000release-packages:SLE_HPC-release
n/a
ca-certificates-mozilla
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
  - Added: FIRMAPROFESIONAL CA ROOT-A WEB
  - Distrust: GLOBALTRUST 2020

- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
  Added:
  - CommScope Public Trust ECC Root-01
  - CommScope Public Trust ECC Root-02
  - CommScope Public Trust RSA Root-01
  - CommScope Public Trust RSA Root-02
  - D-Trust SBR Root CA 1 2022
  - D-Trust SBR Root CA 2 2022
  - Telekom Security SMIME ECC Root 2021
  - Telekom Security SMIME RSA Root 2023
  - Telekom Security TLS ECC Root 2020
  - Telekom Security TLS RSA Root 2023
  - TrustAsia Global Root CA G3
  - TrustAsia Global Root CA G4
  Removed:
  - Autoridad de Certificacion Firmaprofesional CIF A62634068
  - Chambers of Commerce Root - 2008
  - Global Chambersign Root - 2008
  - Security Communication Root CA
  - Symantec Class 1 Public Primary Certification Authority - G6
  - Symantec Class 2 Public Primary Certification Authority - G6
  - TrustCor ECA-1
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - VeriSign Class 1 Public Primary Certification Authority - G3
  - VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
cloud-regionsrv-client
- Add rgnsrv-clnt-fix-docker-setup.patch (bsc#1229137)
  + The entry for the update infrastructure registry mirror was written
    incorrectly causing docker daemon startup to fail.
dmidecode
- Update to upstream version 3.6 (jsc#PED-8574):
  * Support for SMBIOS 3.6.0. This includes new memory device types, new
    processor upgrades, and Loongarch support.
  * Support for SMBIOS 3.7.0. This includes new port types, new processor
    upgrades, new slot characteristics and new fields for memory modules.
  * Add bash completion.
  * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245.
  * Implement options --list-strings and --list-types.
  * Update HPE OEM records 203, 212, 216, 221, 233 and 236.
  * Update Redfish support.
  * Bug fixes:
    Fix enabled slot characteristics not being printed
  * Minor improvements:
    Print slot width on its own line
    Use standard strings for slot width
  * Add a --no-quirks option.
  * Drop the CPUID exception list.
  * Obsoletes dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch,
    dmidecode-fortify-entry-point-length-checks.patch,
    dmidecode-split-table-fetching-from-decoding.patch,
    dmidecode-write-the-whole-dump-file-at-once.patch,
    dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch,
    dmioem-hpe-oem-record-237-firmware-change.patch,
    dmioem-typo-fix-virutal-virtual.patch,
    ensure-dev-mem-is-a-character-device-file.patch,
    news-fix-typo.patch and
    use-read_file-to-read-from-dump.patch.
  Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238.patch: Decode PCI bus segment in
  HPE type 238 records.
grub2
- Fix btrfs subvolume for platform modules not mounting at runtime when the
  default subvolume is the topmost root tree (bsc#1228124)
  * grub2-btrfs-06-subvol-mount.patch
- Rediff
  * 0001-Unify-the-check-to-enable-btrfs-relative-path.patch

- Fix error in grub-install when root is on tmpfs (bsc#1226100)
  * 0001-grub-install-bailout-root-device-probing.patch

- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
  * 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch

- Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to
  file_is_not_xen_garbage (bsc#1224226)
  * grub2-fix-menu-in-xen-host-server.patch
kernel-azure
- Refresh
  patches.kabi/xhci-restre-deleted-trb-fields-for-tracing.patch.
  Fix KABI restoration also in tracing event message format.
- commit 3bd4a56

- PCI: hv: Return zero, not garbage, when reading
  PCI_INTERRUPT_PIN (git-fixes).
- commit df5839d

- Drop doubly defined References in sound patches
- commit 46ad1df

- ALSA: usb-audio: Correct surround channels in UAC1 channel map
  (git-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the
  polling mode (git-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
  (stable-fixes).
- ALSA: usb-audio: Move HD Webcam quirk to the right place
  (git-fixes).
- ALSA: usb-audio: Fix microphone sound on HD webcam
  (stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
  (stable-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue
  for gen8 (git-fixes).
- drm/etnaviv: don't block scheduler when GPU is still active
  (stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in
  mipi_dsi_dcs_write_seq() (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition
  format (stable-fixes).
- commit b91fd99

- ima: Fix use-after-free on a dentry's dname.name (bsc#1227716
  CVE-2024-39494).
- commit 81484ec

- bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
  (bsc#1228756 CVE-2024-42161).
- commit 8359d86

- ASoC: topology: Fix route memory corruption (CVE-2024-41069
  bsc#1228644).
- commit 586db1a

- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
  (bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3
  (bsc#1194869).
- KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings
  (bsc#1194869).
- KVM: PPC: Book3S HV: remove extraneous asterisk from
  rm_host_ipi_action() comment (bsc#1194869).
- KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES
  setting (bsc#1194869).
- KVM: PPC: Book3S: Suppress failed alloc warning in
  H_COPY_TOFROM_GUEST (bsc#1194869).
- KVM: PPC: Book3S: Suppress warnings when allocating too big
  memory slots (bsc#1194869).
- commit cc22863

- liquidio: Adjust a NULL pointer handling path in
  lio_vf_rep_copy_packet (CVE-2024-39506 bsc#1227729).
- commit 02e87a9

- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit 8f44f81

- kabi/severity: add nvme common code
  The nvme common code is also allowed to change the data structures, there
  are only internal users.
- commit b8cf562

- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI
  (bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly
  (bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for
  ELS cmds (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online
  (bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple'
  (bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count
  (bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: Avoid possible run-time warning with long
  model_num (bsc#1228850).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- commit ce7acc0

- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper
  endian macro usages (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting
  trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
  (bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in
  dev_loss callbk (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response
  (bsc#1228857).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if
  in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI
  port is inactive (bsc#1228857).
- commit 21ebef1

- nvme-pci: add missing condition check for existence of mapped
  data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management
  (git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp
  establishment (git-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
  (git-fixes).
- nvme-multipath: find NUMA path only for online numa-node
  (git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- commit 3284c90

- hfsplus: fix uninit-value in copy_name (git-fixes).
- commit 383d5d6

- blacklist.conf: blocks list lots of 5.15-stable nfsd fixes.
  In the 5.15 stable series there was a full backport of nfsd.  We don't
  won't all of that.  So blacklist lots of patches that we don't want.
- commit 0cfb63d

- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
  Mainline commit f2f6a8e88717 ("init/Kconfig: remove
  CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
  GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
  when checking config changes.
- commit b60be3e

- bnxt_re: Fix imm_data endianness (git-fixes)
- commit c690ca2

- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- commit 7f0f7e9

- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- commit 8395f97

- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- commit 6650e04

- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- commit 0bbda8c

- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- commit 741b900

- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- commit 19e60a6

- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- commit 1ef6723

- RDMA/hns: Check atomic wr length (git-fixes)
- commit 0fc73fc

- RDMA/device: Return error earlier if port in not valid (git-fixes)
- commit e02b7ee

- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- commit cd31168

- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- commit cf1cb3f

- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- commit a92f3fd

- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- commit 5cdefb2

- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- commit 59890ae

- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- commit 25b62bb

- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 84f3be4

- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- commit 478aa21

- Revert "ALSA: firewire-lib: operate for period elapse event
  in process context" (bsc#1208783).
- Revert "ALSA: firewire-lib: obsolete workqueue for period
  update" (bsc#1208783).
- commit 51e6ff5

- x86: stop playing stack games in profile_pc() (bsc#1228633
  CVE-2024-42096).
- commit f28c110

- ptp: fix integer overflow in max_vclocks_store (bsc#1227829
  CVE-2024-40994).
- commit 205cc4c

- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620
  CVE-2024-39493).
- commit 14b61d5

- filelock: Remove locks reliably when fcntl/close race is
  detected (CVE-2024-41012 bsc#1228247).
- commit e2c5917

- Update
  patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
  (bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
  patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
  (bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
  patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
  (bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
  patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
  (bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- commit 39eeeb9

- Update
  patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
  (git-fixes CVE-2023-52885 bsc#1227750).
- Update
  patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
  (bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
  patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
  (bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit 3784f34

