# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:0910-1  
Rating: important  
References:

  * bsc#1194869
  * bsc#1206453
  * bsc#1209412
  * bsc#1213456
  * bsc#1216776
  * bsc#1217927
  * bsc#1218195
  * bsc#1218216
  * bsc#1218450
  * bsc#1218527
  * bsc#1218663
  * bsc#1218915
  * bsc#1219126
  * bsc#1219127
  * bsc#1219141
  * bsc#1219146
  * bsc#1219295
  * bsc#1219443
  * bsc#1219653
  * bsc#1219827
  * bsc#1219835
  * bsc#1219839
  * bsc#1219840
  * bsc#1219934
  * bsc#1220003
  * bsc#1220009
  * bsc#1220021
  * bsc#1220030
  * bsc#1220106
  * bsc#1220140
  * bsc#1220187
  * bsc#1220238
  * bsc#1220240
  * bsc#1220241
  * bsc#1220243
  * bsc#1220250
  * bsc#1220251
  * bsc#1220253
  * bsc#1220254
  * bsc#1220255
  * bsc#1220257
  * bsc#1220267
  * bsc#1220277
  * bsc#1220317
  * bsc#1220326
  * bsc#1220328
  * bsc#1220330
  * bsc#1220335
  * bsc#1220344
  * bsc#1220348
  * bsc#1220350
  * bsc#1220364
  * bsc#1220392
  * bsc#1220393
  * bsc#1220398
  * bsc#1220409
  * bsc#1220444
  * bsc#1220457
  * bsc#1220459
  * bsc#1220649
  * bsc#1220796
  * bsc#1220825
  * jsc#PED-7618

  
Cross-References:

  * CVE-2019-25162
  * CVE-2021-46923
  * CVE-2021-46924
  * CVE-2021-46932
  * CVE-2023-28746
  * CVE-2023-5197
  * CVE-2023-52340
  * CVE-2023-52429
  * CVE-2023-52439
  * CVE-2023-52443
  * CVE-2023-52445
  * CVE-2023-52447
  * CVE-2023-52448
  * CVE-2023-52449
  * CVE-2023-52451
  * CVE-2023-52452
  * CVE-2023-52456
  * CVE-2023-52457
  * CVE-2023-52463
  * CVE-2023-52464
  * CVE-2023-52475
  * CVE-2023-52478
  * CVE-2023-6817
  * CVE-2024-0607
  * CVE-2024-1151
  * CVE-2024-23849
  * CVE-2024-23850
  * CVE-2024-23851
  * CVE-2024-25744
  * CVE-2024-26585
  * CVE-2024-26586
  * CVE-2024-26589
  * CVE-2024-26591
  * CVE-2024-26593
  * CVE-2024-26595
  * CVE-2024-26598
  * CVE-2024-26602
  * CVE-2024-26603
  * CVE-2024-26622

  
CVSS scores:

  * CVE-2019-25162 ( SUSE ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2021-46923 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2021-46924 ( SUSE ):  4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  * CVE-2021-46932 ( SUSE ):  2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
  * CVE-2023-28746 ( SUSE ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2023-5197 ( SUSE ):  6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  * CVE-2023-5197 ( NVD ):  6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  * CVE-2023-52340 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52429 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52429 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52439 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52439 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52443 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52443 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52445 ( SUSE ):  6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52445 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52447 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52447 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52448 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52449 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52451 ( SUSE ):  5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
  * CVE-2023-52452 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-52456 ( SUSE ):  4.0 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52457 ( SUSE ):  4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
  * CVE-2023-52463 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-52464 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-52475 ( SUSE ):  6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-52478 ( SUSE ):  5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
  * CVE-2023-6817 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6817 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-0607 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
  * CVE-2024-0607 ( NVD ):  6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  * CVE-2024-1151 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-23849 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-23849 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-23850 ( SUSE ):  4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-23850 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-23851 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-23851 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-25744 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-26585 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-26585 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26586 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-26589 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-26591 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26593 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-26595 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26598 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-26602 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-26603 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2024-26622 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * openSUSE Leap 15.5
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise Live Patching 15-SP5
  * SUSE Linux Enterprise Micro 5.5
  * SUSE Linux Enterprise Real Time 15 SP5
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Real Time Module 15-SP5

  
  
An update that solves 39 vulnerabilities, contains one feature and has 23
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  * CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
  * CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
  * CVE-2021-46924: Fixed fix memory leak in device probe and remove
    (bsc#1220459)
  * CVE-2021-46932: Fixed missing work initialization before device registration
    (bsc#1220444)
  * CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
  * CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from
    chain bindings within the same transaction (bsc#1218216).
  * CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the
    Linux kernel by forcing 100% CPU (bsc#1219295).
  * CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-
    table.c (bsc#1219827).
  * CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
  * CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
  * CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
  * CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround
    (bsc#1220251).
  * CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump
    (bsc#1220253).
  * CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier
    (bsc#1220238).
  * CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
  * CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
  * CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
  * CVE-2023-52457: Fixed skipped resource freeing if
    pm_runtime_resume_and_get() failed (bsc#1220350).
  * CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
  * CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
  * CVE-2023-52475: Fixed use-after-free in powermate_config_complete
    (bsc#1220649)
  * CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
  * CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
  * CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval()
    (bsc#1218915).
  * CVE-2024-1151: Fixed unlimited number of recursions from action sets
    (bsc#1219835).
  * CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv
    (bsc#1219127).
  * CVE-2024-23850: Fixed double free of anonymous device after snapshot
    creation failure (bsc#1219126).
  * CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c
    (bsc#1219146).
  * CVE-2024-25744: Fixed Security issue with int 80 interrupt vector
    (bsc#1217927).
  * CVE-2024-26585: Fixed race between tx work scheduling and socket close
    (bsc#1220187).
  * CVE-2024-26586: Fixed stack corruption (bsc#1220243).
  * CVE-2024-26589: Fixed out of bounds read due to variable offset alu on
    PTR_TO_FLOW_KEYS (bsc#1220255).
  * CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach
    (bsc#1220254).
  * CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
  * CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
  * CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
  * CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
  * CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
  * CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).

The following non-security bugs were fixed:

