca-certificates-mozilla
-
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
- dmidecode
-
- Update to upstream version 3.6 (jsc#PED-8574):
* Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support.
* Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules.
* Add bash completion.
* Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245.
* Implement options --list-strings and --list-types.
* Update HPE OEM records 203, 212, 216, 221, 233 and 236.
* Update Redfish support.
* Bug fixes:
Fix enabled slot characteristics not being printed
* Minor improvements:
Print slot width on its own line
Use standard strings for slot width
* Add a --no-quirks option.
* Drop the CPUID exception list.
* Obsoletes dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch,
dmidecode-fortify-entry-point-length-checks.patch,
dmidecode-split-table-fetching-from-decoding.patch,
dmidecode-write-the-whole-dump-file-at-once.patch,
dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch,
dmioem-hpe-oem-record-237-firmware-change.patch,
dmioem-typo-fix-virutal-virtual.patch,
ensure-dev-mem-is-a-character-device-file.patch,
news-fix-typo.patch and
use-read_file-to-read-from-dump.patch.
Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238.patch: Decode PCI bus segment in
HPE type 238 records.
- docker
-
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- This update includes a fix for CVE-2024-41110. bsc#1228324
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. Backport of <https://github.com/moby/buildkit/pull/4896> and
<https://github.com/moby/buildkit/pull/5060>. bsc#1221916
+ 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. Backport of
<https://github.com/moby/moby/pull/48034>. bsc#1214855
+ 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2505> bsc#1223409
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- Update --add-runtime to point to correct binary path.
- dracut
-
- Update to version 055+suse.388.g70c21afa:
* feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529)
* fix(mdraid): try to assemble the missing raid device (bsc#1226412)
* fix(dracut-install): continue parsing if ldd prints "cannot be preloaded" (bsc#1208690)
- grub2
-
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
* grub2-btrfs-06-subvol-mount.patch
- Rediff
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
* 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
- Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to
file_is_not_xen_garbage (bsc#1224226)
* grub2-fix-menu-in-xen-host-server.patch
- kernel-default
-
- Refresh
patches.kabi/xhci-restre-deleted-trb-fields-for-tracing.patch.
Fix KABI restoration also in tracing event message format.
- commit 3bd4a56
- PCI: hv: Return zero, not garbage, when reading
PCI_INTERRUPT_PIN (git-fixes).
- commit df5839d
- Drop doubly defined References in sound patches
- commit 46ad1df
- ALSA: usb-audio: Correct surround channels in UAC1 channel map
(git-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the
polling mode (git-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
(stable-fixes).
- ALSA: usb-audio: Move HD Webcam quirk to the right place
(git-fixes).
- ALSA: usb-audio: Fix microphone sound on HD webcam
(stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
(stable-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue
for gen8 (git-fixes).
- drm/etnaviv: don't block scheduler when GPU is still active
(stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in
mipi_dsi_dcs_write_seq() (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition
format (stable-fixes).
- commit b91fd99
- ima: Fix use-after-free on a dentry's dname.name (bsc#1227716
CVE-2024-39494).
- commit 81484ec
- bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
(bsc#1228756 CVE-2024-42161).
- commit 8359d86
- ASoC: topology: Fix route memory corruption (CVE-2024-41069
bsc#1228644).
- commit 586db1a
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
(bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3
(bsc#1194869).
- KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings
(bsc#1194869).
- KVM: PPC: Book3S HV: remove extraneous asterisk from
rm_host_ipi_action() comment (bsc#1194869).
- KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES
setting (bsc#1194869).
- KVM: PPC: Book3S: Suppress failed alloc warning in
H_COPY_TOFROM_GUEST (bsc#1194869).
- KVM: PPC: Book3S: Suppress warnings when allocating too big
memory slots (bsc#1194869).
- commit cc22863
- liquidio: Adjust a NULL pointer handling path in
lio_vf_rep_copy_packet (CVE-2024-39506 bsc#1227729).
- commit 02e87a9
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit 8f44f81
- kabi/severity: add nvme common code
The nvme common code is also allowed to change the data structures, there
are only internal users.
- commit b8cf562
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI
(bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly
(bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for
ELS cmds (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online
(bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple'
(bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count
(bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: Avoid possible run-time warning with long
model_num (bsc#1228850).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- commit ce7acc0
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper
endian macro usages (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting
trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
(bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in
dev_loss callbk (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response
(bsc#1228857).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if
in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI
port is inactive (bsc#1228857).
- commit 21ebef1
- nvme-pci: add missing condition check for existence of mapped
data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management
(git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp
establishment (git-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
(git-fixes).
- nvme-multipath: find NUMA path only for online numa-node
(git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- commit 3284c90
- hfsplus: fix uninit-value in copy_name (git-fixes).
- commit 383d5d6
- blacklist.conf: blocks list lots of 5.15-stable nfsd fixes.
In the 5.15 stable series there was a full backport of nfsd. We don't
won't all of that. So blacklist lots of patches that we don't want.
- commit 0cfb63d
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
Mainline commit f2f6a8e88717 ("init/Kconfig: remove
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
when checking config changes.
- commit b60be3e
- bnxt_re: Fix imm_data endianness (git-fixes)
- commit c690ca2
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- commit 7f0f7e9
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- commit 8395f97
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- commit 6650e04
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- commit 0bbda8c
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- commit 741b900
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- commit 19e60a6
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- commit 1ef6723
- RDMA/hns: Check atomic wr length (git-fixes)
- commit 0fc73fc
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- commit e02b7ee
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- commit cd31168
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- commit cf1cb3f
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- commit a92f3fd
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- commit 5cdefb2
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- commit 59890ae
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- commit 25b62bb
- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 84f3be4
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- commit 478aa21
- Revert "ALSA: firewire-lib: operate for period elapse event
in process context" (bsc#1208783).
- Revert "ALSA: firewire-lib: obsolete workqueue for period
update" (bsc#1208783).
- commit 51e6ff5
- x86: stop playing stack games in profile_pc() (bsc#1228633
CVE-2024-42096).
- commit f28c110
- ptp: fix integer overflow in max_vclocks_store (bsc#1227829
CVE-2024-40994).
- commit 205cc4c
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620
CVE-2024-39493).
- commit 14b61d5
- filelock: Remove locks reliably when fcntl/close race is
detected (CVE-2024-41012 bsc#1228247).
- commit e2c5917
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- commit 39eeeb9
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit 3784f34
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(git-fixes CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(git-fixes CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(git-fixes CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(git-fixes CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(git-fixes CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(git-fixes CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(git-fixes CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(git-fixes CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(git-fixes CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit e328ee7
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit f2d923e
- Update
patches.suse/79b5b4b18bc8-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free-.patch
(CVE-2024-35854 bsc#1224636 CVE-2024-35855 bsc#1224694).
- Update
patches.suse/ACPICA-Revert-ACPICA-avoid-Info-mapping-multiple-BAR.patch
(git-fixes CVE-2024-40984 bsc#1227820).
- Update
patches.suse/Bluetooth-hci_core-Fix-possible-buffer-overflow.patch
(git-fixes CVE-2024-26889 bsc#1228195).
- Update
patches.suse/HID-core-remove-unnecessary-WARN_ON-in-implement.patch
(git-fixes CVE-2024-39509 bsc#1227733).
- Update
patches.suse/HID-logitech-dj-Fix-memory-leak-in-logi_dj_recv_swit.patch
(git-fixes CVE-2024-40934 bsc#1227796).
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/RDMA-mlx5-Add-check-for-srq-max_sge-attribute.patch
(git-fixes CVE-2024-40990 bsc#1227824).
- Update
patches.suse/SUNRPC-Fix-loop-termination-condition-in-gss_free_in.patch
(git-fixes CVE-2024-36288 bsc#1226834).
- Update
patches.suse/USB-class-cdc-wdm-Fix-CPU-lockup-caused-by-excessive.patch
(git-fixes CVE-2024-40904 bsc#1227772).
- Update
patches.suse/ata-libata-core-Fix-double-free-on-error.patch
(git-fixes CVE-2024-41087 bsc#1228740).
- Update
patches.suse/batman-adv-bypass-empty-buckets-in-batadv_purge_orig.patch
(stable-fixes CVE-2024-40981 bsc#1227864).
- Update
patches.suse/cachefiles-remove-requests-from-xarray-during-flushin.patch
(bsc#1226588 CVE-2024-40900 bsc#1227760).
- Update
patches.suse/crypto-hisilicon-sec-Fix-memory-leak-for-sec-resourc.patch
(stable-fixes CVE-2024-41002 bsc#1227870).
- Update
patches.suse/dmaengine-idxd-Fix-possible-Use-After-Free-in-irq_pr.patch
(git-fixes CVE-2024-40956 bsc#1227810).
- Update
patches.suse/drivers-core-synchronize-really_probe-and-dev_uevent.patch
(git-fixes CVE-2024-39501 bsc#1227754).
- Update
patches.suse/drm-amdgpu-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40987 bsc#1228235).
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 git-fixes bsc#1228114).
- Update
patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
(git-fixes CVE-2024-38548 bsc#1228202).
- Update
patches.suse/drm-exynos-hdmi-report-safe-640x480-mode-as-a-fallba.patch
(git-fixes CVE-2024-40916 bsc#1227846).
- Update
patches.suse/drm-exynos-vidi-fix-memory-leak-in-.get_modes.patch
(stable-fixes CVE-2024-40932 bsc#1227828).
- Update
patches.suse/drm-i915-dpt-Make-DPT-object-unshrinkable.patch
(git-fixes CVE-2024-40924 bsc#1227787).
- Update
patches.suse/drm-komeda-check-for-error-valued-pointer.patch
(git-fixes CVE-2024-39505 bsc#1227728).
- Update
patches.suse/drm-lima-mask-irqs-in-timeout-path-before-hard-reset.patch
(stable-fixes CVE-2024-40976 bsc#1227893).
- Update
patches.suse/drm-radeon-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40988 bsc#1227957).
- Update
patches.suse/ftrace-Fix-possible-use-after-free-issue-in-ftrace_location.patch
(git-fixes CVE-2024-38588 bsc#1226837).
- Update
patches.suse/iommu-Return-right-value-in-iommu_sva_bind_device.patch
(git-fixes CVE-2024-40945 bsc#1227802).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/sock_map-avoid-race-between-sock_map_close-and-sk_ps.patch
(bsc#1225475 CVE-2023-52735 CVE-2024-39500 bsc#1227724).
- Update
patches.suse/tracing-Build-event-generation-tests-only-as-modules.patch
(git-fixes CVE-2024-41004 bsc#1227851).
- Update
patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
(git-fixes CVE-2024-26920 bsc#1228237).
- Update
patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch
(git-fixes CVE-2024-40903 bsc#1227766).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- Update
patches.suse/vmci-prevent-speculation-leaks-by-sanitizing-event-i.patch
(git-fixes CVE-2024-39499 bsc#1227725).
- Update
patches.suse/wifi-cfg80211-Lock-wiphy-in-cfg80211_get_station.patch
(git-fixes CVE-2024-40911 bsc#1227792).
- Update
patches.suse/wifi-iwlwifi-mvm-check-n_ssids-before-accessing-the-.patch
(git-fixes CVE-2024-40929 bsc#1227774).
- Update
patches.suse/wifi-iwlwifi-mvm-don-t-read-past-the-mfuart-notifcat.patch
(git-fixes CVE-2024-40941 bsc#1227771).
- Update
patches.suse/wifi-mac80211-Fix-deadlock-in-ieee80211_sta_ps_deliv.patch
(git-fixes CVE-2024-40912 bsc#1227790).
- Update
patches.suse/wifi-mac80211-mesh-Fix-leak-of-mesh_preq_queue-objec.patch
(git-fixes CVE-2024-40942 bsc#1227770).
- Update
patches.suse/xhci-Handle-TD-clearing-for-multiple-streams-case.patch
(git-fixes CVE-2024-40927 bsc#1227816).
- commit 14d852a
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit b28e7bb
- Update
patches.suse/1216-drm-vc4-hdmi-Unregister-codec-device-on-unbind.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48852 bsc#1228067).
- Update
patches.suse/Bluetooth-hci_core-Fix-leaking-sent_cmd-skb.patch
(jsc#PED-1407 CVE-2022-48844 bsc#1228068).
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/block-release-rq-qos-structures-for-queue-without-di.patch
(jsc#PED-1183 CVE-2022-48846 bsc#1227992).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48730 bsc#1226713).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48749 bsc#1226650).
- Update
patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48756 bsc#1226698).
- Update
patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48732 bsc#1226716).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-fix-a-memleak-when-uncloning-an-skb-dst-and-its-.patch
(git-fixes CVE-2022-48809 bsc#1227947).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(jsc#PED-1559 CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(jsc#PED-1559 CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(jsc#PED-1524 CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(jsc#PED-1524 CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(jsc#PED-1549 CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vdpa-mlx5-add-validation-for-VIRTIO_NET_CTRL_MQ_VQ_P.patch
(jsc#PED-1549 CVE-2022-48864 bsc#1228011).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(jsc#PED-1549 CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit bfcee01
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 bsc#1225302 CVE-2021-47402 bsc#1225301).
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit a651650
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (CVE-2024-42124 bsc#1228705)
- commit 9baaa6c
- net: dsa: mv88e6xxx: Correct check for empty list (CVE-2024-42224 bsc#1228723)
- commit 17953b6
- Update references in patches.suse/wifi-cfg80211-wext-add-extra-SIOCSIWSCAN-data-check.patch (CVE-2024-41072 bsc#1228626 stable-fixes)
- commit 273bfae
- skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048 bsc#1228565)
- commit 530a147
- netns: Make get_net_ns() handle zero refcount net
(CVE-2024-40958 bsc#1227812).
- commit cd7215b
- blacklist.conf: Add 943ad0b62e3c kernel: rerun task_work while freezing in get_signal()
and related io_uring fix.
- commit dd99721
- blacklist.conf: Add 7a4479680d7f cgroup_misc: add kernel-doc comments for enum misc_res_type
- commit 33a371b
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit 8837200
- mm/hugetlb: fix missing hugetlb_lock for resv uncharge
(bsc#1224548 CVE-2024-36000).
- commit bb54a15
- Bluetooth: hci_sync: Fix suspending with wrong filter policy
(git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
(git-fixes).
- commit d1b1ed5
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- ppp: reject claimed-as-LCP but actually malformed packets
(CVE-2024-41044 bsc#1228530).
- ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066
bsc#1228640).
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- commit e2a1614
- drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591 CVE-2024-42122)
- commit 42cafdc
- gfs2: Fix NULL pointer dereference in gfs2_log_flush
(bsc#1228672 CVE-2024-42079).
- commit 9249ead
- btrfs: qgroup: fix quota root leak after quota disable failure
(bsc#1228655 CVE-2024-41078).
- commit a021822
- workqueue: Improve scalability of workqueue watchdog touch
(bsc#1193454).
- commit d6c3d9d
- workqueue: wq_watchdog_touch is always called with valid CPU
(bsc#1193454).
- commit 8c80fa1
- KVM: arm64: Disassociate vcpus from redistributor region on
teardown (CVE-2024-40989 bsc#1227823).
- commit 724dd5c
- wifi: mac80211: Avoid address calculations via out of bounds
array indexing (CVE-2024-41071 bsc#1228625).
- commit 93c5732
- powerpc/eeh: avoid possible crash when edev->pdev changes
(CVE-2024-41064 bsc#1228599).
- commit ba6e5c8
- ASoC: topology: Fix references to freed memory (CVE-2024-41069
bsc#1228644).
- commit 44dd0c7
- net/sched: Fix UAF when resolving a clash (CVE-2024-41040 bsc#1228518)
- commit 38cd1ac
- btrfs: make sure that WRITTEN is set on all metadata blocks (CVE-2024-35949 bsc#1224700)
Changes: adjust returned error codes to -EUCLEAN and drop definition of
the enum error.
