Stay Vigilant with Timely Linux Security Advisories

security advisoryfedoraimportant

Fedora 44 pcs Important Update Fixes Installation Issues 2026-015b33238d

Rebased pcs to the newest major version (see CHANGELOG.md) Updated standalone web UI and HA Cluster Management Cockpit application to pcs- web-ui 0.1.24.2 (see CHANGELOG_WUI.md) Fixed FTBFS with Python 3.15 Fixed issues with installing pcs on Fedora 43+, upgrade and uninstall. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-015b33238d 2026-03-15 00:15:25.518032+00:00 -------------------------------------------------------------------------------- Name : pcs Product : Fedora 44 Version : 0.12.2 Release : 1.fc44 URL : https://github.com/ClusterLabs/pcs Summary : Pacemaker/Corosync Configuration System Description : pcs is a configuration tool for Corosync and Pacemaker. It permits users to easily view, modify and create high availability clusters based on Pacemaker. This package contains the pcs command-line utility and its server pcsd. -------------------------------------------------------------------------------- Update Information: Rebased pcs to the newest major version (see CHANGELOG.md) Updated standalone web UI and HA Cluster Management Cockpit application to pcs- web-ui 0.1.24.2 (see CHANGELOG_WUI.md) Fixed FTBFS with Python 3.15 Fixed issues with installing pcs on Fedora 43+, upgrade and uninstall -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 5 2026 Michal Posp\u0161il - 0.12.2-1 - Rebased pcs to the newest major version (see CHANGELOG.md) - Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.2 (see CHANGELOG_WUI.md) Resolves: rhbz#2432985, rhbz#2433035 - Fixed FTBFS with Python 3.15 Resolves: rhbz#2440684 - Fixed issues with installing pcs on Fedora 43+, upgrade and uninstall -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-015b33238d' at the command line.For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update for Fedora 44 pcs tool fixing issues and improving performance for high availability cluster management.. Fedora Update, pcs Configuration, Cluster Management, High Availability. . Severity: Important. LinuxSecurity.com Team

Mar 15, 2026 •Important Fedora

security advisorymoderateupdate

Rocky Linux 8 RLSA-2025:0743 moderate: keepalived integer overflow

Moderate: keepalived security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2025:0743", "synopsis": "Moderate: keepalived security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for keepalived.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server (IPVS) kernel module providing layer-4 (transport layer) load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol (VRRPv2) to achieve high availability with director failover.\n\nSecurity Fix(es):\n\n* keepalived: Integer overflow vulnerability in vrrp_ipsets_handler (CVE-2024-41184)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2298532", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2298532", "description": ""}], "cves": [{"name": "CVE-2024-41184", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-41184", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2025-02-13T20:34:26.141542Z", "rpms": {"Rocky Linux 8": {"nvras": ["keepalived-0:2.1.5-10.el8_10.aarch64.rpm", "keepalived-0:2.1.5-10.el8_10.src.rpm", "keepalived-0:2.1.5-10.el8_10.x86_64.rpm", "keepalived-debuginfo-0:2.1.5-10.el8_10.aarch64.rpm", "keepalived-debuginfo-0:2.1.5-10.el8_10.x86_64.rpm","keepalived-debugsource-0:2.1.5-10.el8_10.aarch64.rpm", "keepalived-debugsource-0:2.1.5-10.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. AlmaLinux unveils a significant security patch for haproxy, fixing a buffer overflow vulnerability. Upgrade today!. keepalived Security Update, Rocky Linux Advisory, Load Balancing Security. . LinuxSecurity.com Team

Feb 13, 2025 Rocky Linux

Banner 2 1028x280 1708121730 1 1771599631

security advisoryvulnerabilityimportant

SUSE Linux Kernel Security Update 2025:0201-1 - Important Fixes

* bsc#1170891 * bsc#1173139 * bsc#1185010 * bsc#1190358 * bsc#1190428 . # Security update for the Linux Kernel Announcement ID: SUSE-SU-2025:0201-1 Release Date: 2025-01-21T12:51:49Z Rating: important References: * bsc#1170891 * bsc#1173139 * bsc#1185010 * bsc#1190358 * bsc#1190428 * bsc#1203332 * bsc#1205521 * bsc#1209288 * bsc#1209798 * bsc#1211593 * bsc#1211595 * bsc#1214635 * bsc#1215304 * bsc#1215523 * bsc#1216813 * bsc#1216909 * bsc#1219608 * bsc#1222878 * bsc#1223044 * bsc#1225758 * bsc#1225820 * bsc#1226694 * bsc#1228190 * bsc#1229809 * bsc#1230422 * bsc#1230697 * bsc#1231388 * bsc#1231453 * bsc#1231854 * bsc#1232045 * bsc#1232157 * bsc#1232166 * bsc#1232419 * bsc#1232436 * bsc#1232472 * bsc#1232823 * bsc#1233038 * bsc#1233050 * bsc#1233070 * bsc#1233096 * bsc#1233127 * bsc#1233200 * bsc#1233239 * bsc#1233324 * bsc#1233467 * bsc#1233468 * bsc#1233469 * bsc#1233485 * bsc#1233547 * bsc#1233550 * bsc#1233558 * bsc#1233564 * bsc#1233568 * bsc#1233637 * bsc#1233642 * bsc#1233701 * bsc#1233769 * bsc#1233837 * bsc#1234072 * bsc#1234073 * bsc#1234075 * bsc#1234076 * bsc#1234077 * bsc#1234087 * bsc#1234120 * bsc#1234156 * bsc#1234219 * bsc#1234220 * bsc#1234240 * bsc#1234241 * bsc#1234281 * bsc#1234282 * bsc#1234294 * bsc#1234338 * bsc#1234357 * bsc#1234437 * bsc#1234464 * bsc#1234605 * bsc#1234639 * bsc#1234650 * bsc#1234727 * bsc#1234811 * bsc#1234827 * bsc#1234834 * bsc#1234843 * bsc#1234846 * bsc#1234853 * bsc#1234856 * bsc#1234891 * bsc#1234912 * bsc#1234920 * bsc#1234921 * bsc#1234960 * bsc#1234963 * bsc#1234971 * bsc#1234973 * bsc#1235004 * bsc#1235035 * bsc#1235037 * bsc#1235039 * bsc#1235054 * bsc#1235056 * bsc#1235061 * bsc#1235073 * bsc#1235220 * bsc#1235224 * bsc#1235246 * bsc#1235507 Cross-References: * CVE-2021-47202 * CVE-2022-36280 * CVE-2022-48742 *CVE-2022-49033 * CVE-2022-49035 * CVE-2023-1382 * CVE-2023-33951 * CVE-2023-33952 * CVE-2023-52920 * CVE-2024-24860 * CVE-2024-26886 * CVE-2024-26924 * CVE-2024-36915 * CVE-2024-42232 * CVE-2024-44934 * CVE-2024-47666 * CVE-2024-47678 * CVE-2024-49944 * CVE-2024-49952 * CVE-2024-50018 * CVE-2024-50143 * CVE-2024-50154 * CVE-2024-50166 * CVE-2024-50181 * CVE-2024-50202 * CVE-2024-50211 * CVE-2024-50256 * CVE-2024-50262 * CVE-2024-50278 * CVE-2024-50279 * CVE-2024-50280 * CVE-2024-50296 * CVE-2024-53051 * CVE-2024-53055 * CVE-2024-53056 * CVE-2024-53064 * CVE-2024-53072 * CVE-2024-53090 * CVE-2024-53095 * CVE-2024-53101 * CVE-2024-53113 * CVE-2024-53114 * CVE-2024-53119 * CVE-2024-53120 * CVE-2024-53122 * CVE-2024-53125 * CVE-2024-53130 * CVE-2024-53131 * CVE-2024-53142 * CVE-2024-53146 * CVE-2024-53150 * CVE-2024-53156 * CVE-2024-53157 * CVE-2024-53158 * CVE-2024-53161 * CVE-2024-53162 * CVE-2024-53173 * CVE-2024-53179 * CVE-2024-53206 * CVE-2024-53210 * CVE-2024-53213 * CVE-2024-53214 * CVE-2024-53239 * CVE-2024-53240 * CVE-2024-53241 * CVE-2024-56539 * CVE-2024-56548 * CVE-2024-56549 * CVE-2024-56570 * CVE-2024-56571 * CVE-2024-56575 * CVE-2024-56598 * CVE-2024-56604 * CVE-2024-56605 * CVE-2024-56619 * CVE-2024-56755 * CVE-2024-8805 CVSS scores: * CVE-2021-47202 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-48742 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48742 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49033 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-49033 ( SUSE ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-49033 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-49035 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49035 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49035 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1382 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1382 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-33951 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-33951 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2023-33952 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-33952 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52920 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2023-52920 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52920 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24860 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24860 ( NVD ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26886 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26886 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26924 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26924 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36915 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-42232 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44934 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44934 ( NVD ): 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47666 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-47666 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47666 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47678 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-47678 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-47678 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-49944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49952 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49952 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50018 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-50018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50143 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-50143 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-50143 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50154 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50154 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50181 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-50181 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50181 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50202 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-50202 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50211 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-50211 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50211 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-50256 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-50256 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50256 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50262 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-50262 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-50262 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50262 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50278 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H * CVE-2024-50278 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-50279 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-50279 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-50280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50280 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50296 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50296 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53051 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53055 ( NVD ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53056 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53056 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53064 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53064 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53072 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53072 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53090 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53090 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53095 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53095 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53101 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-53101 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-53101 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53113 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53113 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53114 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53114 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53119 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53122 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53122 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53130 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H *CVE-2024-53130 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53131 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53131 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53142 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-53142 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53146 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53150 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-53150 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-53150 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-53156 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53156 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53156 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-53157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53158 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-53158 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-53161 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-53161 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-53162 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-53162 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-53173 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53179 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53179 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53179 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53206 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-53206 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-53206 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53210 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-53210 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53210 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53213 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-53213 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-53213 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53214 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53239 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53239 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53241 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-53241 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-56539 ( SUSE ): 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56539 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-56548 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56549 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56549 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56549 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56570 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56570 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56571 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56571 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56575 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56575 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56598 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56598 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56604 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56604 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56604 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56619 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56619 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56755 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-56755 ( SUSE ): 2.5CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-56755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 77 vulnerabilities and has 31 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). * CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694). * CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045). * CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). * CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593). * CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595). * CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823). * CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044). *CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). * CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). * CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809). * CVE-2024-47666: scsi: pm80xx: Set phy-> enable_completion only when we wait for it (bsc#1231453). * CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854). * CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166). * CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157). * CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419). * CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038). * CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050). * CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127). * CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324). * CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096). * CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200). * CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239). * CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469). * CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467). * CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). * CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485). * CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547). * CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550). * CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568). * CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464). * CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564). * CVE-2024-53090: afs: Fix lock recursion (bsc#1233637). * CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642). * CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769). * CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077). * CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072). * CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073). * CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076). * CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). * CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219). * CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220). * CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853). * CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834). * CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846). * CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827). * CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811). * CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856). * CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843). * CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891). * CVE-2024-53179: smb: client:fix use-after-free of signing key (bsc#1234921). * CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971). * CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973). * CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). * CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054). * CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). * CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282). * CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963). * CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073). * CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object-> file (bsc#1234912). * CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). * CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037). * CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039). * CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220). * CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). * CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061). * CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224). * CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920). The following non-security bugs were fixed: * ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294) * Documentation: Add x86/amd_hsmp driver (jsc#PED-1295). * Drivers: hv: util: Avoid accessing a ringbuffer notinitialized yet (git- fixes). * Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) * KVM: x86: fix sending PV IPI (git-fixes). * NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git- fixes). * NFSD: Fix nfsd4_shutdown_copy() (git-fixes). * NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472). * NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes). * NFSD: Prevent a potential integer overflow (git-fixes). * NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472). * NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git- fixes). * PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes). * RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git- fixes) * README: Clean-up trailing whitespace * SUNRPC: make sure cache entry active before cache_show (git-fixes). * amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295). * arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605) * arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git- fixes). * arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes). * arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git- fixes). * arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire- excavator (git-fixes). * arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git- fixes). * arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes). * autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes). * autofs: use flexible array in ioctl structure (git-fixes). * devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422). * devlink: do not require setting features before registration (bsc#1231388 bsc#1230422). * dma-fence: Fix reference leak on fence merge failure path (git-fixes). *dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357). * dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357). * drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes). * drm/v3d: Enable Performance Counters before clearing them (git-fixes). * exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes). * fixup "rpm: support gz and zst compression methods" once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods") Fixes: 23510fce36ec ("fixup "rpm: support gz and zst compression methods"") * hfsplus: do not query the device logical block size multiple times (git- fixes). * idpf: add support for SW triggered interrupts (bsc#1235507). * idpf: enable WB_ON_ITR (bsc#1235507). * idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). * ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727). * jffs2: Fix rtime decompressor (git-fixes). * jffs2: Prevent rtime decompress memory corruption (git-fixes). * jffs2: fix use of uninitialized variable (git-fixes). * jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git- fixes). * jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes). * jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes). * jfs: fix shift-out-of-bounds in dbSplit (git-fixes). * jfs: xattr: check invalid xattr size more strictly (git-fixes). * kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth * kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge. * kobject: Add sanity check for kset-> kobj.ktype in kset_register() (bsc#1234639). * memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763). * mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120). * mmc: core: Further prevent card detect during shutdown(git-fixes). * net/ipv6: release expired exception dst cached in socket (bsc#1216813). * net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). * nfsd: make sure exp active before svc_export_show (git-fixes). * nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472). * nfsd: restore callback functionality for NFSv4.0 (git-fixes). * nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes). * nilfs2: prevent use of deleted inode (git-fixes). * ocfs2: uncache inode which has failed entering the group (bsc#1234087). * phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763). * platform/x86: Add AMD system management interface (jsc#PED-1295). * proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git- fixes). * pwm: tegra: Improve required rate calculation (jsc#PED-1763). * regmap: detach regmap from dev on regmap_exit (git-fixes). * rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression * scatterlist: fix incorrect func name in kernel-doc (git-fixes). * scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo * scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). * serial: tegra: Read DMA status before terminating (jsc#PED-1763). * smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642]. * spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes). * sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git- fixes). * supported.conf: add bsc1185010 dependency * supported.conf: hyperv_drm (jsc#sle-19733) * svcrdma: Address an integer overflow (git-fixes). * svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git- fixes). * tpm_tis_spi: Release chip select when flow control fails(bsc#1234338) * ubifs: Correct the total block count by deducting journal reservation (git- fixes). * ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git- fixes). * udf: Handle error when adding extent to a file (bsc#1234437). * udf: refactor udf_current_aext() to handle error (bsc#1234240). * udf: refactor udf_next_aext() to handle error (bsc#1234241). * usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). * usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git- fixes). * x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). * x86/fpu: Remove unused supervisor only offsets (git-fixes). * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). * x86/mce: Allow instrumentation during task work queueing (git-fixes). * x86/mce: Mark mce_end() noinstr (git-fixes). * x86/mce: Mark mce_panic() noinstr (git-fixes). * x86/mce: Mark mce_read_aux() noinstr (git-fixes). * x86/mm: Flush global TLB when switching to trampoline page-table (git- fixes). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * x86/sgx: Free backing memory after faulting the enclave page (git-fixes). * x86/sgx: Silence softlockup detection when releasing large enclaves (git- fixes). * x86/uaccess: Move variable into switch case statement (git-fixes). * x86: Annotate call_on_stack() (git-fixes). * xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). * zonefs: fix zone report size in __zonefs_io_error() (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommendedinstallation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-201=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-201=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-201=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2025-201=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-201=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-201=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-201=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-201=1 ## Package List: * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (noarch) * kernel-macros-5.14.21-150500.55.91.1 * kernel-source-vanilla-5.14.21-150500.55.91.1 * kernel-docs-html-5.14.21-150500.55.91.1 * kernel-source-5.14.21-150500.55.91.1 * kernel-devel-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (ppc64le x86_64) * kernel-debug-debuginfo-5.14.21-150500.55.91.1 * kernel-debug-devel-debuginfo-5.14.21-150500.55.91.1 * kernel-debug-debugsource-5.14.21-150500.55.91.1 * kernel-debug-devel-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (x86_64) * kernel-default-vdso-debuginfo-5.14.21-150500.55.91.1 * kernel-kvmsmall-vdso-5.14.21-150500.55.91.1 * kernel-default-vdso-5.14.21-150500.55.91.1 * kernel-debug-vdso-5.14.21-150500.55.91.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.91.1 * kernel-debug-vdso-debuginfo-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debugsource-5.14.21-150500.55.91.1 * kernel-default-base-5.14.21-150500.55.91.1.150500.6.41.1 * kernel-kvmsmall-debuginfo-5.14.21-150500.55.91.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.91.1 * kernel-default-base-rebuild-5.14.21-150500.55.91.1.150500.6.41.1 * kernel-kvmsmall-devel-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-default-optional-5.14.21-150500.55.91.1 * kernel-default-devel-5.14.21-150500.55.91.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.91.1 * reiserfs-kmp-default-5.14.21-150500.55.91.1 * kselftests-kmp-default-5.14.21-150500.55.91.1 * kernel-syms-5.14.21-150500.55.91.1 * ocfs2-kmp-default-5.14.21-150500.55.91.1 * kernel-obs-build-debugsource-5.14.21-150500.55.91.1 * kernel-default-livepatch-5.14.21-150500.55.91.1 * kernel-default-debuginfo-5.14.21-150500.55.91.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.91.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.91.1 * kernel-obs-qa-5.14.21-150500.55.91.1 * dlm-kmp-default-5.14.21-150500.55.91.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.91.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.91.1 * kernel-default-extra-5.14.21-150500.55.91.1 * cluster-md-kmp-default-5.14.21-150500.55.91.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.91.1 * kernel-default-debugsource-5.14.21-150500.55.91.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.91.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.91.1 * gfs2-kmp-default-5.14.21-150500.55.91.1 * kernel-obs-build-5.14.21-150500.55.91.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) *kernel-livepatch-SLE15-SP5_Update_22-debugsource-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_55_91-default-1-150500.11.3.1 * kernel-default-livepatch-devel-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.91.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (aarch64) * dtb-nvidia-5.14.21-150500.55.91.1 * kernel-64kb-debugsource-5.14.21-150500.55.91.1 * dtb-apple-5.14.21-150500.55.91.1 * dtb-amlogic-5.14.21-150500.55.91.1 * ocfs2-kmp-64kb-5.14.21-150500.55.91.1 * dtb-socionext-5.14.21-150500.55.91.1 * dtb-allwinner-5.14.21-150500.55.91.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.91.1 * kernel-64kb-extra-5.14.21-150500.55.91.1 * kernel-64kb-optional-5.14.21-150500.55.91.1 * dtb-arm-5.14.21-150500.55.91.1 * dtb-qcom-5.14.21-150500.55.91.1 * dtb-rockchip-5.14.21-150500.55.91.1 * dtb-marvell-5.14.21-150500.55.91.1 * dtb-lg-5.14.21-150500.55.91.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.91.1 * dtb-sprd-5.14.21-150500.55.91.1 * dtb-freescale-5.14.21-150500.55.91.1 * dtb-xilinx-5.14.21-150500.55.91.1 * dtb-exynos-5.14.21-150500.55.91.1 * cluster-md-kmp-64kb-5.14.21-150500.55.91.1 * dlm-kmp-64kb-5.14.21-150500.55.91.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.91.1 * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.91.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.91.1 * dtb-apm-5.14.21-150500.55.91.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.91.1 * dtb-cavium-5.14.21-150500.55.91.1 * dtb-altera-5.14.21-150500.55.91.1 * dtb-amazon-5.14.21-150500.55.91.1 * dtb-hisilicon-5.14.21-150500.55.91.1 * kernel-64kb-debuginfo-5.14.21-150500.55.91.1 * kernel-64kb-devel-5.14.21-150500.55.91.1 * dtb-broadcom-5.14.21-150500.55.91.1 * kselftests-kmp-64kb-5.14.21-150500.55.91.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.91.1 * dtb-mediatek-5.14.21-150500.55.91.1 * dtb-amd-5.14.21-150500.55.91.1 * dtb-renesas-5.14.21-150500.55.91.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.91.1 * reiserfs-kmp-64kb-5.14.21-150500.55.91.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.91.1 * gfs2-kmp-64kb-5.14.21-150500.55.91.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.91.1.150500.6.41.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.91.1 * kernel-default-debuginfo-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.91.1 * kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-1-150500.11.3.1 * kernel-default-livepatch-5.14.21-150500.55.91.1 * kernel-default-debuginfo-5.14.21-150500.55.91.1 * kernel-default-livepatch-devel-5.14.21-150500.55.91.1 * kernel-livepatch-SLE15-SP5_Update_22-debugsource-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_55_91-default-1-150500.11.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-5.14.21-150500.55.91.1 * ocfs2-kmp-default-5.14.21-150500.55.91.1 * kernel-default-debugsource-5.14.21-150500.55.91.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.91.1 *cluster-md-kmp-default-debuginfo-5.14.21-150500.55.91.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.91.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.91.1 * cluster-md-kmp-default-5.14.21-150500.55.91.1 * kernel-default-debuginfo-5.14.21-150500.55.91.1 * gfs2-kmp-default-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64) * kernel-64kb-debugsource-5.14.21-150500.55.91.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.91.1 * kernel-64kb-debuginfo-5.14.21-150500.55.91.1 * kernel-64kb-devel-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * kernel-default-debugsource-5.14.21-150500.55.91.1 * kernel-obs-build-debugsource-5.14.21-150500.55.91.1 * kernel-default-devel-5.14.21-150500.55.91.1 * kernel-default-base-5.14.21-150500.55.91.1.150500.6.41.1 * kernel-default-debuginfo-5.14.21-150500.55.91.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.91.1 * kernel-syms-5.14.21-150500.55.91.1 * kernel-obs-build-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * kernel-macros-5.14.21-150500.55.91.1 * kernel-devel-5.14.21-150500.55.91.1 * kernel-source-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64) *kernel-64kb-debugsource-5.14.21-150500.55.91.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.91.1 * kernel-64kb-debuginfo-5.14.21-150500.55.91.1 * kernel-64kb-devel-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * kernel-default-debugsource-5.14.21-150500.55.91.1 * kernel-obs-build-debugsource-5.14.21-150500.55.91.1 * kernel-default-devel-5.14.21-150500.55.91.1 * kernel-default-base-5.14.21-150500.55.91.1.150500.6.41.1 * kernel-default-debuginfo-5.14.21-150500.55.91.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.91.1 * kernel-syms-5.14.21-150500.55.91.1 * kernel-obs-build-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * kernel-macros-5.14.21-150500.55.91.1 * kernel-devel-5.14.21-150500.55.91.1 * kernel-source-5.14.21-150500.55.91.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64) * kernel-64kb-debugsource-5.14.21-150500.55.91.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.91.1 * kernel-64kb-debuginfo-5.14.21-150500.55.91.1 * kernel-64kb-devel-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.91.1.150500.6.41.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.91.1 * kernel-obs-build-debugsource-5.14.21-150500.55.91.1 * kernel-default-devel-5.14.21-150500.55.91.1 * reiserfs-kmp-default-5.14.21-150500.55.91.1 * kernel-default-debuginfo-5.14.21-150500.55.91.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.91.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.91.1 * kernel-syms-5.14.21-150500.55.91.1 * kernel-obs-build-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * kernel-macros-5.14.21-150500.55.91.1 * kernel-devel-5.14.21-150500.55.91.1 * kernel-source-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch nosrc) * kernel-docs-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.91.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (nosrc ppc64le x86_64) * kernel-default-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * kernel-default-debugsource-5.14.21-150500.55.91.1 * kernel-obs-build-debugsource-5.14.21-150500.55.91.1 * kernel-default-devel-5.14.21-150500.55.91.1 * reiserfs-kmp-default-5.14.21-150500.55.91.1 * kernel-default-base-5.14.21-150500.55.91.1.150500.6.41.1 * kernel-default-debuginfo-5.14.21-150500.55.91.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.91.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.91.1 * kernel-syms-5.14.21-150500.55.91.1 * kernel-obs-build-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * kernel-macros-5.14.21-150500.55.91.1 * kernel-devel-5.14.21-150500.55.91.1 * kernel-source-5.14.21-150500.55.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.91.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47202.html *https://www.suse.com/security/cve/CVE-2022-36280.html * https://www.suse.com/security/cve/CVE-2022-48742.html * https://www.suse.com/security/cve/CVE-2022-49033.html * https://www.suse.com/security/cve/CVE-2022-49035.html * https://www.suse.com/security/cve/CVE-2023-1382.html * https://www.suse.com/security/cve/CVE-2023-33951.html * https://www.suse.com/security/cve/CVE-2023-33952.html * https://www.suse.com/security/cve/CVE-2023-52920.html * https://www.suse.com/security/cve/CVE-2024-24860.html * https://www.suse.com/security/cve/CVE-2024-26886.html * https://www.suse.com/security/cve/CVE-2024-26924.html * https://www.suse.com/security/cve/CVE-2024-36915.html * https://www.suse.com/security/cve/CVE-2024-42232.html * https://www.suse.com/security/cve/CVE-2024-44934.html * https://www.suse.com/security/cve/CVE-2024-47666.html * https://www.suse.com/security/cve/CVE-2024-47678.html * https://www.suse.com/security/cve/CVE-2024-49944.html * https://www.suse.com/security/cve/CVE-2024-49952.html * https://www.suse.com/security/cve/CVE-2024-50018.html * https://www.suse.com/security/cve/CVE-2024-50143.html * https://www.suse.com/security/cve/CVE-2024-50154.html * https://www.suse.com/security/cve/CVE-2024-50166.html * https://www.suse.com/security/cve/CVE-2024-50181.html * https://www.suse.com/security/cve/CVE-2024-50202.html * https://www.suse.com/security/cve/CVE-2024-50211.html * https://www.suse.com/security/cve/CVE-2024-50256.html * https://www.suse.com/security/cve/CVE-2024-50262.html * https://www.suse.com/security/cve/CVE-2024-50278.html * https://www.suse.com/security/cve/CVE-2024-50279.html * https://www.suse.com/security/cve/CVE-2024-50280.html * https://www.suse.com/security/cve/CVE-2024-50296.html * https://www.suse.com/security/cve/CVE-2024-53051.html * https://www.suse.com/security/cve/CVE-2024-53055.html * https://www.suse.com/security/cve/CVE-2024-53056.html * https://www.suse.com/security/cve/CVE-2024-53064.html *https://www.suse.com/security/cve/CVE-2024-53072.html * https://www.suse.com/security/cve/CVE-2024-53090.html * https://www.suse.com/security/cve/CVE-2024-53095.html * https://www.suse.com/security/cve/CVE-2024-53101.html * https://www.suse.com/security/cve/CVE-2024-53113.html * https://www.suse.com/security/cve/CVE-2024-53114.html * https://www.suse.com/security/cve/CVE-2024-53119.html * https://www.suse.com/security/cve/CVE-2024-53120.html * https://www.suse.com/security/cve/CVE-2024-53122.html * https://www.suse.com/security/cve/CVE-2024-53125.html * https://www.suse.com/security/cve/CVE-2024-53130.html * https://www.suse.com/security/cve/CVE-2024-53131.html * https://www.suse.com/security/cve/CVE-2024-53142.html * https://www.suse.com/security/cve/CVE-2024-53146.html * https://www.suse.com/security/cve/CVE-2024-53150.html * https://www.suse.com/security/cve/CVE-2024-53156.html * https://www.suse.com/security/cve/CVE-2024-53157.html * https://www.suse.com/security/cve/CVE-2024-53158.html * https://www.suse.com/security/cve/CVE-2024-53161.html * https://www.suse.com/security/cve/CVE-2024-53162.html * https://www.suse.com/security/cve/CVE-2024-53173.html * https://www.suse.com/security/cve/CVE-2024-53179.html * https://www.suse.com/security/cve/CVE-2024-53206.html * https://www.suse.com/security/cve/CVE-2024-53210.html * https://www.suse.com/security/cve/CVE-2024-53213.html * https://www.suse.com/security/cve/CVE-2024-53214.html * https://www.suse.com/security/cve/CVE-2024-53239.html * https://www.suse.com/security/cve/CVE-2024-53240.html * https://www.suse.com/security/cve/CVE-2024-53241.html * https://www.suse.com/security/cve/CVE-2024-56539.html * https://www.suse.com/security/cve/CVE-2024-56548.html * https://www.suse.com/security/cve/CVE-2024-56549.html * https://www.suse.com/security/cve/CVE-2024-56570.html * https://www.suse.com/security/cve/CVE-2024-56571.html * https://www.suse.com/security/cve/CVE-2024-56575.html *https://www.suse.com/security/cve/CVE-2024-56598.html * https://www.suse.com/security/cve/CVE-2024-56604.html * https://www.suse.com/security/cve/CVE-2024-56605.html * https://www.suse.com/security/cve/CVE-2024-56619.html * https://www.suse.com/security/cve/CVE-2024-56755.html * https://www.suse.com/security/cve/CVE-2024-8805.html * https://bugzilla.suse.com/show_bug.cgi?id=1170891 * https://bugzilla.suse.com/show_bug.cgi?id=1173139 * https://bugzilla.suse.com/show_bug.cgi?id=1185010 * https://bugzilla.suse.com/show_bug.cgi?id=1190358 * https://bugzilla.suse.com/show_bug.cgi?id=1190428 * https://bugzilla.suse.com/show_bug.cgi?id=1203332 * https://bugzilla.suse.com/show_bug.cgi?id=1205521 * https://bugzilla.suse.com/show_bug.cgi?id=1209288 * https://bugzilla.suse.com/show_bug.cgi?id=1209798 * https://bugzilla.suse.com/show_bug.cgi?id=1211593 * https://bugzilla.suse.com/show_bug.cgi?id=1211595 * https://bugzilla.suse.com/show_bug.cgi?id=1214635 * https://bugzilla.suse.com/show_bug.cgi?id=1215304 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1216813 * https://bugzilla.suse.com/show_bug.cgi?id=1216909 * https://bugzilla.suse.com/show_bug.cgi?id=1219608 * https://bugzilla.suse.com/show_bug.cgi?id=1222878 * https://bugzilla.suse.com/show_bug.cgi?id=1223044 * https://bugzilla.suse.com/show_bug.cgi?id=1225758 * https://bugzilla.suse.com/show_bug.cgi?id=1225820 * https://bugzilla.suse.com/show_bug.cgi?id=1226694 * https://bugzilla.suse.com/show_bug.cgi?id=1228190 * https://bugzilla.suse.com/show_bug.cgi?id=1229809 * https://bugzilla.suse.com/show_bug.cgi?id=1230422 * https://bugzilla.suse.com/show_bug.cgi?id=1230697 * https://bugzilla.suse.com/show_bug.cgi?id=1231388 * https://bugzilla.suse.com/show_bug.cgi?id=1231453 * https://bugzilla.suse.com/show_bug.cgi?id=1231854 * https://bugzilla.suse.com/show_bug.cgi?id=1232045 * https://bugzilla.suse.com/show_bug.cgi?id=1232157 *https://bugzilla.suse.com/show_bug.cgi?id=1232166 * https://bugzilla.suse.com/show_bug.cgi?id=1232419 * https://bugzilla.suse.com/show_bug.cgi?id=1232436 * https://bugzilla.suse.com/show_bug.cgi?id=1232472 * https://bugzilla.suse.com/show_bug.cgi?id=1232823 * https://bugzilla.suse.com/show_bug.cgi?id=1233038 * https://bugzilla.suse.com/show_bug.cgi?id=1233050 * https://bugzilla.suse.com/show_bug.cgi?id=1233070 * https://bugzilla.suse.com/show_bug.cgi?id=1233096 * https://bugzilla.suse.com/show_bug.cgi?id=1233127 * https://bugzilla.suse.com/show_bug.cgi?id=1233200 * https://bugzilla.suse.com/show_bug.cgi?id=1233239 * https://bugzilla.suse.com/show_bug.cgi?id=1233324 * https://bugzilla.suse.com/show_bug.cgi?id=1233467 * https://bugzilla.suse.com/show_bug.cgi?id=1233468 * https://bugzilla.suse.com/show_bug.cgi?id=1233469 * https://bugzilla.suse.com/show_bug.cgi?id=1233485 * https://bugzilla.suse.com/show_bug.cgi?id=1233547 * https://bugzilla.suse.com/show_bug.cgi?id=1233550 * https://bugzilla.suse.com/show_bug.cgi?id=1233558 * https://bugzilla.suse.com/show_bug.cgi?id=1233564 * https://bugzilla.suse.com/show_bug.cgi?id=1233568 * https://bugzilla.suse.com/show_bug.cgi?id=1233637 * https://bugzilla.suse.com/show_bug.cgi?id=1233642 * https://bugzilla.suse.com/show_bug.cgi?id=1233701 * https://bugzilla.suse.com/show_bug.cgi?id=1233769 * https://bugzilla.suse.com/show_bug.cgi?id=1233837 * https://bugzilla.suse.com/show_bug.cgi?id=1234072 * https://bugzilla.suse.com/show_bug.cgi?id=1234073 * https://bugzilla.suse.com/show_bug.cgi?id=1234075 * https://bugzilla.suse.com/show_bug.cgi?id=1234076 * https://bugzilla.suse.com/show_bug.cgi?id=1234077 * https://bugzilla.suse.com/show_bug.cgi?id=1234087 * https://bugzilla.suse.com/show_bug.cgi?id=1234120 * https://bugzilla.suse.com/show_bug.cgi?id=1234156 * https://bugzilla.suse.com/show_bug.cgi?id=1234219 * https://bugzilla.suse.com/show_bug.cgi?id=1234220 *https://bugzilla.suse.com/show_bug.cgi?id=1234240 * https://bugzilla.suse.com/show_bug.cgi?id=1234241 * https://bugzilla.suse.com/show_bug.cgi?id=1234281 * https://bugzilla.suse.com/show_bug.cgi?id=1234282 * https://bugzilla.suse.com/show_bug.cgi?id=1234294 * https://bugzilla.suse.com/show_bug.cgi?id=1234338 * https://bugzilla.suse.com/show_bug.cgi?id=1234357 * https://bugzilla.suse.com/show_bug.cgi?id=1234437 * https://bugzilla.suse.com/show_bug.cgi?id=1234464 * https://bugzilla.suse.com/show_bug.cgi?id=1234605 * https://bugzilla.suse.com/show_bug.cgi?id=1234639 * https://bugzilla.suse.com/show_bug.cgi?id=1234650 * https://bugzilla.suse.com/show_bug.cgi?id=1234727 * https://bugzilla.suse.com/show_bug.cgi?id=1234811 * https://bugzilla.suse.com/show_bug.cgi?id=1234827 * https://bugzilla.suse.com/show_bug.cgi?id=1234834 * https://bugzilla.suse.com/show_bug.cgi?id=1234843 * https://bugzilla.suse.com/show_bug.cgi?id=1234846 * https://bugzilla.suse.com/show_bug.cgi?id=1234853 * https://bugzilla.suse.com/show_bug.cgi?id=1234856 * https://bugzilla.suse.com/show_bug.cgi?id=1234891 * https://bugzilla.suse.com/show_bug.cgi?id=1234912 * https://bugzilla.suse.com/show_bug.cgi?id=1234920 * https://bugzilla.suse.com/show_bug.cgi?id=1234921 * https://bugzilla.suse.com/show_bug.cgi?id=1234960 * https://bugzilla.suse.com/show_bug.cgi?id=1234963 * https://bugzilla.suse.com/show_bug.cgi?id=1234971 * https://bugzilla.suse.com/show_bug.cgi?id=1234973 * https://bugzilla.suse.com/show_bug.cgi?id=1235004 * https://bugzilla.suse.com/show_bug.cgi?id=1235035 * https://bugzilla.suse.com/show_bug.cgi?id=1235037 * https://bugzilla.suse.com/show_bug.cgi?id=1235039 * https://bugzilla.suse.com/show_bug.cgi?id=1235054 * https://bugzilla.suse.com/show_bug.cgi?id=1235056 * https://bugzilla.suse.com/show_bug.cgi?id=1235061 * https://bugzilla.suse.com/show_bug.cgi?id=1235073 * https://bugzilla.suse.com/show_bug.cgi?id=1235220 *https://bugzilla.suse.com/show_bug.cgi?id=1235224 * https://bugzilla.suse.com/show_bug.cgi?id=1235246 * https://bugzilla.suse.com/show_bug.cgi?id=1235507 . SUSE Linux Kernel patch released for January 2025 addresses numerous vulnerabilities alongside several critical corrections.. SUSE Update, Linux Kernel Security, Security Fixes, Bug Fixes. . Severity: Important. LinuxSecurity.com Team