  * acpi: apei: set memory failure flags as mf_action_required on synchronous
    events (git-fixes).
  * acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes).
  * acpi: extlog: fix null pointer dereference check (git-fixes).
  * acpi: resource: add asus model s5402za to quirks (git-fixes).
  * acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes).
  * acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes).
  * acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes).
  * acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2
    (git-fixes).
  * acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371
    amd version) (git-fixes).
  * acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes).
  * add reference to recently released cve
  * afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-
    fixes).
  * afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
    (git-fixes).
  * afs: hide silly-rename files from userspace (git-fixes).
  * afs: increase buffer size in afs_update_volume_status() (git-fixes).
  * ahci: asm1166: correct count of reported ports (git-fixes).
  * alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes).
  * alsa: firewire-lib: fix to check cycle continuity (git-fixes).
  * alsa: hda/conexant: add quirk for sws js201d (git-fixes).
  * alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads
    (git-fixes).
  * alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes).
  * alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-
    fixes).
  * alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes).
  * alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes).
  * alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes).
  * alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes).
  * alsa: hda/realtek: fix the external mic not being recognised for acer swift
    1 sf114-32 (git-fixes).
  * alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes).
  * alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes).
  * alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes).
  * alsa: usb-audio: check presence of valid altsetting control (git-fixes).
  * alsa: usb-audio: ignore clock selector errors for single connection (git-
    fixes).
  * alsa: usb-audio: more relaxed check of midi jack names (git-fixes).
  * alsa: usb-audio: sort quirk table entries (git-fixes).
  * arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443)
  * arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443)
  * arm64: entry: simplify tramp_alias macro and tramp_exit routine
    (bsc#1219443)
  * arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443)
    enable workaround.
  * arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443)
    enable workaround without kabi break.
  * arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes)
    enable ampere_erratum_ac03_cpu_38 workaround without kabi break
  * arm64: irq: set the correct node for shadow call stack (git-fixes)
  * arm64: irq: set the correct node for vmap stack (git-fixes)
  * arm64: rename arm64_workaround_2966298 (bsc#1219443)
  * arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-
    fixes)
  * asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes).
  * asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes).
  * asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes).
  * asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes).
  * atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
  * bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes).
  * bluetooth: enforce validation on max value of connection interval (git-
    fixes).
  * bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes).
  * bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes).
  * bluetooth: hci_sync: check the correct flag before starting a scan (git-
    fixes).
  * bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes).
  * bluetooth: l2cap: fix possible multiple reject send (git-fixes).
  * bluetooth: qca: fix wrong event type for patch config command (git-fixes).
  * bpf: fix verification of indirect var-off stack access (git-fixes).
  * bpf: guard stack limits against 32bit overflow (git-fixes).
  * bpf: minor logging improvement (bsc#1220257).
  * bus: moxtet: add spi device table (git-fixes).
  * cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
  * can: j1939: fix uaf in j1939_sk_match_filter during
    setsockopt(so_j1939_filter) (git-fixes).
  * crypto: api - disallow identical driver names (git-fixes).
  * crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked
    (git-fixes).
  * crypto: octeontx2 - fix cptvf driver cleanup (git-fixes).
  * crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
  * dmaengine: fsl-qdma: fix a memory leak related to the queue command dma
    (git-fixes).
  * dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes).
  * dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
  * dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
  * dmaengine: ptdma: use consistent dma masks (git-fixes).
  * dmaengine: shdma: increase size of 'dev_id' (git-fixes).
  * dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-
    fixes).
  * driver core: fix device_link_flag_is_sync_state_only() (git-fixes).
  * drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes).
  * drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()'
    (git-fixes).
  * drm/amd/display: fix possible null dereference on device remove/driver
    unload (git-fixes).
  * drm/amd/display: increase frame-larger-than for all display_mode_vba files
    (git-fixes).
  * drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
  * drm/amd/display: preserve original aspect ratio in create stream (git-
    fixes).
  * drm/amdgpu/display: initialize gamma correction mode variable in
    dcn30_get_gamcor_current() (git-fixes).
  * drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
  * drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes).
  * drm/buddy: fix range bias (git-fixes).
  * drm/crtc: fix uninitialized variable use even harder (git-fixes).
  * drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes).
  * drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case
    (git-fixes).
  * drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-
    fixes).
  * drm/msms/dp: fixed link clock divider bits be over written in bpc unknown
    case (git-fixes).
  * drm/prime: support page array >= 4gb (git-fixes).
  * drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set
    (git-fixes).
  * drm/ttm: fix an invalid freeing on already freed page in error path (git-
    fixes).
  * drop bcm5974 input patch causing a regression (bsc#1220030)
  * efi/capsule-loader: fix incorrect allocation size (git-fixes).
  * efi: do not add memblocks for soft-reserved memory (git-fixes).
  * efi: runtime: fix potential overflow of soft-reserved region size (git-
    fixes).
  * fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
  * fbdev: savage: error out if pixclock equals zero (git-fixes).
  * fbdev: sis: error out if pixclock equals zero (git-fixes).
  * firewire: core: send bus reset promptly on gap count error (git-fixes).
  * fs: dlm: fix build with config_ipv6 disabled (git-fixes).
  * fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes).
  * gpio: 74x164: enable output pins after registers are reset (git-fixes).
  * gpio: fix resource unwinding order in error path (git-fixes).
  * gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes).
  * gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-
    fixes).
  * hid: apple: add 2021 magic keyboard fn key mapping (git-fixes).
  * hid: apple: add support for the 2021 magic keyboard (git-fixes).
  * hid: wacom: do not register input devices until after hid_hw_start (git-
    fixes).
  * hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-
    fixes).
  * hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
  * hwmon: (coretemp) enlarge per package core count limit (git-fixes).
  * hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes).
  * hwmon: (coretemp) fix out-of-bounds memory access (git-fixes).
  * i2c: i801: fix block process call transactions (git-fixes).
  * i2c: i801: remove i801_set_block_buffer_mode (git-fixes).
  * i2c: imx: add timer for handling the stop condition (git-fixes).
  * i2c: imx: when being a target, mark the last read as processed (git-fixes).
  * i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes).
  * ib/hfi1: fix a memleak in init_credit_return (git-fixes)
  * ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes)
  * iio: accel: bma400: fix a compilation problem (git-fixes).
  * iio: adc: ad7091r: set alert bit in config register (git-fixes).
  * iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
  * iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-
    fixes).
  * iio: magnetometer: rm3100: add boundary check for the value read from
    rm3100_reg_tmrc (git-fixes).
  * input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr()
    (git-fixes).
  * input: xpad - add lenovo legion go controllers (git-fixes).
  * irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes).
  * jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes).
  * jfs: fix array-index-out-of-bounds in dinewext (git-fixes).
  * jfs: fix slab-out-of-bounds read in dtsearch (git-fixes).
  * jfs: fix uaf in jfs_evict_inode (git-fixes).
  * kbuild: fix changing elf file type for output of gen_btf for big endian
    (git-fixes).
  * kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839).
  * kvm: s390: fix setting of fpc register (git-fixes bsc#1220392).
  * kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
  * kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
  * kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-
    fixes).
  * lan78xx: enable auto speed configuration for lan7850 if no eeprom is
    detected (git-fixes).
  * leds: trigger: panic: do not register panic notifier if creating the trigger
    failed (git-fixes).
  * lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423).
  * lib/stackdepot: add refcount for records (jsc-ped#7423).
  * lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423).
  * lib/stackdepot: move stack_record struct definition into the header (jsc-
    ped#7423).
  * libsubcmd: fix memory leak in uniq() (git-fixes).
  * media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
  * media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
  * media: rc: bpf attach/detach requires write permission (git-fixes).
  * media: rockchip: rga: fix swizzling for rgb formats (git-fixes).
  * media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes).
  * mfd: syscon: fix null pointer dereference in of_syscon_register() (git-
    fixes).
  * mm,page_owner: display all stacks and their count (jsc-ped#7423).
  * mm,page_owner: filter out stacks by a threshold (jsc-ped#7423).
  * mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423).
  * mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423).
  * mm,page_owner: update documentation regarding page_owner_stacks (jsc-
    ped#7423).
  * mm/hwpoison: fix unpoison_memory() (bsc#1218663).
  * mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
  * mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663).
  * mm: memory-failure: fix potential unexpected return value from
    unpoison_memory() (git-fixes).
  * mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes).
  * mmc: core: use mrq.sbc in close-ended ffu (git-fixes).
  * mmc: mmc_spi: remove custom dma mapped buffers (git-fixes).
  * mmc: sdhci-xenon: add timeout for phy init complete (git-fixes).
  * mmc: sdhci-xenon: fix phy init clock stability (git-fixes).
  * mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes).
