- ca-certificates-mozilla
-
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
- cloud-regionsrv-client
-
- Add rgnsrv-clnt-fix-docker-setup.patch (bsc#1229137)
+ The entry for the update infrastructure registry mirror was written
incorrectly causing docker daemon startup to fail.
- dmidecode
-
- Update to upstream version 3.6 (jsc#PED-8574):
* Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support.
* Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules.
* Add bash completion.
* Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245.
* Implement options --list-strings and --list-types.
* Update HPE OEM records 203, 212, 216, 221, 233 and 236.
* Update Redfish support.
* Bug fixes:
Fix enabled slot characteristics not being printed
* Minor improvements:
Print slot width on its own line
Use standard strings for slot width
* Add a --no-quirks option.
* Drop the CPUID exception list.
* Obsoletes dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch,
dmidecode-fortify-entry-point-length-checks.patch,
dmidecode-split-table-fetching-from-decoding.patch,
dmidecode-write-the-whole-dump-file-at-once.patch,
dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch,
dmioem-hpe-oem-record-237-firmware-change.patch,
dmioem-typo-fix-virutal-virtual.patch,
ensure-dev-mem-is-a-character-device-file.patch,
news-fix-typo.patch and
use-read_file-to-read-from-dump.patch.
Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238.patch: Decode PCI bus segment in
HPE type 238 records.
- python-kiwi
-
- Fix kiwi-repart restrictions
The kiwi repart dracut module reads a profile file and if it
does not exists it dies in the initrd. However, that profile
file is not mandatory for the main resize functionality. Thus
this commit turns this into a warning message. In addition
the module-setup for 90kiwi-repart makes sure to include
the required and optional profile files.
This Fixes bsc#1228118
- Do not exclude the .profile env file by default
kiwi's initrd modules read a .profile file which gets included
into the initrd produced at build time. To allow rebuild of a
host-only initrd from the booted system this information should
be present such that it is possible to re-use kiwi initrd code.
This is related to bsc#1228118
- Add rd.kiwi.oem.force_resize boot option
Forces the disk resize process on an OEM disk image.
If set, no sanity check for unpartitioned/free space
is performed and also an eventually configured
<oem-resize-once> configuration from the image description
will not be taken into account. This Fixes bsc#1224389
- grub2
-
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
* grub2-btrfs-06-subvol-mount.patch
- Rediff
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
* 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
- Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to
file_is_not_xen_garbage (bsc#1224226)
* grub2-fix-menu-in-xen-host-server.patch
- kernel-default
-
- Refresh
patches.kabi/xhci-restre-deleted-trb-fields-for-tracing.patch.
Fix KABI restoration also in tracing event message format.
- commit 3bd4a56
- PCI: hv: Return zero, not garbage, when reading
PCI_INTERRUPT_PIN (git-fixes).
- commit df5839d
- Drop doubly defined References in sound patches
- commit 46ad1df
- ALSA: usb-audio: Correct surround channels in UAC1 channel map
(git-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the
polling mode (git-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
(stable-fixes).
- ALSA: usb-audio: Move HD Webcam quirk to the right place
(git-fixes).
- ALSA: usb-audio: Fix microphone sound on HD webcam
(stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
(stable-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue
for gen8 (git-fixes).
- drm/etnaviv: don't block scheduler when GPU is still active
(stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in
mipi_dsi_dcs_write_seq() (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition
format (stable-fixes).
- commit b91fd99
- ima: Fix use-after-free on a dentry's dname.name (bsc#1227716
CVE-2024-39494).
- commit 81484ec
- bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
(bsc#1228756 CVE-2024-42161).
- commit 8359d86
- ASoC: topology: Fix route memory corruption (CVE-2024-41069
bsc#1228644).
- commit 586db1a
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
(bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3
(bsc#1194869).
- KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings
(bsc#1194869).
- KVM: PPC: Book3S HV: remove extraneous asterisk from
rm_host_ipi_action() comment (bsc#1194869).
- KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES
setting (bsc#1194869).
- KVM: PPC: Book3S: Suppress failed alloc warning in
H_COPY_TOFROM_GUEST (bsc#1194869).
- KVM: PPC: Book3S: Suppress warnings when allocating too big
memory slots (bsc#1194869).
- commit cc22863
- liquidio: Adjust a NULL pointer handling path in
lio_vf_rep_copy_packet (CVE-2024-39506 bsc#1227729).
- commit 02e87a9
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit 8f44f81
- kabi/severity: add nvme common code
The nvme common code is also allowed to change the data structures, there
are only internal users.
- commit b8cf562
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI
(bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly
(bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for
ELS cmds (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online
(bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple'
(bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count
(bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: Avoid possible run-time warning with long
model_num (bsc#1228850).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- commit ce7acc0
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper
endian macro usages (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting
trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
(bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in
dev_loss callbk (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response
(bsc#1228857).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if
in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI
port is inactive (bsc#1228857).
- commit 21ebef1
- nvme-pci: add missing condition check for existence of mapped
data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management
(git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp
establishment (git-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
(git-fixes).
- nvme-multipath: find NUMA path only for online numa-node
(git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- commit 3284c90
- hfsplus: fix uninit-value in copy_name (git-fixes).
- commit 383d5d6
- blacklist.conf: blocks list lots of 5.15-stable nfsd fixes.
In the 5.15 stable series there was a full backport of nfsd. We don't
won't all of that. So blacklist lots of patches that we don't want.
- commit 0cfb63d
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
Mainline commit f2f6a8e88717 ("init/Kconfig: remove
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
when checking config changes.
- commit b60be3e
- bnxt_re: Fix imm_data endianness (git-fixes)
- commit c690ca2
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- commit 7f0f7e9
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- commit 8395f97
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- commit 6650e04
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- commit 0bbda8c
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- commit 741b900
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- commit 19e60a6
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- commit 1ef6723
- RDMA/hns: Check atomic wr length (git-fixes)
- commit 0fc73fc
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- commit e02b7ee
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- commit cd31168
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- commit cf1cb3f
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- commit a92f3fd
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- commit 5cdefb2
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- commit 59890ae
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- commit 25b62bb
- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 84f3be4
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- commit 478aa21
- Revert "ALSA: firewire-lib: operate for period elapse event
in process context" (bsc#1208783).
- Revert "ALSA: firewire-lib: obsolete workqueue for period
update" (bsc#1208783).
- commit 51e6ff5
- x86: stop playing stack games in profile_pc() (bsc#1228633
CVE-2024-42096).
- commit f28c110
- ptp: fix integer overflow in max_vclocks_store (bsc#1227829
CVE-2024-40994).
- commit 205cc4c
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620
CVE-2024-39493).
- commit 14b61d5
- filelock: Remove locks reliably when fcntl/close race is
detected (CVE-2024-41012 bsc#1228247).
- commit e2c5917
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- commit 39eeeb9
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit 3784f34
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(git-fixes CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(git-fixes CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(git-fixes CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(git-fixes CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(git-fixes CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(git-fixes CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(git-fixes CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(git-fixes CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(git-fixes CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit e328ee7
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit f2d923e
- Update
patches.suse/79b5b4b18bc8-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free-.patch
(CVE-2024-35854 bsc#1224636 CVE-2024-35855 bsc#1224694).
- Update
patches.suse/ACPICA-Revert-ACPICA-avoid-Info-mapping-multiple-BAR.patch
(git-fixes CVE-2024-40984 bsc#1227820).
- Update
patches.suse/Bluetooth-hci_core-Fix-possible-buffer-overflow.patch
(git-fixes CVE-2024-26889 bsc#1228195).
- Update
patches.suse/HID-core-remove-unnecessary-WARN_ON-in-implement.patch
(git-fixes CVE-2024-39509 bsc#1227733).
- Update
patches.suse/HID-logitech-dj-Fix-memory-leak-in-logi_dj_recv_swit.patch
(git-fixes CVE-2024-40934 bsc#1227796).
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/RDMA-mlx5-Add-check-for-srq-max_sge-attribute.patch
(git-fixes CVE-2024-40990 bsc#1227824).
- Update
patches.suse/SUNRPC-Fix-loop-termination-condition-in-gss_free_in.patch
(git-fixes CVE-2024-36288 bsc#1226834).
- Update
patches.suse/USB-class-cdc-wdm-Fix-CPU-lockup-caused-by-excessive.patch
(git-fixes CVE-2024-40904 bsc#1227772).
- Update
patches.suse/ata-libata-core-Fix-double-free-on-error.patch
(git-fixes CVE-2024-41087 bsc#1228740).
- Update
patches.suse/batman-adv-bypass-empty-buckets-in-batadv_purge_orig.patch
(stable-fixes CVE-2024-40981 bsc#1227864).
- Update
patches.suse/cachefiles-remove-requests-from-xarray-during-flushin.patch
(bsc#1226588 CVE-2024-40900 bsc#1227760).
- Update
patches.suse/crypto-hisilicon-sec-Fix-memory-leak-for-sec-resourc.patch
(stable-fixes CVE-2024-41002 bsc#1227870).
- Update
patches.suse/dmaengine-idxd-Fix-possible-Use-After-Free-in-irq_pr.patch
(git-fixes CVE-2024-40956 bsc#1227810).
- Update
patches.suse/drivers-core-synchronize-really_probe-and-dev_uevent.patch
(git-fixes CVE-2024-39501 bsc#1227754).
- Update
patches.suse/drm-amdgpu-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40987 bsc#1228235).
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 git-fixes bsc#1228114).
- Update
patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
(git-fixes CVE-2024-38548 bsc#1228202).
- Update
patches.suse/drm-exynos-hdmi-report-safe-640x480-mode-as-a-fallba.patch
(git-fixes CVE-2024-40916 bsc#1227846).
- Update
patches.suse/drm-exynos-vidi-fix-memory-leak-in-.get_modes.patch
(stable-fixes CVE-2024-40932 bsc#1227828).
- Update
patches.suse/drm-i915-dpt-Make-DPT-object-unshrinkable.patch
(git-fixes CVE-2024-40924 bsc#1227787).
- Update
patches.suse/drm-komeda-check-for-error-valued-pointer.patch
(git-fixes CVE-2024-39505 bsc#1227728).
- Update
patches.suse/drm-lima-mask-irqs-in-timeout-path-before-hard-reset.patch
(stable-fixes CVE-2024-40976 bsc#1227893).
- Update
patches.suse/drm-radeon-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40988 bsc#1227957).
- Update
patches.suse/ftrace-Fix-possible-use-after-free-issue-in-ftrace_location.patch
(git-fixes CVE-2024-38588 bsc#1226837).
- Update
patches.suse/iommu-Return-right-value-in-iommu_sva_bind_device.patch
(git-fixes CVE-2024-40945 bsc#1227802).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/sock_map-avoid-race-between-sock_map_close-and-sk_ps.patch
(bsc#1225475 CVE-2023-52735 CVE-2024-39500 bsc#1227724).
- Update
patches.suse/tracing-Build-event-generation-tests-only-as-modules.patch
(git-fixes CVE-2024-41004 bsc#1227851).
- Update
patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
(git-fixes CVE-2024-26920 bsc#1228237).
- Update
patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch
(git-fixes CVE-2024-40903 bsc#1227766).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- Update
patches.suse/vmci-prevent-speculation-leaks-by-sanitizing-event-i.patch
(git-fixes CVE-2024-39499 bsc#1227725).
- Update
patches.suse/wifi-cfg80211-Lock-wiphy-in-cfg80211_get_station.patch
(git-fixes CVE-2024-40911 bsc#1227792).
- Update
patches.suse/wifi-iwlwifi-mvm-check-n_ssids-before-accessing-the-.patch
(git-fixes CVE-2024-40929 bsc#1227774).
- Update
patches.suse/wifi-iwlwifi-mvm-don-t-read-past-the-mfuart-notifcat.patch
(git-fixes CVE-2024-40941 bsc#1227771).
- Update
patches.suse/wifi-mac80211-Fix-deadlock-in-ieee80211_sta_ps_deliv.patch
(git-fixes CVE-2024-40912 bsc#1227790).
- Update
patches.suse/wifi-mac80211-mesh-Fix-leak-of-mesh_preq_queue-objec.patch
(git-fixes CVE-2024-40942 bsc#1227770).
- Update
patches.suse/xhci-Handle-TD-clearing-for-multiple-streams-case.patch
(git-fixes CVE-2024-40927 bsc#1227816).
- commit 14d852a
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit b28e7bb
- Update
patches.suse/1216-drm-vc4-hdmi-Unregister-codec-device-on-unbind.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48852 bsc#1228067).
- Update
patches.suse/Bluetooth-hci_core-Fix-leaking-sent_cmd-skb.patch
(jsc#PED-1407 CVE-2022-48844 bsc#1228068).
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/block-release-rq-qos-structures-for-queue-without-di.patch
(jsc#PED-1183 CVE-2022-48846 bsc#1227992).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48730 bsc#1226713).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48749 bsc#1226650).
- Update
patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48756 bsc#1226698).
- Update
patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48732 bsc#1226716).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-fix-a-memleak-when-uncloning-an-skb-dst-and-its-.patch
(git-fixes CVE-2022-48809 bsc#1227947).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(jsc#PED-1559 CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(jsc#PED-1559 CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(jsc#PED-1524 CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(jsc#PED-1524 CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(jsc#PED-1549 CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vdpa-mlx5-add-validation-for-VIRTIO_NET_CTRL_MQ_VQ_P.patch
(jsc#PED-1549 CVE-2022-48864 bsc#1228011).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(jsc#PED-1549 CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit bfcee01
- Update
patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
(stable-5.14.10 bsc#1225302 CVE-2021-47402 bsc#1225301).
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit a651650
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (CVE-2024-42124 bsc#1228705)
- commit 9baaa6c
- net: dsa: mv88e6xxx: Correct check for empty list (CVE-2024-42224 bsc#1228723)
- commit 17953b6
- Update references in patches.suse/wifi-cfg80211-wext-add-extra-SIOCSIWSCAN-data-check.patch (CVE-2024-41072 bsc#1228626 stable-fixes)
- commit 273bfae
- skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048 bsc#1228565)
- commit 530a147
- netns: Make get_net_ns() handle zero refcount net
(CVE-2024-40958 bsc#1227812).
- commit cd7215b
- blacklist.conf: Add 943ad0b62e3c kernel: rerun task_work while freezing in get_signal()
and related io_uring fix.
- commit dd99721
- blacklist.conf: Add 7a4479680d7f cgroup_misc: add kernel-doc comments for enum misc_res_type
- commit 33a371b
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit 8837200
- mm/hugetlb: fix missing hugetlb_lock for resv uncharge
(bsc#1224548 CVE-2024-36000).
- commit bb54a15
- Bluetooth: hci_sync: Fix suspending with wrong filter policy
(git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
(git-fixes).
- commit d1b1ed5
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- ppp: reject claimed-as-LCP but actually malformed packets
(CVE-2024-41044 bsc#1228530).
- ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066
bsc#1228640).
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- commit e2a1614
- drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591 CVE-2024-42122)
- commit 42cafdc
- gfs2: Fix NULL pointer dereference in gfs2_log_flush
(bsc#1228672 CVE-2024-42079).
- commit 9249ead
- btrfs: qgroup: fix quota root leak after quota disable failure
(bsc#1228655 CVE-2024-41078).
- commit a021822
- workqueue: Improve scalability of workqueue watchdog touch
(bsc#1193454).
- commit d6c3d9d
- workqueue: wq_watchdog_touch is always called with valid CPU
(bsc#1193454).
- commit 8c80fa1
- KVM: arm64: Disassociate vcpus from redistributor region on
teardown (CVE-2024-40989 bsc#1227823).
- commit 724dd5c
- wifi: mac80211: Avoid address calculations via out of bounds
array indexing (CVE-2024-41071 bsc#1228625).