Jan 21, 2025 •Important SuSE

security advisoryimportantkernel

SUSE: 2025:0203-1 important: Linux Kernel Security Updates

* bsc#1170891 * bsc#1173139 * bsc#1185010 * bsc#1190358 * bsc#1190428 . # Security update for the Linux Kernel Announcement ID: SUSE-SU-2025:0203-1 Release Date: 2025-01-21T13:58:43Z Rating: important References: * bsc#1170891 * bsc#1173139 * bsc#1185010 * bsc#1190358 * bsc#1190428 * bsc#1209798 * bsc#1215304 * bsc#1222878 * bsc#1228466 * bsc#1230697 * bsc#1232436 * bsc#1233070 * bsc#1233642 * bsc#1234281 * bsc#1234282 * bsc#1234846 * bsc#1234853 * bsc#1234891 * bsc#1234921 * bsc#1234960 * bsc#1234963 * bsc#1235004 * bsc#1235035 * bsc#1235054 * bsc#1235056 * bsc#1235061 * bsc#1235073 * bsc#1235220 * bsc#1235224 * bsc#1235246 * bsc#1235507 Cross-References: * CVE-2021-47202 * CVE-2022-49035 * CVE-2024-41087 * CVE-2024-50154 * CVE-2024-53095 * CVE-2024-53142 * CVE-2024-53146 * CVE-2024-53156 * CVE-2024-53173 * CVE-2024-53179 * CVE-2024-53206 * CVE-2024-53214 * CVE-2024-53239 * CVE-2024-53240 * CVE-2024-53241 * CVE-2024-56539 * CVE-2024-56548 * CVE-2024-56570 * CVE-2024-56598 * CVE-2024-56604 * CVE-2024-56605 * CVE-2024-56619 * CVE-2024-8805 CVSS scores: * CVE-2021-47202 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-49035 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49035 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49035 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41087 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50154 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50154 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H *CVE-2024-50154 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53095 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53095 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53142 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-53142 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53146 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53156 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53156 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53156 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53173 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53179 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53179 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53179 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53206 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-53206 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-53206 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53214 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53239 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53239 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53241 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-53241 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-56539 ( SUSE ): 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56539 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-56548 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56570 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56570 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56598 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56598 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56604 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56604 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56604 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56619 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56619 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-8805 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux EnterpriseHigh Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 23 vulnerabilities and has eight security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-41087: Fix double free on error (bsc#1228466). * CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642). * CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853). * CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846). * CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891). * CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). * CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). * CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054). * CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). * CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282). * CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963). * CVE-2024-56548: hfsplus: do not query the device logical block size multiple times(bsc#1235073). * CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). * CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220). * CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). * CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061). * CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224). * CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1230697). The following non-security bugs were fixed: * Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) * KVM: x86: fix sending PV IPI (git-fixes). * fixup "rpm: support gz and zst compression methods" once more (bsc#1190428, bsc#1190358) * idpf: add support for SW triggered interrupts (bsc#1235507). * idpf: enable WB_ON_ITR (bsc#1235507). * idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). * kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge. * net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). * rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression * scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). * smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642]. * supported.conf: add bsc1185010 dependency * supported.conf: hyperv_drm (jsc#sle-19733) * usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). * usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git- fixes). * x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). * x86/fpu/xsave: Handlecompacted offsets correctly with supervisor states (git-fixes). * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). * x86/fpu: Remove unused supervisor only offsets (git-fixes). * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). * x86/mce: Allow instrumentation during task work queueing (git-fixes). * x86/mce: Mark mce_end() noinstr (git-fixes). * x86/mce: Mark mce_panic() noinstr (git-fixes). * x86/mce: Mark mce_read_aux() noinstr (git-fixes). * x86/mm: Flush global TLB when switching to trampoline page-table (git- fixes). * x86/sgx: Free backing memory after faulting the enclave page (git-fixes). * x86/sgx: Silence softlockup detection when releasing large enclaves (git- fixes). * x86/uaccess: Move variable into switch case statement (git-fixes). * x86: Annotate call_on_stack() (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-203=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-203=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-203=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-203=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-203=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-203=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High AvailabilityExtension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2025-203=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-203=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-203=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-203=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-203=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-203=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-203=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-203=1 ## Package List: * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (noarch) * kernel-source-5.14.21-150400.24.147.1 * kernel-macros-5.14.21-150400.24.147.1 * kernel-devel-5.14.21-150400.24.147.1 * kernel-source-vanilla-5.14.21-150400.24.147.1 * kernel-docs-html-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-devel-debuginfo-5.14.21-150400.24.147.1 * kernel-debug-debugsource-5.14.21-150400.24.147.1 * kernel-debug-debuginfo-5.14.21-150400.24.147.1 * kernel-debug-devel-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-devel-5.14.21-150400.24.147.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.147.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.147.1 * kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1 * kernel-default-base-rebuild-5.14.21-150400.24.147.1.150400.24.72.1 *kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-syms-5.14.21-150400.24.147.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.147.1 * kernel-obs-build-debugsource-5.14.21-150400.24.147.1 * reiserfs-kmp-default-5.14.21-150400.24.147.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.147.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-devel-5.14.21-150400.24.147.1 * kernel-default-debugsource-5.14.21-150400.24.147.1 * kernel-obs-qa-5.14.21-150400.24.147.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.147.1 * kernel-default-optional-5.14.21-150400.24.147.1 * kernel-default-livepatch-5.14.21-150400.24.147.1 * dlm-kmp-default-5.14.21-150400.24.147.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.147.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.147.1 * cluster-md-kmp-default-5.14.21-150400.24.147.1 * ocfs2-kmp-default-5.14.21-150400.24.147.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * kselftests-kmp-default-5.14.21-150400.24.147.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.147.1 * kernel-default-extra-5.14.21-150400.24.147.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.147.1 * kernel-obs-build-5.14.21-150400.24.147.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.147.1 * gfs2-kmp-default-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_147-default-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-1-150400.9.3.1 * kernel-livepatch-SLE15-SP4_Update_35-debugsource-1-150400.9.3.1 * kernel-default-livepatch-devel-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (nosrc s390x) *kernel-zfcpdump-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.147.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (aarch64) * cluster-md-kmp-64kb-5.14.21-150400.24.147.1 * gfs2-kmp-64kb-5.14.21-150400.24.147.1 * dtb-allwinner-5.14.21-150400.24.147.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.147.1 * reiserfs-kmp-64kb-5.14.21-150400.24.147.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.147.1 * dtb-freescale-5.14.21-150400.24.147.1 * dtb-amd-5.14.21-150400.24.147.1 * dtb-amlogic-5.14.21-150400.24.147.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.147.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.147.1 * kselftests-kmp-64kb-5.14.21-150400.24.147.1 * dtb-apm-5.14.21-150400.24.147.1 * kernel-64kb-extra-5.14.21-150400.24.147.1 * dtb-qcom-5.14.21-150400.24.147.1 * dtb-arm-5.14.21-150400.24.147.1 * dlm-kmp-64kb-5.14.21-150400.24.147.1 * dtb-lg-5.14.21-150400.24.147.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.147.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.147.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.147.1 * dtb-cavium-5.14.21-150400.24.147.1 * dtb-apple-5.14.21-150400.24.147.1 * dtb-mediatek-5.14.21-150400.24.147.1 * ocfs2-kmp-64kb-5.14.21-150400.24.147.1 * dtb-broadcom-5.14.21-150400.24.147.1 * dtb-exynos-5.14.21-150400.24.147.1 * dtb-xilinx-5.14.21-150400.24.147.1 * dtb-marvell-5.14.21-150400.24.147.1 * kernel-64kb-debugsource-5.14.21-150400.24.147.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.147.1 * kernel-64kb-devel-5.14.21-150400.24.147.1 * dtb-nvidia-5.14.21-150400.24.147.1 * dtb-rockchip-5.14.21-150400.24.147.1 * kernel-64kb-optional-5.14.21-150400.24.147.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.147.1 * dtb-sprd-5.14.21-150400.24.147.1 *kernel-64kb-debuginfo-5.14.21-150400.24.147.1 * dtb-renesas-5.14.21-150400.24.147.1 * dtb-hisilicon-5.14.21-150400.24.147.1 * dtb-altera-5.14.21-150400.24.147.1 * dtb-socionext-5.14.21-150400.24.147.1 * dtb-amazon-5.14.21-150400.24.147.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.147.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.147.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.147.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.147.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Live Patching15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-1-150400.9.3.1 * kernel-default-livepatch-devel-5.14.21-150400.24.147.1 * kernel-livepatch-5_14_21-150400_24_147-default-1-150400.9.3.1 * kernel-livepatch-SLE15-SP4_Update_35-debugsource-1-150400.9.3.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-debugsource-5.14.21-150400.24.147.1 * kernel-default-livepatch-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-debuginfo-5.14.21-150400.24.147.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.147.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.147.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.147.1 * cluster-md-kmp-default-5.14.21-150400.24.147.1 * ocfs2-kmp-default-5.14.21-150400.24.147.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-debugsource-5.14.21-150400.24.147.1 * gfs2-kmp-default-5.14.21-150400.24.147.1 * dlm-kmp-default-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64) * kernel-64kb-debuginfo-5.14.21-150400.24.147.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.147.1 * kernel-64kb-devel-5.14.21-150400.24.147.1 * kernel-64kb-debugsource-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * kernel-default-devel-debuginfo-5.14.21-150400.24.147.1 *kernel-syms-5.14.21-150400.24.147.1 * kernel-obs-build-debugsource-5.14.21-150400.24.147.1 * reiserfs-kmp-default-5.14.21-150400.24.147.1 * kernel-obs-build-5.14.21-150400.24.147.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-devel-5.14.21-150400.24.147.1 * kernel-default-debugsource-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * kernel-source-5.14.21-150400.24.147.1 * kernel-macros-5.14.21-150400.24.147.1 * kernel-devel-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64) * kernel-64kb-debuginfo-5.14.21-150400.24.147.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.147.1 * kernel-64kb-devel-5.14.21-150400.24.147.1 * kernel-64kb-debugsource-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * kernel-default-devel-debuginfo-5.14.21-150400.24.147.1 * kernel-syms-5.14.21-150400.24.147.1 * kernel-obs-build-debugsource-5.14.21-150400.24.147.1 * reiserfs-kmp-default-5.14.21-150400.24.147.1 * kernel-obs-build-5.14.21-150400.24.147.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-devel-5.14.21-150400.24.147.1 * kernel-default-debugsource-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Performance ComputingLTSS 15 SP4 (noarch) * kernel-source-5.14.21-150400.24.147.1 * kernel-macros-5.14.21-150400.24.147.1 * kernel-devel-5.14.21-150400.24.147.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64) * kernel-64kb-debuginfo-5.14.21-150400.24.147.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.147.1 * kernel-64kb-devel-5.14.21-150400.24.147.1 * kernel-64kb-debugsource-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * kernel-default-devel-debuginfo-5.14.21-150400.24.147.1 * kernel-syms-5.14.21-150400.24.147.1 * kernel-obs-build-debugsource-5.14.21-150400.24.147.1 * reiserfs-kmp-default-5.14.21-150400.24.147.1 * kernel-obs-build-5.14.21-150400.24.147.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-devel-5.14.21-150400.24.147.1 * kernel-default-debugsource-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * kernel-source-5.14.21-150400.24.147.1 * kernel-macros-5.14.21-150400.24.147.1 * kernel-devel-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch nosrc) * kernel-docs-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.147.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.147.1 * SUSE LinuxEnterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64) * kernel-default-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * kernel-default-devel-debuginfo-5.14.21-150400.24.147.1 * kernel-syms-5.14.21-150400.24.147.1 * kernel-obs-build-debugsource-5.14.21-150400.24.147.1 * reiserfs-kmp-default-5.14.21-150400.24.147.1 * kernel-obs-build-5.14.21-150400.24.147.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-devel-5.14.21-150400.24.147.1 * kernel-default-debugsource-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * kernel-source-5.14.21-150400.24.147.1 * kernel-macros-5.14.21-150400.24.147.1 * kernel-devel-5.14.21-150400.24.147.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.147.1 * SUSE Manager Proxy 4.3 (nosrc x86_64) * kernel-default-5.14.21-150400.24.147.1 * SUSE Manager Proxy 4.3 (x86_64) * kernel-default-devel-debuginfo-5.14.21-150400.24.147.1 * kernel-syms-5.14.21-150400.24.147.1 * kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-devel-5.14.21-150400.24.147.1 * kernel-default-debugsource-5.14.21-150400.24.147.1 * SUSE Manager Proxy 4.3 (noarch) * kernel-source-5.14.21-150400.24.147.1 * kernel-macros-5.14.21-150400.24.147.1 * kernel-devel-5.14.21-150400.24.147.1 * SUSE Manager Retail Branch Server 4.3 (nosrc x86_64) * kernel-default-5.14.21-150400.24.147.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * kernel-default-devel-debuginfo-5.14.21-150400.24.147.1 * kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 *kernel-default-devel-5.14.21-150400.24.147.1 * kernel-default-debugsource-5.14.21-150400.24.147.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * kernel-macros-5.14.21-150400.24.147.1 * kernel-devel-5.14.21-150400.24.147.1 * SUSE Manager Server 4.3 (nosrc ppc64le s390x x86_64) * kernel-default-5.14.21-150400.24.147.1 * SUSE Manager Server 4.3 (ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * kernel-default-devel-debuginfo-5.14.21-150400.24.147.1 * kernel-syms-5.14.21-150400.24.147.1 * kernel-default-debuginfo-5.14.21-150400.24.147.1 * kernel-default-devel-5.14.21-150400.24.147.1 * kernel-default-debugsource-5.14.21-150400.24.147.1 * SUSE Manager Server 4.3 (noarch) * kernel-source-5.14.21-150400.24.147.1 * kernel-macros-5.14.21-150400.24.147.1 * kernel-devel-5.14.21-150400.24.147.1 * SUSE Manager Server 4.3 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.147.1 * SUSE Manager Server 4.3 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.147.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.147.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47202.html * https://www.suse.com/security/cve/CVE-2022-49035.html * https://www.suse.com/security/cve/CVE-2024-41087.html * https://www.suse.com/security/cve/CVE-2024-50154.html * https://www.suse.com/security/cve/CVE-2024-53095.html * https://www.suse.com/security/cve/CVE-2024-53142.html * https://www.suse.com/security/cve/CVE-2024-53146.html * https://www.suse.com/security/cve/CVE-2024-53156.html * https://www.suse.com/security/cve/CVE-2024-53173.html * https://www.suse.com/security/cve/CVE-2024-53179.html * https://www.suse.com/security/cve/CVE-2024-53206.html * https://www.suse.com/security/cve/CVE-2024-53214.html * https://www.suse.com/security/cve/CVE-2024-53239.html * https://www.suse.com/security/cve/CVE-2024-53240.html *https://www.suse.com/security/cve/CVE-2024-53241.html * https://www.suse.com/security/cve/CVE-2024-56539.html * https://www.suse.com/security/cve/CVE-2024-56548.html * https://www.suse.com/security/cve/CVE-2024-56570.html * https://www.suse.com/security/cve/CVE-2024-56598.html * https://www.suse.com/security/cve/CVE-2024-56604.html * https://www.suse.com/security/cve/CVE-2024-56605.html * https://www.suse.com/security/cve/CVE-2024-56619.html * https://www.suse.com/security/cve/CVE-2024-8805.html * https://bugzilla.suse.com/show_bug.cgi?id=1170891 * https://bugzilla.suse.com/show_bug.cgi?id=1173139 * https://bugzilla.suse.com/show_bug.cgi?id=1185010 * https://bugzilla.suse.com/show_bug.cgi?id=1190358 * https://bugzilla.suse.com/show_bug.cgi?id=1190428 * https://bugzilla.suse.com/show_bug.cgi?id=1209798 * https://bugzilla.suse.com/show_bug.cgi?id=1215304 * https://bugzilla.suse.com/show_bug.cgi?id=1222878 * https://bugzilla.suse.com/show_bug.cgi?id=1228466 * https://bugzilla.suse.com/show_bug.cgi?id=1230697 * https://bugzilla.suse.com/show_bug.cgi?id=1232436 * https://bugzilla.suse.com/show_bug.cgi?id=1233070 * https://bugzilla.suse.com/show_bug.cgi?id=1233642 * https://bugzilla.suse.com/show_bug.cgi?id=1234281 * https://bugzilla.suse.com/show_bug.cgi?id=1234282 * https://bugzilla.suse.com/show_bug.cgi?id=1234846 * https://bugzilla.suse.com/show_bug.cgi?id=1234853 * https://bugzilla.suse.com/show_bug.cgi?id=1234891 * https://bugzilla.suse.com/show_bug.cgi?id=1234921 * https://bugzilla.suse.com/show_bug.cgi?id=1234960 * https://bugzilla.suse.com/show_bug.cgi?id=1234963 * https://bugzilla.suse.com/show_bug.cgi?id=1235004 * https://bugzilla.suse.com/show_bug.cgi?id=1235035 * https://bugzilla.suse.com/show_bug.cgi?id=1235054 * https://bugzilla.suse.com/show_bug.cgi?id=1235056 * https://bugzilla.suse.com/show_bug.cgi?id=1235061 * https://bugzilla.suse.com/show_bug.cgi?id=1235073 * https://bugzilla.suse.com/show_bug.cgi?id=1235220 *https://bugzilla.suse.com/show_bug.cgi?id=1235224 * https://bugzilla.suse.com/show_bug.cgi?id=1235246 * https://bugzilla.suse.com/show_bug.cgi?id=1235507 . A recent significant kernel enhancement for SUSE tackles various vulnerabilities and resolves several bugs. Keep your system safe!. Linux Kernel update,SUSE updates,security fixes,operating system vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Jan 21, 2025 •Important SuSE