  * modpost: trim leading spaces when processing source files list (git-fixes).
  * mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes).
  * net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
  * netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003).
  * nilfs2: fix data corruption in dsync block recovery for small block sizes
    (git-fixes).
  * nilfs2: replace warn_ons for invalid dat metadata block requests (git-
    fixes).
  * nouveau/svm: fix kvcalloc() argument order (git-fixes).
  * nouveau: fix function cast warnings (git-fixes).
  * ntfs: check overflow when iterating attr_records (git-fixes).
  * ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
  * nvme-fabrics: fix i/o connect error handling (git-fixes).
  * nvme-host: fix the updating of the firmware version (git-fixes).
  * pci/aer: decode requester id when no error info found (git-fixes).
  * pci: add no pm reset quirk for nvidia spectrum devices (git-fixes).
  * pci: add pci_header_type_mfd definition (bsc#1220021).
  * pci: fix 64gt/s effective data rate calculation (git-fixes).
  * pci: only override amd usb controller if required (git-fixes).
  * pci: switchtec: fix stdev_release() crash after surprise hot remove (git-
    fixes).
  * platform/x86: thinkpad_acpi: only update profile if successfully converted
    (git-fixes).
  * platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet
    (git-fixes).
  * platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names
    (git-fixes).
  * pm: core: remove unnecessary (void *) conversions (git-fixes).
  * pm: runtime: have devm_pm_runtime_enable() handle
    pm_runtime_dont_use_autosuspend() (git-fixes).
  * pnp: acpi: fix fortify warning (git-fixes).
  * power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes).
  * powerpc/64: set task pt_regs->link to the lr value on scv entry
    (bsc#1194869).
  * powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869).
  * powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser
    (bsc#1220348).
  * powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt
    (bsc#1194869).
  * powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features
    (bsc#1220348).
  * powerpc/watchpoint: disable pagefaults when getting user instruction
    (bsc#1194869).
  * powerpc/watchpoints: annotate atomic context in more places (bsc#1194869).
  * powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869).
  * powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
  * powerpc: do not include lppaca.h in paca.h (bsc#1194869).
  * pstore/ram: fix crash when setting number of cpus to an odd number (git-
    fixes).
  * ras/amd/atl: add mi300 row retirement support (jsc#ped-7618).
  * ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes).
  * ras: introduce a fru memory poison manager (jsc#ped-7618).
  * rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes)
  * rdma/bnxt_re: return error for srq resize (git-fixes)
  * rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
  * rdma/core: get ib width and speed from netdev (bsc#1219934).
  * rdma/irdma: add ae for too many rnrs (git-fixes)
  * rdma/irdma: fix kasan issue with tasklet (git-fixes)
  * rdma/irdma: set the cq read threshold for gen 1 (git-fixes)
  * rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes)
  * rdma/qedr: fix qedr_create_user_qp error flow (git-fixes)
  * rdma/srpt: fix function pointer cast warnings (git-fixes)
  * rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes)
  * refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io.
    (bsc#1216776, bsc#1220277)
  * regulator: core: only increment use_count when enable_count changes (git-
    fixes).
  * regulator: pwm-regulator: add validity checks in continuous .get_voltage
    (git-fixes).
  * revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" (git-
    fixes).
  * revert "drm/amd/pm: resolve reboot exception for si oland" (git-fixes).
  * revert "drm/amd: flush any delayed gfxoff on suspend entry" (git-fixes).
  * rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config
    (bsc#1219653) they are put into -devel subpackage. and a proper link to
    /usr/share/gdb/auto-load/ is created.
  * s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes
    bsc#1219840).
  * s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
  * sched/membarrier: reduce the ability to hammer on sys_membarrier (git-
    fixes).
  * scsi: core: move scsi_host_busy() out of host lock for waking up eh handler
    (git-fixes).
  * scsi: core: move scsi_host_busy() out of host lock if it is for per-command
    (git-fixes).
  * scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes
    bsc#1219141).
  * scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes).
  * scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106).
  * scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106).
  * scsi: isci: fix an error code problem in isci_io_request_build() (git-
    fixes).
  * scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an
    abts (bsc#1220021).
  * scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric
    nodes (bsc#1220021).
  * scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
  * scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021).
  * scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021).
  * scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021).
  * scsi: lpfc: fix failure to delete vports when discovery is in progress
    (bsc#1220021).
  * scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
  * scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list()
    (bsc#1220021).
  * scsi: lpfc: move handling of reset congestion statistics events
    (bsc#1220021).
  * scsi: lpfc: protect vport fc_nodes list with an explicit spin lock
    (bsc#1220021).
  * scsi: lpfc: remove d_id swap log message from trace event logger
    (bsc#1220021).
  * scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for
    ndlps (bsc#1220021).
  * scsi: lpfc: remove shost_lock protection for fc_host_port shost apis
    (bsc#1220021).
  * scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021).
  * scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn
    notifications (bsc#1220021).
  * scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021).
  * scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021).
  * scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length
    (bsc#1220021).
  * scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes).
  * scsi: revert "scsi: fcoe: fix potential deadlock on &fip->ctlr_lock" (git-
    fixes bsc#1219141).
  * serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes).
  * spi-mxs: fix chipselect glitch (git-fixes).
  * spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-
    fixes).
  * spi: ppc4xx: drop write-only variable (git-fixes).
  * spi: sh-msiof: avoid integer overflow in constants (git-fixes).
  * staging: iio: ad5933: fix type mismatch regression (git-fixes).
  * supported.conf: remove external flag from ibm supported modules.
    (bsc#1209412)
  * tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
  * tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes).
  * topology/sysfs: add format parameter to macro defining "show" functions for
    proc (jsc#ped-7618).
  * topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618).
  * tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes).
  * ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes).
  * usb: cdns3: fix memory double free when handle zero packet (git-fixes).
  * usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-
    fixes).
  * usb: cdns3: modify the return value of cdns_set_active () to void when
    config_pm_sleep is disabled (git-fixes).
  * usb: cdns3: put the cdns set active part outside the spin lock (git-fixes).
  * usb: cdns: readd old api (git-fixes).
  * usb: cdnsp: blocked some cdns3 specific code (git-fixes).
  * usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers
    (git-fixes).
  * usb: dwc3: gadget: do not disconnect if not started (git-fixes).
  * usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes).
  * usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes).
  * usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes).
  * usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api
    (git-fixes).
  * usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-
    fixes).
  * usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes).
  * usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
  * usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes).
  * usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
  * usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes).
  * usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
    (git-fixes).
  * usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
  * usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes).
  * usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes).
  * usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
  * usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-
    fixes).
  * usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
  * usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
  * usb: gadget: udc: handle gadget_connect failure during bind operation (git-
    fixes).
  * usb: hub: check for alternate port before enabling a_alt_hnp_support
    (bsc#1218527).
  * usb: hub: replace hardcoded quirk value with bit() macro (git-fixes).
  * usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-
    fixes).
  * usb: roles: fix null pointer issue when put module's reference (git-fixes).
  * usb: serial: cp210x: add id for imst im871a-usb (git-fixes).
  * usb: serial: option: add fibocom fm101-gl variant (git-fixes).
  * usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes).
  * watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-
    fixes).
  * wifi: ath11k: fix registration of 6ghz-only phy without the full channel
    range (git-fixes).
  * wifi: ath9k: fix potential array-index-out-of-bounds read in
    ath9k_htc_txstatus() (git-fixes).
  * wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
  * wifi: cfg80211: fix rcu dereference in __cfg80211_bss_update (git-fixes).
  * wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes).
  * wifi: iwlwifi: fix some error codes (git-fixes).
  * wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
  * wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-
    fixes).
  * wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
  * wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
  * wifi: nl80211: reject iftype change with mesh id change (git-fixes).
  * wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
  * wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes).
  * wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
  * wifi: wext-core: fix -wstringop-overflow warning in
    ioctl_standard_iw_point() (git-fixes).
  * x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
  * x86/bugs: add asm helpers for executing verw (git-fixes).
  * x86/bugs: use alternative() instead of mds_user_clear static key (git-
    fixes). also add mds_user_clear to kabi severities since it's strictly
    mitigation related so should be low risk.
  * x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618).
  * x86/entry_32: add verw just before userspace transition (git-fixes).
  * x86/entry_64: add verw just before userspace transition (git-fixes).
  * x86/mm: fix memory encryption features advertisement (bsc#1206453).
  * xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
  * xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.5  
    zypper in -t patch SUSE-2024-910=1 openSUSE-SLE-15.5-2024-910=1