- commit c3c9515
- ila: block BH in ila_output() (CVE-2024-41081 bsc#1228617)
- commit 54b2845
- blacklist.conf: CVE-2024-41076 bsc#1228649: not applicable
Different code using a local variable, switch to dynamic allocation done
in 1b00ad657997c8 ("NFS: Remove the nfs4_label from the nfs_setattrres")
in 5.16.
- commit 40fbbcc
- blk-cgroup: dropping parent refcount after pd_free_fn() is done
(bsc#1224573).
- commit 87d4ac6
- Update patches.suse/nilfs2-fix-inode-number-range-checks.patch
(git-fixes stable-fixes bsc#1228665 CVE-2024-42105).
- commit 363084c
- Update
patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch
(bsc#1221044 CVE-2023-52591 bsc#1228440).
- commit d21f810
- hfsplus: fix uninit-value in copy_name (bsc#1228561
CVE-2024-41059).
- commit cfc2db1
- ext4: fix uninitialized ratelimit_state->lock access in
__ext4_fill_super() (bsc#1227866 CVE-2024-40998).
- commit 5c2bc07
- cachefiles: fix slab-use-after-free in
cachefiles_withdraw_cookie() (bsc#1228462 CVE-2024-41057).
- cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
(bsc#1228459 CVE-2024-41058).
- netfs, fscache: export fscache_put_volume() and add
fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- commit 599a85f
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit 3c731c9
- dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (CVE-2024-40956 bsc#1227810).
- commit 3632d87
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit 43f2501
- ocfs2: add bounds checking to ocfs2_check_dir_entry()
(bsc#1228409 CVE-2024-41015).
- ocfs2: strict bound check before memcmp in
ocfs2_xattr_find_entry() (bsc#1228410).
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
(bsc#1228410 CVE-2024-41016).
- ocfs2: remove redundant assignment to variable free_space
(bsc#1228409).
- commit 568c7dd
- vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625
CVE-2024-27437).
- commit 65556f4
- ocfs2: fix DIO failure due to insufficient transaction credits
(bsc#1216834).
- commit edabc6f
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (CVE-2024-41063 bsc#1228580)
- commit 7924d8c
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041 bsc#1228520)
- commit eae6531
- ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (CVE-2022-48785 bsc#1227927)
- commit ca3b7b0
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit bcdcd8a
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070 bsc#1228470)
- commit ec1e1fa
- nfsd: Don't leave work of closing files to a work queue
(bsc#1228140).
- commit 3b8e93d
- KVM: PPC: Book3S HV: Prevent UAF in
kvm_spapr_tce_attach_iommu_group() (bsc#1228581 CVE-2024-41070).
- commit 5102495
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
(CVE-2024-40959 bsc#1227884).
- commit 4f042e1
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- commit e64bcfc
- selftests/bpf: Add more ring buffer test coverage (bsc#1228020
CVE-2024-41009).
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
CVE-2024-41009).
- commit 320d7db
- rpm/guards: fix precedence issue with control flow operator
With perl 5.40 it report the following error on rpm/guards script:
Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
Fix the issue by adding parenthesis around ternary operator.
- commit 07b8b4e
- blacklist.conf: Add 9c573cd31343 randomize_kstack: Improve entropy diffusion
blacklist.conf: Add 375561bd6195 stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
- commit 07a7d85
- ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA
is paused (git-fixes).
- commit 81d45da
- wifi: mac80211: handle tasklet frames before stopping
(stable-fixes).
- commit 51c6566
- HID: wacom: Modify pen IDs (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
(stable-fixes).
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
(stable-fixes).
- wifi: mac80211: disable softirqs for queued frame handling
(git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
(stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane
Button (stable-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout
(stable-fixes).
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config
(stable-fixes).
- ALSA: dmaengine: Synchronize dma channel after drop()
(stable-fixes).
- ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium
(stable-fixes).
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize
(stable-fixes).
- Input: elantech - fix touchpad state on resume for Lenovo N24
(stable-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
(stable-fixes).
- mei: demote client disconnect warning on suspend to debug
(stable-fixes).
- Input: silead - Always support 10 fingers (stable-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
(stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe
option (stable-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd
(stable-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup
(stable-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in
mesh sdata (stable-fixes).
- ACPI: EC: Avoid returning AE_OK on errors in address space
handler (stable-fixes).
- ACPI: EC: Abort address space access upon error (stable-fixes).
- docs: Fix formatting of literal sections in fanotify docs
(stable-fixes).
- commit 38d8033
- xfs: add bounds checking to xlog_recover_process_data
(bsc#1228408 CVE-2024-41014).
- commit 9b9175d
- xfs: don't walk off the end of a directory data block
(bsc#1228405 CVE-2024-41013).
- commit 3a2120b
- jfs: don't walk off the end of ealist (bsc#1228403
CVE-2024-41017).
- commit 553b2ef
- ext4: do not create EA inode under buffer lock (bsc#1227910
CVE-2024-40972).
- commit aacd3b6
- ext4: fold quota accounting into
ext4_xattr_inode_lookup_create() (bsc#1227910 CVE-2024-40972).
- commit 0630857
- ext4: fix mb_cache_entry's e_refcnt leak in
ext4_xattr_block_cache_find() (bsc#1226993 CVE-2024-39276).
- commit 1269749
- Update patch reference for AMDGPU fix (CVE-2024-41011 bsc#1228115)
- commit 0303eab
- drm/amdkfd: don't allow mapping the MMIO HDP page with large
pages (CVE-2024-41011 bsc#1228115).
- commit ff8f843
- 9p: add missing locking around taking dentry fid list (bsc#1227090, CVE-2024-39463).
- commit c58a66f
- ceph: fix incorrect kmalloc size of pagevec mempool
(bsc#1228418).
- commit 2230e72
- tun: add missing verification for short frame (CVE-2024-41091
bsc#1228327).
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- net: ena: Add validation for completion descriptors consistency
(CVE-2024-40999 bsc#1227913).
- net: mvpp2: clear BM pool before initialization (CVE-2024-35837
bsc#1224500).
- commit 80ce1bf
- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- commit 6bbdba6
- sit: do not call ipip6_dev_free() from sit_init_net()
(CVE-2021-47588 bsc#1226568).
- commit 38c1d39
- mptcp: remove tcp ulp setsockopt support
(CVE-2021-47591 bsc#1226570).
- commit 2079fc2
- Refresh
patches.kabi/tty-add-the-option-to-have-a-tty-reject-a-new-ldisc.patch.
Fix build for CONFIG_VT=n (ppc64le/kvmsmall).
- commit a0ede6a
- sch_cake: do not call cake_destroy() from cake_init()
(CVE-2021-47598 bsc#1226574).
- commit d533b8e
- serial: imx: Introduce timeout when waiting on transmitter empty
(CVE-2024-40967 bsc#1227891).
- commit 05ae86a
- kABI: tty: add the option to have a tty reject a new ldisc
(kabi CVE-2024-40966 bsc#1227886).
- tty: add the option to have a tty reject a new ldisc
(CVE-2024-40966 bsc#1227886).
- commit 875e673
- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- commit 1b3b67e
- devres: Fix memory leakage caused by driver API
devm_free_percpu() (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env()
(git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- commit 9c7dc5b
- bpf: Fix a potential use-after-free in bpf_link_free()
(bsc#1227798 CVE-2024-40909).
- Refresh patches.kabi/bpf-bpf_link-and-bpf_link_ops-kABI-workaround.patch
- commit 755a2fd
- net-sysfs: add check for netdevice being present to speed_show (CVE-2022-48850 bsc#1228071)
- commit 3226c14
- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- commit 9b702c7
- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- commit 11f7aa0
- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- commit 33fb4ee
- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- commit d56b79b
- KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- commit be5ea07
- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- commit dc83512
- drm/radeon: check bo_va->bo is non-NULL before using it
(stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode
support (stable-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
(stable-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency
(stable-fixes).
- ALSA: hda/realtek: Add more codec ID to no shutup pins list
(stable-fixes).
- commit a18e5d0
- powerpc/fixmap: Fix VM debug warning on unmap (CVE-2021-47623
bsc#1227919).
- commit 6169baf
- wifi: mt76: mt7921s: fix potential hung tasks during chip
recovery (CVE-2024-40977 bsc#1227950).
- commit ee916d4
- Avoid hw_desc array overrun in dw-axi-dmac (CVE-2024-40970
bsc#1227899).
- commit 713bbc3
- ssb: Fix potential NULL pointer dereference in
ssb_device_uevent() (CVE-2024-40982 bsc#1227865).
- commit 4f37558
- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- commit 12ba1f2
- Update patches.suse/IB-mlx5-Use-__iowrite64_copy-for-write-combining-sto.patch (git-fixes bsc#1226502)
- commit c55adfd
- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- commit 3783d1b
- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- commit cc50a67
- s390: Implement __iowrite32_copy() (bsc#1226502)
- commit 8fb0f46
- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- commit 92d3558
- smb: client: fix use-after-free in smb2_query_info_compound()
(bsc#1225489, CVE-2023-52751).
- commit a32502b
- bpf: Set run context for rawtp test_run callback (bsc#1227783
CVE-2024-40908).
- commit 3bc3979
- ipv6: prevent possible NULL dereference in rt6_probe()
(CVE-2024-40960 bsc#1227813).
- commit 33bfa43
- PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
(git-fixes).
- commit e67818e
- cachefiles: flush all requests after setting CACHEFILES_DEAD
(bsc#1227797 CVE-2024-40935).
- commit f7e6672
- xfs: Add cond_resched to block unmap range and reflink remap
path (bsc#1228226).
- commit 398a1d5
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table()
on failure path (CVE-2022-48810 bsc#1227936).
- commit 4b745d6
- PCI: Introduce cleanup helpers for device reference counts
and locks (git-fixes).
- commit 4645732
- PCI: tegra194: Set EP alignment restriction for inbound ATU
(git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
(git-fixes).
- PCI: keystone: Fix NULL pointer dereference in case of DT
error in ks_pcie_setup_rc_app_regs() (git-fixes).
- PCI: keystone: Don't enable BAR 0 for AM654x (git-fixes).
- PCI: Fix resource double counting on remove & rescan
(git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
(git-fixes).
- commit b5dfbee
- sctp: fix kernel-infoleak for SCTP sockets (CVE-2022-48855
bsc#1228003).
- commit f84afd1
- blacklist.conf: add one pci entry
- commit 8c4446c
- ipv6: prevent possible NULL deref in fib6_nh_init()
(CVE-2024-40961 bsc#1227814).
- commit 09176fe
- PCI: Extend ACS configurability (bsc#1228090).
- commit 9d1d191
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated
memory (bsc#1227762 CVE-2024-40901).
- commit 1473e56
- io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
(bsc#1227732 CVE-2024-39508).
- commit 9c3b469
- mac802154: fix llsec key resources release in
mac802154_llsec_key_del (CVE-2024-26961 bsc#1223652).
- commit 4396d9f
- usb: typec: tcpm: clear pd_event queue in PORT_RESET
(git-fixes).
- commit 8782764
- netrom: Fix a memory leak in nr_heartbeat_expiry()
(CVE-2024-41006 bsc#1227862).
- commit fa76ffa
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
(git-fixes).
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored
(git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up
(git-fixes).
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when
pinctrl_enable() fails (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable()
fails (git-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable()
fails (git-fixes).
- pinctrl: rockchip: update rk3308 iomux routes (git-fixes).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
(git-fixes).
- PCI: Fix resource double counting on remove & rescan
(git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
(git-fixes).
- PCI: Introduce cleanup helpers for device reference counts
and locks (stable-fixes).
- commit a5ba589
- usb: gadget: call usb_gadget_check_config() to verify UDC
capability (git-fixes).
- commit a789eca
- blacklist.conf: pure dts
- commit ed51b87
- usb: cdns3: fix iso transfer error when mult is not zero
(git-fixes).
- commit 24ef45f
- usb: cdns3: fix incorrect calculation of ep_buf_size when more
than one config (git-fixes).
- commit 1aee554
- usb: cdns3: allocate TX FIFO size according to composite EP
number (git-fixes).
- blacklist.conf: needed as infrastructure
- Refresh
patches.suse/usb-cdns3-fix-NCM-gadget-RX-speed-20x-slow-than-expe.patch.
- commit f5e4b65
- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228190).
- commit 7cce822
- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt
is true (git-fixes).
- Refresh
patches.suse/usb-cdns3-fix-uvc-failure-work-since-sg-support-enab.patch.
- commit f171c84
- usb: cdns3: optimize OUT transfer by copying only actual
received data (git-fixes).
- commit 909f26f
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
(git-fixes).
- commit 82de9d3
- usb: cdns3: improve handling of unaligned address case
(git-fixes).
- commit ada0d19
- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state
(bsc#1227121 ltc#207129).
- commit 2fe1c33
- blacklist.conf: pure optimization
- commit 0f44899
- gve: Clear napi->skb before dev_kfree_skb_any() (CVE-2024-40937
bsc#1227836).
- commit 610d469
- Input: elan_i2c - do not leave interrupt disabled on suspend
failure (git-fixes).
- Input: qt1050 - handle CHIP_ID reading error (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- Revert "usb: musb: da8xx: Set phy in OTG mode by default"
(stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
Book Pro 360 (stable-fixes).
- ASoC: amd: Adjust error handling in case of absent codec device
(git-fixes).
- ASoC: max98088: Check for clk_prepare_enable() error
(git-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
(stable-fixes).
- crypto: ecdsa - Fix the public key format description
(git-fixes).
- commit daf9e8d
- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config
(git-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush()
ctl op (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after
suspend/resume (git-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep
(git-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- USB: serial: option: add Rolling RW350-GL variants
(stable-fixes).
- USB: serial: option: add support for Foxconn T99W651
(stable-fixes).
- USB: serial: option: add Netprisma LCUK54 series modules
(stable-fixes).
- usb: gadget: configfs: Prevent OOB read/write in
usb_string_copy() (stable-fixes).
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
(stable-fixes).
- USB: serial: option: add Telit generic core-dump composition
(stable-fixes).
- USB: serial: option: add Fibocom FM350-GL (stable-fixes).
- USB: serial: option: add Telit FN912 rmnet compositions
(stable-fixes).
- nilfs2: add missing check for inode numbers on directory entries
(stable-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
(stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT
IVW 11.6" tablet (stable-fixes).
- nfc/nci: Add the inconsistency check between the input data
length and count (stable-fixes).
- Input: ff-core - prefer struct_size over open coded arithmetic
(stable-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- media: dvb-frontends: tda10048: Fix integer overflow
(stable-fixes).
- media: s2255: Use refcount_t instead of atomic_t for
num_channels (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div
(stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: dw2102: Don't translate i2c read into write
(stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware()
(stable-fixes).
- media: dvb: as102-fe: Fix as10x_register_addr packing
(stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- commit 1d67edd
- Update Alt-commit of AMDGPU patch (git-fixes)
- commit 486ad31
- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers
(git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in
prepare() (git-fixes).
- commit 7e23de0
- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO
before regulators (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in
amdgpu_device_baco_exit (git-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
(git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
(stable-fixes).
- ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- crypto: aead,cipher - zeroize key buffer after use
(stable-fixes).
- commit df254fc
- Update Alt-commit for AMDGPU patches (git-fixes)
- commit faaa427
- net: hns3: fix kernel crash problem in concurrent scenario
(CVE-2024-39507 bsc#1227730).
- net/mlx5: Fix tainted pointer delete is case of flow rules
creation fail (CVE-2024-40940 bsc#1227800).
- commit 778fd36
- vmxnet3: disable rx data ring on dma allocation failure
(CVE-2024-40923 bsc#1227786).
- commit 39544d5
- mptcp: ensure snd_una is properly initialized on connect
(CVE-2024-40931 bsc#1227780).