security advisorymoderatepatch

SUSE: 2024:3634-1 moderate: keepalived integer overflow advisory

* bsc#1228123 Cross-References: * CVE-2024-41184 . # Security update for keepalived Announcement ID: SUSE-SU-2024:3634-1 Release Date: 2024-10-15T09:21:36Z Rating: moderate References: * bsc#1228123 Cross-References: * CVE-2024-41184 CVSS scores: * CVE-2024-41184 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for keepalived fixes the following issues: * CVE-2024-41184: Fixed integer overflow in vrrp_ipsets_handler (bsc#1228123) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-3634=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3634=1 openSUSE-SLE-15.5-2024-3634=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3634=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3634=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * keepalived-2.2.2-150500.8.5.1 * keepalived-debuginfo-2.2.2-150500.8.5.1 * keepalived-debugsource-2.2.2-150500.8.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * keepalived-2.2.2-150500.8.5.1 * keepalived-debuginfo-2.2.2-150500.8.5.1 * keepalived-debugsource-2.2.2-150500.8.5.1 * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * keepalived-2.2.2-150500.8.5.1 *keepalived-debuginfo-2.2.2-150500.8.5.1 * keepalived-debugsource-2.2.2-150500.8.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * keepalived-2.2.2-150500.8.5.1 * keepalived-debuginfo-2.2.2-150500.8.5.1 * keepalived-debugsource-2.2.2-150500.8.5.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41184.html * https://bugzilla.suse.com/show_bug.cgi?id=1228123 . The security advisory SUSE-SU-2024:3645-1 highlights a noteworthy buffer overflow vulnerability in Keepalived. It is advised to implement the update promptly.. keepalived security advisory, SUSE updates, high availability patch, integer overflow fix. . LinuxSecurity.com Team

Oct 15, 2024 SuSE

security advisoryupdateFedora

Fedora 41: 2024-bd2368f66a Moderate: HAProxy 3.0.4 DoS Fix

Update to 3.0.4 (CVE-2024-45506, #2309472). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-bd2368f66a 2024-09-13 20:43:08.472492 -------------------------------------------------------------------------------- Name : haproxy Product : Fedora 41 Version : 3.0.4 Release : 1.fc41 URL : http://www.haproxy.org/ Summary : HAProxy reverse proxy for high availability environments Description : HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to backup servers in the event a main one fails - accept connections to special ports dedicated to service monitoring - stop accepting connections without breaking existing ones - add, modify, and delete HTTP headers in both directions - block requests matching particular patterns - report detailed status to authenticated users from a URI intercepted from the application -------------------------------------------------------------------------------- Update Information: Update to 3.0.4 (CVE-2024-45506, #2309472) -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 3 2024 Ryan O'Hara - 3.0.4-1 - Update to 3.0.4 (CVE-2024-45506, #2309472) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2309472 - haproxy-3.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2309472 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-bd2368f66a' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Ubuntu upgrades nginx to 1.21.0 fixing CVE-2024-45507 for enhanced stability and security.. Fedora Updates,haproxy 3.0.4,High Availability Security,DoS Protection. . LinuxSecurity.com Team