  * SUSE Linux Enterprise Micro 5.5  
    zypper in -t patch SUSE-SLE-Micro-5.5-2024-910=1

  * SUSE Linux Enterprise Live Patching 15-SP5  
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-910=1

  * SUSE Real Time Module 15-SP5  
    zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2024-910=1

## Package List:

  * openSUSE Leap 15.5 (noarch)
    * kernel-source-rt-5.14.21-150500.13.38.1
    * kernel-devel-rt-5.14.21-150500.13.38.1
  * openSUSE Leap 15.5 (x86_64)
    * kernel-rt_debug-vdso-5.14.21-150500.13.38.1
    * kernel-rt-devel-5.14.21-150500.13.38.1
    * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    * cluster-md-kmp-rt-5.14.21-150500.13.38.1
    * kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-1-150500.11.3.1
    * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.38.1
    * dlm-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt-livepatch-5.14.21-150500.13.38.1
    * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    * kselftests-kmp-rt-5.14.21-150500.13.38.1
    * kernel-rt-extra-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt-debuginfo-5.14.21-150500.13.38.1
    * kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-1-150500.11.3.1
    * kernel-rt-extra-5.14.21-150500.13.38.1
    * reiserfs-kmp-rt-5.14.21-150500.13.38.1
    * gfs2-kmp-rt-5.14.21-150500.13.38.1
    * ocfs2-kmp-rt-5.14.21-150500.13.38.1
    * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt-optional-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt-devel-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt-vdso-5.14.21-150500.13.38.1
    * kernel-rt-optional-5.14.21-150500.13.38.1
    * kernel-rt-vdso-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt_debug-devel-5.14.21-150500.13.38.1
    * kernel-syms-rt-5.14.21-150500.13.38.1
    * dlm-kmp-rt-5.14.21-150500.13.38.1
    * kernel-rt-livepatch-devel-5.14.21-150500.13.38.1
    * kernel-rt_debug-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt_debug-debugsource-5.14.21-150500.13.38.1
    * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt-debugsource-5.14.21-150500.13.38.1
    * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.38.1
    * kernel-livepatch-5_14_21-150500_13_38-rt-1-150500.11.3.1
  * openSUSE Leap 15.5 (nosrc x86_64)
    * kernel-rt_debug-5.14.21-150500.13.38.1
    * kernel-rt-5.14.21-150500.13.38.1
  * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
    * kernel-rt-5.14.21-150500.13.38.1
  * SUSE Linux Enterprise Micro 5.5 (x86_64)
    * kernel-rt-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt-debugsource-5.14.21-150500.13.38.1
  * SUSE Linux Enterprise Micro 5.5 (noarch)
    * kernel-source-rt-5.14.21-150500.13.38.1
  * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
    * kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-1-150500.11.3.1
    * kernel-livepatch-5_14_21-150500_13_38-rt-1-150500.11.3.1
    * kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-1-150500.11.3.1
  * SUSE Real Time Module 15-SP5 (x86_64)
    * kernel-rt_debug-vdso-5.14.21-150500.13.38.1
    * kernel-rt-devel-5.14.21-150500.13.38.1
    * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    * cluster-md-kmp-rt-5.14.21-150500.13.38.1
    * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.38.1
    * dlm-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt-debuginfo-5.14.21-150500.13.38.1
    * gfs2-kmp-rt-5.14.21-150500.13.38.1
    * ocfs2-kmp-rt-5.14.21-150500.13.38.1
    * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt-devel-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt-vdso-5.14.21-150500.13.38.1
    * kernel-rt-vdso-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt_debug-devel-5.14.21-150500.13.38.1
    * kernel-syms-rt-5.14.21-150500.13.38.1
    * dlm-kmp-rt-5.14.21-150500.13.38.1
    * kernel-rt_debug-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt_debug-debugsource-5.14.21-150500.13.38.1
    * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    * kernel-rt-debugsource-5.14.21-150500.13.38.1
  * SUSE Real Time Module 15-SP5 (noarch)
    * kernel-source-rt-5.14.21-150500.13.38.1
    * kernel-devel-rt-5.14.21-150500.13.38.1
  * SUSE Real Time Module 15-SP5 (nosrc x86_64)
    * kernel-rt_debug-5.14.21-150500.13.38.1
    * kernel-rt-5.14.21-150500.13.38.1