- commit 8410912
- bnxt_en: Adjust logging of firmware messages in case of released
token in __hwrm_send() (CVE-2024-40919 bsc#1227779).
- commit 92740a7
- orangefs: fix out-of-bounds fsid access (git-fixes).
- commit 5492c0a
- nilfs2: fix incorrect inode allocation from reserved inodes
(git-fixes).
- commit 84d8b23
- nilfs2: convert persistent object allocator to use kmap_local
(git-fixes).
- commit 5ccbbbd
- nilfs2: add missing check for inode numbers on directory entries
(git-fixes).
- commit 907b3f0
- nilfs2: fix inode number range checks (git-fixes).
- commit f8f08aa
- jffs2: Fix potential illegal address access in jffs2_free_inode
(git-fixes).
- commit 03a6330
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CVE-2024-39487 bsc#1227573)
- commit 07efe24
- netfilter: nf_tables: flush pending destroy work before exit_net release (CVE-2024-35899 bsc#1224499)
- commit fca7a67
- net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (CVE-2024-35934 bsc#1224641)
- commit 2be2fbe
- net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893 bsc#1224512)
- commit e1c4fc4
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
(CVE-2024-40953, bsc#1227806).
- commit 2476f39
- Refresh
patches.suse/KVM-x86-Bail-from-kvm_recalculate_phys_map-if-x2APIC.patch.
- commit c36c759
- xfs: fix log recovery buffer allocation for the legacy h_size
fixup (bsc#1227432 CVE-2024-39472).
- commit 18a9915
- KVM: x86: Add IBPB_BRTYPE support (bsc#1228079).
- commit aa09d73
- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff
(git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp
(git-fixes).
- saa7134: Unchecked i2c_transfer function result fixed
(git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: dvb-usb: Fix unexpected infinite loop in
dvb_usb_read_remote_control() (git-fixes).
- Revert "leds: led-core: Fix refcount leak in of_led_get()"
(git-fixes).
- leds: triggers: Flush pending brightness before activating
trigger (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos
(git-fixes).
- leds: trigger: Unregister sysfs attributes before calling
deactivate() (git-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- commit 960e7ee
- Update
patches.suse/mptcp-ensure-snd_nxt-is-properly-initialized-on-conn.patch
(CVE-2024-36889 bsc#1225746).
- commit cf8a3ad
- ocfs2: fix races between hole punching and AIO+DIO (CVE-2024-40943 bsc#1227849).
- commit b79d9d8
- net: rds: Fix possible NULL-pointer dereference (CVE-2023-52573 bsc#1220869)
- commit d3cf4c3
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020 bsc#1223815)
- commit fd09409
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019 bsc#1223813)
- commit ccbb2a8
- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- commit 7623aa9
- gro: fix ownership transfer (CVE-2024-35890 bsc#1224516).
- commit 59871a8
- mptcp: ensure snd_nxt is properly initialized on connect
(CVE-2024-36889).
- commit d97efaf
- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- commit 7716ffe
- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- commit ee3b46a
- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- commit 4a9af64
- ipv6: fib6_rules: avoid possible NULL dereference in
fib6_rule_action() (CVE-2024-36902 bsc#1225719).
- commit b7587ff
- phonet: fix rtm_phonet_notify() skb allocation (CVE-2024-36946
bsc#1225851).
- commit f863dba
- net: netlink: af_netlink: Prevent empty skb by adding a check
on len (CVE-2021-47606 bsc#1226555).
- commit 3b4f977
- r8169: Fix possible ring buffer corruption on fragmented Tx
packets (CVE-2024-38586 bsc#1226750).
- commit 21fc784
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
- commit cee3770
- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- commit 5326760
- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- commit 7113a94
- wifi: rtw89: Fix array index mistake in
rtw89_sta_info_get_iter() (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
(git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in
cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
(git-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
(git-fixes).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox
(git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of
wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no
waiters (git-fixes).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- pwm: stm32: Always do lazy disabling (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms
(git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes
(git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled
(git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version
(git-fixes).
- drm/gma500: fix null pointer dereference in
cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in
psb_intel_lvds_get_modes (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- commit f8f3fda
- SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
- SUNRPC: Fix loop termination condition in
gss_free_in_token_pages() (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
(git-fixes).
- NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
(git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
(git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- NFSD: Convert filecache to rhltable (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- nfsd: update comment over __nfsd_file_cache_purge (git-fixes).
- nfsd: don't take/put an extra reference when putting a file
(git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: don't kill nfsd_files because of lease break error
(git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
(git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
(git-fixes).
- nfsd: don't fsync nfsd_files on last close (git-fixes).
- nfsd: don't hand out delegation on setuid files being opened
for write (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer
(git-fixes).
- nfsd: don't free files unconditionally in
__nfsd_file_cache_purge (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath
(git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- lockd: set missing fl_flags field when retrieving args
(git-fixes).
- NFSD: Add an nfsd_file_fsync tracepoint (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache
(git-fixes).
- NFSD: Fix licensing header in filecache.c (git-fixes).
- NFSD: Flesh out a documenting comment for filecache.c
(git-fixes).
- NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage
collection (git-fixes).
- NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- filelock: add a new locks_inode_context accessor function
(git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry
(git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint
(git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge
(git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire
(git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- NFSD enforce filehandle check for source file in COPY
(git-fixes).
- NFSD: verify the opened dentry after setting a delegation
(git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion
(git-fixes).
- NFSD: Ensure nf_inode is never dereferenced (git-fixes).
- NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- NFSD: Separate tracepoints for acquire and create (git-fixes).
- NFSD: Clean up unused code after rhashtable conversion
(git-fixes).
- NFSD: Convert the filecache to use rhashtable (git-fixes).
- NFSD: Set up an rhashtable for the filecache (git-fixes).
- NFSD: Replace the "init once" mechanism (git-fixes).
- NFSD: Remove nfsd_file::nf_hashval (git-fixes).
- NFSD: nfsd_file_hash_remove can compute hashval (git-fixes).
- NFSD: Refactor __nfsd_file_close_inode() (git-fixes).
- NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode
(git-fixes).
- NFSD: Remove lockdep assertion from unhash_and_release_locked()
(git-fixes).
- NFSD: No longer record nf_hashval in the trace log (git-fixes).
- NFSD: Fix the filecache LRU shrinker (git-fixes).
- NFSD: Leave open files out of the filecache LRU (git-fixes).
- NFSD: Trace filecache LRU activity (git-fixes).
- NFSD: WARN when freeing an item still linked via nf_lru
(git-fixes).
- NFSD: Zero counters when the filecache is re-initialized
(git-fixes).
- NFSD: Record number of flush calls (git-fixes).
- NFSD: Report the number of items evicted by the LRU walk
(git-fixes).
- NFSD: Refactor nfsd_file_lru_scan() (git-fixes).
- NFSD: Refactor nfsd_file_gc() (git-fixes).
- NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- NFSD: Report average age of filecache items (git-fixes).
- NFSD: Report count of freed filecache items (git-fixes).
- NFSD: Report count of calls to nfsd_file_acquire() (git-fixes).
- NFSD: Report filecache LRU size (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed
(git-fixes).
- NFSD: Fix potential use-after-free in nfsd_file_put()
(git-fixes).
- NFSD: nfsd_file_put() can sleep (git-fixes).
- NFSD: Trace filecache opens (git-fixes).
- NFSD: Instantiate a struct file when creating a regular NFSv4
file (git-fixes).
- NFSD: Clean up nfsd_open_verified() (git-fixes).
- NFSD: Remove do_nfsd_create() (git-fixes).
- NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- NFSD: Refactor NFSv3 CREATE (git-fixes).
- NFSD: Refactor nfsd_create_setattr() (git-fixes).
- NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()
(git-fixes).
- NFSD: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- NFSD: De-duplicate hash bucket indexing (git-fixes).
- NFSD: Write verifier might go backwards (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return
(git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- nfsd: map EBADF (git-fixes).
- NFSD: simplify per-net file cache management (git-fixes).
- NFSD: handle errors better in write_ports_addfd() (git-fixes).
- commit 93c3330
- usb: dwc3: gadget: Don't delay End Transfer on delayed_status
(git-fixes).
- commit e973410
- Update
patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
(bsc#1225767 CVE-2024-36919).
fix incorrect bug# reference
- commit 354086f
- ipv6: sr: fix missing sk_buff release in seg6_input_core
(bsc#1227626 CVE-2024-39490).
- commit b5e215c
- usb: xhci-plat: Don't include xhci.h (git-fixes).
- commit 192a370
- blacklist.conf: missing backport for fix
- commit 6f546a1
- net/mlx5: Always stop health timer during driver removal
(CVE-2024-40906 bsc#1227763).
- net/mlx5: Restore mistakenly dropped parts in register devlink
flow (CVE-2024-35961 bsc#1224585).
- commit 63e2ff9
- USB: xhci-plat: fix legacy PHY double init (git-fixes).
- commit 287068c
- usb: dwc3: gadget: Synchronize IRQ between soft
connect/disconnect (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 8914bb2
- exfat: check if cluster num is valid (git-fixes).
- commit bbb197c
- exfat: simplify is_valid_cluster() (git-fixes).
- commit ec3d5ea
- usb: dwc3: gadget: Force sending delayed status during soft
disconnect (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Stall-and-restart-EP0-if-host-is-unr.patch.
- commit 78e41bc
- hfsplus: fix to avoid false alarm of circular locking
(git-fixes).
- commit 88f4150
- blacklist.conf: cleanup, not a fix
- commit b7bc0b1
- net/mlx5: Register devlink first under devlink lock
(CVE-2024-35961 bsc#1224585).
- idpf: fix kernel panic on unknown packet types (CVE-2024-35889
bsc#1224517).
- stmmac: Clear variable when destroying workqueue (CVE-2024-26802
bsc#1222799).
- commit b9232bb
- inet: fully convert sk->sk_rx_dst to RCU rules (CVE-2021-47103
bsc#1221010).
- commit 6ef4a6c
- mptcp: fix deadlock in __mptcp_push_pending() (CVE-2021-47590
bsc#1226565).
- commit 994eb84
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722 CVE-2024-39497)
- commit 39b6841
- ionic: fix use after netif_napi_del() (CVE-2024-39502
bsc#1227755).
- ionic: clean interrupt before enabling queue to avoid credit
race (git-fixes).
- commit f8dee1e
- ipv6: prevent NULL dereference in ip6_output() (CVE-2024-36901 bsc#1225711)
- commit 0757942
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004 bsc#1224545)
- commit 89d4439
- nbd: null check for nla_nest_start (CVE-2024-27025 bsc#1223778)
- commit d85f2c2
- btrfs: use latest_dev in btrfs_show_devname (CVE-2021-47599 bsc#1226571)
- commit ba2490e
- btrfs: convert latest_bdev type to btrfs_device and rename (CVE-2021-47599 bsc#1226571)
- commit abefb83
- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- commit 4b0837b
- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- commit 274b9eb
- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
(CVE-2024-35853 bsc#1224604).
- commit e216456
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during
activity update (CVE-2024-35854 bsc#1224636).
- commit fa5b2f9
- phonet/pep: fix racy skb_queue_empty() use (CVE-2024-27402
bsc#1224414).
- commit 3644194
- net: prevent mss overflow in skb_segment() (CVE-2023-52435
bsc#1220138).
- commit 4ab465a
- tracing/net_sched: NULL pointer dereference in
perf_trace_qdisc_reset() (git-fixes).
- commit b9d9fb5
- tracing: Build event generation tests only as modules
(git-fixes).
- commit 383ccf7
- cachefiles: add output string to
cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- commit f83a29c
- ftrace: Fix possible use-after-free issue in ftrace_location()
(git-fixes).
- commit f6aba47
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- commit 0a79f35
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- commit 91021c0
- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- commit 369619b
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- commit aa95b6b
- netfilter: nf_tables: do not compare internal table flags on
updates (CVE-2024-27065 bsc#1223836).
- commit f1dd3b1
- kprobes: Make arch_check_ftrace_location static (git-fixes).
- commit 81e6138
- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- commit c256000
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- commit 16300ba
- csky: ftrace: Drop duplicate implementation of
arch_check_ftrace_location() (git-fixes).
- commit c9c9bba
- net/smc: avoid data corruption caused by decline (bsc#1225088
CVE-2023-52775).
- commit 7b97698
- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- commit 82ec7e7
- netfilter: flowtable: incorrect pppoe tuple (CVE-2024-27015
bsc#1223806).
- commit 6af6de1
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- commit 4eee5e7
- tipc: Check the bearer type before calling
tipc_udp_nl_bearer_add() (CVE-2024-26663 bsc#1222326).
- commit b23a947
- blacklist.conf: Blacklist unneeded patch
- commit a22ed51
- phonet/pep: refuse to enable an unbound pipe (CVE-2021-47086
bsc#1220952).
- commit 3d5c321
- tipc: check for null after calling kmemdup (CVE-2021-47186
bsc#1222702).
- commit 34af8f8
- i2c: rcar: bring hardware to known state when probing
(git-fixes).
- i2c: testunit: avoid re-issued work after read message
(git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- commit 720b7b0
- hpet: Support 32-bit userspace (git-fixes).
- USB: serial: mos7840: fix crash on resume (git-fixes).
- USB: core: Fix duplicate endpoint bug by clearing reserved
bits in the descriptor (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
(git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2
alg headers (git-fixes).
- firmware: cs_dsp: Validate payload length before processing
block (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file
(git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header
(git-fixes).
- ACPI: processor_idle: Fix invalid comparison with insertion
sort for latency (git-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo
(stable-fixes).
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with
ALC897 (stable-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning
(stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id
(stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank
(stable-fixes).
- drm/amd/display: Check index msg_id before read or write
(stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs
(stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/lima: fix shared irq handling on driver remove
(stable-fixes).
- commit 7c70cdc
- net: openvswitch: fix overwriting ct original tuple for ICMPv6
(bsc#1226783 CVE-2024-38558).
- net/smc: fix illegal rmb_desc access in SMC-D connection dump
(bsc#1220942 CVE-2024-26615).
- commit eaeef60
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- commit b1ce67e
- KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID
is out-of-bounds (git-fixes).
- commit 9ec2217
- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- commit 083e305
- KVM: x86: Save/restore all NMIs when multiple NMIs are pending
(git-fixes).
- commit 8bd778f
- block: don't add partitions if GD_SUPPRESS_PART_SCAN is set
(bsc#1227162).
- commit 71773a0
- block, loop: support partitions without scanning (bsc#1227162).
- blacklist.conf:
- commit bb86429
- KVM: x86: Honor architectural behavior for aliased 8-bit APIC
IDs (git-fixes).
- commit bf2b1de
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
(git-fixes CVE-2024-36955 bsc#1225810).
- Update
patches.suse/Bluetooth-qca-fix-firmware-check-error-path.patch
(git-fixes CVE-2024-36942 bsc#1225843).
- Update
patches.suse/Reapply-drm-qxl-simplify-qxl_fence_wait.patch
(stable-fixes CVE-2024-36944 bsc#1225847).
- Update
patches.suse/arm64-asm-bug-Add-.align-2-to-the-end-of-__BUG_ENTRY.patch
(git-fixes CVE-2024-39488 bsc#1227618).
- Update
patches.suse/fbdev-savage-Handle-err-return-when-savagefb_check_v.patch
(git-fixes CVE-2024-39475 bsc#1227435).
- Update
patches.suse/firewire-ohci-mask-bus-reset-interrupts-between-ISR-.patch
(stable-fixes CVE-2024-36950 bsc#1225895).
- Update
patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
(git-fixes CVE-2024-36959 bsc#1225839).
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- Update patches.suse/qibfs-fix-dentry-leak.patch (git-fixes
CVE-2024-36947 bsc#1225856).
- Update
patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
(bsc#1224767 CVE-2024-36919 bsc#1225767).