- commit 93c5732
- powerpc/eeh: avoid possible crash when edev->pdev changes
(CVE-2024-41064 bsc#1228599).
- commit ba6e5c8
- ASoC: topology: Fix references to freed memory (CVE-2024-41069
bsc#1228644).
- commit 44dd0c7
- net/sched: Fix UAF when resolving a clash (CVE-2024-41040 bsc#1228518)
- commit 38cd1ac
- btrfs: make sure that WRITTEN is set on all metadata blocks (CVE-2024-35949 bsc#1224700)
Changes: adjust returned error codes to -EUCLEAN and drop definition of
the enum error.
- commit c3c9515
- ila: block BH in ila_output() (CVE-2024-41081 bsc#1228617)
- commit 54b2845
- blacklist.conf: CVE-2024-41076 bsc#1228649: not applicable
Different code using a local variable, switch to dynamic allocation done
in 1b00ad657997c8 ("NFS: Remove the nfs4_label from the nfs_setattrres")
in 5.16.
- commit 40fbbcc
- blk-cgroup: dropping parent refcount after pd_free_fn() is done
(bsc#1224573).
- commit 87d4ac6
- Update patches.suse/nilfs2-fix-inode-number-range-checks.patch
(git-fixes stable-fixes bsc#1228665 CVE-2024-42105).
- commit 363084c
- Update
patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch
(bsc#1221044 CVE-2023-52591 bsc#1228440).
- commit d21f810
- hfsplus: fix uninit-value in copy_name (bsc#1228561
CVE-2024-41059).
- commit cfc2db1
- ext4: fix uninitialized ratelimit_state->lock access in
__ext4_fill_super() (bsc#1227866 CVE-2024-40998).
- commit 5c2bc07
- cachefiles: fix slab-use-after-free in
cachefiles_withdraw_cookie() (bsc#1228462 CVE-2024-41057).
- cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
(bsc#1228459 CVE-2024-41058).
- netfs, fscache: export fscache_put_volume() and add
fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- commit 599a85f
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit 3c731c9
- dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (CVE-2024-40956 bsc#1227810).
- commit 3632d87
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit 43f2501
- ocfs2: add bounds checking to ocfs2_check_dir_entry()
(bsc#1228409 CVE-2024-41015).
- ocfs2: strict bound check before memcmp in
ocfs2_xattr_find_entry() (bsc#1228410).
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
(bsc#1228410 CVE-2024-41016).
- ocfs2: remove redundant assignment to variable free_space
(bsc#1228409).
- commit 568c7dd
- vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625
CVE-2024-27437).
- commit 65556f4
- ocfs2: fix DIO failure due to insufficient transaction credits
(bsc#1216834).
- commit edabc6f
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (CVE-2024-41063 bsc#1228580)
- commit 7924d8c
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041 bsc#1228520)
- commit eae6531
- ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (CVE-2022-48785 bsc#1227927)
- commit ca3b7b0
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit bcdcd8a
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070 bsc#1228470)
- commit ec1e1fa
- nfsd: Don't leave work of closing files to a work queue
(bsc#1228140).
- commit 3b8e93d
- KVM: PPC: Book3S HV: Prevent UAF in
kvm_spapr_tce_attach_iommu_group() (bsc#1228581 CVE-2024-41070).
- commit 5102495
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
(CVE-2024-40959 bsc#1227884).
- commit 4f042e1
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- commit e64bcfc
- selftests/bpf: Add more ring buffer test coverage (bsc#1228020
CVE-2024-41009).
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
CVE-2024-41009).
- commit 320d7db
- rpm/guards: fix precedence issue with control flow operator
With perl 5.40 it report the following error on rpm/guards script:
Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
Fix the issue by adding parenthesis around ternary operator.
- commit 07b8b4e
- blacklist.conf: Add 9c573cd31343 randomize_kstack: Improve entropy diffusion
blacklist.conf: Add 375561bd6195 stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
- commit 07a7d85
- ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA
is paused (git-fixes).
- commit 81d45da
- wifi: mac80211: handle tasklet frames before stopping
(stable-fixes).
- commit 51c6566
- HID: wacom: Modify pen IDs (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
(stable-fixes).
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
(stable-fixes).
- wifi: mac80211: disable softirqs for queued frame handling
(git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
(stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane
Button (stable-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout
(stable-fixes).
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config
(stable-fixes).
- ALSA: dmaengine: Synchronize dma channel after drop()
(stable-fixes).
- ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium
(stable-fixes).
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize
(stable-fixes).
- Input: elantech - fix touchpad state on resume for Lenovo N24
(stable-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
(stable-fixes).
- mei: demote client disconnect warning on suspend to debug
(stable-fixes).
- Input: silead - Always support 10 fingers (stable-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
(stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe
option (stable-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd
(stable-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup
(stable-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in
mesh sdata (stable-fixes).
- ACPI: EC: Avoid returning AE_OK on errors in address space
handler (stable-fixes).
- ACPI: EC: Abort address space access upon error (stable-fixes).
- docs: Fix formatting of literal sections in fanotify docs
(stable-fixes).
- commit 38d8033
- xfs: add bounds checking to xlog_recover_process_data
(bsc#1228408 CVE-2024-41014).
- commit 9b9175d
- xfs: don't walk off the end of a directory data block
(bsc#1228405 CVE-2024-41013).
- commit 3a2120b
- jfs: don't walk off the end of ealist (bsc#1228403
CVE-2024-41017).
- commit 553b2ef
- ext4: do not create EA inode under buffer lock (bsc#1227910
CVE-2024-40972).
- commit aacd3b6
- ext4: fold quota accounting into
ext4_xattr_inode_lookup_create() (bsc#1227910 CVE-2024-40972).
- commit 0630857
- ext4: fix mb_cache_entry's e_refcnt leak in
ext4_xattr_block_cache_find() (bsc#1226993 CVE-2024-39276).
- commit 1269749
- Update patch reference for AMDGPU fix (CVE-2024-41011 bsc#1228115)
- commit 0303eab
- drm/amdkfd: don't allow mapping the MMIO HDP page with large
pages (CVE-2024-41011 bsc#1228115).
- commit ff8f843
- 9p: add missing locking around taking dentry fid list (bsc#1227090, CVE-2024-39463).
- commit c58a66f
- ceph: fix incorrect kmalloc size of pagevec mempool
(bsc#1228418).
- commit 2230e72
- tun: add missing verification for short frame (CVE-2024-41091
bsc#1228327).
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- net: ena: Add validation for completion descriptors consistency
(CVE-2024-40999 bsc#1227913).
- net: mvpp2: clear BM pool before initialization (CVE-2024-35837
bsc#1224500).
- commit 80ce1bf
- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- commit 6bbdba6
- sit: do not call ipip6_dev_free() from sit_init_net()
(CVE-2021-47588 bsc#1226568).
- commit 38c1d39
- mptcp: remove tcp ulp setsockopt support
(CVE-2021-47591 bsc#1226570).
- commit 2079fc2
- Refresh
patches.kabi/tty-add-the-option-to-have-a-tty-reject-a-new-ldisc.patch.
Fix build for CONFIG_VT=n (ppc64le/kvmsmall).
- commit a0ede6a
- sch_cake: do not call cake_destroy() from cake_init()
(CVE-2021-47598 bsc#1226574).
- commit d533b8e
- serial: imx: Introduce timeout when waiting on transmitter empty
(CVE-2024-40967 bsc#1227891).
- commit 05ae86a
- kABI: tty: add the option to have a tty reject a new ldisc
(kabi CVE-2024-40966 bsc#1227886).
- tty: add the option to have a tty reject a new ldisc
(CVE-2024-40966 bsc#1227886).
- commit 875e673
- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- commit 1b3b67e
- devres: Fix memory leakage caused by driver API
devm_free_percpu() (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env()
(git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- commit 9c7dc5b
- bpf: Fix a potential use-after-free in bpf_link_free()
(bsc#1227798 CVE-2024-40909).
- Refresh patches.kabi/bpf-bpf_link-and-bpf_link_ops-kABI-workaround.patch
- commit 755a2fd
- net-sysfs: add check for netdevice being present to speed_show (CVE-2022-48850 bsc#1228071)
- commit 3226c14
- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- commit 9b702c7
- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- commit 11f7aa0
- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- commit 33fb4ee
- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- commit d56b79b
- KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- commit be5ea07
- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- commit dc83512
- drm/radeon: check bo_va->bo is non-NULL before using it
(stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode
support (stable-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
(stable-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency
(stable-fixes).
- ALSA: hda/realtek: Add more codec ID to no shutup pins list
(stable-fixes).
- commit a18e5d0
- powerpc/fixmap: Fix VM debug warning on unmap (CVE-2021-47623
bsc#1227919).
- commit 6169baf
- wifi: mt76: mt7921s: fix potential hung tasks during chip
recovery (CVE-2024-40977 bsc#1227950).
- commit ee916d4
- Avoid hw_desc array overrun in dw-axi-dmac (CVE-2024-40970
bsc#1227899).
- commit 713bbc3
- ssb: Fix potential NULL pointer dereference in
ssb_device_uevent() (CVE-2024-40982 bsc#1227865).
- commit 4f37558
- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- commit 12ba1f2
- Update patches.suse/IB-mlx5-Use-__iowrite64_copy-for-write-combining-sto.patch (git-fixes bsc#1226502)
- commit c55adfd
- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- commit 3783d1b
- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- commit cc50a67
- s390: Implement __iowrite32_copy() (bsc#1226502)
- commit 8fb0f46
- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- commit 92d3558
- smb: client: fix use-after-free in smb2_query_info_compound()
(bsc#1225489, CVE-2023-52751).
- commit a32502b
- bpf: Set run context for rawtp test_run callback (bsc#1227783
CVE-2024-40908).
- commit 3bc3979
- ipv6: prevent possible NULL dereference in rt6_probe()
(CVE-2024-40960 bsc#1227813).
- commit 33bfa43
- PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
(git-fixes).
- commit e67818e
- cachefiles: flush all requests after setting CACHEFILES_DEAD
(bsc#1227797 CVE-2024-40935).
- commit f7e6672
- xfs: Add cond_resched to block unmap range and reflink remap
path (bsc#1228226).
- commit 398a1d5
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table()
on failure path (CVE-2022-48810 bsc#1227936).
- commit 4b745d6
- PCI: Introduce cleanup helpers for device reference counts
and locks (git-fixes).
- commit 4645732
- PCI: tegra194: Set EP alignment restriction for inbound ATU
(git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
(git-fixes).
- PCI: keystone: Fix NULL pointer dereference in case of DT
error in ks_pcie_setup_rc_app_regs() (git-fixes).
- PCI: keystone: Don't enable BAR 0 for AM654x (git-fixes).
- PCI: Fix resource double counting on remove & rescan
(git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
(git-fixes).
- commit b5dfbee
- sctp: fix kernel-infoleak for SCTP sockets (CVE-2022-48855
bsc#1228003).
- commit f84afd1
- blacklist.conf: add one pci entry
- commit 8c4446c
- ipv6: prevent possible NULL deref in fib6_nh_init()
(CVE-2024-40961 bsc#1227814).
- commit 09176fe
- PCI: Extend ACS configurability (bsc#1228090).
- commit 9d1d191
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated
memory (bsc#1227762 CVE-2024-40901).
- commit 1473e56
- io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
(bsc#1227732 CVE-2024-39508).
- commit 9c3b469
- mac802154: fix llsec key resources release in
mac802154_llsec_key_del (CVE-2024-26961 bsc#1223652).
- commit 4396d9f
- usb: typec: tcpm: clear pd_event queue in PORT_RESET
(git-fixes).
- commit 8782764
- netrom: Fix a memory leak in nr_heartbeat_expiry()
(CVE-2024-41006 bsc#1227862).
- commit fa76ffa
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
(git-fixes).
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored
(git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up
(git-fixes).
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when
pinctrl_enable() fails (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable()
fails (git-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable()
fails (git-fixes).
- pinctrl: rockchip: update rk3308 iomux routes (git-fixes).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
(git-fixes).
- PCI: Fix resource double counting on remove & rescan
(git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
(git-fixes).
- PCI: Introduce cleanup helpers for device reference counts
and locks (stable-fixes).
- commit a5ba589
- usb: gadget: call usb_gadget_check_config() to verify UDC
capability (git-fixes).
- commit a789eca
- blacklist.conf: pure dts
- commit ed51b87
- usb: cdns3: fix iso transfer error when mult is not zero
(git-fixes).
- commit 24ef45f
- usb: cdns3: fix incorrect calculation of ep_buf_size when more
than one config (git-fixes).
- commit 1aee554
- usb: cdns3: allocate TX FIFO size according to composite EP
number (git-fixes).
- blacklist.conf: needed as infrastructure
- Refresh
patches.suse/usb-cdns3-fix-NCM-gadget-RX-speed-20x-slow-than-expe.patch.
- commit f5e4b65
- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228190).
- commit 7cce822
- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt
is true (git-fixes).
- Refresh
patches.suse/usb-cdns3-fix-uvc-failure-work-since-sg-support-enab.patch.
- commit f171c84
- usb: cdns3: optimize OUT transfer by copying only actual
received data (git-fixes).
- commit 909f26f
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
(git-fixes).
- commit 82de9d3
- usb: cdns3: improve handling of unaligned address case
(git-fixes).
- commit ada0d19
- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state
(bsc#1227121 ltc#207129).
- commit 2fe1c33
- blacklist.conf: pure optimization
- commit 0f44899
- gve: Clear napi->skb before dev_kfree_skb_any() (CVE-2024-40937
bsc#1227836).
- commit 610d469
- Input: elan_i2c - do not leave interrupt disabled on suspend
failure (git-fixes).
- Input: qt1050 - handle CHIP_ID reading error (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- Revert "usb: musb: da8xx: Set phy in OTG mode by default"
(stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
Book Pro 360 (stable-fixes).
- ASoC: amd: Adjust error handling in case of absent codec device
(git-fixes).
- ASoC: max98088: Check for clk_prepare_enable() error
(git-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
(stable-fixes).
- crypto: ecdsa - Fix the public key format description
(git-fixes).
- commit daf9e8d
- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config
(git-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush()
ctl op (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after
suspend/resume (git-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep
(git-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- USB: serial: option: add Rolling RW350-GL variants
(stable-fixes).
- USB: serial: option: add support for Foxconn T99W651
(stable-fixes).
- USB: serial: option: add Netprisma LCUK54 series modules
(stable-fixes).
- usb: gadget: configfs: Prevent OOB read/write in
usb_string_copy() (stable-fixes).
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
(stable-fixes).
- USB: serial: option: add Telit generic core-dump composition
(stable-fixes).
- USB: serial: option: add Fibocom FM350-GL (stable-fixes).
- USB: serial: option: add Telit FN912 rmnet compositions
(stable-fixes).
- nilfs2: add missing check for inode numbers on directory entries
(stable-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
(stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT
IVW 11.6" tablet (stable-fixes).
- nfc/nci: Add the inconsistency check between the input data
length and count (stable-fixes).
- Input: ff-core - prefer struct_size over open coded arithmetic
(stable-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- media: dvb-frontends: tda10048: Fix integer overflow
(stable-fixes).
- media: s2255: Use refcount_t instead of atomic_t for
num_channels (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div
(stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: dw2102: Don't translate i2c read into write
(stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware()
(stable-fixes).
- media: dvb: as102-fe: Fix as10x_register_addr packing
(stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- commit 1d67edd
- Update Alt-commit of AMDGPU patch (git-fixes)
- commit 486ad31
- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers
(git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in
prepare() (git-fixes).
- commit 7e23de0
- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO
before regulators (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in
amdgpu_device_baco_exit (git-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
(git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
(stable-fixes).
- ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- crypto: aead,cipher - zeroize key buffer after use
(stable-fixes).
- commit df254fc
- Update Alt-commit for AMDGPU patches (git-fixes)
- commit faaa427
- net: hns3: fix kernel crash problem in concurrent scenario
(CVE-2024-39507 bsc#1227730).
- net/mlx5: Fix tainted pointer delete is case of flow rules
creation fail (CVE-2024-40940 bsc#1227800).
- commit 778fd36
- vmxnet3: disable rx data ring on dma allocation failure
(CVE-2024-40923 bsc#1227786).
- commit 39544d5
- mptcp: ensure snd_una is properly initialized on connect
(CVE-2024-40931 bsc#1227780).
- commit 8410912
- bnxt_en: Adjust logging of firmware messages in case of released
token in __hwrm_send() (CVE-2024-40919 bsc#1227779).
- commit 92740a7
- orangefs: fix out-of-bounds fsid access (git-fixes).
- commit 5492c0a
- nilfs2: fix incorrect inode allocation from reserved inodes
(git-fixes).
- commit 84d8b23
- nilfs2: convert persistent object allocator to use kmap_local
(git-fixes).
- commit 5ccbbbd
- nilfs2: add missing check for inode numbers on directory entries
(git-fixes).
- commit 907b3f0
- nilfs2: fix inode number range checks (git-fixes).
- commit f8f08aa
- jffs2: Fix potential illegal address access in jffs2_free_inode
(git-fixes).
- commit 03a6330
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CVE-2024-39487 bsc#1227573)
- commit 07efe24
- netfilter: nf_tables: flush pending destroy work before exit_net release (CVE-2024-35899 bsc#1224499)
- commit fca7a67
- net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (CVE-2024-35934 bsc#1224641)
- commit 2be2fbe
- net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893 bsc#1224512)
- commit e1c4fc4
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
(CVE-2024-40953, bsc#1227806).
- commit 2476f39
- Refresh
patches.suse/KVM-x86-Bail-from-kvm_recalculate_phys_map-if-x2APIC.patch.
- commit c36c759
- xfs: fix log recovery buffer allocation for the legacy h_size
fixup (bsc#1227432 CVE-2024-39472).
- commit 18a9915
- KVM: x86: Add IBPB_BRTYPE support (bsc#1228079).
- commit aa09d73
- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff
(git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp
(git-fixes).
- saa7134: Unchecked i2c_transfer function result fixed
(git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: dvb-usb: Fix unexpected infinite loop in
dvb_usb_read_remote_control() (git-fixes).
- Revert "leds: led-core: Fix refcount leak in of_led_get()"
(git-fixes).
- leds: triggers: Flush pending brightness before activating
trigger (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos
(git-fixes).
- leds: trigger: Unregister sysfs attributes before calling
deactivate() (git-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- commit 960e7ee
- Update
patches.suse/mptcp-ensure-snd_nxt-is-properly-initialized-on-conn.patch
(CVE-2024-36889 bsc#1225746).
- commit cf8a3ad
- ocfs2: fix races between hole punching and AIO+DIO (CVE-2024-40943 bsc#1227849).
- commit b79d9d8
- net: rds: Fix possible NULL-pointer dereference (CVE-2023-52573 bsc#1220869)
- commit d3cf4c3
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020 bsc#1223815)
- commit fd09409
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019 bsc#1223813)
- commit ccbb2a8
- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- commit 7623aa9
- gro: fix ownership transfer (CVE-2024-35890 bsc#1224516).
- commit 59871a8
- mptcp: ensure snd_nxt is properly initialized on connect
(CVE-2024-36889).
- commit d97efaf
- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- commit 7716ffe
- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- commit ee3b46a
- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- commit 4a9af64
- ipv6: fib6_rules: avoid possible NULL dereference in
fib6_rule_action() (CVE-2024-36902 bsc#1225719).
- commit b7587ff
- phonet: fix rtm_phonet_notify() skb allocation (CVE-2024-36946
bsc#1225851).
- commit f863dba
- net: netlink: af_netlink: Prevent empty skb by adding a check
on len (CVE-2021-47606 bsc#1226555).
- commit 3b4f977
- r8169: Fix possible ring buffer corruption on fragmented Tx
packets (CVE-2024-38586 bsc#1226750).
- commit 21fc784
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
- commit cee3770
- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- commit 5326760
- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- commit 7113a94
- wifi: rtw89: Fix array index mistake in
rtw89_sta_info_get_iter() (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
(git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in
cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
(git-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
(git-fixes).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox
(git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of
wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no
waiters (git-fixes).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- pwm: stm32: Always do lazy disabling (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms
(git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes
(git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled
(git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version
(git-fixes).
- drm/gma500: fix null pointer dereference in
cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in
psb_intel_lvds_get_modes (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- commit f8f3fda
- SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
- SUNRPC: Fix loop termination condition in
gss_free_in_token_pages() (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
(git-fixes).
- NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
(git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
(git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- NFSD: Convert filecache to rhltable (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- nfsd: update comment over __nfsd_file_cache_purge (git-fixes).
- nfsd: don't take/put an extra reference when putting a file
(git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: don't kill nfsd_files because of lease break error
(git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
(git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
(git-fixes).
- nfsd: don't fsync nfsd_files on last close (git-fixes).
- nfsd: don't hand out delegation on setuid files being opened
for write (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer
(git-fixes).
- nfsd: don't free files unconditionally in
__nfsd_file_cache_purge (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath
(git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- lockd: set missing fl_flags field when retrieving args
(git-fixes).
- NFSD: Add an nfsd_file_fsync tracepoint (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache
(git-fixes).
- NFSD: Fix licensing header in filecache.c (git-fixes).
- NFSD: Flesh out a documenting comment for filecache.c
(git-fixes).
- NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage
collection (git-fixes).
- NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- filelock: add a new locks_inode_context accessor function
(git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry
(git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint
(git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge
(git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire
(git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- NFSD enforce filehandle check for source file in COPY
(git-fixes).
- NFSD: verify the opened dentry after setting a delegation
(git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion
(git-fixes).
- NFSD: Ensure nf_inode is never dereferenced (git-fixes).
- NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- NFSD: Separate tracepoints for acquire and create (git-fixes).
- NFSD: Clean up unused code after rhashtable conversion
(git-fixes).
- NFSD: Convert the filecache to use rhashtable (git-fixes).
- NFSD: Set up an rhashtable for the filecache (git-fixes).
- NFSD: Replace the "init once" mechanism (git-fixes).
- NFSD: Remove nfsd_file::nf_hashval (git-fixes).
- NFSD: nfsd_file_hash_remove can compute hashval (git-fixes).
- NFSD: Refactor __nfsd_file_close_inode() (git-fixes).
- NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode
(git-fixes).
- NFSD: Remove lockdep assertion from unhash_and_release_locked()
(git-fixes).
- NFSD: No longer record nf_hashval in the trace log (git-fixes).
- NFSD: Fix the filecache LRU shrinker (git-fixes).
- NFSD: Leave open files out of the filecache LRU (git-fixes).
- NFSD: Trace filecache LRU activity (git-fixes).
- NFSD: WARN when freeing an item still linked via nf_lru
(git-fixes).
- NFSD: Zero counters when the filecache is re-initialized
(git-fixes).
- NFSD: Record number of flush calls (git-fixes).
- NFSD: Report the number of items evicted by the LRU walk
(git-fixes).
- NFSD: Refactor nfsd_file_lru_scan() (git-fixes).
- NFSD: Refactor nfsd_file_gc() (git-fixes).
- NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- NFSD: Report average age of filecache items (git-fixes).
- NFSD: Report count of freed filecache items (git-fixes).
- NFSD: Report count of calls to nfsd_file_acquire() (git-fixes).
- NFSD: Report filecache LRU size (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed
(git-fixes).
- NFSD: Fix potential use-after-free in nfsd_file_put()
(git-fixes).
- NFSD: nfsd_file_put() can sleep (git-fixes).
- NFSD: Trace filecache opens (git-fixes).
- NFSD: Instantiate a struct file when creating a regular NFSv4
file (git-fixes).
- NFSD: Clean up nfsd_open_verified() (git-fixes).
- NFSD: Remove do_nfsd_create() (git-fixes).
- NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- NFSD: Refactor NFSv3 CREATE (git-fixes).
- NFSD: Refactor nfsd_create_setattr() (git-fixes).
- NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()
(git-fixes).
- NFSD: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- NFSD: De-duplicate hash bucket indexing (git-fixes).
- NFSD: Write verifier might go backwards (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return
(git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- nfsd: map EBADF (git-fixes).
- NFSD: simplify per-net file cache management (git-fixes).
- NFSD: handle errors better in write_ports_addfd() (git-fixes).
- commit 93c3330
- usb: dwc3: gadget: Don't delay End Transfer on delayed_status
(git-fixes).
- commit e973410
- Update
patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
(bsc#1225767 CVE-2024-36919).
fix incorrect bug# reference
- commit 354086f
- ipv6: sr: fix missing sk_buff release in seg6_input_core
(bsc#1227626 CVE-2024-39490).
- commit b5e215c
- usb: xhci-plat: Don't include xhci.h (git-fixes).
- commit 192a370
- blacklist.conf: missing backport for fix
- commit 6f546a1
- net/mlx5: Always stop health timer during driver removal
(CVE-2024-40906 bsc#1227763).
- net/mlx5: Restore mistakenly dropped parts in register devlink
flow (CVE-2024-35961 bsc#1224585).
- commit 63e2ff9
- USB: xhci-plat: fix legacy PHY double init (git-fixes).
- commit 287068c
- usb: dwc3: gadget: Synchronize IRQ between soft
connect/disconnect (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 8914bb2
- exfat: check if cluster num is valid (git-fixes).
- commit bbb197c
- exfat: simplify is_valid_cluster() (git-fixes).
- commit ec3d5ea
- usb: dwc3: gadget: Force sending delayed status during soft
disconnect (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Stall-and-restart-EP0-if-host-is-unr.patch.
- commit 78e41bc
- hfsplus: fix to avoid false alarm of circular locking
(git-fixes).
- commit 88f4150
- blacklist.conf: cleanup, not a fix
- commit b7bc0b1
- net/mlx5: Register devlink first under devlink lock
(CVE-2024-35961 bsc#1224585).
- idpf: fix kernel panic on unknown packet types (CVE-2024-35889
bsc#1224517).
- stmmac: Clear variable when destroying workqueue (CVE-2024-26802
bsc#1222799).
- commit b9232bb
- inet: fully convert sk->sk_rx_dst to RCU rules (CVE-2021-47103
bsc#1221010).
- commit 6ef4a6c
- mptcp: fix deadlock in __mptcp_push_pending() (CVE-2021-47590
bsc#1226565).
- commit 994eb84
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722 CVE-2024-39497)
- commit 39b6841
- ionic: fix use after netif_napi_del() (CVE-2024-39502
bsc#1227755).
- ionic: clean interrupt before enabling queue to avoid credit
race (git-fixes).
- commit f8dee1e
- ipv6: prevent NULL dereference in ip6_output() (CVE-2024-36901 bsc#1225711)
- commit 0757942
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004 bsc#1224545)
- commit 89d4439
- nbd: null check for nla_nest_start (CVE-2024-27025 bsc#1223778)
- commit d85f2c2
- btrfs: use latest_dev in btrfs_show_devname (CVE-2021-47599 bsc#1226571)
- commit ba2490e
- btrfs: convert latest_bdev type to btrfs_device and rename (CVE-2021-47599 bsc#1226571)
- commit abefb83
- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- commit 4b0837b
- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- commit 274b9eb
- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
(CVE-2024-35853 bsc#1224604).
- commit e216456
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during
activity update (CVE-2024-35854 bsc#1224636).
- commit fa5b2f9
- phonet/pep: fix racy skb_queue_empty() use (CVE-2024-27402
bsc#1224414).
- commit 3644194
- net: prevent mss overflow in skb_segment() (CVE-2023-52435
bsc#1220138).
- commit 4ab465a
- tracing/net_sched: NULL pointer dereference in
perf_trace_qdisc_reset() (git-fixes).
- commit b9d9fb5
- tracing: Build event generation tests only as modules
(git-fixes).
- commit 383ccf7
- cachefiles: add output string to
cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- commit f83a29c
- ftrace: Fix possible use-after-free issue in ftrace_location()
(git-fixes).
- commit f6aba47
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- commit 0a79f35
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- commit 91021c0
- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- commit 369619b
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- commit aa95b6b
- netfilter: nf_tables: do not compare internal table flags on
updates (CVE-2024-27065 bsc#1223836).
- commit f1dd3b1
- kprobes: Make arch_check_ftrace_location static (git-fixes).
- commit 81e6138
- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- commit c256000
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- commit 16300ba
- csky: ftrace: Drop duplicate implementation of
arch_check_ftrace_location() (git-fixes).
- commit c9c9bba
- net/smc: avoid data corruption caused by decline (bsc#1225088
CVE-2023-52775).
- commit 7b97698
- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- commit 82ec7e7
- netfilter: flowtable: incorrect pppoe tuple (CVE-2024-27015
bsc#1223806).
- commit 6af6de1
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- commit 4eee5e7
- tipc: Check the bearer type before calling
tipc_udp_nl_bearer_add() (CVE-2024-26663 bsc#1222326).
- commit b23a947
- blacklist.conf: Blacklist unneeded patch
- commit a22ed51
- phonet/pep: refuse to enable an unbound pipe (CVE-2021-47086
bsc#1220952).
- commit 3d5c321
- tipc: check for null after calling kmemdup (CVE-2021-47186
bsc#1222702).
- commit 34af8f8
- i2c: rcar: bring hardware to known state when probing
(git-fixes).
- i2c: testunit: avoid re-issued work after read message
(git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- commit 720b7b0
- hpet: Support 32-bit userspace (git-fixes).
- USB: serial: mos7840: fix crash on resume (git-fixes).
- USB: core: Fix duplicate endpoint bug by clearing reserved
bits in the descriptor (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
(git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2
alg headers (git-fixes).
- firmware: cs_dsp: Validate payload length before processing
block (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file
(git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header
(git-fixes).
- ACPI: processor_idle: Fix invalid comparison with insertion
sort for latency (git-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo
(stable-fixes).
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with
ALC897 (stable-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning
(stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id
(stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank
(stable-fixes).
- drm/amd/display: Check index msg_id before read or write
(stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs
(stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/lima: fix shared irq handling on driver remove
(stable-fixes).
- commit 7c70cdc
- net: openvswitch: fix overwriting ct original tuple for ICMPv6
(bsc#1226783 CVE-2024-38558).
- net/smc: fix illegal rmb_desc access in SMC-D connection dump
(bsc#1220942 CVE-2024-26615).
- commit eaeef60
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- commit b1ce67e
- KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID
is out-of-bounds (git-fixes).
- commit 9ec2217
- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- commit 083e305
- KVM: x86: Save/restore all NMIs when multiple NMIs are pending
(git-fixes).
- commit 8bd778f
- block: don't add partitions if GD_SUPPRESS_PART_SCAN is set
(bsc#1227162).
- commit 71773a0
- block, loop: support partitions without scanning (bsc#1227162).
- blacklist.conf:
- commit bb86429
- KVM: x86: Honor architectural behavior for aliased 8-bit APIC
IDs (git-fixes).
- commit bf2b1de
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
(git-fixes CVE-2024-36955 bsc#1225810).
- Update
patches.suse/Bluetooth-qca-fix-firmware-check-error-path.patch
(git-fixes CVE-2024-36942 bsc#1225843).
- Update
patches.suse/Reapply-drm-qxl-simplify-qxl_fence_wait.patch
(stable-fixes CVE-2024-36944 bsc#1225847).