## References:

  * https://www.suse.com/security/cve/CVE-2019-25162.html
  * https://www.suse.com/security/cve/CVE-2021-46923.html
  * https://www.suse.com/security/cve/CVE-2021-46924.html
  * https://www.suse.com/security/cve/CVE-2021-46932.html
  * https://www.suse.com/security/cve/CVE-2023-28746.html
  * https://www.suse.com/security/cve/CVE-2023-5197.html
  * https://www.suse.com/security/cve/CVE-2023-52340.html
  * https://www.suse.com/security/cve/CVE-2023-52429.html
  * https://www.suse.com/security/cve/CVE-2023-52439.html
  * https://www.suse.com/security/cve/CVE-2023-52443.html
  * https://www.suse.com/security/cve/CVE-2023-52445.html
  * https://www.suse.com/security/cve/CVE-2023-52447.html
  * https://www.suse.com/security/cve/CVE-2023-52448.html
  * https://www.suse.com/security/cve/CVE-2023-52449.html
  * https://www.suse.com/security/cve/CVE-2023-52451.html
  * https://www.suse.com/security/cve/CVE-2023-52452.html
  * https://www.suse.com/security/cve/CVE-2023-52456.html
  * https://www.suse.com/security/cve/CVE-2023-52457.html
  * https://www.suse.com/security/cve/CVE-2023-52463.html
  * https://www.suse.com/security/cve/CVE-2023-52464.html
  * https://www.suse.com/security/cve/CVE-2023-52475.html
  * https://www.suse.com/security/cve/CVE-2023-52478.html
  * https://www.suse.com/security/cve/CVE-2023-6817.html
  * https://www.suse.com/security/cve/CVE-2024-0607.html
  * https://www.suse.com/security/cve/CVE-2024-1151.html
  * https://www.suse.com/security/cve/CVE-2024-23849.html
  * https://www.suse.com/security/cve/CVE-2024-23850.html
  * https://www.suse.com/security/cve/CVE-2024-23851.html
  * https://www.suse.com/security/cve/CVE-2024-25744.html
  * https://www.suse.com/security/cve/CVE-2024-26585.html
  * https://www.suse.com/security/cve/CVE-2024-26586.html
  * https://www.suse.com/security/cve/CVE-2024-26589.html
  * https://www.suse.com/security/cve/CVE-2024-26591.html
  * https://www.suse.com/security/cve/CVE-2024-26593.html
  * https://www.suse.com/security/cve/CVE-2024-26595.html
  * https://www.suse.com/security/cve/CVE-2024-26598.html
  * https://www.suse.com/security/cve/CVE-2024-26602.html
  * https://www.suse.com/security/cve/CVE-2024-26603.html
  * https://www.suse.com/security/cve/CVE-2024-26622.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1194869
  * https://bugzilla.suse.com/show_bug.cgi?id=1206453
  * https://bugzilla.suse.com/show_bug.cgi?id=1209412
  * https://bugzilla.suse.com/show_bug.cgi?id=1213456
  * https://bugzilla.suse.com/show_bug.cgi?id=1216776
  * https://bugzilla.suse.com/show_bug.cgi?id=1217927
  * https://bugzilla.suse.com/show_bug.cgi?id=1218195
  * https://bugzilla.suse.com/show_bug.cgi?id=1218216
  * https://bugzilla.suse.com/show_bug.cgi?id=1218450
  * https://bugzilla.suse.com/show_bug.cgi?id=1218527
  * https://bugzilla.suse.com/show_bug.cgi?id=1218663
  * https://bugzilla.suse.com/show_bug.cgi?id=1218915
  * https://bugzilla.suse.com/show_bug.cgi?id=1219126
  * https://bugzilla.suse.com/show_bug.cgi?id=1219127
  * https://bugzilla.suse.com/show_bug.cgi?id=1219141
  * https://bugzilla.suse.com/show_bug.cgi?id=1219146
  * https://bugzilla.suse.com/show_bug.cgi?id=1219295
  * https://bugzilla.suse.com/show_bug.cgi?id=1219443
  * https://bugzilla.suse.com/show_bug.cgi?id=1219653
  * https://bugzilla.suse.com/show_bug.cgi?id=1219827
  * https://bugzilla.suse.com/show_bug.cgi?id=1219835
  * https://bugzilla.suse.com/show_bug.cgi?id=1219839
  * https://bugzilla.suse.com/show_bug.cgi?id=1219840
  * https://bugzilla.suse.com/show_bug.cgi?id=1219934
  * https://bugzilla.suse.com/show_bug.cgi?id=1220003
  * https://bugzilla.suse.com/show_bug.cgi?id=1220009
  * https://bugzilla.suse.com/show_bug.cgi?id=1220021
  * https://bugzilla.suse.com/show_bug.cgi?id=1220030
  * https://bugzilla.suse.com/show_bug.cgi?id=1220106
  * https://bugzilla.suse.com/show_bug.cgi?id=1220140
  * https://bugzilla.suse.com/show_bug.cgi?id=1220187
  * https://bugzilla.suse.com/show_bug.cgi?id=1220238
  * https://bugzilla.suse.com/show_bug.cgi?id=1220240
  * https://bugzilla.suse.com/show_bug.cgi?id=1220241
  * https://bugzilla.suse.com/show_bug.cgi?id=1220243
  * https://bugzilla.suse.com/show_bug.cgi?id=1220250
  * https://bugzilla.suse.com/show_bug.cgi?id=1220251
  * https://bugzilla.suse.com/show_bug.cgi?id=1220253
  * https://bugzilla.suse.com/show_bug.cgi?id=1220254
  * https://bugzilla.suse.com/show_bug.cgi?id=1220255
  * https://bugzilla.suse.com/show_bug.cgi?id=1220257
  * https://bugzilla.suse.com/show_bug.cgi?id=1220267
  * https://bugzilla.suse.com/show_bug.cgi?id=1220277
  * https://bugzilla.suse.com/show_bug.cgi?id=1220317
  * https://bugzilla.suse.com/show_bug.cgi?id=1220326
  * https://bugzilla.suse.com/show_bug.cgi?id=1220328
  * https://bugzilla.suse.com/show_bug.cgi?id=1220330
  * https://bugzilla.suse.com/show_bug.cgi?id=1220335
  * https://bugzilla.suse.com/show_bug.cgi?id=1220344
  * https://bugzilla.suse.com/show_bug.cgi?id=1220348
  * https://bugzilla.suse.com/show_bug.cgi?id=1220350
  * https://bugzilla.suse.com/show_bug.cgi?id=1220364
  * https://bugzilla.suse.com/show_bug.cgi?id=1220392
  * https://bugzilla.suse.com/show_bug.cgi?id=1220393
  * https://bugzilla.suse.com/show_bug.cgi?id=1220398
  * https://bugzilla.suse.com/show_bug.cgi?id=1220409
  * https://bugzilla.suse.com/show_bug.cgi?id=1220444
  * https://bugzilla.suse.com/show_bug.cgi?id=1220457
  * https://bugzilla.suse.com/show_bug.cgi?id=1220459
  * https://bugzilla.suse.com/show_bug.cgi?id=1220649
  * https://bugzilla.suse.com/show_bug.cgi?id=1220796
  * https://bugzilla.suse.com/show_bug.cgi?id=1220825
  * https://jira.suse.com/browse/PED-7618

SUSE: 2024:0910-1 important: the Linux Kernel

March 15, 2024
* bsc#1194869 * bsc#1206453 * bsc#1209412 * bsc#1213456 * bsc#1216776