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes bsc#1223675 CVE-2024-269355 CVE-2024-26935).
- Update
patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch
(bsc#1221777 CVE-2024-36952 bsc#1225898).
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
(bsc#1221777 CVE-2024-36924 bsc#1225820).
- Update
patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
(git-fixes CVE-2024-36941 bsc#1225835).
- commit 54600b7
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713 bsc#1227549).
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226758 CVE-2024-38559 bsc#1226785).
- Update
patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186
CVE-2024-26800 bsc#1222728).
- commit 329a684
- KVM: SVM: Process ICR on AVIC IPI delivery failure due to
invalid target (git-fixes).
- commit 112065d
- KVM: x86: Purge "highest ISR" cache when updating APICv state
(git-fixes).
- commit a129b88
- KVM: x86: Disable APIC logical map if vCPUs are aliased in
logical mode (git-fixes).
- commit 8d68b06
- vfio/fsl-mc: Block calling interrupt handler without trigger
(bsc#1222810 CVE-2024-26814).
- commit 520ae3c
- KVM: x86: Disable APIC logical map if logical ID covers multiple
MDAs (git-fixes).
- commit 0357410
- KVM: Always flush async #PF workqueue when vCPU is being
destroyed (bsc#1223635 CVE-2024-26976).
- commit c5ed396
- virtio-blk: fix implicit overflow on virtio_max_dma_size
(bsc#1225573 CVE-2023-52762).
- commit 4296dc1
- KVM: x86: Skip redundant x2APIC logical mode optimized cluster
setup (git-fixes).
- commit 288a73b
- vfio/platform: Create persistent IRQ handlers (bsc#1222809
CVE-2024-26813).
- commit a8290e8
- KVM: x86: Explicitly track all possibilities for APIC map's
logical modes (git-fixes).
- commit 2cf1fb4
- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- commit 07e2e07
- KVM: x86: Explicitly skip optimized logical map setup if vCPU's
LDR==0 (git-fixes).
- commit d6f5973
- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- commit f2aaa1a
- KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC
routes (git-fixes).
- commit a815f21
- KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR
in CPUID (git-fixes).
- commit ccf2508
- net: mana: Fix possible double free in error handling path (git-fixes).
- RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted (bsc#1225744, CVE-2024-36909).
- uio_hv_generic: Don't free decrypted memory (bsc#1225717, CVE-2024-36910).
- hv_netvsc: Don't free decrypted memory (bsc#1225745, CVE-2024-36911).
- Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752, CVE-2024-36912).
- Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753, CVE-2024-36913).
- commit a860c7f
- tpm, tpm_tis: correct tpm_tis_flags enumeration values
(bsc#1082555).
- commit ee1e789
- KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT
Misconfig (git-fixes).
- commit 0d2641d
- KVM: VMX: Report up-to-date exit qualification to userspace
(git-fixes).
- commit 606216a
- tpm_tis: Resend command to recover from data transfer errors
(bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside
tpm_tis_resume (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on
resume (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers
(bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector
(bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts
(bsc#1082555).
- tpm: Allow system suspend to continue when TPM suspend fails
(bsc#1082555).
- commit 7f61c0e
- KVM: x86: Fix broken debugregs ABI for 32 bit kernels
(git-fixes).
- commit eea9593
- KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- commit 2af46f6
- Refresh
patches.suse/bpf-keep-track-of-max-number-of-bpf_loop-callback-it.patch.
(bsc#1225903)
Include missing changes in
tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
was not backported previously.
- commit 69cbb3f
- Refresh
patches.suse/bpf-verify-callbacks-as-if-they-are-called-unknown-n.patch.
(bsc#1225903)
Include missing changes in
tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
was not backported previously.
- commit 8238035
- btrfs: validate device maj:min during open (bsc#1227162).
- commit f49f11d
- btrfs: use dev_t to match device in device_matched
(bsc#1227162).
- commit 4a1fa42
- btrfs: add device major-minor info in the struct btrfs_device
(bsc#1227162).
- commit 297d7e5
- btrfs: match stale devices by dev_t (bsc#1227162).
- commit ee773dd
- btrfs: harden identification of a stale device (bsc#1227162).
- commit 9bf979f
- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- commit 1a2918c
- btrfs: remove the cross file system checks from remap
(bsc#1227157).
- commit b30d559
- arm64: dts: rockchip: fix alphabetical ordering RK3399 puma (git-fixes)
In order to apply current patch need to refresh:
arm64-dts-rockchip-enable-internal-pull-up-on-PCIE_WAKE-for-RK3399-Puma.patch
- commit 36ab413
- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- commit f6380d7
- blacklist.conf: ("arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK")
- commit 3dd6408
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- commit 7c8b066
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- commit c6de453
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- commit 2d5f667
- blacklist.conf: ("arm64: dts: broadcom: bcmbca: bcm4908: set brcm,wp-not-connected")
- commit 9393d29
- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- commit dc0a371
- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- commit 37fadad
- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- commit f1a9bcf
- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- commit 296515d
- selftests/bpf: test case for callback_depth states pruning logic
(bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is
tracked (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks
(bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier
(bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in
regsafe() (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar
ids (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence
of subprogs (bsc#1225903).
- selftests/bpf: populate map_array_ro map for
verifier_array_access test (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for
test_loader (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored
(bsc#1225903).
- selftests/bpf: Add a selftest for checking subreg equality
(bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier
tests (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c
(bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c
(bsc#1225903).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h
(bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error
(bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple
expected messages (bsc#1225903).
- commit d974185
- tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328 CVE-2024-26665).
- commit ba586e2
- ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557
CVE-2024-35995).
- commit dccf281
- ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
(bsc#1224557 CVE-2024-35995).
- commit a961424
- nfs: Handle error of rpc_proc_register() in nfs_net_init()
(CVE-2024-36939 bsc#1225838).
- commit 1e7c712
- SUNRPC: avoid soft lockup when transmitting UDP to reachable
server (bsc#1225272).
- commit a570654
- Update patches.suse/net-tls-factor-out-tls_-crypt_async_wait.patch.
- fix build warning
- commit 01715f7
- netfilter: conntrack: ignore overly delayed tcp packets
(bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return
value (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window
(bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker
(bsc#1223180).
- commit f482451
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869 CVE-2024-42230).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869 CVE-2024-42230).
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869).
- commit c9d175f
- kernel-binary: vdso: Own module_dir
- commit ff69986
- ACPI: CPPC: Use access_width over bit_width for system memory
accesses (bsc#1224557 CVE-2024-35995).
- commit 1947557
- drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323 CVE-2024-26661)
- commit c59a952
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
fixed incorrect bug number reference
- commit 999a0f9
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
Fixed incorrect bug reference.
- commit e3b8fb6
- net/dcb: check for detached device before executing callbacks
(bsc#1215587).
- commit a6082a0
- kABI: rtas: Workaround false positive due to lost definition
(bsc#1227487).
- commit fb8a8f3
- net/core: Fix ETH_P_1588 flow dissector (bsc#1220876
CVE-2023-52580).
- commit 0ff3299
- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- sched/fair: Don't balance task to its current running CPU
(git fixes (sched)).
- kernel/sched: Remove dl_boosted flag comment (git fixes
(sched)).
- commit 27be692
- blacklist.conf: Unsupported architecture
- commit 74cc76a
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
(git-fixes).
- commit 4c4245d
- powerpc/rtas: Prevent Spectre v1 gadget construction in
sys_rtas() (bsc#1227487).
- commit 9648fb4
- tls: fix use-after-free on failed backlog decryption
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: separate no-async decryption request handling from async
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: decrement decrypt_pending if no async completion will be
called (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: handle backlogging of crypto requests (CVE-2024-26584
bsc#1220186).
- tls: fix race between tx work scheduling and socket close
(CVE-2024-26585 bsc#1220187).
- tls: fix race between async notify and socket close
(CVE-2024-26583 bsc#1220185).
- net: tls: factor out tls_*crypt_async_wait() (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: fix async vs NIC crypto offload (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: use async as an in-out argument (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: assume crypto always calls our callback (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't track the async count (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: simplify async wait (CVE-2024-26583 CVE-2024-26584
bsc#1220185 bsc#1220186).
- tls: rx: wrap decryption arguments in a structure
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't report text length from the bowels of decrypt
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: drop unnecessary arguments from tls_setup_from_iter()
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- commit 63dd4a4
- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- commit b623ae1
- drm/nouveau: fix null pointer dereference in
nouveau_connector_get_modes (git-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer
(stable-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info
(stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
nv17_tv_get_ld_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
nv17_tv_get_hd_modes (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for
EliteBook 645/665 G11 (stable-fixes).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host
(stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host
(stable-fixes).
- xhci: Set correct transferred length for cancelled bulk
transfers (stable-fixes).
- ACPI: x86: Force StorageD3Enable on more products
(stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs
(git-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the
Belkin F5U002 (stable-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
(stable-fixes).
- power: supply: cros_usbpd: provide ID table for avoiding
fallback match (stable-fixes).
- mtd: partitions: redboot: Added conversion of operands to a
larger type (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- ALSA: emux: improve patch ioctl data validation (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory
(stable-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers
that sleep (stable-fixes).
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
(stable-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref()
(stable-fixes).
- HID: Add quirk for Logitech Casa touchpad (stable-fixes).
- ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7
(stable-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release
(stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of
pointer message (stable-fixes).
- Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c &
amdgpu_device.c (stable-fixes).
- Bluetooth: hci_qca: mark OF related data as maybe unused
(stable-fixes).
- ACPI: x86: utils: Add Picasso to the list for forcing
StorageD3Enable (stable-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- PCI: Add PCI_ERROR_RESPONSE and related definitions
(stable-fixes).
- commit 7f3043b
- RDMA/restrack: Fix potential invalid address access (git-fixes)
- commit 23ae4ef
- bpf: check bpf_func_state->callback_depth when pruning states
(bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global
func exit (bsc#1225903).
- commit d19d633
- bcache: fix variable length array abuse in btree_iter
(CVE-2024-39482 bsc#1227447).
- commit 17815f2
- soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683
CVE-2024-35819).
- commit 450645b
- soc: fsl: qbman: Add CGR update function (bsc#1224683
CVE-2024-35819).
- commit 2baf830
- soc: fsl: qbman: Add helper for sanity checking cgr ops
(bsc#1224683 CVE-2024-35819).
- commit 47079b2
- Delete
patches.suse/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch.
Will be replaced with a refreshed version once all conflicting new patches are in.
- commit a0fa0a3
- hwmon: (axi-fan-control) Fix possible NULL pointer dereference
(git-fixes CVE-2023-52863 bsc#1225586).
- commit 084eb37
- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- can: kvaser_usb: Explicitly initialize family in leafimx
driver_info struct (git-fixes).
- Bluetooth: qca: Fix BT enable failure again for QCA6390 after
warm reboot (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
(git-fixes).
- commit 2b22fa3
- kABI: bpf: callback fixes kABI workaround (bsc#1225903).
- kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kABI: bpf: bpf_reg_state reorganization kABI workaround
(bsc#1225903).
- kABI: bpf: struct bpf_{idmap,idset} kABI workaround
(bsc#1225903).
- commit c363b0e
- jfs: xattr: fix buffer overflow for invalid xattr
(bsc#1227383).
- commit 33e2d96
- blacklist.conf: Add 8b793bcda61f watchdog: move softlockup_panic back to early_param
- commit 884e27b
- blacklist.conf: Add d988d9a9b9d1 panic: Flush kernel log buffer at the end
- commit 1b88df8
- net: tulip: de4x5: fix the problem that the array 'lp->phy'
may be out of bound (bsc#1225505 CVE-2021-47547).
- commit 9f2e6d7
- Update
patches.suse/arm64-mm-Batch-dsb-and-isb-when-populating-pgtables.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/arm64-mm-Don-t-remap-pgtables-for-allocate-vs-populate.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/arm64-mm-Don-t-remap-pgtables-per-cont-pte-pmd-block.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/arm64-mm-don-t-acquire-mutex-when-rewriting-swapper.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/net-ena-Fix-redundant-device-NUMA-node-override.patch
(jsc#PED-8690 bsc#1226202).
- commit 6a3ad32
- Update
patches.suse/usb-gadget-printer-fix-races-against-disable.patch
(CVE-2024-25741 bsc#1219832).
- commit ad103cc
- md: fix resync softlockup when bitmap size is less than array
size (CVE-2024-38598, bsc#1226757).
- commit 63bdd4c
- Replaced by upstream version and add CVE-2024-35979 bsc#1224572 References,
patches.suse/raid1-fix-use-after-free-for-original-bio-in-raid1_w-fcf3.patch.
- commit b286e82
- dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743,
CVE-2024-35805).
- commit cd48313
- llc: make llc_ui_sendmsg() more robust against bonding changes
(CVE-2024-26636 bsc#1221659).
- commit ecb089c
- llc: Drop support for ETH_P_TR_802_2 (CVE-2024-26635
bsc#1221656).
- commit 1100e9f
- usb: gadget: u_audio: Fix race condition use of controls after
free during gadget unbind (CVE-2024-38628 bsc#1226911).
- commit 9098f97
- usb: gadget: u_audio: clean up some inconsistent indenting
(CVE-2024-38628 bsc#1226911).
- commit 59d56d9
- blacklist.conf: 9cb46b31f3d0 drm/xe/xe_migrate: Cast to output precision before multiplying operands
- commit f111be2
- ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
(CVE-2024-26641 bsc#1221654).
- commit 41bffae
- hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021
CVE-2024-26863).
- commit f065753
- ip6_tunnel: fix NEXTHDR_FRAGMENT handling in
ip6_tnl_parse_tlv_enc_lim() (CVE-2024-26633 bsc#1221647).
- commit f5f5027
- gfs2: Fix potential glock use-after-free on unmount (bsc#1226775
CVE-2024-38570).
- gfs2: Rename sd_{ glock => kill }_wait (bsc#1226775
CVE-2024-38570).
- gfs2: Use container_of() for gfs2_glock(aspace) (bsc#1226775
CVE-2024-38570).
- commit 1854bb6
- io_uring: check for non-NULL file pointer in io_file_can_poll()
(bsc#1226990 CVE-2024-39371).
- commit f9fcf1f
- fs/9p: fix uninitialized values during inode evict (bsc#1225815
CVE-2024-36923).
- commit 40f7a6e
- hsr: Prevent use after free in prp_create_tagged_frame()
(CVE-2023-52846 bsc#1225098).
- commit 74c7662
- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot
of subvolume being deleted (bsc#1221282).
- btrfs: don't abort filesystem when attempting to snapshot
deleted subvolume (bsc#1221282 CVE-2024-26644 bsc#1222072).
- commit 7829d14
- btrfs: fix crash on racing fsync and size-extending write into
prealloc (bsc#1227101 CVE-2024-37354).
- commit 899b45b
- kbuild: do not include include/config/auto.conf from shell
scripts (bsc#1227274).
- commit c743753
- kernel-doc: fix struct_group_tagged() parsing (git-fixes).
- lib: memcpy_kunit: Fix an invalid format specifier in an
assertion msg (git-fixes).
- commit d600a63
- mtd: rawnand: rockchip: ensure NVDDR timings are rejected
(git-fixes).
- mtd: rawnand: Bypass a couple of sanity checks during NAND
identification (git-fixes).
- mtd: rawnand: Ensure ECC configuration is propagated to upper
layers (git-fixes).
- commit 69e8827
- bpf: keep track of max number of bpf_loop callback iterations
(bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- commit 4740932
- bpf: verify callbacks as if they are called unknown number of
times (bsc#1225903).
- Refresh patches.kabi/bpf-struct-bpf_insn_aux_data-workaround.patch
- bpf: clean up visit_insn()'s instruction processing
(bsc#1225903).