- Update
patches.suse/arm64-asm-bug-Add-.align-2-to-the-end-of-__BUG_ENTRY.patch
(git-fixes CVE-2024-39488 bsc#1227618).
- Update
patches.suse/fbdev-savage-Handle-err-return-when-savagefb_check_v.patch
(git-fixes CVE-2024-39475 bsc#1227435).
- Update
patches.suse/firewire-ohci-mask-bus-reset-interrupts-between-ISR-.patch
(stable-fixes CVE-2024-36950 bsc#1225895).
- Update
patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
(git-fixes CVE-2024-36959 bsc#1225839).
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- Update patches.suse/qibfs-fix-dentry-leak.patch (git-fixes
CVE-2024-36947 bsc#1225856).
- Update
patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
(bsc#1224767 CVE-2024-36919 bsc#1225767).
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes bsc#1223675 CVE-2024-269355 CVE-2024-26935).
- Update
patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch
(bsc#1221777 CVE-2024-36952 bsc#1225898).
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
(bsc#1221777 CVE-2024-36924 bsc#1225820).
- Update
patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
(git-fixes CVE-2024-36941 bsc#1225835).
- commit 54600b7
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713 bsc#1227549).
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226758 CVE-2024-38559 bsc#1226785).
- Update
patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186
CVE-2024-26800 bsc#1222728).
- commit 329a684
- KVM: SVM: Process ICR on AVIC IPI delivery failure due to
invalid target (git-fixes).
- commit 112065d
- KVM: x86: Purge "highest ISR" cache when updating APICv state
(git-fixes).
- commit a129b88
- KVM: x86: Disable APIC logical map if vCPUs are aliased in
logical mode (git-fixes).
- commit 8d68b06
- vfio/fsl-mc: Block calling interrupt handler without trigger
(bsc#1222810 CVE-2024-26814).
- commit 520ae3c
- KVM: x86: Disable APIC logical map if logical ID covers multiple
MDAs (git-fixes).
- commit 0357410
- KVM: Always flush async #PF workqueue when vCPU is being
destroyed (bsc#1223635 CVE-2024-26976).
- commit c5ed396
- virtio-blk: fix implicit overflow on virtio_max_dma_size
(bsc#1225573 CVE-2023-52762).
- commit 4296dc1
- KVM: x86: Skip redundant x2APIC logical mode optimized cluster
setup (git-fixes).
- commit 288a73b
- vfio/platform: Create persistent IRQ handlers (bsc#1222809
CVE-2024-26813).
- commit a8290e8
- KVM: x86: Explicitly track all possibilities for APIC map's
logical modes (git-fixes).
- commit 2cf1fb4
- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- commit 07e2e07
- KVM: x86: Explicitly skip optimized logical map setup if vCPU's
LDR==0 (git-fixes).
- commit d6f5973
- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- commit f2aaa1a
- KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC
routes (git-fixes).
- commit a815f21
- KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR
in CPUID (git-fixes).
- commit ccf2508
- net: mana: Fix possible double free in error handling path (git-fixes).
- RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted (bsc#1225744, CVE-2024-36909).
- uio_hv_generic: Don't free decrypted memory (bsc#1225717, CVE-2024-36910).
- hv_netvsc: Don't free decrypted memory (bsc#1225745, CVE-2024-36911).
- Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752, CVE-2024-36912).
- Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753, CVE-2024-36913).
- commit a860c7f
- tpm, tpm_tis: correct tpm_tis_flags enumeration values
(bsc#1082555).
- commit ee1e789
- KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT
Misconfig (git-fixes).
- commit 0d2641d
- KVM: VMX: Report up-to-date exit qualification to userspace
(git-fixes).
- commit 606216a
- tpm_tis: Resend command to recover from data transfer errors
(bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside
tpm_tis_resume (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on
resume (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers
(bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector
(bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts
(bsc#1082555).
- tpm: Allow system suspend to continue when TPM suspend fails
(bsc#1082555).
- commit 7f61c0e
- KVM: x86: Fix broken debugregs ABI for 32 bit kernels
(git-fixes).
- commit eea9593
- KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- commit 2af46f6
- Refresh
patches.suse/bpf-keep-track-of-max-number-of-bpf_loop-callback-it.patch.
(bsc#1225903)
Include missing changes in
tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
was not backported previously.
- commit 69cbb3f
- Refresh
patches.suse/bpf-verify-callbacks-as-if-they-are-called-unknown-n.patch.
(bsc#1225903)
Include missing changes in
tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
was not backported previously.
- commit 8238035
- btrfs: validate device maj:min during open (bsc#1227162).
- commit f49f11d
- btrfs: use dev_t to match device in device_matched
(bsc#1227162).
- commit 4a1fa42
- btrfs: add device major-minor info in the struct btrfs_device
(bsc#1227162).
- commit 297d7e5
- btrfs: match stale devices by dev_t (bsc#1227162).
- commit ee773dd
- btrfs: harden identification of a stale device (bsc#1227162).
- commit 9bf979f
- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- commit 1a2918c
- btrfs: remove the cross file system checks from remap
(bsc#1227157).
- commit b30d559
- arm64: dts: rockchip: fix alphabetical ordering RK3399 puma (git-fixes)
In order to apply current patch need to refresh:
arm64-dts-rockchip-enable-internal-pull-up-on-PCIE_WAKE-for-RK3399-Puma.patch
- commit 36ab413
- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- commit f6380d7
- blacklist.conf: ("arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK")
- commit 3dd6408
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- commit 7c8b066
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- commit c6de453
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- commit 2d5f667
- blacklist.conf: ("arm64: dts: broadcom: bcmbca: bcm4908: set brcm,wp-not-connected")
- commit 9393d29
- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- commit dc0a371
- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- commit 37fadad
- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- commit f1a9bcf
- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- commit 296515d
- selftests/bpf: test case for callback_depth states pruning logic
(bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is
tracked (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks
(bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier
(bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in
regsafe() (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar
ids (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence
of subprogs (bsc#1225903).
- selftests/bpf: populate map_array_ro map for
verifier_array_access test (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for
test_loader (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored
(bsc#1225903).
- selftests/bpf: Add a selftest for checking subreg equality
(bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier
tests (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c
(bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c
(bsc#1225903).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h
(bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error
(bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple
expected messages (bsc#1225903).
- commit d974185
- tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328 CVE-2024-26665).
- commit ba586e2
- ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557
CVE-2024-35995).
- commit dccf281
- ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
(bsc#1224557 CVE-2024-35995).
- commit a961424
- nfs: Handle error of rpc_proc_register() in nfs_net_init()
(CVE-2024-36939 bsc#1225838).
- commit 1e7c712
- SUNRPC: avoid soft lockup when transmitting UDP to reachable
server (bsc#1225272).
- commit a570654
- Update patches.suse/net-tls-factor-out-tls_-crypt_async_wait.patch.
- fix build warning
- commit 01715f7
- netfilter: conntrack: ignore overly delayed tcp packets
(bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return
value (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window
(bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker
(bsc#1223180).
- commit f482451
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869 CVE-2024-42230).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869 CVE-2024-42230).
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869).
- commit c9d175f
- kernel-binary: vdso: Own module_dir
- commit ff69986
- ACPI: CPPC: Use access_width over bit_width for system memory
accesses (bsc#1224557 CVE-2024-35995).
- commit 1947557
- drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323 CVE-2024-26661)
- commit c59a952
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
fixed incorrect bug number reference
- commit 999a0f9
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
Fixed incorrect bug reference.
- commit e3b8fb6
- net/dcb: check for detached device before executing callbacks
(bsc#1215587).
- commit a6082a0
- kABI: rtas: Workaround false positive due to lost definition
(bsc#1227487).
- commit fb8a8f3
- net/core: Fix ETH_P_1588 flow dissector (bsc#1220876
CVE-2023-52580).
- commit 0ff3299
- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- sched/fair: Don't balance task to its current running CPU
(git fixes (sched)).
- kernel/sched: Remove dl_boosted flag comment (git fixes
(sched)).
- commit 27be692
- blacklist.conf: Unsupported architecture
- commit 74cc76a
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
(git-fixes).
- commit 4c4245d
- powerpc/rtas: Prevent Spectre v1 gadget construction in
sys_rtas() (bsc#1227487).
- commit 9648fb4
- tls: fix use-after-free on failed backlog decryption
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: separate no-async decryption request handling from async
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: decrement decrypt_pending if no async completion will be
called (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: handle backlogging of crypto requests (CVE-2024-26584
bsc#1220186).
- tls: fix race between tx work scheduling and socket close
(CVE-2024-26585 bsc#1220187).
- tls: fix race between async notify and socket close
(CVE-2024-26583 bsc#1220185).
- net: tls: factor out tls_*crypt_async_wait() (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: fix async vs NIC crypto offload (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: use async as an in-out argument (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: assume crypto always calls our callback (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't track the async count (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: simplify async wait (CVE-2024-26583 CVE-2024-26584
bsc#1220185 bsc#1220186).
- tls: rx: wrap decryption arguments in a structure
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't report text length from the bowels of decrypt
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: drop unnecessary arguments from tls_setup_from_iter()
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- commit 63dd4a4
- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- commit b623ae1
- drm/nouveau: fix null pointer dereference in
nouveau_connector_get_modes (git-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer
(stable-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info
(stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
nv17_tv_get_ld_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
nv17_tv_get_hd_modes (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for
EliteBook 645/665 G11 (stable-fixes).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host
(stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host
(stable-fixes).
- xhci: Set correct transferred length for cancelled bulk
transfers (stable-fixes).
- ACPI: x86: Force StorageD3Enable on more products
(stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs
(git-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the
Belkin F5U002 (stable-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
(stable-fixes).
- power: supply: cros_usbpd: provide ID table for avoiding
fallback match (stable-fixes).
- mtd: partitions: redboot: Added conversion of operands to a
larger type (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- ALSA: emux: improve patch ioctl data validation (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory
(stable-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers
that sleep (stable-fixes).
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
(stable-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref()
(stable-fixes).
- HID: Add quirk for Logitech Casa touchpad (stable-fixes).
- ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7
(stable-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release
(stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of
pointer message (stable-fixes).
- Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c &
amdgpu_device.c (stable-fixes).
- Bluetooth: hci_qca: mark OF related data as maybe unused
(stable-fixes).
- ACPI: x86: utils: Add Picasso to the list for forcing
StorageD3Enable (stable-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- PCI: Add PCI_ERROR_RESPONSE and related definitions
(stable-fixes).
- commit 7f3043b
- RDMA/restrack: Fix potential invalid address access (git-fixes)
- commit 23ae4ef
- bpf: check bpf_func_state->callback_depth when pruning states
(bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global
func exit (bsc#1225903).
- commit d19d633
- bcache: fix variable length array abuse in btree_iter
(CVE-2024-39482 bsc#1227447).
- commit 17815f2
- soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683
CVE-2024-35819).
- commit 450645b
- soc: fsl: qbman: Add CGR update function (bsc#1224683
CVE-2024-35819).
- commit 2baf830
- soc: fsl: qbman: Add helper for sanity checking cgr ops
(bsc#1224683 CVE-2024-35819).
- commit 47079b2
- Delete
patches.suse/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch.
Will be replaced with a refreshed version once all conflicting new patches are in.
- commit a0fa0a3
- hwmon: (axi-fan-control) Fix possible NULL pointer dereference
(git-fixes CVE-2023-52863 bsc#1225586).
- commit 084eb37
- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- can: kvaser_usb: Explicitly initialize family in leafimx
driver_info struct (git-fixes).
- Bluetooth: qca: Fix BT enable failure again for QCA6390 after
warm reboot (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
(git-fixes).
- commit 2b22fa3
- kABI: bpf: callback fixes kABI workaround (bsc#1225903).
- kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kABI: bpf: bpf_reg_state reorganization kABI workaround
(bsc#1225903).
- kABI: bpf: struct bpf_{idmap,idset} kABI workaround
(bsc#1225903).
- commit c363b0e
- jfs: xattr: fix buffer overflow for invalid xattr
(bsc#1227383).
- commit 33e2d96
- blacklist.conf: Add 8b793bcda61f watchdog: move softlockup_panic back to early_param
- commit 884e27b
- blacklist.conf: Add d988d9a9b9d1 panic: Flush kernel log buffer at the end
- commit 1b88df8
- net: tulip: de4x5: fix the problem that the array 'lp->phy'
may be out of bound (bsc#1225505 CVE-2021-47547).
- commit 9f2e6d7
- Update
patches.suse/arm64-mm-Batch-dsb-and-isb-when-populating-pgtables.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/arm64-mm-Don-t-remap-pgtables-for-allocate-vs-populate.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/arm64-mm-Don-t-remap-pgtables-per-cont-pte-pmd-block.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/arm64-mm-don-t-acquire-mutex-when-rewriting-swapper.patch
(jsc#PED-8690 bsc#1226202).
- Update
patches.suse/net-ena-Fix-redundant-device-NUMA-node-override.patch
(jsc#PED-8690 bsc#1226202).
- commit 6a3ad32
- Update
patches.suse/usb-gadget-printer-fix-races-against-disable.patch
(CVE-2024-25741 bsc#1219832).
- commit ad103cc
- md: fix resync softlockup when bitmap size is less than array
size (CVE-2024-38598, bsc#1226757).
- commit 63bdd4c
- Replaced by upstream version and add CVE-2024-35979 bsc#1224572 References,
patches.suse/raid1-fix-use-after-free-for-original-bio-in-raid1_w-fcf3.patch.
- commit b286e82
- dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743,
CVE-2024-35805).
- commit cd48313
- llc: make llc_ui_sendmsg() more robust against bonding changes
(CVE-2024-26636 bsc#1221659).
- commit ecb089c
- llc: Drop support for ETH_P_TR_802_2 (CVE-2024-26635
bsc#1221656).
- commit 1100e9f
- usb: gadget: u_audio: Fix race condition use of controls after
free during gadget unbind (CVE-2024-38628 bsc#1226911).
- commit 9098f97
- usb: gadget: u_audio: clean up some inconsistent indenting
(CVE-2024-38628 bsc#1226911).
- commit 59d56d9
- blacklist.conf: 9cb46b31f3d0 drm/xe/xe_migrate: Cast to output precision before multiplying operands
- commit f111be2
- ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
(CVE-2024-26641 bsc#1221654).
- commit 41bffae
- hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021
CVE-2024-26863).
- commit f065753
- ip6_tunnel: fix NEXTHDR_FRAGMENT handling in
ip6_tnl_parse_tlv_enc_lim() (CVE-2024-26633 bsc#1221647).
- commit f5f5027
- gfs2: Fix potential glock use-after-free on unmount (bsc#1226775
CVE-2024-38570).
- gfs2: Rename sd_{ glock => kill }_wait (bsc#1226775
CVE-2024-38570).
- gfs2: Use container_of() for gfs2_glock(aspace) (bsc#1226775
CVE-2024-38570).
- commit 1854bb6
- io_uring: check for non-NULL file pointer in io_file_can_poll()
(bsc#1226990 CVE-2024-39371).
- commit f9fcf1f
- fs/9p: fix uninitialized values during inode evict (bsc#1225815
CVE-2024-36923).
- commit 40f7a6e
- hsr: Prevent use after free in prp_create_tagged_frame()
(CVE-2023-52846 bsc#1225098).
- commit 74c7662
- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot
of subvolume being deleted (bsc#1221282).
- btrfs: don't abort filesystem when attempting to snapshot
deleted subvolume (bsc#1221282 CVE-2024-26644 bsc#1222072).
- commit 7829d14
- btrfs: fix crash on racing fsync and size-extending write into
prealloc (bsc#1227101 CVE-2024-37354).