- Update
  patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
  (git-fixes CVE-2022-48866 bsc#1228014).
- Update
  patches.suse/Input-aiptek-properly-check-endpoint-type.patch
  (git-fixes CVE-2022-48836 bsc#1227989).
- Update
  patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
  (git-fixes CVE-2022-48793 bsc#1228019).
- Update
  patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
  (git-fixes CVE-2022-48857 bsc#1228005).
- Update
  patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
  (git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
  CVE-2022-48828 bsc#1228054).
- Update
  patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
  (bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
  patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
  (bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
  patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
  (git-fixes CVE-2022-48830 bsc#1227982).
- Update
  patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
  (git-fixes CVE-2022-48784 bsc#1227938).
- Update
  patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
  (git-fixes CVE-2022-48774 bsc#1227923).
- Update
  patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
  (git-fixes CVE-2022-48849 bsc#1228061).
- Update
  patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
  (git-fixes CVE-2022-48826 bsc#1227975).
- Update
  patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
  (git-fixes CVE-2022-48843 bsc#1228066).
- Update
  patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
  (git-fixes CVE-2022-48806 bsc#1227948).
- Update
  patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
  (git-fixes CVE-2022-48860 bsc#1228008).
- Update
  patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
  (CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
  patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
  (git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
  (jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
  patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
  (bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
  patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
  (git-fixes CVE-2022-48807 bsc#1227970).
- Update
  patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
  (git-fixes CVE-2022-48842 bsc#1228064).
- Update
  patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
  (jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
  patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
  (git-fixes CVE-2022-48801 bsc#1227956).
- Update
  patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
  (git-fixes CVE-2022-48831 bsc#1227986).
- Update
  patches.suse/iommu-Fix-potential-use-after-free-during-probe
  (git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
  (bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
  patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
  (git-fixes CVE-2022-48863 bsc#1228063).
- Update
  patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
  (git-fixes CVE-2022-48821 bsc#1227976).
- Update
  patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
  (git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
  patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
  (bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
  patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
  (git-fixes CVE-2022-48775 bsc#1227924).
- Update
  patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
  (git-fixes CVE-2022-48777 bsc#1227922).
- Update
  patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
  (git-fixes CVE-2022-48776 bsc#1227925).
- Update
  patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
  (git-fixes CVE-2022-48778 bsc#1227935).
- Update
  patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
  (git-fixes CVE-2022-48817 bsc#1227931).
- Update
  patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48815 bsc#1227933).
- Update
  patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48813 bsc#1227963).
- Update
  patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48812 bsc#1227971).
- Update
  patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
  (git-fixes CVE-2022-48783 bsc#1227949).
- Update
  patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48818 bsc#1228039).
- Update
  patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
  (git-fixes CVE-2022-48814 bsc#1227944).
- Update
  patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
  (git-fixes CVE-2022-48794 bsc#1228025).
- Update
  patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
  (git-fixes CVE-2022-48859 bsc#1228007).
- Update
  patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
  (git-fixes CVE-2022-48858 bsc#1228006).
- Update
  patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
  (CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
  patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
  (git-fixes CVE-2022-48780 bsc#1227995).
- Update
  patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
  (bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
  CVE-2022-48805 bsc#1227969).
- Update
  patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
  (bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
  bsc#1227941).
- Update
  patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
  (bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
  bsc#1227952).
- Update
  patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
  (bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
  bsc#1228000).
- Update
  patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
  (git fixes CVE-2022-48799 bsc#1227953).
- Update
  patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
  (git-fixes CVE-2022-48820 bsc#1227972).
- Update
  patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
  (git-fixes CVE-2022-48803 bsc#1227965).
- Update
  patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
  (bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
  patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
  (git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
  (git-fixes CVE-2022-48824 bsc#1227964).
- Update
  patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
  (git-fixes CVE-2022-48792 bsc#1228013).
- Update
  patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
  (git-fixes CVE-2022-48791 bsc#1228002).
- Update
  patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
  (git-fixes CVE-2022-48825 bsc#1228056).
- Update
  patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
  (git-fixes CVE-2022-48823 bsc#1228045).
- Update
  patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
  (git-fixes CVE-2022-48851 bsc#1227997).
- Update
  patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
  (CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
  (git-fixes CVE-2022-48822 bsc#1228040).
- Update
  patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
  (git-fixes CVE-2022-48838 bsc#1227988).
- Update
  patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
  (git-fixes CVE-2022-48837 bsc#1227987).
- Update
  patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
  (git-fixes CVE-2022-48834 bsc#1228062).
- Update
  patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
  (git-fixes CVE-2022-48861 bsc#1228009).
- Update
  patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
  (git-fixes CVE-2022-48862 bsc#1228010).
- Update
  patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
  (git-fixes CVE-2022-48786 bsc#1227996).
- Update
  patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
  (git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
  (CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
  patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
  (git-fixes CVE-2022-48773 bsc#1227921).
- commit e328ee7

- Update
  patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
  (git-fixes CVE-2021-47624 bsc#1227920).
- Update
  patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
  (git-fixes CVE-2021-47622 bsc#1227917).
- commit f2d923e

- Update
  patches.suse/79b5b4b18bc8-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free-.patch
  (CVE-2024-35854 bsc#1224636 CVE-2024-35855 bsc#1224694).
- Update
  patches.suse/ACPICA-Revert-ACPICA-avoid-Info-mapping-multiple-BAR.patch
  (git-fixes CVE-2024-40984 bsc#1227820).
- Update
  patches.suse/Bluetooth-hci_core-Fix-possible-buffer-overflow.patch
  (git-fixes CVE-2024-26889 bsc#1228195).
- Update
  patches.suse/HID-core-remove-unnecessary-WARN_ON-in-implement.patch
  (git-fixes CVE-2024-39509 bsc#1227733).
- Update
  patches.suse/HID-logitech-dj-Fix-memory-leak-in-logi_dj_recv_swit.patch
  (git-fixes CVE-2024-40934 bsc#1227796).
- Update
  patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
  (bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
  patches.suse/RDMA-mlx5-Add-check-for-srq-max_sge-attribute.patch
  (git-fixes CVE-2024-40990 bsc#1227824).
- Update
  patches.suse/SUNRPC-Fix-loop-termination-condition-in-gss_free_in.patch
  (git-fixes CVE-2024-36288 bsc#1226834).
- Update
  patches.suse/USB-class-cdc-wdm-Fix-CPU-lockup-caused-by-excessive.patch
  (git-fixes CVE-2024-40904 bsc#1227772).
- Update
  patches.suse/ata-libata-core-Fix-double-free-on-error.patch
  (git-fixes CVE-2024-41087 bsc#1228740).
- Update
  patches.suse/batman-adv-bypass-empty-buckets-in-batadv_purge_orig.patch
  (stable-fixes CVE-2024-40981 bsc#1227864).
- Update
  patches.suse/cachefiles-remove-requests-from-xarray-during-flushin.patch
  (bsc#1226588 CVE-2024-40900 bsc#1227760).
- Update
  patches.suse/crypto-hisilicon-sec-Fix-memory-leak-for-sec-resourc.patch
  (stable-fixes CVE-2024-41002 bsc#1227870).
- Update
  patches.suse/dmaengine-idxd-Fix-possible-Use-After-Free-in-irq_pr.patch
  (git-fixes CVE-2024-40956 bsc#1227810).
- Update
  patches.suse/drivers-core-synchronize-really_probe-and-dev_uevent.patch
  (git-fixes CVE-2024-39501 bsc#1227754).
- Update
  patches.suse/drm-amdgpu-fix-UBSAN-warning-in-kv_dpm.c.patch
  (stable-fixes CVE-2024-40987 bsc#1228235).
- Update
  patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
  (CVE-2024-41011 bsc#1228115 git-fixes bsc#1228114).
- Update
  patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
  (git-fixes CVE-2024-38548 bsc#1228202).
- Update
  patches.suse/drm-exynos-hdmi-report-safe-640x480-mode-as-a-fallba.patch
  (git-fixes CVE-2024-40916 bsc#1227846).
- Update
  patches.suse/drm-exynos-vidi-fix-memory-leak-in-.get_modes.patch
  (stable-fixes CVE-2024-40932 bsc#1227828).
- Update
  patches.suse/drm-i915-dpt-Make-DPT-object-unshrinkable.patch
  (git-fixes CVE-2024-40924 bsc#1227787).
- Update
  patches.suse/drm-komeda-check-for-error-valued-pointer.patch
  (git-fixes CVE-2024-39505 bsc#1227728).
- Update
  patches.suse/drm-lima-mask-irqs-in-timeout-path-before-hard-reset.patch
  (stable-fixes CVE-2024-40976 bsc#1227893).
- Update
  patches.suse/drm-radeon-fix-UBSAN-warning-in-kv_dpm.c.patch
  (stable-fixes CVE-2024-40988 bsc#1227957).
- Update
  patches.suse/ftrace-Fix-possible-use-after-free-issue-in-ftrace_location.patch
  (git-fixes CVE-2024-38588 bsc#1226837).
- Update
  patches.suse/iommu-Return-right-value-in-iommu_sva_bind_device.patch
  (git-fixes CVE-2024-40945 bsc#1227802).
- Update
  patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
  (bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
  patches.suse/sock_map-avoid-race-between-sock_map_close-and-sk_ps.patch
  (bsc#1225475 CVE-2023-52735 CVE-2024-39500 bsc#1227724).
- Update
  patches.suse/tracing-Build-event-generation-tests-only-as-modules.patch
  (git-fixes CVE-2024-41004 bsc#1227851).
- Update
  patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
  (git-fixes CVE-2024-26920 bsc#1228237).
- Update
  patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch
  (git-fixes CVE-2024-40903 bsc#1227766).
- Update
  patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
  (bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
  patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
  (bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- Update
  patches.suse/vmci-prevent-speculation-leaks-by-sanitizing-event-i.patch
  (git-fixes CVE-2024-39499 bsc#1227725).
- Update
  patches.suse/wifi-cfg80211-Lock-wiphy-in-cfg80211_get_station.patch
  (git-fixes CVE-2024-40911 bsc#1227792).
- Update
  patches.suse/wifi-iwlwifi-mvm-check-n_ssids-before-accessing-the-.patch
  (git-fixes CVE-2024-40929 bsc#1227774).
- Update
  patches.suse/wifi-iwlwifi-mvm-don-t-read-past-the-mfuart-notifcat.patch
  (git-fixes CVE-2024-40941 bsc#1227771).
- Update
  patches.suse/wifi-mac80211-Fix-deadlock-in-ieee80211_sta_ps_deliv.patch
  (git-fixes CVE-2024-40912 bsc#1227790).
- Update
  patches.suse/wifi-mac80211-mesh-Fix-leak-of-mesh_preq_queue-objec.patch
  (git-fixes CVE-2024-40942 bsc#1227770).
- Update
  patches.suse/xhci-Handle-TD-clearing-for-multiple-streams-case.patch
  (git-fixes CVE-2024-40927 bsc#1227816).
- commit 14d852a