- Refresh patches.suse/bpf-handle-ldimm64-properly-in-check_cfg.patch
- bpf: Remove unused insn_cnt argument from
visit_[func_call_]insn() (bsc#1225903).
- Refresh patches.suse/bpf-handle-ldimm64-properly-in-check_cfg.patch
- commit 4cfaa45
- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in
strobemeta (bsc#1225903).
- bpf: print full verifier states on infinite loop detection
(bsc#1225903).
- bpf: Fix memory leaks in __check_func_call (bsc#1225903).
- commit 319cd93
- Update
patches.suse/0001-dm-btree-remove-fix-use-after-free-in-rebalance_chil.patch
(git-fixes CVE-2021-47600 bsc#1226575).
- Update
patches.suse/ALSA-hda-Fix-UAF-of-leds-class-devs-at-unbinding.patch
(bsc#1195349 CVE-2022-48735 bsc#1226719).
- Update
patches.suse/ARM-9170-1-fix-panic-when-kasan-and-kprobe-are-enabl.patch
(git-fixes CVE-2021-47618 bsc#1226644).
- Update
patches.suse/ASoC-hdmi-codec-Fix-OOB-memory-accesses.patch
(git-fixes CVE-2022-48739 bsc#1226675).
- Update
patches.suse/ASoC-max9759-fix-underflow-in-speaker_gain_control_p.patch
(git-fixes CVE-2022-48717 bsc#1226679).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4cf28e9ae6e2.patch
(git-fixes CVE-2022-48736 bsc#1226721).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4f1e50d6a9cf.patch
(git-fixes CVE-2022-48737 bsc#1226762).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_.patch
(git-fixes CVE-2022-48738 bsc#1226674).
- Update
patches.suse/Bluetooth-refactor-malicious-adv-data-check.patch
(git-fixes CVE-2021-47620 bsc#1226669).
- Update patches.suse/IB-hfi1-Fix-AIP-early-init-panic.patch
(git-fixes CVE-2022-48728 bsc#1226691).
- Update
patches.suse/IB-hfi1-Fix-panic-with-larger-ipoib-send_queue_size.patch
(jsc#SLE-19242 CVE-2022-48729 bsc#1226710).
- Update
patches.suse/KVM-LAPIC-Also-cancel-preemption-timer-during-SET_LA.patch
(git-fixes CVE-2022-48765 bsc#1226697).
- Update
patches.suse/KVM-arm64-Avoid-consuming-a-stale-esr-value-when-SEr.patch
(git-fixes CVE-2022-48727 bsc#1226690).
- Update
patches.suse/KVM-x86-Forcibly-leave-nested-virt-when-SMM-state-is.patch
(git-fixes CVE-2022-48763 bsc#1226628).
- Update
patches.suse/PCI-pciehp-Fix-infinite-loop-in-IRQ-handler-upon-pow.patch
(git-fixes CVE-2021-47617 bsc#1226614).
- Update
patches.suse/RDMA-Fix-use-after-free-in-rxe_queue_cleanup.patch
(jsc#SLE-19249 CVE-2021-47616 bsc#1226603).
- Update
patches.suse/RDMA-irdma-Fix-a-user-after-free-in-add_pble_prm.patch
(jsc#SLE-18383 CVE-2021-47614 bsc#1226601).
- Update
patches.suse/RDMA-mlx5-Fix-releasing-unallocated-memory-in-dereg-.patch
(jsc#SLE-19253 CVE-2021-47615 bsc#1226602).
- Update
patches.suse/RDMA-siw-Fix-refcounting-leak-in-siw_create_qp.patch
(jsc#SLE-19249 CVE-2022-48725 bsc#1226618).
- Update
patches.suse/RDMA-ucma-Protect-mc-during-concurrent-multicast-lea.patch
(git-fixes CVE-2022-48726 bsc#1226686).
- Update
patches.suse/USB-core-Fix-hang-in-usb_kill_urb-by-adding-memory-b.patch
(git-fixes CVE-2022-48760 bsc#1226712).
- Update
patches.suse/USB-core-Make-do_proc_control-and-do_proc_bulk-killa.patch
(git-fixes CVE-2021-47582 bsc#1226559).
- Update
patches.suse/audit-improve-robustness-of-the-audit-queue-handling.patch
(git-fixes CVE-2021-47603 bsc#1226577).
- Update patches.suse/block-Fix-wrong-offset-in-bio_truncate.patch
(bsc#1202780 CVE-2022-48747 bsc#1226643).
- Update
patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-cmpxchg-s-r.patch
(git-fixes CVE-2021-47607 bsc#1226580).
- Update
patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-fetch.patch
(bsc#1193883 bsc#1194826 CVE-2022-0264 CVE-2021-47608
bsc#1226569).
- Update
patches.suse/bpf-Protect-against-int-overflow-for-stack-access-si.patch
(bsc#1224488 CVE-2024-35905).
- Update
patches.suse/btrfs-fix-deadlock-between-quota-disable-and-qgroup-.patch
(bsc#1199295 CVE-2022-48734 bsc#1226626).
- Update
patches.suse/btrfs-fix-memory-leak-in-__add_inode_ref.patch
(bsc#1197915 CVE-2021-47585 bsc#1226556).
- Update
patches.suse/ceph-properly-put-ceph_string-reference-after-async-create-attempt.patch
(bsc#1195341 CVE-2022-48767 bsc#1226715).
- Update
patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
(git-fixes CVE-2022-48730 bsc#1226713).
- Update
patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
(git-fixes CVE-2022-48749 bsc#1226650).
- Update
patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
(git-fixes CVE-2022-48756 bsc#1226698).
- Update
patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
(git-fixes CVE-2022-48732 bsc#1226716).
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(git-fixes CVE-2021-47534).
- Update
patches.suse/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch
(CVE-2022-22942 bsc#1195065 CVE-2022-48771 bsc#1226732).
- Update
patches.suse/efi-runtime-avoid-EFIv2-runtime-services-on-Apple-x8.patch
(git-fixes CVE-2022-48769 bsc#1226629).
- Update
patches.suse/ext4-fix-error-handling-in-ext4_fc_record_modified_i.patch
(bsc#1202767 CVE-2022-48712 bsc#1226673).
- Update
patches.suse/firmware-arm_scpi-Fix-string-overflow-in-SCPI-genpd-.patch
(git-fixes CVE-2021-47609 bsc#1226562).
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766).
- Update patches.suse/i40e-Fix-queues-reservation-for-XDP.patch
(git-fixes CVE-2021-47619 bsc#1226645).
- Update patches.suse/igbvf-fix-double-free-in-igbvf_probe.patch
(jsc#SLE-18379 CVE-2021-47589 bsc#1226557).
- Update
patches.suse/inet_diag-fix-kernel-infoleak-for-UDP-sockets.patch
(git-fixes CVE-2021-47597 bsc#1226553).
- Update
patches.suse/iocost-Fix-divide-by-zero-on-donation-from-low-hweig.patch
(bsc#1198014 CVE-2021-47584 bsc#1226564).
- Update
patches.suse/iommu-vt-d-fix-potential-memory-leak-in-intel_setup_irq_remapping
(git-fixes CVE-2022-48724 bsc#1226624).
- Update
patches.suse/isdn-cpai-check-ctr-cnr-to-avoid-array-index-out-of-.patch
(stable-5.14.15 CVE-2021-43389 CVE-2021-3896 bsc#1191958
CVE-2021-4439 bsc#1226670).
- Update
patches.suse/mac80211-track-only-QoS-data-frames-for-admission-co.patch
(git-fixes CVE-2021-47602 bsc#1226554).
- Update
patches.suse/mac80211-validate-extended-element-ID-is-present.patch
(git-fixes CVE-2021-47611 bsc#1226583).
- Update
patches.suse/media-mxl111sf-change-mutex_init-location.patch
(git-fixes CVE-2021-47583 bsc#1226563).
- Update
patches.suse/net-amd-xgbe-Fix-skb-data-length-underflow.patch
(git-fixes CVE-2022-48743 bsc#1226705).
- Update
patches.suse/net-hns3-fix-use-after-free-bug-in-hclgevf_send_mbx_.patch
(bsc#1190336 CVE-2021-47596 bsc#1226558).
- Update
patches.suse/net-ieee802154-ca8210-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48722 bsc#1226619).
- Update
patches.suse/net-macsec-Fix-offload-support-for-NETDEV_UNREGISTER.patch
(git-fixes CVE-2022-48720 bsc#1226683).
- Update
patches.suse/net-mlx5-Use-del_timer_sync-in-fw-reset-flow-of-halt.patch
(git-fixes CVE-2022-48745 bsc#1226702).
- Update
patches.suse/net-mlx5e-Avoid-field-overflowing-memcpy.patch
(git-fixes CVE-2022-48744 bsc#1226696).
- Update
patches.suse/net-mlx5e-Fix-handling-of-wrong-devices-during-bond-.patch
(git-fixes CVE-2022-48746 bsc#1226703).
- Update
patches.suse/net-smc-Forward-wakeup-to-smc-socket-waitqueue-after-fallback
(git-fixes CVE-2022-48721 bsc#1226685).
- Update
patches.suse/net-smc-Transitional-solution-for-clcsock-race-issue
(git-fixes CVE-2022-48751 bsc#1226653).
- Update
patches.suse/net-stmmac-dwmac-rk-fix-oob-read-in-rk_gmac_setup.patch
(git-fixes CVE-2021-47586 bsc#1226561).
- Update
patches.suse/net-stmmac-fix-tc-flower-deletion-for-VLAN-priority-.patch
(git-fixes CVE-2021-47592 bsc#1226572).
- Update
patches.suse/net-systemport-Add-global-locking-for-descriptor-lif.patch
(git-fixes CVE-2021-47587 bsc#1226567).
- Update
patches.suse/nfc-fix-segfault-in-nfc_genl_dump_devices_done.patch
(git-fixes CVE-2021-47612 bsc#1226585).
- Update
patches.suse/of-module-prevent-NULL-pointer-dereference-in-vsnprintf.patch
(bsc#1226587 CVE-2024-38541 CVE-2024-35878 bsc#1224671).
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713).
- Update patches.suse/phylib-fix-potential-use-after-free.patch
(git-fixes CVE-2022-48754 bsc#1226692).
- Update
patches.suse/powerpc-perf-Fix-power_pmu_disable-to-call-clear_pmi.patch
(bsc#1156395 CVE-2022-48752 bsc#1226709).
- Update
patches.suse/rpmsg-char-Fix-race-between-the-release-of-rpmsg_ctr.patch
(git-fixes CVE-2022-48759 bsc#1226711).
- Update
patches.suse/scsi-bnx2fc-Flush-destroy_work-queue-before-calling-bnx2fc_interface_put
(git-fixes bsc#1196746 CVE-2022-48758 bsc#1226708).
- Update patches.suse/scsi-bnx2fc-Make-bnx2fc_recv_frame-mp-safe
(git-fixes bsc#1196746 CVE-2022-48715 bsc#1226621).
- Update
patches.suse/scsi-scsi_debug-Don-t-call-kcalloc-if-size-arg-is-zero.patch
(git-fixes CVE-2021-47578 bsc#1226539).
- Update
patches.suse/scsi-scsi_debug-Fix-type-in-min_t-to-avoid-stack-OOB.patch
(git-fixes CVE-2021-47580 bsc#1226550).
- Update
patches.suse/scsi-scsi_debug-Sanity-check-block-descriptor-length-in-resp_mode_select.patch
(git-fixes CVE-2021-47576 bsc#1226537).
- Update
patches.suse/selinux-fix-double-free-of-cond_list-on-error-paths.patch
(git-fixes CVE-2022-48740 bsc#1226699).
- Update
patches.suse/spi-uniphier-fix-reference-count-leak-in-uniphier_sp.patch
(git-fixes CVE-2022-48723 bsc#1226617).
- Update patches.suse/tee-amdtee-fix-an-IS_ERR-vs-NULL-bug.patch
(jsc#SLE-21844 CVE-2021-47601 bsc#1226576).
- Update
patches.suse/tipc-improve-size-validations-for-received-domain-re.patch
(bsc#1195254 CVE-2022-0435 CVE-2022-48711 bsc#1226672).
- Update
patches.suse/tracing-histogram-Fix-a-potential-memory-leak-for-kstrdup.patch
(git-fixes CVE-2022-48768 bsc#1226720).
- Update
patches.suse/usb-xhci-plat-fix-crash-when-suspend-if-remote-wake-.patch
(git-fixes CVE-2022-48761 bsc#1226701).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800).
- commit cc322a0
- X.509: Fix the parser of extended key usage for length
(bsc#1218820).
- commit c5d6d23
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(CVE-2024-36904 bsc#1225732).
- commit 975b193
- bpf: correct loop detection for iterators convergence
(bsc#1225903).
- commit c7253b6
- bpf: exact states comparison for iterator convergence checks
(bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c
(bsc#1225903).
- bpf: Verify scalar ids mapping in regsafe() using check_ids()
(bsc#1225903).
- bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
- bpf: fix calculation of subseq_idx during precision backtracking
(bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-backtracking-instruction-iteration.patch
- commit 7f3ee03
- bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
- commit 3786246
- Update
patches.suse/1203-drm-mxsfb-Fix-NULL-pointer-dereference.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48718 bsc#1226616).
- Update
patches.suse/1250-drm-amd-display-Wrap-dcn301_calculate_wm_and_dlg-for.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48766 bsc#1226704).
- Update
patches.suse/1327-drm-msm-Fix-null-ptr-access-msm_ioctl_gem_submit.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47610 bsc#1226581).
- Update
patches.suse/ALSA-Fix-deadlocks-with-kctl-removals-at-disconnecti.patch
(stable-fixes CVE-2024-38600 bsc#1226864).
- Update
patches.suse/ALSA-core-Fix-NULL-module-pointer-assignment-at-card.patch
(git-fixes CVE-2024-38605 bsc#1226740).
- Update
patches.suse/ALSA-hda-cs_dsp_ctl-Use-private_free-for-control-cle.patch
(git-fixes CVE-2024-38388 bsc#1226890).
- Update
patches.suse/ALSA-timer-Set-lower-bound-of-start-tick-time.patch
(stable-fixes git-fixes CVE-2024-38618 bsc#1226754).
- Update
patches.suse/ASoC-kirkwood-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-38550 bsc#1226633).
- Update
patches.suse/Input-cyapa-add-missing-input-core-locking-to-suspen.patch
(git-fixes CVE-2023-52884 bsc#1226764).
- Update
patches.suse/KEYS-trusted-Do-not-use-WARN-when-encode-fails.patch
(git-fixes CVE-2024-36975 bsc#1226520).
- Update
patches.suse/KEYS-trusted-Fix-memory-leak-in-tpm2_key_encode.patch
(git-fixes CVE-2024-36967 bsc#1226131).
- Update
patches.suse/RDMA-hns-Fix-deadlock-on-SRQ-async-events.patch
(git-fixes CVE-2024-38591 bsc#1226738).
- Update
patches.suse/RDMA-hns-Modify-the-print-level-of-CQE-error.patch
(git-fixes CVE-2024-38590 bsc#1226839).
- Update
patches.suse/RDMA-rxe-Fix-seg-fault-in-rxe_comp_queue_pkt.patch
(git-fixes CVE-2024-38544 bsc#1226597).
- Update
patches.suse/block-fix-memory-leak-in-disk_register_independent_a.patch
(jsc#PED-1183 CVE-2022-48753 bsc#1226693).
- Update
patches.suse/bnxt_re-avoid-shift-undefined-behavior-in-bnxt_qplib.patch
(git-fixes CVE-2024-38540 bsc#1226582).
- Update
patches.suse/bpf-Guard-against-accessing-NULL-pt_regs-in-bpf_get_.patch
(jsc#PED-1377 CVE-2022-48770 bsc#1226730).