Sep 13, 2024 Fedora

security advisorykernel updatecritical

SUSE: 2024:2802-1 Important: Kernel Update Addressing Multiple Issues

* bsc#1194869 * bsc#1215199 * bsc#1215587 * bsc#1218442 * bsc#1218730 . # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:2802-1 Rating: important References: * bsc#1194869 * bsc#1215199 * bsc#1215587 * bsc#1218442 * bsc#1218730 * bsc#1218820 * bsc#1219832 * bsc#1220138 * bsc#1220427 * bsc#1220430 * bsc#1220942 * bsc#1221057 * bsc#1221647 * bsc#1221654 * bsc#1221656 * bsc#1221659 * bsc#1222326 * bsc#1222328 * bsc#1222438 * bsc#1222463 * bsc#1222768 * bsc#1222775 * bsc#1222779 * bsc#1222893 * bsc#1223010 * bsc#1223021 * bsc#1223570 * bsc#1223731 * bsc#1223740 * bsc#1223778 * bsc#1223804 * bsc#1223806 * bsc#1223807 * bsc#1223813 * bsc#1223815 * bsc#1223836 * bsc#1223863 * bsc#1224414 * bsc#1224422 * bsc#1224490 * bsc#1224499 * bsc#1224512 * bsc#1224516 * bsc#1224544 * bsc#1224545 * bsc#1224589 * bsc#1224604 * bsc#1224636 * bsc#1224641 * bsc#1224743 * bsc#1224767 * bsc#1225088 * bsc#1225172 * bsc#1225272 * bsc#1225489 * bsc#1225600 * bsc#1225601 * bsc#1225711 * bsc#1225717 * bsc#1225719 * bsc#1225744 * bsc#1225745 * bsc#1225746 * bsc#1225752 * bsc#1225753 * bsc#1225757 * bsc#1225805 * bsc#1225810 * bsc#1225830 * bsc#1225835 * bsc#1225839 * bsc#1225840 * bsc#1225843 * bsc#1225847 * bsc#1225851 * bsc#1225856 * bsc#1225894 * bsc#1225895 * bsc#1225896 * bsc#1226202 * bsc#1226213 * bsc#1226502 * bsc#1226519 * bsc#1226750 * bsc#1226757 * bsc#1226783 * bsc#1226866 * bsc#1226883 * bsc#1226915 * bsc#1226993 * bsc#1227103 * bsc#1227149 * bsc#1227282 * bsc#1227362 * bsc#1227363 * bsc#1227383 * bsc#1227432 * bsc#1227433 * bsc#1227434 * bsc#1227435 * bsc#1227443 * bsc#1227446 * bsc#1227447 * bsc#1227487 * bsc#1227573 * bsc#1227626 * bsc#1227716 * bsc#1227719 * bsc#1227723 * bsc#1227730 * bsc#1227736 * bsc#1227755 * bsc#1227757 * bsc#1227762 * bsc#1227763 * bsc#1227779 *bsc#1227780 * bsc#1227783 * bsc#1227786 * bsc#1227788 * bsc#1227789 * bsc#1227797 * bsc#1227800 * bsc#1227801 * bsc#1227803 * bsc#1227806 * bsc#1227813 * bsc#1227814 * bsc#1227836 * bsc#1227855 * bsc#1227862 * bsc#1227866 * bsc#1227886 * bsc#1227899 * bsc#1227910 * bsc#1227913 * bsc#1227926 * bsc#1228090 * bsc#1228192 * bsc#1228193 * bsc#1228211 * bsc#1228269 * bsc#1228289 * bsc#1228327 * bsc#1228328 * bsc#1228403 * bsc#1228405 * bsc#1228408 * bsc#1228417 * jsc#PED-8644 * jsc#PED-8688 * jsc#PED-8701 * jsc#PED-8954 Cross-References: * CVE-2023-38417 * CVE-2023-47210 * CVE-2023-51780 * CVE-2023-52435 * CVE-2023-52472 * CVE-2023-52751 * CVE-2023-52775 * CVE-2024-25741 * CVE-2024-26615 * CVE-2024-26623 * CVE-2024-26633 * CVE-2024-26635 * CVE-2024-26636 * CVE-2024-26641 * CVE-2024-26663 * CVE-2024-26665 * CVE-2024-26691 * CVE-2024-26734 * CVE-2024-26785 * CVE-2024-26826 * CVE-2024-26863 * CVE-2024-26944 * CVE-2024-27012 * CVE-2024-27015 * CVE-2024-27016 * CVE-2024-27019 * CVE-2024-27020 * CVE-2024-27025 * CVE-2024-27064 * CVE-2024-27065 * CVE-2024-27402 * CVE-2024-27404 * CVE-2024-35805 * CVE-2024-35853 * CVE-2024-35854 * CVE-2024-35890 * CVE-2024-35893 * CVE-2024-35899 * CVE-2024-35908 * CVE-2024-35934 * CVE-2024-35942 * CVE-2024-36003 * CVE-2024-36004 * CVE-2024-36889 * CVE-2024-36901 * CVE-2024-36902 * CVE-2024-36909 * CVE-2024-36910 * CVE-2024-36911 * CVE-2024-36912 * CVE-2024-36913 * CVE-2024-36914 * CVE-2024-36922 * CVE-2024-36930 * CVE-2024-36940 * CVE-2024-36941 * CVE-2024-36942 * CVE-2024-36944 * CVE-2024-36946 * CVE-2024-36947 * CVE-2024-36949 * CVE-2024-36950 * CVE-2024-36951 * CVE-2024-36955 * CVE-2024-36959 * CVE-2024-36974 * CVE-2024-38558 * CVE-2024-38586 * CVE-2024-38598 * CVE-2024-38604 * CVE-2024-38659 * CVE-2024-39276 * CVE-2024-39468 * CVE-2024-39472 * CVE-2024-39473 *CVE-2024-39474 * CVE-2024-39475 * CVE-2024-39479 * CVE-2024-39481 * CVE-2024-39482 * CVE-2024-39487 * CVE-2024-39490 * CVE-2024-39494 * CVE-2024-39496 * CVE-2024-39498 * CVE-2024-39502 * CVE-2024-39504 * CVE-2024-39507 * CVE-2024-40901 * CVE-2024-40906 * CVE-2024-40908 * CVE-2024-40919 * CVE-2024-40923 * CVE-2024-40925 * CVE-2024-40928 * CVE-2024-40931 * CVE-2024-40935 * CVE-2024-40937 * CVE-2024-40940 * CVE-2024-40947 * CVE-2024-40948 * CVE-2024-40953 * CVE-2024-40960 * CVE-2024-40961 * CVE-2024-40966 * CVE-2024-40970 * CVE-2024-40972 * CVE-2024-40975 * CVE-2024-40979 * CVE-2024-40998 * CVE-2024-40999 * CVE-2024-41006 * CVE-2024-41011 * CVE-2024-41013 * CVE-2024-41014 * CVE-2024-41017 * CVE-2024-41090 * CVE-2024-41091 CVSS scores: * CVE-2023-38417 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-47210 ( SUSE ): 4.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L * CVE-2023-51780 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-51780 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52435 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52435 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52472 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-52472 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52751 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52775 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-25741 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L * CVE-2024-26615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26623 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26633 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26635 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-26636 ( SUSE ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26641 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-26663 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26665 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26691 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26734 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26785 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26826 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26863 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26944 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27012 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27012 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27015 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27016 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27016 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27019 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27019 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-27020 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27020 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27025 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-27064 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27065 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27402 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-27404 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-35805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35890 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35893 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35899 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35934 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-35942 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-36003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36004 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36889 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-36901 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36902 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36902 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36909 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36910 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2024-36911 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36912 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36922 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36930 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36940 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-36941 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36942 ( SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-36944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36946 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2024-36947 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-36949 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36951 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36955 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-36959 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36974 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38558 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2024-38586 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38598 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38604 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38659 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H * CVE-2024-39276 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39468 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39472 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2024-39472 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39473 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39473 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39474 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39474 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39475 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39475 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39479 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39479 (NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39481 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39481 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39482 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2024-39482 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39487 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-39490 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-39494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39496 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39496 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39498 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39502 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39504 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39507 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40901 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2024-40906 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40919 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40923 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40925 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40928 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-40931 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-40935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40940 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40947( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40960 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40966 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40972 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40975 ( SUSE ): 2.1 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-40979 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40999 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2024-41006 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-41011 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41013 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-41014 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41017 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41090 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2024-41091 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 An update that solves 118 vulnerabilities, contains four features and has31 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-47210: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices (bsc#1225601, bsc#1225600). * CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). * CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). * CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). * CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). * CVE-2024-26623: pds_core: Prevent race issues involving the adminq (bsc#1221057). * CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). * CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). * CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). * CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). * CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). * CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). * CVE-2024-26691: KVM: arm64: Fix circular locking dependency (bsc#1222463). * CVE-2024-26734: devlink: fix possible use-after-free and memory leaks in devlink_init() (bsc#1222438). * CVE-2024-26785: iommufd: Fix protection fault in iommufd_test_syz_conv_iova (bsc#1222779). * CVE-2024-26826: mptcp: fix data re-injection from stale subflow (bsc#1223010). * CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). * CVE-2024-26944: btrfs: zoned: fix lock ordering in btrfs_zone_activate() (bsc#1223731). * CVE-2024-27012: netfilter: nf_tables: restore set elements when delete set fails (bsc#1223804). * CVE-2024-27015: netfilter:flowtable: incorrect pppoe tuple (bsc#1223806). * CVE-2024-27016: netfilter: flowtable: validate pppoe header (bsc#1223807). * CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) * CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) * CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) * CVE-2024-27064: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain (bsc#1223740). * CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). * CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). * CVE-2024-27404: mptcp: fix data races on remote_id (bsc#1224422) * CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). * CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). * CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). * CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). * CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) * CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) * CVE-2024-35908: tls: get psock ref after taking rxlock to avoid leak (bsc#1224490) * CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) * CVE-2024-35942: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain (bsc#1224589). * CVE-2024-36003: ice: fix LAG and VF lock dependency in ice_reset_vf() (bsc#1224544). * CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) * CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) * CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). * CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). * CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). * CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). * CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). * CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). * CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). * CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). * CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). * CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). * CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). * CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). * CVE-2024-38604: block: refine the EOF check in blkdev_iomap_begin (bsc#1226866). * CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). * CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). * CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103. * CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). * CVE-2024-39474: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL (bsc#1227434). * CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). * CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) * CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). * CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). * CVE-2024-39496: btrfs: zoned: fix use-after-free due to race withdev replace (bsc#1227719). * CVE-2024-39498: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 (bsc#1227723) * CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). * CVE-2024-39504: netfilter: nft_inner: validate mandatory meta and payload (bsc#1227757). * CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). * CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non- allocated memory (bsc#1227762). * CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). * CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). * CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). * CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). * CVE-2024-40925: block: fix request.queuelist usage in flush (bsc#1227789). * CVE-2024-40928: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (bsc#1227788). * CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). * CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). * CVE-2024-40937: gve: Clear napi-> skb before dev_kfree_skb_any() (bsc#1227836). * CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). * CVE-2024-40947: ima: Avoid blocking in RCU read-side critical section (bsc#1227803). * CVE-2024-40948: mm/page_table_check: fix crash on ZONE_DEVICE (bsc#1227801). * CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). * CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). * CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). * CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). * CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). * CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). * CVE-2024-40975: platform/x86: x86-android-tablets: Unregister devices in reverse order (bsc#1227926). * CVE-2024-40998: ext4: fix uninitialized ratelimit_state-> lock access in __ext4_fill_super() (bsc#1227866). * CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). * CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). * CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). * CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). * CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). * CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). * CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). The following non-security bugs were fixed: * ACPI: EC: Abort address space access upon error (stable-fixes). * ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable- fixes). * ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). * ALSA: PCM: Allow resume only for suspended streams (stable-fixes). * ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). * ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). * ALSA: emux: improve patch ioctl data validation (stable-fixes). * ALSA: hda/conexant: Mute speakers at suspend / shutdown (bsc#1228269). * ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (bsc#1228269). * ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). * ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). * ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). * ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). * ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). * ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models (git-fixes). * ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). * ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). * ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop (stable-fixes). * ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 (git-fixes). * ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git- fixes). * ALSA: seq: ump: Skip useless ports for static blocks (git-fixes). * ALSA: ump: Do not update FB name for static blocks (git-fixes). * ALSA: ump: Force 1 Group for MIDI1 FBs (git-fixes). * ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). * ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). * ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). * ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (git- fixes). * ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES (stable-fixes). * ASoC: SOF: Intel: hda: fix null deref on system suspend entry (git-fixes). * ASoC: SOF: imx8m: Fix DSP control regmap retrieval (git-fixes). * ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (git-fixes). * ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (stable-fixes). * ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback (stable-fixes). * ASoC: TAS2781: Fix tasdev_load_calibrated_data() (git-fixes). * ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). * ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA (stable-fixes). * ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 (bsc#1228269). *ASoC: cs35l56: Accept values greater than 0 as IRQ numbers (git-fixes). * ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value (git-fixes). * ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). * ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). * ASoC: rt711-sdw: add missing readable registers (stable-fixes). * ASoC: rt722-sdca-sdw: add debounce time for type detection (stable-fixes). * ASoC: rt722-sdca-sdw: add silence detection register as volatile (stable- fixes). * ASoC: sof: amd: fix for firmware reload failure in Vangogh platform (git- fixes). * ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable- fixes). * ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). * ASoC: topology: Do not assign fields that are already set (stable-fixes). * ASoC: topology: Fix references to freed memory (stable-fixes). * ASoc: tas2781: Enable RCA-based playback without DSP firmware download (git- fixes). * Bluetooth: ISO: Check socket flag instead of hcon (git-fixes). * Bluetooth: Ignore too large handle values in BIG (git-fixes). * Bluetooth: btintel: Refactor btintel_set_ppag() (git-fixes). * Bluetooth: btnxpuart: Add handling for boot-signature timeout errors (git- fixes). * Bluetooth: btnxpuart: Enable Power Save feature on startup (stable-fixes). * Bluetooth: hci_bcm4377: Fix msgid release (git-fixes). * Bluetooth: hci_bcm4377: Use correct unit for timeouts (git-fixes). * Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable- fixes). * Bluetooth: hci_event: Fix setting of unicast qos interval (git-fixes). * Bluetooth: hci_event: Set QoS encryption from BIGInfo report (git-fixes). * Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). * Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() (git-fixes). * Enable CONFIG_SCHED_CLUSTER=y on arm64 (jsc#PED-8701). *HID: Ignore battery for ELAN touchscreens 2F2C and 4116 (stable-fixes). * HID: wacom: Modify pen IDs (git-fixes). * Input: ads7846 - use spi_device_id table (stable-fixes). * Input: elan_i2c - do not leave interrupt disabled on suspend failure (git- fixes). * Input: elantech - fix touchpad state on resume for Lenovo N24 (stable- fixes). * Input: ff-core - prefer struct_size over open coded arithmetic (stable- fixes). * Input: i8042 - add Ayaneo Kun to i8042 quirk table (stable-fixes). * Input: qt1050 - handle CHIP_ID reading error (git-fixes). * Input: silead - Always support 10 fingers (stable-fixes). * Input: xpad - add support for ASUS ROG RAIKIRI PRO (stable-fixes). * KVM: SEV-ES: Delegate LBR virtualization to the processor (git-fixes). * KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent (git- fixes). * KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (git- fixes). * KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git- fixes). * NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). * NFS: add barriers when testing for NFS_FSDATA_BLOCKED (git-fixes). * NFSD: Fix checksum mismatches in the duplicate reply cache (git-fixes). * NFSv4.1 enforce rootpath check in fs_location query (git-fixes). * NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362). * NFSv4: Fixup smatch warning for ambiguous return (git-fixes). * PCI/ASPM: Update save_state when configuration changes (bsc#1226915) * PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). * PCI: Do not wait for disconnected devices when resuming (git-fixes). * PCI: Extend ACS configurability (bsc#1228090). * PCI: Fix resource double counting on remove & rescan (git-fixes). * PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). * PCI: dw-rockchip: Fix initial PERST# GPIO value (git-fixes). * PCI: dwc: Fix index 0 incorrectly beinginterpreted as a free ATU slot (git- fixes). * PCI: endpoint: Clean up error handling in vpci_scan_bus() (git-fixes). * PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() (git-fixes). * PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() (git-fixes). * PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). * PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). * PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). * PCI: qcom-ep: Disable resources unconditionally during PERST# assert (git- fixes). * PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (git-fixes). * PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). * PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). * PCI: vmd: Create domain symlink before pci_bus_add_devices() (bsc#1227363). * RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). * RDMA/restrack: Fix potential invalid address access (git-fixes) * Revert "drm/bridge: tc358767: Set default CLRSIPO count" (stable-fixes). * Revert "gfs2: fix glock shrinker ref issues" (git-fixes). * Revert "leds: led-core: Fix refcount leak in of_led_get()" (git-fixes). * Revert "usb: musb: da8xx: Set phy in OTG mode by default" (stable-fixes). * Revert "wifi: ath11k: call ath11k_mac_fils_discovery() without condition" (bsc#1227149). * Revert "wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ" (bsc#1227149). * Revert "wifi: iwlwifi: bump FW API to 90 for BZ/SC devices" (bsc#1227149). * SUNRPC: Fix gss_free_in_token_pages() (git-fixes). * SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git- fixes). * SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). * SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). * USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k(stable-fixes). * USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). * USB: serial: mos7840: fix crash on resume (git-fixes). * USB: serial: option: add Fibocom FM350-GL (stable-fixes). * USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes). * USB: serial: option: add Rolling RW350-GL variants (stable-fixes). * USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). * USB: serial: option: add Telit generic core-dump composition (stable-fixes). * USB: serial: option: add support for Foxconn T99W651 (stable-fixes). * Update config files (bsc#1227282). Update the CONFIG_LSM option to include the selinux LSM in the default set of LSMs. The selinux LSM will not get enabled because it is preceded by apparmor, which is the first exclusive LSM. Updating CONFIG_LSM resolves failures that result in the system not booting up when "security=selinux selinux=1" is passed to the kernel and SELinux policies are installed. * Update config files for mt76 stuff (bsc#1227149) * Update config files: adjust for Arm CONFIG_MT798X_WMAC (bsc#1227149) * Update config files: update for the realtek wifi driver updates (bsc#1227149) * X.509: Fix the parser of extended key usage for length (bsc#1218820). * arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) * arm64/io: add constant-argument check (bsc#1226502 git-fixes) * arm64: dts: freescale: imx8mm-verdin: enable hysteresis on slow input (git- fixes) * arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) * arm64: dts: imx93-11x11-evk: Remove the 'no-sdio' property (git-fixes) * arm64: dts: rockchip: Add mdio and ethernet-phy nodes to (git-fixes) * arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu (git- fixes) * arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s (git-fixes) * arm64: dts: rockchip: Add sdmmc related properties on (git-fixes) * arm64: dts: rockchip: Addsound-dai-cells for RK3368 (git-fixes) * arm64: dts: rockchip: Drop invalid mic-in-differential on (git-fixes) * arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s (git- fixes) * arm64: dts: rockchip: Fix mic-in-differential usage on (git-fixes) * arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc (git- fixes) * arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 (git- fixes) * arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch (git- fixes) * arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes) * arm64: dts: rockchip: Rename LED related pinctrl nodes on (git-fixes) * arm64: dts: rockchip: Update WIFi/BT related nodes on (git-fixes) * arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) * ata: libata-scsi: Fix offsets for the fixed format sense data (git-fixes). * auxdisplay: ht16k33: Drop reference after LED registration (git-fixes). * block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (bsc#1226213). * bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX (git- fixes). * bus: mhi: host: allow MHI client drivers to provide the firmware via a pointer (bsc#1227149). * bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). * cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git- fixes). * can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). * can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). * cdrom: rearrange last_media_change check to avoid unintentional overflow (stable-fixes). * ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228417). * char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git- fixes). * checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). * cifs: Add a laundromat thread for cached directories (git-fixes, bsc#1225172). * clk: davinci:da8xx-cfgchip: Initialize clk_init_data before use (git- fixes). * clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg (git-fixes). * clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs (git- fixes). * clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (git-fixes). * config/arm64: Enable CoreSight PMU drivers (bsc#1228289 jsc#PED-7859) * cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (git-fixes). * cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() (git-fixes). * crypto/ecdh: make ecdh_compute_value() to zeroize the public key (bsc#1222768). * crypto/ecdsa: make ecdsa_ecc_ctx_deinit() to zeroize the public key (bsc#1222768). * crypto: aead,cipher - zeroize key buffer after use (stable-fixes). * crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked (git-fixes). * crypto: ecdh - explicitly zeroize private_key (stable-fixes). * crypto: ecdsa - Fix the public key format description (git-fixes). * crypto: hisilicon/debugfs - Fix debugfs uninit process issue (stable-fixes). * crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() (git- fixes). * decompress_bunzip2: fix rare decompression failure (git-fixes). * devres: Fix devm_krealloc() wasting memory (git-fixes). * devres: Fix memory leakage caused by driver API devm_free_percpu() (git- fixes). * dlm: fix user space lock decision to copy lvb (git-fixes). * dma: fix call order in dmam_free_coherent (git-fixes). * dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (git- fixes). * docs: crypto: async-tx-api: fix broken code example (git-fixes). * drivers/xen: Improve the late XenStore init protocol (git-fixes). * drivers: soc: xilinx: check return status of get_api_version() (git-fixes). * drm/amd/amdgpu: Fix uninitialized variable warnings (git-fixes). * drm/amd/display: ASSERT when failing to find index by plane/stream id (stable-fixes). * drm/amd/display:Account for cursor prefetch BW in DML1 mode support (stable-fixes). * drm/amd/display: Add refresh rate range check (stable-fixes). * drm/amd/display: Check index msg_id before read or write (stable-fixes). * drm/amd/display: Check pipe offset before setting vblank (stable-fixes). * drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport (stable-fixes). * drm/amd/display: Fix overlapping copy within dml_core_mode_programming (stable-fixes). * drm/amd/display: Fix refresh rate range for some panel (stable-fixes). * drm/amd/display: Fix uninitialized variables in DM (stable-fixes). * drm/amd/display: Move 'struct scaler_data' off stack (git-fixes). * drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present (stable-fixes). * drm/amd/display: Skip finding free audio for unknown engine_id (stable- fixes). * drm/amd/display: Skip pipe if the pipe idx not set properly (stable-fixes). * drm/amd/display: Update efficiency bandwidth