- Update
  patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
  (git-fixes CVE-2023-52885 bsc#1227750).
- Update
  patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
  (bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
  patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
  (bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit b28e7bb

- Update
  patches.suse/1216-drm-vc4-hdmi-Unregister-codec-device-on-unbind.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48852 bsc#1228067).
- Update
  patches.suse/Bluetooth-hci_core-Fix-leaking-sent_cmd-skb.patch
  (jsc#PED-1407 CVE-2022-48844 bsc#1228068).
- Update
  patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
  (git-fixes CVE-2022-48866 bsc#1228014).
- Update
  patches.suse/Input-aiptek-properly-check-endpoint-type.patch
  (git-fixes CVE-2022-48836 bsc#1227989).
- Update
  patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
  (git-fixes CVE-2022-48793 bsc#1228019).
- Update
  patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
  (git-fixes CVE-2022-48857 bsc#1228005).
- Update
  patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
  (git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
  CVE-2022-48828 bsc#1228054).
- Update
  patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
  (bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
  patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
  (bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
  patches.suse/block-release-rq-qos-structures-for-queue-without-di.patch
  (jsc#PED-1183 CVE-2022-48846 bsc#1227992).
- Update
  patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
  (git-fixes CVE-2022-48830 bsc#1227982).
- Update
  patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
  (git-fixes CVE-2022-48784 bsc#1227938).
- Update
  patches.suse/dma-buf-heaps-Fix-potential-spectre-v1-gadget.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48730 bsc#1226713).
- Update
  patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
  (git-fixes CVE-2022-48774 bsc#1227923).
- Update
  patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48849 bsc#1228061).
- Update
  patches.suse/drm-msm-dpu-invalid-parameter-check-in-dpu_setup_dsp.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48749 bsc#1226650).
- Update
  patches.suse/drm-msm-dsi-invalid-parameter-check-in-msm_dsi_phy_e.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48756 bsc#1226698).
- Update
  patches.suse/drm-nouveau-fix-off-by-one-in-BIOS-boundary-checking.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48732 bsc#1226716).
- Update
  patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48826 bsc#1227975).
- Update
  patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  CVE-2022-48843 bsc#1228066).
- Update
  patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
  (git-fixes CVE-2022-48806 bsc#1227948).
- Update
  patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
  (git-fixes CVE-2022-48860 bsc#1228008).
- Update
  patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
  (CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
  patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
  (git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
  (jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
  patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
  (bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
  patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
  (git-fixes CVE-2022-48807 bsc#1227970).
- Update
  patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
  (git-fixes CVE-2022-48842 bsc#1228064).
- Update
  patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
  (jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
  patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
  (git-fixes CVE-2022-48801 bsc#1227956).
- Update
  patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
  (git-fixes CVE-2022-48831 bsc#1227986).
- Update
  patches.suse/iommu-Fix-potential-use-after-free-during-probe
  (git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
  (bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
  patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
  (git-fixes CVE-2022-48863 bsc#1228063).
- Update
  patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
  (git-fixes CVE-2022-48821 bsc#1227976).
- Update
  patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
  (git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
  patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
  (bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
  patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
  (git-fixes CVE-2022-48775 bsc#1227924).
- Update
  patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
  (git-fixes CVE-2022-48777 bsc#1227922).
- Update
  patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
  (git-fixes CVE-2022-48776 bsc#1227925).
- Update
  patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
  (git-fixes CVE-2022-48778 bsc#1227935).
- Update
  patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
  (git-fixes CVE-2022-48817 bsc#1227931).
- Update
  patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48815 bsc#1227933).
- Update
  patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48813 bsc#1227963).
- Update
  patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48812 bsc#1227971).
- Update
  patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
  (git-fixes CVE-2022-48783 bsc#1227949).
- Update
  patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
  (git-fixes CVE-2022-48818 bsc#1228039).
- Update
  patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
  (git-fixes CVE-2022-48814 bsc#1227944).
- Update
  patches.suse/net-fix-a-memleak-when-uncloning-an-skb-dst-and-its-.patch
  (git-fixes CVE-2022-48809 bsc#1227947).
- Update
  patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
  (git-fixes CVE-2022-48794 bsc#1228025).
- Update
  patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
  (git-fixes CVE-2022-48859 bsc#1228007).
- Update
  patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
  (git-fixes CVE-2022-48858 bsc#1228006).
- Update
  patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
  (CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
  patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
  (git-fixes CVE-2022-48780 bsc#1227995).
- Update
  patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
  (bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
  CVE-2022-48805 bsc#1227969).
- Update
  patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
  (bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
  bsc#1227941).
- Update
  patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
  (bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
  bsc#1227952).
- Update
  patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
  (bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
  bsc#1228000).
- Update
  patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
  (git fixes CVE-2022-48799 bsc#1227953).
- Update
  patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
  (git-fixes CVE-2022-48820 bsc#1227972).
- Update
  patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
  (git-fixes CVE-2022-48803 bsc#1227965).
- Update
  patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
  (bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
  patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
  (git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
  (git-fixes CVE-2022-48824 bsc#1227964).
- Update
  patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
  (jsc#PED-1559 CVE-2022-48792 bsc#1228013).
- Update
  patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
  (jsc#PED-1559 CVE-2022-48791 bsc#1228002).
- Update
  patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
  (jsc#PED-1524 CVE-2022-48825 bsc#1228056).
- Update
  patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
  (jsc#PED-1524 CVE-2022-48823 bsc#1228045).
- Update
  patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
  (git-fixes CVE-2022-48851 bsc#1227997).
- Update
  patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
  (CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
  (git-fixes CVE-2022-48822 bsc#1228040).
- Update
  patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
  (git-fixes CVE-2022-48838 bsc#1227988).
- Update
  patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
  (git-fixes CVE-2022-48837 bsc#1227987).
- Update
  patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
  (git-fixes CVE-2022-48834 bsc#1228062).
- Update
  patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
  (jsc#PED-1549 CVE-2022-48861 bsc#1228009).
- Update
  patches.suse/vdpa-mlx5-add-validation-for-VIRTIO_NET_CTRL_MQ_VQ_P.patch
  (jsc#PED-1549 CVE-2022-48864 bsc#1228011).
- Update
  patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
  (jsc#PED-1549 CVE-2022-48862 bsc#1228010).
- Update
  patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
  (git-fixes CVE-2022-48786 bsc#1227996).
- Update
  patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
  (git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
  (CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
  patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
  (git-fixes CVE-2022-48773 bsc#1227921).
- commit bfcee01

- Update
  patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
  (stable-5.14.10 bsc#1225302 CVE-2021-47402 bsc#1225301).
- Update
  patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
  (git-fixes CVE-2021-47624 bsc#1227920).
- Update
  patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
  (git-fixes CVE-2021-47622 bsc#1227917).
- commit a651650

- scsi: qedf: Make qedf_execute_tmf() non-preemptible (CVE-2024-42124 bsc#1228705)
- commit 9baaa6c

- net: dsa: mv88e6xxx: Correct check for empty list (CVE-2024-42224 bsc#1228723)
- commit 17953b6

- Update references in patches.suse/wifi-cfg80211-wext-add-extra-SIOCSIWSCAN-data-check.patch (CVE-2024-41072 bsc#1228626 stable-fixes)
- commit 273bfae

- skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048 bsc#1228565)
- commit 530a147

- netns: Make get_net_ns() handle zero refcount net
  (CVE-2024-40958 bsc#1227812).
- commit cd7215b

- blacklist.conf: Add 943ad0b62e3c kernel: rerun task_work while freezing in get_signal()
  and related io_uring fix.
- commit dd99721

- blacklist.conf: Add 7a4479680d7f cgroup_misc: add kernel-doc comments for enum misc_res_type
- commit 33a371b

- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit 8837200

- mm/hugetlb: fix missing hugetlb_lock for resv uncharge
  (bsc#1224548 CVE-2024-36000).
- commit bb54a15

- Bluetooth: hci_sync: Fix suspending with wrong filter policy
  (git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
  (git-fixes).
- commit d1b1ed5

- net/dpaa2: Avoid explicit cpumask var allocation on stack
  (CVE-2024-42093 bsc#1228680).
- ppp: reject claimed-as-LCP but actually malformed packets
  (CVE-2024-41044 bsc#1228530).
- ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066
  bsc#1228640).
- net/dpaa2: Avoid explicit cpumask var allocation on stack
  (CVE-2024-42093 bsc#1228680).
- commit e2a1614

- drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591 CVE-2024-42122)
- commit 42cafdc

- gfs2: Fix NULL pointer dereference in gfs2_log_flush
  (bsc#1228672 CVE-2024-42079).
- commit 9249ead

- btrfs: qgroup: fix quota root leak after quota disable failure
  (bsc#1228655 CVE-2024-41078).
- commit a021822

- workqueue: Improve scalability of workqueue watchdog touch
  (bsc#1193454).
- commit d6c3d9d

- workqueue: wq_watchdog_touch is always called with valid CPU
  (bsc#1193454).
- commit 8c80fa1

- KVM: arm64: Disassociate vcpus from redistributor region on
  teardown (CVE-2024-40989 bsc#1227823).
- commit 724dd5c

- wifi: mac80211: Avoid address calculations via out of bounds
  array indexing (CVE-2024-41071 bsc#1228625).
- commit 93c5732

- powerpc/eeh: avoid possible crash when edev->pdev changes
  (CVE-2024-41064 bsc#1228599).
- commit ba6e5c8

- ASoC: topology: Fix references to freed memory (CVE-2024-41069
  bsc#1228644).
- commit 44dd0c7