- Update
patches.suse/bpf-Use-VM_MAP-instead-of-VM_ALLOC-for-ringbuf.patch
(jsc#PED-1377 CVE-2022-48714 bsc#1226622).
- Update
patches.suse/btrfs-fix-use-after-free-after-failure-to-create-a-s.patch
(git-fixes CVE-2022-48733 bsc#1226718).
- Update
patches.suse/cppc_cpufreq-Fix-possible-null-pointer-dereference.patch
(git-fixes CVE-2024-38573 bsc#1226739).
- Update patches.suse/crypto-bcm-Fix-pointer-arithmetic.patch
(git-fixes CVE-2024-38579 bsc#1226637).
- Update
patches.suse/drm-amd-display-Fix-division-by-zero-in-setup_dsc_co.patch
(stable-fixes CVE-2024-36969 bsc#1226155).
- Update
patches.suse/drm-amd-display-Fix-potential-index-out-of-bounds-in.patch
(git-fixes CVE-2024-38552 bsc#1226767).
- Update
patches.suse/drm-amdgpu-add-error-handle-to-avoid-out-of-bounds.patch
(stable-fixes CVE-2024-39471 bsc#1227096).
- Update
patches.suse/drm-amdgpu-mes-fix-use-after-free-issue.patch
(stable-fixes CVE-2024-38581 bsc#1226657).
- Update
patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
(git-fixes CVE-2024-38548).
- Update
patches.suse/drm-mediatek-Add-0-size-check-to-mtk_drm_gem_obj.patch
(git-fixes CVE-2024-38549 bsc#1226735).
- Update
patches.suse/drm-msm-a6xx-Avoid-a-nullptr-dereference-when-speedb.patch
(git-fixes CVE-2024-38390 bsc#1226891).
- Update
patches.suse/drm-vc4-Fix-possible-null-pointer-dereference.patch
(git-fixes CVE-2024-38546 bsc#1226593).
- Update
patches.suse/drm-vmwgfx-Fix-invalid-reads-in-fence-signaled-event.patch
(git-fixes CVE-2024-36960 bsc#1225872).
- Update
patches.suse/efi-libstub-only-free-priv.runtime_map-when-allocate.patch
(git-fixes CVE-2024-33619 bsc#1226768).
- Update
patches.suse/io-wq-check-for-wq-exit-after-adding-new-worker-task.patch
(bsc#1205205 CVE-2021-47577 bsc#1226538).
- Update
patches.suse/jffs2-prevent-xattr-node-from-overflowing-the-eraseblock.patch
(git-fixes CVE-2024-38599 bsc#1226848).
- Update
patches.suse/media-atomisp-ssh_css-Fix-a-null-pointer-dereference.patch
(git-fixes CVE-2024-38547 bsc#1226632).
- Update
patches.suse/media-lgdt3306a-Add-a-check-against-null-pointer-def.patch
(stable-fixes CVE-2022-48772 bsc#1226976).
- Update
patches.suse/media-stk1160-fix-bounds-checking-in-stk1160_copy_vi.patch
(git-fixes CVE-2024-38621 bsc#1226895).
- Update
patches.suse/net-bridge-vlan-fix-memory-leak-in-__allowed_ingress.patch
(git-fixes CVE-2022-48748 bsc#1226647).
- Update
patches.suse/net-sched-sch_ets-don-t-remove-idle-classes-from-the.patch
(bsc#1207361 CVE-2021-47595 bsc#1226552).
- Update
patches.suse/netfilter-complete-validation-of-user-input.patch
(CVE-2024-35896 bsc#1224662 git-fixes CVE-2024-35962
bsc#1224583).
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_rx_work.patch
(git-fixes CVE-2024-38381 bsc#1226878).
- Update
patches.suse/nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch
(stable-fixes CVE-2024-38582 bsc#1226658).
- Update
patches.suse/nilfs2-fix-use-after-free-of-timer-for-log-writer-th.patch
(git-fixes CVE-2024-38583 bsc#1226777).
- Update
patches.suse/powerpc64-bpf-Limit-ldbrx-to-processors-compliant-wi.patch
(jsc#PED-1377 CVE-2022-48755 bsc#1226706).
- Update
patches.suse/remoteproc-mediatek-Make-sure-IPI-buffer-fits-in-L2T.patch
(git-fixes CVE-2024-36965 bsc#1226149).
- Update
patches.suse/ring-buffer-Fix-a-race-between-readers-and-resize-checks.patch
(bsc#1222893 CVE-2024-38601 bsc#1226876).
- Update
patches.suse/scsi-qla2xxx-Fix-off-by-one-in-qla_edif_app_getstats.patch
(git-fixes CVE-2024-36025 bsc#1225704).
- Update
patches.suse/serial-max3100-Lock-port-lock-when-calling-uart_hand.patch
(git-fixes CVE-2024-38634 bsc#1226868).
- Update
patches.suse/serial-max3100-Update-uart_driver_registered-on-driv.patch
(git-fixes CVE-2024-38633 bsc#1226867).
- Update
patches.suse/soundwire-cadence-fix-invalid-PDI-offset.patch
(stable-fixes CVE-2024-38635 bsc#1226863).
- Update patches.suse/speakup-Fix-sizeof-vs-ARRAY_SIZE-bug.patch
(git-fixes CVE-2024-38587 bsc#1226780).
- Update
patches.suse/swiotlb-Fix-double-allocation-of-slots-due-to-broken-alignment-handling.patch
(bsc#1224331 CVE-2024-35814 bsc#1224602).
- Update
patches.suse/thermal-drivers-tsens-Fix-null-pointer-dereference.patch
(git-fixes CVE-2024-38571 bsc#1226737).
- Update
patches.suse/tpm_tis_spi-Account-for-SPI-header-when-allocating-TPM-SPI-xfer-buffer.patch
(bsc#1225535 CVE-2024-36477 bsc#1226840).
- Update
patches.suse/usb-storage-alauda-Check-whether-the-media-is-initia.patch
(git-fixes CVE-2024-38619 bsc#1226861).
- Update
patches.suse/vduse-check-that-offset-is-within-bounds-in-get_conf.patch
(jsc#PED-1549 CVE-2021-47604 bsc#1226566).
- Update
patches.suse/vduse-fix-memory-corruption-in-vduse_dev_ioctl.patch
(jsc#PED-1549 CVE-2021-47605 bsc#1226579).
- Update
patches.suse/watchdog-cpu5wdt.c-Fix-use-after-free-bug-caused-by-.patch
(git-fixes CVE-2024-38630 bsc#1226908).
- Update
patches.suse/wifi-ar5523-enable-proper-endpoint-verification.patch
(git-fixes CVE-2024-38565 bsc#1226747).
- Update
patches.suse/wifi-carl9170-add-a-proper-sanity-check-for-endpoint.patch
(git-fixes CVE-2024-38567 bsc#1226769).
- Update
patches.suse/wifi-carl9170-re-fix-fortified-memset-warning.patch
(git-fixes CVE-2024-38616 bsc#1226852).
- commit efd69a4
- tcp: do not accept ACK of bytes we never sent (CVE-2023-52881
bsc#1225611).
- commit ab5f35b
- bpf: support precision propagation in the presence of subprogs
(bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-backtracking-instruction-iteration.patch
- bpf: fix mark_all_scalars_precise use in mark_chain_precision
(bsc#1225903).
- bpf: fix propagate_precision() logic for inner frames
(bsc#1225903).
- bpf: maintain bitmasks across all active frames in
__mark_chain_precision (bsc#1225903).
- bpf: take into account liveness when propagating precision
(bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-propagation-verbose-logging.patch
- commit c5f7596
- net: ena: Fix redundant device NUMA node override
(jsc#PED-8690).
- commit 629130c
- ata: ahci: Clean up sysfs file on error (git-fixes).
- ata: libata-core: Fix double free on error (git-fixes).
- ata: libata-core: Fix null pointer dereference on error
(git-fixes).
- kbuild: Install dtb files as 0644 in Makefile.dtbinst
(git-fixes).
- iio: chemical: bme680: Fix sensor data read operation
(git-fixes).
- iio: chemical: bme680: Fix overflows in compensate() functions
(git-fixes).
- iio: chemical: bme680: Fix calibration data variable
(git-fixes).
- iio: chemical: bme680: Fix pressure value output (git-fixes).
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
(git-fixes).
- iio: adc: ad7266: Fix variable checking bug (git-fixes).
- tty: mcf: MCF54418 has 10 UARTS (git-fixes).
- usb: dwc3: core: remove lock of otg mode during gadget
suspend/resume to avoid deadlock (git-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind()
(git-fixes).
- usb: gadget: printer: fix races against disable (git-fixes).
- commit 201a936
- i2c: testunit: discard write requests while old command is
running (git-fixes).
- i2c: testunit: don't erase registers after STOP (git-fixes).
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
(git-fixes).
- mmc: sdhci: Do not invert write-protect twice (git-fixes).
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
(git-fixes).
- commit 958e336
- gpiolib: cdev: Disallow reconfiguration without direction
(uAPI v1) (git-fixes).
- gpio: davinci: Validate the obtained number of IRQs (git-fixes).
- commit dc60c09
- net/9p: fix uninit-value in p9_client_rpc() (CVE-2024-39301
bsc#1226994).
- commit b325415
- arm64: mm: Don't remap pgtables for allocate vs populate
(jsc#PED-8690).
- arm64: mm: Batch dsb and isb when populating pgtables
(jsc#PED-8690).
- arm64: mm: Don't remap pgtables per-cont(pte|pmd) block
(jsc#PED-8690).
- arm64: mm: don't acquire mutex when rewriting swapper
(jsc#PED-8690).
- commit 911eabe
- smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103,
CVE-2024-39468).
- commit ef9e40f
- bpf: improve precision backtrack logging (bsc#1225903).
- bpf: encapsulate precision backtracking bookkeeping
(bsc#1225903).
- Refresh patches.suse/bpf-Fix-precision-tracking-for-BPF_ALU-BPF_TO_BE-BPF.patch
- bpf: mark relevant stack slots scratched for register read
instructions (bsc#1225903).
- commit acd95d8
- bpf: Improve verifier u32 scalar equality checking
(bsc#1225903).
- bpf: ensure state checkpointing at iter_next() call sites
(bsc#1225903).
- Refresh patches.kabi/bpf-struct-bpf_insn_aux_data-workaround.patch
- bpf: fix regs_exact() logic in regsafe() to remap IDs correctly
(bsc#1225903).
- bpf: perform byte-by-byte comparison only when necessary in
regsafe() (bsc#1225903).
- selftests/bpf: Verify copy_register_state() preserves
parent/live fields (bsc#1225903).
- bpf: Fix to preserve reg parent/live fields when copying range
info (bsc#1225903).
- commit 6ef5769
- bpf: reject non-exact register type matches in regsafe()
(bsc#1225903).
- bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
- bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
- bpf: teach refsafe() to take into account ID remapping
(bsc#1225903).
- selftests/bpf: test case for relaxed prunning of active_lock.id
(bsc#1225903).
- selftests/bpf: Add pruning test case for bpf_spin_lock
(bsc#1225903).
- bpf: use check_ids() for active_lock comparison (bsc#1225903).
- selftests/bpf: verify states_equal() maintains idmap across
all frames (bsc#1225903).
- bpf: states_equal() must build idmap for all function frames
(bsc#1225903).
- selftests/bpf: test cases for regsafe() bug skipping check_id()
(bsc#1225903).
- bpf: regsafe() must not skip check_ids() (bsc#1225903).
- selftests/bpf: make test_align selftest more robust
(bsc#1225903).
- bpf: aggressively forget precise markings during state
checkpointing (bsc#1225903).
- bpf: stop setting precise in current state (bsc#1225903).
- bpf: allow precision tracking for programs with subprogs
(bsc#1225903).
- Remove f655badf2a8f "bpf: fix propagate_precision() logic for inner
frames" from blacklist.conf, which is a fix for this
- commit 605166e
- iommu: mtk: fix module autoloading (git-fixes).
- commit 8d5ca45
- iommu: Return right value in iommu_sva_bind_device()
(git-fixes).
- iommu/amd: Fix sysfs leak in iommu init (git-fixes).
- commit 89e035d
- random: treat bootloader trust toggle the same way as cpu
trust toggle (bsc#1226953).
- commit ad48400
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
(bsc#1222015 bsc#1226962).
- commit 71e0b41
- Fix new build warnings regarding unused variables:
Changed build warnings:
* **** 2 warnings *****
* unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_queue_cap_unlink_work
../fs/ceph/mds_client.c: In function 'ceph_queue_cap_unlink_work':
../fs/ceph/mds_client.c:2421:22: warning: unused variable 'cl' [-Wunused-variable]
* unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_cap_unlink_work
../fs/ceph/mds_client.c: In function 'ceph_cap_unlink_work':
../fs/ceph/mds_client.c:2436:22: warning: unused variable 'cl' [-Wunused-variable]
- Refresh
patches.suse/ceph-add-ceph_cap_unlink_work-to-fire-check_caps-imme.patch.
- Refresh
patches.suse/ceph-switch-to-use-cap_delay_lock-for-the-unlink-dela.patch.
- commit 0e2186a
- ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820
(git-fixes).
- commit 7df4f37
- drm/i915/gt: Fix potential UAF by revoke of fence registers
(git-fixes).
- drm/panel: simple: Add missing display timing flags for KOE
TX26D202VM0BWA (git-fixes).
- net: usb: ax88179_178a: improve link status logs (git-fixes).
- net: phy: micrel: add Microchip KSZ 9477 to the device table
(git-fixes).
- batman-adv: Don't accept TT entries for out-of-spec VIDs
(git-fixes).
- net: can: j1939: recover socket queue on CAN bus error during
BAM transmission (git-fixes).
- net: can: j1939: Initialize unused data in j1939_send_one()
(git-fixes).
- net: can: j1939: enhanced error handling for tightly received
RTS messages in xtp_rx_rts_session_new (git-fixes).
- ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes).
- ASoC: amd: acp: remove i2s configuration check in
acp_i2s_probe() (git-fixes).
- ASoC: amd: acp: add a null check for chip_pdev structure
(git-fixes).
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
- ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM
(git-fixes).
- ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option
(git-fixes).
- ALSA: hda/realtek: Remove Framework Laptop 16 from quirks
(git-fixes).
- ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook
445/465 G11 (stable-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
- drm/lima: mask irqs in timeout path before hard reset
(stable-fixes).
- drm/lima: add mask irq callback to gp and pp (stable-fixes).
- drm/amd/display: revert Exit idle optimizations before HDCP
execution (stable-fixes).
- drm/amd/display: Exit idle optimizations before HDCP execution
(stable-fixes).
- commit 8b51ea0
- kfence: fix memory leak when cat kfence objects (bsc#1220958,
CVE-2021-47089).
- commit 10017b7
- nilfs2: fix potential kernel bug due to lack of writeback flag
waiting (bsc#1227066 CVE-2024-37078).
- commit f38d6d3
- nilfs2: fix nilfs_empty_dir() misjudgment and long loop on
I/O errors (bsc#1226992 CVE-2024-39469).
- commit 6b2d7ad
- kABI workaround for FPGA changes (CVE-2024-35247 bsc#1226948
CVE-2024-36479 bsc#1226949 CVE-2024-37021 bsc#1226950).
- commit 34bcd8e
- fpga: region: add owner module and take its refcount
(CVE-2024-35247 bsc#1226948).
- Refresh patches.suse/fpga-add-kABI-padding.patch.
- commit 2206f02
- fpga: manager: add owner module and take its refcount
(CVE-2024-37021 bsc#1226950).
- Refresh patches.suse/fpga-add-kABI-padding.patch.
- commit 9371d28
- fpga: bridge: add owner module and take its refcount
(CVE-2024-36479 bsc#1226949).
- commit 8710b3c
- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
CVE-2024-38560).
- scsi: bnx2fc: Remove spin_lock_bh while releasing resources
after upload (bsc#1224767 CVE-2024-36919).