- commit 899b45b
- kbuild: do not include include/config/auto.conf from shell
scripts (bsc#1227274).
- commit c743753
- kernel-doc: fix struct_group_tagged() parsing (git-fixes).
- lib: memcpy_kunit: Fix an invalid format specifier in an
assertion msg (git-fixes).
- commit d600a63
- mtd: rawnand: rockchip: ensure NVDDR timings are rejected
(git-fixes).
- mtd: rawnand: Bypass a couple of sanity checks during NAND
identification (git-fixes).
- mtd: rawnand: Ensure ECC configuration is propagated to upper
layers (git-fixes).
- commit 69e8827
- bpf: keep track of max number of bpf_loop callback iterations
(bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- commit 4740932
- bpf: verify callbacks as if they are called unknown number of
times (bsc#1225903).
- Refresh patches.kabi/bpf-struct-bpf_insn_aux_data-workaround.patch
- bpf: clean up visit_insn()'s instruction processing
(bsc#1225903).
- Refresh patches.suse/bpf-handle-ldimm64-properly-in-check_cfg.patch
- bpf: Remove unused insn_cnt argument from
visit_[func_call_]insn() (bsc#1225903).
- Refresh patches.suse/bpf-handle-ldimm64-properly-in-check_cfg.patch
- commit 4cfaa45
- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in
strobemeta (bsc#1225903).
- bpf: print full verifier states on infinite loop detection
(bsc#1225903).
- bpf: Fix memory leaks in __check_func_call (bsc#1225903).
- commit 319cd93
- Update
patches.suse/0001-dm-btree-remove-fix-use-after-free-in-rebalance_chil.patch
(git-fixes CVE-2021-47600 bsc#1226575).
- Update
patches.suse/ALSA-hda-Fix-UAF-of-leds-class-devs-at-unbinding.patch
(bsc#1195349 CVE-2022-48735 bsc#1226719).
- Update
patches.suse/ARM-9170-1-fix-panic-when-kasan-and-kprobe-are-enabl.patch
(git-fixes CVE-2021-47618 bsc#1226644).
- Update
patches.suse/ASoC-hdmi-codec-Fix-OOB-memory-accesses.patch
(git-fixes CVE-2022-48739 bsc#1226675).
- Update
patches.suse/ASoC-max9759-fix-underflow-in-speaker_gain_control_p.patch
(git-fixes CVE-2022-48717 bsc#1226679).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4cf28e9ae6e2.patch
(git-fixes CVE-2022-48736 bsc#1226721).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_-4f1e50d6a9cf.patch
(git-fixes CVE-2022-48737 bsc#1226762).
- Update
patches.suse/ASoC-ops-Reject-out-of-bounds-values-in-snd_soc_put_.patch
(git-fixes CVE-2022-48738 bsc#1226674).
- Update
patches.suse/Bluetooth-refactor-malicious-adv-data-check.patch
(git-fixes CVE-2021-47620 bsc#1226669).
- Update patches.suse/IB-hfi1-Fix-AIP-early-init-panic.patch
(git-fixes CVE-2022-48728 bsc#1226691).
- Update
patches.suse/IB-hfi1-Fix-panic-with-larger-ipoib-send_queue_size.patch
(jsc#SLE-19242 CVE-2022-48729 bsc#1226710).
- Update
patches.suse/KVM-LAPIC-Also-cancel-preemption-timer-during-SET_LA.patch
(git-fixes CVE-2022-48765 bsc#1226697).
- Update
patches.suse/KVM-arm64-Avoid-consuming-a-stale-esr-value-when-SEr.patch
(git-fixes CVE-2022-48727 bsc#1226690).
- Update
patches.suse/KVM-x86-Forcibly-leave-nested-virt-when-SMM-state-is.patch
(git-fixes CVE-2022-48763 bsc#1226628).
- Update
patches.suse/PCI-pciehp-Fix-infinite-loop-in-IRQ-handler-upon-pow.patch
(git-fixes CVE-2021-47617 bsc#1226614).
- Update
patches.suse/RDMA-Fix-use-after-free-in-rxe_queue_cleanup.patch
(jsc#SLE-19249 CVE-2021-47616 bsc#1226603).
- Update
patches.suse/RDMA-irdma-Fix-a-user-after-free-in-add_pble_prm.patch
(jsc#SLE-18383 CVE-2021-47614 bsc#1226601).
- Update
patches.suse/RDMA-mlx5-Fix-releasing-unallocated-memory-in-dereg-.patch
(jsc#SLE-19253 CVE-2021-47615 bsc#1226602).
- Update
patches.suse/RDMA-siw-Fix-refcounting-leak-in-siw_create_qp.patch
(jsc#SLE-19249 CVE-2022-48725 bsc#1226618).
- Update
patches.suse/RDMA-ucma-Protect-mc-during-concurrent-multicast-lea.patch
(git-fixes CVE-2022-48726 bsc#1226686).
- Update
patches.suse/USB-core-Fix-hang-in-usb_kill_urb-by-adding-memory-b.patch
(git-fixes CVE-2022-48760 bsc#1226712).
- Update
patches.suse/USB-core-Make-do_proc_control-and-do_proc_bulk-killa.patch
(git-fixes CVE-2021-47582 bsc#1226559).
- Update
patches.suse/audit-improve-robustness-of-the-audit-queue-handling.patch
(git-fixes CVE-2021-47603 bsc#1226577).
- Update patches.suse/block-Fix-wrong-offset-in-bio_truncate.patch
(bsc#1202780 CVE-2022-48747 bsc#1226643).
- Update
patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-cmpxchg-s-r.patch
(git-fixes CVE-2021-47607 bsc#1226580).
- Update
patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-fetch.patch
(bsc#1193883 bsc#1194826 CVE-2022-0264 CVE-2021-47608
bsc#1226569).
- Update
patches.suse/bpf-Protect-against-int-overflow-for-stack-access-si.patch
(bsc#1224488 CVE-2024-35905).
- Update
patches.suse/btrfs-fix-deadlock-between-quota-disable-and-qgroup-.patch
(bsc#1199295 CVE-2022-48734 bsc#1226626).
- Update
patches.suse/btrfs-fix-memory-leak-in-__add_inode_ref.patch
(bsc#1197915 CVE-2021-47585 bsc#1226556).
- Update
patches.suse/ceph-properly-put-ceph_string-reference-after-async-create-attempt.patch
(bsc#1195341 CVE-2022-48767 bsc#1226715).
- Update
patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
(git-fixes CVE-2022-48730 bsc#1226713).
- Update
patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
(git-fixes CVE-2022-48749 bsc#1226650).
- Update
patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
(git-fixes CVE-2022-48756 bsc#1226698).
- Update
patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
(git-fixes CVE-2022-48732 bsc#1226716).
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(git-fixes CVE-2021-47534).
- Update
patches.suse/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch
(CVE-2022-22942 bsc#1195065 CVE-2022-48771 bsc#1226732).
- Update
patches.suse/efi-runtime-avoid-EFIv2-runtime-services-on-Apple-x8.patch
(git-fixes CVE-2022-48769 bsc#1226629).
- Update
patches.suse/ext4-fix-error-handling-in-ext4_fc_record_modified_i.patch
(bsc#1202767 CVE-2022-48712 bsc#1226673).
- Update
patches.suse/firmware-arm_scpi-Fix-string-overflow-in-SCPI-genpd-.patch
(git-fixes CVE-2021-47609 bsc#1226562).
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766).
- Update patches.suse/i40e-Fix-queues-reservation-for-XDP.patch
(git-fixes CVE-2021-47619 bsc#1226645).
- Update patches.suse/igbvf-fix-double-free-in-igbvf_probe.patch
(jsc#SLE-18379 CVE-2021-47589 bsc#1226557).
- Update
patches.suse/inet_diag-fix-kernel-infoleak-for-UDP-sockets.patch
(git-fixes CVE-2021-47597 bsc#1226553).
- Update
patches.suse/iocost-Fix-divide-by-zero-on-donation-from-low-hweig.patch
(bsc#1198014 CVE-2021-47584 bsc#1226564).
- Update
patches.suse/iommu-vt-d-fix-potential-memory-leak-in-intel_setup_irq_remapping
(git-fixes CVE-2022-48724 bsc#1226624).
- Update
patches.suse/isdn-cpai-check-ctr-cnr-to-avoid-array-index-out-of-.patch
(stable-5.14.15 CVE-2021-43389 CVE-2021-3896 bsc#1191958
CVE-2021-4439 bsc#1226670).
- Update
patches.suse/mac80211-track-only-QoS-data-frames-for-admission-co.patch
(git-fixes CVE-2021-47602 bsc#1226554).
- Update
patches.suse/mac80211-validate-extended-element-ID-is-present.patch
(git-fixes CVE-2021-47611 bsc#1226583).
- Update
patches.suse/media-mxl111sf-change-mutex_init-location.patch
(git-fixes CVE-2021-47583 bsc#1226563).
- Update
patches.suse/net-amd-xgbe-Fix-skb-data-length-underflow.patch
(git-fixes CVE-2022-48743 bsc#1226705).
- Update
patches.suse/net-hns3-fix-use-after-free-bug-in-hclgevf_send_mbx_.patch
(bsc#1190336 CVE-2021-47596 bsc#1226558).
- Update
patches.suse/net-ieee802154-ca8210-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48722 bsc#1226619).
- Update
patches.suse/net-macsec-Fix-offload-support-for-NETDEV_UNREGISTER.patch
(git-fixes CVE-2022-48720 bsc#1226683).
- Update
patches.suse/net-mlx5-Use-del_timer_sync-in-fw-reset-flow-of-halt.patch
(git-fixes CVE-2022-48745 bsc#1226702).
- Update
patches.suse/net-mlx5e-Avoid-field-overflowing-memcpy.patch
(git-fixes CVE-2022-48744 bsc#1226696).
- Update
patches.suse/net-mlx5e-Fix-handling-of-wrong-devices-during-bond-.patch
(git-fixes CVE-2022-48746 bsc#1226703).
- Update
patches.suse/net-smc-Forward-wakeup-to-smc-socket-waitqueue-after-fallback
(git-fixes CVE-2022-48721 bsc#1226685).
- Update
patches.suse/net-smc-Transitional-solution-for-clcsock-race-issue
(git-fixes CVE-2022-48751 bsc#1226653).
- Update
patches.suse/net-stmmac-dwmac-rk-fix-oob-read-in-rk_gmac_setup.patch
(git-fixes CVE-2021-47586 bsc#1226561).
- Update
patches.suse/net-stmmac-fix-tc-flower-deletion-for-VLAN-priority-.patch
(git-fixes CVE-2021-47592 bsc#1226572).
- Update
patches.suse/net-systemport-Add-global-locking-for-descriptor-lif.patch
(git-fixes CVE-2021-47587 bsc#1226567).
- Update
patches.suse/nfc-fix-segfault-in-nfc_genl_dump_devices_done.patch
(git-fixes CVE-2021-47612 bsc#1226585).
- Update
patches.suse/of-module-prevent-NULL-pointer-dereference-in-vsnprintf.patch
(bsc#1226587 CVE-2024-38541 CVE-2024-35878 bsc#1224671).
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713).
- Update patches.suse/phylib-fix-potential-use-after-free.patch
(git-fixes CVE-2022-48754 bsc#1226692).
- Update
patches.suse/powerpc-perf-Fix-power_pmu_disable-to-call-clear_pmi.patch
(bsc#1156395 CVE-2022-48752 bsc#1226709).
- Update
patches.suse/rpmsg-char-Fix-race-between-the-release-of-rpmsg_ctr.patch
(git-fixes CVE-2022-48759 bsc#1226711).
- Update
patches.suse/scsi-bnx2fc-Flush-destroy_work-queue-before-calling-bnx2fc_interface_put
(git-fixes bsc#1196746 CVE-2022-48758 bsc#1226708).
- Update patches.suse/scsi-bnx2fc-Make-bnx2fc_recv_frame-mp-safe
(git-fixes bsc#1196746 CVE-2022-48715 bsc#1226621).
- Update
patches.suse/scsi-scsi_debug-Don-t-call-kcalloc-if-size-arg-is-zero.patch
(git-fixes CVE-2021-47578 bsc#1226539).
- Update
patches.suse/scsi-scsi_debug-Fix-type-in-min_t-to-avoid-stack-OOB.patch
(git-fixes CVE-2021-47580 bsc#1226550).
- Update
patches.suse/scsi-scsi_debug-Sanity-check-block-descriptor-length-in-resp_mode_select.patch
(git-fixes CVE-2021-47576 bsc#1226537).
- Update
patches.suse/selinux-fix-double-free-of-cond_list-on-error-paths.patch
(git-fixes CVE-2022-48740 bsc#1226699).
- Update
patches.suse/spi-uniphier-fix-reference-count-leak-in-uniphier_sp.patch
(git-fixes CVE-2022-48723 bsc#1226617).
- Update patches.suse/tee-amdtee-fix-an-IS_ERR-vs-NULL-bug.patch
(jsc#SLE-21844 CVE-2021-47601 bsc#1226576).
- Update
patches.suse/tipc-improve-size-validations-for-received-domain-re.patch
(bsc#1195254 CVE-2022-0435 CVE-2022-48711 bsc#1226672).
- Update
patches.suse/tracing-histogram-Fix-a-potential-memory-leak-for-kstrdup.patch
(git-fixes CVE-2022-48768 bsc#1226720).
- Update
patches.suse/usb-xhci-plat-fix-crash-when-suspend-if-remote-wake-.patch
(git-fixes CVE-2022-48761 bsc#1226701).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800).
- commit cc322a0
- X.509: Fix the parser of extended key usage for length
(bsc#1218820).
- commit c5d6d23
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()
(CVE-2024-36904 bsc#1225732).
- commit 975b193
- bpf: correct loop detection for iterators convergence
(bsc#1225903).
- commit c7253b6
- bpf: exact states comparison for iterator convergence checks
(bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c
(bsc#1225903).
- bpf: Verify scalar ids mapping in regsafe() using check_ids()
(bsc#1225903).
- bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
- bpf: fix calculation of subseq_idx during precision backtracking
(bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-backtracking-instruction-iteration.patch
- commit 7f3ee03
- bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
- commit 3786246
- Update
patches.suse/1203-drm-mxsfb-Fix-NULL-pointer-dereference.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48718 bsc#1226616).
- Update
patches.suse/1250-drm-amd-display-Wrap-dcn301_calculate_wm_and_dlg-for.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-48766 bsc#1226704).
- Update
patches.suse/1327-drm-msm-Fix-null-ptr-access-msm_ioctl_gem_submit.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2021-47610 bsc#1226581).
- Update
patches.suse/ALSA-Fix-deadlocks-with-kctl-removals-at-disconnecti.patch
(stable-fixes CVE-2024-38600 bsc#1226864).
- Update
patches.suse/ALSA-core-Fix-NULL-module-pointer-assignment-at-card.patch
(git-fixes CVE-2024-38605 bsc#1226740).
- Update
patches.suse/ALSA-hda-cs_dsp_ctl-Use-private_free-for-control-cle.patch
(git-fixes CVE-2024-38388 bsc#1226890).
- Update
patches.suse/ALSA-timer-Set-lower-bound-of-start-tick-time.patch
(stable-fixes git-fixes CVE-2024-38618 bsc#1226754).
- Update
patches.suse/ASoC-kirkwood-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-38550 bsc#1226633).
- Update
patches.suse/Input-cyapa-add-missing-input-core-locking-to-suspen.patch
(git-fixes CVE-2023-52884 bsc#1226764).
- Update
patches.suse/KEYS-trusted-Do-not-use-WARN-when-encode-fails.patch
(git-fixes CVE-2024-36975 bsc#1226520).