- net/sched: Fix UAF when resolving a clash (CVE-2024-41040 bsc#1228518)
- commit 38cd1ac

- btrfs: make sure that WRITTEN is set on all metadata blocks (CVE-2024-35949 bsc#1224700)
  Changes: adjust returned error codes to -EUCLEAN and drop definition of
  the enum error.
- commit c3c9515

- ila: block BH in ila_output() (CVE-2024-41081 bsc#1228617)
- commit 54b2845

- blacklist.conf: CVE-2024-41076 bsc#1228649: not applicable
  Different code using a local variable, switch to dynamic allocation done
  in 1b00ad657997c8 ("NFS: Remove the nfs4_label from the nfs_setattrres")
  in 5.16.
- commit 40fbbcc

- blk-cgroup: dropping parent refcount after pd_free_fn() is done
  (bsc#1224573).
- commit 87d4ac6

- Update patches.suse/nilfs2-fix-inode-number-range-checks.patch
  (git-fixes stable-fixes bsc#1228665 CVE-2024-42105).
- commit 363084c

- Update
  patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch
  (bsc#1221044 CVE-2023-52591 bsc#1228440).
- commit d21f810

- hfsplus: fix uninit-value in copy_name (bsc#1228561
  CVE-2024-41059).
- commit cfc2db1

- ext4: fix uninitialized ratelimit_state->lock access in
  __ext4_fill_super() (bsc#1227866 CVE-2024-40998).
- commit 5c2bc07

- cachefiles: fix slab-use-after-free in
  cachefiles_withdraw_cookie() (bsc#1228462 CVE-2024-41057).
- cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
  (bsc#1228459 CVE-2024-41058).
- netfs, fscache: export fscache_put_volume() and add
  fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- commit 599a85f

- platform/chrome: cros_ec_proto: Lock device when updating MKBP
  version (git-fixes).
- commit 3c731c9

- dmaengine: idxd: Fix possible Use-After-Free in
  irq_process_work_list (CVE-2024-40956 bsc#1227810).
- commit 3632d87

- platform/chrome: cros_ec_proto: Lock device when updating MKBP
  version (git-fixes).
- commit 43f2501

- ocfs2: add bounds checking to ocfs2_check_dir_entry()
  (bsc#1228409 CVE-2024-41015).
- ocfs2: strict bound check before memcmp in
  ocfs2_xattr_find_entry() (bsc#1228410).
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
  (bsc#1228410 CVE-2024-41016).
- ocfs2: remove redundant assignment to variable free_space
  (bsc#1228409).
- commit 568c7dd

- vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625
  CVE-2024-27437).
- commit 65556f4

- ocfs2: fix DIO failure due to insufficient transaction credits
  (bsc#1216834).
- commit edabc6f

- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (CVE-2024-41063 bsc#1228580)
- commit 7924d8c

- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041 bsc#1228520)
- commit eae6531

- ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (CVE-2022-48785 bsc#1227927)
- commit ca3b7b0

- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit bcdcd8a

- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070 bsc#1228470)
- commit ec1e1fa

- nfsd: Don't leave work of closing files to a work queue
  (bsc#1228140).
- commit 3b8e93d

- KVM: PPC: Book3S HV: Prevent UAF in
  kvm_spapr_tce_attach_iommu_group() (bsc#1228581 CVE-2024-41070).
- commit 5102495

- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
  (CVE-2024-40959 bsc#1227884).
- commit 4f042e1

- tap: add missing verification for short frame (CVE-2024-41090
  bsc#1228328).
- commit e64bcfc

- selftests/bpf: Add more ring buffer test coverage (bsc#1228020
  CVE-2024-41009).
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
  CVE-2024-41009).
- commit 320d7db

- rpm/guards: fix precedence issue with control flow operator
  With perl 5.40 it report the following error on rpm/guards script:
  Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
  Fix the issue by adding parenthesis around ternary operator.
- commit 07b8b4e

- blacklist.conf: Add 9c573cd31343 randomize_kstack: Improve entropy diffusion
  blacklist.conf: Add 375561bd6195 stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
- commit 07a7d85

- ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA
  is paused (git-fixes).
- commit 81d45da

- wifi: mac80211: handle tasklet frames before stopping
  (stable-fixes).
- commit 51c6566

- HID: wacom: Modify pen IDs (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
  (stable-fixes).
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
  (stable-fixes).
- wifi: mac80211: disable softirqs for queued frame handling
  (git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling
  (stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane
  Button (stable-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout
  (stable-fixes).
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config
  (stable-fixes).
- ALSA: dmaengine: Synchronize dma channel after drop()
  (stable-fixes).
- ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium
  (stable-fixes).
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize
  (stable-fixes).
- Input: elantech - fix touchpad state on resume for Lenovo N24
  (stable-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
  (stable-fixes).
- mei: demote client disconnect warning on suspend to debug
  (stable-fixes).
- Input: silead - Always support 10 fingers (stable-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
  (stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe
  option (stable-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd
  (stable-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup
  (stable-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in
  mesh sdata (stable-fixes).
- ACPI: EC: Avoid returning AE_OK on errors in address space
  handler (stable-fixes).
- ACPI: EC: Abort address space access upon error (stable-fixes).
- docs: Fix formatting of literal sections in fanotify docs
  (stable-fixes).
- commit 38d8033

- xfs: add bounds checking to xlog_recover_process_data
  (bsc#1228408 CVE-2024-41014).
- commit 9b9175d

- xfs: don't walk off the end of a directory data block
  (bsc#1228405 CVE-2024-41013).
- commit 3a2120b

- jfs: don't walk off the end of ealist (bsc#1228403
  CVE-2024-41017).
- commit 553b2ef

- ext4: do not create EA inode under buffer lock (bsc#1227910
  CVE-2024-40972).
- commit aacd3b6

- ext4: fold quota accounting into
  ext4_xattr_inode_lookup_create() (bsc#1227910 CVE-2024-40972).
- commit 0630857

- ext4: fix mb_cache_entry's e_refcnt leak in
  ext4_xattr_block_cache_find() (bsc#1226993 CVE-2024-39276).
- commit 1269749

- Update patch reference for AMDGPU fix (CVE-2024-41011 bsc#1228115)
- commit 0303eab

- drm/amdkfd: don't allow mapping the MMIO HDP page with large
  pages (CVE-2024-41011 bsc#1228115).
- commit ff8f843

- 9p: add missing locking around taking dentry fid list (bsc#1227090, CVE-2024-39463).
- commit c58a66f

- ceph: fix incorrect kmalloc size of pagevec mempool
  (bsc#1228418).
- commit 2230e72

- tun: add missing verification for short frame (CVE-2024-41091
  bsc#1228327).
- tap: add missing verification for short frame (CVE-2024-41090
  bsc#1228328).
- net: ena: Add validation for completion descriptors consistency
  (CVE-2024-40999 bsc#1227913).
- net: mvpp2: clear BM pool before initialization (CVE-2024-35837
  bsc#1224500).
- commit 80ce1bf

- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- commit 6bbdba6

- sit: do not call ipip6_dev_free() from sit_init_net()
  (CVE-2021-47588 bsc#1226568).
- commit 38c1d39

- mptcp: remove tcp ulp setsockopt support
  (CVE-2021-47591 bsc#1226570).
- commit 2079fc2

- Refresh
  patches.kabi/tty-add-the-option-to-have-a-tty-reject-a-new-ldisc.patch.
  Fix build for CONFIG_VT=n (ppc64le/kvmsmall).
- commit a0ede6a

- sch_cake: do not call cake_destroy() from cake_init()
  (CVE-2021-47598 bsc#1226574).
- commit d533b8e

- serial: imx: Introduce timeout when waiting on transmitter empty
  (CVE-2024-40967 bsc#1227891).
- commit 05ae86a

- kABI: tty: add the option to have a tty reject a new ldisc
  (kabi CVE-2024-40966 bsc#1227886).
- tty: add the option to have a tty reject a new ldisc
  (CVE-2024-40966 bsc#1227886).
- commit 875e673

- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- commit 1b3b67e

- devres: Fix memory leakage caused by driver API
  devm_free_percpu() (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env()
  (git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- commit 9c7dc5b

- bpf: Fix a potential use-after-free in bpf_link_free()
  (bsc#1227798 CVE-2024-40909).
- Refresh patches.kabi/bpf-bpf_link-and-bpf_link_ops-kABI-workaround.patch
- commit 755a2fd

- net-sysfs: add check for netdevice being present to speed_show (CVE-2022-48850 bsc#1228071)
- commit 3226c14

- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- commit 9b702c7

- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- commit 11f7aa0

- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- commit 33fb4ee

- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- commit d56b79b

- KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- commit be5ea07

- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- commit dc83512

- drm/radeon: check bo_va->bo is non-NULL before using it
  (stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode
  support (stable-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
  (stable-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency
  (stable-fixes).
- ALSA: hda/realtek: Add more codec ID to no shutup pins list
  (stable-fixes).
- commit a18e5d0

- powerpc/fixmap: Fix VM debug warning on unmap (CVE-2021-47623
  bsc#1227919).
- commit 6169baf

- wifi: mt76: mt7921s: fix potential hung tasks during chip
  recovery (CVE-2024-40977 bsc#1227950).
- commit ee916d4

- Avoid hw_desc array overrun in dw-axi-dmac (CVE-2024-40970
  bsc#1227899).
- commit 713bbc3

- ssb: Fix potential NULL pointer dereference in
  ssb_device_uevent() (CVE-2024-40982 bsc#1227865).
- commit 4f37558

- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- commit 12ba1f2

- Update patches.suse/IB-mlx5-Use-__iowrite64_copy-for-write-combining-sto.patch (git-fixes bsc#1226502)
- commit c55adfd

- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- commit 3783d1b

- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- commit cc50a67

- s390: Implement __iowrite32_copy() (bsc#1226502)
- commit 8fb0f46

- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- commit 92d3558

- smb: client: fix use-after-free in smb2_query_info_compound()
  (bsc#1225489, CVE-2023-52751).
- commit a32502b

- bpf: Set run context for rawtp test_run callback (bsc#1227783
  CVE-2024-40908).
- commit 3bc3979

- ipv6: prevent possible NULL dereference in rt6_probe()
  (CVE-2024-40960 bsc#1227813).
- commit 33bfa43

- PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
  (git-fixes).
- commit e67818e

- cachefiles: flush all requests after setting CACHEFILES_DEAD
  (bsc#1227797 CVE-2024-40935).
- commit f7e6672

- xfs: Add cond_resched to block unmap range and reflink remap
  path (bsc#1228226).
- commit 398a1d5

- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table()
  on failure path (CVE-2022-48810 bsc#1227936).
- commit 4b745d6

- PCI: Introduce cleanup helpers for device reference counts
  and locks (git-fixes).
- commit 4645732

- PCI: tegra194: Set EP alignment restriction for inbound ATU
  (git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
  (git-fixes).
- PCI: keystone: Fix NULL pointer dereference in case of DT
  error in ks_pcie_setup_rc_app_regs() (git-fixes).
- PCI: keystone: Don't enable BAR 0 for AM654x (git-fixes).
- PCI: Fix resource double counting on remove & rescan
  (git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
  (git-fixes).
- commit b5dfbee

- sctp: fix kernel-infoleak for SCTP sockets (CVE-2022-48855
  bsc#1228003).
- commit f84afd1

- blacklist.conf: add one pci entry
- commit 8c4446c

- ipv6: prevent possible NULL deref in fib6_nh_init()
  (CVE-2024-40961 bsc#1227814).
- commit 09176fe

- PCI: Extend ACS configurability (bsc#1228090).
- commit 9d1d191

- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated
  memory (bsc#1227762 CVE-2024-40901).
- commit 1473e56

- io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
  (bsc#1227732 CVE-2024-39508).
- commit 9c3b469

- mac802154: fix llsec key resources release in
  mac802154_llsec_key_del (CVE-2024-26961 bsc#1223652).
- commit 4396d9f

- usb: typec: tcpm: clear pd_event queue in PORT_RESET
  (git-fixes).
- commit 8782764

- netrom: Fix a memory leak in nr_heartbeat_expiry()
  (CVE-2024-41006 bsc#1227862).
- commit fa76ffa

- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
  (git-fixes).
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored
  (git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up
  (git-fixes).
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when
  pinctrl_enable() fails (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable()
  fails (git-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable()
  fails (git-fixes).
- pinctrl: rockchip: update rk3308 iomux routes (git-fixes).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
  (git-fixes).
- PCI: Fix resource double counting on remove & rescan
  (git-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
  (git-fixes).
- PCI: Introduce cleanup helpers for device reference counts
  and locks (stable-fixes).
- commit a5ba589

- usb: gadget: call usb_gadget_check_config() to verify UDC
  capability (git-fixes).
- commit a789eca

- blacklist.conf: pure dts
- commit ed51b87

- usb: cdns3: fix iso transfer error when mult is not zero
  (git-fixes).
- commit 24ef45f

- usb: cdns3: fix incorrect calculation of ep_buf_size when more
  than one config (git-fixes).
- commit 1aee554

- usb: cdns3: allocate TX FIFO size according to composite EP
  number (git-fixes).
- blacklist.conf: needed as infrastructure
- Refresh
  patches.suse/usb-cdns3-fix-NCM-gadget-RX-speed-20x-slow-than-expe.patch.
- commit f5e4b65

- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- libceph: fix race between delayed_work() and ceph_monc_stop()
  (bsc#1228190).
- commit 7cce822

- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt
  is true (git-fixes).
- Refresh
  patches.suse/usb-cdns3-fix-uvc-failure-work-since-sg-support-enab.patch.
- commit f171c84

- usb: cdns3: optimize OUT transfer by copying only actual
  received data (git-fixes).
- commit 909f26f

- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
  (git-fixes).
- commit 82de9d3

- usb: cdns3: improve handling of unaligned address case
  (git-fixes).
- commit ada0d19

- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state
  (bsc#1227121 ltc#207129).
- commit 2fe1c33

- blacklist.conf: pure optimization
- commit 0f44899

- gve: Clear napi->skb before dev_kfree_skb_any() (CVE-2024-40937
  bsc#1227836).
- commit 610d469

- Input: elan_i2c - do not leave interrupt disabled on suspend
  failure (git-fixes).
- Input: qt1050 - handle CHIP_ID reading error (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- Revert "usb: musb: da8xx: Set phy in OTG mode by default"
  (stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
  Book Pro 360 (stable-fixes).
- ASoC: amd: Adjust error handling in case of absent codec device
  (git-fixes).
- ASoC: max98088: Check for clk_prepare_enable() error
  (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
  (stable-fixes).
- crypto: ecdsa - Fix the public key format description
  (git-fixes).
- commit daf9e8d

- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config
  (git-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush()
  ctl op (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after
  suspend/resume (git-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep
  (git-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- USB: serial: option: add Rolling RW350-GL variants
  (stable-fixes).
- USB: serial: option: add support for Foxconn T99W651
  (stable-fixes).
- USB: serial: option: add Netprisma LCUK54 series modules
  (stable-fixes).
- usb: gadget: configfs: Prevent OOB read/write in
  usb_string_copy() (stable-fixes).
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
  (stable-fixes).
- USB: serial: option: add Telit generic core-dump composition
  (stable-fixes).
- USB: serial: option: add Fibocom FM350-GL (stable-fixes).
- USB: serial: option: add Telit FN912 rmnet compositions
  (stable-fixes).
- nilfs2: add missing check for inode numbers on directory entries
  (stable-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
  (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT
  IVW 11.6" tablet (stable-fixes).
- nfc/nci: Add the inconsistency check between the input data
  length and count (stable-fixes).
- Input: ff-core - prefer struct_size over open coded arithmetic
  (stable-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- media: dvb-frontends: tda10048: Fix integer overflow
  (stable-fixes).
- media: s2255: Use refcount_t instead of atomic_t for
  num_channels (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div
  (stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: dw2102: Don't translate i2c read into write
  (stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware()
  (stable-fixes).
- media: dvb: as102-fe: Fix as10x_register_addr packing
  (stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- commit 1d67edd

- Update Alt-commit of AMDGPU patch (git-fixes)
- commit 486ad31

- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers
  (git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in
  prepare() (git-fixes).
- commit 7e23de0

- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO
  before regulators (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in
  amdgpu_device_baco_exit (git-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
  (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
  (stable-fixes).
- ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- crypto: aead,cipher - zeroize key buffer after use
  (stable-fixes).
- commit df254fc

- Update Alt-commit for AMDGPU patches (git-fixes)
- commit faaa427

- net: hns3: fix kernel crash problem in concurrent scenario
  (CVE-2024-39507 bsc#1227730).
- net/mlx5: Fix tainted pointer delete is case of flow rules
  creation fail (CVE-2024-40940 bsc#1227800).
- commit 778fd36

- vmxnet3: disable rx data ring on dma allocation failure
  (CVE-2024-40923 bsc#1227786).
- commit 39544d5

- mptcp: ensure snd_una is properly initialized on connect
  (CVE-2024-40931 bsc#1227780).
- commit 8410912

- bnxt_en: Adjust logging of firmware messages in case of released
  token in __hwrm_send() (CVE-2024-40919 bsc#1227779).
- commit 92740a7

- orangefs: fix out-of-bounds fsid access (git-fixes).
- commit 5492c0a

- nilfs2: fix incorrect inode allocation from reserved inodes
  (git-fixes).
- commit 84d8b23

- nilfs2: convert persistent object allocator to use kmap_local
  (git-fixes).
- commit 5ccbbbd

- nilfs2: add missing check for inode numbers on directory entries
  (git-fixes).
- commit 907b3f0

- nilfs2: fix inode number range checks (git-fixes).
- commit f8f08aa

- jffs2: Fix potential illegal address access in jffs2_free_inode
  (git-fixes).
- commit 03a6330

- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CVE-2024-39487 bsc#1227573)
- commit 07efe24

- netfilter: nf_tables: flush pending destroy work before exit_net release (CVE-2024-35899 bsc#1224499)
- commit fca7a67

- net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (CVE-2024-35934 bsc#1224641)
- commit 2be2fbe

- net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893 bsc#1224512)
- commit e1c4fc4

- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
  (CVE-2024-40953, bsc#1227806).
- commit 2476f39

- Refresh
  patches.suse/KVM-x86-Bail-from-kvm_recalculate_phys_map-if-x2APIC.patch.
- commit c36c759

- xfs: fix log recovery buffer allocation for the legacy h_size
  fixup (bsc#1227432 CVE-2024-39472).
- commit 18a9915

- KVM: x86: Add IBPB_BRTYPE support (bsc#1228079).
- commit aa09d73

- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff
  (git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp
  (git-fixes).
- saa7134: Unchecked i2c_transfer function result fixed
  (git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: dvb-usb: Fix unexpected infinite loop in
  dvb_usb_read_remote_control() (git-fixes).
- Revert "leds: led-core: Fix refcount leak in of_led_get()"
  (git-fixes).
- leds: triggers: Flush pending brightness before activating
  trigger (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos
  (git-fixes).
- leds: trigger: Unregister sysfs attributes before calling
  deactivate() (git-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- commit 960e7ee