- commit 0e530b8
- kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
- commit bacb90a
- Update
patches.suse/smb-client-guarantee-refcounted-children-from-parent-session.patch
(bsc#1224679 CVE-2024-35869).
- commit ed4e9d0
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
BPF_LINK_CREATE (bsc#1226789 CVE-2024-38564).
- bpf: Add attach_type checks under
bpf_prog_attach_check_attach_type (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Add sockopt case to verify prog_type (bsc#1226789
CVE-2024-38564).
- selftests/bpf: Extend sockopt tests to use BPF_LINK_CREATE
(bsc#1226789 CVE-2024-38564).
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
BPF_LINK_CREATE (bsc#1226789 CVE-2024-38564).
- bpf: Add attach_type checks under
bpf_prog_attach_check_attach_type (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Check whether to run selftest (bsc#1226789
CVE-2024-38564).
- bpf: Force kprobe multi expected_attach_type for kprobe_multi
link (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Convert sockopt test to ASSERT_* macros
(bsc#1226789 CVE-2024-38564).
- commit fec2539
- s390/ap: Fix crash in AP internal function modify_bitmap()
(CVE-2024-38661 bsc#1226996 git-fixes).
- commit bd5322c
- null_blk: Fix return value of nullb_device_power_store()
(bsc#1226841 CVE-2024-36478).
- commit c3dfa05
- null_blk: fix null-ptr-dereference while configuring 'power'
and 'submit_queues' (bsc#1226841 CVE-2024-36478).
- commit 0589f0b
- block: fix overflow in blk_ioctl_discard() (bsc#1225770
CVE-2024-36917).
- commit 8cdaac1
- epoll: be better about file lifetimes (bsc#1226610
CVE-2024-38580).
- commit e0be089
- Kabi fix for ipv6: fix memory leak in fib6_rule_suppress
(CVE-2021-47546 bsc#1225504).
- ipv6: fix memory leak in fib6_rule_suppress (CVE-2021-47546
bsc#1225504).
- commit 589556f
- cifs: fix hang in wait_for_response() (bsc#1220812,
bsc#1220368).
- commit b9be417
- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
CVE-2024-38560).
- commit 45c369f
- Update
patches.suse/io_uring-fix-race-between-timeout-flush-and-removal.patch
(bsc#1205205 CVE-2022-29582).
I accidentally dropped the CVE reference when updating this backport.
Re-add it.
- commit f2446ba
- mptcp: clear 'kern' flag from fallback sockets
(CVE-2021-47593 bsc#1226551).
- commit 2659f40
- net: sched: sch_multiq: fix possible OOB write in multiq_tune()
(CVE-2024-36978 bsc#1226514).
- commit bc93665
- net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
(CVE-2024-36974 bsc#1226519).
- commit 433e33d
- xhci: Simplify event ring dequeue pointer update for port
change events (git-fixes).
- commit 3185bc8
- PCI/ASPM: Update save_state when configuration changes (bsc#1226915)
- commit b938861
- mm: Avoid overflows in dirty throttling logic (bsc#1222364
CVE-2024-26720).
- commit 6a8050a
- net/mlx5: Discard command completions in internal error
(CVE-2024-38555 bsc#1226607).
- enic: Validate length of nl attributes in enic_set_vf_port
(CVE-2024-38659 bsc#1226883).
- net: fec: remove .ndo_poll_controller to avoid deadlocks
(CVE-2024-38553 bsc#1226744).
- net/mlx5: Discard command completions in internal error
(CVE-2024-38555 bsc#1226607).
- net/mlx5: Add a timeout to acquire the command queue semaphore
(CVE-2024-38556 bsc#1226774).
- net/mlx5: Reload only IB representors upon lag disable/enable
(CVE-2024-38557 bsc#1226781).
- net/mlx5e: Fix netif state handling (CVE-2024-38608
bsc#1226746).
- eth: sungem: remove .ndo_poll_controller to avoid deadlocks
(CVE-2024-38597 bsc#1226749).
- net: stmmac: move the EST lock to struct stmmac_priv
(CVE-2024-38594 bsc#1226734).
- net/mlx5e: Add wrapping for auxiliary_driver ops and remove
unused args (CVE-2024-38608 bsc#1226746).
- net/mlx5e: Fix a race in command alloc flow (git-fixes).
- commit 2ae4454
- usb: xhci: address off-by-one in xhci_num_trbs_free()
(git-fixes).
- commit 841d39b
- usb: xhci: improve debug message in xhci_ring_expansion_needed()
(git-fixes).
- commit d2b5f1e
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- commit 1a2e96b
- xhci: fix matching completion events with TDs (git-fixes).
- commit aca914a
- xhci: update event ring dequeue pointer position to controller
correctly (git-fixes).
- commit 93be17d
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
(CVE-2024-38780 bsc#1226886).
- commit 43f7b44
- nvmet-passthru: propagate status from id override functions
(git-fixes).
- nvme: find numa distance only if controller has valid numa id
(git-fixes).
- commit cdc1f02
- PCI: Clear Secondary Status errors after enumeration (bsc#1226928)
- commit 5d3e24c
- stm class: Fix a double free in stm_register_device()
(CVE-2024-38627 bsc#1226857).
- commit 050e247
- Input: ili210x - fix ili251x_read_touch_data() return value
(git-fixes).
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
(git-fixes).
- pinctrl: rockchip: use dedicated pinctrl type for RK3328
(git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
(git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
(git-fixes).
- pinctrl: fix deadlock in create_pinctrl() when handling
- EPROBE_DEFER (git-fixes).
- pinctrl: qcom: spmi-gpio: drop broken pm8008 support
(git-fixes).
- commit 6e807ea
- drivers/perf: hisi: hns3: Actually use
devm_add_action_or_reset() (CVE-2024-38603 bsc#1226842).
- commit 1bb22d3
- usb: xhci: Implement xhci_handshake_check_state() helper
(git-fixes).
- commit cb838be
- ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634, CVE-2024-38578).
- commit 7445d84
- NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- commit 63fa513
- xhci: Fix failure to detect ring expansion need (git-fixes).
- commit 113690d
- usb: typec: ucsi: Never send a lone connector change ack
(git-fixes).
- commit 7ee9645
- xhci: restre deleted trb fields for tracing (git-fixes).
- commit 93cf02b
- xhci: Stop unnecessary tracking of free trbs in a ring
(git-fixes).
- commit a2d1e46
- xhci: Fix transfer ring expansion size calculation (git-fixes).
- commit 896ce4e
- xhci: remove unused stream_id parameter from
xhci_handle_halted_endpoint() (git-fixes).
- commit 98ef3b9
- xhci: simplify event ring dequeue tracking for transfer events
(git-fixes).
- commit 53c9c00
- usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
- commit 212d0e7
- usb: typec: ucsi: Ack also failed Get Error commands
(git-fixes).
- commit 39df22a
- net: usb: ax88179_178a: improve reset check (git-fixes).
- commit a9cd82a
- net: usb: rtl8150 fix unintiatilzed variables in
rtl8150_get_link_ksettings (git-fixes).
- commit 331f817
- i2c: ocores: set IACK bit after core is enabled (git-fixes).
- commit 208be97
- RDMA/hns: Fix UAF for cq async event (bsc#1226595 CVE-2024-38545)
- commit 98b2f74
- regulator: bd71815: fix ramp values (git-fixes).
- regulator: core: Fix modpost error "regulator_get_regmap"
undefined (git-fixes).
- commit 67d8d3b
- RDMA/mlx5: Add check for srq max_sge attribute (git-fixes)
- commit d13a032
- drm/i915/mso: using joiner is not possible with eDP MSO
(git-fixes).
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your
kernel is fine." (git-fixes).
- dmaengine: ioatdma: Fix missing kmem_cache_destroy()
(git-fixes).
- dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (git-fixes).
- drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
- drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
- drm/i915/gt: Disarm breadcrumbs if engines are already idle
(git-fixes).
- drm/amd/display: drop unnecessary NULL checks in debugfs
(stable-fixes).
- commit 2ec7855
- ASoC: codecs: wcd938x: fix incorrect used of portid
(CVE-2022-48716 bsc#1226678).
- Refresh
patches.suse/ASoC-codecs-wcd938x-fix-return-value-of-mixer-put-fu.patch.
- commit 72e80ef
- drivers/perf: hisi: hns3: Fix out-of-bound access when valid
event group (CVE-2024-38568 bsc#1226771).
- commit 8713f77
- sched/core: Fix incorrect initialization of the 'burst'
parameter in cpu_max_write() (bsc#1226791).
- commit b41cbc1
- bsc#1225894: Fix patch references
- commit eaa0db4
- net/mlx5: Properly link new fs rules into the tree (bsc#1224588
CVE-2024-35960).
- commit e25590c
- net/mlx5e: fix a potential double-free in fs_any_create_groups
(bsc#1224603 CVE-2023-52667).
- commit df4661c
- net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605
CVE-2024-35835).
- commit 60e8562
- Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
- Update config files.
- supported.conf:
- commit 875ffbb
- of: module: prevent NULL pointer dereference in vsnprintf() (bsc#1226587 CVE-2024-38541)
- commit 0394d90
- of: module: add buffer overflow check in of_modalias() (bsc#1226587 CVE-2024-38541)
- commit e54e996
- net: ena: Fix incorrect descriptor free behavior (bsc#1224677
CVE-2024-35958).
- commit 5e978bb
- net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716
CVE-2024-27432).
- commit d64a6b1
- Revert "net/mlx5: Block entering switchdev mode with ns
inconsistency" (bsc#1224719 CVE-2023-52658).
- commit a900e45
- bonding: stop the device in bond_setup_by_slave() (bsc#1224946
CVE-2023-52784).
- commit e6d4b4f
- cachefiles: remove requests from xarray during flushing requests
(bsc#1226588).
- commit 3613d54
- blacklist.conf: add ppdev cleanup
- commit efdca47
- net/smc: fix neighbour and rtable leak in smc_ib_find_route()
(git-fixes bsc#1225823 CVE-2024-36945 bsc#1226548).
- commit 1725fed
- net: preserve kabi for struct dst_ops (CVE-2024-36971
bsc#1226145).
- commit 74d650a
- net: fix __dst_negative_advice() race (CVE-2024-36971
bsc#1226145).
- commit 6d5c393
- RDMA/hns: Fix incorrect sge nums calculation (git-fixes)
- commit 11a4ad4
- RDMA/irdma: Drop unused kernel push code (git-fixes)
- commit 4f86e97
- amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872 CVE-2024-36949)
- commit 0c17d54
- drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
- commit a9a84c1
- nfsd: optimise recalculate_deny_mode() for a common case
(bsc#1217912).
- commit 49675fb
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633
bsc#1226226).
- commit 8203342
- Revert "Add remote for nfs maintainer"
This reverts commit 9de16b6543dde7651ef5da514ebf6f29e7eac94b.
This came in through the wrong tree - sorry.
- commit 3905117
- Rename to
patches.suse/fs-9p-only-translate-RWX-permissions-for-plain-9P200.patch.
by scripts/renamepatches
- commit 0b4b132
- x86/mce: Dynamically size space for machine check records
(bsc#1222241).
- commit 96985c9
- seg6: fix the iif in the IPv6 socket control block
(CVE-2021-47515 bsc#1225426).
- commit 07e18ce
- net: nexthop: fix null pointer dereference when IPv6 is not enabled
(CVE-2021-47572 bsc#1225389).
- commit 87d2dc4
- netfilter: nf_tables: reject new basechain after table flag update
(CVE-2024-35900 bsc#1224497).
- commit e2ad7db
- ipv6: Fix infinite recursion in fib6_dump_done() (CVE-2024-35886
bsc#1224670).
- commit 8bfad13
- Update references
- commit b8183f9
- xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
- commit 0b50d79
- net: usb: smsc95xx: fix changing LED_SEL bit value updated
from EEPROM (git-fixes).
- commit a3c495c
- RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized
address translation (bsc#1225300).
- RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300).
- commit 4a3a73c
- i2c: designware: Fix the functionality flags of the slave-only
interface (git-fixes).
- i2c: at91: Fix the functionality flags of the slave-only
interface (git-fixes).
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log
messages (git-fixes).
- xhci: Handle TD clearing for multiple streams case (git-fixes).
- usb-storage: alauda: Check whether the media is initialized
(git-fixes).
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state
(git-fixes).
- usb: typec: tcpm: fix use-after-free case in
tcpm_register_source_caps (git-fixes).
- USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected
(git-fixes).
- drivers: core: synchronize really_probe() and dev_uevent()
(git-fixes).
- iio: imu: inv_icm42600: delete unneeded update watermark call
(git-fixes).
- iio: dac: ad5592r: fix temperature channel scaling value
(git-fixes).
- iio: adc: ad9467: fix scan type sign (git-fixes).
- mei: me: release irq in mei_me_pci_resume error path
(git-fixes).
- hwmon: (shtc1) Fix property misspelling (git-fixes).
- spi: stm32: Don't warn about spurious interrupts (git-fixes).
- net: usb: smsc95xx: fix changing LED_SEL bit value updated
from EEPROM (git-fixes).
- nilfs2: fix potential hang in nilfs_detach_log_writer()
(stable-fixes).
- drm/amdgpu/atomfirmware: add intergrated info v2.3 table
(stable-fixes).
- ALSA: timer: Set lower bound of start tick time (stable-fixes).
- intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
- soundwire: cadence: fix invalid PDI offset (stable-fixes).
- watchdog: bd9576: Drop "always-running" property (git-fixes).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba
WT10-A (stable-fixes).
- mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot
not working (stable-fixes).
- mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
- mmc: core: Add mmc_gpiod_set_cd_config() function
(stable-fixes).
- mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
- mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
(git-fixes).
- mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
- media: mxl5xx: Move xpt structures off stack (stable-fixes).
- media: flexcop-usb: fix sanity check of bNumEndpoints
(git-fixes).
- media: lgdt3306a: Add a check against null-pointer-def
(stable-fixes).
- media: v4l2-core: hold videodev_lock until dev reg, finishes
(stable-fixes).
- media: radio-shark2: Avoid led_names truncations (git-fixes).
- ALSA: Fix deadlocks with kctl removals at disconnection
(stable-fixes).
- drm/amdgpu: add error handle to avoid out-of-bounds
(stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
(stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
(stable-fixes).
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
(stable-fixes).
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
(stable-fixes).
- crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
- ASoC: da7219-aad: fix usage of device_get_named_child_node()
(stable-fixes).
- ASoC: rt715-sdca: volume step modification (stable-fixes).
- ASoC: rt715: add vendor clear control register (stable-fixes).
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts
floating (stable-fixes).
- regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
- regulator: irq_helpers: duplicate IRQ name (stable-fixes).
- wifi: cfg80211: fix the order of arguments for trace events
of the tx_rx_evt class (stable-fixes).
- net: usb: qmi_wwan: add Telit FN920C04 compositions
(stable-fixes).
- mmc: core: Do not force a retune before RPMB switch
(stable-fixes).
- mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
(stable-fixes).
- watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get()
(stable-fixes).
- media: flexcop-usb: clean up endpoint sanity checks
(stable-fixes).
- media: ipu3-cio2: Use temporary storage for struct device
pointer (stable-fixes).
- commit aace7d0
- netfilter: complete validation of user input
(CVE-2024-35896 bsc#1224662 git-fixes).
- commit 58a4873
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high
(bsc#1219224).
- commit f18a759
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when
no EDID found (git-fixes).
- drm/bridge/panel: Fix runtime warning on panel bridge release
(git-fixes).
- drm/komeda: check for error-valued pointer (git-fixes).
- commit e843af8
- smb: client: guarantee refcounted children from parent session
(bsc#1224679, CVE-35869).
- commit b0f469c
- smb: client: ensure to try all targets when finding nested links
(bsc#1224020).