- Update
patches.suse/KEYS-trusted-Fix-memory-leak-in-tpm2_key_encode.patch
(git-fixes CVE-2024-36967 bsc#1226131).
- Update
patches.suse/RDMA-hns-Fix-deadlock-on-SRQ-async-events.patch
(git-fixes CVE-2024-38591 bsc#1226738).
- Update
patches.suse/RDMA-hns-Modify-the-print-level-of-CQE-error.patch
(git-fixes CVE-2024-38590 bsc#1226839).
- Update
patches.suse/RDMA-rxe-Fix-seg-fault-in-rxe_comp_queue_pkt.patch
(git-fixes CVE-2024-38544 bsc#1226597).
- Update
patches.suse/block-fix-memory-leak-in-disk_register_independent_a.patch
(jsc#PED-1183 CVE-2022-48753 bsc#1226693).
- Update
patches.suse/bnxt_re-avoid-shift-undefined-behavior-in-bnxt_qplib.patch
(git-fixes CVE-2024-38540 bsc#1226582).
- Update
patches.suse/bpf-Guard-against-accessing-NULL-pt_regs-in-bpf_get_.patch
(jsc#PED-1377 CVE-2022-48770 bsc#1226730).
- Update
patches.suse/bpf-Use-VM_MAP-instead-of-VM_ALLOC-for-ringbuf.patch
(jsc#PED-1377 CVE-2022-48714 bsc#1226622).
- Update
patches.suse/btrfs-fix-use-after-free-after-failure-to-create-a-s.patch
(git-fixes CVE-2022-48733 bsc#1226718).
- Update
patches.suse/cppc_cpufreq-Fix-possible-null-pointer-dereference.patch
(git-fixes CVE-2024-38573 bsc#1226739).
- Update patches.suse/crypto-bcm-Fix-pointer-arithmetic.patch
(git-fixes CVE-2024-38579 bsc#1226637).
- Update
patches.suse/drm-amd-display-Fix-division-by-zero-in-setup_dsc_co.patch
(stable-fixes CVE-2024-36969 bsc#1226155).
- Update
patches.suse/drm-amd-display-Fix-potential-index-out-of-bounds-in.patch
(git-fixes CVE-2024-38552 bsc#1226767).
- Update
patches.suse/drm-amdgpu-add-error-handle-to-avoid-out-of-bounds.patch
(stable-fixes CVE-2024-39471 bsc#1227096).
- Update
patches.suse/drm-amdgpu-mes-fix-use-after-free-issue.patch
(stable-fixes CVE-2024-38581 bsc#1226657).
- Update
patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
(git-fixes CVE-2024-38548).
- Update
patches.suse/drm-mediatek-Add-0-size-check-to-mtk_drm_gem_obj.patch
(git-fixes CVE-2024-38549 bsc#1226735).
- Update
patches.suse/drm-msm-a6xx-Avoid-a-nullptr-dereference-when-speedb.patch
(git-fixes CVE-2024-38390 bsc#1226891).
- Update
patches.suse/drm-vc4-Fix-possible-null-pointer-dereference.patch
(git-fixes CVE-2024-38546 bsc#1226593).
- Update
patches.suse/drm-vmwgfx-Fix-invalid-reads-in-fence-signaled-event.patch
(git-fixes CVE-2024-36960 bsc#1225872).
- Update
patches.suse/efi-libstub-only-free-priv.runtime_map-when-allocate.patch
(git-fixes CVE-2024-33619 bsc#1226768).
- Update
patches.suse/io-wq-check-for-wq-exit-after-adding-new-worker-task.patch
(bsc#1205205 CVE-2021-47577 bsc#1226538).
- Update
patches.suse/jffs2-prevent-xattr-node-from-overflowing-the-eraseblock.patch
(git-fixes CVE-2024-38599 bsc#1226848).
- Update
patches.suse/media-atomisp-ssh_css-Fix-a-null-pointer-dereference.patch
(git-fixes CVE-2024-38547 bsc#1226632).
- Update
patches.suse/media-lgdt3306a-Add-a-check-against-null-pointer-def.patch
(stable-fixes CVE-2022-48772 bsc#1226976).
- Update
patches.suse/media-stk1160-fix-bounds-checking-in-stk1160_copy_vi.patch
(git-fixes CVE-2024-38621 bsc#1226895).
- Update
patches.suse/net-bridge-vlan-fix-memory-leak-in-__allowed_ingress.patch
(git-fixes CVE-2022-48748 bsc#1226647).
- Update
patches.suse/net-sched-sch_ets-don-t-remove-idle-classes-from-the.patch
(bsc#1207361 CVE-2021-47595 bsc#1226552).
- Update
patches.suse/netfilter-complete-validation-of-user-input.patch
(CVE-2024-35896 bsc#1224662 git-fixes CVE-2024-35962
bsc#1224583).
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_rx_work.patch
(git-fixes CVE-2024-38381 bsc#1226878).
- Update
patches.suse/nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch
(stable-fixes CVE-2024-38582 bsc#1226658).
- Update
patches.suse/nilfs2-fix-use-after-free-of-timer-for-log-writer-th.patch
(git-fixes CVE-2024-38583 bsc#1226777).
- Update
patches.suse/powerpc64-bpf-Limit-ldbrx-to-processors-compliant-wi.patch
(jsc#PED-1377 CVE-2022-48755 bsc#1226706).
- Update
patches.suse/remoteproc-mediatek-Make-sure-IPI-buffer-fits-in-L2T.patch
(git-fixes CVE-2024-36965 bsc#1226149).
- Update
patches.suse/ring-buffer-Fix-a-race-between-readers-and-resize-checks.patch
(bsc#1222893 CVE-2024-38601 bsc#1226876).
- Update
patches.suse/scsi-qla2xxx-Fix-off-by-one-in-qla_edif_app_getstats.patch
(git-fixes CVE-2024-36025 bsc#1225704).
- Update
patches.suse/serial-max3100-Lock-port-lock-when-calling-uart_hand.patch
(git-fixes CVE-2024-38634 bsc#1226868).
- Update
patches.suse/serial-max3100-Update-uart_driver_registered-on-driv.patch
(git-fixes CVE-2024-38633 bsc#1226867).
- Update
patches.suse/soundwire-cadence-fix-invalid-PDI-offset.patch
(stable-fixes CVE-2024-38635 bsc#1226863).
- Update patches.suse/speakup-Fix-sizeof-vs-ARRAY_SIZE-bug.patch
(git-fixes CVE-2024-38587 bsc#1226780).
- Update
patches.suse/swiotlb-Fix-double-allocation-of-slots-due-to-broken-alignment-handling.patch
(bsc#1224331 CVE-2024-35814 bsc#1224602).
- Update
patches.suse/thermal-drivers-tsens-Fix-null-pointer-dereference.patch
(git-fixes CVE-2024-38571 bsc#1226737).
- Update
patches.suse/tpm_tis_spi-Account-for-SPI-header-when-allocating-TPM-SPI-xfer-buffer.patch
(bsc#1225535 CVE-2024-36477 bsc#1226840).
- Update
patches.suse/usb-storage-alauda-Check-whether-the-media-is-initia.patch
(git-fixes CVE-2024-38619 bsc#1226861).
- Update
patches.suse/vduse-check-that-offset-is-within-bounds-in-get_conf.patch
(jsc#PED-1549 CVE-2021-47604 bsc#1226566).
- Update
patches.suse/vduse-fix-memory-corruption-in-vduse_dev_ioctl.patch
(jsc#PED-1549 CVE-2021-47605 bsc#1226579).
- Update
patches.suse/watchdog-cpu5wdt.c-Fix-use-after-free-bug-caused-by-.patch
(git-fixes CVE-2024-38630 bsc#1226908).
- Update
patches.suse/wifi-ar5523-enable-proper-endpoint-verification.patch
(git-fixes CVE-2024-38565 bsc#1226747).
- Update
patches.suse/wifi-carl9170-add-a-proper-sanity-check-for-endpoint.patch
(git-fixes CVE-2024-38567 bsc#1226769).
- Update
patches.suse/wifi-carl9170-re-fix-fortified-memset-warning.patch
(git-fixes CVE-2024-38616 bsc#1226852).
- commit efd69a4
- tcp: do not accept ACK of bytes we never sent (CVE-2023-52881
bsc#1225611).
- commit ab5f35b
- bpf: support precision propagation in the presence of subprogs
(bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-backtracking-instruction-iteration.patch
- bpf: fix mark_all_scalars_precise use in mark_chain_precision
(bsc#1225903).
- bpf: fix propagate_precision() logic for inner frames
(bsc#1225903).
- bpf: maintain bitmasks across all active frames in
__mark_chain_precision (bsc#1225903).
- bpf: take into account liveness when propagating precision
(bsc#1225903).
- Refresh patches.suse/bpf-fix-precision-propagation-verbose-logging.patch
- commit c5f7596
- net: ena: Fix redundant device NUMA node override
(jsc#PED-8690).
- commit 629130c
- ata: ahci: Clean up sysfs file on error (git-fixes).
- ata: libata-core: Fix double free on error (git-fixes).
- ata: libata-core: Fix null pointer dereference on error
(git-fixes).
- kbuild: Install dtb files as 0644 in Makefile.dtbinst
(git-fixes).
- iio: chemical: bme680: Fix sensor data read operation
(git-fixes).
- iio: chemical: bme680: Fix overflows in compensate() functions
(git-fixes).
- iio: chemical: bme680: Fix calibration data variable
(git-fixes).
- iio: chemical: bme680: Fix pressure value output (git-fixes).
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
(git-fixes).
- iio: adc: ad7266: Fix variable checking bug (git-fixes).
- tty: mcf: MCF54418 has 10 UARTS (git-fixes).
- usb: dwc3: core: remove lock of otg mode during gadget
suspend/resume to avoid deadlock (git-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind()
(git-fixes).
- usb: gadget: printer: fix races against disable (git-fixes).
- commit 201a936
- i2c: testunit: discard write requests while old command is
running (git-fixes).
- i2c: testunit: don't erase registers after STOP (git-fixes).
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
(git-fixes).
- mmc: sdhci: Do not invert write-protect twice (git-fixes).
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
(git-fixes).
- commit 958e336
- gpiolib: cdev: Disallow reconfiguration without direction
(uAPI v1) (git-fixes).
- gpio: davinci: Validate the obtained number of IRQs (git-fixes).
- commit dc60c09
- net/9p: fix uninit-value in p9_client_rpc() (CVE-2024-39301
bsc#1226994).
- commit b325415
- arm64: mm: Don't remap pgtables for allocate vs populate
(jsc#PED-8690).
- arm64: mm: Batch dsb and isb when populating pgtables
(jsc#PED-8690).
- arm64: mm: Don't remap pgtables per-cont(pte|pmd) block
(jsc#PED-8690).
- arm64: mm: don't acquire mutex when rewriting swapper
(jsc#PED-8690).
- commit 911eabe
- smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103,
CVE-2024-39468).
- commit ef9e40f
- bpf: improve precision backtrack logging (bsc#1225903).
- bpf: encapsulate precision backtracking bookkeeping
(bsc#1225903).
- Refresh patches.suse/bpf-Fix-precision-tracking-for-BPF_ALU-BPF_TO_BE-BPF.patch
- bpf: mark relevant stack slots scratched for register read
instructions (bsc#1225903).
- commit acd95d8
- bpf: Improve verifier u32 scalar equality checking
(bsc#1225903).
- bpf: ensure state checkpointing at iter_next() call sites
(bsc#1225903).
- Refresh patches.kabi/bpf-struct-bpf_insn_aux_data-workaround.patch
- bpf: fix regs_exact() logic in regsafe() to remap IDs correctly
(bsc#1225903).
- bpf: perform byte-by-byte comparison only when necessary in
regsafe() (bsc#1225903).
- selftests/bpf: Verify copy_register_state() preserves
parent/live fields (bsc#1225903).
- bpf: Fix to preserve reg parent/live fields when copying range
info (bsc#1225903).
- commit 6ef5769
- bpf: reject non-exact register type matches in regsafe()
(bsc#1225903).
- bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
- bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
- bpf: teach refsafe() to take into account ID remapping
(bsc#1225903).
- selftests/bpf: test case for relaxed prunning of active_lock.id
(bsc#1225903).
- selftests/bpf: Add pruning test case for bpf_spin_lock
(bsc#1225903).
- bpf: use check_ids() for active_lock comparison (bsc#1225903).
- selftests/bpf: verify states_equal() maintains idmap across
all frames (bsc#1225903).
- bpf: states_equal() must build idmap for all function frames
(bsc#1225903).
- selftests/bpf: test cases for regsafe() bug skipping check_id()
(bsc#1225903).
- bpf: regsafe() must not skip check_ids() (bsc#1225903).
- selftests/bpf: make test_align selftest more robust
(bsc#1225903).
- bpf: aggressively forget precise markings during state
checkpointing (bsc#1225903).
- bpf: stop setting precise in current state (bsc#1225903).
- bpf: allow precision tracking for programs with subprogs
(bsc#1225903).
- Remove f655badf2a8f "bpf: fix propagate_precision() logic for inner
frames" from blacklist.conf, which is a fix for this
- commit 605166e
- iommu: mtk: fix module autoloading (git-fixes).
- commit 8d5ca45
- iommu: Return right value in iommu_sva_bind_device()
(git-fixes).
- iommu/amd: Fix sysfs leak in iommu init (git-fixes).
- commit 89e035d
- random: treat bootloader trust toggle the same way as cpu
trust toggle (bsc#1226953).
- commit ad48400
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
(bsc#1222015 bsc#1226962).
- commit 71e0b41
- Fix new build warnings regarding unused variables:
Changed build warnings:
* **** 2 warnings *****
* unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_queue_cap_unlink_work
../fs/ceph/mds_client.c: In function 'ceph_queue_cap_unlink_work':
../fs/ceph/mds_client.c:2421:22: warning: unused variable 'cl' [-Wunused-variable]
* unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_cap_unlink_work
../fs/ceph/mds_client.c: In function 'ceph_cap_unlink_work':
../fs/ceph/mds_client.c:2436:22: warning: unused variable 'cl' [-Wunused-variable]
- Refresh
patches.suse/ceph-add-ceph_cap_unlink_work-to-fire-check_caps-imme.patch.
- Refresh
patches.suse/ceph-switch-to-use-cap_delay_lock-for-the-unlink-dela.patch.
- commit 0e2186a
- ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820
(git-fixes).
- commit 7df4f37
- drm/i915/gt: Fix potential UAF by revoke of fence registers
(git-fixes).
- drm/panel: simple: Add missing display timing flags for KOE
TX26D202VM0BWA (git-fixes).
- net: usb: ax88179_178a: improve link status logs (git-fixes).
- net: phy: micrel: add Microchip KSZ 9477 to the device table
(git-fixes).
- batman-adv: Don't accept TT entries for out-of-spec VIDs
(git-fixes).
- net: can: j1939: recover socket queue on CAN bus error during
BAM transmission (git-fixes).
- net: can: j1939: Initialize unused data in j1939_send_one()
(git-fixes).
- net: can: j1939: enhanced error handling for tightly received
RTS messages in xtp_rx_rts_session_new (git-fixes).
- ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes).
- ASoC: amd: acp: remove i2s configuration check in
acp_i2s_probe() (git-fixes).
- ASoC: amd: acp: add a null check for chip_pdev structure
(git-fixes).
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
- ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM
(git-fixes).
- ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option
(git-fixes).
- ALSA: hda/realtek: Remove Framework Laptop 16 from quirks
(git-fixes).
- ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook
445/465 G11 (stable-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
- drm/lima: mask irqs in timeout path before hard reset
(stable-fixes).
- drm/lima: add mask irq callback to gp and pp (stable-fixes).