Summary

## The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2019-25162: Fixed a potential use after free (bsc#1220409). * CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). * CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) * CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) * CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). * CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). * CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). * CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm- table.c (bsc#1219827). * CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). * CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). * CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). * CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). * CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). * CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). * CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). * CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). * CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). * CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350). * CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). * CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) * CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) * CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) * CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). * CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). * CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). * CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). * CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). * CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146). * CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927). * CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). * CVE-2024-26586: Fixed stack corruption (bsc#1220243). * CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). * CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254). * CVE-2024-26593: Fixed block process call transactions (bsc#1220009). * CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). * CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). * CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). * CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). * CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). The following non-security bugs were fixed: * acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes). * acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes). * acpi: extlog: fix null pointer dereference check (git-fixes). * acpi: resource: add asus model s5402za to quirks (git-fixes). * acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes). * acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes). * acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes). * acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes). * acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes). * acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes). * add reference to recently released cve * afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git- fixes). * afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes). * afs: hide silly-rename files from userspace (git-fixes). * afs: increase buffer size in afs_update_volume_status() (git-fixes). * ahci: asm1166: correct count of reported ports (git-fixes). * alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes). * alsa: firewire-lib: fix to check cycle continuity (git-fixes). * alsa: hda/conexant: add quirk for sws js201d (git-fixes). * alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes). * alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes). * alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git- fixes). * alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes). * alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes). * alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes). * alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes). * alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes). * alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes). * alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes). * alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes). * alsa: usb-audio: check presence of valid altsetting control (git-fixes). * alsa: usb-audio: ignore clock selector errors for single connection (git- fixes). * alsa: usb-audio: more relaxed check of midi jack names (git-fixes). * alsa: usb-audio: sort quirk table entries (git-fixes). * arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443) * arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443) * arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443) * arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround. * arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break. * arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break * arm64: irq: set the correct node for shadow call stack (git-fixes) * arm64: irq: set the correct node for vmap stack (git-fixes) * arm64: rename arm64_workaround_2966298 (bsc#1219443) * arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git- fixes) * asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes). * asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes). * asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes). * asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes). * atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes). * bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes). * bluetooth: enforce validation on max value of connection interval (git- fixes). * bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes). * bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes). * bluetooth: hci_sync: check the correct flag before starting a scan (git- fixes). * bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes). * bluetooth: l2cap: fix possible multiple reject send (git-fixes). * bluetooth: qca: fix wrong event type for patch config command (git-fixes). * bpf: fix verification of indirect var-off stack access (git-fixes). * bpf: guard stack limits against 32bit overflow (git-fixes). * bpf: minor logging improvement (bsc#1220257). * bus: moxtet: add spi device table (git-fixes). * cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267). * can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes). * crypto: api - disallow identical driver names (git-fixes). * crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes). * crypto: octeontx2 - fix cptvf driver cleanup (git-fixes). * crypto: stm32/crc32 - fix parsing list of devices (git-fixes). * dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes). * dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes). * dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes). * dmaengine: fsl-qdma: init irq after reg initialization (git-fixes). * dmaengine: ptdma: use consistent dma masks (git-fixes). * dmaengine: shdma: increase size of 'dev_id' (git-fixes). * dmaengine: ti: edma: add some null pointer checks to the edma_probe (git- fixes). * driver core: fix device_link_flag_is_sync_state_only() (git-fixes). * drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes). * drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes). * drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes). * drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes). * drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes). * drm/amd/display: preserve original aspect ratio in create stream (git- fixes). * drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes). * drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes). * drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes). * drm/buddy: fix range bias (git-fixes). * drm/crtc: fix uninitialized variable use even harder (git-fixes). * drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes). * drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes). * drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git- fixes). * drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes). * drm/prime: support page array >= 4gb (git-fixes). * drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes). * drm/ttm: fix an invalid freeing on already freed page in error path (git- fixes). * drop bcm5974 input patch causing a regression (bsc#1220030) * efi/capsule-loader: fix incorrect allocation size (git-fixes). * efi: do not add memblocks for soft-reserved memory (git-fixes). * efi: runtime: fix potential overflow of soft-reserved region size (git- fixes). * fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes). * fbdev: savage: error out if pixclock equals zero (git-fixes). * fbdev: sis: error out if pixclock equals zero (git-fixes). * firewire: core: send bus reset promptly on gap count error (git-fixes). * fs: dlm: fix build with config_ipv6 disabled (git-fixes). * fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes). * gpio: 74x164: enable output pins after registers are reset (git-fixes). * gpio: fix resource unwinding order in error path (git-fixes). * gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes). * gpiolib: fix the error path order in gpiochip_add_data_with_key() (git- fixes). * hid: apple: add 2021 magic keyboard fn key mapping (git-fixes). * hid: apple: add support for the 2021 magic keyboard (git-fixes). * hid: wacom: do not register input devices until after hid_hw_start (git- fixes). * hid: wacom: generic: avoid reporting a serial of '0' to userspace (git- fixes). * hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes). * hwmon: (coretemp) enlarge per package core count limit (git-fixes). * hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes). * hwmon: (coretemp) fix out-of-bounds memory access (git-fixes). * i2c: i801: fix block process call transactions (git-fixes). * i2c: i801: remove i801_set_block_buffer_mode (git-fixes). * i2c: imx: add timer for handling the stop condition (git-fixes). * i2c: imx: when being a target, mark the last read as processed (git-fixes). * i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes). * ib/hfi1: fix a memleak in init_credit_return (git-fixes) * ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes) * iio: accel: bma400: fix a compilation problem (git-fixes). * iio: adc: ad7091r: set alert bit in config register (git-fixes). * iio: core: fix memleak in iio_device_register_sysfs (git-fixes). * iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git- fixes). * iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes). * input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes). * input: xpad - add lenovo legion go controllers (git-fixes). * irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes). * jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes). * jfs: fix array-index-out-of-bounds in dinewext (git-fixes). * jfs: fix slab-out-of-bounds read in dtsearch (git-fixes). * jfs: fix uaf in jfs_evict_inode (git-fixes). * kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes). * kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839). * kvm: s390: fix setting of fpc register (git-fixes bsc#1220392). * kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393). * kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes). * kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git- fixes). * lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes). * leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes). * lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423). * lib/stackdepot: add refcount for records (jsc-ped#7423). * lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423). * lib/stackdepot: move stack_record struct definition into the header (jsc- ped#7423). * libsubcmd: fix memory leak in uniq() (git-fixes). * media: ddbridge: fix an error code problem in ddb_probe (git-fixes). * media: ir_toy: fix a memleak in irtoy_tx (git-fixes). * media: rc: bpf attach/detach requires write permission (git-fixes). * media: rockchip: rga: fix swizzling for rgb formats (git-fixes). * media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes). * mfd: syscon: fix null pointer dereference in of_syscon_register() (git- fixes). * mm,page_owner: display all stacks and their count (jsc-ped#7423). * mm,page_owner: filter out stacks by a threshold (jsc-ped#7423). * mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423). * mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423). * mm,page_owner: update documentation regarding page_owner_stacks (jsc- ped#7423). * mm/hwpoison: fix unpoison_memory() (bsc#1218663). * mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663). * mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663). * mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes). * mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes). * mmc: core: use mrq.sbc in close-ended ffu (git-fixes). * mmc: mmc_spi: remove custom dma mapped buffers (git-fixes). * mmc: sdhci-xenon: add timeout for phy init complete (git-fixes). * mmc: sdhci-xenon: fix phy init clock stability (git-fixes). * mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes). * modpost: trim leading spaces when processing source files list (git-fixes). * mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes). * net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). * netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003). * nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes). * nilfs2: replace warn_ons for invalid dat metadata block requests (git- fixes). * nouveau/svm: fix kvcalloc() argument order (git-fixes). * nouveau: fix function cast warnings (git-fixes). * ntfs: check overflow when iterating attr_records (git-fixes). * ntfs: fix use-after-free in ntfs_attr_find() (git-fixes). * nvme-fabrics: fix i/o connect error handling (git-fixes). * nvme-host: fix the updating of the firmware version (git-fixes). * pci/aer: decode requester id when no error info found (git-fixes). * pci: add no pm reset quirk for nvidia spectrum devices (git-fixes). * pci: add pci_header_type_mfd definition (bsc#1220021). * pci: fix 64gt/s effective data rate calculation (git-fixes). * pci: only override amd usb controller if required (git-fixes). * pci: switchtec: fix stdev_release() crash after surprise hot remove (git- fixes). * platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes). * platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes). * platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes). * pm: core: remove unnecessary (void *) conversions (git-fixes). * pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes). * pnp: acpi: fix fortify warning (git-fixes). * power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes). * powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869). * powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869). * powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348). * powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869). * powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348). * powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869). * powerpc/watchpoints: annotate atomic context in more places (bsc#1194869). * powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869). * powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869). * powerpc: do not include lppaca.h in paca.h (bsc#1194869). * pstore/ram: fix crash when setting number of cpus to an odd number (git- fixes). * ras/amd/atl: add mi300 row retirement support (jsc#ped-7618). * ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes). * ras: introduce a fru memory poison manager (jsc#ped-7618). * rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes) * rdma/bnxt_re: return error for srq resize (git-fixes) * rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934). * rdma/core: get ib width and speed from netdev (bsc#1219934). * rdma/irdma: add ae for too many rnrs (git-fixes) * rdma/irdma: fix kasan issue with tasklet (git-fixes) * rdma/irdma: set the cq read threshold for gen 1 (git-fixes) * rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes) * rdma/qedr: fix qedr_create_user_qp error flow (git-fixes) * rdma/srpt: fix function pointer cast warnings (git-fixes) * rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes) * refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io. (bsc#1216776, bsc#1220277) * regulator: core: only increment use_count when enable_count changes (git- fixes). * regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes). * revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" (git- fixes). * revert "drm/amd/pm: resolve reboot exception for si oland" (git-fixes). * revert "drm/amd: flush any delayed gfxoff on suspend entry" (git-fixes). * rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created. * s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840). * s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317). * sched/membarrier: reduce the ability to hammer on sys_membarrier (git- fixes). * scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes). * scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes). * scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141). * scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes). * scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106). * scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106). * scsi: isci: fix an error code problem in isci_io_request_build() (git- fixes). * scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021). * scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021). * scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021). * scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021). * scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021). * scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021). * scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021). * scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021). * scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021). * scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021). * scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021). * scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021). * scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021). * scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021). * scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021). * scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021). * scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021). * scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021). * scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021). * scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes). * scsi: revert "scsi: fcoe: fix potential deadlock on &fip->ctlr_lock" (git- fixes bsc#1219141). * serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes). * spi-mxs: fix chipselect glitch (git-fixes). * spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git- fixes). * spi: ppc4xx: drop write-only variable (git-fixes). * spi: sh-msiof: avoid integer overflow in constants (git-fixes). * staging: iio: ad5933: fix type mismatch regression (git-fixes). * supported.conf: remove external flag from ibm supported modules. (bsc#1209412) * tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). * tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes). * topology/sysfs: add format parameter to macro defining "show" functions for proc (jsc#ped-7618). * topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618). * tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes). * ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes). * usb: cdns3: fix memory double free when handle zero packet (git-fixes). * usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git- fixes). * usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes). * usb: cdns3: put the cdns set active part outside the spin lock (git-fixes). * usb: cdns: readd old api (git-fixes). * usb: cdnsp: blocked some cdns3 specific code (git-fixes). * usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes). * usb: dwc3: gadget: do not disconnect if not started (git-fixes). * usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes). * usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes). * usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes). * usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes). * usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git- fixes). * usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes). * usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). * usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes). * usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes). * usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes). * usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). * usb: gadget: f_hid: fix report descriptor allocation (git-fixes). * usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes). * usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes). * usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes). * usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git- fixes). * usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). * usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). * usb: gadget: udc: handle gadget_connect failure during bind operation (git- fixes). * usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527). * usb: hub: replace hardcoded quirk value with bit() macro (git-fixes). * usb: roles: do not get/set_role() when usb_role_switch is unregistered (git- fixes). * usb: roles: fix null pointer issue when put module's reference (git-fixes). * usb: serial: cp210x: add id for imst im871a-usb (git-fixes). * usb: serial: option: add fibocom fm101-gl variant (git-fixes). * usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes). * watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git- fixes). * wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes). * wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes). * wifi: cfg80211: fix missing interfaces when dumping (git-fixes). * wifi: cfg80211: fix rcu dereference in __cfg80211_bss_update (git-fixes). * wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes). * wifi: iwlwifi: fix some error codes (git-fixes). * wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes). * wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git- fixes). * wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes). * wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes). * wifi: nl80211: reject iftype change with mesh id change (git-fixes). * wifi: rt2x00: restart beacon queue when hardware reset (git-fixes). * wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes). * wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes). * wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes). * x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes). * x86/bugs: add asm helpers for executing verw (git-fixes). * x86/bugs: use alternative() instead of mds_user_clear static key (git- fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk. * x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618). * x86/entry_32: add verw just before userspace transition (git-fixes). * x86/entry_64: add verw just before userspace transition (git-fixes). * x86/mm: fix memory encryption features advertisement (bsc#1206453). * xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes). * xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).