- Update
  patches.suse/mptcp-ensure-snd_nxt-is-properly-initialized-on-conn.patch
  (CVE-2024-36889 bsc#1225746).
- commit cf8a3ad

- ocfs2: fix races between hole punching and AIO+DIO (CVE-2024-40943 bsc#1227849).
- commit b79d9d8

- net: rds: Fix possible NULL-pointer dereference (CVE-2023-52573 bsc#1220869)
- commit d3cf4c3

- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020 bsc#1223815)
- commit fd09409

- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019 bsc#1223813)
- commit ccbb2a8

- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- commit 7623aa9

- gro: fix ownership transfer (CVE-2024-35890 bsc#1224516).
- commit 59871a8

- mptcp: ensure snd_nxt is properly initialized on connect
  (CVE-2024-36889).
- commit d97efaf

- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- commit 7716ffe

- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- commit ee3b46a

- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- commit 4a9af64

- ipv6: fib6_rules: avoid possible NULL dereference in
  fib6_rule_action() (CVE-2024-36902 bsc#1225719).
- commit b7587ff

- phonet: fix rtm_phonet_notify() skb allocation (CVE-2024-36946
  bsc#1225851).
- commit f863dba

- net: netlink: af_netlink: Prevent empty skb by adding a check
  on len (CVE-2021-47606 bsc#1226555).
- commit 3b4f977

- r8169: Fix possible ring buffer corruption on fragmented Tx
  packets (CVE-2024-38586 bsc#1226750).
- commit 21fc784

- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code  block (bsc#1227900).
- commit cee3770

- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- commit 5326760

- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- commit 7113a94

- wifi: rtw89: Fix array index mistake in
  rtw89_sta_info_get_iter() (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
  (git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in
  cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
  (git-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
  (git-fixes).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox
  (git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of
  wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no
  waiters (git-fixes).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- pwm: stm32: Always do lazy disabling (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms
  (git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes
  (git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled
  (git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version
  (git-fixes).
- drm/gma500: fix null pointer dereference in
  cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in
  psb_intel_lvds_get_modes (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- commit f8f3fda

- SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
- SUNRPC: Fix loop termination condition in
  gss_free_in_token_pages() (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
  (git-fixes).
- NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
  (git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
  (git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- NFSD: Convert filecache to rhltable (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- nfsd: update comment over __nfsd_file_cache_purge (git-fixes).
- nfsd: don't take/put an extra reference when putting a file
  (git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: don't kill nfsd_files because of lease break error
  (git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator
  (git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries
  (git-fixes).
- nfsd: don't fsync nfsd_files on last close (git-fixes).
- nfsd: don't hand out delegation on setuid files being opened
  for write (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer
  (git-fixes).
- nfsd: don't free files unconditionally in
  __nfsd_file_cache_purge (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath
  (git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- lockd: set missing fl_flags field when retrieving args
  (git-fixes).
- NFSD: Add an nfsd_file_fsync tracepoint (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache
  (git-fixes).
- NFSD: Fix licensing header in filecache.c (git-fixes).
- NFSD: Flesh out a documenting comment for filecache.c
  (git-fixes).
- NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage
  collection (git-fixes).
- NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- filelock: add a new locks_inode_context accessor function
  (git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry
  (git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint
  (git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge
  (git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire
  (git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- NFSD enforce filehandle check for source file in COPY
  (git-fixes).
- NFSD: verify the opened dentry after setting a delegation
  (git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion
  (git-fixes).
- NFSD: Ensure nf_inode is never dereferenced (git-fixes).
- NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- NFSD: Separate tracepoints for acquire and create (git-fixes).
- NFSD: Clean up unused code after rhashtable conversion
  (git-fixes).
- NFSD: Convert the filecache to use rhashtable (git-fixes).
- NFSD: Set up an rhashtable for the filecache (git-fixes).
- NFSD: Replace the "init once" mechanism (git-fixes).
- NFSD: Remove nfsd_file::nf_hashval (git-fixes).
- NFSD: nfsd_file_hash_remove can compute hashval (git-fixes).
- NFSD: Refactor __nfsd_file_close_inode() (git-fixes).
- NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode
  (git-fixes).
- NFSD: Remove lockdep assertion from unhash_and_release_locked()
  (git-fixes).
- NFSD: No longer record nf_hashval in the trace log (git-fixes).
- NFSD: Fix the filecache LRU shrinker (git-fixes).
- NFSD: Leave open files out of the filecache LRU (git-fixes).
- NFSD: Trace filecache LRU activity (git-fixes).
- NFSD: WARN when freeing an item still linked via nf_lru
  (git-fixes).
- NFSD: Zero counters when the filecache is re-initialized
  (git-fixes).
- NFSD: Record number of flush calls (git-fixes).
- NFSD: Report the number of items evicted by the LRU walk
  (git-fixes).
- NFSD: Refactor nfsd_file_lru_scan() (git-fixes).
- NFSD: Refactor nfsd_file_gc() (git-fixes).
- NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- NFSD: Report average age of filecache items (git-fixes).
- NFSD: Report count of freed filecache items (git-fixes).
- NFSD: Report count of calls to nfsd_file_acquire() (git-fixes).
- NFSD: Report filecache LRU size (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed
  (git-fixes).
- NFSD: Fix potential use-after-free in nfsd_file_put()
  (git-fixes).
- NFSD: nfsd_file_put() can sleep (git-fixes).
- NFSD: Trace filecache opens (git-fixes).
- NFSD: Instantiate a struct file when creating a regular NFSv4
  file (git-fixes).
- NFSD: Clean up nfsd_open_verified() (git-fixes).
- NFSD: Remove do_nfsd_create() (git-fixes).
- NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- NFSD: Refactor NFSv3 CREATE (git-fixes).
- NFSD: Refactor nfsd_create_setattr() (git-fixes).
- NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create()
  (git-fixes).
- NFSD: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- NFSD: De-duplicate hash bucket indexing (git-fixes).
- NFSD: Write verifier might go backwards (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return
  (git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- nfsd: map EBADF (git-fixes).
- NFSD: simplify per-net file cache management (git-fixes).
- NFSD: handle errors better in write_ports_addfd() (git-fixes).
- commit 93c3330

- usb: dwc3: gadget: Don't delay End Transfer on delayed_status
  (git-fixes).
- commit e973410

- Update
  patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
  (bsc#1225767 CVE-2024-36919).
  fix incorrect bug# reference
- commit 354086f

- ipv6: sr: fix missing sk_buff release in seg6_input_core
  (bsc#1227626 CVE-2024-39490).
- commit b5e215c

- usb: xhci-plat: Don't include xhci.h (git-fixes).
- commit 192a370

- blacklist.conf: missing backport for fix
- commit 6f546a1

- net/mlx5: Always stop health timer during driver removal
  (CVE-2024-40906 bsc#1227763).
- net/mlx5: Restore mistakenly dropped parts in register devlink
  flow (CVE-2024-35961 bsc#1224585).
- commit 63e2ff9

- USB: xhci-plat: fix legacy PHY double init (git-fixes).
- commit 287068c

- usb: dwc3: gadget: Synchronize IRQ between soft
  connect/disconnect (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 8914bb2

- exfat: check if cluster num is valid (git-fixes).
- commit bbb197c

- exfat: simplify is_valid_cluster() (git-fixes).
- commit ec3d5ea

- usb: dwc3: gadget: Force sending delayed status during soft
  disconnect (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Stall-and-restart-EP0-if-host-is-unr.patch.
- commit 78e41bc

- hfsplus: fix to avoid false alarm of circular locking
  (git-fixes).
- commit 88f4150

- blacklist.conf: cleanup, not a fix
- commit b7bc0b1

- net/mlx5: Register devlink first under devlink lock
  (CVE-2024-35961 bsc#1224585).
- idpf: fix kernel panic on unknown packet types (CVE-2024-35889
  bsc#1224517).
- stmmac: Clear variable when destroying workqueue (CVE-2024-26802
  bsc#1222799).
- commit b9232bb

- inet: fully convert sk->sk_rx_dst to RCU rules (CVE-2021-47103
  bsc#1221010).
- commit 6ef4a6c

- mptcp: fix deadlock in __mptcp_push_pending() (CVE-2021-47590
  bsc#1226565).
- commit 994eb84

- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722 CVE-2024-39497)
- commit 39b6841

- ionic: fix use after netif_napi_del() (CVE-2024-39502
  bsc#1227755).
- ionic: clean interrupt before enabling queue to avoid credit
  race (git-fixes).
- commit f8dee1e

- ipv6: prevent NULL dereference in ip6_output() (CVE-2024-36901 bsc#1225711)
- commit 0757942

- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004 bsc#1224545)
- commit 89d4439

- nbd: null check for nla_nest_start (CVE-2024-27025 bsc#1223778)
- commit d85f2c2

- btrfs: use latest_dev in btrfs_show_devname (CVE-2021-47599 bsc#1226571)
- commit ba2490e

- btrfs: convert latest_bdev type to btrfs_device and rename (CVE-2021-47599 bsc#1226571)
- commit abefb83

- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- commit 4b0837b

- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- commit 274b9eb

- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
  (CVE-2024-35853 bsc#1224604).
- commit e216456

- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during
  activity update (CVE-2024-35854 bsc#1224636).
- commit fa5b2f9

- phonet/pep: fix racy skb_queue_empty() use (CVE-2024-27402
  bsc#1224414).
- commit 3644194

- net: prevent mss overflow in skb_segment() (CVE-2023-52435
  bsc#1220138).
- commit 4ab465a

- tracing/net_sched: NULL pointer dereference in
  perf_trace_qdisc_reset() (git-fixes).
- commit b9d9fb5

- tracing: Build event generation tests only as modules
  (git-fixes).
- commit 383ccf7