- drm/amd/display: revert Exit idle optimizations before HDCP
execution (stable-fixes).
- drm/amd/display: Exit idle optimizations before HDCP execution
(stable-fixes).
- commit 8b51ea0
- kfence: fix memory leak when cat kfence objects (bsc#1220958,
CVE-2021-47089).
- commit 10017b7
- nilfs2: fix potential kernel bug due to lack of writeback flag
waiting (bsc#1227066 CVE-2024-37078).
- commit f38d6d3
- nilfs2: fix nilfs_empty_dir() misjudgment and long loop on
I/O errors (bsc#1226992 CVE-2024-39469).
- commit 6b2d7ad
- kABI workaround for FPGA changes (CVE-2024-35247 bsc#1226948
CVE-2024-36479 bsc#1226949 CVE-2024-37021 bsc#1226950).
- commit 34bcd8e
- fpga: region: add owner module and take its refcount
(CVE-2024-35247 bsc#1226948).
- Refresh patches.suse/fpga-add-kABI-padding.patch.
- commit 2206f02
- fpga: manager: add owner module and take its refcount
(CVE-2024-37021 bsc#1226950).
- Refresh patches.suse/fpga-add-kABI-padding.patch.
- commit 9371d28
- fpga: bridge: add owner module and take its refcount
(CVE-2024-36479 bsc#1226949).
- commit 8710b3c
- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
CVE-2024-38560).
- scsi: bnx2fc: Remove spin_lock_bh while releasing resources
after upload (bsc#1224767 CVE-2024-36919).
- commit 0e530b8
- kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
- commit bacb90a
- Update
patches.suse/smb-client-guarantee-refcounted-children-from-parent-session.patch
(bsc#1224679 CVE-2024-35869).
- commit ed4e9d0
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
BPF_LINK_CREATE (bsc#1226789 CVE-2024-38564).
- bpf: Add attach_type checks under
bpf_prog_attach_check_attach_type (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Add sockopt case to verify prog_type (bsc#1226789
CVE-2024-38564).
- selftests/bpf: Extend sockopt tests to use BPF_LINK_CREATE
(bsc#1226789 CVE-2024-38564).
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
BPF_LINK_CREATE (bsc#1226789 CVE-2024-38564).
- bpf: Add attach_type checks under
bpf_prog_attach_check_attach_type (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Check whether to run selftest (bsc#1226789
CVE-2024-38564).
- bpf: Force kprobe multi expected_attach_type for kprobe_multi
link (bsc#1226789 CVE-2024-38564).
- selftests/bpf: Convert sockopt test to ASSERT_* macros
(bsc#1226789 CVE-2024-38564).
- commit fec2539
- s390/ap: Fix crash in AP internal function modify_bitmap()
(CVE-2024-38661 bsc#1226996 git-fixes).
- commit bd5322c
- null_blk: Fix return value of nullb_device_power_store()
(bsc#1226841 CVE-2024-36478).
- commit c3dfa05
- null_blk: fix null-ptr-dereference while configuring 'power'
and 'submit_queues' (bsc#1226841 CVE-2024-36478).
- commit 0589f0b
- block: fix overflow in blk_ioctl_discard() (bsc#1225770
CVE-2024-36917).
- commit 8cdaac1
- epoll: be better about file lifetimes (bsc#1226610
CVE-2024-38580).
- commit e0be089
- Kabi fix for ipv6: fix memory leak in fib6_rule_suppress
(CVE-2021-47546 bsc#1225504).
- ipv6: fix memory leak in fib6_rule_suppress (CVE-2021-47546
bsc#1225504).
- commit 589556f
- cifs: fix hang in wait_for_response() (bsc#1220812,
bsc#1220368).
- commit b9be417
- scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758
CVE-2024-38559).
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
CVE-2024-38560).
- commit 45c369f
- Update
patches.suse/io_uring-fix-race-between-timeout-flush-and-removal.patch
(bsc#1205205 CVE-2022-29582).
I accidentally dropped the CVE reference when updating this backport.
Re-add it.
- commit f2446ba
- mptcp: clear 'kern' flag from fallback sockets
(CVE-2021-47593 bsc#1226551).
- commit 2659f40
- net: sched: sch_multiq: fix possible OOB write in multiq_tune()
(CVE-2024-36978 bsc#1226514).
- commit bc93665
- net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
(CVE-2024-36974 bsc#1226519).
- commit 433e33d
- xhci: Simplify event ring dequeue pointer update for port
change events (git-fixes).
- commit 3185bc8
- PCI/ASPM: Update save_state when configuration changes (bsc#1226915)
- commit b938861
- mm: Avoid overflows in dirty throttling logic (bsc#1222364
CVE-2024-26720).
- commit 6a8050a
- net/mlx5: Discard command completions in internal error
(CVE-2024-38555 bsc#1226607).
- enic: Validate length of nl attributes in enic_set_vf_port
(CVE-2024-38659 bsc#1226883).
- net: fec: remove .ndo_poll_controller to avoid deadlocks
(CVE-2024-38553 bsc#1226744).
- net/mlx5: Discard command completions in internal error
(CVE-2024-38555 bsc#1226607).
- net/mlx5: Add a timeout to acquire the command queue semaphore
(CVE-2024-38556 bsc#1226774).
- net/mlx5: Reload only IB representors upon lag disable/enable
(CVE-2024-38557 bsc#1226781).
- net/mlx5e: Fix netif state handling (CVE-2024-38608
bsc#1226746).
- eth: sungem: remove .ndo_poll_controller to avoid deadlocks
(CVE-2024-38597 bsc#1226749).
- net: stmmac: move the EST lock to struct stmmac_priv
(CVE-2024-38594 bsc#1226734).
- net/mlx5e: Add wrapping for auxiliary_driver ops and remove
unused args (CVE-2024-38608 bsc#1226746).
- net/mlx5e: Fix a race in command alloc flow (git-fixes).
- commit 2ae4454
- usb: xhci: address off-by-one in xhci_num_trbs_free()
(git-fixes).
- commit 841d39b
- usb: xhci: improve debug message in xhci_ring_expansion_needed()
(git-fixes).
- commit d2b5f1e
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- commit 1a2e96b
- xhci: fix matching completion events with TDs (git-fixes).
- commit aca914a
- xhci: update event ring dequeue pointer position to controller
correctly (git-fixes).
- commit 93be17d
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
(CVE-2024-38780 bsc#1226886).
- commit 43f7b44
- nvmet-passthru: propagate status from id override functions
(git-fixes).
- nvme: find numa distance only if controller has valid numa id
(git-fixes).
- commit cdc1f02
- PCI: Clear Secondary Status errors after enumeration (bsc#1226928)
- commit 5d3e24c
- stm class: Fix a double free in stm_register_device()
(CVE-2024-38627 bsc#1226857).
- commit 050e247
- Input: ili210x - fix ili251x_read_touch_data() return value
(git-fixes).
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
(git-fixes).
- pinctrl: rockchip: use dedicated pinctrl type for RK3328
(git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
(git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
(git-fixes).
- pinctrl: fix deadlock in create_pinctrl() when handling
- EPROBE_DEFER (git-fixes).
- pinctrl: qcom: spmi-gpio: drop broken pm8008 support
(git-fixes).
- commit 6e807ea
- drivers/perf: hisi: hns3: Actually use
devm_add_action_or_reset() (CVE-2024-38603 bsc#1226842).
- commit 1bb22d3
- usb: xhci: Implement xhci_handshake_check_state() helper
(git-fixes).
- commit cb838be
- ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634, CVE-2024-38578).
- commit 7445d84
- NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- commit 63fa513
- xhci: Fix failure to detect ring expansion need (git-fixes).
- commit 113690d
- usb: typec: ucsi: Never send a lone connector change ack
(git-fixes).
- commit 7ee9645
- xhci: restre deleted trb fields for tracing (git-fixes).
- commit 93cf02b
- xhci: Stop unnecessary tracking of free trbs in a ring
(git-fixes).
- commit a2d1e46
- xhci: Fix transfer ring expansion size calculation (git-fixes).
- commit 896ce4e
- xhci: remove unused stream_id parameter from
xhci_handle_halted_endpoint() (git-fixes).
- commit 98ef3b9
- xhci: simplify event ring dequeue tracking for transfer events
(git-fixes).
- commit 53c9c00
- usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
- commit 212d0e7
- usb: typec: ucsi: Ack also failed Get Error commands
(git-fixes).
- commit 39df22a
- net: usb: ax88179_178a: improve reset check (git-fixes).
- commit a9cd82a
- net: usb: rtl8150 fix unintiatilzed variables in
rtl8150_get_link_ksettings (git-fixes).
- commit 331f817
- i2c: ocores: set IACK bit after core is enabled (git-fixes).
- commit 208be97
- RDMA/hns: Fix UAF for cq async event (bsc#1226595 CVE-2024-38545)
- commit 98b2f74
- regulator: bd71815: fix ramp values (git-fixes).
- regulator: core: Fix modpost error "regulator_get_regmap"
undefined (git-fixes).
- commit 67d8d3b
- RDMA/mlx5: Add check for srq max_sge attribute (git-fixes)
- commit d13a032
- drm/i915/mso: using joiner is not possible with eDP MSO
(git-fixes).
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your
kernel is fine." (git-fixes).
- dmaengine: ioatdma: Fix missing kmem_cache_destroy()
(git-fixes).
- dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (git-fixes).
- drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
- drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
- drm/i915/gt: Disarm breadcrumbs if engines are already idle
(git-fixes).
- drm/amd/display: drop unnecessary NULL checks in debugfs
(stable-fixes).
- commit 2ec7855
- ASoC: codecs: wcd938x: fix incorrect used of portid
(CVE-2022-48716 bsc#1226678).
- Refresh
patches.suse/ASoC-codecs-wcd938x-fix-return-value-of-mixer-put-fu.patch.
- commit 72e80ef
- drivers/perf: hisi: hns3: Fix out-of-bound access when valid
event group (CVE-2024-38568 bsc#1226771).
- commit 8713f77
- sched/core: Fix incorrect initialization of the 'burst'
parameter in cpu_max_write() (bsc#1226791).
- commit b41cbc1
- bsc#1225894: Fix patch references
- commit eaa0db4
- net/mlx5: Properly link new fs rules into the tree (bsc#1224588
CVE-2024-35960).
- commit e25590c
- net/mlx5e: fix a potential double-free in fs_any_create_groups
(bsc#1224603 CVE-2023-52667).
- commit df4661c
- net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605
CVE-2024-35835).
- commit 60e8562
- Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
- Update config files.
- supported.conf:
- commit 875ffbb
- of: module: prevent NULL pointer dereference in vsnprintf() (bsc#1226587 CVE-2024-38541)
- commit 0394d90
- of: module: add buffer overflow check in of_modalias() (bsc#1226587 CVE-2024-38541)
- commit e54e996
- net: ena: Fix incorrect descriptor free behavior (bsc#1224677
CVE-2024-35958).
- commit 5e978bb
- net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716
CVE-2024-27432).
- commit d64a6b1
- Revert "net/mlx5: Block entering switchdev mode with ns
inconsistency" (bsc#1224719 CVE-2023-52658).
- commit a900e45
- bonding: stop the device in bond_setup_by_slave() (bsc#1224946
CVE-2023-52784).
- commit e6d4b4f
- cachefiles: remove requests from xarray during flushing requests
(bsc#1226588).
- commit 3613d54
- blacklist.conf: add ppdev cleanup
- commit efdca47
- net/smc: fix neighbour and rtable leak in smc_ib_find_route()
(git-fixes bsc#1225823 CVE-2024-36945 bsc#1226548).
- commit 1725fed
- net: preserve kabi for struct dst_ops (CVE-2024-36971
bsc#1226145).
- commit 74d650a
- net: fix __dst_negative_advice() race (CVE-2024-36971
bsc#1226145).
- commit 6d5c393
- RDMA/hns: Fix incorrect sge nums calculation (git-fixes)
- commit 11a4ad4
- RDMA/irdma: Drop unused kernel push code (git-fixes)
- commit 4f86e97
- amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872 CVE-2024-36949)
- commit 0c17d54
- drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
- commit a9a84c1
- nfsd: optimise recalculate_deny_mode() for a common case
(bsc#1217912).
- commit 49675fb
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633
bsc#1226226).
- commit 8203342
- Revert "Add remote for nfs maintainer"
This reverts commit 9de16b6543dde7651ef5da514ebf6f29e7eac94b.
This came in through the wrong tree - sorry.
- commit 3905117
- Rename to
patches.suse/fs-9p-only-translate-RWX-permissions-for-plain-9P200.patch.
by scripts/renamepatches
- commit 0b4b132
- x86/mce: Dynamically size space for machine check records
(bsc#1222241).
- commit 96985c9
- seg6: fix the iif in the IPv6 socket control block
(CVE-2021-47515 bsc#1225426).
- commit 07e18ce
- net: nexthop: fix null pointer dereference when IPv6 is not enabled
(CVE-2021-47572 bsc#1225389).
- commit 87d2dc4
- netfilter: nf_tables: reject new basechain after table flag update
(CVE-2024-35900 bsc#1224497).
- commit e2ad7db
- ipv6: Fix infinite recursion in fib6_dump_done() (CVE-2024-35886
bsc#1224670).
- commit 8bfad13
- Update references
- commit b8183f9
- xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
- commit 0b50d79
- net: usb: smsc95xx: fix changing LED_SEL bit value updated
from EEPROM (git-fixes).
- commit a3c495c
- RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized
address translation (bsc#1225300).
- RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300).
- commit 4a3a73c
- i2c: designware: Fix the functionality flags of the slave-only
interface (git-fixes).
- i2c: at91: Fix the functionality flags of the slave-only
interface (git-fixes).
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log
messages (git-fixes).
- xhci: Handle TD clearing for multiple streams case (git-fixes).
- usb-storage: alauda: Check whether the media is initialized
(git-fixes).
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state
(git-fixes).
- usb: typec: tcpm: fix use-after-free case in
tcpm_register_source_caps (git-fixes).
- USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected
(git-fixes).
- drivers: core: synchronize really_probe() and dev_uevent()
(git-fixes).
- iio: imu: inv_icm42600: delete unneeded update watermark call
(git-fixes).
- iio: dac: ad5592r: fix temperature channel scaling value
(git-fixes).
- iio: adc: ad9467: fix scan type sign (git-fixes).
- mei: me: release irq in mei_me_pci_resume error path
(git-fixes).
- hwmon: (shtc1) Fix property misspelling (git-fixes).
- spi: stm32: Don't warn about spurious interrupts (git-fixes).
- net: usb: smsc95xx: fix changing LED_SEL bit value updated
from EEPROM (git-fixes).
- nilfs2: fix potential hang in nilfs_detach_log_writer()
(stable-fixes).
- drm/amdgpu/atomfirmware: add intergrated info v2.3 table
(stable-fixes).
- ALSA: timer: Set lower bound of start tick time (stable-fixes).
- intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
- soundwire: cadence: fix invalid PDI offset (stable-fixes).
- watchdog: bd9576: Drop "always-running" property (git-fixes).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba
WT10-A (stable-fixes).
- mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot
not working (stable-fixes).
- mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
- mmc: core: Add mmc_gpiod_set_cd_config() function
(stable-fixes).
- mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
- mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
(git-fixes).
- mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
- media: mxl5xx: Move xpt structures off stack (stable-fixes).
- media: flexcop-usb: fix sanity check of bNumEndpoints
(git-fixes).
- media: lgdt3306a: Add a check against null-pointer-def
(stable-fixes).
- media: v4l2-core: hold videodev_lock until dev reg, finishes
(stable-fixes).
- media: radio-shark2: Avoid led_names truncations (git-fixes).