for dcn351 (stable-fixes). * drm/amd/display: Workaround register access in idle race with cursor (stable-fixes). * drm/amd/display: change dram_clock_latency to 34us for dcn35 (stable-fixes). * drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). * drm/amd/pm: remove logically dead code for renoir (git-fixes). * drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). * drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). * drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git- fixes). * drm/amdgpu: Fix memory range calculation (git-fixes). * drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). * drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). * drm/amdgpu: Indicate CU havest info to CP (stable-fixes). * drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). * drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). * drm/amdgpu: Using uninitialized value *size when callingamdgpu_vce_cs_reloc (stable-fixes). * drm/amdgpu: avoid using null object of framebuffer (stable-fixes). * drm/amdgpu: fix locking scope when flushing tlb (stable-fixes). * drm/amdgpu: fix the warning about the expression (int)size - len (stable- fixes). * drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). * drm/amdgpu: silence UBSAN warning (stable-fixes). * drm/amdkfd: Fix CU Masking for GFX 9.4.3 (git-fixes). * drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs (stable- fixes). * drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline (git-fixes). * drm/bridge: it6505: fix hibernate to resume no display issue (git-fixes). * drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll (git- fixes). * drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git- fixes). * drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). * drm/exynos: dp: drop driver owner initialization (stable-fixes). * drm/fbdev-dma: Fix framebuffer mode for big endian devices (git-fixes). * drm/fbdev-generic: Fix framebuffer on big endian devices (git-fixes). * drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git- fixes). * drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git- fixes). * drm/i915/dp: Do not switch the LTTPR mode on an active link (git-fixes). * drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). * drm/lima: Mark simple_ondemand governor as softdep (git-fixes). * drm/lima: fix shared irq handling on driver remove (stable-fixes). * drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (git-fixes). * drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). * drm/mediatek: Add missing plane settings when async update (git-fixes). * drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time (stable- fixes). * drm/mediatek: Fix XRGB settingerror in Mixer (git-fixes). * drm/mediatek: Fix XRGB setting error in OVL (git-fixes). * drm/mediatek: Fix bit depth overwritten for mtk_ovl_set bit_depth() (git- fixes). * drm/mediatek: Fix destination alpha error in OVL (git-fixes). * drm/mediatek: Remove less-than-zero comparison of an unsigned value (git- fixes). * drm/mediatek: Set DRM mode configs accordingly (git-fixes). * drm/mediatek: Support DRM plane alpha in Mixer (git-fixes). * drm/mediatek: Support DRM plane alpha in OVL (git-fixes). * drm/mediatek: Support RGBA8888 and RGBX8888 in OVL on MT8195 (git-fixes). * drm/mediatek: Turn off the layers with zero width or height (git-fixes). * drm/mediatek: Use 8-bit alpha in ETHDR (git-fixes). * drm/meson: fix canvas release in bind function (git-fixes). * drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). * drm/mgag200: Set DDC timeout in milliseconds (git-fixes). * drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git- fixes). * drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() (git-fixes). * drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git- fixes). * drm/msm/dpu: fix encoder irq wait skip (git-fixes). * drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC (git-fixes). * drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). * drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). * drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). * drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). * drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git- fixes). * drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). * drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better (git-fixes). * drm/panel: ilitek-ili9881c: Fix warning with GPIOcontrollers that sleep (stable-fixes). * drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() (git- fixes). * drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators (git-fixes). * drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). * drm/qxl: Add check for drm_cvt_mode (git-fixes). * drm/radeon/radeon_display: Decrease the size of allocated memory (stable- fixes). * drm/radeon: check bo_va-> bo is non-NULL before using it (stable-fixes). * drm/rockchip: vop2: Fix the port mux of VP2 (git-fixes). * drm/ttm: Always take the bo delayed cleanup path for imported bos (git- fixes). * drm/udl: Remove DRM_CONNECTOR_POLL_HPD (git-fixes). * drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). * drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes). * drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). * drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() (git- fixes). * drm: zynqmp_kms: Fix AUX bus not getting unregistered (git-fixes). * eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (stable-fixes). * eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). * erofs: ensure m_llen is reset to 0 if metadata is invalid (git-fixes). * exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes). * f2fs: fix error path of __f2fs_build_free_nids (git-fixes). * filelock: fix potential use-after-free in posix_lock_inode (git-fixes). * firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). * firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). * firmware: cs_dsp: Return error if block header overflows file (git-fixes). * firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). * firmware: cs_dsp: Validate payload length before processing block (git- fixes). * firmware: dmi: Stop decoding on broken entry (stable-fixes). * firmware:turris-mox-rwtm: Do not complete if there are no waiters (git- fixes). * firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). * firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). * fs/file: fix the check in find_next_fd() (git-fixes). * fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes). * fuse: verify {g,u}id mount options correctly (bsc#1228193). * gfs2: Do not forget to complete delayed withdraw (git-fixes). * gfs2: Fix "ignore unlock failures after withdraw" (git-fixes). * gfs2: Fix invalid metadata access in punch_hole (git-fixes). * gfs2: Get rid of gfs2_alloc_blocks generation parameter (git-fixes). * gfs2: Rename gfs2_lookup_{ simple => meta } (git-fixes). * gfs2: Use mapping-> gfp_mask for metadata inodes (git-fixes). * gfs2: convert to ctime accessor functions (git-fixes). * gpio: mc33880: Convert comma to semicolon (git-fixes). * gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (stable-fixes). * hfsplus: fix to avoid false alarm of circular locking (git-fixes). * hfsplus: fix uninit-value in copy_name (git-fixes). * hpet: Support 32-bit userspace (git-fixes). * hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). * hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). * hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). * hwrng: amd - Convert PCIBIOS_* return codes to errnos (git-fixes). * hwrng: core - Fix wrong quality calculation at hw rng registration (git- fixes). * i2c: i801: Annotate apanel_addr as __ro_after_init (stable-fixes). * i2c: mark HostNotify target address as used (git-fixes). * i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (git-fixes). * i2c: rcar: bring hardware to known state when probing (git-fixes). * i2c: testunit: avoid re-issued work after read message (git-fixes). * i2c: testunit: correct Kconfig description (git-fixes). *i40e: fix: remove needless retries of NVM update (bsc#1227736). * iio: Fix the sorting functionality in iio_gts_build_avail_time_table (git- fixes). * iio: frequency: adrf6780: rm clk provider include (git-fixes). * iio: pressure: bmp280: Fix BMP580 temperature reading (stable-fixes). * iio: pressure: fix some word spelling errors (stable-fixes). * input: Add event code for accessibility key (stable-fixes). * input: Add support for "Do Not Disturb" (stable-fixes). * interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID (git-fixes). * iommu/amd: Fix panic accessing amd_iommu_enable_faulting (bsc#1224767). * iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). * iommu/vt-d: Allocate DMAR fault interrupts locally (bsc#1224767). * iommu/vt-d: Improve ITE fault handling if target device isn't present (git- fixes). * iommu: Fix compilation without CONFIG_IOMMU_INTEL (git-fixes). * ipmi: ssif_bmc: prevent integer overflow on 32bit systems (git-fixes). * iwlwifi: fw: fix more kernel-doc warnings (bsc#1227149). * iwlwifi: mvm: Drop unused fw_trips_index[] from iwl_mvm_thermal_device (bsc#1227149). * iwlwifi: mvm: Populate trip table before registering thermal zone (bsc#1227149). * iwlwifi: mvm: Use for_each_thermal_trip() for walking trip points (bsc#1227149). * jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). * jfs: Fix array-index-out-of-bounds in diFree (git-fixes). * jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). * kABI workaround for wireless updates (bsc#1227149). * kabi/severities: cleanup and update for WiFi driver entries (bsc#1227149) * kabi/severities: cover all ath/ _drivers (bsc#1227149) All symbols in ath/_ network drivers are local and can be ignored * kabi/severities: cover all mt76 modules (bsc#1227149) * kabi/severities: ignore amd pds internal symbols * kabi/severities: ignore kABI changes Realtek WiFi drivers (bsc#1227149) All those symbols are local and used forits own helpers * kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) * kbuild: avoid build error when single DTB is turned into composite DTB (git- fixes). * kconfig: gconf: give a proper initial state to the Save button (stable- fixes). * kconfig: remove wrong expr_trans_bool() (stable-fixes). * kernel-binary: vdso: Own module_dir * knfsd: LOOKUP can return an illegal error value (git-fixes). * kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). * kprobe/ftrace: bail out if ftrace was killed (git-fixes). * kprobe/ftrace: fix build error due to bad function definition (git-fixes). * kunit: Fix checksum tests on big endian CPUs (git-fixed). * leds: flash: leds-qcom-flash: Test the correct variable in init (git-fixes). * leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() (git-fixes). * leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). * leds: trigger: Unregister sysfs attributes before calling deactivate() (git- fixes). * leds: triggers: Flush pending brightness before activating trigger (git- fixes). * lib: objagg: Fix general protection fault (git-fixes). * lib: objagg: Fix spelling (git-fixes). * lib: test_objagg: Fix spelling (git-fixes). * libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228192). * mISDN: Fix a use after free in hfcmulti_tx() (git-fixes). * mISDN: fix MISDN_TIME_STAMP handling (git-fixes). * mac802154: fix time calculation in ieee802154_configure_durations() (git- fixes). * mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (git-fixes). * media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). * media: dvb-frontends: tda18271c2dd: Remove casting during div (stable- fixes). * media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). * media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable- fixes). * media: dvb: as102-fe:Fix as10x_register_addr packing (stable-fixes). * media: dvbdev: Initialize sbuf (stable-fixes). * media: dw2102: Do not translate i2c read into write (stable-fixes). * media: dw2102: fix a potential buffer overflow (git-fixes). * media: i2c: Fix imx412 exposure control (git-fixes). * media: imon: Fix race getting ictx-> lock (git-fixes). * media: imx-jpeg: Drop initial source change event if capture has been setup (git-fixes). * media: imx-jpeg: Remove some redundant error logs (git-fixes). * media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() (git-fixes). * media: pci: ivtv: Add check for DMA map result (git-fixes). * media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 (git-fixes). * media: renesas: vsp1: Fix _irqsave and _irq mix (git-fixes). * media: renesas: vsp1: Store RPF partition configuration per RPF instance (git-fixes). * media: s2255: Use refcount_t instead of atomic_t for num_channels (stable- fixes). * media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). * media: uvcvideo: Override default flags (git-fixes). * media: v4l: async: Fix NULL pointer dereference in adding ancillary links (git-fixes). * media: v4l: subdev: Fix typo in documentation (git-fixes). * media: venus: fix use after free in vdec_close (git-fixes). * media: venus: flush all buffers in output plane streamoff (git-fixes). * mei: demote client disconnect warning on suspend to debug (stable-fixes). * mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). * mfd: pm8008: Fix regmap irq chip initialisation (git-fixes). * misc: fastrpc: Avoid updating PD type for capability request (git-fixes). * misc: fastrpc: Copy the complete capability structure to user (git-fixes). * misc: fastrpc: Fix DSP capabilities request (git-fixes). * misc: fastrpc: Fix memory leak in audio daemon attach operation (git-fixes). * misc: fastrpc: Fix ownership reassignment of remote heap (git-fixes). * misc: fastrpc: Restrict untrusted app to attach toprivileged PD (git- fixes). * mt76: connac: move more mt7921/mt7915 mac shared code in connac lib (bsc#1227149). * mt76: mt7996: rely on mt76_sta_stats in mt76_wcid (bsc#1227149). * mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). * net/dcb: check for detached device before executing callbacks (bsc#1215587). * net: ethernet: mtk_wed: introduce mtk_wed_buf structure (bsc#1227149). * net: ethernet: mtk_wed: rename mtk_rxbm_desc in mtk_wed_bm_desc (bsc#1227149). * net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (bsc#1227149). * net: hns3: Remove io_stop_wc() calls after __iowrite64_copy() (bsc#1226502) * net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (stable-fixes). * net: mana: Fix possible double free in error handling path (git-fixes). * net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). * net: phy: microchip: lan87xx: reinit PHY after cable test (git-fixes). * net: phy: phy_device: Fix PHY LED blinking code comment (git-fixes). * net: usb: qmi_wwan: add Telit FN912 compositions (stable-fixes). * nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). * nfs: Block on write congestion (bsc#1218442). * nfs: Drop pointless check from nfs_commit_release_pages() (bsc#1218442). * nfs: Fix up kabi after adding write_congestion_wait (bsc#1218442). * nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes). * nfs: Properly initialize server-> writeback (bsc#1218442). * nfs: drop the incorrect assertion in nfs_swap_rw() (git-fixes). * nfs: fix undefined behavior in nfs_block_bits() (git-fixes). * nfs: keep server info for remounts (git-fixes). * nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (git-fixes). * nilfs2: add missing check for inode numbers on directory entries (stable- fixes). * nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). * nilfs2: convertpersistent object allocator to use kmap_local (git-fixes). * nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). * nilfs2: fix inode number range checks (stable-fixes). * ocfs2: fix DIO failure due to insufficient transaction credits (git-fixes). * ocfs2: fix races between hole punching and AIO+DIO (git-fixes). * ocfs2: use coarse time for new created files (git-fixes). * orangefs: fix out-of-bounds fsid access (git-fixes). * pNFS/filelayout: fixup pNfs allocation modes (git-fixes). * phy: cadence-torrent: Check return value on register read (git-fixes). * pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git- fixes). * pinctrl: freescale: mxs: Fix refcount of child (git-fixes). * pinctrl: renesas: r8a779g0: FIX PWM suffixes (git-fixes). * pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes (git-fixes). * pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes (git-fixes). * pinctrl: renesas: r8a779g0: Fix CANFD5 suffix (git-fixes). * pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes (git-fixes). * pinctrl: renesas: r8a779g0: Fix IRQ suffixes (git-fixes). * pinctrl: renesas: r8a779g0: Fix TCLK suffixes (git-fixes). * pinctrl: renesas: r8a779g0: Fix TPU suffixes (git-fixes). * pinctrl: rockchip: update rk3308 iomux routes (git-fixes). * pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git- fixes). * pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). * platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). * platform/x86: lg-laptop: Change ACPI device id (stable-fixes). * platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). * platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (stable-fixes). * platform/x86: toshiba_acpi: Fix array out-of-bounds access (git-fixes). * platform/x86: toshiba_acpi: Fix quickstart quirk handling (git-fixes). * platform/x86: touchscreen_dmi: Add info forGlobalSpace SolT IVW 11.6" tablet (stable-fixes). * platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). * platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable- fixes). * power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() (git-fixes). * power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() (git-fixes). * powerpc/64s/radix/kfence: map __kfence_pool at page granularity (bsc#1223570 ltc#205770). * powerpc/prom: Add CPU info to hardware description string later (bsc#1215199). * powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). * powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). * pwm: stm32: Always do lazy disabling (git-fixes). * regmap-i2c: Subtract reg size from max_write (stable-fixes). * remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (git- fixes). * remoteproc: imx_rproc: Skip over memory region when node value is NULL (git- fixes). * remoteproc: k3-r5: Fix IPC-only mode detection (git-fixes). * remoteproc: stm32_rproc: Fix mailbox interrupts queuing (git-fixes). * rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). * rtc: abx80x: Fix return value of nvmem callback on read (git-fixes). * rtc: cmos: Fix return value of nvmem callbacks (git-fixes). * rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). * rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). * s390: Implement __iowrite32_copy() (bsc#1226502) * s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) * saa7134: Unchecked i2c_transfer function result fixed (git-fixes). * selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). * selftests: fix OOM in msg_zerocopy selftest (git-fixes). * selftests: make order checking verbose in msg_zerocopy selftest (git-fixes). * serial: imx: Raise TX trigger level to 8 (stable-fixes). * smb3: allowcontrolling length of time directory entries are cached with dir leases (git-fixes, bsc#1225172). * smb3: allow controlling maximum number of cached directories (git-fixes, bsc#1225172). * smb3: do not start laundromat thread when dir leases disabled (git-fixes, bsc#1225172). * smb: client: do not start laundromat thread on nohandlecache (git-fixes, bsc#1225172). * smb: client: make laundromat a delayed worker (git-fixes, bsc#1225172). * smb: client: prevent new fids from being removed by laundromat (git-fixes, bsc#1225172). * soc: qcom: pdr: fix parsing of domains lists (git-fixes). * soc: qcom: pdr: protect locator_addr with the main mutex (git-fixes). * soc: qcom: pmic_glink: Handle the return value of pmic_glink_init (git- fixes). * soc: qcom: rpmh-rsc: Ensure irqs are not disabled by rpmh_rsc_send_data() callers (git-fixes). * soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). * soc: xilinx: rename cpu_number1 to dummy_cpu_number (git-fixes). * spi: atmel-quadspi: Add missing check for clk_prepare (git-fixes). * spi: cadence: Ensure data lines set to low during dummy-cycle period (stable-fixes). * spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable- fixes). * spi: microchip-core: defer asserting chip select until just before write to TX FIFO (git-fixes). * spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer (git-fixes). * spi: microchip-core: fix the issues in the isr (git-fixes). * spi: microchip-core: only disable SPI controller when register value change requires it (git-fixes). * spi: mux: set ctlr-> bits_per_word_mask (stable-fixes). * spi: spi-microchip-core: Fix the number of chip selects supported (git- fixes). * spi: spidev: add correct compatible for Rohm BH2228FV (git-fixes). * sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). * supported.conf: Add support for v4l2-dv-timings (jsc#PED-8644) *supported.conf: mark vdpa modules supported (jsc#PED-8954) * supported.conf: update for mt76 stuff (bsc#1227149) * thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data (stable- fixes). * tools/memory-model: Fix bug in lock.cat (git-fixes). * tools/power turbostat: Remember global max_die_id (stable-fixes). * tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (stable-fixes). * tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). * tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). * tracing: Build event generation tests only as modules (git-fixes). * usb: dwc3: core: Add DWC31 version 2.00a controller (stable-fixes). * usb: dwc3: core: Workaround for CSR read timeout (stable-fixes). * usb: dwc3: pci: add support for the Intel Panther Lake (stable-fixes). * usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable- fixes). * usb: gadget: printer: SS+ support (stable-fixes). * usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). * usb: typec: ucsi: Never send a lone connector change ack (stable-fixes). * usb: ucsi: stm32: fix command completion handling (git-fixes). * usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (stable-fixes). * vmlinux.lds.h: catch .bss..L* sections into BSS") (git-fixes). * watchdog: rzg2l_wdt: Check return status of pm_runtime_put() (git-fixes). * watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() (git-fixes). * watchdog: rzn1: Convert comma to semicolon (git-fixes). * wifi: add HAS_IOPORT dependencies (bsc#1227149). * wifi: ar5523: Remove unnecessary (void*) conversions (bsc#1227149). * wifi: ath10/11/12k: Use alloc_ordered_workqueue() to create ordered workqueues (bsc#1227149). * wifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by (bsc#1227149). * wifi: ath10k: Convert to platform remove callback returning void (bsc#1227149). *wifi: ath10k: Drop checks that are always false (bsc#1227149). * wifi: ath10k: Drop cleaning of driver data from probe error path and remove (bsc#1227149). * wifi: ath10k: Fix a few spelling errors (bsc#1227149). * wifi: ath10k: Fix enum ath10k_fw_crash_dump_type kernel-doc (bsc#1227149). * wifi: ath10k: Fix htt_data_tx_completion kernel-doc warning (bsc#1227149). * wifi: ath10k: Remove unnecessary (void*) conversions (bsc#1227149). * wifi: ath10k: Remove unused struct ath10k_htc_frame (bsc#1227149). * wifi: ath10k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). * wifi: ath10k: Use DECLARE_FLEX_ARRAY() for ath10k_htc_record (bsc#1227149). * wifi: ath10k: Use list_count_nodes() (bsc#1227149). * wifi: ath10k: add missing wmi_10_4_feature_mask documentation (bsc#1227149). * wifi: ath10k: add support to allow broadcast action frame RX (bsc#1227149). * wifi: ath10k: consistently use kstrtoX_from_user() functions (bsc#1227149). * wifi: ath10k: correctly document enum wmi_tlv_tx_pause_id (bsc#1227149). * wifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL (bsc#1227149). * wifi: ath10k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). * wifi: ath10k: fix htt_q_state_conf & htt_q_state kernel-doc (bsc#1227149). * wifi: ath10k: improve structure padding (bsc#1227149). * wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (bsc#1227149). * wifi: ath10k: remove ath10k_htc_record::pauload[] (bsc#1227149). * wifi: ath10k: remove duplicate memset() in 10.4 TDLS peer update (bsc#1227149). * wifi: ath10k: remove struct wmi_pdev_chanlist_update_event (bsc#1227149). * wifi: ath10k: remove unused template structs (bsc#1227149). * wifi: ath10k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). * wifi: ath10k: replace deprecated strncpy with memcpy (bsc#1227149). * wifi: ath10k: simplify __ath10k_htt_tx_txq_recalc() (bsc#1227149). * wifi: ath10k: simplify ath10k_peer_create() (bsc#1227149). * wifi:ath10k: use flexible array in struct wmi_host_mem_chunks (bsc#1227149). * wifi: ath10k: use flexible array in struct wmi_tdls_peer_capabilities (bsc#1227149). * wifi: ath10k: use flexible arrays for WMI start scan TLVs (bsc#1227149). * wifi: ath11k: Add HTT stats for PHY reset case (bsc#1227149). * wifi: ath11k: Add coldboot calibration support for QCN9074 (bsc#1227149). * wifi: ath11k: Allow ath11k to boot without caldata in ftm mode (bsc#1227149). * wifi: ath11k: Consistently use ath11k_vif_to_arvif() (bsc#1227149). * wifi: ath11k: Consolidate WMI peer flags (bsc#1227149). * wifi: ath11k: Convert to platform remove callback returning void (bsc#1227149). * wifi: ath11k: Do not directly use scan_flags in struct scan_req_params (bsc#1227149). * wifi: ath11k: EMA beacon support (bsc#1227149). * wifi: ath11k: Fix a few spelling errors (bsc#1227149). * wifi: ath11k: Fix ath11k_htc_record flexible record (bsc#1227149). * wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (bsc#1227149). * wifi: ath11k: MBSSID beacon support (bsc#1227149). * wifi: ath11k: MBSSID configuration during vdev create/start (bsc#1227149). * wifi: ath11k: MBSSID parameter configuration in AP mode (bsc#1227149). * wifi: ath11k: Really consistently use ath11k_vif_to_arvif() (bsc#1227149). * wifi: ath11k: Relocate the func ath11k_mac_bitrate_mask_num_ht_rates() and change hweight16 to hweight8 (bsc#1227149). * wifi: ath11k: Remove ath11k_base::bd_api (bsc#1227149). * wifi: ath11k: Remove cal_done check during probe (bsc#1227149). * wifi: ath11k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). * wifi: ath11k: Remove scan_flags union from struct scan_req_params (bsc#1227149). * wifi: ath11k: Remove struct ath11k::ops (bsc#1227149). * wifi: ath11k: Remove unneeded semicolon (bsc#1227149). * wifi: ath11k: Remove unused declarations (bsc#1227149). * wifi: ath11k: Remove unused struct ath11k_htc_frame (bsc#1227149). * wifi: ath11k: Send HTfixed rate in WMI peer fixed param (bsc#1227149). * wifi: ath11k: Split coldboot calibration hw_param (bsc#1227149). * wifi: ath11k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). * wifi: ath11k: Use device_get_match_data() (bsc#1227149). * wifi: ath11k: Use list_count_nodes() (bsc#1227149). * wifi: ath11k: add WMI event debug messages (bsc#1227149). * wifi: ath11k: add WMI_TLV_SERVICE_EXT_TPC_REG_SUPPORT service bit (bsc#1227149). * wifi: ath11k: add chip id board name while searching board-2.bin for WCN6855 (bsc#1227149). * wifi: ath11k: add firmware-2.bin support (bsc#1227149). * wifi: ath11k: add handler for WMI_VDEV_SET_TPC_POWER_CMDID (bsc#1227149). * wifi: ath11k: add parse of transmit power envelope element (bsc#1227149). * wifi: ath11k: add parsing of phy bitmap for reg rules (bsc#1227149). * wifi: ath11k: add support for QCA2066 (bsc#1227149). * wifi: ath11k: add support to select 6 GHz regulatory type (bsc#1227149). * wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (bsc#1227149). * wifi: ath11k: avoid forward declaration of ath11k_mac_start_vdev_delay() (bsc#1227149). * wifi: ath11k: call ath11k_mac_fils_discovery() without condition (bsc#1227149). * wifi: ath11k: constify MHI channel and controller configs (bsc#1227149). * wifi: ath11k: debug: add ATH11K_DBG_CE (bsc#1227149). * wifi: ath11k: debug: remove unused ATH11K_DBG_ANY (bsc#1227149). * wifi: ath11k: debug: use all upper case in ATH11k_DBG_HAL (bsc#1227149). * wifi: ath11k: do not use %pK (bsc#1227149). * wifi: ath11k: document HAL_RX_BUF_RBM_SW4_BM (bsc#1227149). * wifi: ath11k: dp: cleanup debug message (bsc#1227149). * wifi: ath11k: driver settings for MBSSID and EMA (bsc#1227149). * wifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats() (bsc#1227149). * wifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process() (bsc#1227149). * wifi: ath11k: enable 36 bit mask for stream DMA(bsc#1227149). * wifi: ath11k: factory test mode support (bsc#1227149). * wifi: ath11k: fill parameters for vdev set tpc power WMI command (bsc#1227149). * wifi: ath11k: fix CAC running state during virtual interface start (bsc#1227149). * wifi: ath11k: fix IOMMU errors on buffer rings (bsc#1227149). * wifi: ath11k: fix RCU documentation in ath11k_mac_op_ipv6_changed() (git- fixes). * wifi: ath11k: fix WCN6750 firmware crash caused by 17 num_vdevs (bsc#1227149). * wifi: ath11k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). * wifi: ath11k: fix a possible dead lock caused by ab-> base_lock (bsc#1227149). * wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (bsc#1227149). * wifi: ath11k: fix connection failure due to unexpected peer delete (bsc#1227149). * wifi: ath11k: fix tid bitmap is 0 in peer rx mu stats (bsc#1227149). * wifi: ath11k: fix wrong definition of CE ring's base address (git-fixes). * wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). * wifi: ath11k: hal: cleanup debug message (bsc#1227149). * wifi: ath11k: htc: cleanup debug messages (bsc#1227149). * wifi: ath11k: initialize eirp_power before use (bsc#1227149). * wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (bsc#1227149). * wifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash (bsc#1227149). * wifi: ath11k: move pci.ops registration ahead (bsc#1227149). * wifi: ath11k: move power type check to ASSOC stage when connecting to 6 GHz AP (bsc#1227149). * wifi: ath11k: move references from rsvd2 to info fields (bsc#1227149). * wifi: ath11k: pci: cleanup debug logging (bsc#1227149). * wifi: ath11k: print debug level in debug messages (bsc#1227149). * wifi: ath11k: provide address list if chip supports 2 stations (bsc#1227149). * wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (bsc#1227149). * wifi: ath11k: refactor ath11k_wmi_tlv_parse_alloc() (bsc#1227149). * wifi: ath11k:refactor setting country code logic (stable-fixes). * wifi: ath11k: refactor vif parameter configurations (bsc#1227149). * wifi: ath11k: rely on mac80211 debugfs handling for vif (bsc#1227149). * wifi: ath11k: remove ath11k_htc_record::pauload[] (bsc#1227149). * wifi: ath11k: remove invalid peer create logic (bsc#1227149). * wifi: ath11k: remove manual mask names from debug messages (bsc#1227149). * wifi: ath11k: remove unnecessary (void*) conversions (bsc#1227149). * wifi: ath11k: remove unsupported event handlers (bsc#1227149). * wifi: ath11k: remove unused function ath11k_tm_event_wmi() (bsc#1227149). * wifi: ath11k: remove unused members of 'struct ath11k_base' (bsc#1227149). * wifi: ath11k: remove unused scan_events from struct scan_req_params (bsc#1227149). * wifi: ath11k: rename MBSSID fields in wmi_vdev_up_cmd (bsc#1227149). * wifi: ath11k: rename ath11k_start_vdev_delay() (bsc#1227149). * wifi: ath11k: rename the sc naming convention to ab (bsc#1227149). * wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). * wifi: ath11k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). * wifi: ath11k: restore country code during resume (git-fixes). * wifi: ath11k: save max transmit power in vdev start response event from firmware (bsc#1227149). * wifi: ath11k: save power spectral density(PSD) of regulatory rule (bsc#1227149). * wifi: ath11k: simplify ath11k_mac_validate_vht_he_fixed_rate_settings() (bsc#1227149). * wifi: ath11k: simplify the code with module_platform_driver (bsc#1227149). * wifi: ath11k: store cur_regulatory_info for each radio (bsc#1227149). * wifi: ath11k: support 2 station interfaces (bsc#1227149). * wifi: ath11k: update proper pdev/vdev id for testmode command (bsc#1227149). * wifi: ath11k: update regulatory rules when connect to AP on 6 GHz band for station (bsc#1227149). * wifi: ath11k: update regulatory rules when interface added (bsc#1227149). * wifi: ath11k: use RCU when accessing structinet6_dev::ac_list (bsc#1227149). * wifi: ath11k: use WMI_VDEV_SET_TPC_POWER_CMDID when EXT_TPC_REG_SUPPORT for 6 GHz (bsc#1227149). * wifi: ath11k: use kstrtoul_from_user() where appropriate (bsc#1227149). * wifi: ath11k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). * wifi: ath11k: wmi: add unified command debug messages (bsc#1227149). * wifi: ath11k: wmi: cleanup error handling in ath11k_wmi_send_init_country_cmd() (bsc#1227149). * wifi: ath11k: wmi: use common error handling style (bsc#1227149). * wifi: ath11k: workaround too long expansion sparse warnings (bsc#1227149). * wifi: ath12k: Add logic to write QRTR node id to scratch (bsc#1227149). * wifi: ath12k: Add missing qmi_txn_cancel() calls (bsc#1227149). * wifi: ath12k: Add support to parse new WMI event for 6 GHz regulatory (bsc#1227149). * wifi: ath12k: Consistently use ath12k_vif_to_arvif() (bsc#1227149). * wifi: ath12k: Consolidate WMI peer flags (bsc#1227149). * wifi: ath12k: Correct 6 GHz frequency value in rx status (git-fixes). * wifi: ath12k: Do not drop tx_status in failure case (git-fixes). * wifi: ath12k: Do not use scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). * wifi: ath12k: Enable Mesh support for QCN9274 (bsc#1227149). * wifi: ath12k: Fix a few spelling errors (bsc#1227149). * wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure (git-fixes). * wifi: ath12k: Fix uninitialized use of ret in ath12k_mac_allocate() (bsc#1227149). * wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (bsc#1227149). * wifi: ath12k: Introduce the container for mac80211 hw (bsc#1227149). * wifi: ath12k: Make QMI message rules const (bsc#1227149). * wifi: ath12k: Optimize the mac80211 hw data access (bsc#1227149). * wifi: ath12k: Read board id to support split-PHY QCN9274 (bsc#1227149). * wifi: ath12k: Refactor the mac80211 hw access from link/radio (bsc#1227149). * wifi: ath12k: Remove ath12k_base::bd_api (bsc#1227149). * wifi: ath12k: Remove obsolete structwmi_peer_flags_map *peer_flags (bsc#1227149). * wifi: ath12k: Remove some dead code (bsc#1227149). * wifi: ath12k: Remove struct ath12k::ops (bsc#1227149). * wifi: ath12k: Remove unnecessary (void*) conversions (bsc#1227149). * wifi: ath12k: Remove unnecessary struct qmi_txn initializers (bsc#1227149). * wifi: ath12k: Remove unused declarations (bsc#1227149). * wifi: ath12k: Remove unused scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). * wifi: ath12k: Set default beacon mode to burst mode (bsc#1227149). * wifi: ath12k: Use initializers for QMI message buffers (bsc#1227149). * wifi: ath12k: Use msdu_end to check MCBC (bsc#1227149). * wifi: ath12k: Use pdev_id rather than mac_id to get pdev (bsc#1227149). * wifi: ath12k: WMI support to process EHT capabilities (bsc#1227149). * wifi: ath12k: add 320 MHz bandwidth enums (bsc#1227149). * wifi: ath12k: add CE and ext IRQ flag to indicate irq_handler (bsc#1227149). * wifi: ath12k: add EHT PHY modes (bsc#1227149). * wifi: ath12k: add MAC id support in WBM error path (bsc#1227149). * wifi: ath12k: add MLO header in peer association (bsc#1227149). * wifi: ath12k: add P2P IE in beacon template (bsc#1227149). * wifi: ath12k: add QMI PHY capability learn support (bsc#1227149). * wifi: ath12k: add WMI support for EHT peer (bsc#1227149). * wifi: ath12k: add ath12k_qmi_free_resource() for recovery (bsc#1227149). * wifi: ath12k: add fallback board name without variant while searching board-2.bin (bsc#1227149). * wifi: ath12k: add firmware-2.bin support (bsc#1227149). * wifi: ath12k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (bsc#1227149). * wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (bsc#1227149). * wifi: ath12k: add msdu_end structure for WCN7850 (bsc#1227149). * wifi: ath12k: add parsing of phy bitmap for reg rules (bsc#1227149). * wifi: ath12k: add processing for TWT disable event (bsc#1227149). * wifi: ath12k: add processing for TWT enableevent (bsc#1227149). * wifi: ath12k: add qmi_cnss_feature_bitmap field to hardware parameters (bsc#1227149). * wifi: ath12k: add rcu lock for ath12k_wmi_p2p_noa_event() (bsc#1227149). * wifi: ath12k: add read variant from SMBIOS for download board data (bsc#1227149). * wifi: ath12k: add string type to search board data in board-2.bin for WCN7850 (bsc#1227149). * wifi: ath12k: add support for BA1024 (bsc#1227149). * wifi: ath12k: add support for collecting firmware log (bsc#1227149). * wifi: ath12k: add support for hardware rfkill for WCN7850 (bsc#1227149). * wifi: ath12k: add support for peer meta data version (bsc#1227149). * wifi: ath12k: add support one MSI vector (bsc#1227149). * wifi: ath12k: add support to search regdb data in board-2.bin for WCN7850 (bsc#1227149). * wifi: ath12k: add wait operation for tx management packets for flush from mac80211 (bsc#1227149). * wifi: ath12k: advertise P2P dev support for WCN7850 (bsc#1227149). * wifi: ath12k: allow specific mgmt frame tx while vdev is not up (bsc#1227149). * wifi: ath12k: ath12k_start_vdev_delay(): convert to use ar (bsc#1227149). * wifi: ath12k: avoid deadlock by change ieee80211_queue_work for regd_update_work (bsc#1227149). * wifi: ath12k: avoid duplicated vdev stop (git-fixes). * wifi: ath12k: avoid explicit HW conversion argument in Rxdma replenish (bsc#1227149). * wifi: ath12k: avoid explicit RBM id argument in Rxdma replenish (bsc#1227149). * wifi: ath12k: avoid explicit mac id argument in Rxdma replenish (bsc#1227149). * wifi: ath12k: avoid repeated hw access from ar (bsc#1227149). * wifi: ath12k: avoid repeated wiphy access from hw (bsc#1227149). * wifi: ath12k: call ath12k_mac_fils_discovery() without condition (bsc#1227149). * wifi: ath12k: change DMA direction while mapping reinjected packets (git- fixes). * wifi: ath12k: change MAC buffer ring size to 2048 (bsc#1227149). * wifi: ath12k: change WLAN_SCAN_PARAMS_MAX_IE_LEN from 256 to 512 (bsc#1227149). * wifi: ath12k: change interface combination for P2P mode (bsc#1227149). * wifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset() (bsc#1227149). * wifi: ath12k: change to treat alpha code na as world wide regdomain (bsc#1227149). * wifi: ath12k: change to use dynamic memory for channel list of scan (bsc#1227149). * wifi: ath12k: check M3 buffer size as well whey trying to reuse it (bsc#1227149). * wifi: ath12k: check hardware major version for WCN7850 (bsc#1227149). * wifi: ath12k: configure RDDM size to MHI for device recovery (bsc#1227149). * wifi: ath12k: configure puncturing bitmap (bsc#1227149). * wifi: ath12k: correct the data_type from QMI_OPT_FLAG to QMI_UNSIGNED_1_BYTE for mlo_capable (bsc#1227149). * wifi: ath12k: delete the timer rx_replenish_retry during rmmod (bsc#1227149). * wifi: ath12k: designating channel frequency for ROC scan (bsc#1227149). * wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274 (bsc#1227149). * wifi: ath12k: do not drop data frames from unassociated stations (bsc#1227149). * wifi: ath12k: do not restore ASPM in case of single MSI vector (bsc#1227149). * wifi: ath12k: drop NULL pointer check in ath12k_update_per_peer_tx_stats() (bsc#1227149). * wifi: ath12k: drop failed transmitted frames from metric calculation (git- fixes). * wifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850 (bsc#1227149). * wifi: ath12k: enable 802.11 power save mode in station mode (bsc#1227149). * wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (bsc#1227149). * wifi: ath12k: fetch correct pdev id from WMI_SERVICE_READY_EXT_EVENTID (bsc#1227149). * wifi: ath12k: fix PCI read and write (bsc#1227149). * wifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan (bsc#1227149). * wifi: ath12k: fix broken structure wmi_vdev_create_cmd (bsc#1227149). * wifi: ath12k: fix conf_mutex inath12k_mac_op_unassign_vif_chanctx() (bsc#1227149). * wifi: ath12k: fix debug messages (bsc#1227149). * wifi: ath12k: fix fetching MCBC flag for QCN9274 (bsc#1227149). * wifi: ath12k: fix firmware assert during insmod in memory segment mode (bsc#1227149). * wifi: ath12k: fix firmware crash during reo reinject (git-fixes). * wifi: ath12k: fix invalid m3 buffer address (bsc#1227149). * wifi: ath12k: fix invalid memory access while processing fragmented packets (git-fixes). * wifi: ath12k: fix kernel crash during resume (bsc#1227149). * wifi: ath12k: fix license in p2p.c and p2p.h (bsc#1227149). * wifi: ath12k: fix peer metadata parsing (git-fixes). * wifi: ath12k: fix potential wmi_mgmt_tx_queue race condition (bsc#1227149). * wifi: ath12k: fix radar detection in 160 MHz (bsc#1227149). * wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (bsc#1227149). * wifi: ath12k: fix the error handler of rfkill config (bsc#1227149). * wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 (bsc#1227149). * wifi: ath12k: fix the problem that down grade phy mode operation (bsc#1227149). * wifi: ath12k: fix wrong definition of CE ring's base address (git-fixes). * wifi: ath12k: fix wrong definitions of hal_reo_update_rx_queue (bsc#1227149). * wifi: ath12k: get msi_data again after request_irq is called (bsc#1227149). * wifi: ath12k: implement handling of P2P NoA event (bsc#1227149). * wifi: ath12k: implement remain on channel for P2P mode (bsc#1227149). * wifi: ath12k: increase vdev setup timeout (bsc#1227149). * wifi: ath12k: indicate NON MBSSID vdev by default during vdev start (bsc#1227149). * wifi: ath12k: indicate scan complete for scan canceled when scan running (bsc#1227149). * wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (bsc#1227149). * wifi: ath12k: move HE capabilities processing to a new function (bsc#1227149). * wifi: ath12k: move peer delete after vdev stop of station for WCN7850 (bsc#1227149). * wifi: ath12k: parse WMI service ready ext2 event (bsc#1227149). * wifi: ath12k: peer assoc for 320 MHz (bsc#1227149). * wifi: ath12k: prepare EHT peer assoc parameters (bsc#1227149). * wifi: ath12k: propagate EHT capabilities to userspace (bsc#1227149). * wifi: ath12k: refactor DP Rxdma ring structure (bsc#1227149). * wifi: ath12k: refactor QMI MLO host capability helper function (bsc#1227149). * wifi: ath12k: refactor ath12k_bss_assoc() (bsc#1227149). * wifi: ath12k: refactor ath12k_mac_allocate() and ath12k_mac_destroy() (bsc#1227149). * wifi: ath12k: refactor ath12k_mac_op_ampdu_action() (bsc#1227149). * wifi: ath12k: refactor ath12k_mac_op_conf_tx() (bsc#1227149). * wifi: ath12k: refactor ath12k_mac_op_config() (bsc#1227149). * wifi: ath12k: refactor ath12k_mac_op_configure_filter() (bsc#1227149). * wifi: ath12k: refactor ath12k_mac_op_flush() (bsc#1227149). * wifi: ath12k: refactor ath12k_mac_op_start() (bsc#1227149). * wifi: ath12k: refactor ath12k_mac_op_stop() (bsc#1227149). * wifi: ath12k: refactor ath12k_mac_op_update_vif_offload() (bsc#1227149). * wifi: ath12k: refactor ath12k_mac_register() and ath12k_mac_unregister() (bsc#1227149). * wifi: ath12k: refactor ath12k_mac_setup_channels_rates() (bsc#1227149). * wifi: ath12k: refactor ath12k_wmi_tlv_parse_alloc() (bsc#1227149). * wifi: ath12k: refactor multiple MSI vector implementation (bsc#1227149). * wifi: ath12k: refactor the rfkill worker (bsc#1227149). * wifi: ath12k: register EHT mesh capabilities (bsc#1227149). * wifi: ath12k: relax list iteration in ath12k_mac_vif_unref() (bsc#1227149). * wifi: ath12k: relocate ath12k_dp_pdev_pre_alloc() call (bsc#1227149). * wifi: ath12k: remove hal_desc_sz from hw params (bsc#1227149). * wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (bsc#1227149). * wifi: ath12k: remove the unused scan_events fromath12k_wmi_scan_req_arg (bsc#1227149). * wifi: ath12k: remove unused ATH12K_BD_IE_BOARD_EXT (bsc#1227149). * wifi: ath12k: rename HE capabilities setup/copy functions (bsc#1227149). * wifi: ath12k: rename the sc naming convention to ab (bsc#1227149). * wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). * wifi: ath12k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). * wifi: ath12k: send WMI_PEER_REORDER_QUEUE_SETUP_CMDID when ADDBA session starts (bsc#1227149). * wifi: ath12k: set IRQ affinity to CPU0 in case of one MSI vector (bsc#1227149). * wifi: ath12k: set PERST pin no pull request for WCN7850 (bsc#1227149). * wifi: ath12k: split hal_ops to support RX TLVs word mask compaction (bsc#1227149). * wifi: ath12k: subscribe required word mask from rx tlv (bsc#1227149). * wifi: ath12k: support default regdb while searching board-2.bin for WCN7850 (bsc#1227149). * wifi: ath12k: trigger station disconnect on hardware restart (bsc#1227149). * wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ (bsc#1227149). * wifi: ath12k: use correct flag field for 320 MHz channels (bsc#1227149). * wifi: ath12k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). * wifi: ath5k: Convert to platform remove callback returning void (bsc#1227149). * wifi: ath5k: Remove redundant dev_err() (bsc#1227149). * wifi: ath5k: ath5k_hw_get_median_noise_floor(): use swap() (bsc#1227149). * wifi: ath5k: remove phydir check from ath5k_debug_init_device() (bsc#1227149). * wifi: ath5k: remove unnecessary (void*) conversions (bsc#1227149). * wifi: ath5k: remove unused ath5k_eeprom_info::ee_antenna (bsc#1227149). * wifi: ath5k: replace deprecated strncpy with strscpy (bsc#1227149). * wifi: ath6kl: Remove error checking for debugfs_create_dir() (bsc#1227149). * wifi: ath6kl: remove unnecessary (void*) conversions (bsc#1227149). * wifi: ath6kl: replace deprecated strncpy with memcpy (bsc#1227149). * wifi: ath9k: Convert to platform remove callbackreturning void (bsc#1227149). * wifi: ath9k: Remove unnecessary (void*) conversions (bsc#1227149). * wifi: ath9k: Remove unnecessary ternary operators (bsc#1227149). * wifi: ath9k: Remove unused declarations (bsc#1227149). * wifi: ath9k: avoid using uninitialized array (bsc#1227149). * wifi: ath9k: clean up function ath9k_hif_usb_resume (bsc#1227149). * wifi: ath9k: consistently use kstrtoX_from_user() functions (bsc#1227149). * wifi: ath9k: delete some unused/duplicate macros (bsc#1227149). * wifi: ath9k: fix parameter check in ath9k_init_debug() (bsc#1227149). * wifi: ath9k: remove redundant assignment to variable ret (bsc#1227149). * wifi: ath9k: reset survey of current channel after a scan started (bsc#1227149). * wifi: ath9k: simplify ar9003_hw_process_ini() (bsc#1227149). * wifi: ath9k: use u32 for txgain indexes (bsc#1227149). * wifi: ath9k: work around memset overflow warning (bsc#1227149). * wifi: ath9k_htc: fix format-truncation warning (bsc#1227149). * wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address (bsc#1227149). * wifi: ath: dfs_pattern_detector: Use flex array to simplify code (bsc#1227149). * wifi: ath: remove unused-but-set parameter (bsc#1227149). * wifi: ath: work around false-positive stringop-overread warning (bsc#1227149). * wifi: atk10k: Do not opencode ath10k_pci_priv() in ath10k_ahb_priv() (bsc#1227149). * wifi: atmel: remove unused ioctl function (bsc#1227149). * wifi: b43: silence sparse warnings (bsc#1227149). * wifi: brcm80211: replace deprecated strncpy with strscpy (bsc#1227149). * wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by (bsc#1227149). * wifi: brcmfmac: Detect corner error case earlier with log (bsc#1227149). * wifi: brcmfmac: add linefeed at end of file (bsc#1227149). * wifi: brcmfmac: allow per-vendor event handling (bsc#1227149). * wifi: brcmfmac: do not cast hidden SSID attribute value to boolean (bsc#1227149). * wifi: brcmfmac: do notpass hidden SSID attribute as value directly (bsc#1227149). * wifi: brcmfmac: export firmware interface functions (bsc#1227149). * wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by (bsc#1227149). * wifi: brcmfmac: fix format-truncation warnings (bsc#1227149). * wifi: brcmfmac: fix gnu_printf warnings (bsc#1227149). * wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (bsc#1227149). * wifi: brcmfmac: fweh: Fix boot crash on Raspberry Pi 4 (bsc#1227149). * wifi: brcmfmac: move feature overrides before feature_disable (bsc#1227149). * wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). * wifi: brcmsmac: cleanup SCB-related data types (bsc#1227149). * wifi: brcmsmac: fix gnu_printf warnings (bsc#1227149). * wifi: brcmsmac: phy: Remove unreachable code (bsc#1227149). * wifi: brcmsmac: remove more unused data types (bsc#1227149). * wifi: brcmsmac: remove unused data type (bsc#1227149). * wifi: brcmsmac: replace deprecated strncpy with memcpy (bsc#1227149). * wifi: brcmsmac: silence sparse warnings (bsc#1227149). * wifi: brcmutil: use helper function pktq_empty() instead of open code (bsc#1227149). * wifi: carl9170: Remove redundant assignment to pointer super (bsc#1227149). * wifi: carl9170: remove unnecessary (void*) conversions (bsc#1227149). * wifi: cfg80211: Add support for setting TID to link mapping (bsc#1227149). * wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (bsc#1227149). * wifi: cfg80211: Extend support for scanning while MLO connected (bsc#1227149). * wifi: cfg80211: Fix typo in documentation (bsc#1227149). * wifi: cfg80211: Handle specific BSSID in 6GHz scanning (bsc#1227149). * wifi: cfg80211: Include operating class 137 in 6GHz band (bsc#1227149). * wifi: cfg80211: OWE DH IE handling offload (bsc#1227149). * wifi: cfg80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). * wifi: cfg80211:Schedule regulatory check on BSS STA channel change (bsc#1227149). * wifi: cfg80211: Update the default DSCP-to-UP mapping (bsc#1227149). * wifi: cfg80211: add BSS usage reporting (bsc#1227149). * wifi: cfg80211: add RNR with reporting AP information (bsc#1227149). * wifi: cfg80211: add a flag to disable wireless extensions (bsc#1227149). * wifi: cfg80211: add local_state_change to deauth trace (bsc#1227149). * wifi: cfg80211: add locked debugfs wrappers (bsc#1227149). * wifi: cfg80211: add support for SPP A-MSDUs (bsc#1227149). * wifi: cfg80211: address several kerneldoc warnings (bsc#1227149). * wifi: cfg80211: allow reg update by driver even if wiphy-> regd is set (bsc#1227149). * wifi: cfg80211: annotate iftype_data pointer with sparse (bsc#1227149). * wifi: cfg80211: avoid double free if updating BSS fails (bsc#1227149). * wifi: cfg80211: call reg_call_notifier on beacon hints (bsc#1227149). * wifi: cfg80211: check RTNL when iterating devices (bsc#1227149). * wifi: cfg80211: check wiphy mutex is held for wdev mutex (bsc#1227149). * wifi: cfg80211: consume both probe response and beacon IEs (bsc#1227149). * wifi: cfg80211: detect stuck ECSA element in probe resp (bsc#1227149). * wifi: cfg80211: ensure cfg80211_bss_update frees IEs on error (bsc#1227149). * wifi: cfg80211: export DFS CAC time and usable state helper functions (bsc#1227149). * wifi: cfg80211: expose nl80211_chan_width_to_mhz for wide sharing (bsc#1227149). * wifi: cfg80211: fix 6 GHz scan request building (stable-fixes). * wifi: cfg80211: fix CQM for non-range use (bsc#1227149). * wifi: cfg80211: fix header kernel-doc typos (bsc#1227149). * wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush() (bsc#1227149). * wifi: cfg80211: fix spelling & punctutation (bsc#1227149). * wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). * wifi: cfg80211: generate an ML element for per-STA profiles (bsc#1227149). * wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). * wifi: cfg80211: handle UHB AP and STA power type (bsc#1227149). * wifi: cfg80211: hold wiphy lock in cfg80211_any_wiphy_oper_chan() (bsc#1227149). * wifi: cfg80211: hold wiphy mutex for send_interface (bsc#1227149). * wifi: cfg80211: improve documentation for flag fields (bsc#1227149). * wifi: cfg80211: introduce cfg80211_ssid_eq() (bsc#1227149). * wifi: cfg80211: make RX assoc data const (bsc#1227149). * wifi: cfg80211: make read-only array centers_80mhz static const (bsc#1227149). * wifi: cfg80211: modify prototype for change_beacon (bsc#1227149). * wifi: cfg80211: reg: Support P2P operation on DFS channels (bsc#1227149). * wifi: cfg80211: reg: describe return values in kernel-doc (bsc#1227149). * wifi: cfg80211: reg: fix various kernel-doc issues (bsc#1227149). * wifi: cfg80211: reg: hold wiphy mutex for wdev iteration (bsc#1227149). * wifi: cfg80211: remove scan_width support (bsc#1227149). * wifi: cfg80211: remove wdev mutex (bsc#1227149). * wifi: cfg80211: rename UHB to 6 GHz (bsc#1227149). * wifi: cfg80211: report per-link errors during association (bsc#1227149). * wifi: cfg80211: report unprotected deauth/disassoc in wowlan (bsc#1227149). * wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). * wifi: cfg80211: save power spectral density(psd) of regulatory rule (bsc#1227149). * wifi: cfg80211: set correct param change count in ML element (bsc#1227149). * wifi: cfg80211: sme: hold wiphy lock for wdev iteration (bsc#1227149). * wifi: cfg80211: sort certificates in build (bsc#1227149). * wifi: cfg80211: split struct cfg80211_ap_settings (bsc#1227149). * wifi: cfg80211: validate HE operation element parsing (bsc#1227149). * wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). * wifi: cfg80211: wext: convert return value to kernel-doc (bsc#1227149). * wifi: cfg80211: wext: set ssids=NULL for passive scans (git-fixes). * wifi: cw1200: Avoid processing an invalidTIM IE (bsc#1227149). * wifi: cw1200: Convert to GPIO descriptors (bsc#1227149). * wifi: cw1200: fix __le16 sparse warnings (bsc#1227149). * wifi: cw1200: restore endian swapping (bsc#1227149). * wifi: drivers: Explicitly include correct DT includes (bsc#1227149). * wifi: fill in MODULE_DESCRIPTION()s for Broadcom WLAN (bsc#1227149). * wifi: fill in MODULE_DESCRIPTION()s for ar5523 (bsc#1227149). * wifi: fill in MODULE_DESCRIPTION()s for mt76 drivers (bsc#1227149). * wifi: fill in MODULE_DESCRIPTION()s for p54spi (bsc#1227149). * wifi: fill in MODULE_DESCRIPTION()s for wcn36xx (bsc#1227149). * wifi: fill in MODULE_DESCRIPTION()s for wilc1000 (bsc#1227149). * wifi: fill in MODULE_DESCRIPTION()s for wl1251 and wl12xx (bsc#1227149). * wifi: fill in MODULE_DESCRIPTION()s for wl18xx (bsc#1227149). * wifi: fill in MODULE_DESCRIPTION()s for wlcore (bsc#1227149). * wifi: hostap: Add __counted_by for struct prism2_download_data and use struct_size() (bsc#1227149). * wifi: hostap: fix stringop-truncations GCC warning (bsc#1227149). * wifi: hostap: remove unused ioctl function (bsc#1227149). * wifi: ieee80211: add UL-bandwidth definition of trigger frame (bsc#1227149). * wifi: ieee80211: add definitions for negotiated TID to Link map (bsc#1227149). * wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() (stable-fixes). * wifi: iwlmei: do not send SAP messages if AMT is disabled (bsc#1227149). * wifi: iwlmei: do not send nic info with invalid mac address (bsc#1227149). * wifi: iwlmei: send HOST_GOES_DOWN message even if wiamt is disabled (bsc#1227149). * wifi: iwlmei: send driver down SAP message only if wiamt is enabled (bsc#1227149). * wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (bsc#1227149). * wifi: iwlwifi: Add rf_mapping of new wifi7 devices (bsc#1227149). * wifi: iwlwifi: Add support for PPAG cmd v5 and PPAG revision 3 (bsc#1227149). * wifi: iwlwifi: Add support for new 802.11be device (bsc#1227149). * wifi: iwlwifi: Do notmark DFS channels as NO-IR (bsc#1227149). * wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (bsc#1227149). * wifi: iwlwifi: Fix spelling mistake "SESION" -> "SESSION" (bsc#1227149). * wifi: iwlwifi: Use request_module_nowait (bsc#1227149). * wifi: iwlwifi: abort scan when rfkill on but device enabled (bsc#1227149). * wifi: iwlwifi: add HONOR to PPAG approved list (bsc#1227149). * wifi: iwlwifi: add Razer to ppag approved list (bsc#1227149). * wifi: iwlwifi: add mapping of a periphery register crf for WH RF (bsc#1227149). * wifi: iwlwifi: add new RF support for wifi7 (bsc#1227149). * wifi: iwlwifi: add support for SNPS DPHYIP region type (bsc#1227149). * wifi: iwlwifi: add support for a wiphy_work rx handler (bsc#1227149). * wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (bsc#1227149). * wifi: iwlwifi: add support for new ini region types (bsc#1227149). * wifi: iwlwifi: adjust rx_phyinfo debugfs to MLO (bsc#1227149). * wifi: iwlwifi: always have 'uats_enabled' (bsc#1227149). * wifi: iwlwifi: api: clean up some kernel-doc/typos (bsc#1227149). * wifi: iwlwifi: api: dbg-tlv: fix up kernel-doc (bsc#1227149). * wifi: iwlwifi: api: fix a small upper/lower-case typo (bsc#1227149). * wifi: iwlwifi: api: fix center_freq label in PHY diagram (bsc#1227149). * wifi: iwlwifi: api: fix constant version to match FW (bsc#1227149). * wifi: iwlwifi: api: fix kernel-doc reference (bsc#1227149). * wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (bsc#1227149). * wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (bsc#1227149). * wifi: iwlwifi: bump FW API to 87 for AX/BZ/SC devices (bsc#1227149). * wifi: iwlwifi: bump FW API to 88 for AX/BZ/SC devices (bsc#1227149). * wifi: iwlwifi: cancel session protection only if there is one (bsc#1227149). * wifi: iwlwifi: change link id in time event to s8 (bsc#1227149). * wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (bsc#1227149). * wifi: iwlwifi:cleanup BT Shared Single Antenna code (bsc#1227149). * wifi: iwlwifi: cleanup sending PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1227149). * wifi: iwlwifi: cleanup uefi variables loading (bsc#1227149). * wifi: iwlwifi: clear link_id in time_event (bsc#1227149). * wifi: iwlwifi: dbg-tlv: avoid extra allocation/copy (bsc#1227149). * wifi: iwlwifi: dbg-tlv: use struct_size() for allocation (bsc#1227149). * wifi: iwlwifi: disable 160 MHz based on subsystem device ID (bsc#1227149). * wifi: iwlwifi: disable eSR when BT is active (bsc#1227149). * wifi: iwlwifi: disable multi rx queue for 9000 (bsc#1227149). * wifi: iwlwifi: do not check TAS block list size twice (bsc#1227149). * wifi: iwlwifi: do not use TRUE/FALSE with bool (bsc#1227149). * wifi: iwlwifi: drop NULL pointer check in iwl_mvm_tzone_set_trip_temp() (bsc#1227149). * wifi: iwlwifi: dvm: remove kernel-doc warnings (bsc#1227149). * wifi: iwlwifi: error-dump: fix kernel-doc issues (bsc#1227149). * wifi: iwlwifi: fail NIC access fast on dead NIC (bsc#1227149). * wifi: iwlwifi: fix #ifdef CONFIG_ACPI check (bsc#1227149). * wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() (git-fixes). * wifi: iwlwifi: fix opmode start/stop race (bsc#1227149). * wifi: iwlwifi: fix some kernel-doc issues (bsc#1227149). * wifi: iwlwifi: fix system commands group ordering (bsc#1227149). * wifi: iwlwifi: fix the rf step and flavor bits range (bsc#1227149). * wifi: iwlwifi: fw: Add support for UATS table in UHB (bsc#1227149). * wifi: iwlwifi: fw: Fix debugfs command sending (bsc#1227149). * wifi: iwlwifi: fw: allow vmalloc for PNVM image (bsc#1227149). * wifi: iwlwifi: fw: dbg: ensure correct config name sizes (bsc#1227149). * wifi: iwlwifi: fw: disable firmware debug asserts (bsc#1227149). * wifi: iwlwifi: fw: file: clean up kernel-doc (bsc#1227149). * wifi: iwlwifi: fw: file: do not use [0] for variable arrays (bsc#1227149). * wifi: iwlwifi: fw: fix compiler warning for NULL string print (bsc#1227149). * wifi: iwlwifi: fw: increasefw_version string size (bsc#1227149). * wifi: iwlwifi: fw: reconstruct the API/CAPA enum number (bsc#1227149). * wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad (bsc#1227149). * wifi: iwlwifi: handle per-phy statistics from fw (bsc#1227149). * wifi: iwlwifi: implement GLAI ACPI table loading (bsc#1227149). * wifi: iwlwifi: implement can_activate_links callback (bsc#1227149). * wifi: iwlwifi: implement enable/disable for China 2022 regulatory (bsc#1227149). * wifi: iwlwifi: iwl-fh.h: fix kernel-doc issues (bsc#1227149). * wifi: iwlwifi: iwl-trans.h: clean up kernel-doc (bsc#1227149). * wifi: iwlwifi: iwlmvm: handle unprotected deauth/disassoc in d3 (bsc#1227149). * wifi: iwlwifi: load b0 version of ucode for HR1/HR2 (bsc#1227149). * wifi: iwlwifi: make TB reallocation a debug message (bsc#1227149). * wifi: iwlwifi: make time_events MLO aware (bsc#1227149). * wifi: iwlwifi: mei: return error from register when not built (bsc#1227149). * wifi: iwlwifi: mvm: Add basic link selection logic (bsc#1227149). * wifi: iwlwifi: mvm: Add support for removing responder TKs (bsc#1227149). * wifi: iwlwifi: mvm: Allow DFS concurrent operation (bsc#1227149). * wifi: iwlwifi: mvm: Configure the link mapping for non-MLD FW (bsc#1227149). * wifi: iwlwifi: mvm: Correctly report TSF data in scan complete (bsc#1227149). * wifi: iwlwifi: mvm: Declare support for secure LTF measurement (bsc#1227149). * wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (bsc#1227149). * wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete (bsc#1227149). * wifi: iwlwifi: mvm: Extend support for P2P service discovery (bsc#1227149). * wifi: iwlwifi: mvm: Fix FTM initiator flags (bsc#1227149). * wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill (stable-fixes). * wifi: iwlwifi: mvm: Fix unreachable code path (bsc#1227149). * wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). * wifi: iwlwifi: mvm: Keepconnection in case of missed beacons during RX (bsc#1227149). * wifi: iwlwifi: mvm: Return success if link could not be removed (bsc#1227149). * wifi: iwlwifi: mvm: Use the link ID provided in scan request (bsc#1227149). * wifi: iwlwifi: mvm: add US/Canada MCC to API (bsc#1227149). * wifi: iwlwifi: mvm: add a debug print when we get a BAR (bsc#1227149). * wifi: iwlwifi: mvm: add a debugfs hook to clear the monitor data (bsc#1227149). * wifi: iwlwifi: mvm: add a per-link debugfs (bsc#1227149). * wifi: iwlwifi: mvm: add a print when sending RLC command (bsc#1227149). * wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (bsc#1227149). * wifi: iwlwifi: mvm: add support for TID to link mapping neg request (bsc#1227149). * wifi: iwlwifi: mvm: add support for new wowlan_info_notif (bsc#1227149). * wifi: iwlwifi: mvm: advertise MLO only if EHT is enabled (bsc#1227149). * wifi: iwlwifi: mvm: advertise support for SCS traffic description (bsc#1227149). * wifi: iwlwifi: mvm: advertise support for protected ranging negotiation (bsc#1227149). * wifi: iwlwifi: mvm: always update keys in D3 exit (bsc#1227149). * wifi: iwlwifi: mvm: avoid garbage iPN (bsc#1227149). * wifi: iwlwifi: mvm: calculate EMLSR mode after connection (bsc#1227149). * wifi: iwlwifi: mvm: check AP supports EMLSR (bsc#1227149). * wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (bsc#1227149). * wifi: iwlwifi: mvm: check link more carefully (bsc#1227149). * wifi: iwlwifi: mvm: check own capabilities for EMLSR (bsc#1227149). * wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (bsc#1227149). * wifi: iwlwifi: mvm: combine condition/warning (bsc#1227149). * wifi: iwlwifi: mvm: consider having one active link (bsc#1227149). * wifi: iwlwifi: mvm: const-ify chandef pointers (bsc#1227149). * wifi: iwlwifi: mvm: cycle FW link on chanctx removal (bsc#1227149). * wifi: iwlwifi: mvm: d3: avoid intermediate/early mutex unlock (bsc#1227149). *wifi: iwlwifi: mvm: d3: disconnect on GTK rekey failure (bsc#1227149). * wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). * wifi: iwlwifi: mvm: d3: implement suspend with MLO (bsc#1227149). * wifi: iwlwifi: mvm: debugfs for fw system stats (bsc#1227149). * wifi: iwlwifi: mvm: define RX queue sync timeout as a macro (bsc#1227149). * wifi: iwlwifi: mvm: disable MLO for the time being (bsc#1227149). * wifi: iwlwifi: mvm: disallow puncturing in US/Canada (bsc#1227149). * wifi: iwlwifi: mvm: disconnect long CSA only w/o alternative (bsc#1227149). * wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (bsc#1227149). * wifi: iwlwifi: mvm: do not abort queue sync in CT-kill (bsc#1227149). * wifi: iwlwifi: mvm: do not add dummy phy context (bsc#1227149). * wifi: iwlwifi: mvm: do not always disable EMLSR due to BT coex (bsc#1227149). * wifi: iwlwifi: mvm: do not do duplicate detection for nullfunc packets (bsc#1227149). * wifi: iwlwifi: mvm: do not limit VLP/AFC to UATS-enabled (git-fixes). * wifi: iwlwifi: mvm: do not send BT_COEX_CI command on new devices (bsc#1227149). * wifi: iwlwifi: mvm: do not send NDPs for new tx devices (bsc#1227149). * wifi: iwlwifi: mvm: do not send STA_DISABLE_TX_CMD for newer firmware (bsc#1227149). * wifi: iwlwifi: mvm: do not send the smart fifo command if not needed (bsc#1227149). * wifi: iwlwifi: mvm: do not set trigger frame padding in AP mode (bsc#1227149). * wifi: iwlwifi: mvm: do not support reduced tx power on ack for new devices (bsc#1227149). * wifi: iwlwifi: mvm: do not wake up rx_sync_waitq upon RFKILL (git-fixes). * wifi: iwlwifi: mvm: enable FILS DF Tx on non-PSC channel (bsc#1227149). * wifi: iwlwifi: mvm: enable HE TX/RX