References

* bsc#1194869

* bsc#1206453

* bsc#1209412

* bsc#1213456

* bsc#1216776

* bsc#1217927

* bsc#1218195

* bsc#1218216

* bsc#1218450

* bsc#1218527

* bsc#1218663

* bsc#1218915

* bsc#1219126

* bsc#1219127

* bsc#1219141

* bsc#1219146

* bsc#1219295

* bsc#1219443

* bsc#1219653

* bsc#1219827

* bsc#1219835

* bsc#1219839

* bsc#1219840

* bsc#1219934

* bsc#1220003

* bsc#1220009

* bsc#1220021

* bsc#1220030

* bsc#1220106

* bsc#1220140

* bsc#1220187

* bsc#1220238

* bsc#1220240

* bsc#1220241

* bsc#1220243

* bsc#1220250

* bsc#1220251

* bsc#1220253

* bsc#1220254

* bsc#1220255

* bsc#1220257

* bsc#1220267

* bsc#1220277

* bsc#1220317

* bsc#1220326

* bsc#1220328

* bsc#1220330

* bsc#1220335

* bsc#1220344

* bsc#1220348

* bsc#1220350

* bsc#1220364

* bsc#1220392

* bsc#1220393

* bsc#1220398

* bsc#1220409

* bsc#1220444

* bsc#1220457

* bsc#1220459

* bsc#1220649

* bsc#1220796

* bsc#1220825

* jsc#PED-7618

Cross-

* CVE-2019-25162

* CVE-2021-46923

* CVE-2021-46924

* CVE-2021-46932

* CVE-2023-28746

* CVE-2023-5197

* CVE-2023-52340

* CVE-2023-52429

* CVE-2023-52439

* CVE-2023-52443

* CVE-2023-52445

* CVE-2023-52447

* CVE-2023-52448

* CVE-2023-52449

* CVE-2023-52451

* CVE-2023-52452

* CVE-2023-52456

* CVE-2023-52457

* CVE-2023-52463

* CVE-2023-52464

* CVE-2023-52475

* CVE-2023-52478

* CVE-2023-6817

* CVE-2024-0607

* CVE-2024-1151

* CVE-2024-23849

* CVE-2024-23850

* CVE-2024-23851

* CVE-2024-25744

* CVE-2024-26585

* CVE-2024-26586

* CVE-2024-26589

* CVE-2024-26591

* CVE-2024-26593

* CVE-2024-26595

* CVE-2024-26598

* CVE-2024-26602

* CVE-2024-26603

* CVE-2024-26622

CVSS scores:

* CVE-2019-25162 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2021-46923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2021-46924 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2021-46932 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

* CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

* CVE-2023-5197 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

* CVE-2023-5197 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

* CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52439 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52439 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52443 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52443 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52445 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52445 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52447 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52447 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52448 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52451 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H

* CVE-2023-52452 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-52456 ( SUSE ): 4.0 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52457 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

* CVE-2023-52463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-52464 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-52475 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-52478 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

* CVE-2023-6817 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

* CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

* CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-23850 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-23850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-25744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-26586 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-26589 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-26591 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-26593 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-26598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-26602 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-26603 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5

* SUSE Linux Enterprise High Performance Computing 15 SP5

* SUSE Linux Enterprise Live Patching 15-SP5

* SUSE Linux Enterprise Micro 5.5

* SUSE Linux Enterprise Real Time 15 SP5

* SUSE Linux Enterprise Server 15 SP5

* SUSE Linux Enterprise Server for SAP Applications 15 SP5

* SUSE Real Time Module 15-SP5

An update that solves 39 vulnerabilities, contains one feature and has 23

security fixes can now be installed.