- cachefiles: add output string to
  cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- commit f83a29c

- ftrace: Fix possible use-after-free issue in ftrace_location()
  (git-fixes).
- commit f6aba47

- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- commit 0a79f35

- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- commit 91021c0

- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- commit 369619b

- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- commit aa95b6b

- netfilter: nf_tables: do not compare internal table flags on
  updates (CVE-2024-27065 bsc#1223836).
- commit f1dd3b1

- kprobes: Make arch_check_ftrace_location static (git-fixes).
- commit 81e6138

- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- commit c256000

- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- commit 16300ba

- csky: ftrace: Drop duplicate implementation of
  arch_check_ftrace_location() (git-fixes).
- commit c9c9bba

- net/smc: avoid data corruption caused by decline (bsc#1225088
  CVE-2023-52775).
- commit 7b97698

- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- commit 82ec7e7

- netfilter: flowtable: incorrect pppoe tuple (CVE-2024-27015
  bsc#1223806).
- commit 6af6de1

- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- commit 4eee5e7

- tipc: Check the bearer type before calling
  tipc_udp_nl_bearer_add() (CVE-2024-26663 bsc#1222326).
- commit b23a947

- blacklist.conf: Blacklist unneeded patch
- commit a22ed51

- phonet/pep: refuse to enable an unbound pipe (CVE-2021-47086
  bsc#1220952).
- commit 3d5c321

- tipc: check for null after calling kmemdup (CVE-2021-47186
  bsc#1222702).
- commit 34af8f8

- i2c: rcar: bring hardware to known state when probing
  (git-fixes).
- i2c: testunit: avoid re-issued work after read message
  (git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- commit 720b7b0

- hpet: Support 32-bit userspace (git-fixes).
- USB: serial: mos7840: fix crash on resume (git-fixes).
- USB: core: Fix duplicate endpoint bug by clearing reserved
  bits in the descriptor (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
  (git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2
  alg headers (git-fixes).
- firmware: cs_dsp: Validate payload length before processing
  block (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file
  (git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header
  (git-fixes).
- ACPI: processor_idle: Fix invalid comparison with insertion
  sort for latency (git-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo
  (stable-fixes).
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with
  ALC897 (stable-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning
  (stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id
  (stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank
  (stable-fixes).
- drm/amd/display: Check index msg_id before read or write
  (stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs
  (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/lima: fix shared irq handling on driver remove
  (stable-fixes).
- commit 7c70cdc

- net: openvswitch: fix overwriting ct original tuple for  ICMPv6
  (bsc#1226783 CVE-2024-38558).
- net/smc: fix illegal rmb_desc access in SMC-D connection dump
  (bsc#1220942 CVE-2024-26615).
- commit eaeef60

- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- commit b1ce67e

- KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID
  is out-of-bounds (git-fixes).
- commit 9ec2217

- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- commit 083e305

- KVM: x86: Save/restore all NMIs when multiple NMIs are pending
  (git-fixes).
- commit 8bd778f

- block: don't add partitions if GD_SUPPRESS_PART_SCAN is set
  (bsc#1227162).
- commit 71773a0

- block, loop: support partitions without scanning (bsc#1227162).
- blacklist.conf:
- commit bb86429

- KVM: x86: Honor architectural behavior for aliased 8-bit APIC
  IDs (git-fixes).
- commit bf2b1de

- Update
  patches.suse/ALSA-hda-intel-sdw-acpi-fix-usage-of-device_get_name.patch
  (git-fixes CVE-2024-36955 bsc#1225810).
- Update
  patches.suse/Bluetooth-qca-fix-firmware-check-error-path.patch
  (git-fixes CVE-2024-36942 bsc#1225843).
- Update
  patches.suse/Reapply-drm-qxl-simplify-qxl_fence_wait.patch
  (stable-fixes CVE-2024-36944 bsc#1225847).
- Update
  patches.suse/arm64-asm-bug-Add-.align-2-to-the-end-of-__BUG_ENTRY.patch
  (git-fixes CVE-2024-39488 bsc#1227618).
- Update
  patches.suse/fbdev-savage-Handle-err-return-when-savagefb_check_v.patch
  (git-fixes CVE-2024-39475 bsc#1227435).
- Update
  patches.suse/firewire-ohci-mask-bus-reset-interrupts-between-ISR-.patch
  (stable-fixes CVE-2024-36950 bsc#1225895).
- Update
  patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
  (git-fixes CVE-2024-36959 bsc#1225839).
- Update
  patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
  (bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- Update patches.suse/qibfs-fix-dentry-leak.patch (git-fixes
  CVE-2024-36947 bsc#1225856).
- Update
  patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
  (bsc#1224767 CVE-2024-36919 bsc#1225767).
- Update
  patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
  (git-fixes bsc#1223675 CVE-2024-269355 CVE-2024-26935).
- Update
  patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-af.patch
  (bsc#1221777 CVE-2024-36952 bsc#1225898).
- Update
  patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker.patch
  (bsc#1221777 CVE-2024-36924 bsc#1225820).
- Update
  patches.suse/wifi-nl80211-don-t-free-NULL-coalescing-rule.patch
  (git-fixes CVE-2024-36941 bsc#1225835).
- commit 54600b7

- Update
  patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
  (git fixes CVE-2022-48713 bsc#1227549).
- Update
  patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
  (bsc#1226758 CVE-2024-38559 bsc#1226785).
- Update
  patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186
  CVE-2024-26800 bsc#1222728).
- commit 329a684

- KVM: SVM: Process ICR on AVIC IPI delivery failure due to
  invalid target (git-fixes).
- commit 112065d

- KVM: x86: Purge "highest ISR" cache when updating APICv state
  (git-fixes).
- commit a129b88

- KVM: x86: Disable APIC logical map if vCPUs are aliased in
  logical mode (git-fixes).
- commit 8d68b06

- vfio/fsl-mc: Block calling interrupt handler without trigger
  (bsc#1222810 CVE-2024-26814).
- commit 520ae3c

- KVM: x86: Disable APIC logical map if logical ID covers multiple
  MDAs (git-fixes).
- commit 0357410

- KVM: Always flush async #PF workqueue when vCPU is being
  destroyed (bsc#1223635 CVE-2024-26976).
- commit c5ed396

- virtio-blk: fix implicit overflow on virtio_max_dma_size
  (bsc#1225573 CVE-2023-52762).
- commit 4296dc1

- KVM: x86: Skip redundant x2APIC logical mode optimized cluster
  setup (git-fixes).
- commit 288a73b

- vfio/platform: Create persistent IRQ handlers (bsc#1222809
  CVE-2024-26813).
- commit a8290e8

- KVM: x86: Explicitly track all possibilities for APIC map's
  logical modes (git-fixes).
- commit 2cf1fb4

- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- commit 07e2e07

- KVM: x86: Explicitly skip optimized logical map setup if vCPU's
  LDR==0 (git-fixes).
- commit d6f5973

- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- commit f2aaa1a

- KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC
  routes (git-fixes).
- commit a815f21

- KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR
  in CPUID (git-fixes).
- commit ccf2508

- net: mana: Fix possible double free in error handling path (git-fixes).
- RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted (bsc#1225744, CVE-2024-36909).
- uio_hv_generic: Don't free decrypted memory (bsc#1225717, CVE-2024-36910).
- hv_netvsc: Don't free decrypted memory (bsc#1225745, CVE-2024-36911).
- Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752, CVE-2024-36912).
- Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753, CVE-2024-36913).
- commit a860c7f

- tpm, tpm_tis: correct tpm_tis_flags enumeration values
  (bsc#1082555).
- commit ee1e789

- KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT
  Misconfig (git-fixes).
- commit 0d2641d

- KVM: VMX: Report up-to-date exit qualification to userspace
  (git-fixes).
- commit 606216a

- tpm_tis: Resend command to recover from data transfer errors
  (bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside
  tpm_tis_resume (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on
  resume (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers
  (bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector
  (bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts
  (bsc#1082555).
- tpm: Allow system suspend to continue when TPM suspend fails
  (bsc#1082555).
- commit 7f61c0e

- KVM: x86: Fix broken debugregs ABI for 32 bit kernels
  (git-fixes).
- commit eea9593

- KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- commit 2af46f6

- Refresh
  patches.suse/bpf-keep-track-of-max-number-of-bpf_loop-callback-it.patch.
  (bsc#1225903)
  Include missing changes in
  tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
  was not backported previously.
- commit 69cbb3f

- Refresh
  patches.suse/bpf-verify-callbacks-as-if-they-are-called-unknown-n.patch.
  (bsc#1225903)
  Include missing changes in
  tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, which
  was not backported previously.
- commit 8238035

- btrfs: validate device maj:min during open (bsc#1227162).
- commit f49f11d

- btrfs: use dev_t to match device in device_matched
  (bsc#1227162).
- commit 4a1fa42

- btrfs: add device major-minor info in the struct  btrfs_device
  (bsc#1227162).
- commit 297d7e5

- btrfs: match stale devices by dev_t (bsc#1227162).
- commit ee773dd

- btrfs: harden identification of a stale device (bsc#1227162).
- commit 9bf979f

- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- commit 1a2918c

- btrfs: remove the cross file system checks from remap
  (bsc#1227157).
- commit b30d559

- arm64: dts: rockchip: fix alphabetical ordering RK3399 puma (git-fixes)
  In order to apply current patch need to refresh:
  arm64-dts-rockchip-enable-internal-pull-up-on-PCIE_WAKE-for-RK3399-Puma.patch
- commit 36ab413

- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- commit f6380d7

- blacklist.conf: ("arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK")
- commit 3dd6408

- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- commit 7c8b066

- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- commit c6de453

- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- commit 2d5f667

- blacklist.conf: ("arm64: dts: broadcom: bcmbca: bcm4908: set brcm,wp-not-connected")
- commit 9393d29

- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- commit dc0a371

- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- commit 37fadad

- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- commit f1a9bcf

- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- commit 296515d

- selftests/bpf: test case for callback_depth states pruning logic
  (bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is
  tracked (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks
  (bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier
  (bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in
  regsafe() (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar
  ids (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence
  of subprogs (bsc#1225903).
- selftests/bpf: populate map_array_ro map for
  verifier_array_access test (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for
  test_loader (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored
  (bsc#1225903).
- selftests/bpf: Add a selftest for checking subreg equality
  (bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier
  tests (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c
  (bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c
  (bsc#1225903).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h
  (bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error
  (bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple
  expected messages (bsc#1225903).
- commit d974185

- tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328 CVE-2024-26665).
- commit ba586e2

- ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557
  CVE-2024-35995).
- commit dccf281

- ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
  (bsc#1224557 CVE-2024-35995).
- commit a961424

- nfs: Handle error of rpc_proc_register() in nfs_net_init()
  (CVE-2024-36939 bsc#1225838).
- commit 1e7c712

- SUNRPC: avoid soft lockup when transmitting UDP to reachable
  server (bsc#1225272).
- commit a570654

- Update patches.suse/net-tls-factor-out-tls_-crypt_async_wait.patch.
- fix build warning
- commit 01715f7

- netfilter: conntrack: ignore overly delayed tcp packets
  (bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return
  value (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window
  (bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker
  (bsc#1223180).
- commit f482451

- powerpc/pseries: Fix scv instruction crash with kexec
  (bsc#1194869 CVE-2024-42230).
- powerpc/kasan: Disable address sanitization in kexec paths
  (bsc#1194869 CVE-2024-42230).
- powerpc/pseries: Fix scv instruction crash with kexec
  (bsc#1194869).
- powerpc/kasan: Disable address sanitization in kexec paths
  (bsc#1194869).
- commit c9d175f

- kernel-binary: vdso: Own module_dir
- commit ff69986

- ACPI: CPPC: Use access_width over bit_width for system memory
  accesses (bsc#1224557 CVE-2024-35995).
- commit 1947557

- drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323 CVE-2024-26661)
- commit c59a952

- Update
  patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
  (bsc#1226785 CVE-2024-38559).
  fixed incorrect bug number reference
- commit 999a0f9

- Update
  patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
  (bsc#1226785 CVE-2024-38559).
  Fixed incorrect bug reference.
- commit e3b8fb6

- net/dcb: check for detached device before executing callbacks
  (bsc#1215587).
- commit a6082a0

- kABI: rtas: Workaround false positive due to lost definition
  (bsc#1227487).
- commit fb8a8f3

- net/core: Fix ETH_P_1588 flow dissector (bsc#1220876
  CVE-2023-52580).
- commit 0ff3299

- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- sched/fair: Don't balance task to its current running CPU
  (git fixes (sched)).
- kernel/sched: Remove dl_boosted flag comment (git fixes
  (sched)).
- commit 27be692

- blacklist.conf: Unsupported architecture
- commit 74cc76a

- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
  (git-fixes).
- commit 4c4245d

- powerpc/rtas: Prevent Spectre v1 gadget construction in
  sys_rtas() (bsc#1227487).
- commit 9648fb4

- tls: fix use-after-free on failed backlog decryption
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: separate no-async decryption request handling from async
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: decrement decrypt_pending if no async completion will be
  called (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: handle backlogging of crypto requests (CVE-2024-26584
  bsc#1220186).
- tls: fix race between tx work scheduling and socket close
  (CVE-2024-26585 bsc#1220187).
- tls: fix race between async notify and socket close
  (CVE-2024-26583 bsc#1220185).
- net: tls: factor out tls_*crypt_async_wait() (CVE-2024-26583
  CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: fix async vs NIC crypto offload (CVE-2024-26583
  CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: use async as an in-out argument (CVE-2024-26583
  CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: assume crypto always calls our callback (CVE-2024-26583
  CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't track the async count (CVE-2024-26583
  CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: simplify async wait (CVE-2024-26583 CVE-2024-26584
  bsc#1220185 bsc#1220186).
- tls: rx: wrap decryption arguments in a structure
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't report text length from the bowels of decrypt
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: drop unnecessary arguments from tls_setup_from_iter()
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- commit 63dd4a4

- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- commit b623ae1

- drm/nouveau: fix null pointer dereference in
  nouveau_connector_get_modes (git-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer
  (stable-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info
  (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
  nv17_tv_get_ld_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in
  nv17_tv_get_hd_modes (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for
  EliteBook 645/665 G11 (stable-fixes).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host
  (stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host
  (stable-fixes).
- xhci: Set correct transferred length for cancelled bulk
  transfers (stable-fixes).
- ACPI: x86: Force StorageD3Enable on more products
  (stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs
  (git-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the
  Belkin F5U002 (stable-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
  (stable-fixes).
- power: supply: cros_usbpd: provide ID table for avoiding
  fallback match (stable-fixes).
- mtd: partitions: redboot: Added conversion of operands to a
  larger type (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- ALSA: emux: improve patch ioctl data validation (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory
  (stable-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers
  that sleep (stable-fixes).
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
  (stable-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref()
  (stable-fixes).
- HID: Add quirk for Logitech Casa touchpad (stable-fixes).
- ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7
  (stable-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release
  (stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of
  pointer message (stable-fixes).
- Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c &
  amdgpu_device.c (stable-fixes).
- Bluetooth: hci_qca: mark OF related data as maybe unused
  (stable-fixes).
- ACPI: x86: utils: Add Picasso to the list for forcing
  StorageD3Enable (stable-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- PCI: Add PCI_ERROR_RESPONSE and related definitions
  (stable-fixes).
- commit 7f3043b

- RDMA/restrack: Fix potential invalid address access (git-fixes)
- commit 23ae4ef

- bpf: check bpf_func_state->callback_depth when pruning states
  (bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global
  func exit (bsc#1225903).
- commit d19d633

- bcache: fix variable length array abuse in btree_iter
  (CVE-2024-39482 bsc#1227447).
- commit 17815f2

- soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683
  CVE-2024-35819).
- commit 450645b

- soc: fsl: qbman: Add CGR update function (bsc#1224683
  CVE-2024-35819).
- commit 2baf830

- soc: fsl: qbman: Add helper for sanity checking cgr ops
  (bsc#1224683 CVE-2024-35819).
- commit 47079b2

- Delete
  patches.suse/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch.
  Will be replaced with a refreshed version once all conflicting new patches are in.
- commit a0fa0a3

- hwmon: (axi-fan-control) Fix possible NULL pointer dereference
  (git-fixes CVE-2023-52863 bsc#1225586).
- commit 084eb37

- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- can: kvaser_usb: Explicitly initialize family in leafimx
  driver_info struct (git-fixes).
- Bluetooth: qca: Fix BT enable failure again for QCA6390 after
  warm reboot (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
  (git-fixes).
- commit 2b22fa3

- kABI: bpf: callback fixes kABI workaround (bsc#1225903).
- kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kABI: bpf: bpf_reg_state reorganization kABI workaround
  (bsc#1225903).
- kABI: bpf: struct bpf_{idmap,idset} kABI workaround
  (bsc#1225903).
- commit c363b0e

- jfs: xattr: fix buffer overflow for invalid xattr
  (bsc#1227383).
- commit 33e2d96
util-linux
- agetty: Prevent login cursor escape (bsc#1194818,
  util-linux-agetty-prevent-cursor-escape.patch).

- Document unexpected side effects of lazy destruction
  (bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
  util-linux-umount-losetup-lazy-destruction-generated.patch).

- Don't delete binaries not common for all architectures. Create an
  util-linux-extra subpackage instead, so users of third party
  tools can use them. (bsc#1222285)
openssl-1_1
- Build with no-afalgeng [bsc#1226463]

- Security fix: [bsc#1227138, CVE-2024-5535]
  * SSL_select_next_proto buffer overread
  * Add openssl-CVE-2024-5535.patch
pam
- Prevent cursor escape from the login prompt [bsc#1194818]
  * Added: pam-bsc1194818-cursor-escape.patch
python-requests
- Update CVE-2024-35195.patch to allow the usage of "verify" parameter
  as a directory, bsc#1225912
zypp-plugin
- Fix stomp header regex to include '-' (bsc#1227793)
- version 0.6.4

- singlespec in Tumbleweed must support multiple python3 flavors
  in the future gh#openSUSE/python-rpm-macros#66

- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)

- Provide python3-zypp-plugin in SLE12-SP3 (bsc#1081596)
python-Twisted
- Add a couple of upstream patches to fix http process information
  disclosure (CVE-2024-41671, bsc#1228549) and XSS via html injection
  (CVE-2024-41810, bsc#1228552):
  * CVE-2024-41671.patch gh#twisted/twisted@4a930de12fb6
  * CVE-2024-41810.patch gh#twisted/twisted@046a164f89a0
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-desktop-applications-release
n/a
000release-packages:sle-module-development-tools-release
n/a
000release-packages:sle-module-hpc-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-python3-release
n/a
000release-packages:sle-module-server-applications-release
n/a
000release-packages:sle-module-web-scripting-release
n/a
util-linux-systemd
- agetty: Prevent login cursor escape (bsc#1194818,
  util-linux-agetty-prevent-cursor-escape.patch).

- Document unexpected side effects of lazy destruction
  (bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
  util-linux-umount-losetup-lazy-destruction-generated.patch).

- Don't delete binaries not common for all architectures. Create an
  util-linux-extra subpackage instead, so users of third party
  tools can use them. (bsc#1222285)