Aug 07, 2024 •Important SuSE

security advisorykernel patchsystem update

openSUSE Leap 15.5: 2024-160 critical: privilege escalation fix

* bsc#1179610 * bsc#1183045 * bsc#1211162 * bsc#1211226 * bsc#1212139 . # Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:0160-1 Rating: important References: * bsc#1179610 * bsc#1183045 * bsc#1211162 * bsc#1211226 * bsc#1212139 * bsc#1212584 * bsc#1214117 * bsc#1214158 * bsc#1214747 * bsc#1214823 * bsc#1215237 * bsc#1215696 * bsc#1215885 * bsc#1215952 * bsc#1216032 * bsc#1216057 * bsc#1216559 * bsc#1216776 * bsc#1217036 * bsc#1217217 * bsc#1217250 * bsc#1217602 * bsc#1217692 * bsc#1217790 * bsc#1217801 * bsc#1217822 * bsc#1217927 * bsc#1217933 * bsc#1217938 * bsc#1217946 * bsc#1217947 * bsc#1217980 * bsc#1217981 * bsc#1217982 * bsc#1218056 * bsc#1218092 * bsc#1218139 * bsc#1218184 * bsc#1218229 * bsc#1218234 * bsc#1218253 * bsc#1218258 * bsc#1218335 * bsc#1218357 * bsc#1218397 * bsc#1218447 * bsc#1218461 * bsc#1218515 * bsc#1218559 * bsc#1218569 * bsc#1218643 * bsc#1218738 * jsc#PED-3459 * jsc#PED-5021 * jsc#PED-7167 Cross-References: * CVE-2020-26555 * CVE-2023-51779 * CVE-2023-6121 * CVE-2023-6531 * CVE-2023-6546 * CVE-2023-6606 * CVE-2023-6610 * CVE-2023-6622 * CVE-2023-6931 * CVE-2023-6932 CVSS scores: * CVE-2020-26555 ( SUSE ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2020-26555 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-51779 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6121 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-6121 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6606 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-6606 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-6610 ( SUSE ): 6.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-6610 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-6622 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6622 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6931 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6931 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6932 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6932 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves 10 vulnerabilities, contains three features and has 42 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237). * CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). * CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250). * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletionof SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335). * CVE-2023-6606: Fixed an out-of-bounds read vulnerability in smbCalcSize in fs/smb/client/netmisc.c that could allow a local attacker to crash the system or leak internal kernel information (bsc#1217947). * CVE-2023-6610: Fixed an out-of-bounds read vulnerability in smb2_dump_detail in fs/smb/client/smb2ops.c that could allow a local attacker to crash the system or leak internal kernel information (bsc#1217946). * CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938). * CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258). * CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253). The following non-security bugs were fixed: * Documentation: KVM: add separate directories for architecture-specific documentation (jsc#PED-7167). * Documentation: KVM: update amd-memory-encryption.rst references (jsc#PED-7167). * Documentation: KVM: update msr.rst reference (jsc#PED-7167). * Documentation: KVM: update s390-diag.rst reference (jsc#PED-7167). * Documentation: KVM: update s390-pv.rst reference (jsc#PED-7167). * Documentation: drop more IDE boot options and ide-cd.rst (git-fixes). * Documentation: qat: Use code block for qat sysfs example (git-fixes). * Drop Documentation/ide/ (git-fixes). * Fix crash in vmw_context_cotables_unref when 3d support is enabled (bsc#1218738) * Fix crash on screen resize (bsc#1218229) * Fix drm gem object underflow (bsc#1218092) * Revert"PCI/ASPM: Remove pcie_aspm_pm_state_change()" (git-fixes). * Revert "PCI: acpiphp: Reassign resources on bridge if necessary" (git- fixes). * Revert "md: unlock mddev before reap sync_thread in action_store" (git- fixes). * Revert "swiotlb: panic if nslabs is too small" (git-fixes). * Revert "xhci: Loosen RPM as default policy to cover for AMD xHC 1.1" (git- fixes). * Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces * acpi: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (git- fixes). * acpi: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (git-fixes). * acpica: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes). * afs: Fix afs_server_list to be cleaned up with RCU (git-fixes). * afs: Fix dynamic root lookup DNS check (git-fixes). * afs: Fix file locking on R/O volumes to operate in local mode (git-fixes). * afs: Fix overwriting of result of DNS query (git-fixes). * afs: Fix refcount underflow from error handling race (git-fixes). * afs: Fix the dynamic root's d_delete to always delete unused dentries (git- fixes). * afs: Fix use-after-free due to get/remove race in volume tree (git-fixes). * afs: Make error on cell lookup failure consistent with OpenAFS (git-fixes). * afs: Return ENOENT if no cell DNS record can be found (git-fixes). * alsa: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (git-fixes). * alsa: hda/hdmi: add force-connect quirk for NUC5CPYB (git-fixes). * alsa: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (git- fixes). * alsa: hda/realtek: Add Framework laptop 16 to quirks (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes). * alsa: hda/realtek: Add supported ALC257 for ChromeOS (git-fixes). * alsa: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes). * alsa: hda/realtek: Enable headset on Lenovo M90 Gen5 (git-fixes). * alsa: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (git- fixes). * alsa: hda/realtek: Headset Mic VREF to 100%(git-fixes). * alsa: hda/realtek: add new Framework laptop to quirks (git-fixes). * alsa: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series (git-fixes). * alsa: hda/realtek: fix mute/micmute LEDs for a HP ZBook (git-fixes). * alsa: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes). * alsa: hda: intel-dsp-cfg: add LunarLake support (git-fixes). * alsa: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes). * alsa: seq: oss: Fix racy open/close of MIDI devices (git-fixes). * alsa: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes). * alsa: usb-audio: Increase delay in MOTU M quirk (git-fixes). * apparmor: Free up __cleanup() name (jsc#PED-7167). * arm64: dts: arm: add missing cache properties (git-fixes) * arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes) * arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes) * arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes) * arm64: kdump: Skip kmemleak scan reserved memory for kdump (jsc#PED-7167). * arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git- fixes) * arm: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (git-fixes). * arm: PL011: Fix DMA support (git-fixes). * asoc: fsl_rpmsg: Fix error handler with pm_runtime_enable (git-fixes). * asoc: hdmi-codec: fix missing report for jack initial status (git-fixes). * asoc: meson: g12a-toacodec: Fix event generation (git-fixes). * asoc: meson: g12a-toacodec: Validate written enum values (git-fixes). * asoc: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (git-fixes). * asoc: meson: g12a-tohdmitx: Validate written enum values (git-fixes). * asoc: wm_adsp: fix memleak in wm_adsp_buffer_populate (git-fixes). * bitmap: unify find_bit operations (jsc#PED-7167). * block: fix revalidate performance regression (bsc#1216057). * bluetooth: Fix deadlock in vhci_send_frame (git-fixes). * bluetooth: L2CAP: Send reject on command corrupted request (git-fixes). *bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (git- fixes). * bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921 (bsc#1218461). * bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (git- fixes). * bluetooth: hci_event: shut up a false-positive warning (git-fixes). * bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). * bnxt: do not handle XDP in netpoll (jsc#PED-1495). * bnxt_en: Clear resource reservation during resume (jsc#PED-1495). * bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (jsc#PED-1495). * bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495). * bnxt_en: Fix page pool logic for page size > = 64K (jsc#PED-1495). * bnxt_en: Fix wrong return value check in bnxt_close_nic() (jsc#PED-1495). * bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (jsc#PED-1495). * bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes). * bus: ti-sysc: Flush posted write only after srst_udelay (git-fixes). * ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980). * ceph: fix type promotion bug on 32bit systems (bsc#1217982). * cleanup: Make no_free_ptr() __must_check (jsc#PED-7167). * clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217). * clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217). * clocksource: Handle negative skews in "skew is too large" messages (bsc#1215885 bsc#1217217). * clocksource: Improve "skew is too large" messages (bsc#1215885 bsc#1217217). * clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217). * clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217). * clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217). * clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217). * configfs-tsm: Introduce a shared ABI for attestation reports (jsc#PED-7167). * crypto: ccp - AddSEV_INIT rc error logging on init (jsc#PED-7167). * crypto: ccp - Add SEV_INIT_EX support (jsc#PED-7167). * crypto: ccp - Add a header for multiple drivers to use `__psp_pa` (jsc#PED-7167). * crypto: ccp - Add a quirk to firmware update (jsc#PED-7167). * crypto: ccp - Add psp_init_on_probe module parameter (jsc#PED-7167). * crypto: ccp - Drop TEE support for IRQ handler (jsc#PED-7167). * crypto: ccp - Ensure psp_ret is always init'd in __sev_platform_init_locked() (jsc#PED-7167). * crypto: ccp - Fail the PSP initialization when writing psp data file failed (jsc#PED-7167). * crypto: ccp - Fix the INIT_EX data file open failure (jsc#PED-7167). * crypto: ccp - Fix whitespace in sev_cmd_buffer_len() (jsc#PED-7167). * crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware (jsc#PED-7167). * crypto: ccp - Initialize PSP when reading psp data file failed (jsc#PED-7167). * crypto: ccp - Log when resetting PSP SEV state (jsc#PED-7167). * crypto: ccp - Move SEV_INIT retry for corrupted data (jsc#PED-7167). * crypto: ccp - Move some PSP mailbox bit definitions into common header (jsc#PED-7167). * crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (jsc#PED-7167). * crypto: ccp - Refactor out sev_fw_alloc() (jsc#PED-7167). * crypto: ccp - remove unneeded semicolon (jsc#PED-7167). * crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer (jsc#PED-7167). * dm verity: initialize fec io before freeing it (git-fixes). * dm-verity: do not use blocking calls from tasklets (git-fixes). * dm: add cond_resched() to dm_wq_requeue_work() (git-fixes). * dm: do not attempt to queue IO under RCU protection (git-fixes). * dm: fix __send_duplicate_bios() to always allow for splitting IO (bsc#1215952). * dm: fix improper splitting for abnormal bios (bsc#1215952). * dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter (git-fixes). * dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). * dmaengine: ioat: Free up __cleanup() name(jsc#PED-7167). * doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021) * doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021) * doc/README.SUSE: Simplify the list of references (jsc#PED-5021) * drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (git-fixes). * drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (bsc#1212139). * drm/amdgpu: Add EEPROM I2C address support for ip discovery (git-fixes). * drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes). * drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes). * drm/amdgpu: Decouple RAS EEPROM addresses from chips (git-fixes). * drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes). * drm/amdgpu: Remove second moot switch to set EEPROM I2C address (git-fixes). * drm/amdgpu: Return from switch early for EEPROM I2C address (git-fixes). * drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (git-fixes). * drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10 (git- fixes). * drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes). * drm/amdgpu: correct the amdgpu runtime dereference usage count (git-fixes). * drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (git-fixes). * drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes). * drm/bridge: parade-ps8640: Never store more than msg-> size bytes in AUX xfer (git-fixes). * drm/bridge: ps8640: Fix size mismatch warning w/ len (git-fixes). * drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS (git-fixes). * drm/bridge: ti-sn65dsi86: Never store more than msg-> size bytes in AUX xfer (git-fixes). * drm/i915/display: Drop check for doublescan mode in modevalid (git-fixes). * drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (git-fixes). * drm/i915/dpt: Only do the POT stride remap when using DPT (git-fixes). * drm/i915/lvds: Use REG_BIT() & co (git-fixes). * drm/i915/mtl: limit second scaler vertical scaling in ver > = 14 (git-fixes). * drm/i915/sdvo: stopcaching has_hdmi_monitor in struct intel_sdvo (git- fixes). * drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (git-fixes). * drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes). * drm/i915: Reject async flips with bigjoiner (git-fixes). * drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes). * drm/i915: fix MAX_ORDER usage in i915_gem_object_get_pages_internal() (jsc#PED-7167). * drm/mediatek: Add spinlock for setting vblank event in atomic_begin (git- fixes). * drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (git- fixes). * efi/libstub: Implement support for unaccepted memory (jsc#PED-7167). * efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (jsc#PED-7167). * efi/unaccepted: Fix off-by-one when checking for overlapping ranges (jsc#PED-7167). * efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (jsc#PED-7167). * efi/unaccepted: Make sure unaccepted table is mapped (jsc#PED-7167). * efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (jsc#PED-7167). * efi/x86: Get full memory map in allocate_e820() (jsc#PED-7167). * efi: Add unaccepted memory support (jsc#PED-7167). * efi: libstub: avoid efi_get_memory_map() for allocating the virt map (jsc#PED-7167). * efi: libstub: install boot-time memory map as config table (jsc#PED-7167). * efi: libstub: remove DT dependency from generic stub (jsc#PED-7167). * efi: libstub: remove pointless goto kludge (jsc#PED-7167). * efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (jsc#PED-7167). * efi: libstub: unify initrd loading between architectures (jsc#PED-7167). * floppy: fix MAX_ORDER usage (jsc#PED-7167). * fprobe: Fix to ensure the number of active retprobes is not zero (git- fixes). * fs/jfs: Add check for negative db_l2nbperpage (git-fixes). * fs/jfs: Add validity check for db_maxag and db_agpref (git-fixes). * fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (git- fixes). *fs/remap: constrain dedupe of EOF blocks (git-fixes). * fs: avoid empty option when generating legacy mount string (git-fixes). * fs: fix an infinite loop in iomap_fiemap (git-fixes). * fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes). * genwqe: fix MAX_ORDER usage (jsc#PED-7167). * gfs2: Add wrapper for iomap_file_buffered_write (git-fixes). * gfs2: Check sb_bsize_shift after reading superblock (git-fixes). * gfs2: Clean up function may_grant (git-fixes). * gfs2: Fix filesystem block deallocation for short writes (git-fixes). * gfs2: Fix gfs2_release for non-writers regression (git-fixes). * gfs2: Fix inode height consistency check (git-fixes). * gfs2: Fix length of holes reported at end-of-file (git-fixes). * gfs2: Fix possible data races in gfs2_show_options() (git-fixes). * gfs2: Improve gfs2_make_fs_rw error handling (git-fixes). * gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes). * gfs2: Silence "suspicious RCU usage in gfs2_permission" warning (git-fixes). * gfs2: Switch from strlcpy to strscpy (git-fixes). * gfs2: fix an oops in gfs2_permission (git-fixes). * gfs2: gfs2_setattr_size error path fix (git-fixes). * gfs2: ignore negated quota changes (git-fixes). * gfs2: jdata writepage fix (git-fixes). * gfs2: use i_lock spin_lock for inode qadata (git-fixes). * gpiolib: sysfs: Fix error handling on failed export (git-fixes). * gve: Fixes for napi_poll when budget is 0 (git-fixes). * gve: Use size_add() in call to struct_size() (git-fixes). * hid: add ALWAYS_POLL quirk for Apple kb (git-fixes). * hid: glorious: fix Glorious Model I HID report (git-fixes). * hid: hid-asus: add const to read-only outgoing usb buffer (git-fixes). * hid: hid-asus: reset the backlight brightness level on resume (git-fixes). * hid: lenovo: Restrict detection of patched firmware only to USB cptkbd (git- fixes). * hid: multitouch: Add quirk for HONOR GLO-GXXX touchpad (git-fixes). * hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes). * hwmon:(nzxt-kraken2) Fix error handling path in kraken2_probe() (git- fixes). * i2c: aspeed: Handle the coalesced stop conditions with the start conditions (git-fixes). * i2c: core: Fix atomic xfer check for non-preempt config (git-fixes). * i2c: designware: Fix corrupted memory seen in the ISR (git-fixes). * i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372). * i40e: Fix VF VLAN offloading when port VLAN is configured (jsc#PED-372). * i40e: Fix unexpected MFS warning message (jsc#PED-372). * i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (jsc#PED-372). * i40e: fix misleading debug logs (jsc#PED-372). * i40e: fix potential NULL pointer dereferencing of pf-> vf i40e_sync_vsi_filters() (jsc#PED-372). * i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372). * i40e: prevent crash on probe if hw registers have invalid values (jsc#PED-372). * ib/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes) * ib/mlx5: Fix rdma counter binding for RAW QP (git-fixes) * igb: Avoid starting unnecessary workqueues (jsc#PED-370). * igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370). * igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (jsc#PED-370). * igb: clean up in all error paths when enabling SR-IOV (jsc#PED-370). * igb: disable virtualization features on 82580 (jsc#PED-370). * igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370). * igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-375). * igc: Expose tx-usecs coalesce setting to user (jsc#PED-375). * igc: Fix ambiguity in the ethtool advertising (jsc#PED-375). * igc: Fix infinite initialization loop with early XDP redirect (jsc#PED-375). * igc: Fix the typo in the PTM Control macro (jsc#PED-375). * iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (git- fixes). * iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (git-fixes). * iio: imu: inv_mpu6050: fix an errorcode problem in inv_mpu6050_read_raw (git-fixes). * iio: triggered-buffer: prevent possible freeing of wrong buffer (git-fixes). * input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (git-fixes). * input: ipaq-micro-keys - add error handling for devm_kmemdup (git-fixes). * input: soc_button_array - add mapping for airplane mode button (git-fixes). * input: xpad - add HyperX Clutch Gladiate Support (git-fixes). * interconnect: Treat xlate() returning NULL node as an error (git-fixes). * iomap: Fix iomap_dio_rw return value for user copies (git-fixes). * iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (jsc#PED-7167). * iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git- fixes). * jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes). * jfs: fix array-index-out-of-bounds in diAlloc (git-fixes). * jfs: fix invalid free of JFS_IP(ipimap)-> i_imap in diUnmount (git-fixes). * jfs: validate max amount of blocks before allocation (git-fixes). * kABI: Preserve the type of rethook::handler (git-fixes). * kABI: restore void return to typec_altmode_attention (git-fixes). * kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff * kabi/severities: make snp_issue_guest_request PASS (jsc#PED-7167) * kabi: fix of_reserved_mem_* due to struct vm_struct became defined (jsc#PED-7167). * kabi: fix sev-dev due to fs_struct became defined (jsc#PED-7167). * kabi: fix struct efi after adding unaccepted memory table (jsc#PED-7167). * kabi: fix struct zone kabi after adding unaccepted_pages and NR_UNACCEPTED (jsc#PED-7167). * kbuild: Drop -Wdeclaration-after-statement (jsc#PED-7167). * kconfig: fix memory leak from range properties (git-fixes). * kprobes: consistent rcu api usage for kretprobe holder (git-fixes). * kvm: arm64: Prevent kmemleak from accessing pKVM memory (jsc#PED-7167). * kvm: s390/mm: Properly reset no-dat (git-fixes bsc#1218056). * kvm: s390: vsie: fix wrong VIR 37 when MSO isused (git-fixes bsc#1217933). * lib/vsprintf: Fix %pfwf when current node refcount == 0 (git-fixes). * libceph: use kernel_connect() (bsc#1217981). * locking: Introduce __cleanup() based infrastructure (jsc#PED-7167). * locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes). * md/bitmap: do not set max_write_behind if there is no write mostly device (git-fixes). * md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (git-fixes). * md/md-bitmap: remove unnecessary local variable in backlog_store() (git- fixes). * md/raid0: add discard support for the 'original' layout (git-fixes). * md/raid10: do not call bio_start_io_acct twice for bio which experienced read error (git-fixes). * md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (git-fixes). * md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes). * md/raid10: fix io loss while replacement replace rdev (git-fixes). * md/raid10: fix leak of 'r10bio-> remaining' for recovery (git-fixes). * md/raid10: fix memleak for 'conf-> bio_split' (git-fixes). * md/raid10: fix memleak of md thread (git-fixes). * md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes). * md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git- fixes). * md/raid10: fix overflow of md/safe_mode_delay (git-fixes). * md/raid10: fix task hung in raid10d (git-fixes). * md/raid10: fix the condition to call bio_end_io_acct() (git-fixes). * md/raid10: fix wrong setting of max_corr_read_errors (git-fixes). * md/raid10: prevent soft lockup while flush writes (git-fixes). * md/raid10: use dereference_rdev_and_rrdev() to get devices (git-fixes). * md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes). * md/raid1: free the r1bio before waiting for blocked rdev (git-fixes). * md/raid1: hold the barrier until handle_read_error() finishes (git-fixes). * md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes). * md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()(git- fixes). * md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() (git- fixes). * md: Put the right device in md_seq_next (bsc#1217822). * md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes). * md: avoid signed overflow in slot_store() (git-fixes). * md: do not update recovery_cp when curr_resync is ACTIVE (git-fixes). * md: drop queue limitation for RAID1 and RAID10 (git-fixes). * md: raid0: account for split bio in iostat accounting (git-fixes). * md: raid10 add nowait support (git-fixes). * md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes). * md: restore 'noio_flag' for the last mddev_resume() (git-fixes). * md: select BLOCK_LEGACY_AUTOLOAD (git-fixes). * memblock: exclude MEMBLOCK_NOMAP regions from kmemleak (jsc#PED-7167). * memblock: make memblock_find_in_range method private (jsc#PED-7167). * misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (git-fixes). * misc: mei: client.c: return negative error code in mei_cl_write (git-fixes). * mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files. * mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (jsc#PED-7167). * mm/pgtable: Fix multiple -Wstringop-overflow warnings (jsc#PED-7167). * mm/slab: Add __free() support for kvfree (jsc#PED-7167). * mm/slub: fix MAX_ORDER usage in calculate_order() (jsc#PED-7167). * mm: Add PAGE_ALIGN_DOWN macro (jsc#PED-7167). * mm: Add support for unaccepted memory (jsc#PED-7167). * mm: add pageblock_align() macro (jsc#PED-7167). * mm: add pageblock_aligned() macro (jsc#PED-7167). * mm: avoid passing 0 to __ffs() (jsc#PED-7167). * mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515). * mm: move kvmalloc-related functions to slab.h (jsc#PED-7167). * mm: new primitive kvmemdup() (jsc#PED-7167). * mm: reuse pageblock_start/end_pfn() macro (jsc#PED-7167). * mmc: meson-mx-sdhc: Fix initializationfrozen issue (git-fixes). * mmc: rpmb: fixes pause retune on all RPMB partitions (git-fixes). * mmc: sdhci-sprd: Fix eMMC init failure after hw reset (git-fixes). * neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (git-fixes). * net/rose: Fix Use-After-Free in rose_ioctl (git-fixes). * net/smc: Fix pos miscalculation in statistics (bsc#1218139). * net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). * net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes). * net: bnxt: fix a potential use-after-free in bnxt_init_tc (jsc#PED-1495). * net: ena: Destroy correct number of xdp queues upon failure (git-fixes). * net: ena: Fix XDP redirection error (git-fixes). * net: ena: Fix xdp drops handling due to multibuf packets (git-fixes). * net: ena: Flush XDP packets on error (git-fixes). * net: mana: select PAGE_POOL (git-fixes). * net: rfkill: gpio: set GPIO direction (git-fixes). * net: usb: ax88179_178a: avoid failed operations when device is disconnected (git-fixes). * net: usb: ax88179_178a: clean up pm calls (git-fixes). * net: usb: ax88179_178a: wol optimizations (git-fixes). * net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes). * nfc: llcp_core: Hold a ref to llcp_local-> dev when holding a ref to llcp_local (git-fixes). * nfs: Fix O_DIRECT locking issues (bsc#1211162). * nfs: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). * nfs: Fix a potential data corruption (bsc#1211162). * nfs: Fix a use after free in nfs_direct_join_group() (bsc#1211162). * nfs: Fix error handling for O_DIRECT write scheduling (bsc#1211162). * nfs: More O_DIRECT accounting fixes for error paths (bsc#1211162). * nfs: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). * nfs: Use the correct commit info in nfs_join_page_group() (bsc#1211162). * nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). * nilfs2: fix missing error check for sb_set_blocksize call (git-fixes). * nilfs2: prevent WARNING innilfs_sufile_set_segment_usage() (git-fixes). * nlm: Defend against file_lock changes after vfs_test_lock() (bsc#1217692). * null_blk: fix poll request timeout handling (git-fixes). * nvme-core: check for too small lba shift (bsc#1214117). * nvme-pci: Add sleep quirk for Kingston drives (git-fixes). * nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (git-fixes). * nvme-pci: do not set the NUMA node of device if it has none (git-fixes). * nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes). * nvme-rdma: do not try to stop unallocated queues (git-fixes). * nvme: sanitize metadata bounce buffer for reads (git-fixes). * nvmet-auth: complete a request only after freeing the dhchap pointers (git- fixes). * of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem (jsc#PED-7167). * orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git- fixes). * orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (git-fixes). * orangefs: Fix sysfs not cleanup when dev init failed (git-fixes). * orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (git-fixes). * padata: Fix refcnt handling in padata_free_shell() (git-fixes). * parport: Add support for Brainboxes IX/UC/PX parallel cards (git-fixes). * pci: loongson: Limit MRRS to 256 (git-fixes). * perf/core: fix MAX_ORDER usage in rb_alloc_aux_page() (jsc#PED-7167). * pinctrl: at91-pio4: use dedicated lock class for IRQ (git-fixes). * platform/surface: aggregator: fix recv_buf() return value (git-fixes). * platform/x86: asus-wmi: Add support for ROG X13 tablet mode (git-fixes). * platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (git- fixes). * platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (git- fixes). * platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (git-fixes). * platform/x86: asus-wmi: Simplify tablet-mode-switch handling (git-fixes). * platform/x86: asus-wmi: Simplify tablet-mode-switch probing(git-fixes). * platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (git-fixes). * platform/x86: wmi: Skip blocks with zero instances (git-fixes). * powerpc/pseries/vas: Migration suspend waits for no in-progress open windows (bsc#1218397 ltc#204523). * qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (jsc#PED-1526). * qed: Fix a potential use-after-free in qed_cxt_tables_alloc (jsc#PED-1526). * qed: fix LL2 RX buffer allocation (jsc#PED-1526). * qede: fix firmware halt over suspend and resume (jsc#PED-1526). * qla2xxx: add debug log for deprecated hw detected (bsc#1216032). * r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes). * r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes). * r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (git-fixes). * r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (git-fixes). * r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes). * r8169: Fix PCI error on system resume (git-fixes). * rdma/bnxt_re: Correct module description string (jsc#PED-1495). * rdma/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes) * rdma/hfi1: Use FIELD_GET() to extract Link Width (git-fixes) * rdma/hfi1: Workaround truncation compilation error (git-fixes) * rdma/hns: Add check for SL (git-fixes) * rdma/hns: Fix printing level of asynchronous events (git-fixes) * rdma/hns: Fix signed-unsigned mixed comparisons (git-fixes) * rdma/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes) * rdma/hns: The UD mode can only be configured with DCQCN (git-fixes) * regmap: fix bogus error on regcache_sync success (git-fixes). * reiserfs: Check the return value from __getblk() (git-fixes). * reiserfs: Replace 1-element array with C99 style flex-array (git-fixes). * remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569). * reset: Fix crash when freeing non-existent optional resets (git-fixes). * restore renamed device IDs for USB HID devices(git-fixes). * rethook: Fix to use WRITE_ONCE() for rethook:: Handler (git-fixes). * rethook: Use __rcu pointer for rethook::handler (git-fixes). * ring-buffer: Do not try to put back write_stamp (git-fixes). * ring-buffer: Do not update before stamp when switching sub-buffers (git- fixes). * ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (git-fixes). * ring-buffer: Fix memory leak of free page (git-fixes). * ring-buffer: Fix slowpath of interrupted event (git-fixes). * ring-buffer: Fix wake ups when buffer_percent is set to 100 (git-fixes). * ring-buffer: Fix writing to the buffer with max_data_size (git-fixes). * ring-buffer: Force absolute timestamp on discard of event (git-fixes). * ring-buffer: Have saved event hold the entire event (git-fixes). * ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (git-fixes). * s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218357). * scsi: lpfc: use unsigned type for num_sge (bsc#1214747). * serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (git-fixes). * serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (git-fixes). * serial: sc16is7xx: address RX timeout interrupt errata (git-fixes). * soundwire: stream: fix NULL pointer dereference for multi_link (git-fixes). * spi: atmel: Fix clock issue when using devices with different polarities (git-fixes). * statfs: enforce statfs[64] structure initialization (git-fixes). * supported.conf: add drivers/virt/coco/tsm (jsc#PED-7167) * swiotlb: always set the number of areas before allocating the pool (git- fixes). * swiotlb: do not panic! (git-fixes). * swiotlb: fix a braino in the alignment check fix (bsc#1216559). * swiotlb: fix debugfs reporting of reserved memory pools (git-fixes). * swiotlb: fix slot alignment checks (bsc#1216559). * swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes). * swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes). * swiotlb: reduce the number of areas to match actual memory poolsize (git- fixes). * swiotlb: reduce the swiotlb buffer size on allocation failure (git-fixes). * swiotlb: use the calculated number of areas (git-fixes). * tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (git-fixes). * tracing/kprobes: Fix the description of variable length arguments (git- fixes). * tracing/kprobes: Fix the order of argument descriptions (git-fixes). * tracing/perf: Add interrupt_context_level() helper (git-fixes). * tracing/synthetic: fix kernel-doc warnings (git-fixes). * tracing: Always update snapshot buffer size (git-fixes). * tracing: Disable preemption when using the filter buffer (bsc#1217036). * tracing: Disable snapshot buffer when stopping instance tracers (git-fixes). * tracing: Fix a possible race when disabling buffered events (bsc#1217036). * tracing: Fix a warning when allocating buffered events fails (bsc#1217036). * tracing: Fix blocked reader of snapshot buffer (git-fixes). * tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). * tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036). * tracing: Have the user copy of synthetic event address use correct context (git-fixes). * tracing: Reuse logic from perf's get_recursion_context() (git-fixes). * tracing: Set actual size after ring buffer resize (git-fixes). * tracing: Stop current tracer when resizing buffer (git-fixes). * tracing: Update snapshot buffer on resize if it is allocated (git-fixes). * tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036). * tracing: relax trace_event_eval_update() execution with cond_resched() (git- fixes). * uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978). * ubifs: Fix memory leak of bud-> log_hash (git-fixes). * ubifs: fix possible dereference after free (git-fixes). * usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3 (git- fixes). * usb: aqc111: check packet for fixup for true limit(git-fixes). * usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes). * usb: host: xhci-plat: fix possible kernel oops while resuming (git-fixes). * usb: hub: Guard against accesses to uninitialized BOS descriptors (git- fixes). * usb: serial: ftdi_sio: update Actisense PIDs constant names (git-fixes). * usb: serial: option: add Foxconn T99W265 with new baseline (git-fixes). * usb: serial: option: add Quectel EG912Y module support (git-fixes). * usb: serial: option: add Quectel RM500Q R13 firmware support (git-fixes). * usb: typec: bus: verify partner exists in typec_altmode_attention (git- fixes). * usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes). * usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 (git-fixes). * virt/coco/sev-guest: Double-buffer messages (jsc#PED-7167). * virt: coco: Add a coco/Makefile and coco/Kconfig (jsc#PED-7167). * virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (jsc#PED-7167). * virt: sevguest: Fix passing a stack buffer as a scatterlist target (jsc#PED-7167). * virt: sevguest: Prep for kernel internal get_ext_report() (jsc#PED-7167). * virt: tdx-guest: Add Quote generation support using TSM_REPORTS (jsc#PED-7167). * vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602). * wifi: cfg80211: Add my certificate (git-fixes). * wifi: cfg80211: fix certs build to not depend on file order (git-fixes). * wifi: iwlwifi: pcie: add another missing bh-disable for rxq-> lock (git- fixes). * wifi: iwlwifi: pcie: do not synchronize IRQs from IRQ (git-fixes). * wifi: mac80211: mesh: check element parsing succeeded (git-fixes). * wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes). * x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes). * x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes). * x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes). * x86/alternatives: Sync core before enabling interrupts(git-fixes). * x86/boot/compressed: Handle unaccepted memory (jsc#PED-7167). * x86/boot/compressed: Reserve more memory for page tables (git-fixes). * x86/boot: Add an efi.h header for the decompressor (jsc#PED-7167). * x86/boot: Centralize __pa()/__va() definitions (jsc#PED-7167). * x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes). * x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes). * x86/cpu: Do not write CSTAR MSR on Intel CPUs (jsc#PED-7167). * x86/cpu: Fix amd_check_microcode() declaration (git-fixes). * x86/efi: Safely enable unaccepted memory in UEFI (jsc#PED-7167). * x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927). * x86/entry: Do not allow external 0x80 interrupts (bsc#1217927). * x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes). * x86/fpu: Invalidate FPU state correctly on exec() (git-fixes). * x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790). * x86/purgatory: Remove LTO flags (git-fixes). * x86/resctrl: Fix kernel-doc warnings (git-fixes). * x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (jsc#PED-7167). * x86/sev-es: Use insn_decode_mmio() for MMIO implementation (jsc#PED-7167). * x86/sev: Add SNP-specific unaccepted memory support (jsc#PED-7167). * x86/sev: Allow for use of the early boot GHCB for PSC requests (jsc#PED-7167). * x86/sev: Change npages to unsigned long in snp_accept_memory() (jsc#PED-7167). * x86/sev: Change snp_guest_issue_request()'s fw_err argument (jsc#PED-7167). * x86/sev: Fix address space sparse warning (jsc#PED-7167). * x86/sev: Get rid of special sev_es_enable_key (jsc#PED-7167). * x86/sev: Mark snp_abort() noreturn (jsc#PED-7167). * x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (jsc#PED-7167). * x86/sev: Use large PSC requests if applicable (jsc#PED-7167). * x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes). * x86/srso: Add SRSO mitigation for Hygonprocessors (git-fixes). * x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes). * x86/srso: Fix vulnerability reporting for missing microcode (git-fixes). * x86/tdx: Add unaccepted memory support (jsc#PED-7167). * x86/tdx: Disable NOTIFY_ENABLES (jsc#PED-7167). * x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (jsc#PED-7167). * x86/tdx: Refactor try_accept_one() (jsc#PED-7167). * x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (jsc#PED-7167). * x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (jsc#PED-7167). * x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217). * x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217). * x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217). * x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git- fixes). * xfs: Rename __xfs_attr_rmtval_remove (git-fixes). * xfs: Use kvcalloc() instead of kvzalloc() (git-fixes). * xfs: aborting inodes on shutdown may need buffer lock (git-fixes). * xfs: add selinux labels to whiteout inodes (git-fixes). * xfs: clean up "%Ld/%Lu" which does not meet C standard (git-fixes). * xfs: convert flex-array declarations in struct xfs_attrlist* (git-fixes). * xfs: convert flex-array declarations in xfs attr leaf blocks (git-fixes). * xfs: convert flex-array declarations in xfs attr shortform objects (git- fixes). * xfs: decode scrub flags in ftrace output (git-fixes). * xfs: dump log intent items that cannot be recovered due to corruption (git- fixes). * xfs: fix a bug in the online fsck directory leaf1 bestcount check (git- fixes). * xfs: fix agf_fllast when repairing an empty AGFL (git-fixes). * xfs: fix incorrect unit conversion in scrub tracepoint (git-fixes). * xfs: fix silly whitespace problems with kernel libxfs (git-fixes). * xfs: fix uninit warning in xfs_growfs_data (git-fixes). * xfs: fix units conversion error inxfs_bmap_del_extent_delay (git-fixes). * xfs: make sure maxlen is still congruent with prod when rounding down (git- fixes). * xfs: remove kmem_alloc_io() (git-fixes). * xfs: remove the xfs_dinode_t typedef (git-fixes). * xfs: remove the xfs_dqblk_t typedef (git-fixes). * xfs: remove the xfs_dsb_t typedef (git-fixes). * xfs: rename xfs_has_attr() (git-fixes). * xfs: replace snprintf in show functions with sysfs_emit (git-fixes). * xfs: return EINTR when a fatal signal terminates scrub (git-fixes). * xfs: sb verifier does not handle uncached sb buffer (git-fixes). * xfs: simplify two-level sysctl registration for xfs_table (git-fixes). * xfs: sysfs: use default_groups in kobj_type (git-fixes). * xfs: use swap() to make dabtree code cleaner (git-fixes). * xhci: Clear EHB bit only at end of interrupt handler (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-160=1 openSUSE-SLE-15.5-2024-160=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-160=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-160=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-160=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-160=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-160=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-160=1 * SUSE Linux Enterprise Workstation Extension 15SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-160=1 ## Package List: * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (noarch) * kernel-source-vanilla-5.14.21-150500.55.44.1 * kernel-macros-5.14.21-150500.55.44.1 * kernel-docs-html-5.14.21-150500.55.44.1 * kernel-source-5.14.21-150500.55.44.1 * kernel-devel-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (ppc64le x86_64) * kernel-debug-devel-5.14.21-150500.55.44.1 * kernel-debug-debugsource-5.14.21-150500.55.44.1 * kernel-debug-livepatch-devel-5.14.21-150500.55.44.1 * kernel-debug-debuginfo-5.14.21-150500.55.44.1 * kernel-debug-devel-debuginfo-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (x86_64) * kernel-default-vdso-debuginfo-5.14.21-150500.55.44.1 * kernel-kvmsmall-vdso-5.14.21-150500.55.44.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.44.1 * kernel-debug-vdso-debuginfo-5.14.21-150500.55.44.1 * kernel-default-vdso-5.14.21-150500.55.44.1 * kernel-debug-vdso-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debuginfo-5.14.21-150500.55.44.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.44.1 * kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2 * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.44.1 * kernel-kvmsmall-debugsource-5.14.21-150500.55.44.1 * kernel-default-base-rebuild-5.14.21-150500.55.44.1.150500.6.19.2 * kernel-kvmsmall-devel-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-5.14.21-150500.55.44.1 * kernel-default-optional-5.14.21-150500.55.44.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.44.1 * kselftests-kmp-default-5.14.21-150500.55.44.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.44.1 * kernel-syms-5.14.21-150500.55.44.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.44.1 * kernel-obs-qa-5.14.21-150500.55.44.1 *kernel-obs-build-debugsource-5.14.21-150500.55.44.1 * gfs2-kmp-default-5.14.21-150500.55.44.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.44.1 * kernel-default-debuginfo-5.14.21-150500.55.44.1 * kernel-default-livepatch-devel-5.14.21-150500.55.44.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.44.1 * kernel-default-devel-5.14.21-150500.55.44.1 * cluster-md-kmp-default-5.14.21-150500.55.44.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.44.1 * kernel-default-extra-5.14.21-150500.55.44.1 * kernel-obs-build-5.14.21-150500.55.44.1 * ocfs2-kmp-default-5.14.21-150500.55.44.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.44.1 * kernel-default-livepatch-5.14.21-150500.55.44.1 * kernel-default-debugsource-5.14.21-150500.55.44.1 * reiserfs-kmp-default-5.14.21-150500.55.44.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.44.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_44-default-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_55_44-default-debuginfo-1-150500.11.5.1 * kernel-livepatch-SLE15-SP5_Update_9-debugsource-1-150500.11.5.1 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.44.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (aarch64) * dtb-allwinner-5.14.21-150500.55.44.1 * kselftests-kmp-64kb-5.14.21-150500.55.44.1 * dtb-amlogic-5.14.21-150500.55.44.1 * kernel-64kb-debugsource-5.14.21-150500.55.44.1 * dtb-arm-5.14.21-150500.55.44.1 * cluster-md-kmp-64kb-5.14.21-150500.55.44.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.44.1 * dtb-apple-5.14.21-150500.55.44.1 *dtb-renesas-5.14.21-150500.55.44.1 * dtb-freescale-5.14.21-150500.55.44.1 * dtb-broadcom-5.14.21-150500.55.44.1 * dtb-cavium-5.14.21-150500.55.44.1 * dtb-hisilicon-5.14.21-150500.55.44.1 * dtb-altera-5.14.21-150500.55.44.1 * kernel-64kb-optional-5.14.21-150500.55.44.1 * reiserfs-kmp-64kb-5.14.21-150500.55.44.1 * kernel-64kb-extra-5.14.21-150500.55.44.1 * dtb-lg-5.14.21-150500.55.44.1 * dtb-exynos-5.14.21-150500.55.44.1 * dtb-sprd-5.14.21-150500.55.44.1 * dtb-xilinx-5.14.21-150500.55.44.1 * dlm-kmp-64kb-5.14.21-150500.55.44.1 * ocfs2-kmp-64kb-5.14.21-150500.55.44.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.44.1 * dtb-amazon-5.14.21-150500.55.44.1 * dtb-marvell-5.14.21-150500.55.44.1 * dtb-socionext-5.14.21-150500.55.44.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.44.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.44.1 * kernel-64kb-devel-5.14.21-150500.55.44.1 * kernel-64kb-debuginfo-5.14.21-150500.55.44.1 * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.44.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.44.1 * dtb-rockchip-5.14.21-150500.55.44.1 * dtb-nvidia-5.14.21-150500.55.44.1 * dtb-mediatek-5.14.21-150500.55.44.1 * kernel-64kb-livepatch-devel-5.14.21-150500.55.44.1 * dtb-apm-5.14.21-150500.55.44.1 * dtb-amd-5.14.21-150500.55.44.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.44.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.44.1 * dtb-qcom-5.14.21-150500.55.44.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.44.1 * gfs2-kmp-64kb-5.14.21-150500.55.44.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.44.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150500.55.44.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.44.1 * kernel-default-debuginfo-5.14.21-150500.55.44.1 * Basesystem Module 15-SP5 (aarch64 nosrc) *kernel-64kb-5.14.21-150500.55.44.1 * Basesystem Module 15-SP5 (aarch64) * kernel-64kb-debuginfo-5.14.21-150500.55.44.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.44.1 * kernel-64kb-debugsource-5.14.21-150500.55.44.1 * kernel-64kb-devel-5.14.21-150500.55.44.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.44.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.14.21-150500.55.44.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.44.1 * kernel-default-devel-5.14.21-150500.55.44.1 * kernel-default-debuginfo-5.14.21-150500.55.44.1 * Basesystem Module 15-SP5 (noarch) * kernel-devel-5.14.21-150500.55.44.1 * kernel-macros-5.14.21-150500.55.44.1 * Basesystem Module 15-SP5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.44.1 * Basesystem Module 15-SP5 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150500.55.44.1 * kernel-zfcpdump-debuginfo-5.14.21-150500.55.44.1 * Development Tools Module 15-SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.44.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.14.21-150500.55.44.1 * kernel-obs-build-5.14.21-150500.55.44.1 * kernel-syms-5.14.21-150500.55.44.1 * Development Tools Module 15-SP5 (noarch) * kernel-source-5.14.21-150500.55.44.1 * Legacy Module 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.44.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-5.14.21-150500.55.44.1 * kernel-default-debugsource-5.14.21-150500.55.44.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.44.1 * kernel-default-debuginfo-5.14.21-150500.55.44.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.44.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_44-default-1-150500.11.5.1 *kernel-livepatch-5_14_21-150500_55_44-default-debuginfo-1-150500.11.5.1 * kernel-default-livepatch-5.14.21-150500.55.44.1 * kernel-default-debugsource-5.14.21-150500.55.44.1 * kernel-default-debuginfo-5.14.21-150500.55.44.1 * kernel-default-livepatch-devel-5.14.21-150500.55.44.1 * kernel-livepatch-SLE15-SP5_Update_9-debugsource-1-150500.11.5.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-5.14.21-150500.55.44.1 * cluster-md-kmp-default-5.14.21-150500.55.44.1 * ocfs2-kmp-default-5.14.21-150500.55.44.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.44.1 * gfs2-kmp-default-5.14.21-150500.55.44.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.44.1 * kernel-default-debuginfo-5.14.21-150500.55.44.1 * kernel-default-debugsource-5.14.21-150500.55.44.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.44.1 * dlm-kmp-default-debuginfo-5.14.21-150500.55.44.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.44.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.44.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * kernel-default-extra-debuginfo-5.14.21-150500.55.44.1 * kernel-default-extra-5.14.21-150500.55.44.1 * kernel-default-debugsource-5.14.21-150500.55.44.1 * kernel-default-debuginfo-5.14.21-150500.55.44.1 ## References: * https://www.suse.com/security/cve/CVE-2020-26555.html * https://www.suse.com/security/cve/CVE-2023-51779.html * https://www.suse.com/security/cve/CVE-2023-6121.html * https://www.suse.com/security/cve/CVE-2023-6531.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2023-6606.html * https://www.suse.com/security/cve/CVE-2023-6610.html * https://www.suse.com/security/cve/CVE-2023-6622.html * https://www.suse.com/security/cve/CVE-2023-6931.html * https://www.suse.com/security/cve/CVE-2023-6932.html *https://bugzilla.suse.com/show_bug.cgi?id=1179610 * https://bugzilla.suse.com/show_bug.cgi?id=1183045 * https://bugzilla.suse.com/show_bug.cgi?id=1211162 * https://bugzilla.suse.com/show_bug.cgi?id=1211226 * https://bugzilla.suse.com/show_bug.cgi?id=1212139 * https://bugzilla.suse.com/show_bug.cgi?id=1212584 * https://bugzilla.suse.com/show_bug.cgi?id=1214117 * https://bugzilla.suse.com/show_bug.cgi?id=1214158 * https://bugzilla.suse.com/show_bug.cgi?id=1214747 * https://bugzilla.suse.com/show_bug.cgi?id=1214823 * https://bugzilla.suse.com/show_bug.cgi?id=1215237 * https://bugzilla.suse.com/show_bug.cgi?id=1215696 * https://bugzilla.suse.com/show_bug.cgi?id=1215885 * https://bugzilla.suse.com/show_bug.cgi?id=1215952 * https://bugzilla.suse.com/show_bug.cgi?id=1216032 * https://bugzilla.suse.com/show_bug.cgi?id=1216057 * https://bugzilla.suse.com/show_bug.cgi?id=1216559 * https://bugzilla.suse.com/show_bug.cgi?id=1216776 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217217 * https://bugzilla.suse.com/show_bug.cgi?id=1217250 * https://bugzilla.suse.com/show_bug.cgi?id=1217602 * https://bugzilla.suse.com/show_bug.cgi?id=1217692 * https://bugzilla.suse.com/show_bug.cgi?id=1217790 * https://bugzilla.suse.com/show_bug.cgi?id=1217801 * https://bugzilla.suse.com/show_bug.cgi?id=1217822 * https://bugzilla.suse.com/show_bug.cgi?id=1217927 * https://bugzilla.suse.com/show_bug.cgi?id=1217933 * https://bugzilla.suse.com/show_bug.cgi?id=1217938 * https://bugzilla.suse.com/show_bug.cgi?id=1217946 * https://bugzilla.suse.com/show_bug.cgi?id=1217947 * https://bugzilla.suse.com/show_bug.cgi?id=1217980 * https://bugzilla.suse.com/show_bug.cgi?id=1217981 * https://bugzilla.suse.com/show_bug.cgi?id=1217982 * https://bugzilla.suse.com/show_bug.cgi?id=1218056 * https://bugzilla.suse.com/show_bug.cgi?id=1218092 * https://bugzilla.suse.com/show_bug.cgi?id=1218139 * https://bugzilla.suse.com/show_bug.cgi?id=1218184 *https://bugzilla.suse.com/show_bug.cgi?id=1218229 * https://bugzilla.suse.com/show_bug.cgi?id=1218234 * https://bugzilla.suse.com/show_bug.cgi?id=1218253 * https://bugzilla.suse.com/show_bug.cgi?id=1218258 * https://bugzilla.suse.com/show_bug.cgi?id=1218335 * https://bugzilla.suse.com/show_bug.cgi?id=1218357 * https://bugzilla.suse.com/show_bug.cgi?id=1218397 * https://bugzilla.suse.com/show_bug.cgi?id=1218447 * https://bugzilla.suse.com/show_bug.cgi?id=1218461 * https://bugzilla.suse.com/show_bug.cgi?id=1218515 * https://bugzilla.suse.com/show_bug.cgi?id=1218559 * https://bugzilla.suse.com/show_bug.cgi?id=1218569 * https://bugzilla.suse.com/show_bug.cgi?id=1218643 * https://bugzilla.suse.com/show_bug.cgi?id=1218738 * * * . Canonical unveils a crucial software update focused on enhancing system integrity, rectifying multiple vulnerabilities to strengthen protection against emerging threats.. SUSE Kernel Update, Linux Kernel Patch, System Security Fixes, Privilege Escalation, Denial of Service. . Severity: Important. LinuxSecurity.com Team

Jan 18, 2024 •Important SuSE

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 44 pcs Important Update Fixes Installation Issues 2026-015b33238d

Rocky Linux 8 RLSA-2025:0743 moderate: keepalived integer overflow

SUSE Linux Kernel Security Update 2025:0201-1 - Important Fixes

SUSE: 2025:0203-1 important: Linux Kernel Security Updates

SUSE: 2024:3634-1 moderate: keepalived integer overflow advisory

Fedora 41: 2024-bd2368f66a Moderate: HAProxy 3.0.4 DoS Fix

SUSE: 2024:2802-1 Important: Kernel Update Addressing Multiple Issues

openSUSE Leap 15.5: 2024-160 critical: privilege escalation fix

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!