##

* https://www.suse.com/security/cve/CVE-2019-25162.html

* https://www.suse.com/security/cve/CVE-2021-46923.html

* https://www.suse.com/security/cve/CVE-2021-46924.html

* https://www.suse.com/security/cve/CVE-2021-46932.html

* https://www.suse.com/security/cve/CVE-2023-28746.html

* https://www.suse.com/security/cve/CVE-2023-5197.html

* https://www.suse.com/security/cve/CVE-2023-52340.html

* https://www.suse.com/security/cve/CVE-2023-52429.html

* https://www.suse.com/security/cve/CVE-2023-52439.html

* https://www.suse.com/security/cve/CVE-2023-52443.html

* https://www.suse.com/security/cve/CVE-2023-52445.html

* https://www.suse.com/security/cve/CVE-2023-52447.html

* https://www.suse.com/security/cve/CVE-2023-52448.html

* https://www.suse.com/security/cve/CVE-2023-52449.html

* https://www.suse.com/security/cve/CVE-2023-52451.html

* https://www.suse.com/security/cve/CVE-2023-52452.html

* https://www.suse.com/security/cve/CVE-2023-52456.html

* https://www.suse.com/security/cve/CVE-2023-52457.html

* https://www.suse.com/security/cve/CVE-2023-52463.html

* https://www.suse.com/security/cve/CVE-2023-52464.html

* https://www.suse.com/security/cve/CVE-2023-52475.html

* https://www.suse.com/security/cve/CVE-2023-52478.html

* https://www.suse.com/security/cve/CVE-2023-6817.html

* https://www.suse.com/security/cve/CVE-2024-0607.html

* https://www.suse.com/security/cve/CVE-2024-1151.html

* https://www.suse.com/security/cve/CVE-2024-23849.html

* https://www.suse.com/security/cve/CVE-2024-23850.html

* https://www.suse.com/security/cve/CVE-2024-23851.html

* https://www.suse.com/security/cve/CVE-2024-25744.html

* https://www.suse.com/security/cve/CVE-2024-26585.html

* https://www.suse.com/security/cve/CVE-2024-26586.html

* https://www.suse.com/security/cve/CVE-2024-26589.html

* https://www.suse.com/security/cve/CVE-2024-26591.html

* https://www.suse.com/security/cve/CVE-2024-26593.html

* https://www.suse.com/security/cve/CVE-2024-26595.html

* https://www.suse.com/security/cve/CVE-2024-26598.html

* https://www.suse.com/security/cve/CVE-2024-26602.html

* https://www.suse.com/security/cve/CVE-2024-26603.html

* https://www.suse.com/security/cve/CVE-2024-26622.html

* https://bugzilla.suse.com/show_bug.cgi?id=1194869

* https://bugzilla.suse.com/show_bug.cgi?id=1206453

* https://bugzilla.suse.com/show_bug.cgi?id=1209412

* https://bugzilla.suse.com/show_bug.cgi?id=1213456

* https://bugzilla.suse.com/show_bug.cgi?id=1216776

* https://bugzilla.suse.com/show_bug.cgi?id=1217927

* https://bugzilla.suse.com/show_bug.cgi?id=1218195

* https://bugzilla.suse.com/show_bug.cgi?id=1218216

* https://bugzilla.suse.com/show_bug.cgi?id=1218450

* https://bugzilla.suse.com/show_bug.cgi?id=1218527

* https://bugzilla.suse.com/show_bug.cgi?id=1218663

* https://bugzilla.suse.com/show_bug.cgi?id=1218915

* https://bugzilla.suse.com/show_bug.cgi?id=1219126

* https://bugzilla.suse.com/show_bug.cgi?id=1219127

* https://bugzilla.suse.com/show_bug.cgi?id=1219141

* https://bugzilla.suse.com/show_bug.cgi?id=1219146

* https://bugzilla.suse.com/show_bug.cgi?id=1219295

* https://bugzilla.suse.com/show_bug.cgi?id=1219443

* https://bugzilla.suse.com/show_bug.cgi?id=1219653

* https://bugzilla.suse.com/show_bug.cgi?id=1219827

* https://bugzilla.suse.com/show_bug.cgi?id=1219835

* https://bugzilla.suse.com/show_bug.cgi?id=1219839

* https://bugzilla.suse.com/show_bug.cgi?id=1219840

* https://bugzilla.suse.com/show_bug.cgi?id=1219934

* https://bugzilla.suse.com/show_bug.cgi?id=1220003

* https://bugzilla.suse.com/show_bug.cgi?id=1220009

* https://bugzilla.suse.com/show_bug.cgi?id=1220021

* https://bugzilla.suse.com/show_bug.cgi?id=1220030

* https://bugzilla.suse.com/show_bug.cgi?id=1220106

* https://bugzilla.suse.com/show_bug.cgi?id=1220140

* https://bugzilla.suse.com/show_bug.cgi?id=1220187

* https://bugzilla.suse.com/show_bug.cgi?id=1220238

* https://bugzilla.suse.com/show_bug.cgi?id=1220240

* https://bugzilla.suse.com/show_bug.cgi?id=1220241

* https://bugzilla.suse.com/show_bug.cgi?id=1220243

* https://bugzilla.suse.com/show_bug.cgi?id=1220250

* https://bugzilla.suse.com/show_bug.cgi?id=1220251

* https://bugzilla.suse.com/show_bug.cgi?id=1220253

* https://bugzilla.suse.com/show_bug.cgi?id=1220254

* https://bugzilla.suse.com/show_bug.cgi?id=1220255

* https://bugzilla.suse.com/show_bug.cgi?id=1220257

* https://bugzilla.suse.com/show_bug.cgi?id=1220267

* https://bugzilla.suse.com/show_bug.cgi?id=1220277

* https://bugzilla.suse.com/show_bug.cgi?id=1220317

* https://bugzilla.suse.com/show_bug.cgi?id=1220326

* https://bugzilla.suse.com/show_bug.cgi?id=1220328

* https://bugzilla.suse.com/show_bug.cgi?id=1220330

* https://bugzilla.suse.com/show_bug.cgi?id=1220335

* https://bugzilla.suse.com/show_bug.cgi?id=1220344

* https://bugzilla.suse.com/show_bug.cgi?id=1220348

* https://bugzilla.suse.com/show_bug.cgi?id=1220350

* https://bugzilla.suse.com/show_bug.cgi?id=1220364

* https://bugzilla.suse.com/show_bug.cgi?id=1220392

* https://bugzilla.suse.com/show_bug.cgi?id=1220393

* https://bugzilla.suse.com/show_bug.cgi?id=1220398

* https://bugzilla.suse.com/show_bug.cgi?id=1220409

* https://bugzilla.suse.com/show_bug.cgi?id=1220444

* https://bugzilla.suse.com/show_bug.cgi?id=1220457

* https://bugzilla.suse.com/show_bug.cgi?id=1220459

* https://bugzilla.suse.com/show_bug.cgi?id=1220649

* https://bugzilla.suse.com/show_bug.cgi?id=1220796

* https://bugzilla.suse.com/show_bug.cgi?id=1220825

* https://jira.suse.com/browse/PED-7618

Severity
Announcement ID: SUSE-SU-2024:0910-1
Rating: important

Related News