- ALSA: Fix deadlocks with kctl removals at disconnection
(stable-fixes).
- drm/amdgpu: add error handle to avoid out-of-bounds
(stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
(stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
(stable-fixes).
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
(stable-fixes).
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
(stable-fixes).
- crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
- ASoC: da7219-aad: fix usage of device_get_named_child_node()
(stable-fixes).
- ASoC: rt715-sdca: volume step modification (stable-fixes).
- ASoC: rt715: add vendor clear control register (stable-fixes).
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts
floating (stable-fixes).
- regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
- regulator: irq_helpers: duplicate IRQ name (stable-fixes).
- wifi: cfg80211: fix the order of arguments for trace events
of the tx_rx_evt class (stable-fixes).
- net: usb: qmi_wwan: add Telit FN920C04 compositions
(stable-fixes).
- mmc: core: Do not force a retune before RPMB switch
(stable-fixes).
- mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
(stable-fixes).
- watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get()
(stable-fixes).
- media: flexcop-usb: clean up endpoint sanity checks
(stable-fixes).
- media: ipu3-cio2: Use temporary storage for struct device
pointer (stable-fixes).
- commit aace7d0
- netfilter: complete validation of user input
(CVE-2024-35896 bsc#1224662 git-fixes).
- commit 58a4873
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high
(bsc#1219224).
- commit f18a759
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when
no EDID found (git-fixes).
- drm/bridge/panel: Fix runtime warning on panel bridge release
(git-fixes).
- drm/komeda: check for error-valued pointer (git-fixes).
- commit e843af8
- smb: client: guarantee refcounted children from parent session
(bsc#1224679, CVE-35869).
- commit b0f469c
- smb: client: ensure to try all targets when finding nested links
(bsc#1224020).
- commit df159e7
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
(bsc#1224765, CVE-2024-35864).
- commit c296805
- smb: client: fix potential UAF in smb2_is_network_name_deleted()
(bsc#1224764, CVE-2024-35862).
- commit aa75c00
- smb: client: fix potential UAF in
cifs_signal_cifsd_for_reconnect() (bsc#1224766, CVE-2024-35861).
- commit f77cc8d
- smb: client: fix use-after-free bug in
cifs_debug_data_proc_show() (bsc#1225487, CVE-2023-52752).
- commit 39fb8f3
- drm/amd/display: Skip on writeback when it's not applicable (CVE-2024-36914 bsc#1225757).
- commit 9393875
- blacklist.conf: Add a7fb0423c201 cgroup: Move rcu_head up near the top of cgroup_root
- commit 221e9a0
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
(git-fixes).
- HID: logitech-dj: Fix memory leak in
logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: core: remove unnecessary WARN_ON() in implement()
(git-fixes).
- kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
- gpio: tqmx86: introduce shadow register for GPIO output value
(git-fixes).
- gpio: tqmx86: fix typo in Kconfig label (git-fixes).
- drm/vmwgfx: 3D disabled should not effect STDU memory limits
(git-fixes).
- drm/vmwgfx: Filter modes which exceed graphics memory
(git-fixes).
- drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms
(git-fixes).
- net: phy: Micrel KSZ8061: fix errata solution not taking effect
problem (git-fixes).
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set
element (git-fixes).
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation
(git-fixes).
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
(git-fixes).
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of
debugfs ifdef (git-fixes).
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
(git-fixes).
- wifi: cfg80211: pmsr: use correct nla_get_uX functions
(git-fixes).
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
- wifi: mac80211: Fix deadlock in
ieee80211_sta_ps_deliver_wakeup() (git-fixes).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
(git-fixes).
- cpufreq: amd-pstate: Fix the inconsistency in max frequency
units (git-fixes).
- kconfig: fix comparison to constant symbols, 'm', 'n'
(git-fixes).
- drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
- ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
(git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook
440/460 G11 (stable-fixes).
- drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting
fails (git-fixes).
- drm/msm/dp: Avoid a long timeout for AUX transfer if nothing
connected (git-fixes).
- ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
(stable-fixes).
- drm/amdkfd: Flush the process wq before creating a kfd_process
(stable-fixes).
- drm/amd/display: Add VCO speed parameter for DCN31 FPU
(stable-fixes).
- drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
- drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
- drm/amdgpu: Fix the ring buffer size for queue VM flush
(stable-fixes).
- drm/amdgpu: Update BO eviction priorities (stable-fixes).
- drm/amd/display: Set color_mgmt_changed to true on unsuspend
(stable-fixes).
- drm/msm/dp: Return IRQ_NONE for unhandled interrupts
(stable-fixes).
- drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays
(stable-fixes).
- drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
- commit 8f779cb
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
(bsc#1225737 CVE-2024-36899).
- commit 9b295f5
- drm/mediatek: Fix coverity issue with unintentional integer overflow (CVE-2023-52857 bsc#1225581).
- commit 3f9829b
- drm/amd: check num of link levels when update pcie param (CVE-2023-52812 bsc#1225564).
- commit 86f2ac6
- rpmsg: virtio: Free driver_override when rpmsg_remove()
(bsc#1224696 CVE-2023-52670).
- commit beb5bc4
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- commit 212272f
- ext4: correct offset of gdb backup in non meta_bg group to
update_backups (bsc#1224735 CVE-2024-35807).
- commit bec0d72
- cgroup: Add annotation for holding namespace_sem in
current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in
proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe
(bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- commit b08e6de
- ext4: remove unnecessary check from alloc_flex_gd() (bsc#1222080
CVE-2023-52622).
- commit f15da02
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
changes (CVE-2024-35789 bsc#1224749).
- commit 2b6904d
- btrfs: lock the inode in shared mode before starting fiemap
(bsc#1225484 CVE-2023-52737).
- commit 613e476
- nbd: fix uaf in nbd_open (bsc#1224935 CVE-2023-52837).
- commit ade8b65
- blk-iocost: avoid out of bounds shift (bsc#1225759
CVE-2024-36916).
- commit bc772e8
- lib/generic-radix-tree.c: Don't overflow in peek() (bsc#1225391 CVE-2021-47432).
- commit 3dddaec
- blk-mq: make sure active queue usage is held for
bio_integrity_prep() (bsc#1225105 CVE-2023-52787).
- commit a4bdd9d
- block: prevent division by zero in blk_rq_stat_sum()
(bsc#1224661 CVE-2024-35925).
- commit 8cd7179
- ext4: fix corruption during on-line resize (bsc#1224735
CVE-2024-35807).
- commit d596ce4
- fat: fix uninitialized field in nostale filehandles (git-fixes
CVE-2024-26973 bsc#1223641).
- commit 91c4b39
- ext4: avoid online resizing failures due to oversized flex bg
(bsc#1222080 CVE-2023-52622).
- commit e47e37e
- fs/9p: only translate RWX permissions for plain 9P2000
(bsc#1225866 CVE-2024-36964).
- commit b5d7488
- pinctrl: core: delete incorrect free in pinctrl_enable()
(CVE-2024-36940 bsc#1225840).
- commit 9b799cc
- clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
(CVE-2023-52882 bsc#1225692).
- commit fe79065
- staging: rtl8192e: Fix use after free in
_rtl92e_pci_disconnect() (CVE-2021-47571 bsc#1225518).
- commit 9461ee5
- supported.conf: mark ufs as unsupported
UFS is an unsupported filesystem, mark it as such. We still keep it
around (not marking as optional), to accommodate any potential
migrations from BSD systems.
- commit 0fea8fe
- supported.conf: mark orangefs as optional
We don't support orangefs at all (and it is already marked as such), but
since there are no SLE consumers of it, mark it as optional.
- commit fa81a2f
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212)
Some builds don't just create an iso9660 image, but also mount it during
build.
- commit aaee141
- llc: verify mac len before reading mac header
(CVE-2023-52843 bsc#1224951).
- commit ad237fd
- netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
(CVE-2024-35898 bsc#1224498).
- commit c5fbeed
- nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
(CVE-2024-36915 bsc#1225758).
- commit 5137f7b
- net: add copy_safe_from_sockptr() helper
(git-fixes prerequisite CVE-2024-36915 bsc#1225758).
- commit 7b13e3e
- rpm/kernel-obs-build.spec.in: Add networking modules for docker
(bsc#1226211)
docker needs more networking modules, even legacy iptable_nat and _filter.
- commit 415e132
- Kabi workaround for icmp: prevent possible NULL dereferences from
icmp_build_probe()
(CVE-2024-35857 bsc#1224619)
- commit d5d7caf
- rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()
(CVE-2021-47539 bsc#1225452).
- Refresh
patches.suse/rxrpc-Fix-race-between-conn-bundle-lookup-and-bundle.patch.
- commit 0d78641
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
(CVE-2021-47538 bsc#1225448).
- commit 6348fbd
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
(CVE-2024-36017 bsc#1225681).
- commit 829fd05
- net: vlan: fix underflow for the real_dev refcnt
(CVE-2021-47555 bsc#1225467).
- commit 345ef84
- net: hns3: fix kernel crash when devlink reload during
initialization (CVE-2024-36900 bsc#1225726).
- net: hns3: release PTP resources if pf initialization failed
(CVE-2024-36900 bsc#1225726).
- commit 59940cd
- netfilter: validate user input for expected length
(CVE-2024-35896 bsc#1224662).
- commit 4582da9
- scsi: sd: Update DIX config every time sd_revalidate_disk()
is called (bsc#1218570).
- commit d99bf25
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
(git-fixes).
- commit a35fad9
- net: mana: Enable MANA driver on ARM64 with 4K page size
(jsc#PED-8491).
- Update config files.
- commit b5a81c3
- bna: ensure the copied buf is NUL terminated (CVE-2024-36934
bsc#1225760).
- i40e: fix vf may be used uninitialized in this function warning
(CVE-2024-36020 bsc#1225698).
- net: hns3: fix kernel crash when devlink reload during pf
initialization (CVE-2024-36021 bsc#1225699).
- commit f146593
- Bluetooth: Add more enc key size check (bsc#1218148
CVE-2023-24023).
- commit 38891ed
- Bluetooth: Normalize HCI_OP_READ_ENC_KEY_SIZE cmdcmplt
(bsc#1218148 CVE-2023-24023).
- commit b7a79da
- xdp: use flags field to disambiguate broadcast redirect
(bsc#1225834 CVE-2024-36937).
- commit 7bc6ec5
- NFS: abort nfs_atomic_open_v23 if name is too long
(bsc#1219847).
- NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly
(bsc#1219847).
- commit c7a4ea9
- Add remote for nfs maintainer
- commit 9de16b6
- tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
(CVE-2023-52845 bsc#1225585).
- commit e952257
- fs/pipe: move check to pipe_has_watch_queue() (bsc#1224614
CVE-2023-52672).
- commit 3827adf
- pstore/platform: Add check for kstrdup (bsc#1225050
CVE-2023-52869).
- Refresh
patches.suse/pstore_disable_efi_backend_by_default.patch.
While refreshing of pstore_disable_efi_backend_by_default.patch, also
fix the non-conformant Patch-mainline tag.
- commit 6db9ce6
- pipe: wakeup wr_wait after setting max_usage (bsc#1224614
CVE-2023-52672).
- commit 2e5e06b
- blacklist.conf: Add 1971d13ffa84a "af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc()."
- commit afe27ac
- nvme: use ctrl state accessor (bsc#1215492).
- nvme: ensure reset state check ordering (bsc#1215492).
Refresh:
- patches.suse/nvme-tcp-do-not-terminate-commands-when-in-resetting.patch
- patches.suse/nvme-tcp-make-err_work-a-delayed-work.patch
- commit cad3abd
- netfilter: nf_tables: honor table dormant flag from netdev release event path
(CVE-2024-36005 bsc#1224539).
- commit a6152f6
- blacklist.conf: kABI
- commit 3718c69
- HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent
lock-up (bsc#1224552 CVE-2024-35997).
- commit bce3fab
- eeprom: at24: fix memory corruption race condition (bsc#1224612
CVE-2024-35848).
- commit 3fcf5a7
- udp: do not accept non-tunnel GSO skbs landing in a tunnel
(CVE-2024-35884 bsc#1224520).
- commit 62c6d61
- mm/slab: make __free(kfree) accept error pointers
(CVE-2024-36890 bsc#1225714).
- commit d6b7c8a
- perf/core: Bail out early if the request AUX area is out of
bound (bsc#1225602 CVE-2023-52835).
- commit cf52881
- Update
patches.suse/scsi-target-core-Add-TMF-to-tmr_list-handling.patch
(bsc#1223018 CVE-2024-26845).
Update references to correct bug number and CVE number.
- commit 0b7584b
- blacklist.conf: add CVE-2024-26842 bsc#1223013
- commit 654e9e2
- scsi: target: core: Add TMF to tmr_list handling (bsc#1223013
CVE-2024-26842).
- commit b16632b
- blacklist.conf: CVE-2024-35956 bsc#1224674: not applicable bsc#1225945
- commit ae7238f
- powerpc/imc-pmu: Add a null pointer check in
update_events_in_group() (bsc#1224504 CVE-2023-52675).
- commit 9619143
- icmp: prevent possible NULL dereferences from icmp_build_probe()
(CVE-2024-35857 bsc#1224619)
- commit d66584e
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
request complete (CVE-2024-36894 bsc#1225749).
- commit c99f07a
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO
request complete (CVE-2024-36894 bsc#1225749).
- commit 5501fb7
- sock_map: avoid race between sock_map_close and sk_psock_put
(bsc#1225475 CVE-2023-52735).
- Refresh patches.kabi/bpf-sockmap-struct-psock-kABI-workaround.patch
- commit 4b60451
- proc/vmcore: fix clearing user buffer by properly using
clear_user() (CVE-2021-47566 bsc#1225514).
- commit 26144da
- ceph: switch to use cap_delay_lock for the unlink delay list
(bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately
(bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps
(bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- commit de9fe57
- usb: typec: altmodes/displayport: create sysfs nodes as driver's
default device attribute group (CVE-2024-35790 bsc#1224712).
Altered because we do not have 001b0c780eac328bc48b70b8437f202a4ed785e4
Needs to be redone if DRM requires that
- blacklist.conf: Incompatible with adjusted version
- commit a52e669
- util-linux
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Document unexpected side effects of lazy destruction
(bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
util-linux-umount-losetup-lazy-destruction-generated.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- openssl-1_1
-
- Build with no-afalgeng [bsc#1226463]
- Security fix: [bsc#1227138, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- pam
-
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
- python-PyYAML
-
- reenable the cython yaml loader (bsc#1225641)
- zypp-plugin
-
- Fix stomp header regex to include '-' (bsc#1227793)
- version 0.6.4
- singlespec in Tumbleweed must support multiple python3 flavors
in the future gh#openSUSE/python-rpm-macros#66
- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)
- Provide python3-zypp-plugin in SLE12-SP3 (bsc#1081596)
- regionServiceClientConfigEC2
-
- Update to version 4.3.0 (bsc#1228363)
+ The IPv6 cert was switched up for the region server running in us-west-2
and as such the SSL handshake was failing. Drop the incorrect cert
and add the correct cert.
- Switch the patch syntax away form the deprecated shorthand macro
- Version 4.2.0
Replace certs (length 4096):
rgnsrv-ec2-cn-north1 -> 54.223.148.145 expires in 8 years
rgnsrv-ec2-us-west2-2 -> 54.245.101.47 expires in 9 years
Sidenote: We have one server with a short cert (2048) left;
34.197.223.242 expires in 2027
- Version 4.1.1
Add patch no-ipv6.patch to not serve IPv6 addresses on SLES12
Related to bsc#1218656
- util-linux-systemd
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Document unexpected side effects of lazy destruction
(bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
util-linux-umount-losetup-lazy-destruction-generated.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)