- commit df159e7
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
(bsc#1224765, CVE-2024-35864).
- commit c296805
- smb: client: fix potential UAF in smb2_is_network_name_deleted()
(bsc#1224764, CVE-2024-35862).
- commit aa75c00
- smb: client: fix potential UAF in
cifs_signal_cifsd_for_reconnect() (bsc#1224766, CVE-2024-35861).
- commit f77cc8d
- smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225487, CVE-2023-52752).
- commit 39fb8f3
- drm/amd/display: Skip on writeback when it's not applicable (CVE-2024-36914 bsc#1225757).
- commit 9393875
- blacklist.conf: Add a7fb0423c201 cgroup: Move rcu_head up near the top of cgroup_root
- commit 221e9a0
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
(git-fixes).
- HID: logitech-dj: Fix memory leak in
logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: core: remove unnecessary WARN_ON() in implement()
(git-fixes).
- kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
- gpio: tqmx86: introduce shadow register for GPIO output value
(git-fixes).
- gpio: tqmx86: fix typo in Kconfig label (git-fixes).
- drm/vmwgfx: 3D disabled should not effect STDU memory limits
(git-fixes).
- drm/vmwgfx: Filter modes which exceed graphics memory
(git-fixes).
- drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms
(git-fixes).
- net: phy: Micrel KSZ8061: fix errata solution not taking effect
problem (git-fixes).
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set
element (git-fixes).
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation
(git-fixes).
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
(git-fixes).
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of
debugfs ifdef (git-fixes).
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
(git-fixes).
- wifi: cfg80211: pmsr: use correct nla_get_uX functions
(git-fixes).
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
- wifi: mac80211: Fix deadlock in
ieee80211_sta_ps_deliver_wakeup() (git-fixes).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
(git-fixes).
- cpufreq: amd-pstate: Fix the inconsistency in max frequency
units (git-fixes).
- kconfig: fix comparison to constant symbols, 'm', 'n'
(git-fixes).
- drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
- ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
(git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook
440/460 G11 (stable-fixes).
- drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting
fails (git-fixes).
- drm/msm/dp: Avoid a long timeout for AUX transfer if nothing
connected (git-fixes).
- ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
(stable-fixes).
- drm/amdkfd: Flush the process wq before creating a kfd_process
(stable-fixes).
- drm/amd/display: Add VCO speed parameter for DCN31 FPU
(stable-fixes).
- drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
- drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
- drm/amdgpu: Fix the ring buffer size for queue VM flush
(stable-fixes).
- drm/amdgpu: Update BO eviction priorities (stable-fixes).
- drm/amd/display: Set color_mgmt_changed to true on unsuspend
(stable-fixes).
- drm/msm/dp: Return IRQ_NONE for unhandled interrupts
(stable-fixes).
- drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays
(stable-fixes).
- drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
- commit 8f779cb
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225737 CVE-2024-36899).
- commit 9b295f5
- drm/mediatek: Fix coverity issue with unintentional integer overflow (CVE-2023-52857 bsc#1225581).
- commit 3f9829b
- drm/amd: check num of link levels when update pcie param (CVE-2023-52812 bsc#1225564).
- commit 86f2ac6
- rpmsg: virtio: Free driver_override when rpmsg_remove()
(bsc#1224696 CVE-2023-52670).
- commit beb5bc4
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- commit 212272f
- ext4: correct offset of gdb backup in non meta_bg group to
update_backups (bsc#1224735 CVE-2024-35807).
- commit bec0d72
- cgroup: Add annotation for holding namespace_sem in
current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in
proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe
(bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- commit b08e6de
- ext4: remove unnecessary check from alloc_flex_gd() (bsc#1222080
CVE-2023-52622).
- commit f15da02
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
changes (CVE-2024-35789 bsc#1224749).
- commit 2b6904d
- btrfs: lock the inode in shared mode before starting fiemap
(bsc#1225484 CVE-2023-52737).
- commit 613e476
- nbd: fix uaf in nbd_open (bsc#1224935 CVE-2023-52837).
- commit ade8b65
- blk-iocost: avoid out of bounds shift (bsc#1225759
CVE-2024-36916).
- commit bc772e8
- lib/generic-radix-tree.c: Don't overflow in peek() (bsc#1225391 CVE-2021-47432).
- commit 3dddaec
- blk-mq: make sure active queue usage is held for
bio_integrity_prep() (bsc#1225105 CVE-2023-52787).
- commit a4bdd9d
- block: prevent division by zero in blk_rq_stat_sum()
(bsc#1224661 CVE-2024-35925).
- commit 8cd7179
- ext4: fix corruption during on-line resize (bsc#1224735
CVE-2024-35807).
- commit d596ce4
- fat: fix uninitialized field in nostale filehandles (git-fixes
CVE-2024-26973 bsc#1223641).
- commit 91c4b39
- ext4: avoid online resizing failures due to oversized flex bg
(bsc#1222080 CVE-2023-52622).
- commit e47e37e
- fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1225866 CVE-2024-36964).
- commit b5d7488
- pinctrl: core: delete incorrect free in pinctrl_enable()
(CVE-2024-36940 bsc#1225840).
- commit 9b799cc
- clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
(CVE-2023-52882 bsc#1225692).
- commit fe79065
- staging: rtl8192e: Fix use after free in
_rtl92e_pci_disconnect() (CVE-2021-47571 bsc#1225518).
- commit 9461ee5
- supported.conf: mark ufs as unsupported
UFS is an unsupported filesystem, mark it as such. We still keep it
around (not marking as optional), to accommodate any potential
migrations from BSD systems.
- commit 0fea8fe
- supported.conf: mark orangefs as optional
We don't support orangefs at all (and it is already marked as such), but
since there are no SLE consumers of it, mark it as optional.
- commit fa81a2f
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212)
Some builds don't just create an iso9660 image, but also mount it during
build.
- commit aaee141
- llc: verify mac len before reading mac header
(CVE-2023-52843 bsc#1224951).
- commit ad237fd
- netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
(CVE-2024-35898 bsc#1224498).
- commit c5fbeed
- nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
(CVE-2024-36915 bsc#1225758).
- commit 5137f7b
- net: add copy_safe_from_sockptr() helper
(git-fixes prerequisite CVE-2024-36915 bsc#1225758).
- commit 7b13e3e
- rpm/kernel-obs-build.spec.in: Add networking modules for docker
(bsc#1226211)
docker needs more networking modules, even legacy iptable_nat and _filter.
- commit 415e132
- Kabi workaround for icmp: prevent possible NULL dereferences from
icmp_build_probe()
(CVE-2024-35857 bsc#1224619)
- commit d5d7caf
- rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()
(CVE-2021-47539 bsc#1225452).
- Refresh
patches.suse/rxrpc-Fix-race-between-conn-bundle-lookup-and-bundle.patch.
- commit 0d78641
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
(CVE-2021-47538 bsc#1225448).
- commit 6348fbd
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
(CVE-2024-36017 bsc#1225681).
- commit 829fd05
- net: vlan: fix underflow for the real_dev refcnt
(CVE-2021-47555 bsc#1225467).
- commit 345ef84
- net: hns3: fix kernel crash when devlink reload during
initialization (CVE-2024-36900 bsc#1225726).
- net: hns3: release PTP resources if pf initialization failed
(CVE-2024-36900 bsc#1225726).
- commit 59940cd
- netfilter: validate user input for expected length
(CVE-2024-35896 bsc#1224662).
- commit 4582da9
- scsi: sd: Update DIX config every time sd_revalidate_disk()
is called (bsc#1218570).
- commit d99bf25
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
(git-fixes).
- commit a35fad9
- net: mana: Enable MANA driver on ARM64 with 4K page size
(jsc#PED-8491).
- Update config files.
- commit b5a81c3
- bna: ensure the copied buf is NUL terminated (CVE-2024-36934
bsc#1225760).
- i40e: fix vf may be used uninitialized in this function warning
(CVE-2024-36020 bsc#1225698).
- net: hns3: fix kernel crash when devlink reload during pf
initialization (CVE-2024-36021 bsc#1225699).
- commit f146593
- Bluetooth: Add more enc key size check (bsc#1218148
CVE-2023-24023).
- commit 38891ed
- Bluetooth: Normalize HCI_OP_READ_ENC_KEY_SIZE cmdcmplt
(bsc#1218148 CVE-2023-24023).
- commit b7a79da
- xdp: use flags field to disambiguate broadcast redirect
(bsc#1225834 CVE-2024-36937).
- commit 7bc6ec5
- NFS: abort nfs_atomic_open_v23 if name is too long
(bsc#1219847).
- NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly
(bsc#1219847).
- commit c7a4ea9
- Add remote for nfs maintainer
- commit 9de16b6
- tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
(CVE-2023-52845 bsc#1225585).
- commit e952257
- fs/pipe: move check to pipe_has_watch_queue() (bsc#1224614
CVE-2023-52672).
- commit 3827adf
- pstore/platform: Add check for kstrdup (bsc#1225050
CVE-2023-52869).
- Refresh
patches.suse/pstore_disable_efi_backend_by_default.patch.
While refreshing of pstore_disable_efi_backend_by_default.patch, also
fix the non-conformant Patch-mainline tag.
- commit 6db9ce6
- pipe: wakeup wr_wait after setting max_usage (bsc#1224614
CVE-2023-52672).
- commit 2e5e06b
- blacklist.conf: Add 1971d13ffa84a "af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc()."
- commit afe27ac
- nvme: use ctrl state accessor (bsc#1215492).
- nvme: ensure reset state check ordering (bsc#1215492).
Refresh:
- patches.suse/nvme-tcp-do-not-terminate-commands-when-in-resetting.patch
- patches.suse/nvme-tcp-make-err_work-a-delayed-work.patch
- commit cad3abd
- netfilter: nf_tables: honor table dormant flag from netdev release event path
(CVE-2024-36005 bsc#1224539).
- commit a6152f6
- blacklist.conf: kABI
- commit 3718c69
- HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent
lock-up (bsc#1224552 CVE-2024-35997).
- commit bce3fab
- eeprom: at24: fix memory corruption race condition (bsc#1224612
CVE-2024-35848).
- commit 3fcf5a7
- udp: do not accept non-tunnel GSO skbs landing in a tunnel
(CVE-2024-35884 bsc#1224520).
- commit 62c6d61
- mm/slab: make __free(kfree) accept error pointers
(CVE-2024-36890 bsc#1225714).
- commit d6b7c8a
- perf/core: Bail out early if the request AUX area is out of
bound (bsc#1225602 CVE-2023-52835).
- commit cf52881
- Update
patches.suse/scsi-target-core-Add-TMF-to-tmr_list-handling.patch
(bsc#1223018 CVE-2024-26845).
Update references to correct bug number and CVE number.
- commit 0b7584b
- blacklist.conf: add CVE-2024-26842 bsc#1223013
- commit 654e9e2
- scsi: target: core: Add TMF to tmr_list handling (bsc#1223013
CVE-2024-26842).
- commit b16632b
- blacklist.conf: CVE-2024-35956 bsc#1224674: not applicable bsc#1225945
- commit ae7238f
- powerpc/imc-pmu: Add a null pointer check in
update_events_in_group() (bsc#1224504 CVE-2023-52675).
- commit 9619143
- icmp: prevent possible NULL dereferences from icmp_build_probe()
(CVE-2024-35857 bsc#1224619)
- commit d66584e
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
request complete (CVE-2024-36894 bsc#1225749).
- commit c99f07a
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
request complete (CVE-2024-36894 bsc#1225749).
- commit 5501fb7
- sock_map: avoid race between sock_map_close and sk_psock_put
(bsc#1225475 CVE-2023-52735).
- Refresh patches.kabi/bpf-sockmap-struct-psock-kABI-workaround.patch
- commit 4b60451
- proc/vmcore: fix clearing user buffer by properly using
clear_user() (CVE-2021-47566 bsc#1225514).
- commit 26144da
- ceph: switch to use cap_delay_lock for the unlink delay list
(bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately
(bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps
(bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- commit de9fe57
- usb: typec: altmodes/displayport: create sysfs nodes as driver's
default device attribute group (CVE-2024-35790 bsc#1224712).
Altered because we do not have 001b0c780eac328bc48b70b8437f202a4ed785e4
Needs to be redone if DRM requires that
- blacklist.conf: Incompatible with adjusted version
- commit a52e669
- util-linux
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Document unexpected side effects of lazy destruction
(bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
util-linux-umount-losetup-lazy-destruction-generated.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- openssl-1_1
-
- Build with no-afalgeng [bsc#1226463]
- Security fix: [bsc#1227138, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- shadow
-
- bsc#1228770: Fix not copying of skel files
Update shadow-CVE-2013-4235.patch
- bsc#916845 (CVE-2013-4235): Fix TOCTOU race condition
Add shadow-CVE-2013-4235.patch
- pam
-
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
- python-PyYAML
-
- reenable the cython yaml loader (bsc#1225641)
- python3-lxml
-
- Add libexpat-2.6.0-backport.patch to fix compatibility with system
libexpat in tests (bsc#1222075, CVE-2023-52425).
- python-urllib3
-
- Add CVE-2024-37891.patch (bsc#1226469, CVE-2024-37891)
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.13. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.12>.
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Backport <https://github.com/opencontainers/runc/pull/3931> to fix a
performance issue when running lots of containers, caused by system getting
too many mount notifications. bsc#1214960
+ 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:SLES-release
-
n/a
- suseconnect-ng
-
- Update version to 1.11
- Added uname as collector
- Added SAP workload detection
- Added detection of container runtimes
- Multiple fixes on ARM64 detection
- Use `read_values` for the CPU collector on Z
- Fixed data collection for ppc64le
- Grab the home directory from /etc/passwd if needed (bsc#1226128)
- Update version to 1.10.0
* Build zypper-migration and zypper-packages-search as standalone
binaries rather then one single binary
* Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004)
* Include /etc/products.d in directories whose content are backed
up and restored if a zypper-migration rollback happens. (bsc#1219004)
* Add the ability to upload the system uptime logs, produced by the
suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report.
(jsc#PED-7982) (jsc#PED-8018)
* Add support for third party packages in SUSEConnect
* Refactor existing system information collection implementation
- util-linux-systemd
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Document unexpected side effects of lazy destruction
(bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
util-linux-umount-losetup-lazy-destruction-generated.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- wicked
-
- Update to version 0.6.76
- compat-suse: warn user and create missing parent config of
infiniband children (gh#openSUSE/wicked#1027)
- client: fix origin in loaded xml-config with obsolete port
references but missing port interface config, causing a
no-carrier of master (bsc#1226125)
- ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
- wireless: add frequency-list in station mode (jsc#PED-8715)
- client: fix crash while hierarchy traversing due to loop in
e.g. systemd-nspawn containers (bsc#1226664)
- man: add supported bonding options to ifcfg-bonding(5) man page
(gh#openSUSE/wicked#1021)
- arputil: Document minimal interval for getopts (gh#openSUSE/wicked#1019)
- man: (re)generate man pages from md sources (gh#openSUSE/wicked#1018)
- client: warn on interface wait time reached (gh#openSUSE/wicked#1017)
- compat-suse: fix dummy type detection from ifname to not cause
conflicts with e.g. correct vlan config on dummy0.42 interfaces
(gh#openSUSE/wicked#1016)
- compat-suse: fix infiniband and infiniband child type detection
from ifname (gh#openSUSE/wicked#1015)
- Removed patches included in the source archive:
[- 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
[- 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]
- xen
-
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
guest IRQ handling (XSA-458)
xsa458.patch
- bsc#1214718 - The system hangs intermittently when Power Control
Mode is set to Minimum Power on SLES15SP5 Xen
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
- Upstream bug fixes (bsc#1027519)
6646031f-x86-ucode-further-identify-already-up-to-date.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
- Upstream bug fixes (bsc#1027519)
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch